[Federal Register Volume 88, Number 104 (Wednesday, May 31, 2023)]
[Rules and Regulations]
[Pages 35150-35571]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-07230]
[[Page 35149]]
Vol. 88
Wednesday,
No. 104
May 31, 2023
Part III
Consumer Financial Protection Bureau
-----------------------------------------------------------------------
12 CFR Part 1002
Small Business Lending Under the Equal Credit Opportunity Act
(Regulation B); Final Rule
��Federal Register / Vol. 88, No. 104 / Wednesday, May 31, 2023 / Rules
and Regulations��
[[Page 35150]]
-----------------------------------------------------------------------
CONSUMER FINANCIAL PROTECTION BUREAU
12 CFR Part 1002
[Docket No. CFPB-2021-0015]
RIN 3170-AA09
Small Business Lending Under the Equal Credit Opportunity Act
(Regulation B)
AGENCY: Consumer Financial Protection Bureau.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Consumer Financial Protection Bureau (CFPB or Bureau) is
amending Regulation B to implement changes to the Equal Credit
Opportunity Act (ECOA) made by section 1071 of the Dodd-Frank Wall
Street Reform and Consumer Protection Act (Dodd-Frank Act). Consistent
with section 1071, covered financial institutions are required to
collect and report to the CFPB data on applications for credit for
small businesses, including those that are owned by women or
minorities. The final rule also addresses the CFPB's approach to
privacy interests and the publication of data; shielding certain
demographic data from underwriters and other persons; recordkeeping
requirements; enforcement provisions; and the rule's effective and
compliance dates.
DATES:
Effective date: This final rule is effective August 29, 2023.
Compliance dates: Covered financial institutions must comply with
the final rule beginning October 1, 2024, April 1, 2025, or January 1,
2026, as set forth in Sec. 1002.114(b).
FOR FURTHER INFORMATION CONTACT: Camille Gray, Paralegal Specialist;
Kris Andreassen, Pavitra Bacon, Joseph Devlin, Amy Durant, Angela Fox,
Caroline Hong, David Jacobs, Kathryn Lazarev, Lawrence Lee, Adam Mayle,
Kristen Phinnessee, or Melissa Stegman, Senior Counsels, Office of
Regulations, at 202-435-7700 or https://reginquiries.consumerfinance.gov/. If you require this document in an
alternative electronic format, please contact
[email protected].
SUPPLEMENTARY INFORMATION:
I. Summary of the Final Rule
In 2010, Congress passed the Dodd-Frank Act. Section 1071 of that
Act \1\ amended ECOA \2\ to require that financial institutions collect
and report to the CFPB certain data regarding applications for credit
for women-owned, minority-owned, and small businesses. Section 1071's
statutory purposes are to (1) facilitate enforcement of fair lending
laws, and (2) enable communities, governmental entities, and creditors
to identify business and community development needs and opportunities
of women-owned, minority-owned, and small businesses.
---------------------------------------------------------------------------
\1\ Public Law 111-203, tit. X, section 1071, 124 Stat. 1376,
2056 (2010), codified at ECOA section 704B, 15 U.S.C. 1691c-2.
\2\ 15 U.S.C. 1691 et seq.
---------------------------------------------------------------------------
Section 1071 specifies a number of data points that financial
institutions are required to collect and report, and also provides
authority for the CFPB to require any additional data that it
determines would aid in fulfilling section 1071's statutory purposes.
Section 1071 also contains a number of other requirements, including
those that address restricting the access of underwriters and other
persons to certain data; recordkeeping; publication of small business
lending data; and modifications or deletions of data prior to
publication in order to advance a privacy interest.
Section 1071 directs the CFPB to prescribe such rules and issue
such guidance as may be necessary to carry out, enforce, and compile
data pursuant to section 1071, and permits it to adopt exceptions to
any requirement or to exempt financial institutions from the
requirements of section 1071 as it deems necessary or appropriate to
carry out the purposes of section 1071. The CFPB is adding a new
subpart B to Regulation B to implement the requirements of section
1071. Key aspects of the CFPB's final rule are summarized below.
As envisioned by Congress, the small business lending rule will
create our nation's first consistent and comprehensive database
regarding lending to small businesses, including small farms. This will
fulfill section 1071's statutory purposes by allowing Federal, State,
and local enforcement agencies to assess potential areas for fair
lending enforcement and by enabling a range of stakeholders to better
identify business and community development needs and opportunities for
small businesses, including women-owned and minority-owned small
businesses. The database, again as dictated by Congress, will not
reveal privacy-protected information about any particular small
business applicant, and small businesses will retain control over how
much of their demographic information they choose to divulge. In
addition, the CFPB believes that its final rule will help to sharpen
competition in credit supply by creating greater transparency around
small business lending.
Scope. The CFPB is requiring financial institutions to collect and
report data regarding applications for credit for small businesses,
including those that are owned by women and minorities. The CFPB is not
requiring financial institutions to collect and report data regarding
applications for women-owned and minority-owned businesses that are not
small. Because more than 99 percent of women-owned and minority-owned
businesses are small businesses, covering small businesses necessarily
means nearly all women-owned and minority-owned businesses will also be
covered. The CFPB believes that this scope is consistent with the
statute and will allow the rule to carry out section 1071's purposes
without requiring collection of data that would be of limited utility.
Covered financial institutions. Consistent with language from
section 1071, a ``financial institution'' is defined to include any
partnership, company, corporation, association (incorporated or
unincorporated), trust, estate, cooperative organization, or other
entity that engages in any financial activity. The rule thus applies to
a variety of entities that engage in small business lending, including
depository institutions (i.e., banks, savings associations, and credit
unions),\3\ online lenders, platform lenders, community development
financial institutions (both depository and nondepository
institutions), Farm Credit System lenders, lenders involved in
equipment and vehicle financing (captive financing companies and
independent financing companies), commercial finance companies,
governmental lending entities, and nonprofit nondepository lenders.\4\
---------------------------------------------------------------------------
\3\ For purposes of this document, the Bureau is using the term
depository institution to mean any bank or savings association
defined by the Federal Deposit Insurance Act, 12 U.S.C. 1813(c)(1),
or credit union defined pursuant to the Federal Credit Union Act, 12
U.S.C. 1751 et seq., as implemented by 12 CFR 700.2. The Bureau
notes that the Dodd-Frank Act defines a depository institution to
mean any bank or savings association defined by the Federal Deposit
Insurance Act, 12 U.S.C. 1811 et seq.; there, that term does not
encompass credit unions. 12 U.S.C. 5301(18)(A), 1813(c)(1). To
facilitate analysis and discussion, the Bureau is referring to banks
and savings associations together with credit unions as depository
institutions throughout this document, unless otherwise specified.
\4\ The Bureau's rules, including this final rule to implement
section 1071, generally do not apply to motor vehicle dealers, as
defined in section 1029(f)(2) of the Dodd-Frank Act, that are
predominantly engaged in the sale and servicing of motor vehicles,
the leasing and servicing of motor vehicles, or both. 12 U.S.C.
5519.
---------------------------------------------------------------------------
[[Page 35151]]
The rule uses the term ``covered financial institution'' to refer
to those financial institutions that are required to comply with its
data collection and reporting requirements. A covered financial
institution is defined as a financial institution that originated at
least 100 covered credit transactions (rather than 25, as proposed) for
small businesses in each of the two preceding calendar years. The CFPB
is not adopting an asset-based exemption threshold for depository
institutions, or any other general exemptions for particular categories
of financial institutions.
The final rule also permits creditors that are not covered
financial institutions to voluntarily collect and report small business
lending data in certain circumstances.
Covered credit transactions. Covered financial institutions are
required to collect and report data regarding covered applications from
small businesses for covered credit transactions. A ``covered credit
transaction'' is one that meets the definition of business credit under
existing Regulation B, with certain exceptions. Transactions within the
scope of the rule include loans, lines of credit, credit cards,
merchant cash advances, and credit products used for agricultural
purposes. The CFPB is excluding trade credit, public utilities credit,
securities credit, and incidental credit as proposed. In addition, the
CFPB has added exclusions for transactions that are reportable under
the Home Mortgage Disclosure Act of 1975 (HMDA) \5\ and insurance
premium financing. Consistent with the CFPB's proposal, factoring,
leases, and consumer-designated credit that is used for business or
agricultural purposes are also not covered credit transactions. In
addition, the CFPB has made clear that purchases of originated covered
credit transactions are not reportable.
---------------------------------------------------------------------------
\5\ 12 U.S.C. 2801 et seq.
---------------------------------------------------------------------------
Covered applications. A ``covered application''--which triggers
data collection, reporting, and related requirements when submitted by
a small business--is defined as an oral or written request for a
covered credit transaction that is made in accordance with procedures
used by a financial institution for the type of credit requested. This
definition of covered application is largely consistent with the
existing Regulation B definition of that term. However, certain
circumstances are not covered applications for purposes of this rule,
even if they are considered applications under existing Regulation B.
Specifically, covered applications for purposes of this rule do not
include (1) reevaluation, extension, or renewal requests on existing
business credit accounts, unless the request seeks additional credit
amounts; or (2) inquiries and prequalification requests.
Small business definition. A covered financial institution is
required to collect and report data on a covered application from a
``small business,'' which the rule defines in accordance with the
meaning of ``business concern or concern'' and ``small business
concern'' under the Small Business Act \6\ and Small Business
Administration (SBA) regulations. However, in lieu of using the SBA's
size standards for defining a small business concern, the definition in
this final rule looks to whether the business had $5 million or less in
gross annual revenue for its preceding fiscal year. The CFPB believes
that a straightforward $5 million threshold strikes the right balance
in terms of broadly covering the small business credit market to
fulfill section 1071's statutory purposes while meeting the SBA's
criteria for an alternative size standard.\7\ The final rule also
anticipates updates to this size standard, not more than every five
years, to account for inflation. The SBA Administrator has approved the
CFPB's use of this alternative size standard pursuant to the Small
Business Act.\8\
---------------------------------------------------------------------------
\6\ 15 U.S.C. 631 et seq.
\7\ See 15 U.S.C. 632(a)(2)(C); 13 CFR 121.903.
\8\ See 15 U.S.C. 632(a)(2)(C).
---------------------------------------------------------------------------
Data to be collected and reported. The rule addresses the data
points that must be collected and reported by covered financial
institutions for covered applications from small businesses. Congress
specifically enumerated many of these data points in ECOA section
704B(e)(2); for the others, the Congress granted the CFPB express
authority in 704B(e)(2)(H) to require financial institutions to compile
and maintain, along with enumerated data points, a record of ``any
additional data that the Bureau determines would aid in fulfilling the
purposes'' of section 1071. Certain of these data points are or could
be collected from the applicant; other data points are based on
information within the financial institution's control. Covered
financial institutions must not discourage an applicant from responding
to requests for applicant-provided data and must otherwise maintain
procedures to collect such data at a time and in a manner that are
reasonably designed to obtain a response; when collecting data directly
from the applicant, the rule identifies certain minimum provisions that
must be included within financial institutions' procedures in order for
them to be considered ``reasonably designed.'' The rule also addresses
what financial institutions should do if, despite having such
procedures in place, they are unable to obtain certain data from an
applicant. Furthermore, the rule makes clear that a financial
institution may rely on information from the applicant, or appropriate
third-party sources, when compiling data. If the financial institution
verifies particular information, however, it must report that verified
information. Financial institutions are permitted to reuse previously
collected data in certain circumstances, rather than having to request
it from the applicant for each covered application.
As noted above, the rule includes data points that are, or could
be, provided by the applicant. Some data points specifically relate to
the credit being applied for: the credit type (which includes
information on the credit product, types of guarantees, and loan term);
the credit purpose; and the amount applied for. There are also data
points that relate to the applicant's business: census tract based on
an address or location provided by the applicant; gross annual revenue
for the applicant's preceding full fiscal year; the 3-digit North
American Industry Classification System (NAICS) code for the applicant;
the number of workers that the applicant has; the applicant's time in
business; and the number of principal owners the applicant has.
There are also applicant-provided data points on the demographics
of the applicant's ownership: first, whether the applicant is a
minority-owned business or a women-owned business, along with a new
data field capturing whether the applicant is an LGBTQI+-owned
business; and second, the ethnicity, race, and sex of the applicant's
principal owners. The CFPB refers to these data points collectively as
an applicant's ``protected demographic information.'' Principal owners'
ethnicity and race will be collected from applicants using aggregate
categories as well as disaggregated subcategories. Principal owners'
sex/gender will be collected from applicants without using pre-defined
response categories.
The CFPB is not finalizing its proposed requirement to have
financial institutions collect race and ethnicity via visual
observation or surname if an in-person applicant does not provide any
ethnicity, race, or sex information for any principal owners; instead,
the final rule requires that these data be reported based only on
information provided by the applicant.
[[Page 35152]]
The CFPB is providing lenders with a sample data collection form,
in both digital and paper form, to assist them in collecting protected
demographic data from applicants. Although the contents of the sample
form reflect certain legal requirements that financial institutions
must follow, their use of the sample form is not itself required under
the final rule. Rather, it is an available resource to financial
institutions.
In addition, the rule includes data points that will be generated
or supplied solely by the financial institution. These data points
include, for all applications: a unique identifier for each application
for or extension of credit; the application date; the application
method (that is, the means by which the applicant submitted the
application); the application recipient (that is, whether the financial
institution or its affiliate received the application directly, or
whether it was received by the financial institution via a third
party); the action taken by the financial institution on the
application; and the action taken date. For denied applications, there
is also a data point for denial reasons. For applications that are
originated or approved but not accepted, there is a data point for the
amount originated or approved, and a data point for pricing information
(which includes, as applicable, interest rate, total origination
charges, broker fees, initial annual charges, additional cost for
merchant cash advances or other sales-based financing, and prepayment
penalties).
Firewall. The CFPB's rule implements a requirement in section 1071
that certain data collected from applicants be shielded from
underwriters and certain other persons (or, if a firewall is not
feasible, a notice is given instead); the CFPB refers to this as the
``firewall.''
Generally, an employee or officer of a financial institution or a
financial institution's affiliate that is involved in making any
determination concerning a covered application is prohibited from
accessing the applicant's responses to the inquiries about protected
demographic information that the financial institution makes pursuant
to the rule. This prohibition does not apply to an employee or officer,
however, if the financial institution determines that employee or
officer should have access to an applicant's responses to its inquiries
regarding the applicant's protected demographic information and the
financial institution provides a notice to the applicant regarding that
access. The notice must be provided to each applicant whose information
will be accessed or, alternatively, the financial institution could
provide the notice to all applicants. The final rule does not require
specific language for this notice but does provide sample language that
a covered financial institution may use. The final rule also clarifies
several key points of the firewall provision.
Reporting data to the CFPB; publication of data by the CFPB and
other disclosures; and privacy considerations. Financial institutions
must collect small business lending data on a calendar year basis and
report it to the CFPB on or before June 1 of the following year.
Financial institutions reporting data to the CFPB are required to
provide certain identifying information about themselves as part of
their submission. The CFPB is releasing, concurrently with this final
rule, technical instructions for the submission of small business
lending data in a Filing Instructions Guide.\9\
---------------------------------------------------------------------------
\9\ See CFPB, Small Business Lending Filing Instructions Guide,
https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/.
---------------------------------------------------------------------------
The CFPB will make available to the public, on an annual basis, the
application-level data submitted to it by financial institutions,
subject to modifications or deletions made by the CFPB, to advance
privacy interests. To ease burden on covered entities, CFPB publication
of application-level data will satisfy financial institutions'
statutory obligation to make data available to the public upon request.
At this time, the CFPB is not making a final decision on the best way
to protect privacy interests through pre-publication modification and
deletion of reported data. Assessing the many comments it received in
this area, the CFPB is preliminarily of the view that its privacy
assessment will focus primarily on whether (and, if so, how) small
business lending data, individually or in combination with other data,
pose re-identification risk for small businesses and, as a result, for
their owners. The CFPB also anticipates taking account of compelling
risks to financial institution privacy interests. The CFPB does not
anticipate that it can carry out the necessary analysis of pre-
publication modifications and deletions without at least one full year
of application-level data. The CFPB intends to further engage with
stakeholders on the issue of data publication before it resolves on a
particular approach to protecting privacy interests through
modifications and deletions. Finally, the CFPB anticipates publishing
select aggregate data--i.e., data that does not include application-
level information--before it publishes application-level data.
In addition, the final rule prohibits a financial institution or
third party from disclosing protected demographic information, except
in limited circumstances. Specifically, the final rule prohibits
financial institutions from disclosing or providing to third parties
the protected demographic information collected pursuant to the rule,
except to further compliance with ECOA or Regulation B or as required
by law. The final rule also limits third parties' disclosure of
protected demographic information.
Recordkeeping, enforcement, and severability. The rule addresses
issues related to recordkeeping, enforcement of violations, and
severability. The CFPB is also finalizing provisions regarding
treatment of bona fide errors under the rule in general along with
several safe harbors for particular kinds of errors. Relatedly, as
explained in part VII below, covered financial institutions will also
have a 12-month grace period during which the CFPB--for institutions
under its jurisdiction--will not assess penalties for errors in data
reporting, and will conduct examinations only to assist institutions in
diagnosing compliance weaknesses, to the extent that these institutions
engaged in good faith compliance efforts.
Effective and compliance dates, transitional provisions. This final
rule will become effective 90 days after publication in the Federal
Register. The CFPB is adopting a tiered compliance date schedule
because it believes that smaller and mid-sized lenders would have
particular difficulties complying within the single 18-month compliance
period proposed in the NPRM. Compliance with the rule beginning October
1, 2024 is required for financial institutions that originate the most
covered credit transactions for small businesses. However, institutions
with a moderate transaction volume have until April 1, 2025 to begin
complying with the rule, and those with the lowest volume have until
January 1, 2026. Covered financial institutions may begin collecting
applicants' protected demographic information one year prior to their
compliance date to help prepare for coming into compliance with this
final rule. The CFPB is also adopting a new provision to permit
financial institutions that do not have ready access to sufficient
information to determine their compliance tier (or whether they are
covered by the rule at all) to use reasonable methods to estimate their
volume of originations to small businesses for this purpose.
[[Page 35153]]
Compliance and technical assistance. The CFPB is supporting small
business lenders with a variety of compliance and technical tools to
help them determine if they are covered by this new rule, and if so
when their obligations arise. For lenders that are covered, the agency
is also making available a range of resources to assist with effective
implementation of the rule, including a small entity compliance guide.
These materials are available at https://www.consumerfinance.gov/compliance/compliance-resources/small-business-lending-resources/small-business-lending-collection-and-reporting-requirements. The CFPB is
also launching a dedicated regulatory and technical support program
that can provide oral and written assistance in response to stakeholder
questions about collection and reporting obligations, and a range of
technical resources to make it easier to report data to the CFPB. The
support program and related materials are available at https://www.consumerfinance.gov/data-research/small-business-lending-data/. To
further assist covered financial institutions that serve small business
customers in their preferred languages, the CFPB will make the sample
data collection form available in several languages. The CFPB is also
planning to develop resources to help small businesses understand how
their data are treated, the availability of the dataset, and the
broader purposes of the rule.
Use of technology partners and industry consortia for accurate,
cost-efficient data collection and reporting. The final rule broadly
permits financial institutions to work with third parties, including
industry consortia, to develop services and technologies to aid in
collecting and reporting data. So long as they meet the obligations
stated in the rule, including collecting data in a manner that does not
discourage small businesses from providing it, financial institutions
are free to work with third parties to assist them with their
compliance obligations, whether that is with respect to data
collection, maintenance or reporting. The CFPB plans to work with
consortia or other entities seeking to assist financial institutions to
deploy industry-identified solutions. For example, the CFPB plans to
provide Application Programming Interfaces in an open-source
environment to assist financial institutions' technology partners to
develop accurate and efficient data reporting tools.
II. Background
As discussed above, in 2010, Congress enacted the Dodd-Frank Act.
Section 1071 of the Dodd-Frank Act, which amended ECOA, requires
financial institutions to collect and report to the CFPB data regarding
applications for credit for women-owned, minority-owned, and small
businesses. Section 1071 was adopted for the dual purposes of
facilitating fair lending enforcement and enabling communities,
governmental entities, and creditors to identify business and community
development needs and opportunities of such businesses. Section 1071
complements other Federal efforts to ensure fair lending and to promote
community development for small businesses, including through ECOA, the
Community Reinvestment Act of 1977 (CRA),\10\ and the Community
Development Financial Institutions (CDFI) Fund.\11\
---------------------------------------------------------------------------
\10\ 12 U.S.C. 2901 et seq.
\11\ The Riegle Community Development Banking and Financial
Institutions Act of 1994, 12 U.S.C. 4701 et seq., authorized the
Community Development Financial Institution Fund (CDFI Fund). The
CDFI Fund is discussed in more detail in part II.F.2.ii below.
---------------------------------------------------------------------------
The collection and subsequent publication of more robust and
granular data regarding credit applications for small businesses will
provide much-needed transparency to the small business lending market.
The COVID-19 pandemic has shown that transparency is essential,
particularly at a time of crisis, when small businesses are in urgent
need of credit to recover from economic shocks.
In addition to informing policymaking, data collected under the
final rule can help creditors identify potentially profitable
opportunities to extend credit. As a result, small business owners
stand to benefit from increased credit availability. More transparency
will also allow small business owners to more easily compare credit
terms and evaluate credit alternatives, helping them to find the credit
product that best suits their needs at the best price. In these
different ways, the data will help stakeholders to enhance business and
community development, boosting broad-based economic activity and
growth. Furthermore, in the years and decades to come, the collection
and publication of these data will be helpful in identifying potential
fair lending violations and otherwise facilitating the enforcement of
anti-discrimination laws.
Overview
Small businesses are a cornerstone of the U.S. economy. There were
over 33 million small businesses in the U.S. in 2019, employing almost
half of all private sector employees.\12\ Small businesses,
particularly start-ups, also generated 62 percent of new jobs since
1995.\13\ Small businesses were hit hard by two major shocks in the
last two decades. First, the Great Recession, which began in 2007,
disproportionately affected small businesses.\14\ Between 2007 and
2009, employment at businesses with under 50 employees fell by 10.4
percent, compared with 7.5 percent at larger firms,\15\ while between
2008 and 2011, lending to small firms fell by 18 percent, compared with
9 percent for all firms.\16\ Small businesses suffered again because of
the COVID-19 pandemic. Around 40 percent of small businesses were at
least temporarily closed in late March and early April 2020, due
primarily to demand shocks and employee health concerns.\17\ Across the
first year of the pandemic, some
[[Page 35154]]
200,000 more businesses exited the market relative to historic
levels.\18\ It took until July 2021 for non-farm private sector jobs at
establishments with fewer than 50 employees to recover to pre-pandemic
levels.\19\ As of mid-2022, small business loan approvals (other than
for government emergency programs) still remained below pre-pandemic
levels.\20\
---------------------------------------------------------------------------
\12\ Off. of Advocacy, Small Bus. Admin., 2022 Small Business
Profile, at 2, 4 (Aug. 2022), https://cdn.advocacy.sba.gov/wp-content/uploads/2022/08/30121338/Small-Business-Economic-Profile-US.pdf (estimating 33.2 million small businesses in the United
States, accounting for 46.4 percent of employees) (2022 Small
Business Profile).
\13\ Off. of Advocacy, Small Bus. Admin., Frequently Asked
Questions About Small Business, at 1 (Dec. 2021), https://cdn.advocacy.sba.gov/wp-content/uploads/2021/12/06095731/Small-Business-FAQ-Revised-December-2021.pdf (SBA OA 2021 FAQs). See
generally Cong. Rsch. Serv., Small Business Administration and Job
Creation (updated Jan. 4, 2022), https://fas.org/sgp/crs/misc/R41523.pdf (discussing small business job creation); John
Haltiwanger et al., Who Creates Jobs? Small Versus Large Versus
Young, 95 Rev. Econ. Stat. 347, 347-48 (May 2013), https://direct.mit.edu/rest/article/95/2/347/58100/Who-Creates-Jobs-Small-versus-Large-versus-Young (finding that young firms, which are
generally small, contribute disproportionately to both gross and net
job creation).
\14\ Jason Dietrich et al., CFPB, Data Point: Small Business
Lending and the Great Recession, at 9 (Jan. 23, 2020), https://files.consumerfinance.gov/f/documents/cfpb_data-point_small-business-lending-great-recession.pdf (finding that small business
lending fell sharply during the Great Recession and recovered
slowly, still not reaching pre-Recession levels by 2017).
\15\ Ay[scedil]eg[uuml]l [Scedil]ahin et al., Fed. Rsrv. Bank of
N.Y., 17 Current Issues in Econ. & Fin., Why Small Businesses Were
Hit Harder by the Recent Recession, at 1 (2011), https://www.newyorkfed.org/medialibrary/media/research/current_issues/ci17-4.pdf.
\16\ Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How Did
the Financial Crisis Affect Small Business Lending in the United
States?, at 25-26 (Nov. 2012), https://www.microbiz.org/wp-content/uploads/2014/04/SBA-SmallBizLending-and-FiscalCrisis.pdf.
\17\ Alexander W. Bartik et al., The Impact of COVID-19 on Small
Business Outcomes and Expectations, 117 Proc. Nat'l Acad. Sci.
17656, 17656 (July 2020), https://www.pnas.org/content/pnas/117/30/17656.full.pdf.
\18\ Leland D. Crane et al., Bd. of Governors of the Fed. Rsrv.
Sys., Finance and Economics Discussion Series, 2020-089, Business
Exit During the COVID-19 Pandemic: Non-Traditional Measures in
Historical Context, at 4 (2020), https://www.federalreserve.gov/econres/feds/files/2020089r1pap.pdf (estimating excess establishment
exits and analyzing other estimates of small business exits during
the pandemic). The paper defines ``exit'' as permanent shutdown and
calculates ``excess'' exits by comparing the number of exits during
the 12-month period from March 2020 to February 2021 with previous
years. Id. at 2-4. See also Ryan A. Decker & John Haltiwanger, Bd.
of Governors of the Fed. Rsrv. Sys., FEDS Notes, Business Entry and
Exit in the COVID-19 Pandemic: A Preliminary Look at Official Data
(May 6, 2022), https://www.federalreserve.gov/econres/notes/feds-notes/business-entry-and-exit-in-the-covid-19-pandemic-a-preliminary-look-at-official-data-20220506.html (estimating excess
establishment exits to be roughly 181,000).
\19\ ADP Rsch. Inst., ADP National Employment Report, https://adpemploymentreport.com/ (last visited Mar. 20, 2023) (seasonally
adjusted non-farm private sector jobs at establishments with between
1-49 employees as of July 1, 2021 as compared to March 1, 2020).
\20\ Biz2Credit, Biz2Credit Small Business Lending Index Finds
April 2021 Non-PPP Loan Approval Rates Move Little for All Types of
Lenders (Apr. 2021), https://www.biz2credit.com/small-business-lending-index/april-2021; Biz2Credit, Biz2Credit Small Business
Lending Index Finds Business Loan Approval Rates Rose at Small
Banks, dipped at Big Banks in July 2022 (July 2022), https://www.biz2credit.com/small-business-lending-index/july-2022 (approvals
as of July 2022).
---------------------------------------------------------------------------
During the last two decades, the small business lending landscape
has also transformed. Traditional providers--namely banks--
consolidated, leading to branch closures. The number of banks in the
U.S. has declined from over 18,000 in 1986 to under 4,800 as of June
30, 2022 and the number of branches declined by 14 percent from 2009 to
2020.\21\ Meanwhile, new providers and products, such as online lenders
and merchant cash advances, have become increasingly prevalent in the
small business lending market. Financing by merchant cash advance
providers is estimated to have increased from $8.6 billion in volume in
2014 to $15.3 billion in 2017.\22\ From 2017 to 2019, the volume may
have increased further to $19 billion.\23\ Meanwhile, financing
provided by online ``fintech'' \24\ lenders is estimated to have
increased from $1.4 billion \25\ in outstanding balances in 2013 to
approximately $25 billion \26\ in 2019.
---------------------------------------------------------------------------
\21\ Cong. Rsch. Serv., Small Business Credit Markets and
Selected Policy Issues, at 6 (Aug. 20, 2019), https://fas.org/sgp/crs/misc/R45878.pdf (decline since 1986); Fed. Deposit Ins. Corp.,
Quarterly Banking Profile, at 6 (Aug. 2022), https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/2022jun/qbp.pdf (number of
banks as of June 30, 2022); Bruce C. Mitchell et al., Nat'l Cmty.
Reinvestment Coal., Relationships Matter: Small Business and Bank
Branch Locations (Mar. 2021), https://ncrc.org/relationships-matter-small-business-and-bank-branch-locations/ (branch closures).
\22\ PYMNTS, How Long Can MCAs Avoid the `Loan' Label? (Jan. 20,
2016), https://www.pymnts.com/in-depth/2016/how-long-can-mcas-avoid-the-loan-label/.
\23\ Paul Sweeney, Gold Rush: Merchant Cash Advances are Still
Hot, deBanked (Aug. 18, 2019), https://debanked.com/2019/08/gold-rush-merchant-cash-advances-are-still-hot/. Although the article
does not specify one way or the other, estimates by the underlying
source, Bryant Park Capital, appear to reference origination volumes
rather than outstanding balances. See Nimayi Dixit, S&P Glob. Mkt.
Intel., Payment Fintechs Leave Their Mark On Small Business Lending
(Aug. 28, 2018), https://www.spglobal.com/marketintelligence/en/news-insights/research/payment-fintechs-leave-their-mark-on-small-business-lending. Depending on credit multiplier effects, the value
of annual origination volumes could be smaller or greater than
outstanding balances. Without information on outstanding balances
and for the purposes of calculating a market size for small business
financing in 2019, the Bureau assumes in this paper a 1:1 ratio
between annual origination volumes and outstanding balances for
merchant cash advance products. See part II.D below for discussion
of credit multiplier effects and for market size calculations for
merchant cash advance and other small business financing products in
2019.
\24\ ``Fintechs'' have been defined as ``technology companies
providing alternatives to traditional banking services, most often
exclusively in an online environment,'' and may overlap in part with
other categories of financial institutions, such as commercial
finance companies and/or providers of specialized products,
including factoring and merchant cash advances. Brett Barkley & Mark
Schweitzer, The Rise of Fintech Lending to Small Businesses:
Businesses' Perspectives on Borrowing, 17 Int'l J. Cent. Banking 35,
35-36 (Mar. 2021), https://www.ijcb.org/journal/ijcb21q1a2.pdf.
\25\ Id. (citing Katie Darden et al., S&P Glob. Mkt. Intel.,
2018 US Fintech Market Report, at 5, https://www.spglobal.com/marketintelligence/en/documents/2018-us-fintech-market-report.pdf
(2018 US Fintech Market Report)). This figure annualizes $121
million in estimated 2013 quarterly originations to $484 million in
annual originations and scales up to estimated outstanding balances
using the ratio between the FFIEC Call Report and the CRA data
discussed in part II.D below.
\26\ 2018 US Fintech Market Report at 6. This figure scales up
$9.3 billion in estimated 2019 credit originations for small- to
medium-sized enterprise borrowers to outstanding balances using the
ratio methodology discussed in part II.D below.
---------------------------------------------------------------------------
Regarding trends in the small business financing landscape, the
shift away from traditional providers of small business credit toward
newer types of providers gives rise to both potential harm and
opportunity. In terms of potential harms, bank closures may have made
it more difficult for small businesses, particularly those that are
already underserved, to access credit and remain open--especially in
low- and moderate-income areas and rural communities. Newer providers,
often offering newer products, have less experience complying with both
Federal and State lending laws and regulations than traditional
providers. Differences in funding models may also make non-traditional
credit providers less resilient than depository banks or credit unions
during shocks to the financial system such as the onset of the COVID-19
pandemic.\27\ Additionally, they may use complex algorithms and
artificial intelligence, which may create or heighten ``risks of
unlawful discrimination, unfair, deceptive, or abusive acts or
practices . . . or privacy concerns.'' \28\ Opaque product terms and
high costs can also trap business owners in cycles of debt. In terms of
opportunity, some newer approaches may help applicants with low or
nonexistent personal or business credit scores--including women and
minorities who own or seek to start small businesses but on average
have lower personal credit scores than male and white business owners
\29\--to access credit.\30\ Non-traditional credit providers as well as
digital offerings by traditional financial institutions may also help
offset decreases in lending
[[Page 35155]]
associated with the closure of bank branches.\31\
---------------------------------------------------------------------------
\27\ Itzhak Ben-David et al., Nat'l Bureau of Econ. Res., Why
Did Small Business Fintech Lending Dry Up During March 2020, at 1-7
(Sept. 2021), https://www.nber.org/system/files/working_papers/w29205/w29205.pdf (discussing how nondepository lenders faced a
credit crunch in March 2020 that impaired their ability to continue
funding small business borrowers despite increased demand due to the
COVID-19 shock).
\28\ 86 FR 16837, 16839 (Mar. 31, 2021); see also Rohit Chopra,
CFPB, Remarks of Director Rohit Chopra at a Joint DOJ, CFPB, and OCC
Press Conference on the Trustmark National Bank Enforcement Action
(Oct. 22, 2021), https://www.consumerfinance.gov/about-us/newsroom/remarks-of-director-rohit-chopra-at-a-joint-doj-cfpb-and-occ-press-conference-on-the-trustmark-national-bank-enforcement-action/
(discussing risks of discriminatory bias from black box underwriting
algorithms).
\29\ Geng Li, Bd. of Governors of the Fed. Rsrv. Sys., FEDS
Notes: Gender-Related Differences in Credit Use and Credit Scores
(June 22, 2018), https://www.federalreserve.gov/econres/notes/feds-notes/gender-related-differences-in-credit-use-and-credit-scores-20180622.htm (finding that single women on average have lower credit
scores than single men); Alicia Robb, Off. of Advocacy, Small Bus.
Admin., Minority-Owned Employer Businesses and their Credit Market
Experiences in 2017, at 4 (July 22, 2020), https://cdn.advocacy.sba.gov/wp-content/uploads/2020/07/22172533/Minority-Owned-Employer-Businesses-and-their-Credit-Market-Experiences-in-2017.pdf (finding that Black and Hispanic small business borrowers
are disproportionately denied credit or discouraged from applying
for credit on the basis of their credit score).
\30\ See Jessica Battisto et al., Who Benefited from PPP Loans
by Fintech Lenders?, Liberty St. Econ. (May 27, 2021), https://libertystreeteconomics.newyorkfed.org/2021/05/who-received-ppp-loans-by-fintech-lenders.html (Who Benefited from PPP Loans)
(showing that online lenders were an important source of credit for
Black owners during the COVID-19 pandemic.
\31\ See Cong. Rsch. Serv., Fintech: Overview of Innovative
Financial Technology and Selected Policy Issues, at 1 (Apr. 28,
2020), https://crsreports.congress.gov/product/pdf/R/R46332.
---------------------------------------------------------------------------
The precise impacts of these broader trends are not well understood
at present because there are no comprehensive, comparable, and
application-level data across the fragmented and complex small business
lending market. Some small business lending data exist, provided in
data reported to Federal regulators, but available data are incomplete
in certain ways. Some do not include lending by certain categories of
institutions, such as smaller depository institutions. And none include
lending by nondepository institutions, which comprises almost half of
all small business financing.\32\
---------------------------------------------------------------------------
\32\ The Bureau estimates that nondepository private business
financing totaled approximately $550 billion out of around $1.2
trillion in total private outstanding balances in 2019 (47 percent).
This $550 billion figure includes estimated financing by fintechs
(around $25 billion), commercial finance companies (around $160
billion), nondepository CDFIs (around $1.5 billion), merchant cash
advance providers (around $19 billion), factors (around $100
billion), equipment leasing providers (around $160 billion),
nondepository mortgage lenders originating loans for 5+ unit
residential developments (around $30 billion), and non-financial
trade creditors (around $50 billion). There may additionally be
lending that is not captured here by equipment and vehicle dealers
originating loans in their own names. Public lenders include SBA,
the Federal Housing Administration, Fannie Mae and Freddie Mac, and
the Farm Credit System, with public lending totaling around $210
billion in traditional lending programs plus $1 trillion in
emergency COVID-19 SBA lending programs. See part II.D below for
methodology and sources regarding market size estimates for each
lending category.
---------------------------------------------------------------------------
The datasets that do exist both over- and underestimate small
business lending in certain respects by including small dollar loans to
non-small businesses and by excluding larger loans to small
businesses.\33\ Further, these datasets almost exclusively concern
originated loans; they do not include information on applications that
do not result in originated loans. Nor do they generally include
borrower demographics. Other public, private, and nonprofit datasets
offer only partial snapshots of particular areas of the market.
Finally, much of the publicly available data are aggregated, which does
not permit more granular, loan- or application-level analysis that
would facilitate fair lending or business and community development
analysis by stakeholders other than those that collected the data. See
part II.B below for a detailed discussion on existing data on small
business financing.
---------------------------------------------------------------------------
\33\ See part II.B below.
---------------------------------------------------------------------------
The remainder of this part II focuses on several broad topics that
explain, in more detail, the need for the small business lending data
that the CFPB's rule to implement section 1071 will provide: (A)
improved understanding of the role of small businesses in the U.S.
economy; (B) existing data on small business financing; (C) the
landscape of small business financing; (D) estimating the size of the
small business financing market despite limited data; (E) the
particular challenges faced by women-owned, minority-owned, and
LGBTQI+-owned small businesses; and (F) the purposes and impact of
section 1071.
A. Small Businesses in the United States
Small businesses are an important, dynamic, and widely diverse part
of the U.S. economy. They are critical to employment, innovation, and
economic growth and stability, both overall and specifically for
minority, women, and LGBTQI+ entrepreneurs.
The Small Business Act, as implemented by the Small Business
Administration (SBA), defines a small business using size standards
that generally hinge on the average number of employees or average
annual receipts of the business concern and are customized industry by
industry across 1,012 six-digit North American Industry Classification
System (NAICS) codes.\34\ Size standards based on average number of
employees are used in all industries in the manufacturing and wholesale
trade sectors, as well as in certain industries across a variety of
other sectors. Employee-based size standards range from 100 employees
(used almost entirely in certain industries within the wholesale trade
sector) to 1,500 employees (used in industries across a variety of
sectors including, for example, petroleum refineries, automobile
manufacturing, and greeting card publishers).\35\ Size standards based
on average annual receipts are used in nearly all other industries, and
range from $2.25 million (used in several industries in the crop
production and animal production and aquaculture subsectors) to $47
million (used in industries across a variety of sectors including, for
example, passenger car leasing, television broadcasting, and general
medical and surgical hospitals).\36\
---------------------------------------------------------------------------
\34\ See Small Bus. Admin., Table of Small Business Size
Standards Matched to North American Industry Classification System
Codes (effective Mar. 17, 2023), https://www.sba.gov/sites/default/files/2023-03/Table%20of%20Size%20Standards_Effective%20March%2017%2C%202023%20%281%29%20%281%29_0.pdf.
\35\ See id.
\36\ A small number of industries use a size standard based on a
metric other than average annual receipts or average number of
employees. For example, the commercial banking industry (NAICS
522110) is subject to an asset-based size standard. See id.
---------------------------------------------------------------------------
Simpler definitions of what constitutes a small business are used
in certain contexts. For example, in certain annual research releases
the SBA Office of Advocacy defines a small business as one that has
fewer than 500 employees.\37\ According to the Office of Advocacy, and
based on this definition of a small business, in 2018 there were 32.5
million such businesses in the U.S. that represent 99.9 percent of all
U.S. firms and employ over 60 million Americans.\38\ Over six million
of these small businesses have paid employees, while 26.5 million are
non-employer businesses (i.e., the owner(s) are the only people
involved in the business).\39\ From 1995 to 2020, small businesses,
particularly young businesses and start-ups, created 12.7 million net
new jobs in the U.S., while large businesses created 7.9 million.\40\
---------------------------------------------------------------------------
\37\ See SBA OA 2021 FAQs at 1.
\38\ See id.
\39\ See id.
\40\ See id.; see also Haltiwanger et al., 95 Rev. Econ. Stat.
at 347-48 (finding that young firms, which are generally small,
contribute disproportionately to both gross and net job creation).
---------------------------------------------------------------------------
Nearly one third of all businesses are minority-owned and more than
one third are women-owned, though minorities and women own a smaller
share of employer firms. As of 2019, minorities owned around 1.1
million employer firms in the U.S. (amounting to 18.7 percent of all
employer firms) \41\ and, as of 2018, approximately 8.7 million non-
employer firms (33.6 percent of all non-employer firms).\42\ Likewise,
as of 2019, women owned about 1.2 million employer firms (20.9 percent
of all employer firms) \43\ and, as of 2018, approximately 10.9 million
non-employer firms (41.0 percent of all non-employer firms).\44\
Additionally, in
[[Page 35156]]
2016 there were an estimated 1.4 million LGBTQI+ business owners in the
United States.\45\
---------------------------------------------------------------------------
\41\ See Press Release, U.S. Census Bureau, Census Bureau
Releases New Data on Minority-Owned, Veteran-Owned and Women-Owned
Businesses (Oct. 28, 2021), https://www.census.gov/newsroom/press-releases/2021/characteristics-of-employer-businesses.html (Census
Bureau 2021 Minority- and Women-Owned Businesses Data).
\42\ Minority Bus. Dev. Agency, U.S. Dep't of Com., All
Minority-Owned Firms: Fact Sheet (June 10, 2022), https://www.mbda.gov/sites/default/files/2022-06/All%20Minority%20Owned%20Firms%20Fact%20Sheet%20-%20FINAL%206.10.2022.pdf (stating that the nearly 8.7 million
minority non-employer firms in the U.S. generated $306.1 billion in
revenues in 2018).
\43\ See Census Bureau 2021 Minority- and Women-Owned Businesses
Data.
\44\ See Press Release, U.S. Census Bureau, Nonemployer
Statistics by Demographics (Dec. 16, 2021), https://www.census.gov/newsroom/press-releases/2021/nonemployer-statistics-by-demographics.html (also stating that these firms collectively
generated $300 billion in annual receipts). In 2017, nearly half of
all women-owned non-employer firms generated less than $10,000 in
annual receipts, while only 0.05 percent generated $1 million or
more in receipts. See Press Release, Nat'l Women's Bus. Council,
NWBC Shares 2017 Nonemployer Statistics by Demographics Estimates
for Women-Owned Businesses (Dec. 17, 2020), https://www.nwbc.gov/2020/12/17/nwbc-shares-2017-nonemployer-statistics-by-demographics-estimates-for-women-owned-businesses/.
\45\ Nat'l Gay & Lesbian Chamber of Com., America's LGBT
Economy: The Premiere Report on the Impact of LGBT-Owned Businesses,
at 2 (Jan. 2017), https://nglcc.org/wp-content/uploads/2022/02/REPORT-NGLCC-Americas-LGBT-Economy-1-1.pdf.
---------------------------------------------------------------------------
Businesses are legally structured in several ways. In 2018, 87
percent of non-employer businesses were sole proprietorships, which
means that the business is not distinguishable from the owner for tax
and legal purposes; the owner receives profits directly but is also
legally responsible for the business's obligations.\46\ Seven percent
of non-employer businesses were partnerships, which can be structured
to limit the personal liability of some or all owners; limited partners
may exchange control for limited liability, while general partners that
run the business may remain personally liable.\47\ Six percent of non-
employer businesses were structured as corporations--4.5 percent are S-
corporations and 1.5 percent are C-corporations--which are independent
legal entities owned by shareholders who are not personally liable for
the corporation's obligations.\48\ In 2018, most small employer
businesses were corporations, with 52.1 percent choosing to be S-
corporations and 15.3 percent preferring C-corporation status, although
sole proprietorship and partnership structures remained relatively
popular at 13.7 percent and 11.9 percent, respectively.\49\ By
contrast, in 2017, 74.2 percent of large employer businesses chose to
be C-corporations, with 9.3 percent preferring a partnership structure
and 8.1 percent S-corporation status.\50\
---------------------------------------------------------------------------
\46\ See SBA OA 2021 FAQs at 3.
\47\ Id. at 4.
\48\ Id.
\49\ Id.
\50\ Off. of Advocacy, Small Bus. Admin., Frequently Asked
Questions About Small Business, at 4 (Oct. 2020), https://cdn.advocacy.sba.gov/wp-content/uploads/2020/11/05122043/Small-Business-FAQ-2020.pdf (SBA OA 2020 FAQs).
---------------------------------------------------------------------------
Small businesses are particularly important in specific sectors of
the economy. In 2019, in the services sector, small businesses supplied
9.2 million healthcare and social services jobs (44 percent of all
healthcare and social services jobs), 8.8 million accommodation and
food services jobs (61 percent), and 5.7 million construction jobs (81
percent).\51\ In the same year, in manufacturing, small businesses
supplied 5.1 million manufacturing jobs (42 percent of all
manufacturing jobs).\52\ Finally, in 2016, family farms with annual
gross sales under $500,000 totaled over 91 percent out of 2.2 million
farms,\53\ and small businesses provided over 137,000 agriculture,
forestry, fishing and hunting jobs (84 percent of all agriculture,
forestry, fishing and hunting jobs).\54\ As such, the financial health
of small businesses is essential to the U.S. economy, especially to the
supply of critical and basic goods and services--from producing food to
serving it at restaurants, and from home building to healthcare.
---------------------------------------------------------------------------
\51\ See 2022 Small Business Profile at 4.
\52\ Id.
\53\ Nat'l Inst. of Food & Agric., U.S. Dep't of Agric., Family
Farms, https://nifa.usda.gov/family-farms (last visited Mar. 20,
2023) (classifying family farms as any farm organized as a sole
proprietorship, partnership, or family corporation. Family farms
exclude farms organized as non-family corporations or cooperatives,
as well as farms with hired managers).
\54\ 2022 Small Business Profile at 4.
---------------------------------------------------------------------------
Small businesses were especially hard-hit by the onset of the
COVID-19 pandemic. At one point in the pandemic in April 2020, 20
percent of self-employed workers had temporarily exited the labor
market.\55\ Industries in which small businesses played a large role
have been particularly impacted. For example, comparing April 2020 with
April 2019, employment declined by almost 50 percent in the leisure and
hospitality businesses (also declining by almost 50 percent among food
services and drinking establishments within the leisure and hospitality
industry), in which small businesses employ over 60 percent of
workers.\56\ Women-, minority-, and LGBTQI+-owned small businesses were
hit particularly hard. Between February and April 2020, some 373,000
jobs were lost in child daycare services, a sector in which women-
ownership predominates and minority-ownership is very significant. Only
54 percent of these jobs were recovered by the end of 2020.\57\ In
2021, 85 percent of LGBTQI+-owned small businesses reported the
pandemic was having a negative effect on their business, compared to 76
percent of non-LGBTQI+-owned small businesses.\58\ Since 2022, small
businesses have faced different economic shocks, including inflation
and a shortage of labor, as the economy reopened and resurgent consumer
demand has stretched still-fragile supply chains.\59\
---------------------------------------------------------------------------
\55\ Daniel Wilmoth, Off. of Advocacy, Small Bus. Admin., The
Effects of the COVID-19 Pandemic on Small Businesses (Issue Brief
No. 16), at 5 (Mar. 2021), https://cdn.advocacy.sba.gov/wp-content/uploads/2021/03/02112318/COVID-19-Impact-On-Small-Business.pdf.
\56\ Id. at 4. By the third quarter of 2020 many of these jobs
had since returned as mandatory closure orders ended and the economy
began to recover. Cf. Robert W. Fairlie et al., Nat'l Bureau of
Econ. Res., Were Small Businesses More Likely to Permanently Close
in the Pandemic, at 3, 14 (July 2022), https://www.nber.org/system/files/working_papers/w30285/w30285.pdf (finding a sharp increase in
California business closures in the first and second quarters of
2020 that reversed in the third quarter of 2020). However, small
businesses still appear to have suffered more than large businesses.
See id. (finding that small businesses experienced substantially
higher closure rates than large businesses).
\57\ Bureau of Labor Stat., COVID-19 Ends Longest Employment
Recovery and Expansion in CES History, Causing Unprecedented Job
Losses in 2020 (June 2021), https://www.bls.gov/opub/mlr/2021/article/covid-19-ends-longest-employment-expansion-in-ces-history.htm. An estimated 90 percent of childcare businesses are
women-owned and over half of these owners are minority women. Cindy
Larson & Bevin Parker-Cerkez, Investing in Child Care Fuels Women-
owned Businesses & Racial Equity, Loc. Initiatives Support Corp.
(Mar. 8, 2022), https://www.lisc.org/our-stories/story/investing-child-care-fuels-women-owned-businesses-racial-equity/.
\58\ Spencer Watson et al., LGBTQ-Owned Small Businesses in
2021, Ctr. for LGBTQ Econ. Advancement & Rsch. And Movement
Advancement Project, at 9 (July 2022), https://www.lgbtmap.org/file/LGBTQ-Small-Businesses-in-2021.pdf (using data from the Federal
Reserve's Small Business Credit Survey, which began collecting
demographic data on LGBTQ small business ownership in 2021).
\59\ See William C. Dunkelberg & Holly Wade, Small Business
Economic Trends, Nat'l Fed'n of Indep. Bus., at 2, 11, 19 (Aug.
2022), https://assets.nfib.com/nfibcom/SBET-August-2022.pdf (finding
that, out of 622 small businesses polled, 29 percent considered
inflation their biggest problem, 49 percent had at least one
unfilled job opening, and 32 percent reported that supply chain
disruptions had a significant impact on their business).
---------------------------------------------------------------------------
B. Existing Data on Small Business Lending
While small businesses are a critical part of the U.S. economy and
require financial support, it is still true--as it was in 2017 when the
CFPB published its White Paper on small business lending--that it is
not possible with current data to confidently answer basic questions
regarding the state of small business lending. This limitation is
especially the case with regard to the ethnicity, race, and sex of
small business owners, applications as opposed to originations, and for
small business financing products that are not currently reported in
Call Report data.\60\
---------------------------------------------------------------------------
\60\ CFPB, Key dimensions of the small business lending
landscape, at 39-40 (May 2017), https://files.consumerfinance.gov/f/documents/201705_cfpb_Key-Dimensions-Small-Business-Lending-Landscape.pdf (White Paper).
---------------------------------------------------------------------------
Data on small business lending are fragmented, incomplete, and not
standardized, making it difficult to
[[Page 35157]]
conduct meaningful comparisons across products and over time. Against
this background, it is not hard to see why Congress believed that the
collection of small business application data would serve to identify
business and community development needs and opportunities. The lack of
data hinders attempts by policymakers and other stakeholders to
understand the size, shape, and dynamics of the small business lending
marketplace, including the interaction of supply and demand, as well as
potentially problematic lending practices, gaps in the market, or
trends in funding that may be holding back some communities.\61\ For
example, absent better data, it is hard to determine if relatively
lower levels of bank loans to small businesses in the decade before the
pandemic began were reflective of a net relative decline in lending to
small businesses as compared to large businesses or rather a shift
within small business lending from banks to nondepository lenders.\62\
To the extent there may have been a relative decline, it is difficult
to assess if that decline affected certain types of small businesses
more than others, including women-owned and minority-owned small
businesses.\63\
---------------------------------------------------------------------------
\61\ While Call Report and CRA data provide some indication of
the level of supply of small business credit, the lack of data on
small business credit applications makes demand for credit by small
businesses more difficult to assess, including with respect to local
markets or protected classes.
\62\ Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How Did
Bank Lending to Small Business in the United States Fare After the
Financial Crisis?, at 26 (Jan. 2018), https://cdn.advocacy.sba.gov/wp-content/uploads/2019/05/09134658/439-How-Did-Bank-Lending-to-Small-Business-Fare.pdf (showing a decline in bank loans to small
businesses from 2008 to 2015 from $710 billion to $600 billion). The
level of bank lending to small businesses has recovered somewhat
since a trough in 2012-13 that represented the lowest amount of
lending since 2005. Fed. Deposit Ins. Corp., Quarterly Banking
Profile, https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/timeseries/small-business-farm-loans.xlsx (last visited Mar. 20,
2023).
\63\ White Paper at 40.
---------------------------------------------------------------------------
The primary sources of information on lending by depository
institutions are the Federal Financial Institutions Examination Council
(FFIEC) and National Credit Union Administration (NCUA) Consolidated
Reports of Condition and Income (Call Reports), as well as reporting
under the Community Reinvestment Act (CRA). Under the FFIEC and CRA
reporting regimes, small loans to businesses of any size are used in
whole or in part as a proxy for loans to small businesses. The FFIEC
Call Report captures banks' outstanding number and amount of small
loans to businesses (that is, loans originated under $1 million to
businesses of any size; small loans to farms are those originated under
$500,000).\64\ The CRA currently requires banks and savings
associations with assets over a specified threshold to report loans in
original amounts of $1 million or less to businesses; reporters are
asked to indicate whether the borrower's gross annual revenue is $1
million or less, if they have that information.\65\ The NCUA Call
Report captures data on all loans over $50,000 to members for
commercial purposes, regardless of any indicator about the business's
size.\66\ There are no similar sources of information about lending to
small businesses by nondepository institutions. The SBA also releases
loan-level data concerning some of its loan programs, but these
typically do not include demographic information, and cover only a
small portion of the overall small business financing market.
---------------------------------------------------------------------------
\64\ See Fed. Fin. Insts. Examination Council, Reporting Forms
31, 41, and 51 (last updated Mar. 16, 2023), https://www.ffiec.gov/ffiec_report_forms.htm (FFIEC Call Report).
\65\ See Fed. Fin. Insts. Examination Council, A Guide to CRA
Data Collection and Reporting, at 11, 13 (2015), https://www.ffiec.gov/cra/pdf/2015_CRA_Guide.pdf (2015 FFIEC CRA Guide).
Small business loans are currently defined for CRA purposes as loans
whose original amounts are $1 million or less and that were reported
on the institution's Call Report or Thrift Financial Report as
either ``Loans secured by nonfarm or nonresidential real estate'' or
``Commercial and industrial loans.'' Small farm loans are currently
defined for CRA purposes as loans whose original amounts are
$500,000 or less and were reported as either ``Loans to finance
agricultural production and other loans to farmers'' or ``Loans
secured by farmland.'' Id. at 11. The Federal agencies responsible
for implementing the CRA have proposed to amend the CRA regulations
to adopt the Bureau's definition of small business. 87 FR 33884
(June 3, 2022).
\66\ See Nat'l Credit Union Admin., Call Report Form 5300
Instructions, at 74-84 (Mar. 31, 2022), https://www.ncua.gov/files/publications/regulations/call-report-instructions-march-2022.pdf
(Call Report Form 5300 Instructions).
---------------------------------------------------------------------------
These public data sources provide some of the most extensive
information currently available on small business lending. However,
they suffer from four material limitations: namely that the data
capture only parts of the market, are published at a high level of
aggregation, do not permit detailed analysis across the market, and
lack standardization across different agencies.
First, these datasets exclude entire categories of lenders. For
example, banks under $1.384 billion in assets, as of 2022, do not have
to report under the CRA.\67\ The FFIEC and NCUA Call Reports and CRA
data do not include lending by nondepository financial institutions,
which the CFPB estimates to represent 37 percent of the small business
financing market and is rapidly growing.\68\
---------------------------------------------------------------------------
\67\ Joint Press Release, Bd. of Governors of the Fed. Rsrv.
Sys. & Fed. Deposit Ins. Corp., Agencies Release Annual Asset-Size
Thresholds Under Community Reinvestment Act Regulations (Dec. 16,
2021), https://www.federalreserve.gov/newsevents/pressreleases/bcreg20211216a.htm.
\68\ Nondepository lending is estimated to total approximately
$550 billion out of $1.5 trillion in total lending, excluding $1
trillion in COVID-19 emergency program lending. See part II.D below
(providing a detailed breakdown and methodology of estimates across
lending products).
---------------------------------------------------------------------------
Second, Federal agencies publish summary data at a high level in a
manner that does not facilitate independent analysis by other agencies
or stakeholders. The FFIEC and NCUA Call Reports and the CRA data are
all available at a higher level of aggregation than loan-level,
limiting fair lending and detailed geographic analyses since ethnicity,
race, and sex as well as business location data are rarely disclosed.
Third, the detailed data collected by these Federal sources have
significant limitations as well, preventing any analysis into certain
issues or types of borrowers, even by the regulators possessing these
data. Neither Call Report nor CRA data include applications, which
limits insights into any potential discrimination or discouragement in
application processes as well as into the interaction between credit
supply and demand. The FFIEC Call Report and CRA data separately
identify loans of under $1 million in value and, among loans of under
$1 million in value, CRA data also identify loans to businesses with
annual revenues of $1 million or less (if the lender collects borrower
revenue information).\69\ However, the Call Report definition of
``small business loans'' as those with a loan size of $1 million or
less at origination is both overinclusive, as it counts small loans to
businesses of all sizes, and underinclusive, as it excludes loans over
$1 million made to small businesses. Credit unions report any loans
under $50,000 as consumer loans and not as commercial loans on the NCUA
Call Report,\70\ potentially excluding from measurement an important
source of funding for many small businesses, particularly the smallest
and often most underserved.
---------------------------------------------------------------------------
\69\ Fed. Fin. Insts. Examination Council, Schedule RC-C, Part
II Loans to Small Businesses and Farms (2017), at 1, https://www.fdic.gov/regulations/resources/call/crinst-031-041/2017/2017-03-rc-c2.pdf (detailing the Call Report loan size threshold of $1
million at origination for loans to small businesses); 2015 FFIEC
CRA Guide at 11 (detailing the CRA size thresholds of $1 million
both for loan amount at origination and for revenue of small
business borrowers).
\70\ Call Report Form 5300 Instructions at 44.
---------------------------------------------------------------------------
Finally, the Federal sources of small business lending data are not
[[Page 35158]]
standardized across agencies and cannot be easily compared. For
example, as noted above, the FFIEC Call Report collects small loans to
businesses as a proxy for small business lending, whereas the NCUA Call
Report collects loans to members for commercial purposes above $50,000
but with no upper limit. The loan-level data for the Paycheck
Protection Program offer an unprecedented level of insight into small
business lending, but this dataset is a one-off snapshot into the
market for a specific lending program at an acute moment of crisis and
is also limited in utility by relatively low response levels to
demographic questions concerning borrowers.\71\
---------------------------------------------------------------------------
\71\ Zachary Warmbrodt, Tracking the Money: Bid to Make Business
Rescue More Inclusive Undercut by Lack of Data, Politico (Mar. 2,
2021), https://www.politico.com/news/2021/03/02/businesses-inclusive-coronavirus-relief-money-data-472539 (reporting that 75
percent of Paycheck Protection Program loan recipients did not
report their ethnicity and 58 percent did not reveal their gender);
see also Rachel Atkins et al., Discrimination in Lending? Evidence
from the Paycheck Protection Program, 58 Small Bus. Econ. 843, 844
(Feb. 2022), https://link.springer.com/article/10.1007/s11187-021-00533-1 (finding that borrower business owner race was reported for
only 10 percent of Paycheck Protection Program loans).
---------------------------------------------------------------------------
The Federal government also conducts and releases a variety of
statistics, surveys, and research reports on small business lending
through the member banks for the Federal Reserve System, the FDIC, CDFI
Fund, and the U.S. Census Bureau. These data sources offer insights
into broad trends and specific small business lending issues but are
less useful for detailed fair lending analyses or identification of
specific areas, industries, or demographic groups being underserved.
Periodic changes in survey methodology, sample sizes, and questions can
also limit comparability and the ability to track developments over
time.
There are also a variety of non-governmental data sources, issued
by both private and nonprofit entities, that cover small businesses
and/or the small business financing market. These include datasets and
surveys published by commercial data and analytics firms, credit
reporting agencies, trade associations, community groups, and academic
institutions. Certain of these data sources are publicly available and
track specific topics, such as small business optimism,\72\ small
business employment,\73\ rates of small business credit application
approvals,\74\ and small business lending and delinquency levels.\75\
Other databases have more granularity and provide detailed information
on individual businesses, including revenue, credit utilization,
industry, and location.\76\
---------------------------------------------------------------------------
\72\ Nat'l Fed'n of Indep. Bus., Small Business Optimism Index
(July 2022), https://www.nfib.com/surveys/small-business-economic-trends/.
\73\ ADP Rsch. Inst., Employment Reports, https://adpemploymentreport.com/ (last visited Mar. 20, 2023).
\74\ Biz2Credit, Biz2Credit Small Business Lending Index,
https://www.biz2credit.com/small-business-lending-index (last
visited Mar. 20, 2023).
\75\ PayNet, Small Business Lending Index, https://sbinsights.paynetonline.com/lending-activity/ (last visited Mar. 20,
2023).
\76\ See, e.g., Dun & Bradstreet, https://www.dnb.com/ (data
provider and credit reporter); Data Axle, https://www.data-axle.com/
(data provider); Equifax, https://www.equifax.com/business/product/business-credit-reports-small-business/ (credit reporter); Experian,
https://www.experian.com/small-business/business-credit-reports
(credit reporter).
---------------------------------------------------------------------------
While these non-public sources of data on small businesses may
provide a useful supplement to existing Federal sources of small
business lending data, these private and nonprofit sources often do not
have lending information, may rely in places on unverified self-
reporting or research based on public internet sources, and/or narrowly
limit use cases for parties accessing data. Further, commercial
datasets are generally not free to public users and can be costly as
well as have restrictions on their use, raising equity issues for
stakeholders who cannot afford access or are not permitted to use the
data for their desired purposes.
C. The Landscape of Small Business Finance
Notwithstanding the lack of data on the market, it is clear that
financing plays an important role in enabling small businesses to grow
and contribute to the economy. When it is available, financing not only
provides resources for small businesses to smooth cash flows for
current operations, but also affords business owners the opportunity to
invest in business growth. A study by a small business trade group
found a correlation between small business owners' ability to access
credit and their ability to hire.\77\ This same study found that, while
not the sole cause, the inability to secure financing may have led 16
percent of small businesses to reduce their number of employees and
approximately 10 percent of small businesses to reduce employee
benefits. Lack of access to financing also contributed to a further 10
percent of small businesses being unable to increase store inventory in
order to meet existing demand.\78\
---------------------------------------------------------------------------
\77\ White Paper at 17.
\78\ Id.
---------------------------------------------------------------------------
To support their growth or to make it through harder times, small
businesses look to a variety of funding sources. Especially when
starting out, entrepreneurs often rely on their own savings and help
from family and friends. If a business generates a profit, its owners
may decide to reinvest retained earnings to fund further growth.
However, for many aspiring business owners--and their personal
networks--savings and retained earnings may not be sufficient to fund a
new venture or grow it, leading owners to seek other sources of
funding. This is particularly true for minority households and women-
led households, which on average have less wealth than white households
and male-led households.\79\
---------------------------------------------------------------------------
\79\ Emily Moss et al., The Black-White Wealth Gap Left Black
Households More Vulnerable, Brookings Inst. (Dec. 8, 2020), https://www.brookings.edu/blog/up-front/2020/12/08/the-black-white-wealth-gap-left-black-households-more-vulnerable/ (detailing wealth gaps in
2019 by race and sex that show white male households with more
wealth than white female or Black male or female households at all
age brackets). See also Erin Ruel & Robert Hauser, Explaining the
Gender Wealth Gap, 50 Demography 1155, 1165 (Dec. 2012), https://read.dukeupress.edu/demography/article/50/4/1155/169553/Explaining-the-Gender-Wealth-Gap (finding a gender wealth gap of over $100,000
in a longitudinal study over 50 years of a single age cohort in
Wisconsin); Neil Bhutta et al., Bd. of Governors of the Fed. Rsrv.
Sys., Disparities in Wealth by Race and Ethnicity in the 2019 Survey
of Consumer Finances (Sept. 28, 2020), https://www.federalreserve.gov/econres/notes/feds-notes/disparities-in-wealth-by-race-and-ethnicity-in-the-2019-survey-of-consumer-finances-20200928.htm (finding median white family wealth in 2019 of
$188,200 compared with $24,100 for Black families and $36,100 for
Hispanic families).
---------------------------------------------------------------------------
One such source of funding comes from others besides family and
friends, whether high net worth individuals or ``angel investors,''
venture capital funds, or, in a more recent development usually
facilitated by online platforms, via crowdsourcing from retail
investors. Often, these early investments take the form of equity
funding, which business owners are not obligated to repay to investors.
However, equity funding requires giving up some ownership and control
to investors, which some entrepreneurs may not wish to do. For small
businesses, equity funding also tends to be somewhat more expensive
than debt financing in the long run. This is for a number of reasons,
including that loan interest payments, unlike capital gains, are tax-
deductible.\80\ Finally, equity investments from others besides family
and friends are available to only a small fraction of small businesses.
---------------------------------------------------------------------------
\80\ Jim Woodruff, The Advantages and Disadvantages of Debt and
Equity Financing, CHRON (updated Mar. 4, 2019), https://smallbusiness.chron.com/advantages-disadvantages-debt-equity-financing-55504.html.
---------------------------------------------------------------------------
Many small businesses instead seek debt financing from a wide range
of
[[Page 35159]]
providers. These providers include depository institutions, such as
banks, savings associations, and credit unions,\81\ as well as online
lenders and commercial finance companies, specialized providers of
specific financing products, nonprofits, and a range of government and
government-sponsored enterprises, among others.
---------------------------------------------------------------------------
\81\ For purposes of this document, the Bureau is using the term
depository institution to mean any bank or savings association
defined by section 3(c)(1) of the Federal Deposit Insurance Act, 12
U.S.C. 1813(c)(1), or credit union defined pursuant to the Federal
Credit Union Act, as implemented by 12 CFR 700.2. The Bureau notes
that the Dodd-Frank Act defines a depository institution to mean any
bank or savings association defined by the Federal Deposit Insurance
Act; there, that term does not encompass credit unions. 12 U.S.C.
5301(18)(A), 1813(c)(1). The Bureau is referring to banks and
savings associations together with credit unions as depository
institutions throughout this document, unless otherwise specified,
to facilitate analysis and discussion.
---------------------------------------------------------------------------
In the past, small businesses principally sought credit from banks;
however, as banks have merged and consolidated, particularly in the
wake of the Great Recession, they have provided less financing to small
businesses.\82\ As noted earlier, the number of banks has declined
significantly since a post-Great Depression peak in 1986 of over 18,000
institutions to under 4,800 institutions as of June 30, 2022,\83\ while
13,500 branches closed from 2009 to mid-2020, representing a 14 percent
decrease.\84\ Although nearly half of counties either gained bank
branches or retained the same number between 2012 and 2017, the
majority lost branches over this period.\85\ Out of 44 counties that
were deeply affected by branch closures, defined as having 10 or fewer
branches in 2012 and seeing five or more of those close by 2017, 39
were rural counties.\86\ Of rural counties, just over 40 percent lost
bank branches in that period; the rural counties that experienced
substantial declines in bank branches tend to be lower-income and with
a higher proportion of African American residents relative to other
rural counties,\87\ raising concerns about equal access to credit.
---------------------------------------------------------------------------
\82\ Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How Did
Bank Lending to Small Business in the United States Fare After the
Financial Crisis?, at 26 (Jan. 2018), https://cdn.advocacy.sba.gov/wp-content/uploads/2019/05/09134658/439-How-Did-Bank-Lending-to-Small-Business-Fare.pdf (showing a decline in bank loans to small
businesses from 2008 to 2015 from $710 billion to $600 billion). The
level of bank lending to small businesses has recovered somewhat
since a trough in 2012-13 that represented the lowest amount of
lending since 2005. Fed. Deposit Ins. Corp., https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/timeseries/small-business-farm-loans.xlsx (last visited Mar. 20, 2023).
\83\ Cong. Rsch. Serv., Small Business Credit Markets and
Selected Policy Issues, at 6 (Aug. 20, 2019), https://fas.org/sgp/crs/misc/R45878.pdf (decline since 1986); Fed. Deposit Ins. Corp.,
Quarterly Banking Profile, at 7 (Aug. 2022), https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/2022jun/qbp.pdf (number of
banks as of June 30, 2022).
\84\ Bruce C. Mitchell et al., Nat'l Cmty. Reinvestment Coal.,
Relationships Matter: Small Business and Bank Branch Locations, at 6
(2020), https://ncrc.org/relationships-matter-small-business-and-bank-branch-locations/ (stating that in 2009 there were 95,596 brick
and mortar full-service branches or retail locations but, as of June
30, 2020, that number had fallen to 82,086).
\85\ Bd. of Governors of the Fed. Rsrv. Sys., Perspectives from
Main Street: Bank Branch Access in Rural Communities, at 1, 3-4, 19
(Nov. 2019), https://www.federalreserve.gov/publications/files/bank-branch-access-in-rural-communities.pdf.
\86\ Id.
\87\ Id.
---------------------------------------------------------------------------
As banks have merged and the number of branches reduced, the share
of banking assets has also become increasingly concentrated in the
largest institutions, with banks of over $10 billion in assets
representing 86 percent of all industry assets in 2021, totaling $20.3
trillion out of $23.7 trillion.\88\ Nevertheless, banks of under $10
billion in assets continue to hold approximately half of all small
business loans (using the FFIEC Call Report definition of loans of
under $1 million), highlighting the importance of smaller banks to the
small business lending market.\89\ Since smaller bank credit approvals
have traditionally been close to 50 percent, while large banks approve
only 25-30 percent of applications, bank consolidation may have
implications for small business credit access.\90\ Since institutions
under $1.384 billion in assets currently are not required to report on
lending under the CRA,\91\ it is difficult to precisely quantify the
negative impact of bank consolidation and shuttered branches on small
business lending and access to credit in local areas.\92\
Qualitatively, community banks typically receive high satisfaction
scores among small business borrowers, reflecting their greater
commitment to relationship banking, a model of banking ``used to serve
families, businesses, and communities as individuals, with an emphasis
on providing customized help, rather than assembly line service.'' \93\
---------------------------------------------------------------------------
\88\ Fed. Deposit Ins. Corp., Bank Data and Statistics, https://www.fdic.gov/bank/statistical/ (last visited Mar. 20, 2023); see
also Cong. Rsch. Serv., Small Business Credit Markets and Selected
Policy Issues, at 6 (Aug. 20, 2019), https://fas.org/sgp/crs/misc/R45878.pdf (stating that banks over $10 billion held 84 percent of
all industry assets in 2018).
\89\ Speech by Board Governor Lael Brainard: Community Banks,
Small Business Credit, and Online Lending (Sept. 30, 2015), https://www.federalreserve.gov/newsevents/speech/brainard20150930a.htm.
Banks with under $10 billion in assets are often referred to as
``community banks.'' Cong. Rsch. Serv., Over the Line: Asset
Thresholds in Bank Regulation, at 2-3 (May 3, 2021), https://fas.org/sgp/crs/misc/R46779.pdf (noting that the Board of Governors
of the Federal Reserve System (Board) and the Office of the
Comptroller of the Currency (OCC) define community banks as having
under $10 billion in assets, although there may be other criteria,
with the FDIC considering also geographic footprint and a relative
emphasis on making loans and taking deposits as opposed to engaging
in securities and derivatives trading).
\90\ Biz2Credit, Biz2Credit Small Business Lending Index,
https://www.biz2credit.com/small-business-lending-index (last
visited Mar. 20, 2023). These historical approval rates are
reflected in pre-pandemic Small Business Lending Index releases by
Biz2Credit. See, e.g., Biz2Credit, Small Business Loan Approval
Rates at Big Banks Remain at Record High in February 2020:
Biz2Credit Small Business Lending Index, https://www.biz2credit.com/small-business-lending-index/february-2020 (last visited Mar. 20,
2023) (showing large bank approvals of 28.3 percent in February 2020
and of 27.2 percent in February 2019 and smaller bank approvals of
50.3 percent in February 2020 and of 48.6 percent in February 2019).
\91\ See part II.B above.
\92\ Bruce C. Mitchell et al., Nat'l Cmty. Reinvestment Coal.,
Relationships Matter: Small Business and Bank Branch Locations (Mar.
2021), https://ncrc.org/relationships-matter-small-business-and-bank-branch-locations/.
\93\ Rohit Chopra, CFPB, Prepared Remarks of CFPB Director Rohit
Chopra in Great Falls, Montana on Relationship Banking and Customer
Service (June 14, 2022), https://www.consumerfinance.gov/about-us/newsroom/prepared-remarks-of-cfpb-director-rohit-chopra-in-great-falls-montana-on-relationship-banking-and-customer-service/; see
also 87 FR 36828, 36829 (June 21, 2022) (stating that relationship
banking is ``an aspirational model of banking that meets its
customers' needs through strong customer service, responsiveness,
and care''); Cong. Rsch. Serv., Over the Line: Asset Thresholds in
Bank Regulation, at 3 (May 3, 2021), https://fas.org/sgp/crs/misc/R46779.pdf (stating that community banks are more likely to engage
in relationship-based lending).
---------------------------------------------------------------------------
In contrast to banks, credit unions increased their small business
lending from $30 billion in 2008 to $71 billion in 2021.\94\ Like
community banks, credit
[[Page 35160]]
unions typically receive high satisfaction scores among small business
borrowers, reflecting more high-contact, relationship-based lending
models.\95\
---------------------------------------------------------------------------
\94\ Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How Did
Bank Lending to Small Business in the United States Fare After the
Financial Crisis?, at 51 (Jan. 2018), https://cdn.advocacy.sba.gov/wp-content/uploads/2019/05/09134658/439-How-Did-Bank-Lending-to-Small-Business-Fare.pdf ($30 billion in lending in 2008); Calculated
from NCUA Call Report data accessed on October 18, 2022 ($71 billion
in lending in 2021). The Bureau notes that, as discussed in part
II.B above, credit unions only report credit transactions made to
members for commercial purposes with values over $50,000. The Bureau
uses this value as a proxy for small business credit. The Bureau
acknowledges that the true value of small business credit extended
by credit unions may be different than what is presented here. For
example, this proxy may overestimate the value of outstanding small
business credit because some members are taking out loans for large
businesses. Alternatively, this proxy may underestimate the value of
outstanding small business credit if credit unions originate a
substantial number of small business loans with origination values
of under $50,000. For this analysis, the Bureau includes all types
of commercial loans to members except construction and development
loans and multifamily residential property. This includes loans
secured by farmland; loans secured by owner-occupied, non-farm, non-
residential property; loans secured by non-owner occupied, non-farm,
non-residential property; loans to finance agricultural production
and other loans to farmers; commercial and industrial loans;
unsecured commercial loans; and unsecured revolving lines of credit
for commercial purposes.
\95\ Fed. Rsrv. Banks, Small Business Credit Survey, 2021 Report
On Employer Firms, at 28 (2021), https://www.fedsmallbusiness.org/survey/2021/report-on-employer-firms.
---------------------------------------------------------------------------
Certain banks and credit unions choose to be mission-based lenders,
as CDFIs or minority depository institutions.\96\ Mission-based lenders
focus on providing credit to traditionally underserved and low-income
communities and individuals to promote community development and expand
economic opportunity, making them a relatively smaller by dollar value
but essential part of the small business lending market. There were
almost 1,400 CDFIs (over half of which are depository institutions) as
of August 2022 and over 140 minority depository institutions as of
March 2022.\97\
---------------------------------------------------------------------------
\96\ Minority depository institutions are depository
institutions that are majority-owned by socially and economically
disadvantaged individuals or that have a majority-minority board of
directors and serve a predominantly minority community. Fed. Deposit
Ins. Corp., Minority Depository Institutions: Structure,
Performance, and Social Impact, at 1 (2019), https://www.fdic.gov/regulations/resources/minority/2019-mdi-study/full.pdf. Minority
depository institutions focus more than other banks on minority and
low- and moderate-income communities. See id. at 1, 5. CDFI banks
are certified through the U.S. Department of the Treasury by
demonstrating they serve low-income communities. CDFI Fund, CDFI
Certification, https://www.cdfifund.gov/programs-training/certification/cdfi (last visited Mar. 17, 2023).
\97\ CDFI Fund., CDFI Certification, https://www.cdfifund.gov/programs-training/certification/cdfi (last visited Mar. 20, 2023);
Fed. Deposit Ins. Corp., Minority Depository Institutions Program
(last visited Mar. 20, 2023), https://www.fdic.gov/regulations/resources/minority/mdi.html.
---------------------------------------------------------------------------
During a period in which depository institutions have been
providing relatively less funding to small businesses,\98\ some small
businesses have increasingly relied on nondepository institutions for
financing. Since nondepositories typically do not report their small
business financing activities to regulators, there are no authoritative
sources for either the number of such entities or the dollar value of
financing they provide to small businesses.\99\ However, what data are
available make clear that nondepository online lenders are increasing
their share of the small business financing market.\100\
---------------------------------------------------------------------------
\98\ See Rebel A. Cole, Off. of Advocacy, Small Bus. Admin., How
Did Bank Lending to Small Business in the United States Fare After
the Financial Crisis?, at 26 (Jan. 2018), https://cdn.advocacy.sba.gov/wp-content/uploads/2019/05/09134658/439-How-Did-Bank-Lending-to-Small-Business-Fare.pdf (showing a decline in
bank loans to small businesses from 2008-15 from $710 billion to
$600 billion). The level of bank lending to small businesses has
recovered somewhat since a trough in 2012-13 that represented the
lowest amount of lending since 2005. See also Fed. Deposit Ins.
Corp., https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/timeseries/small-business-farm-loans.xlsx (last visited Mar. 20,
2023) (tabulating outstanding balances for credit extended to small-
and non-small business lending by banks and thrifts over time).
\99\ See part II.B above.
\100\ See part II.D below.
---------------------------------------------------------------------------
Whether depository or nondepository, each provider of small
business financing may assess a variety of different criteria to
determine whether and on what terms to grant an extension of credit or
other financing product, including business and financial performance,
the credit history of the business and its owner(s), the time in
business, and the industry, among other factors. Protections such as
guarantees, collateral, and insurance can mitigate perceived risks,
potentially enabling a lender to offer better terms or facilitating an
extension of credit that would otherwise not meet lending limit or
underwriting criteria. Often, government agencies--including the SBA,
Federal Housing Administration, and USDA--guarantee or insure loans to
encourage lenders to provide credit to borrowers that may not otherwise
be able to obtain credit, either on affordable terms and conditions or
at all.\101\ Different lenders also employ diverse methods for
assessing risk, with smaller banks generally relying more on
traditional underwriting methods and typically managing multi-product
relationships. Online lenders increasingly use complex algorithms,
automation, and even artificial intelligence to assess risk and make
underwriting decisions, with originations typically being less
relationship-based in nature.
---------------------------------------------------------------------------
\101\ Cong. Rsch. Serv., Small Business Administration 7(a) Loan
Guaranty Program (updated June 30, 2022), https://fas.org/sgp/crs/misc/R41146.pdf (discussing the SBA's flagship 7(a) loan guarantee
program); U.S. Dep't of Hous. & Urban Dev., Descriptions Of
Multifamily Programs, https://www.hud.gov/program_offices/housing/mfh/progdesc (last visited Mar. 20, 2023) (listing Federal Housing
Administration mortgage insurance programs for 5+ unit residential
developments); Farm Serv. Agency, U.S. Dep't of Agric., Guaranteed
Loan Program Fact Sheet (Mar. 2020), https://www.fsa.usda.gov/Assets/USDA-FSA-Public/usdafiles/FactSheets/guaranteed_loan_program-factsheet.pdf (discussing the USDA's Farm Service Agency guaranteed
loan program).
---------------------------------------------------------------------------
As well as diversity in underwriting methodology and criteria,
there are also considerable differences across small business financing
products and providers with respect to pricing methods and repayment
structures. As a result, it can be challenging to compare the
competitiveness of product pricing and terms. Term loans, lines of
credit, and credit cards typically disclose annualized interest rates;
leases often take into account depreciation; factoring products
discount an invoice's value and add a fee; and merchant cash advances
apply a multiple to the value of the up-front payment.\102\ Moreover,
providers may add additional fees that are not standardized within
industries, much less across them.
---------------------------------------------------------------------------
\102\ See part II.D below for definitions of the different
product categories.
---------------------------------------------------------------------------
D. Estimating the Size and Scope of the Small Business Financing Market
In light of the lack of data and the heterogeneity of products and
providers within the small business financing market, it can be
difficult to get a clear sense of the size and scope of the market. In
this part, the CFPB describes its estimates of the total outstanding
balances of credit in the market, the number of institutions that are
active in the small business financing market, and how the CFPB arrived
at these estimates. Where possible, the CFPB tries to estimate the
state of the small business financing market at the end of 2019 in
order to estimate the state of the market during the year prior to the
onset of the COVID-19 pandemic.
One challenge is that some of the data report the dollar value of
originations and some report outstanding balances. For the purposes of
this exercise and for most, but not all, products, the CFPB assumes
that for every $1 originated in the market in a given year, there is
approximately a corresponding $3 of outstanding balances. This
assumption is based on the ratio of the 2019 FFIEC Call Report data,
which totaled $721 billion in outstanding balances on bank loans to
small businesses and small farms, and the 2019 CRA data, which recorded
$264 billion in bank loan originations to small businesses and small
farms.\103\ This assumption is limited by the extent to which other
small business financing products differ from loans and lines of
credit, which make up the majority of financing products captured by
the FFIEC Call Report data and the CRA data.\104\
---------------------------------------------------------------------------
\103\ FFIEC Call Report data records outstanding balances on
loans with origination amounts less than $1 million across
Commercial & Industrial, Nonfarm Nonresidential, Agricultural, and
Secured by Farmland lending categories. See FDIC Quarterly Banking
Profile Time Series, https://www.fdic.gov/analysis/quarterly-banking-profile/qbp/timeseries/small-business-farm-loans.xlsx (last
visited Mar. 20, 2023).
\104\ FFIEC Call Report data and CRA data on small business
credit products also include business credit card products, but
loans and lines of credit made up $713 billion out of $775 billion
in outstanding balances on bank, savings association, and credit
union loans to small businesses in 2019. One important caveat to
this assumption is that products with materially shorter average
term lengths, for example credit cards, factoring products, and
merchant cash advances, may have an inverse ratio of originations to
outstanding balances. For example, top issuers of general-purpose
credit cards recorded purchase volumes of two to seven times their
outstanding balances in 2020. Nilson Report, Issue 1192, at 6 (Feb.
2021), https://nilsonreport.com/publication_newsletter_archive_issue.php?issue=1192. If business-
purpose credit cards, factoring products, and merchant cash advances
behaved similarly with respect to the ratio of originations to
outstanding balances, then for every $1 originated in the market in
a given year, there could be a corresponding $0.14-0.50 in
outstanding balances for such products ($1 divided by two to seven).
---------------------------------------------------------------------------
[[Page 35161]]
As detailed in this section, the CFPB estimates that the market for
small business financing products totaled $1.4 trillion in outstanding
balances in 2019. The CFPB estimates that small business financing by
depository institutions makes up just over half of small business
financing by private institutions. In 2020 and 2021, COVID-19 emergency
lending programs added a further $1 trillion to this value, bringing
the overall size of the small business financing market up to $2.4
trillion. However, by July 2022, over $740 billion in Paycheck
Protection Program loans had been forgiven, bringing the total market
size back below $1.7 trillion.\105\ Below, the CFPB estimates the
market share for different small business financing products.
---------------------------------------------------------------------------
\105\ Pandemic Response Accountability Comm., Paycheck
Protection Program: Loan Forgiveness by the Numbers (July 2022),
https://www.pandemicoversight.gov/media/file/ppp-loan-forgiveness-fact-sheet-july-2022-updatepdf.
---------------------------------------------------------------------------
Since the available data regarding depository institutions' small
loans to businesses address term loans, lines of credit, and credit
cards together, the respective shares of these three products in the
overall small business financing market are difficult to assess. As
detailed in this part, the CFPB estimates that together, private term
loans and lines of credit constitute the largest small business credit
product by value, totaling approximately $770 billion in outstanding
balances in 2019. As of July 2022, outstanding balances for Economic
Impact Disaster Loan Program and Paycheck Protection Program loans
totaled $260 billion, bringing the total value of all outstanding loans
and lines of credit to around $1 trillion.\106\
---------------------------------------------------------------------------
\106\ Id.
---------------------------------------------------------------------------
Lending by banks, saving associations, and credit unions comprises
the largest part of this total amount for private term loans and lines
of credit. Using FFIEC Call Report data for December 2019, the CFPB
estimates that banks and savings associations accounted for a total of
about $721 billion in outstanding credit to small businesses and small
farms as of December 2019.\107\ Using NCUA Call Report data for
December 2019, the CFPB estimates that credit unions accounted for a
total of about $55 billion in outstanding credit to members for
commercial purposes.\108\ From this value, the CFPB subtracts $62
billion in credit card lending to arrive at $713 billion in outstanding
balances for term loans and lines of credit. From this value, the CFPB
further subtracts $134 billion in SBA guaranteed loans to arrive at
$580 billion in outstanding balances for private term loans and lines
of credit extended by depository institutions (i.e., banks, savings
associations, and credit unions) as of December 2019.
---------------------------------------------------------------------------
\107\ Calculated from FFIEC Call Report data accessed on October
18, 2022. The CFPB notes that, as discussed in part II.B above,
these estimates rely on small loans to businesses as a proxy for
loans to small businesses. As such, the CFPB acknowledges that the
true outstanding value of credit extended to small businesses by
such institutions may be different than what is presented here. For
example, the small loans to businesses proxy would overestimate the
value of outstanding credit if a significant number of small loans
to businesses and farms are to businesses or farms that are actually
large. Alternatively, the proxy would underestimate the value of
outstanding credit to small businesses if a significant number of
businesses and farms that are small under the rule take out loans
that are larger than $1 million or $500,000, for businesses and
farms, respectively.
\108\ Calculated from NCUA Call Report data accessed on October
18, 2022.
---------------------------------------------------------------------------
The remaining $190 billion in outstanding balances for private term
loans and lines of credit was extended by various nondepository
institutions, namely commercial finance companies, online lenders, and
nondepository CDFIs.\109\
---------------------------------------------------------------------------
\109\ There may additionally be lending that is not captured
here by equipment and vehicle dealers originating loans in their own
names.
---------------------------------------------------------------------------
Commercial finance companies specialize in financing equipment and
vehicle purchases. The CFPB estimates that the value of outstanding
balances on credit extended by commercial finance companies totaled
approximately $160 billion. Using data from the Board's Finance Company
Business Receivables data on owned assets as of December 2019, the CFPB
estimates commercial finance companies outstanding credit for
commercial purposes as the value of retail motor vehicle loans plus
equipment loans and other business receivables, which totaled about
$215 billion.\110\ The CFPB further assumes that about 75 percent of
this value, or $162 billion, can be attributed to loans to small
businesses.\111\
---------------------------------------------------------------------------
\110\ Bd. of Governors of the Fed. Rsrv. Sys., Finance
Companies--G.20 (updated Aug. 17, 2022), https://www.federalreserve.gov/releases/g20/hist/fc_hist_b_levels.html. The
Bureau does not include leases, since they are already counted
within the product category of equipment and vehicle leasing, or
wholesale loans, which it assumes are typically made to non-small
businesses.
\111\ This methodology is consistent with the approach taken by
Gopal and Schnabl (2020).
---------------------------------------------------------------------------
Typical ``fintech'' providers are characterized primarily by
providing financial services exclusively in an online environment.\112\
The CFPB estimates that total outstanding loan balances for such
providers reached around $25 billion in 2019. Using this estimate, the
CFPB scales up an estimated $9.3 billion in credit originations by
online platform lenders to small and medium enterprises in 2019 to $25
billion in estimated outstanding balances, under the assumptions
discussed above.\113\ At the beginning of the COVID-19 pandemic and
associated financial crisis, these lenders originated around $22
billion in Paycheck Protection Program loans to small businesses from
March to August 2020 \114\ and likely continued to originate billions
more during the third wave of Paycheck Protection Program loans in
2021, which represents an almost 90 percent increase or more in
outstanding balances since 2019.\115\ This follows already rapid growth
from $1.4 billion in estimated outstanding balances in 2013.\116\
---------------------------------------------------------------------------
\112\ Barkley & Schweitzer, 17 Int'l J. Cent. Banking at 35-36.
\113\ See 2018 US Fintech Market Report at 6. The Bureau notes
that this figure may underestimate the total value of such lending
because it focuses on platform lenders and may overestimate the
value of lending to small businesses because it also includes credit
to medium businesses. Additionally, the Bureau notes that fintechs
often offer products besides loans and lines of credit, and that
there is no clear demarcation between fintech, commercial finance
company, and merchant cash advance provider, limiting the precision
of market size estimates. Finally, fintechs often sell loans once
originated to other entities, securitize their originations, or
purchase loans that banks have originated, which may further present
challenges to the precision of market size estimates for this market
segment.
\114\ Small Bus. Admin., Paycheck Protection Program (PPP)
Report (approvals through 12 p.m. EST Apr. 16, 2020), https://www.sba.gov/sites/default/files/2020-06/PPP%20Deck%20copy-508.pdf;
Small Bus. Admin., Paycheck Protection Program (PPP) Report
(approvals through Aug. 8, 2020), https://www.sba.gov/sites/default/files/2020-08/PPP_Report%20-%202020-08-10-508.pdf.
\115\ Per the program's intent, many Paycheck Protection Program
loans have been forgiven since the program began, which likely means
that outstanding balances on Paycheck Protection Program loans
extended by online lenders have since declined. See Pandemic
Response Accountability Comm., Paycheck Protection Program: Loan
Forgiveness by the Numbers (July 2022), https://www.pandemicoversight.gov/media/file/ppp-loan-forgiveness-fact-sheet-july-2022-updatepdf (reporting that $742 billion in Paycheck
Protection Program loans had been forgiven by July 2022).
\116\ Barkley & Schweitzer, 17 Int'l J. Cent. Banking at 35-36
(citing 2018 US Fintech Market Report at 5). This figure annualizes
$121 million in estimated 2013 quarterly originations to $484
million in annual originations and scales up to estimated
outstanding balances using the ratio between the FFIEC Call Report
and the CRA data discussed above.
---------------------------------------------------------------------------
[[Page 35162]]
The CFPB estimates the value of outstanding balances on credit
extended by nondepository CDFIs to small business borrowers to be
around $1.5 billion. Using reporting by the CDFI Fund for 2019, the
CFPB scales down the outstanding balances for loan funds of $13.8
billion and for venture capital funds of $0.3 billion by the proportion
of all CDFI lending attributable to business borrowers, which totaled
$15.4 billion out of $141.2 billion.\117\
---------------------------------------------------------------------------
\117\ CDFI Fund, CDFI Annual Certification and Data Collection
Report (ACR): A Snapshot for Fiscal Year 2019, at 17, 22 (Oct.
2020), https://www.cdfifund.gov/sites/cdfi/files/2021-01/ACR-Public-Report-Final-10292020-508Compliant.pdf. To the extent that CDFI loan
funds and venture capital funds extend credit to business customers
at different rates than CDFI banks and credit unions, this
calculation may over- or underestimate the value of lending to small
businesses by nondepository CDFIs. This figure also assumes that all
CDFI lending is for small businesses.
---------------------------------------------------------------------------
Categorized here separately so as to distinguish residential from
non-residential loans, the CFPB estimates outstanding balances for
loans on 5+ unit residential dwellings to total over $30 billion.\118\
The CFPB scales up $11 billion in 2019 annual originations on loans of
under $1 million in value at origination for 5+ unit residential
dwellings to $30 billion in estimated outstanding balances, using the
ratio between the FFIEC Call Report and the CRA data discussed
above.\119\
---------------------------------------------------------------------------
\118\ Depository institutions, discussed above, extend a
sizeable proportion of loans for 5+ unit residential dwellings; both
nondepository and depository institutions are included in the total
for 5+ unit outstanding balances.
\119\ See Mortg. Bankers Ass'n, Annual Report on Multi-Family
Lending--2019, at 5 (2020), https://www.mba.org/store/products/research/general/report/2019-annual-report-on-multifamily-lending.
This includes both private loans, estimated at around $18 billion,
and loans extended by Fannie Mae, Freddie Mac, and the Federal
Housing Administration, estimated at around $13 billion. The share
of 5+ unit residential dwelling loans of all sizes extended by
governmental or government-sponsored entities was 41 percent. The
Bureau assumes for the purposes of this exercise that the same share
is reflected in loans of under $1 million in value at origination,
although arguably this share would be higher if government and
government-sponsored entities extended disproportionately smaller
dollar value loans on average. There is also a substantial market
for commercial real estate besides 5+ unit residential dwellings not
captured here due to a lack of data on loans of small size or to
small businesses. See Mortg. Bankers' Ass'n, MBA: Commercial,
Multifamily Mortgage Bankers Originated $683B in 2021; Total Lending
Tally Reaches $891B (Apr. 15, 2022), https://newslink.mba.org/mba-newslinks/2022/april/mba-newslink-friday-apr-15-2022/mba-commercial-multifamily-mortgage-bankers-originated-683b-in-2021-total-lending-tally-reaches-891b/ (estimating the volume of commercial real estate
lending of any size to be $890.6 billion in 2021, of which
multifamily lending accounted for $376 billion).
---------------------------------------------------------------------------
Also categorized separately from depository institution totals so
as to distinguish private from government and government-sponsored
loans, the CFPB estimates that outstanding balances for loans extended
by the SBA and the Farm Credit System totaled around $200 billion in
2019.\120\
---------------------------------------------------------------------------
\120\ The grand total for lending by government and government-
sponsored entities would be approximately $210 billion, including 5+
unit residential dwelling loans extended by Fannie Mae, Freddie Mac,
and the Federal Housing Administration, which are separately
recorded within the 5+ unit residential dwelling loan product
category.
---------------------------------------------------------------------------
The SBA, through its traditional 7(a), 504, and microloan programs
as well as the Economic Impact Disaster Loan Program and funding for
Small Business Investment Companies, is the largest governmental lender
by value, with $143.5 billion in outstanding balances at the end of
fiscal 2019.\121\ As part of the Federal government's response to the
COVID-19 pandemic, during 2020 and 2021 SBA lending increased in size
by over $1 trillion due to the Paycheck Protection Program, which
totaled almost $800 billion, and the Economic Impact Disaster Loan
Program, which totaled $210 billion.\122\ However, as noted above, over
$740 billion in Paycheck Protection Program loans had been forgiven as
of July 2022, bringing SBA outstanding loan balances back down.\123\
---------------------------------------------------------------------------
\121\ Small Bus. Admin., Small Business Administration Loan
Program Performance (effective Mar. 31, 2022), https://www.sba.gov/document/report-small-business-administration-loan-program-performance. SBA guaranteed loans comprised $134 billion out of this
total, which amount has been deducted from the totals for depository
institutions to avoid double counting.
\122\ Small Bus. Admin., Paycheck Protection Program (PPP)
Report (approvals through May 31, 2021), https://www.sba.gov/sites/default/files/2021-06/PPP_Report_Public_210531-508.pdf; Small Bus.
Admin., Disaster Assistance Update--Nationwide COVID EIDL, Targeted
EIDL Advances, Supplemental Targeted Advances (June 3, 2021),
https://www.sba.gov/sites/default/files/2021-06/COVID-19%20EIDL%20TA%20STA_6.3.2021_Public-508.pdf; Small Bus. Admin.,
Disaster Assistance Update--Nationwide EIDL Loans (Nov. 23, 2020),
https://www.sba.gov/sites/default/files/2021-02/EIDL%20COVID-19%20Loan%2011.23.20-508_0.pdf.
\123\ Pandemic Response Accountability Comm., Paycheck
Protection Program: Loan Forgiveness by the Numbers (July 2022),
https://www.pandemicoversight.gov/media/file/ppp-loan-forgiveness-fact-sheet-july-2022-updatepdf.
---------------------------------------------------------------------------
The Farm Credit System is another important government-related part
of the small business credit landscape. The CFPB estimates that Farm
Credit System lenders had around $55 billion in outstanding balances of
credit extended to small farms in 2019. Using the same small loan to
farms proxy as is used in the FFIEC Call Report, the CFPB estimates
credit to farms with an origination value of less than $500,000. Based
on the Farm Credit System's 2019 Annual Information Statement of the
Farm Credit System, the CFPB estimates that outstanding balances of
such small credit to farms totaled $55 billion at the end of 2019.\124\
The CFPB notes that, as with the FFIEC Call Report proxy, this number
may include credit to non-small farms and may exclude larger credit
transactions extended to small farms. Considering credit extended with
an origination value of between $500,000 and $5 million would increase
the market size by $86 billion to $141 billion.\125\
---------------------------------------------------------------------------
\124\ Fed. Farm Credit Banks Funding Corp., Farm Credit 2019
Annual Information Statement of the Farm Credit System, at 54 (Feb.
28, 2020), https://www.farmcreditfunding.com/ffcb_live/investorResources/informationStatements.html.
\125\ Id.
---------------------------------------------------------------------------
Mostly extended by depository institutions, the CFPB estimates that
the market for small business credit cards totaled over $60 billion in
outstanding balances for 2020.\126\ Using data from Y-14 Form
submissions to the Federal Reserve Board, the CFPB estimates the value
of outstanding balances for small business credit card accounts where
the loan is underwritten with the sole proprietor or primary business
owner as an applicant.\127\
---------------------------------------------------------------------------
\126\ See Bd. of Governors of the Fed. Rsrv. Sys., Report Forms
FR Y-14M, https://www.federalreserve.gov/apps/reportingforms/Report/Index/FR_Y-14M (last updated Sept. 12, 2022). The Board's data are
received from bank holding companies over $50 billion in assets,
which represent 70 percent of outstanding balances for consumer
credit cards; the corresponding percent of balances captured for
small business cards is not known, so the total small business-
purpose credit card market could be substantially higher or lower.
See CFPB, The Consumer Credit Card Market, at 18 (Aug. 2019),
https://files.consumerfinance.gov/f/documents/cfpb_consumer-credit-card-market-report_2019.pdf.
\127\ Off. of Mgmt. & Budget, Instructions for the Capital
Assessments and Stress Testing Information Collection (Reporting
Form FR-Y14M), OMB No. 7100-0341, at 148 (Mar. 2020), https://omb.report/icr/202101-7100-006/doc/108187801.
---------------------------------------------------------------------------
Equipment and vehicle leasing, whereby businesses secure the right
to possess and use a piece of equipment or vehicle for a term in return
for consideration, is another important product category that is
estimated to value roughly $160 billion in outstanding balances in
2019. The CFPB estimates the total size of the equipment and vehicle
leasing market for all sized businesses in 2019 to be approximately
$900 billion.\128\ The CFPB further assumes that small businesses
comprise around 18 percent of the total
[[Page 35163]]
equipment and vehicle leasing market.\129\
---------------------------------------------------------------------------
\128\ See Equip. Leasing & Fin. Found., Horizon Report, https://www.leasefoundation.org/industry-resources/horizon-report/ (last
updated Apr. 22, 2021).
\129\ See Karen Mills, Harvard Bus. Sch., State of Small
Business Lending, at 29 (July 2014), https://www.hbs.edu/ris/Supplemental%20Files/15-004%20HBS%20Working%20Paper%20Chart%20Deck_47695.pdf (estimating
equipment leasing outstanding balances for small business borrowers
at approximately $160 billion at Dec. 31, 2013); Monitor Daily, SEFI
Report Finds Strong Performance Despite Challenges (Oct. 21, 2014),
https://www.monitordaily.com/news-posts/sefi-report-finds-strong-performance-despite-challenges/ ($903 billion market in 2014,
commensurate with an 18 percent market share for small business
borrowers at the time of the Karen Mills report).
---------------------------------------------------------------------------
Factoring is a similarly significant product type, estimated at
around $100 billion in market size for 2019.\130\ In a factoring
transaction, factors purchase, at a discount, a legally enforceable
claim for payment (i.e., accounts receivables or invoices) for goods
already supplied or services already rendered by a business for which
payment has not yet been made in full; hence, a factor's risk related
to repayment lies with the business's customer and not the business
itself. In most cases, specific companies, called factors, provide
factoring products.
---------------------------------------------------------------------------
\130\ See Secured Fin. Found., 2019 Secured Finance: Market
Sizing & Impact Study Extract Report, at 7 (June 2019), https://www.sfnet.com/docs/default-source/data-files-and-research-documents/sfnet_market_sizing___impact_study_extract_f.pdf?sfvrsn=72eb7333_2.
This study estimated the total volume of the U.S. factoring market
to be $101 billion. To the extent that factoring volumes differ from
outstanding balances, the value of outstanding balances may be
higher or lower than this estimate. Also, this estimate captures
factoring for business borrowers of all sizes, not just small
business borrowers. The CFPB assumes that most factoring is provided
to small business customers.
---------------------------------------------------------------------------
The market for merchant cash advances continues to develop rapidly
and data are even more scarce than for other segments of the small
business lending market. This limits the reliability of estimates as to
the merchant cash advance market's size. The CFPB estimates the 2019
market size to be around $20 billion.\131\ The merchant cash advance
market is also of particular significance for smaller and traditionally
underserved businesses that may not qualify for other types of
credit.\132\ Merchant cash advances are typically structured to provide
a lump sum payment up front (a cash advance) in exchange for a share of
future revenue until the advance, plus an additional amount, is repaid.
Unlike the majority of other small business financing products,
merchant cash advances typically purport to be for short
durations.\133\ The CFPB understands that merchant cash advances also
tend to be relatively high-cost products.\134\ Several States,
including New York and California, are implementing laws that will
require providers of ``sales-based financing,'' such as merchant cash
advances, as well as other nondepositories to provide disclosures
(including estimated APR in some States) similar to those required
under the Truth in Lending Act (TILA),\135\ which generally only
applies to consumer credit.\136\
---------------------------------------------------------------------------
\131\ Paul Sweeney, Gold Rush: Merchant Cash Advances are Still
Hot, deBanked (Aug. 18, 2019), https://debanked.com/2019/08/gold-rush-merchant-cash-advances-are-still-hot/. BPC estimates appear to
reference origination volumes rather than outstanding balances. See
Nimayi Dixit, S&P Glob. Mkt. Intel., Payment Fintechs Leave Their
Mark On Small Business Lending (Aug. 28, 2018), https://www.spglobal.com/marketintelligence/en/news-insights/research/payment-fintechs-leave-their-mark-on-small-business-lending.
Depending on credit multiplier effects, the value of annual
origination volumes could be smaller or greater than outstanding
balances. Without information on outstanding balances and for the
purposes of calculating a market size for small business financing
in 2019, the CFPB assumes in this paper a 1:1 ratio between annual
origination volumes and outstanding balances for merchant cash
advance products. See above for discussion of credit multiplier
effects.
\132\ Cf. Barbara Lipman & Ann Marie Wiersch, Bd. of Governors
of the Fed. Rsrv. Sys., Uncertain Terms: What Small Business
Borrowers Find When Browsing Online Lender websites, at 3 (Dec.
2019), https://www.federalreserve.gov/publications/files/what-small-business-borrowers-find-when-browsing-online-lender-websites.pdf
(observing that online lenders, including providers of merchant cash
advance products, position themselves as offering financing to
borrowers underserved by traditional lenders).
\133\ See id. (stating that merchant cash advances are generally
repaid in three to 18 months).
\134\ Id. (stating that annual percentage rates on merchant cash
advance products can exceed 80 percent or rise to triple digits).
See also Fed. Trade Comm'n, `Strictly Business' Forum, Staff
Perspective, at 5 (Feb. 2020), https://www.ftc.gov/system/files/documents/reports/staff-perspective-paper-ftcs-strictly-business-forum/strictly_business_forum_staff_perspective.pdf (observing
stakeholder concern about the high-cost of merchant cash advances
that can reach triple digit annual percentage rates).
\135\ 15 U.S.C. 1601 et seq.
\136\ New York State law requires that providers of ``sales-
based financing'' provide disclosures to borrowers that include
calculations of an estimated annual percentage rate in accordance
with the CFPB's Regulation Z, 12 CFR part 1026. See N.Y. S.898,
section 803(c) (signed Jan. 6, 2021) (amending S.5470-B), https://legislation.nysenate.gov/pdf/bills/2021/s898. The New York
Department of Financial Services is currently developing regulations
to implement the law. See N.Y. Dep't of Fin. Servs., Proposed
Financial Services Regulations, https://www.dfs.ny.gov/industry_guidance/regulations/proposed_fsl. Similarly, California's
Department of Financial Protection and Innovation has adopted
regulations to implement a California law requiring disclosures by
commercial financing companies, including those providing sales-
based financing. See 10 Cal. Code Reg. 900(a)(28) (effective Dec. 9,
2022) (defining sales-based financing as ``a commercial financing
transaction that is repaid by a recipient to the financer as a
percentage of sales or income, in which the payment amount increases
and decreases according to the volume of sales made or income
received by the recipient'' and including ``a true[hyphen]up
mechanism''); 10 Cal. Code Reg. 914 and 940 (requiring sales-based
financing providers disclosure estimated annual percentage rate
according to Regulation Z, 12 CFR part 1026). Under these laws,
providers of commercial financing generally will be required to
disclose: (1) the total amount financed, and the amount disbursed if
it is different from the total amount financed; (2) the finance
charge; (3) the APR (or the estimated APR for sales-based financing
and factoring transactions), calculated in accordance with TILA and
Regulation Z; (4) the total repayment amount; (5) the term (or the
estimated term for sales-based financing) of the financing; (6)
periodic payment amounts; (7) prepayment charges; (8) all other fees
and charges not otherwise disclosed; and (9) any collateral
requirements or security interests. See Cal. S.B. 1235 (Sept. 30,
2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
Other States, including Virginia and Utah, have passed commercial
financing disclosure laws that do not require disclosure of the APR.
See Virginia H. 1027 (enacted Apr. 11, 2022), https://lis.virginia.gov/cgi-bin/legp604.exe?221+ful+CHAP0516; Utah S.B. 183
(enacted Mar. 24, 2022), https://le.utah.gov/~2022/bills/static/
SB0183.html.
---------------------------------------------------------------------------
Finally, trade credit is another significant market, which the
Bureau estimates to total $51 billion in outstanding balances in 2019.
The Bureau estimates the trade credit market size by adding the total
accounts payable for businesses under $1 million in annual
revenue.\137\ Considering the total value of accounts payable for
businesses between $1 million and $5 million would increase the market
size by $88 billion.\138\ Trade credit is an often informal, business-
to-business transaction, usually between non-financial firms whereby
suppliers allow their customers to acquire goods and/or services
without requiring immediate payment.
---------------------------------------------------------------------------
\137\ See Fundbox/PYMNTS.com, The Trade Credit Dilemma, at 11
(May 2019), https://www.pymnts.com/wp-content/uploads/2019/05/Trade-Credit-Dilemma-Report.pdf (estimating accounts payable for
businesses with revenue of under $250,000 at $6.7 billion and for
businesses with revenue of $250,000 to $999,000 at $44.6 billion).
\138\ Id. The trade credit market is estimated to total $1.6
trillion across all business sizes in the United States. In the
overall $1.4 trillion market size total for all small business
financing products, the CFPB has included only the trade credit
market for businesses of up to $1 million in revenue for consistency
with its White Paper.
---------------------------------------------------------------------------
The CFPB estimates that there were approximately 8,200 financial
institutions extending small business financing in 2019, almost 80
percent of which were depository institutions.\139\
---------------------------------------------------------------------------
\139\ This number has increased from 8,100 financial
institutions estimated in the NPRM for two reasons related to the
number of nondepository financial institutions participating in the
credit market for 5+ unit residential dwellings in 2019. First, the
CFPB revised its methodology for excluding depository institutions
from the total number of participants active in the credit market
for 5+ unit residential dwellings, as detailed below. Second, the
NPRM total for all financial institutions active in the small
business financing market included only those nondepository
financial institutions participating in the credit market for 5+
unit residential dwellings estimated to be covered by the proposed
rule rather than all those active in the market at all.
---------------------------------------------------------------------------
[[Page 35164]]
Based on FFIEC Call Report data for December 2019, the CFPB
estimates that about 5,100 banks and savings associations were active
in the small business lending market, out of a total of about 5,200
banks and savings associations.\140\ The CFPB assumes that a bank or
savings association is ``active'' in the market if it reports a
positive outstanding balance of small loans, lines of credit, and
credit cards to businesses.
---------------------------------------------------------------------------
\140\ Calculated from FFIEC Call Report data accessed on October
18, 2022. Although 2019 figures are used here for consistency across
types of lenders, consolidation among depository institutions has
continued since 2019. As of June 30, 2022, 4,692 commercial banks or
savings associations and 1,575 credit unions reported a positive
outstanding balance of small loans, lines of credit, and credit
cards to businesses. Calculated from FFIEC Call Report data accessed
on October 14, 2022.
---------------------------------------------------------------------------
Based on the NCUA Call Report data for December 2019, the CFPB
estimates that about 1,200 out of 5,300 total credit unions were active
in the small business lending market.\141\ The CFPB defines a credit
union as ``active'' in the market if it reported a positive number of
originations of loans, lines of credit, and credit cards to members for
commercial purposes in 2019.
---------------------------------------------------------------------------
\141\ Nat'l Credit Union Admin., 2019 Call Report Quarterly
Data, https://www.ncua.gov/analysis/credit-union-corporate-call-report-data/quarterly-data (last updated Mar. 8, 2023). (One hundred
twelve credit unions were not federally insured as of December 2019
but are included here as depository institutions. Calculated from
NCUA Call Report data accessed on June 8, 2021.) Although 2019
figures are used here for consistency across types of lenders,
consolidation among depository institutions has continued since
2019. As of June 30, 2022, 1,120 credit unions reported a positive
number of originations of loans, lines of credit, and credit cards
to members for commercial purposes during the first half of 2022.
This number was calculated from NCUA Call Report data accessed on
October 14, 2022.
---------------------------------------------------------------------------
The CFPB estimates that there were about 1,900 nondepository
institutions active in the small business financing market in
2019,\142\ accounting for around $550 billion in outstanding credit to
small businesses. This total number of nondepository institutions
includes approximately 300 commercial finance companies, 30 or more
online lenders, 340 nondepository CDFIs, 150 nondepository mortgage
lenders in the multifamily market, 100 merchant cash advance providers,
700-900 factors, at least 100 government lenders, and 72 Farm Credit
System institutions.
---------------------------------------------------------------------------
\142\ There may also be cooperative or nonprofit lenders as well
as equipment and vehicle finance dealers originating in their own
name that are not captured by the CFPB in these figures. For
example, by searching Uniform Commercial Code (UCC) filings, Manasa
Gopal and Philipp Schnabl identified 19 cooperative lenders that
originated at least 1,500 loans over the period from 2006 to 2016.
Manasa Gopal & Philipp Schnabl, The Rise of Finance Companies and
FinTech Lenders in Small Business Lending, N.Y.U. Stern Sch. of
Bus., at 18 (May 13, 2020), https://ssrn.com/abstract=3600068.
Additionally, these figures do not include trade creditors, which
are non-companies that extend credit by allowing customers a period
of time in which to pay and which are much greater in number since
the practice is widespread across the economy. This number has
increased from 1,800 financial institutions estimated in the NPRM
for two reasons related to the number of nondepository financial
institutions participating in the credit market for 5+ unit
residential dwellings in 2019. First, the CFPB revised its
methodology for excluding depository institutions from the total
number of participants active in the credit market for 5+ unit
residential dwellings, as detailed below. Second, the Notice of
Proposed Rulemaking total for all nondepository financial
institutions active in the small business financing market included
only those nondepository financial institutions participating in the
credit market for 5+ unit residential dwellings that were estimated
to be covered by the proposed rule rather than all those active in
the market at all.
---------------------------------------------------------------------------
The Bureau estimates that about 300 commercial finance companies
were engaged in small business lending in 2019.\143\ The Bureau also
estimates there to be about 30 or more online lenders that were active
in the small business lending market in 2019, not including merchant
cash advance providers.\144\
---------------------------------------------------------------------------
\143\ See id. By searching UCC filings, Manasa Gopal and Philipp
Schnabl identified almost 300 commercial finance companies,
including both independent and captive finance companies, with at
least 1,500 small business loans between 2006 and 2016. This figure
combines 192 independent finance companies with 95 captive finance
companies. Since this estimate captures only those commercial
finance companies averaging at least 150 loans per year over the
2006 to 2016 period, it may exclude smaller volume lenders and
should be considered conservative.
\144\ Id. Using the same methodology as for commercial finance
companies, Gopal and Schnabl identified 19 fintech companies. The
CFPB conservatively increases this estimate to 30 to account for
rapid growth in the industry from 2016 to 2019. Since this estimate
captures only those fintechs averaging at least 150 loans per year
over the 2006 to 2016 period, it may exclude smaller volume lenders
and should be considered conservative. On the other hand, since
2019, the COVID-19 economic shock may have led to some fintechs
scaling back or exiting the small business financing market. See,
e.g., Ingrid Lunden, Amex Acquires SoftBank-backed Kabbage After
Tough 2020 for the SMB Lender, TechCrunch (Aug. 17, 2020), https://techcrunch.com/2020/08/17/amex-acquires-softbank-backed-kabbage-after-tough-2020-for-the-smb-lender/ (noting that Kabbage
temporarily shut down credit lines to small businesses during April
2020 and then spun off its small business loan portfolio when it was
subsequently acquired by American Express).
---------------------------------------------------------------------------
The Bureau estimates that 340 nondepository CDFIs were engaged in
small business lending in 2019. Both depository and nondepository
institutions can be CDFIs. Depository CDFIs are counted in the numbers
of banks, savings associations, and credit unions engaged in small
business lending. According to the CDFI Fund, 487 nondepository funds
(i.e., loan funds and venture capital funds) reported as CDFIs in
2019.\145\ Of these, 340 institutions reported that business finance or
commercial real estate finance were a primary or secondary line of
business in 2019.\146\
---------------------------------------------------------------------------
\145\ CDFI Fund, CDFI Annual Certification and Data Collection
Report (ACR): A Snapshot for Fiscal Year 2019, at 8 (Oct. 2020),
https://www.cdfifund.gov/sites/cdfi/files/2021-01/ACR-Public-Report-Final-10292020-508Compliant.pdf.
\146\ Id. at 15-16.
---------------------------------------------------------------------------
The Bureau estimates that about 150 nondepository mortgage lenders
participated in the credit market for 5+ unit residential dwellings in
2019.\147\ In its 2019 Multifamily Lending Report, the Mortgage Bankers
Association lists annual multifamily lending volumes by institution,
including a distinction for loans of under $1 million in value at
origination.\148\ Using the same small loan to business proxy as is
used in the FFIEC Call Report, the Bureau estimates the number of
nondepository mortgage lenders by counting the number of institutions
that appear on this list that are not depository institutions and that
extended at least two loans in 2019.\149\
---------------------------------------------------------------------------
\147\ Nondepository lenders providing financing for commercial
real estate transactions besides 5+ unit residential dwellings are
not separately captured here but often overlap with those lenders
providing financing for 5+ unit residential dwellings. See Com.
Prop. Exec., Top 20 Commercial Mortgage Banking and Brokerage Firms
of 2022 (Jan. 3, 2022), https://www.commercialsearch.com/news/top-20-commercial-mortgage-banking-and-brokerage-firms-of-2022/ (listing
top commercial real estate lenders and identifying sectors financed
by lender).
\148\ See Mortg. Bankers Ass'n, Annual Report on Multi-Family
Lending--2019, at 9-66 (2020), https://www.mba.org/store/products/research/general/report/2019-annual-report-on-multifamily-lending.
In the Notice of Proposed Rulemaking, the CFPB had estimated
nondepository financial institutions participating in the credit
market for 5+ unit residential dwellings by excluding financial
institutions included in the above-cited report with the word
``bank'' or ``credit union'' in the institution name and further
manually removing around ten more institutions that appeared to be
depository institutions at first glance. To improve accuracy, for
the Final Rule the CFPB has manually coded all 2,588 institutions in
the above-cited report to exclude any institutions that are banks,
savings associations, credit unions, or farm credit associations but
which do not have the word ``bank'' or ``credit union'' in the
institution name as recorded in the report. As a result, the total
number of nondepository financial institutions active in this market
fell from 270 to 150.
\149\ The CFPB counts institutions extending at least two loans
of any size in order to estimate institutions extending at least one
small loan, based on the assumption that some 50 percent of these
loans may have been for values greater than $1 million.
---------------------------------------------------------------------------
Data from UCC filings indicates that about 100 institutions were
active in the market for providing merchant cash advances to small
businesses in 2021.\150\
---------------------------------------------------------------------------
\150\ deBanked, UCC-1 and UCC-3 Filings by Merchant Cash Advance
Companies & Alternative Business Lenders, https://debanked.com/merchant-cash-advance-resource/merchant-cash-advance-ucc/ (last
visited Mar. 20, 2023).
---------------------------------------------------------------------------
[[Page 35165]]
The Bureau estimates the number of factors in 2019 to be between
700-900 and assumes that most factors were providing financing to small
business.\151\
---------------------------------------------------------------------------
\151\ See Secured Fin. Found., 2019 Secured Finance: Market
Sizing & Impact Study Extract Report, at 15 (June 2019), https://www.sfnet.com/docs/default-source/data-files-and-research-documents/sfnet_market_sizing___impact_study_extract_f.pdf?sfvrsn=72eb7333_2
(estimating the number of factors at between 700 and 900).
---------------------------------------------------------------------------
Finally, many government agencies and government-sponsored
enterprises provide or facilitate a significant proportion of small
business credit. As the flagship government lender, the SBA managed in
2019 a portfolio of over $140 billion in loans to small businesses, to
which it added over $1 trillion in loans extended as part of the COVID-
19 emergency lending programs. (As noted above, over $740 billion in
Paycheck Protection Program loans had been forgiven as of July 2022,
bringing SBA outstanding loan balances back down.\152\) Across Federal,
State, and municipal governments, the Bureau estimates that there are
likely over 100 government small business lending programs.\153\
Additionally, the Farm Credit System reports that, as of December 2019,
the Farm Credit System contained a total of 72 banks and
associations.\154\ All of these Farm Credit System institutions were
engaged in lending to small farms in 2019.\155\
---------------------------------------------------------------------------
\152\ Pandemic Response Accountability Comm., Paycheck
Protection Program: Loan Forgiveness by the Numbers (July 2022),
https://www.pandemicoversight.gov/media/file/ppp-loan-forgiveness-fact-sheet-july-2022-updatepdf.
\153\ In addition to several Federal small business lending
programs, States and major municipalities also often have one or
more programs of their own. One State and one municipal program in
each State would already total 100 government lending programs
across Federal, State, and municipal governments.
\154\ Fed. Farm Credit Banks Funding Corp., Farm Credit 2019
Annual Information Statement of the Farm Credit System, at 7 (Feb.
28, 2020), https://www.farmcreditfunding.com/ffcb_live/serve/public/pressre/finin/report.pdf?assetId=395570. The CFPB notes that Farm
Credit System banks do not report FFIEC Call Reports and are thus
not counted in the number of banks and savings associations
discussed above.
\155\ Calculated from Young, Beginning, and Small Farmer Report
data accessed on June 17, 2022, https://reports.fca.gov/CRS/search-institution.aspx.
---------------------------------------------------------------------------
E. Challenges for Women-Owned, Minority-Owned, and LGBTQI+-Owned Small
Businesses
Within the context of small business financing, women-owned,
minority-owned, and LGBTQI+-owned small businesses often face
relatively challenges than their counterparts to obtain credit. In line
with congressional purpose, information collected about these
businesses may provide opportunities for community development lending,
and the information collected may be particularly important to support
fair lending analysis and enforcement.
Women-owned, minority-owned, and LGBTQI+-owned small businesses
have smaller cash reserves on average, leaving them less able to
weather credit crunches. For example, in February 2021, 39 percent of
women-owned businesses had one month or less in cash reserves, compared
with 29 percent of men-owned firms.\156\ And in around 90 percent of
majority Black and Hispanic communities, most businesses have fewer
than 14 days of cash buffer, while this is true of only 35 percent of
majority white communities.\157\ As a result, many small businesses,
especially those owned by women, minorities, and LGBTQI+ individuals,
may have a greater need for financing in general and particularly
during economic downturns.
---------------------------------------------------------------------------
\156\ Eric Groves, Cash Strapped SMBs, While 75% Of PPP Is Still
Available, Alignable (Feb. 9, 2021), https://www.alignable.com/forum/alignable-road-to-recovery-report-february-2021.
\157\ JPMorgan Chase Inst., Place Matters: Small Business
Financial Health in Urban Communities, at 5 (Sept. 2019), https://www.jpmorganchase.com/content/dam/jpmc/jpmorgan-chase-and-co/institute/pdf/institute-place-matters.pdf. See also Diana Farrell et
al., JP Morgan Chase Inst., Small Business Owner Race, Liquidity,
and Survival, at 5 (July 2020), https://www.jpmorganchase.com/content/dam/jpmc/jpmorgan-chase-and-co/institute/pdf/institute-small-business-owner-race-report.pdf (finding in a sample of firms
founded in 2013 and 2014 that after one year in business white-owned
firms had on average 19 cash buffer days compared to 14 for
Hispanic-owned firms and 12 for Black-owned firms).
---------------------------------------------------------------------------
Policy responses to support small businesses in economic downturns
may struggle to reach small businesses owned by women, minorities, and
LGBTQI+ individuals. For example, although LGBTQI+-owned small
businesses were more likely to apply for Paycheck Protection Program
loans, they were less likely to receive all of the funds that they
applied for, and more likely to have gotten none of the funding they
applied for.\158\
---------------------------------------------------------------------------
\158\ Spencer Watson et al., LGBTQ-Owned Small Businesses in
2021, Ctr. for LGBTQ Econ. Advancement & Rsch. and Movement
Advancement Project, at 8 (July 2022), https://www.lgbtmap.org/file/LGBTQ-Small-Businesses-in-2021.pdf (using data from the Federal
Reserve's Small Business Credit Survey, which began collecting
demographic data on LGBTQ small business ownership in 2021).
---------------------------------------------------------------------------
Established relationships between applicants and lenders were often
critical to approvals in the earliest period of Paycheck Protection
Program underwriting; \159\ many minority-owned \160\ and women-owned
\161\ businesses did not have such relationships. Minority borrowers
with limited English proficiency may also have faced difficulties
overcoming language barriers,\162\ particularly during the first round
of the Paycheck Protection Program in April 2020 when application
materials had not yet been translated from English.\163\ Further, many
minority-owned and women-owned firms are sole proprietorships and
independent contractors, both of which received delayed access to
Paycheck Protection Program loans.\164\
---------------------------------------------------------------------------
\159\ Sara Savat, Who you know matters, even when applying for
PPP loans, The Source, Newsroom, Wash. Univ. in St. Louis (Feb. 15,
2021), https://source.wustl.edu/2021/02/who-you-know-matters-even-when-applying-for-ppp-loans/ (previous lender relationship increased
likelihood of obtaining a Paycheck Protection Program loan by 57
percent). See generally 86 FR 7271, 7280 (Jan. 27, 2021) (noting
that many lenders restricted access to Paycheck Protection Program
loans to existing customers, which may run a risk of violating ECOA
and Regulation B).
\160\ Claire Kramer Mills, Fed. Rsrv. Bank of N.Y., Double
Jeopardy: COVID-19's Concentrated Health and Wealth Effects in Black
Communities, at 6 (Aug. 2020), https://www.newyorkfed.org/medialibrary/media/smallbusiness/DoubleJeopardy_COVID19andBlackOwnedBusinesses (arguing that a lack
of strong banking relationships among Black-owned firms may have led
to relatively lower rates of access to Paycheck Protection Program
loans for such firms); Fed. Rsrv. Banks, Small Business Credit
Survey: 2021 Report on Firms Owned by People of Color, at ii (Apr.
15, 2021), https://www.fedsmallbusiness.org/survey/2021/2021-report-on-firms-owned-by-people-of-color (Small Business Credit Survey of
Firms Owned by People of Color) (finding that ``firms owned by
people of color tend to have weaker banking relationships'').
\161\ Cf. Mariel Padilla, `I feel like I'm drowning': Women
Business Owners Keep Hitting New Barriers to Federal Loan Aid, 19th
(Apr. 23, 2021), https://19thnews.org/2021/04/women-small-businesses-loan/ (stating that historically higher rates of loan
denials for women of color than for white men result in less
established banking relationships and thereby reduced access to
Federal support disbursed through banks).
\162\ See Emily Ryder Perlmeter, Fed. Rsrv. Bank of Dallas, How
PPP Loans Eluded Small Businesses of Color (Nov. 29, 2021), https://www.dallasfed.org/cd/communities/2021/1129 (detailing language
barriers among small business owners of color seeking Paycheck
Protection Program loans, particularly Hispanic and Asian owners who
were not fluent in English).
\163\ See Press Release, Rep. Judy Chu, House Dems Urge SBA to
Translate Resources into 10 Most Common Languages (Apr. 9, 2020),
https://chu.house.gov/media-center/press-releases/house-dems-urge-sba-translate-resources-10-most-common-languages.
\164\ Greg Iacurci, Coronavirus loan program delayed for
independent contractors and self-employed workers, CNBC (Apr. 3,
2020), https://www.cnbc.com/2020/04/03/delays-in-sba-loans-for-independent-contractors-self-employed-workers.html; see also Mariel
Padilla, `I feel like I'm drowning': Women Business Owners Keep
Hitting New Barriers to Federal Loan Aid, 19th (Apr. 23, 2021),
https://19thnews.org/2021/04/women-small-businesses-loan/ (stating
that non-employer businesses affected by restrictions on sole
proprietor and independent contractor access to Paycheck Protection
Program loans are disproportionately owned by women and minorities).
---------------------------------------------------------------------------
[[Page 35166]]
Applicants whose owners belong to protected categories may have
received different program outcomes when applying for Paycheck
Protection Program loans, although limitations in demographic
information for Paycheck Protection Program loans have hindered fair
lending analyses.\165\ Even for such firms that did obtaining Paycheck
Protection Program loans, they may have faced different outcomes with
respect to loan forgiveness.\166\
---------------------------------------------------------------------------
\165\ Rocio Sanchez-Moyano, Fed. Rsrv. Bank of S.F., Paycheck
Protection Program Lending in the Twelfth Federal Reserve District
(Mar. 3, 2021), https://www.frbsf.org/community-development/publications/community-development-research-briefs/2021/february/ppp-lending-12th-district/ (citing matched-pair audit studies that
found discouragement and provision of incomplete information for
minority business owners seeking Paycheck Protection Program loans);
86 FR 7271, 7280 (Jan. 27, 2021) (noting that facially neutral
Paycheck Protection Program policies such as limiting loans to
businesses with pre-existing relationships may run a risk of
violating ECOA and Regulation B due to a disproportionate impact on
a prohibited basis).
\166\ For example, Black-owned firms applied to fintechs for
Paycheck Protection Program loans at a high rate and certain
fintechs or banks that partnered with fintechs have also had a high
rate of unforgiven Paycheck Protection Program loans. See Max Reyes,
Bank Behind Fintech's Rise Reels in Billions in Pandemic's Wake,
Bloomberg (Aug. 22, 2022), https://www.bloomberg.com/news/articles/2022-08-21/bank-behind-fintech-s-rise-reels-in-billions-in-pandemic-s-wake (reporting that, as of July 2021, the share of unforgiven
Paycheck Protection Program loans at Kabbage, a fintech, and at
Cross River, a bank that partnered with fintechs, was 34 percent and
16 percent, respectively); Who Benefited from PPP Loans (showing
that Black-owned firms applied to fintechs at higher rates than
other firms).
---------------------------------------------------------------------------
As demonstrated by the impact of the COVID-19 pandemic on small
businesses, small business lending data are essential to better
understand the small business financing landscape to maintain and
expand support for this key part of the U.S. economy.
F. The Purposes and Impact of Section 1071
The Dodd-Frank Act sets forth the Bureau's purposes and mission. It
provides that a key component of the Bureau's fair lending work is to
ensure fair, equitable, and nondiscriminatory access to credit for both
individuals and their communities.\167\ And in passing section 1071,
Congress articulated two purposes for requiring the Bureau to collect
data on small business credit applications and loans--to ``facilitate
enforcement of fair lending laws'' and to ``enable communities,
governmental entities, and creditors to identify business and community
development needs and opportunities of women-owned, minority-owned, and
small businesses.'' \168\ Although the Dodd-Frank Act does not further
explain or clarify these dual statutory purposes, other Federal laws
shed light on both purposes. That is, a set of existing Federal laws
form the backdrop for the use of small business lending data collected
and reported pursuant to section 1071 to facilitate the enforcement of
fair lending laws, and to identify business and community development
needs and opportunities across the United States.
---------------------------------------------------------------------------
\167\ See 12 U.S.C. 5493(c)(2)(A) (directing the Office of Fair
Lending and Equal Opportunity to provide ``oversight and enforcement
of Federal laws intended to ensure the fair, equitable, and
nondiscriminatory access to credit for both individuals and
communities that are enforced by the Bureau,'' including ECOA and
the Home Mortgage Disclosure Act).
\168\ ECOA section 704B(a).
---------------------------------------------------------------------------
1. Facilitating Enforcement of Fair Lending Laws
Congress intended for section 1071 to ``facilitate enforcement of
fair lending laws,'' \169\ which include ECOA, the Home Mortgage
Disclosure Act of 1975 (HMDA),\170\ the Fair Housing Act,\171\ and
other Federal and State anti-discrimination laws.
---------------------------------------------------------------------------
\169\ Id.
\170\ 12 U.S.C. 2801 et seq.
\171\ 42 U.S.C. 3601 through 3619.
---------------------------------------------------------------------------
i. Equal Credit Opportunity Act (ECOA)
ECOA, which is implemented by Regulation B, applies to all
creditors. Congress first enacted ECOA in 1974 to require financial
institutions and other firms engaged in the extension of credit to
``make credit equally available to all creditworthy customers without
regard to sex or marital status.'' \172\ Two years later, Congress
expanded ECOA's scope to include age, race, color, religion, national
origin, receipt of public assistance benefits, and exercise of rights
under the Federal Consumer Credit Protection Act.\173\
---------------------------------------------------------------------------
\172\ Public Law 93-495, tit. V, section 502, 88 Stat. 1500,
1521 (1974).
\173\ See Equal Credit Opportunity Act Amendments of 1976,
Public Law 94-239, section 701(a), 90 Stat. 251, 251 (1976).
---------------------------------------------------------------------------
ECOA makes it unlawful for any creditor to discriminate against any
applicant with respect to any aspect of a credit transaction (1) on the
basis of race, color, religion, national origin, sex (including sexual
orientation, gender identity, and sex characteristics),\174\ marital
status, or age (provided the applicant has the capacity to contract);
(2) because all or part of the applicant's income derives from any
public assistance program; or (3) because the applicant has in good
faith exercised any right under the Federal Consumer Credit Protection
Act.\175\
---------------------------------------------------------------------------
\174\ In March 2021, the CFPB issued an interpretive rule
clarifying that the scope of ECOA's and Regulation B's prohibition
on credit discrimination on the basis of sex encompasses
discrimination based on sexual orientation and gender identity,
including discrimination based on actual or perceived nonconformity
with sex-based or gender-based stereotypes and discrimination based
on an applicant's associations. 86 FR 14363 (Mar. 16, 2021). See
also Press Release, CFPB, CFPB Clarifies That Discrimination by
Lenders on the Basis of Sexual Orientation and Gender Identity Is
Illegal (Mar. 9, 2021), https://www.consumerfinance.gov/about-us/newsroom/cfpb-clarifies-discrimination-by-lenders-on-basis-of-sexual-orientation-and-gender-identity-is-illegal/. The interpretive
rule states that an example of discriminatory sex-based or gender-
based stereotyping occurs if a small business lender discourages a
small business owner appearing at its office from applying for a
business loan and tells the prospective applicant to go home and
change because, in the view of the creditor, the small business
customer's attire does not accord with the customer's gender. 86 FR
14363, 14365 (Mar. 16, 2021). As discussed further in the section-
by-section analysis of Sec. 1002.102(k) and (l), regarding the
definitions of LGBTQI+ individual and LGBTQI+-owned business,
respectively, the CFPB interprets ECOA's and Regulation B's
prohibitions on the basis of sex to also include sex
characteristics, including intersex traits.
\175\ 15 U.S.C. 1601 et seq.
---------------------------------------------------------------------------
Multiple Federal regulators can enforce ECOA and Regulation B and
apply various penalties for violations. The enforcement provisions and
penalties for those who violate ECOA and Regulation B are set forth in
15 U.S.C. 1691e(b) and 12 CFR 1002.16. Violations may also result in
civil money penalties, which are governed by 12 U.S.C. 5565(c)(3). The
CFPB and multiple other Federal regulators have the statutory authority
to bring actions to enforce the requirements of ECOA.\176\ These
regulators have the authority to engage in research, conduct
investigations, file administrative complaints, hold hearings, and
adjudicate claims through the administrative enforcement process
regarding ECOA. Regulators also have independent litigation authority
and can file cases in Federal court alleging violations of fair lending
laws under their jurisdiction. Like other Federal regulators who are
assigned enforcement authority under section 704 of ECOA, the CFPB is
required to refer matters to the Department of Justice (DOJ) when it
has reason to believe that a creditor has engaged in a pattern or
practice of lending
[[Page 35167]]
discrimination.\177\ Private parties may also bring claims under the
civil enforcement provisions of ECOA, including individual and class
action claims against creditors for actual and punitive damages for any
violation of ECOA.\178\
---------------------------------------------------------------------------
\176\ These regulators include the OCC, the Board, the FDIC, the
NCUA, the Surface Transportation Board, the Civil Aeronautics Board,
the Secretary of Agriculture, the Farm Credit Administration, the
Securities and Exchange Commission, the SBA, the Secretary of
Transportation, the CFPB, and the FTC. See 15 U.S.C. 1691c;
Regulation B Sec. 1002.16(a). Motor vehicle dealers are subject to
the Board's Regulation B (12 CFR part 202); the CFPB's rules,
including this rule to implement section 1071, generally do not
apply to motor vehicle dealers, as defined in section 1029(f)(2) of
the Dodd-Frank Act, that are predominantly engaged in the sale and
servicing of motor vehicles, the leasing and servicing of motor
vehicles, or both. 12 U.S.C. 5519.
\177\ See 15 U.S.C. 1691e(h).
\178\ 15 U.S.C. 1691e(a); Regulation B Sec. 1002.16(b)(1).
---------------------------------------------------------------------------
ii. Home Mortgage Disclosure Act (HMDA)
HMDA, implemented by the CFPB's Regulation C (12 CFR part 1003),
requires lenders who meet certain coverage tests to report detailed
information to their Federal supervisory agencies about mortgage
applications and loans at the transaction level. These reported data
are a valuable resource for regulators, researchers, economists,
industry, and advocates assessing housing needs, public investment, and
possible discrimination as well as studying and analyzing trends in the
mortgage market for a variety of purposes, including general market and
economic monitoring. There is potential overlap between what is
required to be reported under HMDA and what is covered by section 1071
for certain mortgage applications and loans for women-owned, minority-
owned, and small businesses.
A violation of HMDA and Regulation C is subject to administrative
sanctions, including civil money penalties. Compliance is enforced by
the CFPB, the U.S. Department of Housing and Urban Development (HUD),
the FDIC, the Board, the National Credit Union Administration (NCUA),
or the Office of the Comptroller of Currency (OCC). These regulators
have the statutory authority to bring actions to enforce the
requirements of HMDA and to engage in research, conduct investigations,
file administrative complaints, hold hearings, and adjudicate claims
through the administrative enforcement process regarding HMDA.
iii. Fair Housing Act
Title VIII of the Civil Rights Act of 1968, as amended (Fair
Housing Act), prohibits discrimination in the sale, rental, or
financing of dwellings and in other housing-related activities because
of race, color, religion, sex (including sexual orientation and gender
identity),\179\ disability,\180\ familial status, or national
origin.\181\ The Fair Housing Act \182\ and its implementing
regulations specifically prohibit discrimination in the making of
loans,\183\ the purchasing of loans,\184\ and in setting the terms and
conditions for making loans available,\185\ without reference to
consumers, legal entities, or the purpose of the loan being made,
although these prohibitions relate exclusively to dwellings.\186\
---------------------------------------------------------------------------
\179\ See U.S. Dep't of Hous. & Urban Dev., Implementation of
Executive Order 13988 on the Enforcement of the Fair Housing Act
(Feb. 11, 2021), https://www.hud.gov/sites/dfiles/PA/documents/HUD_Memo_EO13988.pdf.
\180\ The CFPB uses the term ``disability'' to refer to what the
Fair Housing Act and its implementing regulations describe as a
``handicap'' because that is the preferred term. See, e.g., Hunt v.
Aimco Props., L.P., 814 F.3d 1213, 1218 n.1 (11th Cir. 2016) (noting
the term disability is generally preferred over handicap).
\181\ 42 U.S.C. 3601 through 3619, 3631.
\182\ 42 U.S.C. 3605(b) (noting that for purposes of 3605(a), a
``residential real estate-related transaction'' includes the making
or purchasing of loans or providing other financial assistance for
purchasing, constructing, improving, repairing, or maintaining a
dwelling, or transactions secured by residential real estate).
\183\ 24 CFR 100.120.
\184\ 24 CFR 100.125.
\185\ 24 CFR 100.130.
\186\ A ``dwelling,'' as defined by the Fair Housing Act, is any
building, structure, or portion thereof which is occupied as, or
designed or intended for occupancy as, a residence by one or more
families, and any vacant land which is offered for sale or lease for
the construction or location thereon of any such building,
structure, or portion thereof. 42 U.S.C. 3602(b).
---------------------------------------------------------------------------
The DOJ and HUD are jointly responsible for enforcing the Fair
Housing Act. The Fair Housing Act authorizes the HUD Secretary to issue
a Charge of Discrimination on behalf of aggrieved persons following an
investigation and a determination that reasonable cause exists to
believe that a discriminatory housing practice has occurred.\187\ The
DOJ may bring lawsuits where there is reason to believe that a person
or entity is engaged in a ``pattern or practice'' of discrimination or
where a denial of rights to a group of persons raises an issue of
general public importance,\188\ or where a housing discrimination
complaint has been investigated by HUD, HUD has issued a Charge of
Discrimination, and one of the parties to the case has ``elected'' to
go to Federal court.\189\ In Fair Housing Act cases, HUD and the DOJ
can obtain injunctive relief, including affirmative requirements for
training and policy changes, monetary damages and, in pattern or
practice cases, civil penalties.\190\
---------------------------------------------------------------------------
\187\ 42 U.S.C. 3610(g)(1) and (2).
\188\ See 42 U.S.C. 3614(a).
\189\ 42 U.S.C. 3612(o)(1).
\190\ See 42 U.S.C. 3612, 3614.
---------------------------------------------------------------------------
Upon receipt of a complaint alleging facts that may constitute a
violation of the Fair Housing Act or upon receipt of information from a
consumer compliance examination or other source suggesting a violation
of the Fair Housing Act, Federal executive agencies forward such facts
or information to HUD and, where such facts or information indicate a
possible pattern or practice of discrimination in violation of the Fair
Housing Act, to the DOJ.\191\ Private parties may also bring claims
under the civil enforcement provisions of the Fair Housing Act.\192\
---------------------------------------------------------------------------
\191\ 59 FR 2939, 2939 (Jan. 17, 1994).
\192\ See 42 U.S.C. 3613.
---------------------------------------------------------------------------
iv. Other Fair Lending Laws
Several other Federal statutes seek to promote fair lending. The
CRA affirmatively encourages institutions to help to meet the credit
needs of the entire community served by each institution covered by the
statute, and CRA ratings take into account lending discrimination by
those institutions.\193\ (See part II.F.2.i below for additional
discussion of the CRA.) The Americans with Disabilities Act of 1990
prohibits discrimination against persons with disabilities in the
provision of goods and services, including credit services.\194\
Sections 1981 \195\ and 1982 \196\ of the Federal Civil Rights Acts are
broad anti-discrimination laws that have been applied to many aspects
of credit transactions.\197\
---------------------------------------------------------------------------
\193\ See 12 U.S.C. 2901 et seq.
\194\ See 42 U.S.C. 12101 et seq.
\195\ 42 U.S.C. 1981(a).
\196\ 42 U.S.C. 1982.
\197\ See, e.g., Juarez v. Soc. Fin., Inc., No. 20-CV-03386-HSG,
2021 WL 1375868, at *7 (N.D. Cal. Apr. 12, 2021) (denying motion to
dismiss section 1981 claim and finding that ``the ECOA was not
intended to limit any of the broad protections afforded by Sec.
1981''); Perez v. Wells Fargo & Co., No. 17-CV-00454-MMC, 2017 WL
3314797, at *3 (N.D. Cal. Aug. 3, 2017) (denying motion to dismiss
for section 1981 claim and rejecting contention that ECOA superseded
section 1981, noting that, although ECOA was a more specific
statute, ECOA did not conflict with the section 1981 claims because
``[a] creditor can comply with Sec. 1981 and the ECOA by not
discriminating on the basis of any of the categories listed in the
two statutes''); Jackson v. Novastar Mortg., Inc., 645 F. Supp. 2d
636 (W.D. Tenn. 2007) (motion to dismiss claim that defendants
violated sections 1981 and 1982 by racial targeting and by offering
credit on less favorable terms on the basis of race denied); Johnson
v. Equicredit Corp., No. 01-CIV-5197, 2002 U.S. Dist. LEXIS 4817
(N.D. Ill. Mar. 22, 2002) (predatory lending/reverse redlining case
brought pursuant to section 1981); Hargraves v. Cap. City Mortg.
Corp., 140 F. Supp. 2d 7 (D.D.C. 2000) (predatory lending/reverse
redlining case brought under both sections 1981 and 1982),
reconsideration granted in part, denied in part, 147 F. Supp. 2d 1
(D.D.C. 2001) (section 1981 claim dismissed for lack of standing,
but not section 1982 claim); Doane v. Nat'l Westminster Bank USA,
938 F. Supp. 149 (E.D.N.Y. 1996) (mortgage redlining case brought
under sections 1981 and 1982); Fairman v. Schaumberg Toyota, Inc.,
No. 94-CIV-5745, 1996 U.S. Dist. LEXIS 9669 (N.D. Ill. July 10,
1996) (section 1981 suit over allegedly predatory credit scheme
targeting African Americans and Hispanics); Steptoe v. Sav. of Am.,
800 F. Supp. 1542 (N.D. Ohio 1992) (mortgage redlining case brought
under sections 1981 and 1982 and the Fair Housing Act); Evans v.
First Fed. Sav. Bank of Ind., 669 F. Supp. 915 (N.D. Ind. 1987)
(section 1982 can be used in mortgage lending discrimination case);
Assocs. Home Equity Servs. v. Troup, 778 A.2d 529 (N.J. 2001)
(predatory lending/reverse redlining case brought pursuant to
section 1981).
---------------------------------------------------------------------------
[[Page 35168]]
Many States and municipalities have also enacted fair lending, fair
housing, and/or civil rights laws (often modeled on their Federal
counterparts) that broadly prohibit credit discrimination, including
protections for business credit.\198\
---------------------------------------------------------------------------
\198\ See, e.g., Cal. Civ. Code 51 and 51.5 and Cal. Gov't Code
12955; Colo. Rev. Stat. 24-34-501(3) and 5-3-210; Conn. Gen. Stat.
46a-81e, 46a-81f, and 46a-98; Del. Code Ann. tit. 6, 4604; D.C. Code
2-1402.21; Haw. Rev. Stat. 515-3 and 515-5; 775 Ill. Comp. Stat. 5/
1-102, 5/1-103, 5/4-102, 5/3-102, and 5/4-103; Iowa Code 216.8A and
216.10; Me. Rev. Stat. tit. 5, 4553(5-C) and (9-C), 4595 to 4598,
and 4581 to 4583; Md. Code Ann. State Gov't 20-705, 20-707, and 20-
1103; Mass. Gen. Laws ch. 151B, 4(3B), (14); Minn. Stat. 363A.03
(Subd. 44), 363A.09(3), 363A.16 (Subds. 1 and 3), and 363A.17; N.H.
Rev. Stat. Ann. 354-A:10; N.J. Stat. Ann. 10:5-12(i); N.M. Stat.
Ann. 28-1-7; N.Y. Civ. Rights Law 40-c(2); N.Y. Exec. Law 296-A; Or.
Rev. Stat. 174.100(7) and 659A.421; R.I. Gen. Laws 34-37-4(a)
through (c), 34-37-4.3, and 34-37-5.4; Va. Code Ann. 6.2-501(B)(1),
15.2-853, and 15.2-965; Vt. Stat. Ann. tit. 8, 10403 and tit. 9,
2362, 2410, and 4503(a)(6); Wash. Rev. Code 49.60.030, 49.60.040
(14), (26), and (27), 49.60.175, and 49.60.222; Wis. Stat. 106.50
and 224.77. There are also a number of municipalities that have
enacted credit discrimination ordinances. See, e.g., Austin City
Code 5-1-1 et seq.; N.Y.C. Admin. Code 8-101 and 8-107 et seq.; S.F.
Police Code 3304(a) et seq.
---------------------------------------------------------------------------
v. Facilitating Enforcement
To achieve the congressionally mandated purpose of facilitating
enforcement of fair lending laws, the Bureau must collect and make
available sufficient data to help the public and regulators identify
potentially discriminatory lending patterns that could constitute
violations of fair lending laws. Financial regulators and enforcement
agencies need a consistent and comprehensive dataset for all financial
institutions subject to reporting in order to also use these data in
their prioritization, peer analysis, redlining reviews, and screening
processes to select institutions for monitoring, examination, or
investigation. Data collected pursuant to section 1071 will facilitate
more efficient fair lending examinations. For example, regulators will
be able to use pricing and other data to prioritize fair lending
examinations--without such data, some financial institutions might face
unnecessary examination burden while others whose practices warrant
closer review may not receive sufficient scrutiny.
Moreover, as discussed in part V below, the Bureau believes
specific aspects of the rule offer particular benefits for the
enforcement of fair lending laws. For example, the inclusion of pricing
data such as interest rate and fees will provide information on
disparities in pricing outcomes, and data such as gross annual revenue,
denial reasons, and time in business will enable a more refined
analysis and understanding of disparities in both underwriting and
pricing outcomes. While these data alone generally will not establish
compliance with fair lending laws, regulators, community groups,
researchers, and financial institutions will be able to use the data to
identify potential disparities in small business lending based on
disaggregated categories of race and ethnicity. Overall, the data
collected and reported under the rule will allow, for the first time,
for comprehensive and market-wide fair lending risk analysis that
enables a better understanding of disparities in both underwriting and
pricing outcomes.
2. Identifying Business and Community Development Needs and
Opportunities
The second congressionally mandated purpose of section 1071 is to
enable communities, governmental entities, and creditors to identify
business and community development needs and opportunities of women-
owned, minority-owned, and small businesses.\199\ While section 1071
does not expressly define the phrase ``business and community
development needs,'' other Federal statutes and regulations, including
the CRA and the Riegle Community Development and Regulatory Improvement
Act of 1994,\200\ reference or define the phrases ``business
development'' and ``community development'' and can help explain what
it means to enable communities, governmental entities, and creditors to
``identify business and community development needs and
opportunities.''
---------------------------------------------------------------------------
\199\ ECOA section 704B(a).
\200\ Public Law 103-325, tit. I, section 102, 108 Stat. 2160,
2163 (1994) (12 U.S.C. 4701 through 4719).
---------------------------------------------------------------------------
The Bureau believes, based on its consideration of these other
Federal statutes and regulations, that its rule implementing section
1071 will provide more data to the public--including communities,
governmental entities, and creditors--for analyzing whether financial
institutions are serving the credit needs of their small business
customers. In addition, with data provided under this rule, the public
will be better able to understand access to and sources of credit in
particular communities or industries, such as a higher concentration of
risky loan products in a given community, and to identify the emergence
of new loan products, participants, or underwriting practices. The data
will not only assist in identifying potentially discriminatory
practices, but will contribute to a better understanding of the
experiences that members within certain communities may share in the
small business financing market.
Increased transparency about application and lending practices
across different communities will improve credit outcomes, and thus
community and business development. Lenders will be able to better
understand small business lending market conditions and determine how
best to provide credit to borrowers, where currently they cannot
conduct very granular or comprehensive analyses because the data on
small business lending are limited. As reduced uncertainty helps
lenders to identify potentially profitable opportunities to extend
responsible and affordable credit, small businesses stand to benefit
from increased credit availability. Transparency will also allow small
business owners to more easily compare credit terms and evaluate credit
alternatives; without these data, small business owners are limited in
their ability to shop for the credit product that best suits their
needs at the best price.
i. Community Reinvestment Act (CRA)
The CRA, a part of the Housing and Community Development Act, was
passed by Congress in 1977, which found that ``regulated financial
institutions have continuing and affirmative obligation to help meet
the credit needs of the local communities in which they are
chartered.'' \201\ As such, one of the statutory purposes of the CRA is
to encourage such institutions to help meet the credit needs of the
local communities in which they are chartered consistent with the safe
and sound operation of such institutions.\202\
---------------------------------------------------------------------------
\201\ 12 U.S.C. 2901(a)(3).
\202\ 12 U.S.C. 2901(b).
---------------------------------------------------------------------------
The legislative history for the CRA suggests that the concerns
motivating its passage included certain practices by banks including
redlining (i.e., declining to extend credit in neighborhoods populated
by ethnic or racial minorities) \203\ and community disinvestment
(i.e., taking deposits from lower-income areas, often populated by
ethnic or racial minorities, without
[[Page 35169]]
extending credit or banking services to residents of those areas).\204\
The CRA requires the ``appropriate Federal financial supervisory
agency'' of a given depository institution to ``prepare a written
evaluation of the institution's record of meeting the credit needs of
its entire community, including low- and moderate-income
neighborhoods.'' \205\ These requirements were first implemented by a
1978 rulemaking,\206\ and were amended in 1995 \207\ and 2005.\208\
These rulemakings, adopted by each of the agencies responsible for
ensuring compliance with the CRA, established specific performance
measures,\209\ requiring banks to disclose information about their
efforts to meet community credit needs via small business, small farm,
and community development lending.\210\
---------------------------------------------------------------------------
\203\ See H.R. Rep. No. 561, 94th Cong., 1st Sess. 4 (1975)
(``[The practice of redlining] increasingly has served to polarize
elements of our society . . . . As polarization intensifies,
neighborhood decline accelerates.''), reprinted in 1975 U.S.C.C.A.N.
2303, 2305-06.
\204\ Robert C. Art, Social Responsibility in Bank Credit
Decisions: The Community Reinvestment Act One Decade Later, 18 Pac.
L.J. 1071, 1076-77 & n.23 (1987) (citing 123 Cong. Rec. S8958 (daily
ed. June 6, 1977), which stated that Sen. Proxmire, the
congressional sponsor of the Act described redlining as ``the fact
that banks and savings and loans will take their deposits from a
community and instead of reinvesting them in that community, they
will invest them elsewhere, and they will actually or figuratively
draw a red line on a map around the areas of their city,'' further
noting that those lines are drawn ``sometimes in the inner city,
sometimes in the older neighborhoods, sometimes ethnic and sometimes
black . . . .'').
\205\ 12 U.S.C. 2906(a)(1).
\206\ 43 FR 47144 (Oct. 12, 1978).
\207\ 60 FR 22156 (May 4, 1995).
\208\ 70 FR 44256 (Aug. 2, 2005).
\209\ 12 CFR 228.11.
\210\ See, e.g., 12 CFR 25.42, 228.11.
---------------------------------------------------------------------------
The agencies tasked with ensuring compliance--including the
OCC,\211\ the Board,\212\ and the FDIC \213\--evaluate each insured
depository institution's record in helping meet the credit needs of its
entire community.\214\ Overall, the CRA and its regulations generate
data that help agencies and the public at large identify instances of
redlining, community disinvestment, and geographical areas that are
``banking deserts.'' \215\ The CRA regulations of the Board and the
FDIC currently have the same definitions of ``community development''
that include banking and credit services that support the following:
(1) affordable housing for low- and moderate-income individuals; \216\
(2) community services for low- and moderate-income individuals; \217\
(3) activities that promote economic development by financing small
business and small farms; \218\ and (4) activities that revitalize or
stabilize low- and moderate-income geographies, disaster areas, and
certain distressed or underserved middle-income areas based on other
factors.\219\
---------------------------------------------------------------------------
\211\ 12 CFR part 25.
\212\ 12 CFR part 228.
\213\ 12 CFR parts 345, 195.
\214\ Most specifically, that record is taken into account in
considering an institution's application for deposit facilities,
including mergers and acquisitions with other financial institutions
and the opening of bank branches.
\215\ OCC regulations define ``CRA desert'' as an area that has
``significant unmet community development or retail lending needs''
and where: (1) Few banks have branches or non-branch deposit-taking
facilities, (2) There is ``less retail or community development
lending than would be expected based on demographic or other
factors,'' or (3) The area ``lacks community development
organizations or infrastructure.'' 12 CFR 25.03.
\216\ 12 CFR 228.12(g)(1), 345.12(g)(1).
\217\ 12 CFR 228.12(g)(2), 345.12(g)(2).
\218\ 12 CFR 228.12(g)(3), 345.12(g)(3).
\219\ 12 CFR 228.12(g)(4), 345.12(g)(4).
---------------------------------------------------------------------------
In May 2022, the Board, FDIC and OCC issued an interagency notice
of proposed rulemaking for amendments to update and expand the existing
CRA regulations (2022 CRA NPRM).\220\ In the 2022 CRA NPRM, these three
agencies proposed a number of revisions to the agencies' CRA rules,
including a number of key changes relating to how the agencies defined
community development and how the agencies intended to measure the
community development activity of depository institutions.\221\
---------------------------------------------------------------------------
\220\ Bd. of Governors of the Fed. Rsrv. Sys.; Fed. Deposit Ins.
Corp.; and Off. of the Comptroller of the Currency, Treasury,
Community Reinvestment Act, Joint Proposed Rule, 87 FR 33884 (June
3, 2022).
\221\ 87 FR 33884, 33885 (June 3, 2022).
---------------------------------------------------------------------------
In the 2022 CRA NPRM, the agencies recognized the value of data to
be collected under the Bureau's small business lending rule for
assessing efforts at addressing community small business and small farm
credit needs, proposing to incorporate aspects of the Bureau's rule
into their CRA rules. First, the agencies proposed to define the terms
``small business'' and ``small farm'' consistent with the Bureau's
proposal under section 1071, i.e., as those having gross annual
revenues of $5 million or less in the preceding fiscal year.\222\
---------------------------------------------------------------------------
\222\ Id. at 33890.
---------------------------------------------------------------------------
Further, the 2022 CRA NPRM proposed to eliminate the current CRA
small business and small farm data collection and reporting
requirements,\223\ to be replaced in the long term by the Bureau's
small business lending data collection and reporting requirements.\224\
The agencies noted that this proposed approach is responsive to various
stakeholders' requests that the agencies coordinate the small business
and small farm definitions across the CRA and section 1071 rulemakings.
The agencies also observed that their proposal would reduce burden
related to data collection and reporting, particularly if institutions
could submit data for CRA purposes under the format of the Bureau's
small business lending rule.\225\ Data collected pursuant to section
1071 would be used to measure individual bank performance in CRA
assessments, and to establish the agencies' benchmarks against which
bank CRA performance would be measured for purposes of the small farm
and small business portions of the retail lending tests.\226\
---------------------------------------------------------------------------
\223\ Id. at 33930.
\224\ Id. at 33997.
\225\ Id. at 33928
\226\ Id. at 33941.
---------------------------------------------------------------------------
Finally, the agencies proposed that if both the CRA and section
1071 rulemakings were finalized, the agencies would make the compliance
date for the CRA amendments that hinge upon the Bureau's section 1071
rulemaking similar to the compliance date for the Bureau's final
rule.\227\
---------------------------------------------------------------------------
\227\ Id. at 33930.
---------------------------------------------------------------------------
ii. Community Development Financial Institution Fund (CDFI Fund)
The Riegle Community Development and Regulatory Improvement Act of
1994 authorized the CDFI Fund.\228\ In passing that statute, Congress
found that many of the Nation's urban, rural, and Native American
communities face ``critical social and economic problems arising in
part from the lack of economic growth, people living in poverty, and
the lack of employment and other opportunities.'' \229\
---------------------------------------------------------------------------
\228\ 12 U.S.C. 4701(b).
\229\ 12 U.S.C. 4701(a)(1).
---------------------------------------------------------------------------
To address these problems, Congress created the CDFI Fund to
``promote economic revitalization and community development'' through
investment in and assistance to CDFIs, including enhancing the
liquidity of CDFIs.\230\
---------------------------------------------------------------------------
\230\ 12 U.S.C. 4701(b).
---------------------------------------------------------------------------
The concept of community development is central to the operation of
the CDFI Fund. While CDFI Fund regulations do not directly define that
term, any entity applying for CDFI certification must have ``promoting
community development'' as its ``primary mission.'' \231\ In making
this determination, the CDFI Fund considers whether the activities of
the entity are purposefully directed toward improving the social and/or
economic conditions of underserved people, which may include low-income
persons or persons who lack adequate access to capital and financial
services and residents of
[[Page 35170]]
economically distressed communities.\232\
---------------------------------------------------------------------------
\231\ 12 CFR 1805.201(b)(1).
\232\ Id.
---------------------------------------------------------------------------
The CDFI Fund collects data from the recipients of its financial
and technical assistance, shedding some light on the extent of
community development in the areas where CDFIs operate.\233\ The CDFI
Fund also publishes the data it receives with appropriate redactions to
protect privacy interests.\234\ However, given that CDFIs comprise a
relatively small share of the overall small business lending market,
1071 data will materially enhance understanding of the broader extent
of community development outside of areas where CDFIs already operate.
These data will also likely augment the data the CDFI Fund already
receives.
---------------------------------------------------------------------------
\233\ 12 CFR 1805.803(e) (requiring recipients of technical and
financial assistance to provide to the CDFI Fund certain information
and documentation).
\234\ 12 CFR 1805.803(e)(4).
---------------------------------------------------------------------------
In May 2020, the CDFI Fund issued a request for comment on several
aspects of its CDFI program, including proposed changes to the
application for certification, as well as proposed changes to the data
collection and reporting processes of the CDFI Fund. The RFI proposed a
number of other revisions to the data collection and reporting regime
in May 2020, including the automation of key elements of existing
reporting and improvements to data quality.\235\
---------------------------------------------------------------------------
\235\ CDFI Fund, Annual Certification and Data Collection Report
Changes (2020), https://www.cdfifund.gov/sites/cdfi/files/documents/annual-certification-report-2020-final.pdf.
---------------------------------------------------------------------------
In October and November 2022, the CDFI Fund announced that based on
public comments, it had revised its proposed changes to the application
for certification, and data collection and reporting requirements,
subject to another round of public comment prior to the anticipated
implementation of changes in April 2023.\236\ The CDFI Fund released a
preview of changes to the application requirements.\237\ One change to
the Primary Mission portion of the application, which asks whether an
applicant is focused on the mission of community development, would be
the addition of bright-line questions related to an organization's
lending and financing practices.\238\ Specifically, an applicant can be
disqualified from CDFI certification if financial products or practices
it offers are harmful to low-income and underserved communities.\239\
The bright-line questions the new certification application would ask
include whether, amongst other things, applicants consider a small
business borrower's ability to repay a loan on its terms,\240\ whether
they have accommodative or concessionary policies or programs for
struggling borrowers, and whether loans priced above 36 percent APR
meet certain safety and consumer protection standards.
---------------------------------------------------------------------------
\236\ The CDFI Fund released a preview of the final
certification application, pending OMB approval. CDFI Fund, CDFI
Certification Application Preview (Oct. 2022), https://www.cdfifund.gov/sites/cdfi/files/2022-10/CDFI_Certification_Application_Preview_Final_10322.pdf.
\237\ CDFI Fund, CDFI Fund Advance Look: Preview the Revisions
to the New CDFI Certification Application (Oct. 4, 2022), https://www.cdfifund.gov/news/487.
\238\ CDFI Fund, Community Development Financial Institution
Certification Application: Overview of Final Revisions and
Modifications (Oct. 5, 2022), https://www.cdfifund.gov/sites/cdfi/files/2022-10/CDFI_Certification_Application_Overview_FINAL.pdf.
\239\ Id. at 23-31.
\240\ Id. at 27.
---------------------------------------------------------------------------
In October 2022, the CDFI Fund also published revisions to the
Target Market requirements of the application for CDFI
certification.\241\ Currently, an applicant must demonstrate that it
serves at least one eligible Target Market (either an Investment Area
or a Targeted Population). The revisions, if finalized, would eliminate
the geographical boundaries and mapping requirements for most Target
Markets, replacing these requirements with customized investment areas.
In late October 2022, the CDFI Fund published a proposed list of pre-
approved methodologies to identify target markets.\242\ These
methodologies include determining whether most recipients of a CDFI
applicant's funds--whether individuals, for-profit entities, or non-
profit entities--are members of certain demographic groups (African
American, Hispanic, Native American, Native Hawaiian, Native Alaskan,
Other Pacific Islanders, people with disabilities, certified CDFIs,
low-income targeted populations).\243\ These data are collected using a
variety of overlapping methods specific to each demographic status,
including self-reporting,\244\ in-person or photo-identification-based
visual observation,\245\ surname analysis,\246\ government-issued or
Tribal-issued identification to demonstrate affiliation,\247\ and/or
income and residence or business location.\248\
---------------------------------------------------------------------------
\241\ CDFIs must service either certain investment areas or
targeted populations.
\242\ CDFI Fund, CDFI Target Market Assessment Methodologies,
Notice and Request for Comment. 87 FR 63852 (Oct. 20, 2022).
Comments were due by December 19, 2022. The notice refers to a
separate document with the target market methodologies. CDFI Fund,
Proposed Pre-Approved Target Market Assessment Methodologies (Oct.
19, 2022), https://www.cdfifund.gov/sites/cdfi/files/2022-10/Proposed_PreApproved_TM_Assessment_Methodologies_FINAL.pdf.
\243\ Id.
\244\ See, e.g., id. at 1 (African American), 3 (Hispanic), 10
(non-Hawaiian Pacific Islander), 12 (disability status).
\245\ See, e.g., id. at 1 (African American), 3 (Hispanic), 12
(disability status).
\246\ See, e.g., id. at 3 (Hispanic); see also List of Hispanic
Surnames for OTP-Hispanic Pre-Approved Assessment Methodology,
https://www.cdfifund.gov/sites/cdfi/files/2022-10/OTP_Hisp_HispanicSurnameList_2010Census.xlsx (list of qualifying
Hispanic surnames).
\247\ See, e.g., CDFI Fund, Proposed Pre-Approved Target Market
Assessment Methodologies, at 1 (Oct. 19, 2022), https://www.cdfifund.gov/sites/cdfi/files/2022-10/Proposed_PreApproved_TM_Assessment_Methodologies_FINAL.pdf
(reporting for African American recipients of funds).
\248\ Id. at 14 (low-income individuals or entities).
---------------------------------------------------------------------------
The most recently published amendments to the application
requirements remain under consideration by the CDFI Fund.\249\
---------------------------------------------------------------------------
\249\ The CDFI Fund paused acceptance of new applications for
CDFI certification in October 2022 and will reopen for new
applications once the revisions to the application for certification
and the transaction-level data collection and reporting regimes are
finalized. While initially anticipating that it would finalize
changes to the application process in April 2023 after receiving
public comments, the CDFI Fund issued a statement in January 2023
that it had received a robust response to the request for comments
on the revised application and reporting tools, and that
consideration of these comments, while not requiring a lengthy
delay, would require postponement of the new application and
associated reporting tools beyond April 2023. CDFI Fund, An Update
on the CDFI Fund's Certification Application Review Process (Jan.
24, 2023), https://www.cdfifund.gov/news/501.
---------------------------------------------------------------------------
3. Impact of Small Business Lending Data Under Section 1071
The Bureau's implementation of section 1071 will provide on an
annual basis application-level data on small business credit, including
certain protected demographic information. This will include
information on applications for credit that are originated, as well as
those that are denied, withdrawn, incomplete, or approved by the
financial institution but not accepted by the applicant. This
information will enable stakeholders of all kinds in the small business
lending market to gain insight into trends in small business lending.
It will also provide insight into the interaction of supply and demand
for small business credit over time.
In terms of facilitating fair lending enforcement, interested
government agencies and other stakeholders will be able to use data
collected and reported under this final rule to identify possible fair
lending risks using statistical methods.
Regarding the identification of business and community development
needs, small business lending data collected and reported under this
final rule will help government entities and
[[Page 35171]]
public and private lenders identify and target sub-segments of the
market that remain underserved, facilitating entrepreneurship and
business development in those communities. By reducing uncertainty
about the conditions of the small business lending market, data
collected under the final rule can help creditors identify potentially
profitable opportunities to extend responsible and affordable credit,
potentially increasing credit availability to small businesses.
Increased transparency, in turn, will also help small business
borrowers to understand what credit is available and on what terms,
thereby improving their ability to access the credit they need and
further serving community and business development goals.
The Bureau believes that small business lending data will come to
play an important role for the small business lending market, as HMDA
data have done for the mortgage market. HMDA data have provided
lenders, community groups, and others the tools to identify and address
fair lending risks and strengthen fair lending oversight and
enforcement. In a similar way, these data will allow diverse
stakeholders to analyze lending patterns that are potentially
discriminatory. By identifying and addressing discriminatory small
business lending practices, the Bureau will help to ensure fair,
equitable, and nondiscriminatory access to credit for both individuals
and their communities.\250\
---------------------------------------------------------------------------
\250\ See 12 U.S.C. 5493(c)(2)(A).
---------------------------------------------------------------------------
HMDA data have also proven effective in creating transparency in
the mortgage market that improves the understanding of credit needs,
where they may remain unmet, and the relationship between mortgage
lending and community development. The Bureau believes that small
business lending data collected and reported under this final rule will
provide the Bureau and other stakeholders with critical insights into
the small business lending market. The COVID-19 pandemic has shown that
transparency is essential at a time of crisis, when small businesses
may be in urgent need of credit in order to recover from economic
shocks.
The advancement of both statutory purposes of section 1071--
facilitating fair lending enforcement and identifying business and
community development needs--in turn will support small businesses
across all sectors of the economy, which are fundamental to the
economic health of the U.S. and which have been hard hit by recent
economic and financial crises. Given the critical importance of small
businesses to economic growth and wealth creation, that will also help
the economy as a whole.
III. Summary of the Rulemaking Process
In the years leading up to the release of the CFPB's NPRM to
implement section 1071 of the Dodd-Frank Act, the CFPB held over 100
outreach meetings regarding the rulemaking with financial institutions,
trade associations, community groups, researchers, governmental
entities, and other stakeholders. The CFPB also took a number of other
steps, beyond individual stakeholder meetings, to solicit feedback more
broadly from the public on a rule to implement section 1071. Most
recently, the CFPB received public comments on its NPRM. Each of these
efforts are discussed in turn below.
A. Pre-Proposal Outreach and Engagement
Request for information, field hearing, and white paper on small
business lending. On May 10, 2017, the CFPB published a request for
information regarding the small business lending market \251\ in which
it sought public comment to understand more about the products that are
offered to small businesses, the financial institutions that offer such
credit, the small business lending data that currently are used and may
be maintained by financial institutions, the potential complexity and
cost of small business data collection and reporting, and privacy
concerns related to the disclosure purposes of section 1071.\252\ On
the same date, the CFPB held a field hearing regarding section 1071 at
which the request for information was announced and then-Director
Richard Cordray noted the importance of a section 1071 rulemaking given
the absence of systematic data on how small businesses are faring and
whether or how much they are being held back by financing
constraints.\253\ Finally, at the same time, the CFPB also published
its White Paper on small business lending,\254\ which reflected the
initial findings of its research providing a preliminary understanding
of the small business lending environment, with a particular emphasis
on lending to women-owned and minority-owned small businesses.
---------------------------------------------------------------------------
\251\ 82 FR 22318 (May 15, 2017).
\252\ In response to the request for information, the CFPB
received over 2,000 comments in total, and over 100 unique comments
offering detailed substantive responses on the topics raised in the
request for information. These comments from the public helped to
inform the CFPB's approach in its SBREFA Outline. See CFPB, Request
for Information Regarding the Small Business Lending Market, Docket
ID CFPB-2017-0011, https://www.regulations.gov/docket/CFPB-2017-0011.
\253\ See CFPB, Prepared Remarks of CFPB Director Richard
Cordray at the Small Business Lending Field Hearing (May 10, 2017),
https://www.consumerfinance.gov/about-us/newsroom/prepared-remarks-cfpb-director-richard-cordray-small-business-lending-field-hearing/.
\254\ CFPB, Key dimensions of the small business lending
landscape (May 2017), https://files.consumerfinance.gov/f/documents/201705_cfpb_Key-Dimensions-Small-Business-Lending-Landscape.pdf
(White Paper).
---------------------------------------------------------------------------
1071 symposium. In November 2019, the CFPB held a symposium on
section 1071 to assist it in its policy development process and to
receive feedback from experts, including academic, think tank, consumer
advocate, industry, and government experts in the small business
lending arena.\255\ The symposium had two panels. The first panel
focused on the evolution in the small business lending marketplace. The
second panel included a discussion surrounding the implementation of
section 1071, including issues raised in response to the CFPB's request
for information.
---------------------------------------------------------------------------
\255\ CFPB, Symposium: Section 1071 of the Dodd-Frank Act (held
Nov. 6, 2019), https://www.consumerfinance.gov/about-us/events/archive-past-events/cfpb-symposium-section-1071-dodd-frank-act/.
---------------------------------------------------------------------------
Small Business Advisory Review Panel. Under the Small Business
Regulatory Enforcement Fairness Act of 1996 (SBREFA),\256\ which
amended the Regulatory Flexibility Act (RFA), the CFPB must convene and
chair a Small Business Advisory Review Panel (Panel) if it is
considering a proposed rule that could have a significant economic
impact on a substantial number of small entities.\257\ The Panel
considers the impact of the proposals under consideration by the CFPB
and obtains feedback from representatives of the small entities that
would likely be subject to the rule. The Panel is comprised of a
representative from the CFPB, the Chief Counsel for Advocacy of the
Small Business Administration (SBA), and a representative from the
Office of Information and Regulatory Affairs (OIRA) in the Office of
Management and Budget (OMB). Representatives from 20 small businesses
were selected as small entity representatives for this SBREFA process.
These individuals represented small businesses that are financial
institutions--including community banks, credit unions, community
development financial institutions (CDFIs), financial technology firms,
and commercial finance companies--that
[[Page 35172]]
would likely be directly affected by a rule implementing section 1071.
---------------------------------------------------------------------------
\256\ Public Law 104-121, 110 Stat. 857 (1996).
\257\ 5 U.S.C. 609(b).
---------------------------------------------------------------------------
On September 15, 2020, the CFPB issued its Outline of Proposals
under Consideration and Alternatives Considered (SBREFA Outline) for
its rulemaking pursuant to section 1071, a detailed document that
discusses (1) the relevant law, (2) the regulatory process, (3) the
rule proposals the CFPB was considering, and (4) an economic analysis
of the potential impacts of those proposals on directly affected small
entities.\258\
---------------------------------------------------------------------------
\258\ CFPB, Small Business Advisory Review Panel for Consumer
Financial Protection Bureau Small Business Lending Data Collection
Rulemaking, Outline of Proposals Under Consideration and
Alternatives Considered (Sept. 15, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-sbrefa_outline-of-proposals-under-consideration_2020-09.pdf (SBREFA Outline). See also
CFPB, Consumer Financial Protection Bureau Releases Outline of
Proposals Under Consideration to Implement Small Business Lending
Data Collection Requirements (Sept. 15, 2020), https://www.consumerfinance.gov/about-us/newsroom/cfpb-releases-outline-proposals-implement-small-business-lending-data-collection-requirements/.
---------------------------------------------------------------------------
The CFPB convened the Panel for this proposed rule on October 15,
2020 and held a total of four meetings with small entity
representatives during October 19-22, 2020, conducted online via video
conference (Panel Outreach Meetings). In preparation for the Panel
Outreach Meetings and to facilitate an informed and detailed discussion
of the proposals under consideration, discussion questions for the
small entity representatives were included throughout the SBREFA
Outline.\259\
---------------------------------------------------------------------------
\259\ These questions also appeared in a shorter Discussion
Guide for Small Entity Representatives. See CFPB, Small Business
Advisory Review Panel for Consumer Financial Protection Bureau Small
Business Lending Data Collection Rulemaking, Discussion Guide for
Small Entity Representatives (Sept. 15, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-sbrefa_discussion-guide_2020-09.pdf.
---------------------------------------------------------------------------
In advance of the Panel Outreach Meetings, the CFPB, SBA Office of
Advocacy, and OIRA held a series of video conferences with the small
entity representatives to describe the Small Business Review Process,
obtain important background information about each small entity
representative's current business practices, and begin discussions on
selected portions of the proposals under consideration.
All 20 small entity representatives participated in the Panel
Outreach Meetings. Representatives from the CFPB, SBA Office of
Advocacy, and OIRA provided introductory remarks. The meetings were
then organized around discussions led by the CFPB about each aspect of
the proposals under consideration and the potential impact on small
businesses. The CFPB also invited small entity representatives to
submit written feedback by November 9, 2020; most did so.
On December 15, 2020, the CFPB released the Final Report of the
Small Business Review Panel on the CFPB's Proposals Under Consideration
for the Small Business Lending Data Collection Rulemaking (SBREFA Panel
Report).\260\ This report includes a summary of the feedback received
from small entity representatives during the panel process (including
oral feedback received during the pre-Panel video conferences and Panel
Outreach Meetings, as well as timely submitted written feedback) and
findings and recommendations made by the Panel.\261\ As required by the
RFA, the CFPB considered the Panel's findings in its initial regulatory
flexibility analysis, as set out in part VIII of the NPRM.
---------------------------------------------------------------------------
\260\ CFPB, Final Report of the Small Business Review Panel on
the CFPB's Proposals Under Consideration for the Small Business
Lending Data Collection Rulemaking (Dec. 14, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-sbrefa-report.pdf
(SBREFA Panel Report). See also CFPB, Consumer Financial Protection
Bureau Releases Report on Implementing the Dodd-Frank Act's Small
Business Lending Data Collection Requirement (Dec. 15, 2020),
https://www.consumerfinance.gov/about-us/newsroom/consumer-financial-protection-bureau-releases-report-on-implementing-the-dodd-frank-acts-small-business-lending-data-collection-requirement/.
The CFPB's SBREFA Outline and related materials, as well as the
CFPB's presentation slides framing the discussion during the Panel
Outreach Meetings, are appended to the SBREFA Panel Report. See
SBREFA Panel Report at app. C through F.
\261\ The written feedback from small entity representatives is
appended to the SBREFA Panel Report. See id. at app. A.
---------------------------------------------------------------------------
The CFPB also invited other stakeholders to submit feedback on the
SBREFA Outline by December 14, 2020. The CFPB received approximately 60
submissions from a variety of other stakeholders, including financial
institutions, trade associations, community groups, a think tank, and a
government agency.\262\
---------------------------------------------------------------------------
\262\ Feedback received from these stakeholders on the SBREFA
Outline is available on the public docket for the NPRM. See https://www.regulations.gov/docket/CFPB-2021-0015/document?documentTypes=Supporting%20%26%20Related%20Material.
---------------------------------------------------------------------------
The CFPB considered the feedback it received from small entity
representatives, the findings and recommendations of the Panel, and the
feedback from other stakeholders in preparing the NPRM. The feedback,
findings, and recommendations were summarized throughout the NPRM where
relevant.
One-Time Cost Survey. On July 22, 2020, the CFPB released a
voluntary survey to measure the one-time costs of compliance with an
eventual small business lending data collection rule.\263\ The
objective of the survey was to solicit, from institutions offering
small business credit products that could potentially be covered by
this rule, information about potential one-time costs to prepare to
collect and report data. The deadline for responses was October 16,
2020. The CFPB received responses from 105 financial institutions.\264\
The results of the survey inform the CFPB's analyses of the potential
impacts of the rule as set out in parts IX and X below.
---------------------------------------------------------------------------
\263\ CFPB, Survey: Small Business Compliance Cost Survey (July
22, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-survey_2020-10.pdf.
\264\ See part VI below for additional details regarding this
survey.
---------------------------------------------------------------------------
ECOA request for information. On July 28, 2020, the CFPB issued a
request for information to seek public input on ECOA and Regulation
B.\265\ In this request for information, the CFPB sought public comment
on a number of topics, including small business lending and the ways
that the CFPB, in light of its authority under ECOA and Regulation B,
might support efforts to meet the credit needs of small businesses,
particularly those that are minority-owned and women-owned.\266\
---------------------------------------------------------------------------
\265\ CFPB, Consumer Financial Protection Bureau Requests
Information on Ways to Prevent Credit Discrimination and Build a
More Inclusive Financial System (July 28, 2020), https://www.consumerfinance.gov/about-us/newsroom/cfpb-rfi-prevent-credit-discrimination-build-more-inclusive-financial-system/.
\266\ 85 FR 46600, 46602 (Aug. 3, 2020).
---------------------------------------------------------------------------
B. Ongoing Outreach and Engagement
Ongoing outreach. The CFPB conducts outreach to industry and other
stakeholders to understand their experiences with the small business
finance market, economic conditions, and the collection and reporting
of data regarding that market. A particular near-term priority in the
CFPB's recent outreach has been the impacts of the pandemic and the
effectiveness of the Federal government's response. Findings from
outreach activities inform the CFPB on matters affecting the small
business sector.
Technical outreach. In the months before the publication of the
NPRM, the CFPB began conducting technical outreach with third-party
software providers that serve financial institutions and software and
technology staff from financial institutions that are likely to have to
report small business lending data to the CFPB. With these software
vendors and technical staff, the CFPB has held and, after publication
of this final rule, will continue to hold discussions concerning
[[Page 35173]]
the technical systems and procedures the CFPB will provide for
financial institutions to submit their data. The CFPB intends to
understand the technology solutions currently provided by vendors to
support the small business lending activities of financial
institutions, as well as their experience in providing financial
institutions with technical support for previous data collection
regulations. The CFPB believes this information will be helpful in
informing the CFPB in its design and implementation of a platform for
intake and processing of data to help the platform integrate, to the
extent possible, with existing systems and data collection procedures.
These discussions also serve to raise awareness of technology providers
as to their potential future role in supporting the rule as well as the
lead time that may be necessary for some or all affected financial
institutions to come into compliance with the requirements of this
final rule. This outreach process is ongoing and will continue after
the publication of this final rule.
Sample data collection form usability testing. After the NPRM was
released, the CFPB, after the appropriate notice in the Federal
Register, and a 30-day comment period, sought and received OMB approval
to conduct several rounds of message and user testing research related
to the sample form.\267\ The CFPB conducted qualitative research to
learn about the experience of filling out the sample data collection
form and to explore design options. The CFPB engaged a vendor to
conduct interviews with small business stakeholders and listening
sessions with small business owners to test different versions of the
introductory language on the sample data collection form. The CFPB also
conducted qualitative user interviews with small business owners to
test their reactions to different versions of the sample data
collection form. In addition to comments received in response to the
CFPB's proposed sample data collection form as part of the NPRM, the
feedback gathered as part of these testing efforts was also considered
by the CFPB in finalizing the sample data collection form issued with
this final rule. The CFPB is releasing a report, simultaneously with
the issuance of this final rule, summarizing the findings from all
three rounds of qualitative research testing.\268\
---------------------------------------------------------------------------
\267\ 87 FR 37504 (June 23, 2022).
\268\ CFPB, User testing for sample data collection form for the
small business lending final rule (Mar. 2023), https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------
C. Notice of Proposed Rulemaking
On September 1, 2021, the CFPB issued its proposal to implement
section 1071. The NPRM was published in the Federal Register on October
8, 2021,\269\ and the public comment period closed on January 6,
2022.\270\ The CFPB received approximately 2,100 comments on the
proposal during the comment period.\271\ Approximately 650 of these
comments were unique, detailed comment letters representing diverse
interests. These commenters included lenders such as banks and credit
unions, CDFIs, community development companies, Farm Credit System
lenders, online lenders, and others; national and regional industry
trade associations; software vendors; business advocacy groups;
community groups; research, academic, and other advocacy organizations;
members of Congress; Federal and State government offices/agencies;
small businesses; and individuals.
---------------------------------------------------------------------------
\269\ 86 FR 56356 (Oct. 8, 2021).
\270\ The CFPB set the length of the comment period on the
proposal at 90 days from the date on which it was published in the
Federal Register. The CFPB received several written requests to
extend the comment period. The CFPB believes that the 90-day comment
period set forth in the NPRM (along with the 38 days that elapsed
between the CFPB's issuance of the NPRM on September 1, 2021 and its
publication in the Federal Register on October 8, 2021) gave
interested parties sufficient time to consider the CFPB's proposal
and prepare their responses, and thus did not extend the comment
period beyond January 6, 2022.
\271\ See https://www.regulations.gov/docket/CFPB-2021-0015/comments.
---------------------------------------------------------------------------
The remaining comments included some duplicate submissions (i.e.,
letters with the same content from the same commenter submitted through
multiple channels, or letters with the same content submitted by
multiple people on behalf of the same commenting organization) as well
as comments that were part of several comment submission campaigns
organized by industry or community groups. Such comment campaigns
typically advocated for or against particular provisions in the NPRM
and urged additional changes. These comments were considered by the
CFPB along with all other comments received, including any additional
remarks included in otherwise identical comment letters.
In addition, the CFPB also considered comments received after the
comment period closed via approximately 17 ex parte submissions and
meetings.\272\ Materials on the record, including all ex parte
submissions and summaries of ex parte meetings, are available on the
public docket for this rulemaking.\273\
---------------------------------------------------------------------------
\272\ CFPB, Policy on Ex Parte Presentations in Rulemaking
Proceedings, 82 FR 18687 (Apr. 21, 2017).
\273\ See https://www.regulations.gov/docket/CFPB-2021-0015/comments.
---------------------------------------------------------------------------
The CFPB received comments on all aspects of the proposed rule, as
well as on the proposed approach to protecting privacy interests via
modification or deletion of data prior to publication, and on its
analyses of the proposed rule's impacts. Relevant information received
via comment letters, as well as ex parte submissions, is discussed
below in the section-by-section analysis and subsequent parts of this
document, as applicable. The CFPB considered all the comments it
received regarding the proposal, made certain modifications, and is
adopting the final rule as described in part V below. Comments relevant
to the CFPB's approach to privacy are discussed in part VIII and
regarding its impact analyses in parts IX to XI.
IV. Legal Authorities
The Bureau is issuing this final rule pursuant to its authority
under section 1071. Some aspects of this rule are also adopted under
the Bureau's more general rulemaking authorities in ECOA. Congress
enacted ECOA to prohibit discrimination against any applicant,
regarding any aspect of a credit transaction, on the basis of, amongst
other characteristics, race, color, religion, national origin, and
sex.\274\ The Bureau has certain oversight, enforcement, and
supervisory authority over ECOA requirements and has rulemaking
authority under the statute.
---------------------------------------------------------------------------
\274\ 15 U.S.C. 1691(a)(1).
---------------------------------------------------------------------------
ECOA is implemented in Regulation B.\275\ Among other things,
Regulation B generally prohibits creditors from inquiring about an
applicant's race, color, religion, national origin, or sex, with
limited exceptions, including if it is required by law.\276\
---------------------------------------------------------------------------
\275\ 12 CFR part 1002.
\276\ Regulation B Sec. 1002.5(a)(2).
---------------------------------------------------------------------------
As discussed above, in the Dodd-Frank Act Congress amended ECOA by
adding section 1071, which directs the Bureau to adopt regulations
governing the collection and reporting of small business lending data.
Specifically, section 1071 requires financial institutions to collect
and report to the Bureau certain data on applications for credit for
women-owned, minority-owned, and small businesses.\277\ Congress
enacted section 1071 for the purpose of (1) facilitating enforcement of
fair lending laws and (2) enabling communities, governmental entities,
and creditors to identify business and
[[Page 35174]]
community development needs and opportunities of women-owned, minority-
owned, and small businesses.\278\ The Bureau often refers to these as
section 1071's fair lending purpose and its business and community
development purpose, respectively.
---------------------------------------------------------------------------
\277\ ECOA section 704B.
\278\ ECOA section 704B(a).
---------------------------------------------------------------------------
To advance these statutory purposes, section 1071 grants the Bureau
general rulemaking authority for section 1071, providing that the
Bureau shall prescribe such rules and issue such guidance as may be
necessary to carry out, enforce, and compile data pursuant to section
1071.\279\ ECOA section 704B(g)(2) also permits the Bureau to adopt
exceptions to any requirement of section 1071 and to conditionally or
unconditionally exempt any financial institution or class of financial
institutions from the requirements of section 1071, as the Bureau deems
necessary or appropriate to carry out the purposes of section 1071. The
Bureau principally relies on its 704B(g)(1) authority in this proposed
rule and relies on 704B(g)(2) when proposing specific exceptions or
exemptions to section 1071's requirements. Section 704B(g)(3) directs
the Bureau to issue guidance designed to facilitate compliance with the
requirements of section 1071.
---------------------------------------------------------------------------
\279\ ECOA section 704B(g)(1).
---------------------------------------------------------------------------
In addition, section 703(a) of ECOA gives the Bureau broad
authority to prescribe regulations to carry out the purposes of ECOA,
including provisions that in the judgment of the Bureau are necessary
or proper to effectuate the purposes of ECOA, to prevent circumvention
or evasion thereof, or to facilitate or substantiate compliance
therewith. That section also states that the Bureau may provide for
such adjustments and exceptions for any class of transactions, as in
the judgment of the Bureau are necessary or proper to effectuate the
purposes of ECOA, to prevent circumvention or evasion thereof, or to
facilitate or substantiate compliance therewith.
Section 1071 establishes requirements or obligations for financial
institutions that the Bureau is implementing in this final rule. These
provisions include the requirement in ECOA section 704B(b) that a
financial institution shall inquire whether an applicant for credit is
a women-owned, minority-owned, or small business; that a financial
institution must maintain a record of responses to such inquiry,
separate from the application; that an applicant may refuse to provide
any information requested regarding the inquiry under 704B(b); that a
financial institution must limit access of loan underwriters, or other
officers or employees of the financial institution or any affiliate, to
applicant responses to inquiries under 704B(b); and that if a financial
institution determines that a loan underwriter or other officer or
employee should have access to any information provided by the
applicant pursuant to a request under 704B(b) that the financial
institution shall provide notice to the applicant of the access of the
underwriter to such information, along with notice that the financial
institution may not discriminate on the basis of such information.\280\
---------------------------------------------------------------------------
\280\ ECOA section 704B(b)(1) and (2), (c), (d)(1) and (2).
---------------------------------------------------------------------------
ECOA section 704B(e)(1) directs financial institutions to compile
and maintain, in accordance with regulations of the Bureau, records of
the information provided by applicants for credit pursuant to a request
under 704B(b). Section 704B(e)(2) requires that the information
compiled and maintained under 704B(e)(1) be itemized in order to
clearly and conspicuously disclose an enumerated list of data points.
Section 704B(e)(2)(H) requires financial institutions to compile and
maintain any additional data that the Bureau determines would aid in
fulfilling the purposes of section 1071.
Several provisions of section 1071 expressly refer to regulations
to be promulgated by the Bureau to implement certain requirements,
including in ECOA section 704B(e)(1) regarding how financial
institutions must compile and maintain data pursuant to section 1071,
and in 704B(f)(2)(B) and (C) regarding the form of information made
available by financial institutions to the public and the form and
manner in which the Bureau itself should make data available to the
public generally.
Two provisions expressly give the Bureau discretion with respect to
public availability of small business lending data. Specifically, ECOA
section 704B(e)(4) states that the Bureau may, at its discretion,
delete or modify data before making it available to the public if the
Bureau determines that the deletion or modification of the data would
advance a privacy interest. Section 704B(f)(3) gives the Bureau the
discretion to compile and aggregate data for its own use, as well as to
make public such compilations of aggregate data.
V. Section-by-Section Analysis
Overview
In this Overview of part V, the CFPB first provides some background
regarding section 1071, a discussion of the Home Mortgage Disclosure
Act of 1975 (HMDA), and a brief summary of the final rule. Each
regulatory provision of the final rule, along with its rationale and
relevant feedback received through the public comment process, is
discussed in detail in the section-by-section analyses that follow. The
CFPB has made several major, and a number of minor, adjustments to the
rule in response to comments received on the proposal. Major changes
are noted in the summary of the final rule below; all changes are
discussed in detail in the section-by-section analyses that follow.
Next, the CFPB discusses the high-level and general comments
received in response to the NPRM. The CFPB also addresses several
issues for which there is no corresponding regulatory text or
commentary. Finally, the CFPB discusses the conforming amendments it is
making to existing Regulation B.
A. Introduction to Section 1071
As discussed above, section 1071 of the Dodd-Frank Act requires
that financial institutions collect and report to the CFPB certain data
regarding applications for credit for women-owned, minority-owned, and
small businesses. Section 1071's statutory purposes are to (1)
facilitate enforcement of fair lending laws, and (2) to enable
communities, governmental entities, and creditors to identify business
and community development needs and opportunities of women-owned,
minority-owned, and small businesses.
Section 1071 specifies a number of data points that financial
institutions are required to collect and report, and also provides
authority for the CFPB to require any additional data that it
determines would aid in fulfilling section 1071's statutory purposes.
Section 1071 also contains a number of other requirements, including
those that address restricting the access of underwriters and other
persons to certain data and publication of data. In addition, section
1071 permits the CFPB to modify or delete data prior to publication if
it determines that such a deletion or modification would advance a
privacy interest.
Section 1071 directs the CFPB to prescribe such rules, and issue
such guidance as may be necessary to carry out, enforce, and compile
data pursuant to section 1071. It also permits the CFPB to adopt
exceptions to any requirement
[[Page 35175]]
or to exempt financial institutions from the requirements of section
1071 as it deems necessary or appropriate to carry out the purposes of
section 1071. Section 1071 also directs the CFPB to issue guidance
designed to facilitate compliance with the requirements of section
1071. As discussed in part IV above and throughout the section-by-
section analyses in this part V, the CFPB's rule implements these
statutory provisions.
B. Section 1071 and HMDA
HMDA is a data collection and reporting statute that requires
certain depository institutions and for-profit nondepository
institutions to collect, report, and disclose data about originations
and purchases of mortgage loans, as well as mortgage loan applications
that do not result in originations (for example, applications that are
denied or withdrawn).\281\ The CFPB's Regulation C, 12 CFR part 1003,
implements HMDA. In light of certain similarities between section 1071
and HMDA as data collection and reporting statutes with different
markets but similar fair lending enforcement and community development
purposes, the CFPB's section-by-section analyses in this part V
sometimes discusses how similar provisions are addressed in the context
of HMDA. Of course, the markets to which HMDA and section 1071 apply
are also different in significant respects, and those differences are
reflected between the present rule and Regulation C, as discussed
further in the section-by-section analyses in this part V.
---------------------------------------------------------------------------
\281\ 12 U.S.C. 2801 et seq.
---------------------------------------------------------------------------
HMDA and Regulation C's purposes are: (1) to help determine whether
financial institutions are serving their communities' housing needs;
(2) to assist public officials in distributing public investment to
attract private investment; and (3) to assist in identifying potential
discriminatory lending patterns and enforcing antidiscrimination
statutes.
A covered institution for purposes of HMDA reporting is a
depository or nondepository institution that meets the relevant
coverage criteria set forth in the regulation. A covered transaction
under HMDA is generally a loan or line of credit secured (or, for
applications, proposed to be secured) by a lien on a dwelling, that is
not specifically excluded under Regulation C Sec. 1003.3(c). The data
points generally required to be reported about each covered transaction
can be grouped into four broad categories: \282\ information about the
applicants, borrowers, and underwriting process, information about the
property securing the loan or proposed to secure the loan, information
about the features of the loan, certain unique identifiers.
---------------------------------------------------------------------------
\282\ Under the Economic Growth, Regulatory Relief, and Consumer
Protection Act, Public Law 115-174, 132 Stat. 1296 (2018), as
implemented in Regulation C Sec. 1003.3(d), certain HMDA-covered
institutions may be eligible for partial exemptions from some of the
HMDA reporting requirements and only certain covered loans and
applications are covered under partial exemptions. If a covered loan
or application is covered under a partial exemption, the covered
institution is not required to collect, record, and report certain
data points.
---------------------------------------------------------------------------
Covered institutions are required to submit their HMDA data by
March 1 following the calendar year for which data are collected.
Covered institutions with larger volumes of covered loans and
applications are required to submit their HMDA data for each of the
first three quarters of the year in addition to their annual
submission.
Following the calendar year in which HMDA data are collected, a
covered institution's disclosure statement \283\ and modified loan/
application register become publicly available on the FFIEC's HMDA
Platform.\284\ Aggregate reports for each Metropolitan Statistical Area
and Metropolitan Division that show lending patterns by property
location, age of housing stock, and income level, sex, ethnicity, and
race are also publicly available on the same platform, which also
allows users to create custom datasets, reports, and visualizations
from the HMDA data.
---------------------------------------------------------------------------
\283\ A disclosure statement contains aggregated data derived
from loan-level data.
\284\ A HMDA loan/application register contains the record of
information required to be collected and the record submitted
annually or quarterly, as applicable. A modified loan/application
register is a covered institution's loan/application register
modified by the CFPB, on its website, to protect applicant and
borrower privacy. The CFPB interprets HMDA, as amended by the Dodd-
Frank Act, to call for the use of a balancing test to determine
whether and how HMDA data should be modified prior to its disclosure
to the public in order to protect applicant and borrower privacy
while also fulfilling HMDA's public disclosure purposes. See 80 FR
66127, 66133-34 (Oct. 28, 2015). In December 2018, the CFPB issued
final policy guidance describing the modifications the CFPB intends
to apply to the loan-level HMDA data that covered institutions
report before the data are disclosed publicly. See 84 FR 649 (Jan.
31, 2019).
---------------------------------------------------------------------------
HMDA data are the primary source of information for regulators,
researchers, economists, industry, and advocates analyzing the mortgage
market both for HMDA's purposes and for general market monitoring. HMDA
data are used by the Federal supervisory agencies to support a variety
of activities. For example, Federal supervisory agencies use HMDA data
as part of their fair lending \285\ examination process, and also use
HMDA data in conducting CRA \286\ performance evaluations. HMDA data
provide the public with information on the home mortgage lending
activities of particular reporting entities and on activity in their
communities. These data are used by local, State, and Federal officials
to evaluate housing trends and issues and by community organizations to
monitor financial institution lending patterns.
---------------------------------------------------------------------------
\285\ See ECOA (15 U.S.C. 1691 through 1691f), Regulation B (12
CFR part 1002), and the Fair Housing Act (42 U.S.C. 3605, 24 CFR
part 100).
\286\ 12 U.S.C. 2901 through 2908, and 12 CFR parts 25, 195,
228, and 345.
---------------------------------------------------------------------------
C. Summary of the Final Rule
The CFPB is adding a new subpart B to Regulation B to implement the
requirements of section 1071. The CFPB is also making some conforming
amendments to existing Regulation B. The CFPB's final rule is
summarized below, in the order of the section-by-section analyses in
this part V that follow.
1. General Provisions (Sec. Sec. 1002.5(a)(4), 1002.101, and 1002.102)
Changes to existing Regulation B. The CFPB is amending existing
Sec. 1002.5(a)(4) to expressly permit voluntary collection and
reporting of information regarding the ethnicity, race, and sex of
applicants' principal owners, or whether the applicant is a minority-
owned, women-owned, or LGBTQI+-owned business, in certain
circumstances.
The Bureau is also making other nonsubstantive conforming edits in
existing Regulation B to maintain consistency and avoid confusion.
Authority, purpose, and scope (Sec. 1002.101). Section 1002.101
sets forth the authority, purpose, and scope for subpart B. Among other
things, this section states section 1071's two statutory purposes of
facilitating enforcement of fair lending laws and enabling communities,
governmental entities, and creditors to identify business and community
development needs and opportunities of women-owned, minority-owned, and
small businesses.
Definitions (Sec. 1002.102). Section 1002.102 includes a number of
definitions for terms used in subpart B, which generally fall into
several categories. First, some definitions refer to terms defined
elsewhere in subpart B--specifically, terms of particular importance
including business, covered application, covered credit transaction,
covered financial institution, financial institution, and small
business. Second,
[[Page 35176]]
some definitions refer to terms defined elsewhere in existing
Regulation B (i.e., business credit, credit, and State) or other
regulations (i.e., a portion of the definitions of small business and
affiliate reference an SBA regulation). Finally, the remaining terms
are defined in Sec. 1002.102, including applicant, closed-end credit
transaction, LGBTQI+ individual, LGBTQI+-owned business, minority-owned
business, open-end credit transaction, principal owner, small business
lending application register, women-owned business, and a portion of
the definition of affiliate.
2. Coverage (Sec. Sec. 1002.103 Through 1002.106)
Covered applications (Sec. 1002.103). Section 1002.103 defines
what is, and is not, a covered application under subpart B; this
definition triggers data collection and reporting requirements under
subpart B for covered financial institutions. The CFPB is defining a
covered application in Sec. 1002.103(a) as an oral or written request
for a covered credit transaction that is made in accordance with
procedures used by a financial institution for the type of credit
requested. A covered application does not include (1) reevaluation,
extension, or renewal requests on an existing business credit account,
unless the request seeks additional credit amounts; and (2) inquiries
and prequalification requests.
Covered credit transactions and excluded transactions (Sec.
1002.104). The CFPB is requiring that covered financial institutions
collect and report data for all covered applications from small
businesses for transactions that meet the definition of business credit
under existing Regulation B, with certain exceptions. Section
1002.104(a) defines the term covered credit transaction as an extension
of business credit that is not an excluded transaction under Sec.
1002.104(b). Loans, lines of credit, credit cards, and merchant cash
advances (including credit transactions for agricultural purposes) all
fall within the scope of the rule. Section 1002.104(b) excludes from
the requirements of subpart B trade credit, HMDA-reportable
transactions, insurance premium financing, public utilities credit,
securities credit, and incidental credit. Factoring, leases, consumer-
designated credit used for business or agricultural purposes, and
credit transaction purchases, purchases in a pool of credit
transactions, and purchases of a partial interest in a credit
transaction also are not covered credit transactions.
Covered financial institutions and exempt institutions (Sec.
1002.105). The CFPB is defining in Sec. 1002.105(a) the term financial
institution, consistent with the definition in section 1071, as any
partnership, company, corporation, association (incorporated or
unincorporated), trust, estate, cooperative organization, or other
entity that engages in any financial activity. Under this definition,
subpart B's requirements apply to a variety of entities that engage in
small business lending, including depository institutions (i.e., banks,
savings associations, and credit unions), online lenders, platform
lenders, CDFIs, Farm Credit System lenders, lenders involved in
equipment and vehicle financing (captive financing companies and
independent financing companies), commercial finance companies,
governmental lending entities, and nonprofit nondepository lenders.
Subpart B does not cover motor vehicle dealers.\287\ Section
1002.105(b) defines the term covered financial institution as a
financial institution that originated at least 100 covered credit
transactions for small businesses in each of the two preceding calendar
years. Only financial institutions that meet this loan-volume threshold
are required to collect and report small business lending data under
subpart B.
---------------------------------------------------------------------------
\287\ Regulation B does not apply to a person excluded from
coverage by section 1029 of the Consumer Financial Protection Act of
2010, title X of the Dodd-Frank Wall Street Reform and Consumer
Protection Act, Public Law 111-203, 124 Stat. 1376, 2004 (2010).
---------------------------------------------------------------------------
Business and small business definitions (Sec. 1002.106). Section
1002.106 adopts the SBA's definitions of ``business concern or
concern'' and ``small business concern'' as set out in the Small
Business Act and SBA regulations. Notwithstanding the small business
size standards established by SBA regulations, for purposes of subpart
B, a business is a small business if its gross annual revenue is $5
million or less for its preceding fiscal year. The SBA Administrator
has approved the CFPB's use of this alternate small business size
standard pursuant to the Small Business Act. Every five years after
January 1, 2025, the need to adjust the gross annual revenue threshold
for inflation or deflation will be determined using the Consumer Price
Index for all Urban Consumers.
3. Compiling, Maintaining, and Reporting Small Business Lending Data
(Sec. Sec. 1002.107 Through 1002.111)
Compilation of reportable data (Sec. 1002.107). Section 1002.107
addresses several aspects of collecting data on covered applications
from small businesses. Section 1002.107(a) requires financial
institutions to compile and maintain the data points enumerated in
Sec. 1002.107(a)(1) through (20). These data points must be collected
and reported in accordance with the rule and the Filing Instructions
Guide that the CFPB will provide for the appropriate filing year.
Certain of these data points are or could be collected from the
applicant (or otherwise determined based on information from
appropriate third-party sources); other data points are based on
information within the financial institution's control. Appendix E
provides a sample data collection form for requesting protected
demographic information. Although the form reflects a number of legal
requirements applicable to collection, use of the form itself is not
mandatory. It is intended as an available implementation resource for
lenders, who can make use of it if they so choose.
Section 1002.107(c)(1) provides that covered financial institutions
must not discourage an applicant from responding to requests for
applicant-provided data and must otherwise maintain procedures to
collect such data at a time and in a manner that are reasonably
designed to obtain a response. Where data are collected directly from
the applicant, Sec. 1002.107(c)(2) identifies certain minimum
provisions that must be included within financial institutions'
procedures in order for them to be considered ``reasonably designed.''
The rule also addresses what financial institutions should do if,
despite having such procedures in place, they are unable to obtain
certain data from an applicant. Pursuant to Sec. 1002.107(b),
financial institutions are permitted to rely on information from the
applicant or appropriate third-party sources, although for most data
points if the financial institution verifies the information provided
it must report the verified information. Section 1002.107(d) permits
financial institutions to reuse certain previously collected data in
certain circumstances.
Firewall (Sec. 1002.108). Section 1002.108 implements section
1071's requirement that certain data collected pursuant to section 1071
be shielded from certain persons if feasible; the CFPB refers to this
as the ``firewall.'' Pursuant to Sec. 1002.108(b), if an employee or
officer of a covered financial institution or a covered financial
institution's affiliate is involved in making any determination
concerning a covered application from a small business, that employee
or officer is prohibited from accessing the applicant's responses to
regarding
[[Page 35177]]
protected demographic information requested under this final rule.
However, pursuant to Sec. 1002.108(c), this prohibition does not
apply to an employee or officer if the financial institution determines
that employee or officer should have access to the applicant's
responses to the financial institution's inquiries regarding the
applicant's protected demographic information, and the financial
institution provides a notice to the applicant regarding that access.
The notice must be provided to each applicant whose information will be
accessed or, alternatively, the financial institution may also provide
the notice to applicants whose responses will not or might not be
accessed. For example, a financial institution could provide the notice
to all applicants or all applicants for a specific type of product. The
CFPB is providing sample language that a financial institution can, but
is not required to, use for this notice.
Reporting of data to the Bureau (Sec. 1002.109). Section 1002.109
addresses several aspects of covered financial institutions'
obligations to report small business lending data to the CFPB. First,
Sec. 1002.109(a) provides that data must be collected on a calendar
year basis and reported to the CFPB on or before June 1 of the
following year. Section 1002.109(a) also addresses collection and
reporting requirements of subsidiaries of financial institutions and
reporting requirements of financial institutions where multiple
financial institutions are involved in a transaction. Second, the CFPB
lists in Sec. 1002.109(b) the information that financial institutions
are required to provide about themselves when reporting data to the
CFPB, including the financial institution's name, headquarters address,
contact person, Federal prudential regulator, institutional
identifiers, parent entity information, as well as information on the
type of financial institution it is, and whether it is reporting
covered applications voluntarily. Finally, Sec. 1002.109(c) addresses
technical instructions for the submission of data to the CFPB,
including information about the Filing Instructions Guide, which the
CFPB will provide for the appropriate year.
Publication of data and other disclosures (Sec. 1002.110). Section
1002.110 addresses several issues regarding the publication of small
business lending data. Section 1002.110(a) provides that the CFPB will
make available to the public, on an annual basis, the data submitted to
it by financial institutions. These data will be made available subject
to deletions or modifications made by the CFPB, if the CFPB determines
that such deletions or modifications would advance a privacy interest.
Part VIII below discusses the CFPB's preliminary assessment of how best
to determine appropriate pre-publication modifications and deletions,
particularly in light of re-identification risk to small businesses and
their owners. Section 1002.110(b) provides that the CFPB may compile
and aggregate data submitted by financial institutions and may publish
such compilations or aggregations.
Section 1002.110(c) requires a covered financial institution to
publish on its website a statement that its small business lending
data, as modified by the CFPB, are or will be available from the CFPB.
Section 1002.110(d) sets forth when a covered financial institution
shall make this statement available and how long the financial
institution shall maintain the statement on its website. These
requirements satisfy financial institutions' statutory obligation to
make data available to the public upon request.
Finally, Sec. 1002.110(e) prohibits a financial institution or
third party from disclosing protected demographic information, except
in limited circumstances. Section 1002.110(e)(1) prohibits a financial
institution from disclosing or providing to a third party the protected
demographic information it collects pursuant to the rule, except to
further compliance with ECOA or Regulation B or as required by law.
Section 1002.110(e)(2) prohibits a third party that obtains protected
demographic information for the purpose of furthering compliance with
ECOA and Regulation B from any further disclosure of such information,
except to further compliance with ECOA and Regulation B or as required
by law.
Recordkeeping (Sec. 1002.111). Section 1002.111 addresses several
aspects of the recordkeeping requirements for small business lending
data. First, Sec. 1002.111(a) requires a covered financial institution
to retain evidence of compliance with subpart B, which includes a copy
of its small business lending application register, for at least three
years after the register is required to be submitted to the CFPB
pursuant to Sec. 1002.109. Second, Sec. 1002.111(b) requires a
covered financial institution to maintain, separately from the rest of
an application for credit and accompanying information, an applicant's
responses to a financial institution's inquiries regarding the
applicant's protected demographic information. Finally, Sec.
1002.111(c) requires that, in compiling, maintaining, and reporting its
small business lending application register, as well as the separately
maintained protected demographic information pursuant to Sec.
1002.111(b), a financial institution may not include any personally
identifiable information concerning any individual who is, or is
connected with, an applicant.
4. Other Provisions (Sec. Sec. 1002.112 Through 1002.114)
Enforcement (Sec. 1002.112). Section 1002.112 addresses several
issues related to the enforcement of subpart B. First, Sec.
1002.112(a) states that a violation of section 1071 or subpart B is
subject to administrative sanctions and civil liability as provided in
sections 704 and 706 of ECOA. Second, Sec. 1002.112(b) provides that a
bona fide error in compiling, maintaining, or reporting data with
respect to a covered application is an error that was unintentional and
occurred despite the maintenance of procedures reasonably adapted to
avoid such an error. Such an error is presumed not to violate ECOA or
subpart B if the number of such errors do not exceed the thresholds set
forth in appendix F. Third, Sec. 1002.112(c) identifies four safe
harbors under which certain errors--specifically those regarding the
application date, census tract, and NAICS code data point, along with
incorrect determinations of small business status, covered transaction,
and covered application--do not constitute violations of ECOA or
subpart B. Relatedly, in part VII below, the CFPB discusses its
intention to consider, for financial institutions subject to the CFPB's
jurisdiction, good faith efforts to comply with the rule and will not
generally assess penalties for errors in data reporting. The CFPB will
conduct examinations on data during the grace period to assist
institutions in diagnosing compliance weaknesses.
Severability (Sec. 1002.113). Section 1002.113 provides that any
provision of subpart B, or any application of a provision, is stayed or
determined to be invalid, it is the CFPB's intent that the remaining
provisions shall continue in effect.
Effective date, compliance date, and special transitional rules
(Sec. 1002.114). Section 1002.114 addresses several issues related to
the rule's effective date, when covered financial institutions are
required to comply with the rule, and associated transitional rules.
Section 1002.114(a) provides that this final rule will become effective
90 days after publication in the Federal Register. However, pursuant to
Sec. 1002.114(b) compliance with the final rule is based on a tiered
compliance date schedule.
[[Page 35178]]
Compliance with the rule beginning October 1, 2024 is required for
covered financial institutions that originate the most covered credit
transactions for small businesses. However, institutions with a
moderate transaction volume have until April 1, 2025 to begin complying
with the rule, and those with the lowest volume have until January 1,
2026. Next, Sec. 1002.114(c) provides certain transitional provisions
that permit covered financial institutions to begin collecting
protected applicants' demographic information beginning 12 months prior
to their applicable compliance dates. Finally, Sec. 1002.114(c) also
permits financial institutions that do not have ready access to
sufficient information to determine their compliance tier (or whether
they are covered by the rule at all) to use any reasonable method to
estimate their volume of originations to small businesses for this
purpose.
D. High-Level and General Comments
1. High-Level and General Comments on the NPRM
High-level and general comments received on the NPRM are discussed
here, followed by a discussion of comments specifically addressing
implementation issues and comments regarding section 1071's overlap
with other data reporting regimes. Comments received on specific
aspects of the Bureau's proposed rule are discussed in the section-by-
section analyses that follow in this part V. Comments regarding the
privacy analysis are addressed in part VIII below, and regarding the
Bureau's analysis of impacts in parts IX through XI.
Comments Received
Support for section 1071's statutory purposes was nearly universal
amongst commenters, at least at a high level of generality. (See also
the section-by-section analysis of Sec. 1002.101 below.) The vast
majority of industry commenters praised the purposes of the rule, and
the intentions behind section 1071 and ECOA generally, while offering
criticisms of specific provisions of the proposed rule.
Broad support. A number of commenters offered general support for
the rule, including its scope and its purposes. For example, a trade
association stated its appreciation for the comprehensive nature of the
proposed rule, noting that the Bureau conducted extensive outreach and
worked at ensuring proper and effective rulemaking consistent with
legislative intent while allowing for technical improvements and
practical considerations. A community group stated that to achieve the
community development and fair lending purposes of the statute, the
data collected and reported under the rule needs to be comprehensive in
its coverage of lenders and must capture key credit underwriting
factors as controls for analyses of gender and racial disparities in
lending. The commenter also stated that the Bureau recognized that
annual disclosure of lending data by the vast majority of small
business lenders is a prerequisite for adequate oversight, given that
existing data are insufficient. The commenter further explained that
existing data consist of periodic surveys that are not usually lender
specific and that are inconsistent in the amount of detail provided on
key underwriting variables needed for analyses of community needs and
fair lending compliance.
A number of commenters offered more specific support for the rule's
purposes. One trade association noted that its members have been active
in the development of policy supporting section 1071, including
participation as small entity representatives during the SBREFA
process. A number of banks, a credit union, and several trade
associations expressed support for the statutory purposes of section
1071 and the Bureau's proposed rule. One trade association stated that
the NPRM was a key opportunity to explore lending data and expand
responsible small business lending, which was important to the
financial well-being in the communities served by its members, as well
as stability of the overall financial system.
A cross-sector group of lenders, community groups, and small
business advocates stated that it is critical to require lenders to
collect and report applicant data for as many small minority-owned and
small women-owned businesses as possible, to uphold congressional
intent and establish a comprehensive database.
Several commenters focused on the importance of the fair lending
purpose of section 1071. One trade association stated its unequivocal
agreement with the purpose of preventing discrimination on the basis of
ethnicity, race, and sex, and noted that CDFI lenders share the
Bureau's core value of protecting consumers by providing fair and
transparent financial products and services to all customers.
A number of commenters, including community banks, credit unions,
and trade associations, offered their appreciation for the stated
intentions of the rule in the NPRM--to support fair lending and
business and community development--but expressed concern about the
effect of the rule as proposed on lending and compliance costs. A bank
stated that, while it supported the statutory goals of section 1071,
the proposed rule would result in restricted, higher-priced credit for
the groups the proposal is meant to benefit. A trade association for
community banks likewise supported the proposed rule and the
congressional intent behind section 1071, but asserted it was necessary
to fine-tune specific proposed provisions to mitigate costs and ensure
small business lenders remain active, particularly those serving the
most underserved markets. Another trade association supported the goals
of the NPRM, but worried that the proposed would unduly burden credit
unions and would discourage them from offering business credit.
Broad criticisms. Some industry commenters expressed disagreement
with the enactment of section 1071 and therefore opposed the rule in
its entirety. One lender opposed the rule on the grounds that it
already complies with fair lending laws, and that the rule would force
a choice between compliance and market exit. Another argued that the
Dodd-Frank Act may have intended that section 1071 create a HMDA-like
data reporting mechanism, but warned that small business lending is not
``cookie-cutter,'' is not automated, and is highly relationship driven.
Another commenter claimed that it would be impossible to derive any
meaningful or statistically valid conclusions from a comparison of
small business loans.
A credit union stated that the publication of data collected and
reported pursuant to section 1071 would not permit it to better
identify its members' unmet small business lending needs aside from
confirming if there is a significant difference in the number of
business borrowers that are female or of a specific race.
One trade association noted that credit unions may only serve their
members and are limited by Federal statute in their ability to offer
business loans; as a result, data collected from them would not be
comparable to data collected from lenders without similar limitations
in who they may serve.
Other commenters, without specifically opposing the enactment of
section 1071, expressed more general concerns about the NPRM. Trade
associations for online lenders supported the policy goals of the NPRM
and also believed that modifications should be made to support
responsible innovation in banking without unintentionally stifling the
efficiency and innovation that digital lending
[[Page 35179]]
platforms can provide. A bank supported the enforcement of fair lending
laws and appreciated the Bureau's dedication to better supporting small
businesses, but was concerned about aspects of the NPRM. A One
commenter inquired as to why the Bureau, in charge of consumer
financial protection, was concerned with business loans, and claimed
that the Bureau was engaged in overreach.
The role of online lenders. Two trade associations suggested that
online and ``fintech'' lenders were important to expanding access to
financing, particularly for Black- and Hispanic-owned businesses. These
commenters expressed their support for greater transparency and
expanding access to sustainable and fair credit in small business
lending. They also asserted that women-owned and minority-owned small
businesses were disadvantaged in applying for small business lending at
traditional banks, and that nontraditional online lenders play a
crucial role in modernizing financial services and improving access and
outcomes for small businesses. One of the commenters noted that, in
particular, the use of artificial intelligence, machine learning, and
alternative data would expand lending to minority-owned small
businesses.
Uniqueness of small business lending. One bank stated that it was
hard to perform comparative analysis on small business loans because
they are unique and manually unwritten. Further, the commenter stated
that the absence of certain credit criteria or metrics--such as
collateral, loan-to-value, debt-to-income, debt service coverage ratio
and the like--in the data points to be collected by the rule could
cause reviewers of published data, such as consumer groups and agency
examiners, to draw incorrect conclusions on variances in rates and
terms of loans.
Data accuracy. A bank and a trade association asserted that the
Bureau's final rule should focus on ensuring the collection and
reporting of high-quality data that maximizes data accuracy and
reliability. These commenters noted that inaccurate, unreliable, and
poor-quality data could undermine the statutory purposes of section
1071, which the commenters said were to promote access to credit for
minority-owned and women-owned small businesses. They further stated
that poor data quality could also lead to misguided and factually
unsupported fair lending allegations, which could damage the
reputations of responsible lenders and subject them to unnecessary
investigative burdens and lawsuits, all of which could undermine the
Bureau's credibility and waste the Bureau's time and resources. Based
on these premises, the commenters sought the elimination of certain
provisions which they believed would undermine the collection of
accurate, reliable, high-quality data (discussed in the applicable
section-by-section analyses that follows).
Specific uses of small business lending data. Two trade
associations urged the Bureau to explain how it would use the data
collected under this rule, including how it would analyze data
collected by the rule. One claimed that the NPRM did not outline
potential uses for small business lending data, and asserted that the
Bureau should provide notice and comment on potential uses of the rule,
even after the issuance of the final rule. The commenter stated that it
is important for the Bureau to issue guidance on how it plans to
analyze data reported under the rule, including how it will assess
whether lenders appropriately serve relevant markets, which can vary
significantly by lending product.
The other commenter stated that the Bureau should clearly indicate
how implementing the proposed framework will advance fairness and
understanding of small business credit needs, that requirements should
tie to satisfying stated objectives and designed no more broadly than
necessary to reduce unnecessary costs to small business lenders. The
commenter stated its belief that by clearly indicating how it will use
data it collects, including whether and how it will make such
information public, the Bureau will allow stakeholders to assess better
the costs and benefits of the overall framework. Additionally, the
Bureau should carefully consider potential unintended consequences--
especially related to data publication--that could reduce small
business credit access and chill further innovation aimed at better
serving small businesses.
Responses to Comments Received
The Bureau agrees with the general comments made in favor of
keeping the scope of the proposed rule broad. In general, the Bureau
believes that broad coverage of institutions and products as requested
by a number of commenters is consistent with the statutory purposes of
section 1071. The Bureau does not believe that a more limited approach
to scope--including the various limitations on the coverage of certain
types of financial institutions and products--would be consistent with
the statutory purposes of section 1071. The Bureau addresses these
issues directly in the section-by-section analyses of proposed
Sec. Sec. 1002.104 and 1002.105 below.
Broad support. Regarding the comment on the scope of the rule, that
the Bureau should continue to monitor U.S. Census data to ensure that
its definition of small business in this rule continues in the future
to be inclusive enough such that the proportion of non-small minority-
owned businesses do not exceed 1 percent of all businesses, the Bureau
believes that its adoption of an inflation-adjustment for the gross
annual revenue threshold in the definition of small business under
Sec. 1002.106(b) should help ensure that, over time, the proportion of
businesses covered by the rule does not decline. In any case, the
Bureau will monitor data concerning the prevalence of small businesses
in the context of the economy at large.
Broad criticism. Regarding the comment of a lender that it already
complies with fair lending laws, the Bureau notes that continuing
enforcement of fair lending laws, and tools such as this data
collection rule that facilitate such enforcement, remains necessary
because while the commenter may comply with fair lending laws, some
lenders may not and a subset of those may repeatedly violate fair
lending laws. Additionally, enabling identification of business and
community development needs and opportunities is an independent purpose
of the statute. Compliance with fair lending laws does not necessarily
permit creditors, communities, and governmental entities to identify
business and community development needs and opportunities. As to the
assertion that the rule would force a choice between compliance and
market exit, the Bureau's decision to increase the originations
threshold from 25 to 100 transactions will mitigate any risk of such
disruptions, even if slight or speculative. Regarding the comment that
small business lending is more individualized and highly relationship
driven, the Bureau agrees this is true for much small business lending
and the final rule is crafted to acknowledge this, as discussed in the
section-by-section analyses that follow. But that does not prevent
small business lending data from facilitating fair lending enforcement
and identifying business and community development needs and
opportunities.
As to comments that quarrel with the statutory mandate and question
the utility of the data in general terms, the Bureau is bound by the
statute and congressional intent. Additionally, many described
potentially helpful uses of the data.
[[Page 35180]]
Regarding the assertion that the Dodd-Frank Act was only intended
to regulate larger institutions, and that smaller lenders should be
exempted from the rule to avoid harming those the Act was intended to
protect, the Bureau notes that while much of the Dodd-Frank Act
explicitly addresses larger entities, section 1071 does not contain
such limitations. Nonetheless, Bureau has made changes in the final
rule in response to public comment that will have the effect of
reducing compliance burden on small lenders. For example, the Bureau
has raised the coverage threshold from 25 to 100 originations for
purposes of determining which financial institutions must comply with
the rule, provided longer compliance periods for lenders with lower
volumes of small business lending, and provided for a variety of safe
harbors and a good faith error provision which will provide some leeway
to smaller-volume lenders. The Bureau implemented these changes in the
final rule to limit its impact on institutions with lower volumes of
lending to small businesses. The Bureau has also complied with the
Dodd-Frank Act requirements under SBREFA and the RFA to assess and
mitigate any impact on smaller financial institutions.
The Bureau addresses the effect of the rule on lending and
compliance costs, in its impact analyses in parts IX and X below.
Regarding the commenter that stated that the rule would not meet its
purposes and would result in restricted, higher-priced credit to the
very groups the proposal is meant to benefit, the Bureau's analysis
suggests that any changes in the cost of credit would be small and
unlikely to lead to a significant change in the per-unit cost of loans
to individual applicants even from the smallest lenders. The Bureau has
made various changes from the proposal in finalizing this rule intended
to mitigate costs for smaller-volume lenders serving small businesses
in response to comments expressing concern that credit unions and other
financial institutions remain active small business lenders.
Regarding the concern that data from credit unions would not be
comparable to data collected from other kinds of lenders, the Bureau
observes that, under Sec. 1002.109(b), lenders must provide
information on financial institution type. Credit unions thus must
self-identify themselves in submitting data to the Bureau, and the
various limitations on lending by credit unions can be taken into
account in analyses of data collected and reported under this rule.
Regarding the comment that the rule should be modified to support
responsible innovation in banking without unintentionally stifling the
efficiency and innovation that online lenders may provide, the Bureau
agrees that it does not wish to stifle responsible innovation. The
Bureau has endeavored to be responsive to these concerns in the final
rule; to the extent that specific concerns were raised, they are
addressed in other provisions of this preamble. Regarding the comment
that the rule as proposed was too complex even for most forward-
leaning, technologically adept financial institutions, the Bureau
disagrees, noting that while this rule is new, it is not dissimilar to
other similar data collection regulations in complexity, such as those
for HMDA, CRA, and the CDFI Fund. Further, the Bureau has made a number
of changes to this final rule to make compliance easier for smaller-
volume lenders, or to exclude them from reporting requirements
entirely.
Regarding the comment asserting that the Bureau was overreaching by
regulating business loans, the Bureau notes that section 1071
explicitly requires the Bureau promulgate a rule to collect data on
applications for business credit.
The role of online lenders. Regarding assertions made that nonbank
online lenders were important to expanding access to financing for
Black- and Hispanic-owned businesses in particular, that traditional
lenders provided fewer loans to women-owned and minority-owned small
businesses, and that technology improved access and outcomes for small
businesses, the Bureau believes that the broader conclusion to draw
from these assertions is that the data that will be collected under
this rule is needed to assess and further analyze such claims.
Uniqueness of small business lending. Regarding the comment that it
is not possible to perform comparative analysis on small business loans
because they are unique and manually unwritten, the Bureau disagrees.
Other commenters, as set out in the section-by-section analysis of
Sec. 1002.101, stated that the data points proposed in the NPRM are
fulsome and can contribute to sophisticated analysis and comparison of
small business loans. Regarding the comment that the Bureau cannot make
comparisons absent additional credit metrics beyond those it proposed
to collect and that other reviewers of published data could draw
incorrect conclusions, the Bureau does not agree that additional credit
metrics are necessary in order to draw meaningful analyses from the
data. While the Bureau believes, all things equal, that additional data
points would enrich the analysis for users of the data, the Bureau also
believes that certain of these metrics can be derived, at least in
part, from other data points, and it notes that other commenters
varyingly opposed any data points proposed pursuant to ECOA section
704B9(e)(2)(H) or requested that the Bureau collect as few data points
as possible. Industry comments were also contradictory on this point;
while many commenters suggested the Bureau had proposed too many data
points, commenters also asserted that the Bureau was not collecting
enough data to draw proper conclusions. The Bureau believes its final
rule strikes an appropriate balance between comprehensiveness and
minimizing burden and complexity to financial institutions.
Data accuracy. Regarding comments that the final rule should focus
on ensuring the collection and reporting of high-quality data, the
Bureau agrees. To this end, it has adjusted various provisions in the
final rule in response to comments received. In addition, other
changes, while made for other reasons, render moot certain comments on
accuracy concerns. For example, the decision not to finalize the
proposed visual observation and surname requirement, discussed in the
section-by-section analysis of Sec. 1002.107(a)(19)), moots the
relevance of comments about the accuracy of visual observation.
Specific uses of small business lending data. Regarding the comment
that the Bureau should have explained and provided an opportunity for
notice and comment for its intended uses of the data collected under
this rule, the Bureau disagrees, both that it did not explain what the
data would be used for, and that it is obligated to identify specific
uses of the data or to provide the public an opportunity to comment on
proposed specific uses of the data. Initially, section 1071 itself
establishes the intended purposes and uses of the collection and
publication of the data--namely, the facilitation of fair lending
enforcement and the identification of business and community
development needs and opportunities. Next, while section 1071 requires
the Bureau to collect and publish data on small business lending
applications, it does not require the Bureau to identify its intended
uses of the data. Moreover, even if the Bureau articulates specific
uses of the data, as the statute explicitly provides, the Bureau is not
the only intended user of the data. Enforcement of fair lending laws
includes ECOA, which is enforced not only by the Bureau but by many
other Federal
[[Page 35181]]
agencies.\288\ Further, for purposes of identifying business and
community development needs and opportunities, the statute specifically
names communities, governmental entities, and creditors as potential
users of the data collected under this rule. Thus, even if the Bureau
disclosed its intended uses--which could change over time depending on
the data received and the needs identified--other stakeholders could
make different use of the data.
---------------------------------------------------------------------------
\288\ See 15 U.S.C. 1691c (listing Federal agencies with
authority to enforce ECOA), 1691e (providing private attorneys, the
Department of Justice, and the Department of Housing and Urban
Development the authority to bring civil suits to enforce ECOA).
---------------------------------------------------------------------------
Regarding comments about how the Bureau intends to make the data
public, including whether and how it will make such information public,
and that the Bureau should carefully consider potential unintended
consequences especially related to data publication, the Bureau
describes its intended privacy analysis in part VIII below. Regarding
concerns that the Bureau might reduce small business credit access and
chill further innovation aimed at better serving small businesses, the
Bureau has considered various comments concerning access to credit and
innovation, which it addresses throughout the section-by-section
analyses below.
2. Comments Regarding Implementation
Comments Received
Several commenters said that the Bureau should provide additional
implementation or guidance resources about the final rule, specific
parts of the rule, or regarding how the rule applies in specific
situations. Some of these commenters requested specific forms of
guidance or specific resources, such as frequently asked questions,
guides, or templates. One commenter said that the final rule should
have a table of contents. Some commenters said that the Bureau should
provide training on collecting and reporting data or training on how to
comply with the rule generally. One commenter said the Bureau should
develop a data literacy program. Another commenter said that the Bureau
should use all of its available tools to educate and support lenders
and their vendors, including no-action letters, advisory opinions,
webinars, guides, and other materials.
Some commenters requested specific content in implementation and
guidance resources. Many commenters requested additional guidance on
specific requirements or data points, and those comments generally are
addressed in the relevant section-by-section analyses later in this
part V. Additionally, one commenter said that the Bureau should develop
materials showing how to do the research needed to find appropriate
regulation sections and related commentary. The same commenter said
that implementation and guidance resources should provide examples.
Another commenter said that implementation resources should address
matters not typically addressed in supervision guides. A few other
commenters said that implementation materials should be detailed and/or
comprehensive.
A few commenters said that implementation materials and guidance
should be provided at specific points in time. Two commenters requested
that the Filing Instructions Guide be provided at least six months
before data collection is required, and another commenter said that the
Filing Instructions Guide should be provided early in the
implementation process. This commenter also said that the compliance
date should take into account the delayed availability of the Filing
Instructions Guide. A different commenter said that guidance should be
provided before, during, and after the compliance date.
A few commenters said that the Bureau should develop outreach
programs or provide additional access to Bureau staff to address
questions or issues that arise during implementation of the rule. One
commenter said that the Bureau should commit to a formal request for
comments on all facets of implementation and compliance with the rule.
This commenter also said that the Bureau should dedicate staff to
provide definitive answers to industry members that contact the Bureau
and that it should not be possible for community banks to be criticized
or penalized for following the instructions or answers obtained from
Bureau staff. Another commenter said that, during the implementation
period, the Bureau should regularly communicate with vendors and
covered financial institutions and consider reasonable extensions of
the rule's compliance date if issues that could affect industry
preparedness arise.
Another commenter said that the Bureau should create a compliance
liaison office that has the primary goal of supporting industry in
their regulatory submissions and fair lending analyses. This commenter
said that this liaison office would require multiple types of
specialists in order to function properly and would need ties to other
teams so that feedback loops work properly. This commenter further said
that questions on specific data entry topics should be saved and
communicated to the Office of Regulations and others at the Bureau. The
commenter said that Bureau guidance provided to individual industry
members should be converted into frequently asked questions and tagged
for purposes of amending existing regulations. The commenter further
said providing verbal guidance is helpful, but slow, and potentially
inconsistent. This commenter also alleged that the Bureau does not
track data related to questions received and asserted that such lack of
tracking limits the responsiveness of the Bureau in adapting
regulations to properly include current industry practices. A different
commenter said that the Bureau should consider holding a series of
public meetings or hearings to take testimony from small businesses,
lenders, and trade associations regarding the impact that
implementation of the proposed rule will have on each group as well as
on the privacy risks inherent in the proposed data collection and
public reporting by the Bureau.
Finally, there were two comments on supervision and enforcement
related issues. These commenters said that the Bureau should coordinate
with other Federal agencies to develop model examination procedures in
advance of the Bureau publishing a final rule. One of these commenters
further predicted that, absent a clear description of the methodologies
that might be employed to perform fair lending analysis, there would
likely be a period where prudential regulators' examination
expectations are in flux and, perhaps, materially inconsistent.
Responses to Comments Received
The CFPB aims to provide a wide variety of guidance about the
legislative rules it issues pursuant to the Administrative Procedure
Act. Although this guidance may include materials such as advisory
opinions, interpretive rules, and general statements of policy, the
CFPB's guidance more often includes other materials and activities that
generally reiterate requirements or positions that previously have been
announced in a legislative rule or elsewhere (hereinafter
``implementation resources''). These implementation resources include
such documents and materials as rule summaries, compliance guides,
checklists, factsheets, frequently asked questions, institutional and
transactional coverage charts, webinars, and other compliance aids
directed to regulated entities, the general public, or agency staff
(e.g., staff manuals). In recent years, the CFPB has
[[Page 35182]]
developed a process for preparing and releasing these implementation
resources. For rules such as this one, the CFPB generally engages in a
phased approach and attempts to provide various implementation
resources throughout the implementation period and for some period
after the compliance date.
The CFPB has provided, simultaneously with this rule's release, a
Filing Instructions Guide, an executive summary, and other resources to
help financial institutions understand and comply with the final rule.
These materials are available on the CFPB's website.\289\
---------------------------------------------------------------------------
\289\ See https://www.consumerfinance.gov/compliance/compliance-resources/small-business-lending-resources/small-business-lending-collection-and-reporting-requirements.
---------------------------------------------------------------------------
Additionally, the CFPB is planning to release a Small Entity
Compliance Guide. This Small Entity Compliance Guide will provide a
detailed and comprehensive summary of the rule's requirements, will
include examples, and will be separate from and different than any
examination manuals or other supervisory materials. The CFPB also
anticipates providing other written implementation resources to assist
industry, vendors, and others. When providing implementation resources,
the CFPB will consider all of its available tools and select the tool
that it believes is best suited to the content that the CFPB is
addressing in the guidance as well as the timing of the guidance.
Individuals who would like to be notified when the CFPB releases
additional implementation resources or other guidance can sign up to
receive notifications. However, with regard to one commenter's request,
the CFPB does not anticipate developing materials attempting to show
members of industry how to conduct research. The CFPB believes that
such materials are outside the scope of the CFPB's implementation and
guidance function and are regularly provided by other sources.
With regard to the comments addressing outreach, the CFPB notes
that it has and anticipates that it will continue to engage in ongoing
outreach related to this rulemaking. As discussed in part III above,
the CFPB engaged in considerable outreach to industry and other
stakeholders in the years leading up to issuing this final rule, and
intends to continue to engage with industry, along with vendors and
other stakeholders, as they prepare to comply with the rule. With
regard to one commenter's request that the CFPB hold a series of public
meetings or hearings to take testimony from small businesses, lenders,
and trade associations regarding the impact that implementation of the
proposed rule will have on each group prior to issuance of the final
rule, the CFPB did not believe this was needed given the number of
substantive comment letters it received and the opportunity provided to
stakeholders to submit comments on the proposed rule and its potential
impact. Nonetheless, as described in part III.B above, the CFPB has
been conducting technical outreach with third-party software providers
that serve financial institutions and software and technology staff
from financial institutions that are likely to have to report small
business lending data to the CFPB. With these software vendors and
technical staff, the CFPB has held and, after publication of this final
rule, will continue to hold discussions concerning the technical
systems and procedures the CFPB will provide for financial institutions
to submit data. The CFPB expects that its outreach efforts will provide
a channel of communication for industry, vendors, and other parties to
constructively provide feedback on the CFPB's existing implementation
resources as well as provide direction for future implementation
resources.
As set out in more detail above, some commenters said that the CFPB
should provide staff to address questions or issues that arise during
implementation of the rule. One commenter suggested that the CFPB
develop a compliance liaison office. Similar to what it has done with
inquiries about HMDA/Regulation C, the CFPB anticipates that it will
use its regulatory inquiries function to assist individual inquirers
who have specific questions about the rule or how to submit data
pursuant to the rule. This function is designed to provide inquirers
with brief, informal assistance on regulatory or technical issues.
However, in part because of Administrative Procedure Act constraints,
the CFPB cannot provide binding or official interpretations through
this informal function. In addition, there are other limits on the
regulatory inquiries function and on the CFPB's other implementation
resources. For example, the CFPB does not provide legal advice through
the regulatory inquiries function.
In addition, the CFPB already reviews the inquiries it receives and
uses information gleaned from those reviews to help the CFPB prioritize
provision of various other types of guidance. Thus, when the CFPB
receives multiple individual inquiries about the same topic, the CFPB
often prioritizes that topic for webinars and various forms of written
guidance, potentially culminating in revisions to the Official
Interpretations or the regulatory text after a notice-and-comment
process. Thus, as requested by one commenter, the CFPB already tracks
data regarding the inquiries it receives and, as appropriate given the
nature of the inquiries and the CFPB's resources, uses them as a basis
for frequently asked questions, other implementation resources, or
other action. The CFPB anticipates doing the same with inquiries
received about this rule.
With regard to the comments related to supervision, the CFPB notes
that it will coordinate with other Federal agencies to develop
examination procedures in connection with the rule, and anticipates
publishing such procedures in advance of the rule's first compliance
date.
3. Comments Regarding Overlaps With Other Data Reporting Regimes
Comments Received
General comments. Several commenters cast the overlap between this
rule and other Federal data collection rules in a positive light. A
community group and a CDFI lender observed that small business lending
data are collected piecemeal and haphazardly across multiple agencies--
including the Federal bank agencies, the SBA, and the CDFI Fund--and
that this rule could be used to consolidate small business lending data
reporting across agencies to reduce administrative burden by satisfying
requirements across programs for various CRA and fair lending uses.
Two commenters noted that the existence of other data collection
regimes, including Federal reporting requirements and private-sector
reporting (such as HMDA; the SBA 7(a), 504, and Community Advantage
Loan programs; CDFI Fund reporting; the Wells Fargo Diverse Community
Capital Program; and the Paycheck Protection Program) suggested that
compliance with this rule is feasible because these other data
collections make this rule well-understood in conceptual,
technological, and procedural terms. One commenter noted that these
other data collections cover all but three of the data points in the
NPRM (application method, application recipient, and denial reasons).
Several commenters stated their appreciation for the Bureau's
attempts to harmonize this rule with others and avoid duplicative data
reporting. One bank noted that avoiding duplicative reporting was
critical for community banks, for which even slight differences in
reporting rules would be
[[Page 35183]]
burdensome, taking away from time that could be spent with customers.
Many other commenters, including lenders, trade associations, a
business advocacy group, and a group of State banking regulators, noted
the overlap between this rule and other data collection regimes, and
requested that the Bureau harmonize this rule with other similar data
reporting regulations, with which lenders were familiar, to minimize
challenges, complexity, duplication, potential burden on lenders, and
potential errors in the data. These commenters named HMDA/Regulation C,
CRA, FFIEC Call Reports, Regulation B/ECOA, and FinCEN's Beneficial
Ownership Rule as specific examples of other rules that the required
harmonization with this rule and that, in many cases, the Bureau itself
identified as overlapping.
Commenters argued that, by borrowing from existing frameworks or
systems, the Bureau could reduce complexity and facilitate industry
compliance, allowing financial institutions to leverage existing
processes, training and institutional knowledge. For instance, some
commenters suggested that the thresholds in this rule be aligned with
those of HMDA and CRA. Other commenters suggested that the Bureau could
adopt the framework in FinCEN's beneficial ownership rule for this
rule's method of determining minority-owned and women-owned status,
rather than layering on a new definition of ``primary owners,'' which
they suggested would add unneeded complexity to the loan origination
process.
Industry commenters also asserted that by aligning this rule with
existing rules, such as HMDA and CRA, the Bureau could avoid imposing
inconsistent or duplicative reporting requirements to avoid errors from
regulatory confusion and urged the Bureau to avoid requiring lenders to
report different data for the same transaction.
Several other commenters identified other concerns with overlapping
reporting. One bank noted that, while the Bureau tried to harmonize its
requirements with other rules, even slight deviations between rules
cause problems, which may confuse customers and make them more likely
to refuse to provide data. Another bank noted that some HMDA and CRA
data aggregation and submission systems rely upon identifiers to
separate and process these different datasets, which the bank suggested
was another reason to keep loans reportable under this rule separate
from those reportable under HMDA.
A number of industry commenters and a group of State banking
regulators requested that the Bureau not require financial institutions
that already report data to duplicate their work. One stated that banks
already report a significant amount of data to prudential regulators,
and that the Bureau should eliminate duplicative reporting. Other
commenters asked that the Bureau work with Federal agencies to align
this rule with the FFIEC Call Report, and CRA and HMDA regulations to
avoid duplication, reduce compliance burden, and reduce the potential
for data errors. Two banks urged the Bureau to exempt loans reportable
under other data reporting regimes, such as HMDA- and CRA-reportable
loans. Another noted that its staff is trained on the established
requirements of HMDA and CRA, and that removing duplicative or
inconsistent requirements would reduce compliance costs, providing
savings that could be passed on to the borrowers. Two community-
oriented lenders suggested that the Bureau exempt all credit
applications under Federal agency programs, as the data points proposed
in this rule are already collected by that loan program's oversight
agency (i.e., SBA, USDA, etc.).
Two industry commenters suggested that the Bureau should first use
existing small business lending data published by the government and
private sector before collecting additional data, thereby assessing the
small business finance market without negatively impacting providers of
capital to entrepreneurs. One bank asserted that the Bureau itself
admitted it had enough data to analyze the small business lending
market, and that the rule should focus on collecting data from non-
depository institutions, as it would be duplicative to collect data
from depositories, which provide data via the FFIEC and NCUA Call
Reports and already have a history of being regulated.
Some industry commenters generally requested that the Bureau work
out inconsistencies between this rule and other data collection
regimes. Some offered more specific requests for harmonization. One
suggested more alignment in terms of scope, coverage and exemptions
between this rule, HMDA and CRA. Another commenter identified
inconsistencies with existing Regulation B, citing the difference
between its small business definition ($1 million or less in revenue)
and the NPRM's proposed definition ($5 million or less). A CDFI lender
observed that CDFIs report lending activity to the CDFI Fund, SBA, CRA,
Opportunity Finance Network's annual member survey, and credit
reporting agencies, and requested that the Bureau standardize data
formats to match those used in CDFI Fund reporting to streamline data
collection and minimize burden on CDFIs.
HMDA. A number of commenters identified overlap between this rule
and HMDA/Regulation C, and noted that duplicative data would published
in two places. Some industry commenters requested that the Bureau avoid
inconsistent and duplicative reporting by excluding from HMDA reporting
transactions reportable under this rule. Two trade association
suggested a parallel rulemaking to amend Regulation C, timed with the
release of this final rule.
On the other hand, other commenters suggested that HMDA-reportable
loans should be excluded from this rule to avoid duplicative reporting,
undue compliance burden, and regulatory confusion. A business advocacy
group noted that the Bureau itself identified the overlap between HMDA-
reportable loans and loans covered by this rule. A trade association
suggested the Bureau could narrowly tailor an exemption by apply the
rule only to financial institutions that report data under HMDA,
without an exclusion for HMDA-reportable loans by lenders that are not
HMDA reporters, arguing that a narrowly tailored exclusion would serve
the statutory purposes of the rule because commercial mortgage loans
for small businesses would be captured under HMDA or this rule. A bank
believed that duplicative reporting of HMDA-reportable applications did
not serve the statutory purposes of the rule. A large bank disagreed
with the Bureau's assertion that excluding HMDA-reportable transactions
from this rule would add complexity to the analysis of data by
requiring lenders to find and delete HMDA-reportable transactions from
its submission to the Bureau; the bank argued that duplicative
reporting was more complex. One lender stated that farm credit data are
already collected from Farm Credit System lenders subject to HMDA.
A number of commenters identified, generally, inconsistencies
between the proposed requirements for this rule and those of HMDA/
Regulation C. Many industry commenters pointed out that many proposed
data points in the NPRM would be similar to data points in Regulation
C, and expressed concern that any differences in reporting requirements
for these data points would lead to confusion and data errors. Two
trade associations asserted that the overlap in data would create
significant
[[Page 35184]]
and needless complexities for covered lenders, and noted that there
were inconsistencies between the rules despite the Bureau's attempts to
limit them.
Several lenders requested that the Bureau harmonize this rule with
Regulation C to the extent possible if no exemptions were possible. A
large bank asked that the Bureau harmonize several data points--action
taken, application date, and ethnicity, race, and sex of principal
owners--because lenders would be able to collect these data just once
for each small business applicant, increasing efficiency in the
application process and facilitating compliance.
Some commenters addressed overlap between specific data points
proposed in the NPRM and existing data point requirements under
Regulation C. A number of industry commenters noted that for census
tract, HMDA uses the tract where collateral is located while the Bureau
proposed to use a waterfall approach of several addresses. Two lenders
pointed out that HMDA does not have the firewall requirement proposed
for this rule in the NPRM; one of these commenters suggested that the
final rule follow the HMDA approach (no firewall) for HMDA-reportable
loans.
On the reporting of ethnicity, race, and sex of principal owners,
two lenders noted that this rule and HMDA offer different answer
choices. One of the commenters noted that lenders would provide two
separate questionnaires regarding ethnicity, race, and sex for a single
loan application, which could confuse applicants and make them decline
to answer either one.
Several lenders noted that the proposed visual observation and
surname provision, which does not require its use to determine the sex
of a principal owner, was not aligned with the visual observation and
surname requirement under Regulation C, which does require its use to
determine the sex of a mortgage applicant. One stated that this
disparity would cause confusion and errors in data collection. Another
stated that for a loan application covered by both rules, the disparity
would mean complying with one rule and violating the other.
Regarding credit purpose, a bank noted that a loan to a small
business to purchase, improve, or refinance an apartment building would
require different information to be collected and reported under both
rules.
On action taken, one bank noted a disparity between the approaches
of the proposed rule (one option for ``incomplete'' as an action taken)
and of Regulation C (two different incompleteness options--one for a
loan denial and the other for file closure) that it believed would
cause difficulty, despite agreeing with the proposed rule's approach.
Another bank noted that the proposed rule would require collection of
gross annual revenue for the past fiscal year, while Regulation C
requires the income used for the credit decision.
Community Reinvestment Act. A number of commenters noted the
similarities between the small business and small farm data collected
under CRA and this rule and suggested eliminating duplication. One
community group stated that the data for this rule should replace CRA
data, noting that this rule could replace the inconsistent, duplicative
and inefficient collection of small business lending data with a
comprehensive database. The commenter stated that lenders and community
groups both would prefer to consult with one database than to contend
with two or more that are collected annually, and that this rule is
likely to capture more data than the current CRA system. A bank
suggested eliminating CRA reporting requirement as data collected under
this rule would duplicate and surpass the CRA data points, but would
not be interoperable as each rule would require different formatting,
rounding, or coding. A minority business advocacy group and a joint
letter from community and business advocacy groups requested that 1071
data be used for CRA examinations, just as HMDA data are. These
commenters noted that current small business small farm data for CRA
examinations is limited and not a good indication of whether lenders
serve the most vulnerable businesses, and that the more robust dataset
to be collected under this rule would be a better indicator.
One bank asked that the Bureau work with other Federal regulators
to eliminate duplication with CRA data reporting, noting that CRA data
already provides a good picture of lending to small business including
agriculture. Another bank suggested that the Bureau, rather than create
a new data collection requirement, exempt federally insured
depositories and work with other Federal regulators to enrich existing
CRA reporting to include the data the Bureau wants to collect under
section 1071. The commenter noted that insured depositories already
have robust CRA reporting systems, and generally already collect and
report data required by the NPRM to meet CRA obligations. The bank
stated that the use of CRA systems to report 1071 data would result in
the faster delivery of information the Bureau needs at lower cost to
reporters. The bank also suggested that the CFPB should focus this rule
on non-depository institutions that do not now have robust reporting
requirements. The commenter also stated that institutions are already
comfortable with CRA reporting and understand how regulators use such
information, but noted that they did not understand how data collected
pursuant to section 1071 would be used and was concerned the Bureau
would use it to retaliate and micromanage lenders, as it did in the
consumer lending space.
A number of lenders asked that the Bureau work collaboratively with
the prudential regulators to eliminate inconsistencies and duplication
with CRA data reporting. A CDFI lender asserted that successful
implementation of this rule would necessitate coordination of data
requirements and encouraged the Bureau to coordinate with the CRA
agencies to align rules to ensure that lenders covered by CRA continue
to meet credit and community development needs of small businesses,
particularly those owned by women and minorities. One bank noted that
duplicate and inconsistent requirements would increase the compliance
burden on lenders as well as data errors, and that inconsistent data
reporting would require more resources without adding value. A bank
stated that inconsistent definitions could cause community stakeholders
to misinterpret data and draw incorrect conclusions regarding a
lender's performance.
One bank supported a more streamlined approach taking advantage of
existing CRA processes and definitions to reduce costs and burdens
related to this rule, which in turn would ease burdens on lenders and
reduce costs that would ultimately be passed on to the borrower.
Another commenter suggested that the Bureau work closely with the
agencies working on the modernization of CRA rules to reduce
duplication and the friction caused by differences between the rules.
A number of commenters identified specific areas of inconsistency
between the CRA and this rule. Several banks and a trade association
noted that the small business definition proposed in the NPRM,
businesses with gross annual revenue greater than $5 million, was
inconsistent with the CRA definition, which included an asset threshold
and originated loans less than $1 million. One bank stated that this
discrepancy was likely to cause staff confusion and possible data
integrity issues. A trade association requested that the Bureau adopt
the CRA's small business definition using a loan size of $1 million
[[Page 35185]]
and other Federal laws to create alignment for those lenders that
already comply with existing regulations, and that a focus on
businesses with $1 million in revenues would support the Bureau's goal
of promoting small business lending in underserved areas to underserved
small businesses, that are more likely to be closer to $1 million
rather than $5 million in revenue. Two banks stated that banks may
receive more CRA credit for small business loans originated to
businesses with $1 million or less in gross annual revenues.
Several commenters noted that the rule proposed a waterfall
approach to using addresses to determine census tract, while CRA
regulations inquire only about where loan funds are used. One bank
commented that this meant that a single loan could result in the
reporting of different census tracts for purposes of the two rules.
Another bank suggested that a better way to achieve consistency with
CRA was to allow lenders reporting under this rule to choose which of
the three addresses to use and require the institution to report which
address type it used.
Some industry commenters noted that the Bureau reduce its gross
annual revenue threshold for its small business definition under this
rule from $5 million to $1 million to align with CRA. A trade
association noted that the $1 million threshold would align with the
threshold for FFIEC Call Reports and for existing Regulation B, which
requires tracking of loans to businesses with $1 million or less in
revenue for purposes of sending adverse action notices under Sec.
1002.9(a)(3). The commenter also stated that using this threshold would
also mean that other data from this rule could be compared with CRA
data, leading to a better evaluation of a bank's small business lending
performance.
One bank stated that a discrepancy between this rule and CRA on the
revenue threshold could lead to errors, given the many manual processes
still used. Another bank asserted that a $5 million threshold would
capture applications from businesses it did not consider small.
Several trade associations claimed that the proposed rule did not
treat renewals and extensions the way CRA regulations do.
SBA. Several commenters stated that SBA-reportable loans should be
exempt from the rule, including loans under the SBA 7(a) and 504
programs. One commenter stated that the Bureau should work with SBA to
select reportable data elements and then obtain them from the SBA on
loans and application denials to ease the reporting burden of SBA
lenders, and that the majority of applications are already captured by
third-party lending partners in the 504 program.
One bank stated that the Bureau's proposed small business
definition is too broad and may capture entities that are not true
small businesses. The commenter originated many multi-family loans to
entities formed for the sole purpose of investing in real estate, not
to run a small business, and asserted that the proposed definition
would capture entities not consistent with SBA's definition of small
business based on number of employees by industry and would be
consistent with the spirit of section 1071, and that this would skew
data.
FinCEN. One bank stated that data reported under this rule would be
better provided through other means, such as FinCEN's recent business
database and registry.
CDFI Fund. Some commenters, including a number of community-
oriented lenders and community groups, stated that the Bureau should
work with the CDFI Fund to streamline integrating the data from this
rule with that of the CDFI Fund. Several commenters stated that new
requirements from the CDFI Fund will likely expand transaction level
reporting requirements to all certified CDFIs. One CDFI lender noted
that the CDFI Fund's review and improvement to its current annual
reporting process could create an opportunity to harmonize its
definition, types of data collection, and timing of reporting with the
Bureau. Another CDFI lender stated that the Bureau should work with the
CDFI Fund to ensure that reporting requirements are aligned; CDFIs are
currently required by Federal law to collect, maintain, and report
specific demographic data about small businesses and consumers to
ensure they serve their target communities. Several others stated that
the Bureau should work with the CDFI Fund and loan software providers
to streamline the process of integrating new data collection processes
into existing systems. Some commenters noted that certain CDFIs must
report data points such as interest rate, origination, points and fees,
amortization type, loan term, and payment dates to the CDFI Fund.
Several also pointed out that some CDFIs also report on loans to the
SBA, to Federal prudential banking regulators pursuant to the CRA, and
to a non-profit's annual member survey.
One lender stated that CDFIs have long sought guidance from the
Bureau on compliance with overlapping statutory requirements from the
CDFI Fund, ECOA, and Regulation B, and recommended that the Bureau use
this rulemaking process to clarify data collection requirements in
coordination with the CDFI Fund to avoid potential conflicts.
Several commenters said that some CDFIs will have to adjust
processes and systems to comply with this rule, that the CDFI industry
uses several different loan software products, and providers
continually modify systems to comply with the CDFI Fund's reporting
requirements.
One commenter stated that the Bureau should collect credit score,
as CDFI Fund does, because it permits an ``apples-to-apples''
comparison of loans to help determine if small businesses that have
historically struggled to access responsible loans receive credit on
identical terms as white-owned businesses. The commenter also said that
the burden to collect this would be minimal, as many CDFIs already
report it to the CDFI Fund.
Farm Credit. An agricultural lender stated that a lack of
understanding of the Farm Credit System by the Bureau would have
unintended and detrimental consequences for those lenders' customers.
The lender noted that these lenders institutions already report lending
on Young, Beginning and Small lending efforts and volume (12 CFR
614.4165) to the Farm Credit Administration.
Agency cooperation. One bank suggested that the Bureau work with
SBA to create more women-owned and minority-owned business programs,
such as diversity loan programs to help the underserved, noting that
the Dodd-Frank Act was passed as a reaction to the practices of larger
lenders but would affect smaller lenders disproportionately.
A State financial regulator requested that the Bureau work with
State regulators to provide them data. The commenter noted that the
NPRM proposed modifications or deletions to protect privacy interests
but was silent on whether the Bureau would share unredacted data with
State regulators, and urged the Bureau to include in the final rule
express language permitting the Bureau to share data collected under
this rule with State regulators in accordance with information sharing
agreements. The commenter noted that such data will help State
regulators identify fair lending violations and enforce anti-
discrimination laws.
Responses to Comments Received
General comments on overlap. The CFPB acknowledges the general
comments concerning the overlap between this rule and other data
[[Page 35186]]
collection regimes, and general requests that the Bureau harmonize this
rule with other similar data reporting regulations. The CFPB recognizes
the overlap with other rules and in this final rule has made attempts
to minimize the challenges, complexity, and duplication of effort, as
well as potential errors in the data. In some instances, duplicate
reporting will be eliminated--this rule will not require the reporting
of any HMDA-reportable applications, and proposed amendments to CRA
regulations would eliminate reporting on small business and small farm
reporting to be replaced exclusively by data from this rule. In
addition, the CFPB attempted wherever possible (i.e., consistent with
its statutory authorities under this rule) to borrow concepts or
structures from other rules, such as FinCEN's customer due diligence
rule. The CFPB also intends to continue to coordinate with other
agencies to further harmonize this final rule with other similar
regulations.
Regarding the requests that the Bureau not require financial
institutions that already report data to duplicate their work, or that
the Bureau exempt all loan applications under Federal agency programs,
the CFPB has made certain adjustments in the final rule. As noted
above, duplicate reporting will be eliminated for HMDA-reportable loans
and, pursuant to proposed amendments to CRA regulations, under the CRA.
However, other data reporting regulations have purposes sufficiently
different from those of this rule such that the regulations are not
completely overlapping, and that the simple elimination of one of the
two reporting requirements would not advance both regulations. For
instance, data reported via FFIEC Call Reports are not motivated only
by considerations of fair lending and community development. In
addition, such other reporting requirements address only originations,
while section 1071 requires reporting on applications.
Regarding the comment that the Bureau should first use existing
small business lending data generated by the government and private
sector before collecting additional data, Congress disagreed when it
passed section 1071 calling for data on small business lending
applications. Existing data capture only limited application-level data
on lending to small businesses by depository institutions, and hardly
any application-level data on lending to small businesses by non-
depository institutions.
Regarding requests that the CFPB work out inconsistencies between
this rule and other data collection regimes, and that the Bureau
standardize data formats to match those used in other data reporting,
especially for CDFIs, the CFPB has attempted to do so in this final
rule where consistent with section 1071's statutory purposes. In
addition, the CFPB intends to work with agencies and other sources of
small business lending data to explore other possible avenues for
additional standardization.
HMDA. Regarding the identification of overlap between this rule and
HMDA/Regulation C, and the requests to avoid duplicative reporting, the
CFPB is exempting HMDA-reportable transactions from the requirements of
this rule. This new provision would have the effect of eliminating
inconsistencies between the two rules, the duplication of data
collection and reporting, and potential data errors. However, the
Bureau is not adopting a more narrowly tailored exclusion that would
not apply to HMDA-reportable loans by financial institutions that are
not HMDA reporters. For the reasons set out in the section-by-section
analysis of Sec. 1002.104(b)(2), the CFPB has determined that trying
to close all potential data gaps would defeat the purpose of trying to
alleviate concerns from commenters about having to implement and
maintain two separate reporting systems. The CFPB's decision to exempt
HMDA-reportable transactions also renders moot comments concerning
inconsistencies between specific data points in Regulation C and those
proposed for this rule, along with the firewall requirement.
Community Reinvestment Act. Regarding the comments identifying the
similarities between the data required by this rule and the
requirements of the CRA, and the request that the data of this rule
replace the data for the CRA, the CFPB notes that, as stated in part
II.F.2.i above, the CRA agencies have issued a proposed rule that,
amongst other things, would exclusively rely on 1071 data for its
assessment of the small business and small farm lending activities of
banks, replacing the existing CRA data requirements based on Call
Reports and other sources. The CFPB believes that when the final rule
amending the CRA requirements is issued, duplication between the CRA
and this rule will be eliminated, as requested by numerous commenters,
including industry and community groups. As some community groups
suggested, the CRA proposal contemplates using 1071 data for CRA
examinations in the manner that HMDA data are currently used in CRA
examinations. The CFPB agrees with these commenters that 1071 data
would be more robust than the data currently collected under existing
CRA rules.
Regarding the various request that the Bureau work with other
Federal regulators to eliminate duplication, the CFPB observes that the
CRA agencies appear to intend with their proposed rule to eliminate
duplicative reporting by both relying on the Bureau's small business
lending data and eliminating any independent data collection
requirement. The CFPB intends to continue cooperating with the CRA
agencies to ensure coordination between this rule and amendments to the
CRA regulations, especially those concerning potentially duplicative
reporting.
Regarding the comments that the Bureau should exempt lenders that
report under the CRA, the CFPB does not believe such an exemption would
be appropriate. In addition, in light of the CRA's proposal to use data
collected and reported pursuant to section 1071, the result of such an
exemption might be that no small business lending data would be
collected for such institutions.
Regarding the comments that identified specific inconsistencies
between the CRA and this rule, the CFPB does not disagree that the
inconsistencies identified exist but notes that the CRA's proposal that
the CRA agencies rely exclusively on 1071 data for their analysis of
small business and small farm lending would render these
inconsistencies moot because only 1071 data would exist. Regarding the
comment that the Bureau should reduce its gross annual revenue
threshold for its small business definition under this rule from $5
million to $1 million to align with FFIEC Call Reports and for
Regulation B, the CFPB is not doing so for the reasons set out in the
section-by-section analysis of Sec. 1002.106(b). The CFPB believes
that a small business definition with a lower threshold would not
further the statutory purposes of the rule because it would reduce the
amount of data collected concerning lending to many businesses that,
according to other metrics would still be considered small though above
$1 million in revenue. In addition, the Bureau believes that analyses
seeking to match or compare data from this rule that are interoperable
with small business lending data from FFIEC need only screen this
rule's data for gross annual revenue of less than $1 million, which
this rule requires as a data point. For instance, the CRA NPRM proposes
screening the 1071 data for loans to small businesses and small farms
under $1 million revenue for purposes of certain parts of CRA
examinations.
SBA. The CFPB is not exempting SBA-guaranteed loans from reporting
[[Page 35187]]
under this rule. For its 7(a) and 504 programs, the SBA only collects
and publishes a subset of the data required by this rule for
originations. Still, the CFPB intends to coordinate with SBA to try to
reduce duplicative reporting.
FinCEN. Regarding the comment that the data reported under this
rule would be better provided through other means, such as via FinCEN's
recent business database and registry, the CFPB understands that
database is not set up to receive small business lending data.
CDFI Fund. Regarding comments that the Bureau should work with the
CDFI Fund to harmonize reporting under the CDFI Fund's Transaction
Level Report requirements with this rule, the CFPB agrees to coordinate
with the CDFI Fund to determine where it is possible to avoid
duplicative or inconsistent reporting of data and how to resolve any
overlapping statutory requirements. The CFPB observes that it may not
be possible to simply eliminate duplicate reporting, as with HMDA or
CRA reporting, given the differences in purposes and the requirements
of the CDFI Fund compared to those of this rule. Regarding comments
that the Bureau should work with loan software providers, the CFPB
agrees and intends to meet with software providers as it develops the
small business lending data submission platform to determine how
reporting can be streamlined for CDFIs that must report small business
lending data to various agencies, such as the CFPB under this rule, the
SBA, and the CDFI Fund.
Regarding the comment that the Bureau should collect credit score,
as CDFI Fund does, the CFPB notes that, as stated in the section-by-
section analysis of Sec. 1002.107(a), the CFPB believes that this data
point--which the CFPB would also have to collect from other financial
institutions that may have operations quite different from CDFIs--could
be quite complicated and involve complex sub-fields, which could pose
operational difficulties for financial institutions in collecting and
reporting this information.
Farm Credit. Regarding the comments that the Bureau's lack of
understanding of the Farm Credit System would have unintended and
detrimental consequences for FCS customers, and that the FCS lenders
already report data to the Farm Credit Administration, the CFPB has
consulted with FCS lenders, and believes that its approach will result
in consistency across the data collected under this rule, more robust
fair lending analyses and transparency into opportunities for small
farms, and a more even playing field for compliance across all
financial institutions.
Agency cooperation. Regarding the comment that the Bureau work with
SBA to create more women-owned and minority-owned business programs,
the CFPB regularly engages with other Federal regulators on a range of
work that implicates its statutory mission; that includes, as
appropriate, the SBA. Regarding the request that the Bureau provide
small business lending data to State regulators, the CFPB agrees that
doing so would likely be consistent with the statutory purposes of the
rule. The CFPB will engage with State and Federal regulators regarding
their access to small business lending data collected under this final
rule, while ensuring that data security and data privacy are
appropriately protected.
E. Cross-Cutting Interpretive Issues
1. The Bureau's Approach to Non-Small Women-Owned and Minority-Owned
Businesses in This Rulemaking
ECOA section 704B(b) states that ``in the case of any application
to a financial institution for credit for [a] women-owned, minority-
owned, or small business,'' the financial institution must ``inquire
whether the business is a women-owned, minority-owned or small
business. . . .'' As explained below, the Bureau proposed to require
financial institutions to collect and report data regarding
applications for credit for small businesses; the Bureau did not,
however, propose to require financial institutions to collect and
report data with respect to applicants that are not small businesses.
The Bureau believed that section 1071 was ambiguous with respect to
its coverage of applications for credit for non-small women- or
minority-owned businesses, and the Bureau therefore proposed to
interpret this ambiguity pursuant to ECOA section 704B(g)(1). The
Bureau acknowledged that the plain language of 704B(b) could be read to
require financial institutions to collect information from all women-
owned and minority-owned businesses, including those that are not small
businesses. But based on a close consideration of the text, structure,
and purpose of the statute, and the interactions between section 1071
and other provisions of ECOA and Regulation B, the Bureau believed that
the statute's coverage of, and Congress's intent with respect to, data
regarding non-small businesses was ambiguous. The Bureau proposed this
approach as an interpretation of the statute pursuant to its authority
under 704B(g)(1), and, in the alternative, pursuant to both its
authority under 704B(g)(2) to adopt exceptions to any requirement of
section 1071 as the Bureau deems necessary or appropriate to carry out
the purposes of section 1071 and its implied de minimis authority.
The Bureau sought comment on its proposed approach to limiting the
scope of data collection pursuant to subpart B to covered applications
for small businesses, but not women- or minority-owned businesses that
are not small.
Several commenters, including industry and community groups,
supported limiting the scope of data collection as the Bureau proposed.
In particular, a cross-sector group of lenders, community groups, and
small business advocates stated that the Bureau had taken a reasonable
and adequately comprehensive approach in proposing to include only
minority- and women-owned businesses that are ``small,'' as this would
cover 99.9 percent of all minority- and women-owned businesses. The
group further noted that the Bureau should continue to monitor the U.S.
Census Bureau's Annual Business Survey and adjust this requirement if
minority- or women-owned businesses that are not considered ``small''
exceed 1 percent. In contrast, a State financial regulator commented
that data collection on non-small women- or minority-owned businesses
was important for fair lending enforcement purposes and would provide
for better consistency with States pursuing similar information
collection requirements. In response to the latter comment, the Bureau
notes that such data collection would be of limited utility in light of
section 1071's statutory purposes because, as discussed below, the lack
of a control group (i.e., data on non-small businesses that are neither
women-owned nor minority-owned) would limit such data's utility for
fair lending enforcement purposes. For the reasons set forth herein,
the Bureau is finalizing the approach to non-small women-owned and
minority-owned businesses as proposed.
The Bureau interprets ECOA section 704B(b) and (b)(1) to require
that financial institutions first determine whether an applicant is a
small business within the scope of the rule's data collection before
making the required inquiries that would otherwise be prohibited by
existing Regulation B. There is a general prohibition in existing
Regulation B (in Sec. 1002.5(b)) which states that a ``creditor shall
not inquire about the race, color, religion, national origin, or sex of
an applicant or any other person in connection with a credit
transaction, except if expressly permitted to do so by law or
regulation.
[[Page 35188]]
In the introductory language to ECOA section 704B(b), Congress
instructed that section 1071's data collection regime applies only ``in
the case of any application to a financial institution for credit for
women-owned, minority-owned, or small business'' (emphasis added). The
Bureau believes that ``in the case of'' indicates Congress's intent to
limit application of section 1071 to these types of businesses, rather
than requiring financial institutions to make 1071-related inquiries of
all business applicants for credit.\290\ The next paragraph
(704B(b)(1)) does not use the conditional phrase ``in the case of''
used in 704B(b); rather, it instructs a financial institution to
``inquire.'' The Bureau believes that the instruction to ``inquire'' in
704B(b)(1) is intended to provide the necessary exception to Regulation
B's general prohibition against ``inquir[ing]'' as to protected
demographic information in connection with a credit transaction.\291\
Indeed, absent section 1071's lifting of the prohibition, generally, a
financial institution could not determine, or even ask about, an
applicant's women- or minority-owned business status, because doing so
would necessarily constitute ``inquir[ing] about the race, color,
religion, national origin, or sex of an applicant'' in violation of
existing Sec. 1002.5(b). The Bureau believes that Congress likely
intended to ensure that financial institutions could determine whether
section 1071's data collection and reporting requirements apply to an
applicant without risking a violation of other provisions of ECOA and
Regulation B.
---------------------------------------------------------------------------
\290\ Merriam-Webster defines ``case'' as meaning ``a set of
circumstances or conditions,'' ``a situation requiring investigation
or action (as by the police),'' or ``the object of investigation or
consideration,'' https://www.merriam-webster.com/dictionary/case
(last visited Mar. 20, 2023).
\291\ As discussed in greater detail in the next section, the
fact that the language of ECOA section 704B(b)(1) is designed to
expressly permit inquiry into protected demographic information,
which would otherwise be prohibited by existing Sec. 1002.5(b), is
also evidenced by the statute's three provisions creating special
protections for responses to the inquiry: 704B(b)(2) requires that
responses to inquiries about protected demographic information
remain separate from the application and accompanying information;
704B(c) requires that applicants have a right to refuse to answer
the inquiry about protected demographic information; and 704B(d)
requires that certain underwriters or other employees involved in
making determinations on an application not have access to the
responses to inquiries about protected demographic information.
---------------------------------------------------------------------------
However, unlike with women- and minority-owned business status,
there is no legal impediment to a financial institution determining
whether an applicant is a small business, and financial institutions
can make that determination as a threshold matter without risking
running afoul of ECOA and Regulation B. Therefore, the Bureau believes
that the scope of the introductory ``in the case of'' language in ECOA
section 704(b) is ambiguous as to coverage of non-small women- and
minority-owned businesses. To resolve this ambiguity, the Bureau
applies its expertise to interpreting the language and structure of
section 1071 within the context of the general prohibition on inquiring
into protected demographic information in existing Sec. 1002.5(b), and
concludes that ECOA section 704B(b)(1) is best read as only referring
to questions about applicants' protected demographic information (i.e.,
women- and minority-owned business status as well as the ethnicity,
race, and sex of the principal owners of the business). The Bureau
believes 704B(b)'s more general ``in the case of'' language should be
understood to indicate the conditions under which data collection
should take place, and requires financial institutions to make a
threshold determination that an applicant is a small business before
proceeding with an inquiry into the applicant's protected demographic
information.
A requirement to collect and report data on applications for women-
owned and minority-owned businesses that are not small businesses could
affect all aspects of financial institutions' commercial lending
operations while resulting in limited information beyond what would
already be collected and reported about women-owned and minority-owned
small businesses. Indeed, as a cross-sector group of lenders, community
groups, and small business advocates highlighted, approximately 99.9
percent of women- and minority-owned business are small.\292\ In
addition, financing for large businesses can be much more varied and
complex than are the products used for small business lending The
Bureau will continue to observe the market on this issue.
---------------------------------------------------------------------------
\292\ In the U.S. Census Bureau's 2018 Annual Business Survey,
5.7 million firms (99.6 percent of all employer firms) are small, as
defined within that survey as having fewer than 500 employees. That
same definition covers one million minority-owned employer firms
(99.9 percent of all minority-owned firms) and 1.1 million women-
owned employer firms (99.9 percent of all women-owned firms). See
U.S. Census Bureau, 2018 Annual Business Survey (ABS)--Company
Summary (2018), https://www.census.gov/data/tables/2018/econ/abs/2018-abs-company-summary.html.
---------------------------------------------------------------------------
The Bureau also notes that the collection of data on applications
for non-small women- or minority-owned businesses would not carry out
either of section 1071's statutory purposes because the data would be
of only limited usefulness for conducting the relevant analyses of non-
small businesses. Such analyses would necessitate comparing data
regarding non-small women-owned and minority-owned business applicants
to data regarding non-small non-women-owned and non-minority-owned
business applicants, in order to control for lending outcomes that
result from differences in applicant size. But section 1071 does not
require or otherwise address the collection of data for non-small
business applicants that are not women- or minority-owned. Therefore,
the resulting dataset will lack a control group, arguably the most
meaningful comparator for any data on non-small women- or minority-
owned businesses. It is unlikely that Congress intended, and the
statute is reasonably read not to require, the collection of data that
would be of limited utility.\293\
---------------------------------------------------------------------------
\293\ See, e.g., Pub. Citizen v. U.S. Dep't of Just., 491 U.S.
440, 454 (1989) (``Where the literal reading of a statutory term
would `compel an odd result,' Green v. Bock Laundry Machine Co., 490
U.S. 504, 509 (1989), we must search for other evidence of
congressional intent to lend the term its proper scope.'').
---------------------------------------------------------------------------
Finally, the Bureau notes that the title of section 1071 is ``Small
Business Data Collection,'' and section 1071 amends ECOA to add a new
section titled ``Small Business Loan Data Collection.'' In the presence
of ambiguity, these titles provide some additional evidence that
Congress did not intend the statute to authorize the collection of data
on businesses that are not small.\294\
---------------------------------------------------------------------------
\294\ Almendarez-Torres v. United States, 523 U.S. 224, 234
(1998) (`` `[T]he title of a statute and the heading of a section'
are `tools available for the resolution of a doubt' about the
meaning of a statute.'') (quoting Bhd. of R.R. Trainmen v. Balt. &
Ohio R.R., 331 U.S. 519, 529 (1947)).
---------------------------------------------------------------------------
For these reasons, the Bureau interprets ECOA section 704B(b) to
cover the collection only of data with respect to small businesses,
including those that are women- and minority-owned. Likewise, as
discussed immediately below in E.2 of this Overview to part V, the
Bureau is clarifying that the 704B(b)(1) inquiry, when applicable,
pertains to an applicant's minority-owned business status and women-
owned business status, as well as an applicant's LGBTQI+-owned business
status, along with the ethnicity, race, and sex of its principal
owners. For the same reasons, the Bureau believes that not requiring
the collection of data with respect to applications for non-small
businesses would be necessary or appropriate to carry out the purposes
of section 1071; in the alternative, the Bureau exercises its exception
authority in 704B(g)(2) to effectuate this outcome. Finally, because
[[Page 35189]]
the Bureau believes that the collection of data on non-small women- and
minority-owned businesses would ``yield a gain of trivial or no
value,'' in the alternative the Bureau exercises its implied de minimis
authority to create this exception.\295\
---------------------------------------------------------------------------
\295\ Waterkeeper All. v. EPA, 853 F.3d 527, 530 (D.C. Cir.
2017) (quoting Pub. Citizen v. FTC, 869 F.2d 1541, 1556 (D.C. Cir.
1989)); see Alabama Power Co. v. Costle, 636 F.2d 323, 360-61 (D.C.
Cir. 1979).
---------------------------------------------------------------------------
2. The Meaning of ``Information Requested Pursuant to Subsection (b)''
Four different provisions of section 1071 refer to or rely on
``information requested pursuant to subsection (b)'' or similar
language. First, ECOA section 704B(b)(2) provides that financial
institutions must ``maintain a record of the responses to such
inquiry'' and keep those records separate from the application and
information that accompanies it. Second, 704B(c) states that applicants
for credit ``may refuse to provide any information requested pursuant
to subsection (b).'' Third, 704B(d) requires financial institutions to
limit the access of certain employees to ``information provided by the
applicant pursuant to a request under subsection (b),'' with certain
exceptions. Fourth, 704B(e) instructs financial institutions that
``information provided by any loan applicant pursuant to a request
under subsection (b) . . . shall be itemized in order to clearly and
conspicuously disclose'' data including the loan type and purpose,
amount of credit applied for and approved, and gross annual revenue.
In light of these four disparate provisions, the Bureau believes
that section 1071 is ambiguous with respect to the meaning of ``any
information provided by the applicant pursuant to a request under
subsection (b).'' \296\ On the one hand, ECOA section 704B(b)(1)
directs financial institutions to inquire whether a business is ``a
women-owned, minority-owned, or small business,'' so the phrase could
be interpreted as referring only to those three data points. Section
704B(e), however, indicates that the scope of 704B(b) could be much
broader; it suggests that all of the information that financial
institutions are required to compile and maintain--not simply an
applicant's status as a women-owned, minority-owned, or small
business--constitutes information provided by an applicant ``pursuant
to a request under subsection (b).'' But as noted above, information
deemed provided pursuant to subsection (b) is subject to the notable
protections of separate recordkeeping under 704B(b)(2), a right to
refuse under 704B(c), and the firewall under 704B(d). Applying these
special protections to many of the data points in 704B(e), such as
gross annual revenue or amount applied for, would be extremely
difficult to implement, because this information is critical to
financial institutions' ordinary operations in making credit decisions.
Additionally, 704B(e) describes as ``provided by any loan applicant''
under 704B(b) data points that plainly must come from the financial
institution itself, such as application number and action taken,
further suggesting that Congress viewed this term as encompassing more
information than lies within the four corners of 704B(b)(1). Finally,
as noted above, the circular structure of 704B(b) complicates the
question of what constitutes information provided ``pursuant to a
request under subsection (b).'' Read together, the introductory
language in 704B(b) and (b)(1) direct financial institutions, ``in the
case of'' a credit application ``for [1] women-owned, [2] minority-
owned, or [3] small business,'' to ``inquire whether the business is a
[1] women-owned, [2] minority-owned, or [3] small business.'' The
Bureau believes that this circularity further demonstrates the
ambiguity of the phrase ``pursuant to a request under subsection (b).''
---------------------------------------------------------------------------
\296\ The Bureau does not believe that the minor linguistic
variations in these four provisions themselves have significance.
---------------------------------------------------------------------------
The Bureau believes that it is reasonable to resolve these
ambiguities by giving different meanings to the phrase ``any
information provided by the applicant pursuant to a request under
subsection (b)'' (or similar) with respect to ECOA section 704B(e) as
opposed to 704B(b)(2), (c), and (d).\297\ With respect to 704B(e), the
Bureau interprets the phrase to refer to all the data points now
articulated in proposed Sec. 1002.107(a). Section 704B(e) is the
source of financial institutions' obligation to ``compile and
maintain'' data that they must then submit to the Bureau, so it would
be reasonable to interpret this paragraph as referring to the complete
data collection Congress devised in enacting section 1071.
---------------------------------------------------------------------------
\297\ While there is a presumption that a phrase appearing in
multiple parts of a statute has the same meaning in each, ``this is
no more than a presumption. It can be rebutted by evidence that
Congress intended the words to be interpreted differently in each
section, or to leave a gap for the agency to fill.'' Catskill
Mountains Chapter of Trout Unlimited, Inc. v. EPA, 846 F.3d 492, 532
(2d Cir. 2017) (citing Env't Def. v. Duke Energy Corp., 549 U.S.
561, 575 (2007)). Here, the Bureau believes Congress indicated such
an intention by using the same phrase in the substantially different
contexts of providing special protections for protected demographic
information on the one hand and ``itemiz[ing]'' all collected data
on the other.
---------------------------------------------------------------------------
But with respect to the three statutory provisions creating special
protections for certain information--the firewall in ECOA section
704B(d), separate recordkeeping in 704B(b)(2), and the right to refuse
in 704B(c)--the Bureau interprets the phrase to refer to the data
points in Sec. 1002.107(a)(18) (women-owned and minority-owned
business statuses, along with the new LGBTQI+-owned business status),
and (a)(19) (ethnicity, race, and sex of principal owners).\298\ Each
of these data points requests protected demographic information that
has no bearing on the creditworthiness of the applicant, about which
existing Sec. 1002.5(b) would generally prohibit the financial
institution from inquiring absent section 1071's mandate to collect and
report that information, and with respect to which applicants are
protected from discrimination. The Bureau accordingly believes that it
is reasonable to apply section 1071's special-protection provisions
only to this information, regardless of whether the statutory authority
to collect it originates in 704B(b)(1) (women-owned and minority-owned
business statuses), 704B(e)(2)(H) (LGBTQI+-owned business status), or
704B(e)(2)(G) (ethnicity, race, and sex of principal owners). The
Bureau similarly believes that it would have been unreasonable for
Congress to have intended that these special protections would apply to
any of the other data points now proposed in Sec. 1002.107(a), which
the financial institution is permitted to request regardless of
coverage under section 1071 which are not the subject of Federal
antidiscrimination law, and many of which financial institutions
currently use for underwriting and other purposes.
---------------------------------------------------------------------------
\298\ The Bureau's interpretations with respect to a separate
data point for small business status are discussed in the next
section.
---------------------------------------------------------------------------
The Bureau implements these interpretations of ``information
requested pursuant to subsection (b),'' and any relevant comments
received, in several different section-by-section analyses. With
respect to ECOA section 704B(e), the Bureau discusses its
interpretation of the phrase in the section-by-section analysis of
Sec. 1002.107(a). The Bureau's interpretation of 704B(d)'s firewall
requirement is addressed at greater length in the section-by-section
analysis of Sec. 1002.108, and the Bureau's interpretation of the
separate recordkeeping requirement in 704B(b)(2) is addressed in the
section-
[[Page 35190]]
by-section analysis of Sec. 1002.111(b). The right to refuse in
704B(c) is discussed in the section-by-section analyses of the data
points that the Bureau deems subject to the right to refuse: Sec.
1002.107(a)(18) (women-owned, minority-owned, and LGBTQI+-owned
business statuses) and (19) (ethnicity, race, and sex of principal
owners).
3. No Collection of Small Business Status as a Data Point
The Bureau notes that neither of its interpretations of
``information requested pursuant to subsection (b)'' reference a
specific data point for an applicant's status as a small business, nor
did the Bureau otherwise include in proposed Sec. 1002.107(a) that
financial institutions collect, maintain, or submit a data point whose
sole function is to state whether the applicant is or is not a small
business.
The Bureau's definition of small business in final Sec. 1002.106,
which is based on an applicant's gross annual revenue, renders
redundant any requirement that financial institutions collect a
standalone data point whose sole purpose is to state whether an
applicant is a small business. Indeed, under the definition of small
business, when a financial institution asks an applicant its gross
annual revenue, that question is functionally identical to asking,
``are you a small business?'' The Bureau believes that it is a
reasonable interpretation of ECOA section 704B(b)'s query as to small
business status for that question to take the form of, ``what is your
gross annual revenue?'' \299\ Furthermore, as discussed above with
respect to the Bureau's approach to non-small women- and minority-owned
businesses, the Bureau interprets financial institutions' data
collection obligations as attaching only in the case of applications
from small businesses; if a financial institution determines that an
applicant is not a small business, none of the obligations under this
rule would apply. As such, a standalone data point that serves only to
designate whether a business qualifies as small for purposes of the
rule would be redundant with the mere fact that the data collection
occurs at all, as well as with the collection of gross annual revenue.
---------------------------------------------------------------------------
\299\ The financial institution could ask, in order to make an
initial determination as to whether the rule applies, whether the
applicant's gross annual revenue in its last full fiscal year was $5
million or less. If it was, the financial institution would need to
request the specific revenue amount to comply with final Sec.
1002.107(a)(14), along with the other applicant-provided data points
specified in final Sec. 1002.107(a).
---------------------------------------------------------------------------
The Bureau sought comment on whether a standalone data point solely
dedicated to small business status might nonetheless be useful and, if
so, how it might be implemented. The Bureau received no comments on
this issue.
The Bureau acknowledges that the plain language of ECOA section
704B(b) could be read to require financial institutions to ask
applicants subject to the data collection the precise question, ``are
you a small business?'' Upon further analysis, however, the Bureau
believes that Congress's intended treatment of small business status as
a standalone data point is ambiguous. As described in more detail above
with respect to the rulemaking's coverage of women- and minority-owned
businesses that are not small, 704B(b)'s introductory language and
704B(b)(1) appear to require financial institutions to know the answer
to whether an applicant is women-owned, minority-owned, or small before
they make their inquiry; to resolve this ambiguity, the Bureau
interprets 704B(b)'s introductory language and 704B(b)(1) to require
that financial institutions first straightforwardly assess whether an
applicant is a small business before proceeding to inquire into the
applicant's protected demographic information that would otherwise be
prohibited by existing Sec. 1002.5(b).
Pursuant to its authority under ECOA section 704B(g)(1) to
prescribe such rules as may be necessary to carry out, enforce, and
compile data pursuant to section 1071, the Bureau interprets 704B(b)
and (b)(1) to obviate the need for financial institutions to collect a
standalone data point whose sole purpose is to note an applicant's
small business status. For the same reasons, the Bureau believes that
not requiring the collection of a separate data point on small business
status would be necessary or appropriate to carry out the purposes of
section 1071; therefore, in the alternative, the Bureau is exercising
its exception authority in 704B(g)(2) to effectuate this outcome.
Finally, because the Bureau believes that the collection of a
standalone data point on small business status would ``yield a gain of
trivial or no value,'' in the alternative, the Bureau exercises its
implied de minimis authority to create this exception.\300\
---------------------------------------------------------------------------
\300\ Waterkeeper All., 853 F.3d at 530 (quoting Pub. Citizen,
869 F.2d at 1556); see Alabama Power, 636 F.2d at 360-61.
---------------------------------------------------------------------------
F. Conforming Amendments to Existing Regulation B
As discussed above, the Bureau is implementing section 1071 in a
new subpart B of Regulation B. The content of existing Regulation B is
becoming subpart A of Regulation B. This change does not affect the
current section numbering in Regulation B. The Bureau believes it is
appropriate to make this rule a part of Regulation B, as section 1071
is a part of ECOA.
The Bureau sought comment on whether it should instead codify its
rule to implement section 1071 as a free-standing regulation with its
own CFR part and, if so, why. A bank commenter supported the location
of this rule within a new subpart B to Regulation B, noting that
lenders often overlook that Regulation B applies to business as well as
consumer credit. The commenter also noted that the intent of section
1071, to provide all credit applicants fair and equitable treatment and
credit, makes Regulation B the natural place for this rule, rather than
a free-standing regulation, which would generate unnecessary confusion.
As noted above and as discussed in more detail below, the Bureau is
amending existing Sec. 1002.5(a)(4) and commentary for existing Sec.
1002.5(a)(2) and (4) to expressly permit under certain circumstances
voluntary collection of minority-owned, women-owned, and LGBTQI+-owned
business status, and the ethnicity, race, and sex of applicants'
principal owners in accordance with the requirements of subpart B.
In addition, the Bureau is revising certain references to the
entire regulation (which use the terms ``regulation'' or ``part'') in
existing Regulation B to instead refer specifically to subpart A. The
Bureau is likewise adding additional specificity in certain provisions
in existing Regulation B to avoid confusion. The Bureau does not intend
to make any substantive changes with these revisions, but rather
intends to maintain the status quo. The Bureau is making the following
changes:
In Sec. 1002.1(a), regarding authority and scope, the Bureau is
changing two references to ``part'' to instead refer to ``subpart,''
regarding the application of what is now subpart A to creditors.
In Sec. 1002.2, regarding definitions, the introductory text
states that definitions contained therein apply to Regulation B, unless
the context indicates otherwise. The Bureau is adding ``or as otherwise
defined in subpart B'' for clarity.
In Sec. 1002.12(b)(1) introductory text, (b)(2) introductory text,
(b)(3) through (5) and (7), regarding record retention, the Bureau is
adding ``or as otherwise provided in subpart B'' to indicate that
subpart B may provide different record retention requirements than what
is set forth in those paragraphs for business credit. The Bureau is
also changing a reference to ``this rule'' in comment
[[Page 35191]]
12(b)(7)-1 to instead refer to existing Sec. 1002.12(b)(7) regarding
retention of prescreened credit solicitations, to avoid confusion with
subpart B's treatment of solicitations.
Finally, Sec. 1002.13 addresses information for monitoring
purposes for credit secured by an applicant's dwelling. The Bureau is
revising comment 13(b)-5, which addresses applications made through
unaffiliated loan shopping services, to refer to subpart A of
Regulation B instead of the entirety of Regulation B, for clarity. The
existing comment also refers to applications received by creditors
subject to HMDA and associated data collection requirements; the Bureau
is also adding to the end of the comment an additional sentence noting
that creditors that are covered financial institutions under subpart B
of this regulation may also be required to collect, report, and
maintain certain data, as set forth in subpart B of Regulation B.
Subpart A--General
Section 1002.5 Rules Concerning Requests for Information
5(a) General Rules
5(a)(4) Other Permissible Collection of Information
Background
ECOA prohibits creditors from discriminating against applicants,
with respect to any aspect of a credit transaction, on the basis of--
among other characteristics--race, color, religion, national origin,
sex, marital status, or age.\301\ It also states that making an inquiry
under 15 U.S.C. 1691c-2 (that is, section 1071), in accordance with the
requirements of that section, shall not constitute discrimination for
purposes of ECOA.\302\ Regulation B, in existing Sec. 1002.5(b),
generally prohibits a creditor from inquiring about certain protected
demographic information in connection with a credit transaction.
Existing Sec. 1002.5(a)(2), however, expressly permits collection of
such otherwise prohibited information if required by a regulation,
order, or agreement to monitor or enforce compliance with Regulation B,
ECOA, or other Federal or State law or regulation.
---------------------------------------------------------------------------
\301\ 15 U.S.C. 1691(a).
\302\ 15 U.S.C. 1691(b)(5).
---------------------------------------------------------------------------
In 2017, the Bureau amended Regulation B, adding Sec. 1002.5(a)(4)
to expressly permit creditors to collect ethnicity, race, and sex from
mortgage applicants in certain cases where the creditor is not required
to report under HMDA and Regulation C.\303\ For example, existing Sec.
1002.5(a)(4) expressly permits the collection of ethnicity, race, and
sex information for certain transactions for which Regulation C permits
optional reporting. However, nothing in existing Regulation B (or in
ECOA) expressly permits collection and reporting of protected
demographic data for financial institutions that are not required to
report certain data under section 1071.
---------------------------------------------------------------------------
\303\ Equal Credit Opportunity Act (Regulation B) Ethnicity and
Race Information Collection, 82 FR 45680, 45684 (Oct. 2, 2017).
---------------------------------------------------------------------------
During the SBREFA process, some small entity representatives,
primarily small CDFIs and mission-oriented community banks, stated that
they would be inclined to collect and report small business lending
data to the Bureau even if not required to do so, such as if they fell
under loan-volume thresholds. These small entity representatives
expressed an intent to report data even if not required to out of a
belief in the importance and utility of these data.
Proposed Rule
The Bureau proposed to amend existing Sec. 1002.5(a)(4) to add
three provisions (in proposed Sec. 1002.5(a)(4)(vii), (viii), and
(ix)) that would permit certain creditors that are not covered
financial institutions under the rule to collect small business
applicants' protected demographic information under certain
circumstances. The Bureau also proposed to add comment 5(a)(2)-4 and to
revise existing comment 5(a)(4)-1 to provide guidance on these proposed
exemptions.
Proposed Sec. 1002.5(a)(4)(vii) would have permitted a previously
covered financial institution to collect demographic information
pursuant to subpart B for covered applications for up to five years
after it fell below the loan-volume threshold of proposed Sec.
1002.105(b), provided that it does so in accordance with the relevant
requirements of proposed subpart B.
Proposed Sec. 1002.5(a)(4)(viii) would have provided that a
creditor in its first year of exceeding the covered financial
institution loan-threshold in Sec. 1002.105(b) may, in the second year
collect demographic information pursuant to subpart B for covered
applications, provided that it does so in accordance with the relevant
requirements of proposed subpart B.
Proposed Sec. 1002.5(a)(4)(ix) would have permitted a financial
institution not covered by the rule that wishes to voluntarily report
small business lending data to collect applicants' protected
demographic information without violating Regulation B. Unlike
creditors subject to proposed Sec. 1002.5(a)(4)(vii) or (viii), a
creditor seeking to voluntarily collect applicant's protected
demographic information under proposed Sec. 1002.5(a)(4)(ix) would
also be required to report it to the Bureau.
Existing comment 5(a)(4)-1 addresses recordkeeping requirements for
ethnicity, race, and sex information that is voluntarily collected for
HMDA under the existing provisions of Sec. 1002.5(a)(4). The Bureau
proposed revising this comment by adding to it a parallel reference to
proposed subpart B, along with a statement that the information
collected pursuant to proposed subpart B must be retained pursuant to
the requirements set forth in proposed Sec. 1002.111.
Proposed comment 5(a)(2)-4 would have explained that proposed
subpart B of Regulation B generally requires creditors that are covered
financial institutions as defined in proposed Sec. 1002.105(a) to
collect and report information about the ethnicity, race, and sex of
the principal owners of applicants for certain small business credit,
as well as whether the applicant is a minority-owned business or a
women-owned business as defined in proposed Sec. 1002.102(m) and (s),
respectively. The Bureau proposed this comment for parity with existing
comment 5(a)(2)-2, which addresses the requirement to collect and
report information about the ethnicity, race, and sex of applicants
under HMDA. Existing comment 5(a)(2)-3 explains that persons such as
loan brokers and correspondents do not violate ECOA or Regulation B if
they collect information that they are otherwise prohibited from
collecting, where the purpose of collecting the information is to
provide it to a creditor that is subject to HMDA or another Federal or
State statute or regulation requiring data collection.
The Bureau sought comment on its three proposed provisions to be
added to existing Sec. 1002.5(a)(4), and associated commentary,
including whether there were other specific situations to add to the
list of provisions in Sec. 1002.5(a)(4) to permit the collection of
applicants' protected demographic information pursuant to section 1071,
and whether any similar modifications to other provisions were
necessary. In particular, the Bureau sought comment on whether it
should add another provision to Sec. 1002.5(a)(4) relating to proposed
Sec. 1002.114(c)(1), wherein the Bureau proposed to permit financial
institutions to collect, but would not require them
[[Page 35192]]
to report, applicants' protected demographic information prior to the
compliance date.
Comments Received
The Bureau received comments on this provision from several
industry commenters, a business advocacy group, and a community group.
The community group supported the reasoning and approach of the
proposed provisions. The commenter inquired whether the provisions
would allow for voluntary reporting of only the protected demographic
data, or all data points, noting that if the Bureau intended only to
permit voluntary data collection of demographic information that it
would not make sense to permit publication of these data points, and
that the usefulness of such incomplete data would be limited. A
business advocacy group applauded the Bureau for the proposed
provisions and recommended that the Bureau add incentives for voluntary
disclosure of data for those financial institutions, but asked that the
incentives not distort the purposes of the regulation by encouraging
lenders to report inaccurate or untrue data to reap the benefits of the
incentive to report.
A community group commented that the Bureau should permit voluntary
collection not only by financial institutions not covered by the rule,
but also should permit covered financial institutions to collect data
on consumer credit used to fund small businesses.\304\
---------------------------------------------------------------------------
\304\ The Bureau addresses comments regarding the reporting of
non-covered products in the section-by-section analysis of Sec.
1002.104(b), under the heading Voluntary Reporting. While the final
rule does not permit the voluntary reporting of non-covered
products, the Bureau has implemented a safe harbor in Sec.
1002.112(c)(4) for financial institutions that collect data on
applications for products that turn out not to be covered credit
transactions.
---------------------------------------------------------------------------
Two agricultural lenders requested that the Bureau exempt Farm
Credit System (FCS) lenders entirely from coverage under the rule while
also adding a provision to the proposed voluntary reporting provisions
stating that FCS lenders may submit a supplemental voluntary collection
of data that is not otherwise already being provided to the public.
Final Rule
For the reasons set forth herein, the Bureau is finalizing
amendments to existing Sec. 1002.5(a)(4) introductory text and three
provisions (in final Sec. 1002.5(a)(4)(vii), (viii), and (ix)) that
permit certain creditors that are not covered financial institutions
under the rule to collect small business applicants' protected
demographic information under certain circumstances. The Bureau is also
adopting new Sec. 1002.5(a)(4)(x) to similarly address information
collected about multiple co-applicants. The Bureau is finalizing
comment 5(a)(2)-4 along with its revision to existing comment 5(a)(4)-1
providing guidance on these new exemptions. The Bureau is additionally
revising existing comment 5(a)(2)-3, as discussed below. These
provisions contain updated cross-references to other sections in the
final regulatory text and commentary, as well as addition of LGBTQI+-
owned business status to accompany references to women- and minority-
owned business statuses.
Final Sec. 1002.5(a)(4)(vii) provides that a creditor that was
required to report small business lending data pursuant to final Sec.
1002.109 for any of the preceding five calendar years but is not
currently a covered financial institution under final Sec. 1002.105(b)
may collect protected demographic information pursuant to subpart B for
covered applications from small businesses as defined in final
Sec. Sec. 1002.103 and 1002.106(b) if it complies with the
requirements of subpart B as otherwise required for covered financial
institutions pursuant to final Sec. Sec. 1002.107(a)(18) and (19),
1002.108, 1002.111, and 1002.112 for those applications. Final Sec.
1002.5(a)(4)(vii) also states that such a creditor is permitted, but
not required, to report data to the Bureau collected pursuant to
subpart B if it complies with the requirements of subpart B as
otherwise required for covered financial institutions pursuant to
Sec. Sec. 1002.109 and 1002.110.
The Bureau anticipates that some creditors that are no longer
covered financial institutions and thus no longer required to report
data in a given reporting year may prefer to continue to collect
applicants' protected demographic information in the event they become
a covered financial institution again, in order to maintain consistent
compliance standards from year to year. As it did in a similar context
for HMDA reporting, the Bureau believes that permitting such collection
for five years provides an appropriate time frame under which a
financial institution should be permitted to continue collecting the
information without having to change its compliance processes. The
Bureau believes that a five-year period is sufficient to help an
institution discern whether it is likely to have to report small
business lending data in the near future but not so long as to permit
it to collect such information in a period too attenuated from previous
reporting.
Final Sec. 1002.5(a)(4)(viii) provides a creditor that exceeded
the loan-volume threshold in the first year of the two-year threshold
period provided in final Sec. 1002.105(b) may, in the second year,
collect protected demographic information pursuant to subpart B for
covered applications from small businesses as defined in final
Sec. Sec. 1002.103 and 1002.106(b) if it complies with the
requirements of subpart B as otherwise required for covered financial
institutions pursuant to final Sec. Sec. 1002.107(a)(18) and (19),
1002.108, 1002.111, and 1002.112 for that application. Final Sec.
1002.5(a)(4)(viii) also states that such a creditor is permitted, but
not required, to report data to the Bureau collected pursuant to
subpart B if it complies with the requirements of subpart B as
otherwise required for covered financial institutions pursuant to
Sec. Sec. 1002.109 and 1002.110. The Bureau believes that this
provision will benefit creditors when the creditor has not previously
reported small business lending data but expects to be covered in the
following year and wishes to prepare for that future reporting
obligation. For example, where a creditor surpasses the loan-volume
threshold of final Sec. 1002.105(b) for the first time in a given
calendar year, it may wish to begin collecting applicants' protected
demographic information for covered applications received in the next
calendar year (second calendar year) so as to ensure its compliance
systems are fully functional before it is required to collect and
report information pursuant to subpart B in the following calendar year
(third calendar year).
Final Sec. 1002.5(a)(4)(ix) provides that a creditor that is not
currently a covered financial institution under final Sec.
1002.105(b), and is not otherwise a creditor to which final Sec.
1002.5(a)(4)(vii) or (viii) applies, may collect protected demographic
information pursuant to subpart B for covered applications from small
businesses as defined in final Sec. Sec. 1002.103 and 1002.106(b) for
a transaction if it complies with the requirements of subpart B as
otherwise required for covered financial institutions pursuant to final
Sec. Sec. 1002.107 through 1002.112 for that application. Voluntarily
reported data pursuant to final Sec. 1002.5(a)(4)(ix) may add some
information that otherwise would not be collected and reported, and
which would further both the statutory purposes of section 1071 without
requiring reporting from very low-volume financial institutions that
may find it difficult or costly to report data.
The Bureau is finalizing Sec. 1002.5(a)(4)(ix) in response to
feedback from some small entity
[[Page 35193]]
representatives and other stakeholders at SBREFA, as well as several
NPRM commenters, that indicated lenders might want to collect and
report small business lending data even if they were not required to do
so.
New Sec. 1002.5(a)(4)(x) provides that a creditor that is
collecting information pursuant to subpart B or as described in
Sec. Sec. 1002.5(a)(4)(vii) through (ix) for covered applications from
small businesses as defined in Sec. Sec. 1002.103 and 1002.106(b)
regarding whether an applicant for a covered credit transaction is a
minority-owned business, a women-owned business, or an LGBTQI+-owned
business, and the ethnicity, race, and sex of the applicant's principal
owners may also collect that same information for any co-applicants
provided that it also complies with the relevant requirements of
subpart B of this part or as described in paragraphs (a)(4)(vii)
through (ix) of this section with respect to those co-applicants.
The Bureau is adding Sec. 1002.5(a)(4)(x) to permit creditors to
collect information pursuant to subpart B regarding co-applicants for a
covered application for a small business. Existing Sec. 1002.5(a)(4)
does not explicitly address whether creditors have permission to
collect demographic information for co-applicants for a covered
application for a small business, and the Bureau implements new Sec.
1002.5(a)(4)(x) to remove any doubt that creditors that are permitted
to collection information pursuant to subpart B on an applicant for
covered applications for a small business pursuant to Sec. Sec.
1002.5(a)(4)(vii) through (ix) is also permitted to collect such
information for co-applicants as well, even if the financial
institution will only report information regarding a single designated
applicant per new comment 103(a)-10. As described below, final comment
103(a)-10 provides that if a covered financial institution receives a
covered application from multiple businesses that are not affiliates,
it shall compile, maintain, and report data for only a single applicant
that is a small business. The Bureau believes that it may be easier and
more efficient for financial institutions to request the same
information of all co-applicants--new Sec. 1002.5(a)(4)(x) will enable
financial institutions to collect small business lending data from
unreported co-applicants without violating ECOA and Regulation B's
general prohibition against collecting protected demographic
information.
The Bureau believes that it is an appropriate use of its statutory
authority under sections 703(a) and 704B(g)(1) of ECOA to permit
creditors to collect, and for Sec. 1002.5(a)(4)(ix) report, protected
demographic information in the manner set out in Sec.
1002.5(a)(4)(vii) through (x). These provisions will effectuate the
purposes of and facilitate compliance with ECOA and is necessary to
carry out, enforce, and compile data pursuant to section 1071. Section
1002.5(a)(4)(vii) will permit creditors to collect information without
interruption from year to year, thereby facilitating compliance with
the rule's data collection requirements and improving the quality and
reliability of the data collected. Section 1002.5(a)(4)(viii) improves
the quality and reliability of the data collected by financial
institutions that may be transitioning into being required to collect
and report 1071 data, and will provide a creditor assurance of
compliance with existing Sec. 1002.5 regardless of whether it actually
becomes subject to subpart B reporting at the end of the two-year
threshold period. Section 1002.5(a)(4)(ix) will potentially increase
the collection of additional information and amount of data available
for analysis, thereby advancing the purposes of section 1071. Finally,
Sec. 1002.5(a)(4)(x) will permit collection of demographic information
for co-applicants, thereby reducing operational complexity to allow
creditors to focus on data quality and reliability. The Bureau also
believes that these provisions are narrowly tailored and preserves and
respects the general limitations in existing Sec. 1002.5(b) through
(d).
The Bureau is also revising existing comment 5(a)(2)-3, which
explains that persons such as loan brokers and correspondents do not
violate ECOA or Regulation B if they collect information that they are
otherwise prohibited from collecting, where the purpose of collecting
the information is to provide it to a creditor that is subject to HMDA
or another Federal or State statute or regulation requiring data
collection. The Bureau stated its belief in the NPRM that the reference
to ``another Federal statute or regulation'' adequately encompassed
section 1071 and subpart B, and thus did not propose to amend this
existing comment. However, upon further reflection, the Bureau has
determined to revise the provision specifically to reference subpart B
for the sake of further clarity and the avoidance of doubt that loan
brokers and other persons collecting applicants' protected demographic
information on behalf of covered financial institutions pursuant to
this final rule are not violating ECOA or Regulation B by doing so. The
Bureau believes that it is an appropriate use of its general authority
under ECOA sections 703(a) and 704B(g)(1) to permit such persons to
collect protected demographic information on behalf of covered
financial institutions, as such collection will effectuate the purposes
of and facilitate compliance with ECOA and is necessary to carry out,
enforce, and compile data pursuant to section 1071.
The Bureau is finalizing comment 5(a)(2)-4, which defines the
phrase ``information required by subpart B,'' with revisions to add
cross-references to LGBTQI+-owned businesses, as defined in Sec.
1002.102(l). Final comment 5(a)(2)-4 addresses the requirement under
this final rule that creditors that are covered financial institutions
as defined in Sec. 1002.105(a) collect and report information about
the ethnicity, race, and sex of the principal owners of applicants for
certain small business credit, as well as whether the applicant is a
minority-owned business, a women-owned business, or an LGBTQI+-owned
business, as defined in Sec. 1002.102(m), (s), and (l), respectively.
The Bureau is finalizing this comment for parity with existing comment
5(a)(2)-2, which addresses the requirement to collect and report
information about the ethnicity, race, and sex of applicants under
HMDA. The Bureau believes that it is an appropriate use of its general
authority under ECOA sections 703(a) and 704B(g)(1) to specify the
meaning of ``information required by subpart B,'' by adding comment
5(a)(2)-4 and that the clarity and certainty this provision adds will
effectuate the purposes of and facilitates compliance with ECOA and is
necessary to carry out, enforce, and compile data pursuant to section
1071.
Finally, the Bureau is finalizing its revisions to existing comment
5(a)(4)-1 as proposed. The existing comment establishes recordkeeping
requirements for ethnicity, race, and sex information that is
voluntarily collected for HMDA under the existing provisions of Sec.
1002.5(a)(4). The revisions to comment 5(a)(4)-1 likewise provide that
protected demographic information that is not required to be collected
pursuant to subpart B may nevertheless be collected under the
circumstances set forth in Sec. 1002.5(a)(4) without violating
existing Sec. 1002.5(b), and that the information collected pursuant
to this final rule must be retained pursuant to the requirements set
forth in final Sec. 1002.111. The Bureau is revising this comment to
provide for parity between this final rule and existing references to
voluntary collection of data pursuant to HMDA. The Bureau believes that
these
[[Page 35194]]
revisions are an appropriate use of its general authority under ECOA
sections 703(a) and 704B(g)(1) as these revisions provide clarity and
certainty to financial institutions in their voluntary collection of
applicants' protected demographic information. Such clarity and
certainty effectuate the purposes of and facilitates compliance with
ECOA and these revisions are necessary to carry out, enforce, and
compile data pursuant to section 1071.
Regarding a commenter's request to clarify whether these amendments
permit voluntary reporting only as to data points concerning protected
demographic data, the Bureau observes that nothing prohibits creditors
from collecting any of the information set forth in final Sec.
1002.107, other than the protected demographic information in Sec.
1002.107(a)(18) and (19). Creditors that choose to collect protected
demographic information pursuant to final Sec. 1002.5(a)(4)(ix) must
comply with Sec. 1002.109 (along with other specified provisions),
which means that they must collect and report all the required data
specified in final Sec. 1002.107.
The Bureau is not adding incentives for voluntary disclosure of
data for creditors that are not covered financial institutions, as
suggested by one commenter. It appears, based on SBREFA and NPRM
comments, that some creditors already have an incentive to collect and
report small business lending data pursuant to section 1071 even if
they are not covered financial institutions under the rule; it is
unclear what additional incentives the Bureau could offer to encourage
other creditors to do the same. Regarding ensuring that reported data
are not distorted, however, the Bureau notes that voluntary reporters
must identify themselves as such pursuant to final Sec.
1002.109(b)(10) and, a creditor voluntarily collecting and reporting
data pursuant to final Sec. 1002.5(a)(4)(ix) must do so in compliance
with Sec. Sec. 1002.107 through 1002.112 and 1002.114.
Regarding the comment that the visual observation and surname
requirement would cause certain covered institutions to violate the
prohibition in 12 CFR 202.5(b) from inquiring about the race, color,
religion, national origin, or sex of an applicant or any other person
in connection with a credit transaction, the Bureau notes that the
concern is moot because the Bureau is not finalizing its proposed
provisions for collecting principal owners' ethnicity and race via
visual observation or surname in certain circumstances. (See the
section-by-section analysis of Sec. 1002.107(a)(19) for a detailed
discussion of this change.) In any case, a creditor is permitted to
make such inquiries under existing Sec. 1002.5(a)(2), given that the
provision permits the collection of demographic information when
required to do so by another law or regulation (which includes this
rule).
The Bureau addresses potential voluntary collection and reporting
of data regarding non-covered products, including consumer-designated
credit used for small business purposes, in the section-by-section
analysis of Sec. 1002.104(b) below. Based on its determination not to
permit voluntary collection of data for such non-covered products, the
Bureau is not adding an additional provision to Sec. 1002.5(a)(4) to
address such collection.
As discussed in the section-by-section analyses of Sec. Sec.
1002.104(a) and 1002.105(b), the Bureau is not excluding agricultural
lending or FCS lenders from coverage under this final rule. The
commenter's request to permit supplemental voluntary collection and
reporting of data by exempt FCS lenders if such data are not otherwise
already being provided to the public is thus moot. Of course, any FCS
lenders that are not covered financial institutions could nonetheless
voluntarily collect and report data pursuant to final Sec.
1002.5(a)(4)(ix).
Subpart B--Small Business Lending Data Collection
Section 1002.101 Authority, Purpose, and Scope
Proposed Sec. 1002.101 would have set forth the authority,
purpose, and scope for proposed subpart B. The Bureau sought comment on
its proposed approach to this section, including whether any other
information on the rule's authority, purpose, or scope should be
addressed herein.
The Bureau did not receive any comments specifically regarding its
recitation of the authority, purpose, and scope of subpart B. Comments
addressing the authority, purpose, and scope of section 1071 and this
final rule as a general matter are addressed in D.1 in the Overview to
this part V above.
The Bureau is finalizing Sec. 1002.101 as proposed. Final Sec.
1002.101(a) provides that subpart B is issued by the Bureau pursuant to
section 704B of ECOA (15 U.S.C. 1691c-2), and states that, except as
otherwise provided therein, subpart B applies to covered financial
institutions, as defined in Sec. 1002.105(b), other than a person
excluded from coverage of this part by section 1029 of the Dodd-Frank
Act. Final Sec. 1002.101(b) sets out section 1071's two statutory
purposes of facilitating fair lending enforcement and enabling the
identification of business and community development needs and
opportunities for women-owned, minority-owned, and small businesses.
Section 1002.102 Definitions
The Bureau is finalizing a number of definitions for terms used in
subpart B, in Sec. 1002.102.\305\ These definitions generally fall
into several categories. First, some definitions in final Sec.
1002.102 refer to terms defined elsewhere in subpart B--specifically,
the terms business, covered application, covered credit transaction,
covered financial institution, financial institution, and small
business are defined in final Sec. Sec. 1002.106(a), 1002.103,
1002.104, 1002.105(b), 1002.105(a), and 1002.106(b), respectively.
These terms are of particular importance in subpart B, and the Bureau
is defining them in separate sections, rather than in Sec. 1002.102,
for ease of reading.
---------------------------------------------------------------------------
\305\ The Bureau notes that there are certain terms defined in
subpart B outside of final Sec. 1002.102. This occurs where a
definition is relevant only to a particular section. For example,
the firewall provisions in final Sec. 1002.108 use the phrases
``involved in making any determination concerning a covered
application'' and ``should have access.'' Those phrases are defined
in Sec. 1002.108(a). Such definitions are discussed in detail in
the section-by-section analyses of the provisions in which they
appear.
---------------------------------------------------------------------------
Second, some terms in final Sec. 1002.102 are defined by cross-
referencing the definitions of terms defined in existing Regulation B--
specifically, business credit, credit, and State are defined by
reference to existing Sec. 1002.2(g), (j), and (aa), respectively.
Similarly, a portion of the small business and affiliate definitions
refer to the SBA's regulation at 13 CFR 121.103. These terms are each
used in subpart B, and the Bureau believes it is appropriate to
incorporate them into the subpart B definitions in this manner.
Finally, the remaining terms are defined directly in final Sec.
1002.102. These include applicant, closed-end credit transaction,
LGBTQI+ individual, LGBTQI+-owned business, minority-owned business,
open-end credit transaction, principal owner, small business lending
application register, and women-owned business, as well as a portion of
the definition of affiliate. Some of these definitions draw on
definitions in existing Regulation B or elsewhere in Federal laws or
regulations.
The Bureau believes that basing this rule's definitions on
previously defined terms (whether in Regulation B or regulations
promulgated by another agency), to the extent possible, will
[[Page 35195]]
minimize regulatory uncertainty and facilitate compliance, particularly
where the other regulations are likely to apply to the same
transactions. As discussed further below, in certain instances, the
Bureau is deviating from the existing definitions for purposes of this
rule.
These definitions are each discussed in detail below. The Bureau is
finalizing these definitions pursuant to its authority under ECOA
section 704B(g)(1) to prescribe such rules and issue such guidance as
may be necessary to carry out, enforce, and compile data pursuant to
section 1071. In addition, the Bureau is finalizing certain of these
definitions to implement particular definitions in section 1071
including the statutory definitions set out in 704B(h). Any other
authorities that the Bureau is relying on to finalize certain
definitions are discussed in the section-by-section analyses of those
specific definitions.
102(a) Affiliate
Proposed Rule
The Bureau proposed Sec. 1002.102(a) to define ``affiliate'' based
on whether the term is used to refer to a financial institution or to
an applicant.
Proposed Sec. 1002.102(a) would have defined ``affiliate'' with
respect to a financial institution as any company that controls, is
controlled by, or is under common control with, another company, as set
forth in the Bank Holding Company Act of 1956.\306\ Existing Regulation
B does not define affiliate. This proposed definition would have
provided a consistent approach with the Bureau's Regulation C, which
applies the term to financial institutions, as defined in Regulation C,
for certain reporting obligations.\307\
---------------------------------------------------------------------------
\306\ 12 U.S.C. 1841 et seq.
\307\ See Regulation C comment 4(a)(11)-3.
---------------------------------------------------------------------------
Proposed Sec. 1002.102(a) would have defined ``affiliate'' with
respect to a business or an applicant as having the same meaning as
described in 13 CFR 121.103, which is an SBA regulation titled ``How
does SBA determine affiliation?'' The proposed definition would have
provided consistency with the Bureau's proposed approach to what
constitutes a small business for purposes of section 1071 in proposed
Sec. 1002.106(b). Proposed Sec. 1002.107(a)(14) would have permitted,
but not required, a financial institution to report the gross annual
revenue for the applicant in a manner that includes the revenue of
affiliates as well. In proposed Sec. 1002.107(a)(16), workers for
affiliates of the applicant would be counted in certain circumstances
for the number of workers data point.
The Bureau sought comment on its proposed approach to this
definition.
Comments Received
Several industry commenters provided feedback on the Bureau's
proposed definition of ``affiliate.'' A joint letter from several trade
associations asked the Bureau to provide clarification on how the
definition of ``affiliate'' applies in the context of commercial real
estate lending. Two other commenters objected to the Bureau's proposed
reference to the SBA definition to determine affiliate of a small
business because it can be changed by the SBA and the commenters
recommended that the Bureau simplify the definition.
The Bureau did not receive comments on the proposed definition of
``affiliate'' with respect to a financial institution.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.102(a) as proposed. The Bureau believes it is appropriate to
define ``affiliate'' with respect to financial institutions to be
consistent with the approach in the Bureau's Regulation C, and received
no comments suggesting it should do otherwise. The consistency with an
existing regulatory definition may help provide clarity for financial
institutions when determining their responsibilities under this final
rule.
Regarding commenters' suggestions to simplify the definition of
``affiliate,'' the Bureau does not believe it would be appropriate to
deviate from the SBA's definition for determining who is an affiliate
with respect to a business or an applicant. ECOA section 704B(h)(2)
defines the term ``small business'' as having the same meaning as
``small business concern'' in section 3 of the Small Business Act.\308\
Consistent with the statute, the Bureau's definitions of business and
small business in final Sec. 1002.106 refer to definitions in the
SBA's regulations, of which the SBA's definition of affiliate in 13 CFR
121.103 is a part. The Bureau believes that defining ``affiliate'' in
this manner is appropriate and necessary to maintain consistency with
the SBA's definitions. In addition, the Bureau believes that using a
commonly known existing regulatory definition will facilitate
compliance with reporting obligations under this final rule. Finally,
the Bureau believes the SBA's definition of affiliate is sufficiently
broad to afford financial institutions flexibility in the small
business size determination process, as discussed below in the section-
by-section analysis of Sec. 1002.106(b).
---------------------------------------------------------------------------
\308\ 15 U.S.C. 632.
---------------------------------------------------------------------------
The Bureau addresses the comment regarding how the definition of
``affiliate'' applies in the context of commercial real estate lending
in the section-by-section analysis of Sec. 1002.106(b)(1) below.
102(b) Applicant
Proposed Sec. 1002.102(b) would have defined ``applicant'' to mean
any person who requests or who has received an extension of business
credit from a financial institution. The term ``applicant'' is
undefined in section 1071. Proposed Sec. 1002.102(b) was based on the
definition of applicant in existing Regulation B, though for
consistency with other parts of the proposed rule, it added a
limitation that the credit be business credit and uses the term
financial institution instead of creditor. It also omitted the
references to other persons who are or may become contractually liable
regarding an extension of credit such as guarantors, sureties,
endorsers, and similar parties. The Bureau acknowledged that including
other such persons could exceed the scope of the data collection
anticipated by section 1071. Including them could also make the data
collection more difficult as financial institutions might need to
report data points (such as gross annual revenue, NAICS code, time in
business, and others) regarding multiple persons in connection with a
single application. The Bureau believed that collecting such
information on guarantors, sureties, endorsers, and similar parties
would likely not support section 1071's business and community
development purpose.
The Bureau sought comment on its proposed approach to this
definition and received one comment in response. The commenter
requested that the Bureau clarify that loans jointly made to multiple
borrowers, where one or more of the borrowers may qualify as a small
business under the rule but are not the primary business(es) seeking
the funding, are not subject to the reporting requirements.
For the reasons discussed herein, the Bureau is finalizing Sec.
1002.102(b) as proposed. The Bureau believes it is appropriate to base
the definition of applicant for purposes of new subpart B on the
definition of applicant in existing Regulation B, with the limitation
that the credit be business credit and using the term financial
institution instead of creditor. The Bureau likewise believes that it
is appropriate to limit the definition of applicant in subpart B to
only those persons who request, or have
[[Page 35196]]
received, an extension of business credit from a financial institution.
As such, the definition of applicant in final Sec. 1002.102(b) does
not include other persons who are or may become contractually liable
regarding an extension of business credit such as guarantors, sureties,
endorsers, and similar parties. As stated in final comment 102(b)-1, in
no way are the limitations to the term applicant in Sec. 1002.102(b)
intended to repeal, abrogate, annul, impair, change, or interfere with
the scope of the term applicant in existing Sec. 1002.2(e) as
applicable to existing Regulation B.
In response to the comment regarding loans jointly made to multiple
borrowers, the Bureau does not believe that a modification to the
definition of applicant is necessary. Rather, the Bureau is adding
comment 103(a)-10 to address data collection and reporting if a covered
financial institution receives a covered application from co-applicant
businesses that are not affiliates, as defined in final Sec.
1002.102(a). Final comment 103(a)-10 provides that if a covered
financial institution receives a covered application from multiple
businesses that are not affiliates, as defined by final Sec.
1002.102(a), it shall compile, maintain, and report data pursuant to
final Sec. Sec. 1002.107 through 1002.109 for only a single applicant
that is a small business, as defined in final Sec. 1002.106(b). A
covered financial institution shall establish consistent procedures for
designating a single small business for purposes of collecting and
reporting data under subpart B in situations where there is more than
one small business co-applicant, such as reporting on the first small
business listed on an application form. In addition, the Bureau notes
that--if the applicants are affiliated entities--the rule already
permits consideration of affiliates' revenues in determining whether a
business qualifies as small. See the section-by-section analyses of
Sec. Sec. 1002.106(b) and 1002.107(a)(14) for additional discussion of
affiliate revenue.
102(c) Business
Final Sec. 1002.102(c) refers to Sec. 1002.106(a) for a
definition of the term ``business.'' See the section-by-section
analysis of Sec. 1002.106(a) for a detailed discussion of that
definition.
102(d) Business Credit
Proposed Sec. 1002.102(d) would have referred to existing Sec.
1002.2(g) for a definition of the term ``business credit.'' The term
``credit'' is undefined in section 1071. Section 1071 does not use the
term ``business credit,'' though it does define ``small business loan''
as a loan made to a small business. Existing Sec. 1002.2(g) defines
``business credit'' as ``refer[ring] to extensions of credit primarily
for business or commercial (including agricultural) purposes, but
excluding extensions of credit of the types described in Sec.
1002.3(a)-(d),'' i.e., public utilities credit, securities credit,
incidental credit, and government credit.
The Bureau received two comments specific to its proposed
definition of business credit. These two commenters, both credit union
trade associations, expressed support for the proposed definition,
stating that it was familiar to credit unions and encompasses the most
common business credit products aimed at small business borrowers. The
Bureau also received numerous comments related to its proposed coverage
of agricultural credit, parts of which also touched on the proposed
definition of ``business credit''; these comments are discussed below
in the section-by-section analysis of Sec. 1002.104(a).
The Bureau is finalizing Sec. 1002.102(d) as proposed. Final Sec.
1002.102(d) points to existing Sec. 1002.2(g) in defining the term
``business credit.'' The Bureau believes it is appropriate to define
business credit by reference to the existing definition in Regulation
B, which incorporates by reference the meaning of ``credit,'' as
defined in existing Sec. 1002.2(j). For clarity and completeness, as
discussed below, the Bureau is also adopting existing Regulation B's
definition of credit. The Bureau's final rule uses the term business
credit principally in defining a covered credit transaction in Sec.
1002.104(a).
The Bureau notes that existing Sec. 1002.2(g) excludes public
utilities credit, securities credit, incidental credit, and government
credit (that is, extensions of credit made to governments or
governmental subdivisions, agencies, or instrumentalities--not
extensions of credit made by governments), as defined in existing Sec.
1002.3(a) through (d), from certain aspects of existing Regulation
B.\309\ For the purpose of subpart B, the Bureau is both incorporating
existing Sec. 1002.2(g)--which already includes partial carveouts for
public utilities credit, securities credit, and incidental credit--and
also finalizing complete exclusions for these types of credit from the
definition of a covered credit transaction in Sec. 1002.104(b). For
clarity, the Bureau is separately defining these terms in Sec.
1002.104(b) and explains the rationales for excluding each of them in
the section-by-section analysis of Sec. 1002.104(b) below. The Bureau
is not adopting an exclusion for extensions of credit made to
governments or governmental subdivisions, agencies, or
instrumentalities, because governmental entities do not constitute
small businesses under the final rule.\310\
---------------------------------------------------------------------------
\309\ As explained in existing comment 3-1, under Sec. 1002.3,
procedural requirements of Regulation B do not apply to certain
types of credit. The comment further states that all classes of
transactions remain subject to Sec. 1002.4(a) (the general rule
barring discrimination on a prohibited basis) and to any other
provision not specifically excepted.
\310\ Government entities are not ``organized for profit'' and
thus are not a ``business concern'' under final Sec. 1002.106(a).
---------------------------------------------------------------------------
102(e) Closed-End Credit Transaction
Proposed Sec. 1002.102(e) would have stated that a closed-end
credit transaction means an extension of credit that is not an open-end
credit transaction under proposed Sec. 1002.102(n). The term ``closed-
end credit transaction'' is undefined in section 1071. The Bureau's
proposal would have specified different requirements for collecting and
reporting certain data points based on whether the application is for a
closed-end credit transaction or an open-end credit transaction. The
definition of open-end credit transaction was addressed in proposed
Sec. 1002.102(n).
The Bureau sought comment on its proposed approach to the
definition of a closed-end credit transaction. The Bureau received no
comments and is finalizing Sec. 1002.102(e) with one revision for
clarity. The Bureau is revising the definition of a closed-end credit
transaction to mean an extension of business credit that is not an
open-end credit transaction under Sec. 1002.102(n). The Bureau
believes this definition is reasonable as it aligns with the definition
of ``open-end credit transaction'' in final Sec. 1002.102(o), and that
such alignment will minimize confusion and facilitate compliance.
102(f) Covered Application
Final Sec. 1002.102(f) refers to Sec. 1002.103 for a definition
of the term ``covered application.'' See the section-by-section
analysis of Sec. 1002.103 for a detailed discussion of that
definition.
102(g) Covered Credit Transaction
Final Sec. 1002.102(g) refers to Sec. 1002.104 for a definition
of the term ``covered credit transaction.'' See the section-by-section
analysis of Sec. 1002.104 for a detailed discussion of that
definition.
[[Page 35197]]
102(h) Covered Financial Institution
Final Sec. 1002.102(h) refers to Sec. 1002.105(b) for a
definition of the term ``covered financial institution.'' See the
section-by-section analysis of Sec. 1002.105(b) for a detailed
discussion of that definition.
102(i) Credit
Proposed Sec. 1002.102(i) would have referred to existing Sec.
1002.2(j) for a definition of the term ``credit.'' The term ``credit''
is undefined in section 1071. Existing Sec. 1002.2(j), which largely
follows the definition of credit in ECOA,\311\ defines ``credit'' to
mean the right granted by a creditor to an applicant to defer payment
of a debt, incur debt and defer its payment, or purchase property or
services and defer payment therefor. The Bureau sought comment on its
proposed approach to this definition.
---------------------------------------------------------------------------
\311\ See 15 U.S.C. 1691a. Existing Regulation B uses the term
``applicant'' instead of ``debtor.''
---------------------------------------------------------------------------
The Bureau received several comments regarding its proposed
definition of ``credit.'' A few community groups expressed general
support for a broad definition of credit. To ensure adequate coverage
for future products, one commenter suggested defining credit to also
cover situations where money is transmitted to a recipient but the
money still effectively belongs to the transmitter and is to be repaid
according to certain terms. Another commenter advocated for a credit
definition that included as many lenders (and financing companies that
are not technically lenders) as possible within the scope of this
rulemaking, even when such companies are providing financing in a
format that, according to the commenter, is not technically credit (the
commenter offered cash advance and factoring companies as examples).
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.102(i) as proposed. Section 1002.102(i) refers to existing Sec.
1002.2(j) for a definition of the term ``credit.'' The Bureau believes
that aligning to the implemented definition of credit in ECOA \312\ for
purposes of subpart B will help to foster consistency with existing
Regulation B. The term credit in subpart B is used in the context of
what constitutes a covered credit transaction--that is, whether the
application is reportable under this final rule. See the section-by-
section analysis of Sec. 1002.104 below for a detailed discussion of
what does, and does not, constitute a covered credit transaction for
purposes of this final rule.
---------------------------------------------------------------------------
\312\ See id. Existing Regulation B closely aligns with the
definition of credit in ECOA, with some technical revisions and use
of the term ``applicant'' instead of ``debtor.''
---------------------------------------------------------------------------
102(j) Financial Institution
Final Sec. 1002.102(j) refers to Sec. 1002.105(a) for a
definition of the term ``financial institution.'' See the section-by-
section analysis of Sec. 1002.105(a) for a detailed discussion of that
definition.
102(k) LGBTQI+ Individual and 102(l) LGBTQI+-Owned Business
Proposed Rule
ECOA section 704B(e)(2)(H) authorizes the Bureau to require
financial institutions to compile and maintain ``any additional data
that the Bureau determines would aid in fulfilling the purposes of this
section.'' In the NPRM, the Bureau sought comment on whether it should
adopt a data point to collect an applicant's lesbian, gay, bisexual,
transgender, or queer plus (LGBTQ+)-owned business status, similar to
its proposal for collecting minority-owned business status and women-
owned business status under proposed Sec. 1002.107(a)(18) and (19).
The Bureau also sought comment on whether including this question,
along with others, would improve data collection or otherwise further
section 1071's purposes, as well as whether it would pose any
particular burdens or challenges for industry.\313\
---------------------------------------------------------------------------
\313\ 86 FR 56356, 56482 (Oct. 8, 2021).
---------------------------------------------------------------------------
This section-by-section analysis of Sec. 1002.102(k) and (l)
discusses the Bureau's definition of LGBTQI+ individual and the related
definition of LGBTQI+-owned business, respectively. Collection of
LGBTQI+-owned business status is addressed in the section-by-section
analysis of Sec. 1002.107(a)(18).
Comments Received
The Bureau received comments from several lenders, individual
commenters, and community and advocacy groups as to whether the Bureau
should adopt a data point to collect an applicant's ``LGBTQ+-owned
business'' status.\314\ As explained further in the section-by-section
analysis of Sec. 1002.107(a)(18), some of these commenters did not
support including such a data point in the final rule (and thus did not
make any suggestions for how an LGBTQ+-owned business should be
defined). One commenter opposed collecting LGBTQ+ data without a
corresponding proposal to modify the definition of minority-owned
business.
---------------------------------------------------------------------------
\314\ The terms ``LGBT,'' ``LGBTQ,'' ``LGBTQ+,'' and
``LGBTQIA+'' are used in this preamble to reflect the specific terms
used by commenters, the conditions or titles of any cited research,
or (particularly for ``LGBTQ+'') the Bureau's request for comment in
the NPRM.
---------------------------------------------------------------------------
In contrast, other commenters supported requiring the collection
and reporting of applicants' LGBTQ+-owned business status information.
As discussed further in the section-by-section analysis of Sec.
1002.107(a)(18), commenters generally explained that collecting such
data would enhance fair lending enforcement and identify credit needs
for these small businesses.
Most of these commenters generally echoed the Bureau's use of the
term ``LGBTQ+-owned business'' status in expressing their support for
the data point. Several recommended that the Bureau require financial
institutions' inquiries about such status to include a definition of
the status and give applicants response options specifically indicating
that they are or are not such a business, similar to the Bureau's
proposed approach for requesting information about applicants'
minority-owned and women-owned business status.
One commenter suggested that the Bureau use the phrase ``LGBTQI+-
owned business'' and include a definition in the final rule. The
commenter recommended that the Bureau define the term as a business
where (1) more than 50 percent of the ownership or control of which is
held by one or more individuals self-identifying as lesbian, gay,
bisexual, transgender, queer, or intersex and (2) more than 50 percent
of the net profit or loss accrues to one or more individuals self-
identifying as lesbian, gay, bisexual, transgender, queer, or intersex.
The commenter stated that this definition is similar to the definitions
of minority-owned and women-owned businesses and consistent with other
Federal government and expert practice and recommendations as well as
the definition of ``LGBTQ-owned business'' in Federal legislation that
was pending at that time.\315\
---------------------------------------------------------------------------
\315\ The commenter cited the LGBTQ Business Equal Credit
Enforcement and Investment Act, H.R. 1443, 117th Cong. (2021),
https://www.congress.gov/bill/117th-congress/house-bill/1443/text
(which would have amended ECOA section 704B to, among other things,
require financial institutions to inquire whether a business is a
``LGBTQ-owned'' business).
---------------------------------------------------------------------------
Final Rule
As discussed further in part II above and the section-by-section
analysis of Sec. 1002.107(a)(18) below, the Bureau believes that the
collection of an applicant's LGBTQI+-owned business status will aid in
fulfilling the purposes of section 1071, by facilitating evaluations of
potential discriminatory
[[Page 35198]]
lending practices on the basis of sex in violation of fair lending laws
and helping communities, governmental entities, and creditors identify
needs and opportunities of small businesses. Thus, the Bureau is
adopting Sec. 1002.102(k) and (l) pursuant to its authority under ECOA
section 704B(e)(2)(H) to require financial institutions to compile and
maintain any additional data that the Bureau determines would aid in
fulfilling the purposes of section 1071 and its authority under ECOA
section 704B(g)(1) to prescribe such rules and issue such guidance as
may be necessary to carry out, enforce, and compile data pursuant to
the statute. The Bureau is not, as suggested by one commenter,
including LGBTQI+ status in the definition of minority-owned business,
but is, as requested by multiple commenters, adopting a definition of
LGBTQI+ owned business that largely parallels the definition of a
minority-owned business.
For the reasons set forth herein, the Bureau is defining ``LGBTQI+
individual'' in final Sec. 1002.102(k) as including an individual who
identifies as lesbian, gay, bisexual, transgender, queer, or intersex.
The Bureau is defining the term ``LGBTQI+-owned business'' in final
Sec. 1002.102(l) as ``a business for which one or more LGBTQI+
individuals hold more than 50 percent of its ownership or control, and
for which more than 50 percent of the net profits or losses accrue to
one or more such individuals.'' Both definitions are being included to
facilitate the requirement in final Sec. 1002.107(a)(18) that
financial institutions collect an applicant's minority-owned, women-
owned, and LGBTQI+-owned business statuses.
The Bureau agrees with a commenter's suggestion to use the term
``LGBTQI+-owned business''--including an ``I'' to capture intersex
individuals--instead of ``LGBTQ+-owned business.'' \316\ The Bureau
believes that the term ``LGBTQI+-owned business'' better reflects the
Bureau's intent to be broadly inclusive.
---------------------------------------------------------------------------
\316\ Explicit inclusion of intersex individuals within the
scope of the definitions for LGBTQI+ individual and LGBTQI+-owned
business is consistent with the prohibitions against discrimination
on the basis of ``sex'' under ECOA and Regulation B. Sex
characteristics including intersex traits are ``inextricably bound
up with'' sex,'' Bostock v. Clayton Cty., 140 S. Ct. 1731, 1742
(2020), and ``cannot be stated without referencing sex,'' Grimm v.
Gloucester Cty. Sch. Bd., 972 F.3d 586, 608 (4th Cir. 2020) (quoting
Whitaker v. Kenosha Unified Sch. Dist. No. 1 Bd. of Educ., 858 F.3d
1034, 1051 (7th Cir. 2017)).
---------------------------------------------------------------------------
The Bureau notes that in user testing it conducted to assist its
understanding of small business applicants' potential experience using
the sample data collection form in the summer and fall of 2022, a few
users were confused by the term ``LGBTQI+-owned business.'' \317\
Therefore, and consistent with commenters' suggestions, final comments
102(l)-2 and 107(a)(18)-2 explain that a financial institution must
provide the definition of LGBTQI+-owned business when inquiring as to
the applicant's business ownership status pursuant to final Sec.
1002.107(a)(18). A financial institution may use the definition as set
forth on the sample data collection form at appendix E. Final comment
102(l)-2 also clarifies that a financial institution must provide the
definition of LGBTQI+ individual under final Sec. 1002.102(k) if asked
by the applicant, but does not need to do so unless asked.
---------------------------------------------------------------------------
\317\ CFPB, User testing for sample data collection form for the
small business lending final rule at app. C, at 3, 8 (Mar. 2023),
https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------
Final comment 102(l)-2 clarifies that the definition of LGBTQI+-
owned business is used only when an applicant determines if it is such
a business for purposes of final Sec. 1002.107(a)(18). The financial
institution is not permitted or required to make its own determination
as to whether an applicant is a LGBTQI+-owned business.
In line with commenters' suggestions, the definition for LGBTQI+-
owned business in final Sec. 1002.102(l) parallels concepts in the
Bureau's definitions for minority-owned business and women-owned
business in final Sec. 1002.102(m) and (s), respectively. The final
rule's LGBTQI+-owned business definition incorporates the same two-
prong approach as the other business status definitions, with more than
50 percent ownership or control as the first prong and more than 50
percent of net profits or losses as the second prong.
The commentary for final Sec. 1002.102(l) generally mirrors the
commentary for the minority-owned business and women-owned business
definitions in the final rule.\318\ Final comment 102(l)-1 explains
that a business must satisfy both prongs of the definition to be a
LGBTQI+-owned business--that is, (A) more than 50 percent of the
ownership or control is held by one or more LGBTQI+ individuals, and
(B) more than 50 percent of the net profits or losses accrue to one or
more LGBTQI+ individuals. Final comment 102(l)-1 clarifies that the
first prong of the definition can be met through either the control or
ownership requirements (as do final comments 102(m)-1 and 102(s)-1).
---------------------------------------------------------------------------
\318\ For discussion of comments as to the concepts of ownership
and control in the LGBTQI+-owned business definition, the Bureau
refers to discussion of these concepts in the section-by-section
analyses of Sec. 1002.102(m) and (s) regarding the definitions for
minority-owned business and women-owned business.
---------------------------------------------------------------------------
Final comments 102(l)-3 through -6 mirror the corresponding
commentary for the definitions of minority-owned business and women-
owned business and provide clarifications of terms used and the
concepts of ownership, control, and accrual of net profits or losses.
102(m) Minority-Owned Business
Proposed Rule
As discussed further herein, the final rule combines proposed Sec.
1002.102(l) (minority individual) into final Sec. 1002.102(m) to
streamline the rule and facilitate compliance.
ECOA section 704B(b)(1) requires financial institutions to inquire
whether applicants for credit are minority-owned businesses. For
purposes of the financial institution's inquiry under 704B(b),
704B(h)(5) defines a business as a minority-owned business if (A) more
than 50 percent of the ownership or control is held by one or more
minority individuals, and (B) more than 50 percent of the net profit or
loss accrues to one or more minority individuals. Section 1071 does not
expressly define the related terms of ``ownership'' or ``control,'' nor
does it describe what it means for net profits or losses to accrue to
an individual. Section 704B(h)(4) defines the term ``minority'' as
having the same meaning as in section 1204(c)(3) of the Financial
Institutions Reform, Recovery, and Enforcement Act of 1989
(FIRREA).\319\ That statute defines ``minority'' to mean any Black
American, Native American, Hispanic American, or Asian American.\320\
While section 1071 uses the term ``minority individual'' in 704B(h)(5),
it does not define that term.
---------------------------------------------------------------------------
\319\ Public Law 101-73, section 1204(c)(3), 103 Stat. 183, 521
(1989) (12 U.S.C. 1811 note).
\320\ Id.
---------------------------------------------------------------------------
Proposed Sec. 1002.102(l)--definition of minority individual.
Proposed Sec. 1002.102(l) would have clarified that the term
``minority individual'' means a natural person who is American Indian
or Alaska Native, Asian, Black or African American, Native Hawaiian or
Other Pacific Islander, and/or Hispanic or Latino. As explained in the
NPRM, the Bureau believed that these categories represent contemporary,
more specific delineations of the categories described in section
1204(c)(3) of FIRREA. Proposed comment 102(1)-2
[[Page 35199]]
would have clarified that a multi-racial or multi-ethnic person is a
minority individual. Proposed comment 102(1)-1 would have clarified
that this definition would be used only when an applicant determines
whether it is a minority-owned business pursuant to proposed Sec. Sec.
1002.102(m) (definition of minority-owned business) and 1002.107(a)(18)
(data point for minority-owned business status). Proposed comment
102(1)-3 would have clarified the relationship of the definition of
minority individual to the disaggregated subcategories used to
determine a principal owner's ethnicity and race.
The Bureau sought comment on its proposed approach to this
definition, including its proposed clarification of the definition of
minority individual, and requested comment on whether additional
clarification was needed. The Bureau also sought comment on whether the
definition of minority individual should include a natural person who
is Middle Eastern or North African, and whether doing so should be
dependent on whether Middle Eastern or North African is added as an
aggregate category for purposes of proposed Sec. 1002.107(a)(20).\321\
---------------------------------------------------------------------------
\321\ The Bureau received a number of comments regarding whether
Middle Eastern or North African should be added as an aggregate
category. Those comments are discussed in the section-by-section
analysis of Sec. 1002.107(a)(19).
---------------------------------------------------------------------------
Proposed Sec. 1002.102(m)--definition of minority-owned business.
Proposed Sec. 1002.102(m) would have defined a minority-owned business
as a business for which more than 50 percent of its ownership or
control is held by one or more minority individuals, and more than 50
percent of its net profits or losses accrue to one or more minority
individuals. Proposed comment 102(m)-1 would have explained that a
business must satisfy both prongs of the definition to be a minority-
owned business--that is, (A) more than 50 percent of the ownership or
control is held by one or more minority individuals, and (B) more than
50 percent of the net profits or losses accrue to one or more minority
individuals.
Proposed comment 102(m)-2 would have clarified that the definition
of minority-owned business is used only when an applicant determines if
it is a minority-owned business for purposes of proposed Sec.
1002.107(a)(18). A financial institution would provide the definition
of minority-owned business when asking the applicant to provide
minority-owned business status pursuant to proposed Sec.
1002.107(a)(18), but a financial institution would not be permitted or
required to make its own determination regarding whether an applicant
is a minority-owned business for this purpose.
Proposed comment 102(m)-3 would have further noted that a financial
institution would be permitted to assist an applicant when determining
whether it is a minority-owned business but would not be required to do
so, and could provide the applicant with the definitions of ownership,
control, and accrual of net profits or losses set forth in proposed
comments 102(m)-4 through -6. Additionally, for purposes of reporting
an applicant's minority-owned business status, a financial institution
would rely on the applicant's determinations of its ownership, control,
and accrual of net profits and losses.
The Bureau proposed to clarify ``ownership'' and ``control'' using
concepts from the beneficial ownership requirements in FinCEN's
customer due diligence rule.\322\ Proposed comment 102(m)-4 would have
clarified that a natural person owns a business if that natural person
directly or indirectly, through any contract, arrangement,
understanding, relationship or otherwise, has an equity interest in the
business. Proposed comment 102(m)-4 would have also provided examples
of ownership and clarified that, where applicable, ownership would need
to be traced or followed through corporate or other indirect ownership
structures for purposes of proposed Sec. Sec. 1002.102(m) and
1002.107(a)(18). Proposed comment 102(m)-5 would have clarified that a
natural person controls a business if that natural person has
significant responsibility to manage or direct the business, and would
have provided examples of natural persons who control a business.
Proposed comment 102(m)-6 would have clarified that a business's net
profits and losses accrue to a natural person if that natural person
receives the net profits or losses, is legally entitled or required to
receive the net profits or losses, or is legally entitled or required
to recognize the net profits or losses for tax purposes.
---------------------------------------------------------------------------
\322\ See 31 CFR 1010.230 (describing the beneficial ownership
requirements for legal entity customers). The Department of the
Treasury's Financial Crimes Enforcement Unit (FinCEN) recently
issued a final rule to implement requirements regarding reporting of
beneficial ownership information pursuant to the Corporate
Transparency Act, 31 U.S.C. 5336. See 87 FR 59498 (Sept. 30, 2022).
While FinCEN's final rule does not include changes to the current
customer due diligence rule, FinCEN has indicated its intent to
revise the customer due diligence rule in a future rulemaking. See
id. at 59507. FinCEN's final rule includes definitions for
beneficial owner that will be different from what currently exists
in the customer due diligence rule, as to both control and
ownership, when the rule goes into effect on January 1, 2024. See
id. at 59594. However, the final rule does not change the 25 percent
threshold for determining ownership. See id.
---------------------------------------------------------------------------
The Bureau sought comment on the proposed definition of minority-
owned business and possible alternatives that may clarify the term in
order to help ensure that small business applicants can determine
whether they are minority-owned businesses for purposes of data
collection pursuant to section 1071.
Comments Received
Proposed Sec. 1002.102(l)--definition of minority individual. The
Bureau received comments regarding the definition of minority
individual from several industry commenters and community groups.
One community group stated that the Bureau's proposal to mirror
HMDA with respect to the definition of minority individual is desirable
because HMDA's racial and ethnic categories are reasonably
comprehensive, and using the same categories eases reporting
requirements and creates consistency for applicants. A group of trade
associations and a bank supported the Bureau's proposal to define a
minority individual using only aggregate ethnicity and race categories,
stating that doing so will help lessen confusion. Another bank
requested clarification on who is considered multi-racial or multi-
ethnic for purposes of the rule.
Proposed Sec. 1002.102(m)--definition of minority-owned business.
The Bureau received comments regarding the definition of minority-owned
business from lenders, trade associations, and community groups.
One community group stated that the collection of data on minority-
owned businesses, along with the collection of data on women-owned
businesses, will help illustrate the experience of firms owned by women
of color who likely face even higher barriers to accessing small
business credit than those firms not owned by women of color. The
commenter noted that these firms comprise a significant portion of
small businesses and there are a greater proportion of women of color
who own businesses than the share of white-owned businesses owned by
women. Another requested that the Bureau add an ``I don't know''
response to the list of possible responses, as there may be applicants
who cannot make a legal conclusion as to whether the small business is
minority-owned. A trade association asserted that inquiring about the
ethnicity (or gender) of business owners is contrary to the
expectations of financial institutions and applicants alike.
[[Page 35200]]
Regarding the proposed requirement that in order to be considered a
minority-owned business, one or more minority individuals must hold
more than 50 percent of the ownership or control of the business, the
Bureau received comments from several community groups and lenders in
support. Conversely, a trade association and a bank urged the Bureau to
revise the requirement such that one or more minority individuals must
hold ``50 percent or more'' of the ownership or control because the
statutory definition may result in underreporting for equal
partnerships with mixed race partners and this would, they said, slant
the statistical picture.
Regarding the proposed requirement that in order to be considered a
minority-owned business, more than 50 percent of the net profit or loss
must accrue to one or more minority individuals, a community group
stated that the definition is appropriate to prevent illusory
``ownership'' by a minority individual. Several other commenters also
supported the definition.
Several industry commenters requested that the Bureau not include
the requirement that more than 50 percent of the net profits or losses
must accrue to one or more minority individuals. Some of these
commenters stated that the initial prong of the definition requiring
more than 50 percent of ownership or control by a minority individual
is sufficient for determining ownership and would reduce complexity for
borrowers. A CDFI lender stated that defining ownership based on a
profit and loss calculation may not fully serve the objectives of the
statute, and asked the Bureau to consider the CDFI Fund definition of
minority-owned business.\323\ Several commenters also argued that the
net profits or losses prong complicates the definition, could result in
inaccurate data collection, implicates the limited understanding of
many small business owners regarding the meaning of net profits and
losses as well as the sensitive nature of these issues, and concluded
that many small business owners will not understand the definition as
provided and will, as a result, decline to answer the question.
---------------------------------------------------------------------------
\323\ The community group cited to the September 2021 CDFI
Transactional Level Report Data Point Guidance, which provides
guidance on providing transactional level report data. Under
``Minority Owned or Controlled,'' the guidance states to ``[r]eport
whether the investee/borrower is more than 50% owned or controlled
by one or more minorities. If the business is a for-profit entity,
report whether more than 50% of the owners are minorities. If the
business is a nonprofit entity, report whether more than 50% of its
Board of Directors are minorities.'' CDFI Fund, CDFI Transactional
Level Report Data Point Guidance, at 33 (Sept. 2021), https://www.cdfifund.gov/sites/cdfi/files/2021-08/CDFITLRGuidance_Final_Sept2021.pdf.
---------------------------------------------------------------------------
A bank asked for clarification whether data (specifically
demographic data) collected in prior years could be reused, and what to
do if there are multiple collections. Specifically, the commenter gave
an example of an applicant that provides demographic information for
one application, and then chooses not to provide information for a
subsequent application, and asking which collection should be
reported.\324\ A trade association stated that it is possible in
certain states for a third party non-owner to act as trustee of a
trust, and that the Bureau should change a comment example to clarify
whether it is the Bureau's intent to presume that the trustee of a
trust is the owner. Another bank also asserted that requiring banks to
collect such information is costly to banks, customers, and
communities. A group of trade associations asserted that the commentary
should be revised to explicitly state that a financial institution must
provide an applicant with the applicable definition.
---------------------------------------------------------------------------
\324\ See the section-by-section analysis of Sec. 1002.107(d)
regarding the use of previously collected data.
---------------------------------------------------------------------------
Several industry commenters supported the proposal to rely solely
on the data provided by the applicant and that financial institutions
should not be required to verify any such information provided by the
applicant. With respect to self-certification of minority-owned
business status, two trade associations supported permitting credit
applicants to self-certify that 50 percent or more of the net profit or
loss accrues to one or more minority individuals, rather than lenders
needing to verify this information. Another trade association asserted
that the applicant should solely determine whether the individual
owners are multi-ethnic or multi-racial individuals and the financial
institution should not be required to otherwise verify or report any
information other than that supplied by the applicant.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.102(m) with a number of revisions to the regulatory text and
commentary to incorporate the definition of minority individual. The
Bureau has made these changes to streamline the rule and facilitate
compliance. The Bureau is otherwise finalizing the associated
commentary with a minor adjustment for clarity.
Final Sec. 1002.102(m) defines a minority-owned business as a
business for which one or more American Indian or Alaska Native, Asian,
Black or African American, Native Hawaiian or Other Pacific Islander,
or Hispanic or Latino individuals hold more than 50 percent of its
ownership or control and for which more than 50 percent of the net
profits or losses accrue to one or more such individuals. Final comment
102(m)-1 explains that a business must satisfy both prongs of the
definition to be a minority-owned business--that is, (A) more than 50
percent of the ownership or control is held by one or more such
individuals, and (B) more than 50 percent of the net profits or losses
accrue to one or more such individuals. Final comment 102(m)-1 includes
an additional sentence to clarify that a business that is controlled by
an individual with the characteristics listed in the regulatory text
satisfies this prong of the definition even if none of the individuals
with ownership in the business satisfies those characteristics.
Final comment 102(m)-2 clarifies that the definition of minority-
owned business is used only when an applicant determines if it is a
minority-owned business for purposes of final Sec. 1002.107(a)(18),
and is finalized with an adjustment made for clarity. Final comment
102(m)-3 is finalized as proposed and notes that a financial
institution is permitted to assist an applicant when determining
whether it is a minority-owned business but is not required to do so,
may provide the applicant with the definitions of ownership, control,
and accrual of net profits or losses set forth in final comments
102(m)-4 through -6, and that, for purposes of reporting an applicant's
minority-owned business status, a financial institution relies on the
applicant's determinations of its ownership, control, and accrual of
net profits and losses.
Final comment 102(m)-4, finalized with minor edits for consistency
and clarity, provides examples of ownership and clarifies that, where
applicable, ownership needs to be traced through corporate or other
indirect ownership structures. With regard to a commenter's assertion
that, in certain states, a trustee could act as a third party non-owner
trustee of a trust, the Bureau believes the trustee would be considered
an owner for purposes of this definition. Final comment 102(m)-4 also
clarifies (as it did in the Bureau's proposal) that a trustee is
considered the owner of a trust.
Final comment 102(m)-5 clarifies that an individual controls a
business if that individual has significant responsibility
[[Page 35201]]
to manage or direct the business, while final comment 102(m)-6
clarifies that a business's net profits and losses accrue to an
individual if that individual receives the net profits, is legally
entitled or required to receive the net profits or losses, or is
legally entitled or required to recognize the net profits or losses for
tax purposes. Both comments are finalized with minor edits for
consistency and clarity.
Final comments 102(m)-7 and -8 are adopted from the commentary to
proposed Sec. 1002.102(l) (respectively, proposed comments 102(l)-2
and -3). Final comment 102(m)-7 clarifies that an individual who is
multi-racial or multi-ethnic constitutes an individual for which the
definition of minority-owned business may apply, depending on whether
the individual meets the other requirements of the definition. Final
comment 102(m)-8 clarifies that the relationship of the ethnicity and
race categories used in this section are aggregate ethnicity and race
categories and are the same aggregate categories (along with Not
Hispanic or Latino for ethnicity, and White for race) to collect an
applicant's principal owners' ethnicity and race pursuant to final
Sec. 1002.107(a)(19). Final comment 102(m)-8 is revised from proposed
comment 102(l)-3 to more clearly state the relationship of the
ethnicity and race disaggregated subcategories in this comment to those
used in final Sec. 1002.107(a)(19). Proposed comment 102(l)-1 was not
finalized because it was no longer relevant once the definition of
minority individual was incorporated into the minority-owned business
definition.
With respect to the categories of persons that constitute
minorities for purposes of determining minority-owned business status,
the Bureau believes its clarified terminology in final Sec.
1002.102(m), which uses the aggregate ethnicity and race categories set
forth in existing Sec. 1002.13(a)(1)(i) and appendix B to Regulation
C, will avoid the potentially confusing situation where an applicant is
presented one set of aggregate ethnicity and race categories when
answering questions about the principal owners' ethnicity and race
pursuant to final Sec. 1002.107(a)(19) (which also uses the same
aggregate ethnicity and race categories) \325\ but is asked to use a
different set of aggregate categories when indicating whether the
business is a minority-owned business. It also avoids creating a
situation where a financial institution is required to use different
aggregate ethnicity and race categories when complying with different
portions of Regulation B and, if applicable, Regulation C. This
consistency across ethnicity and race data collection regimes will also
allow for better coordination among data users when reviewing
data.\326\ Further, the Bureau believes that these categories represent
contemporary, more specific delineations of the categories described in
section 1204(c)(3) of FIRREA.\327\
---------------------------------------------------------------------------
\325\ The Bureau notes that while the aggregate ethnicity and
race categories are the same among final Sec. 1002.107(a)(19),
existing Sec. 1002.13(a)(1)(i), and appendix B to Regulation C, the
disaggregated race subcategories that an applicant may use to
respond to a financial institution's inquiry as to its principal
owners' race under final Sec. 1002.107(a)(19) differ (i.e., due to
the addition of disaggregated Black or African American race
subcategories) from the disaggregated race subcategories in existing
Sec. 1002.13(a)(1)(i), and appendix B to Regulation C. See the
section-by-section analysis of Sec. 1002.107(a)(19).
\326\ For example, OMB uses these same categories for the
classification of Federal data on race and ethnicity. See Off. of
Mgmt. & Budget, Revisions to the Standards for the Classification of
Federal Data on Race and Ethnicity, 62 FR 58785 (Oct. 30, 1996).
\327\ See, e.g., 80 FR 36356 (June 24, 2015) (NCUA interpretive
ruling and policy statement implementing an identical FIRREA
definition of minority using this same modern technology).
---------------------------------------------------------------------------
The Bureau does not believe it would be appropriate to deviate from
the statutory definition of a minority-owned business in the various
ways some commenters suggested, and the Bureau's authority to deviate
from the statutory language is limited. The Bureau also believes that
many small business applicants already respond to questions about who
owns and who controls a business entity when completing customer due
diligence forms or otherwise responding to questions related to that
rule and thus will be familiar with these concepts. Although the
customer due diligence rule does not address the second prong of the
definition regarding accrual of net profits or losses, final comment
102(m)-6 provides a comprehensive explanation of this prong of the
definition.
With regard to comments urging the Bureau to remove the prong
requiring that more than 50 percent of its net profits or losses accrue
to one or more minority individuals in order to be considered a
minority-owned business, aside from the Bureau's limited authority to
deviate from the statutory language, the Bureau finds that this prong
is necessary to prevent illusory ``ownership'' claims by ``straw''
owners.
Finally, with regard to commenters' requests for further
clarification, in accordance with ECOA section 704B(g)(3), the Bureau
may release material, as part of its regulatory implementation
strategy, to assist both financial institutions with complying with the
requirements of Sec. 1002.102(m) and small businesses in understanding
this definition.
102(n) Open-End Credit Transaction
Proposed Sec. 1002.102(n) would have stated that an open-end
credit transaction means an open-end credit plan as defined in
Regulation Z Sec. 1026.2(a)(20), but without regard to whether the
credit is consumer credit, as defined in Sec. 1026.2(a)(12), is
extended by a creditor, as defined in Sec. 1026.2(a)(17), or is
extended to a consumer, as defined in Sec. 1026.2(a)(11). The term
``open-end credit transaction'' is undefined in section 1071. The
Bureau's proposal would have specified different rules for collecting
and reporting certain data points based on whether the application is
for a closed-end credit transaction or an open-end credit transaction.
The Bureau sought comment on its proposed approach to this
definition. The Bureau received no comments and is finalizing Sec.
1002.102(n) as proposed. The Bureau believes this definition is
reasonable because it aligns with the definition of ``open-end credit
transaction'' in Regulation Z Sec. 1026.2(a)(20), and that such
alignment will minimize confusion and facilitate compliance.
102(o) Principal Owner
Proposed Rule
ECOA section 704B(e) requires financial institutions to compile and
maintain the ethnicity, race, and sex of an applicant's principal
owners. However, section 1071 does not expressly define who is a
principal owner of a business. Proposed Sec. 1002.102(o) would have
defined principal owner in a manner that is, in part, consistent with
the beneficial ownership requirements in FinCEN's customer due
diligence rule.\328\ Specifically, a natural person would be a
principal owner if the natural person directly owns 25 percent or more
of the equity interests of the business. Further, as noted in proposed
comment 102(o)-1, a natural person would need to directly own an equity
share of 25 percent or more in the business in order to be a principal
owner. The Bureau also
[[Page 35202]]
proposed that entities not be considered principal owners and indirect
ownership by individuals likewise not be considered when determining if
someone is a principal owner for purposes of collecting and reporting
principal owners' ethnicity, race, and sex or the number of principal
owners. Thus, when determining who is a principal owner, ownership
would not be traced through multiple corporate structures to determine
if a natural person owns 25 percent or more of the applicant's equity
interests. Additionally, because only a natural person would be a
principal owner for purposes of the rule, entities such as trusts,
partnerships, limited liability companies, and corporations, would not
be principal owners.
---------------------------------------------------------------------------
\328\ See 31 CFR 1010.230 (describing the beneficial ownership
requirements for legal entity customers). As noted above, FinCEN
recently issued a final rule to implement requirements regarding
reporting of beneficial ownership information pursuant to the
Corporate Transparency Act. See 87 FR 59498 (Sept. 30, 2022). That
final rule does not amend the current customer due diligence rule
(although FinCEN has indicated that it will be revised at a later
point). See 87 FR 59498, 59507. Notably, however, FinCEN's final
rule did not change the 25 percent threshold for determining
ownership. See id. at 59594.
---------------------------------------------------------------------------
Proposed comment 102(o)-2 would have clarified that a financial
institution would provide an applicant with the definition of principal
owner when asking the applicant to provide the number of its principal
owners pursuant to proposed Sec. 1002.107(a)(20) and the ethnicity,
race, and sex of its principal owners pursuant to proposed Sec.
1002.107(a)(19). Proposed comment 102(o)-2 would have also explained
that if a financial institution meets in person with a natural person
about a covered application, the financial institution may be required
to determine if the natural person with whom it meets is a principal
owner in order to collect and report the principal owner's ethnicity
and race based on visual observation and/or surname. Additionally,
proposed comment 102(o)-2 would have noted that if an applicant does
not provide the number of its principal owners in response to the
financial institution's request pursuant to proposed Sec.
1002.107(a)(21), the financial institution may need to determine the
number of the applicant's principal owners and report that information
based on other documents or information.
The Bureau explained that aligning the proposed definition of
principal owner with the 25 percent ownership definition in the
customer due diligence rule would likely be familiar to most financial
institutions and applicants. The customer due diligence rule is broadly
in use and banks, credit unions, and certain other financial
institutions must comply with that rule. Further, the Bureau believed
that applicants, as a general matter, would be more likely to be
familiar with customer due diligence requirements than SBA or CDFI Fund
requirements because they have to complete customer due diligence forms
before opening an initial account (i.e., loan or deposit account) at a
bank or at certain other institutions. However, unlike the customer due
diligence rule, due to potential complications with collecting
ethnicity, race, and sex information for principal owners, the Bureau
proposed that individuals that only indirectly own 25 percent or more
of an applicant's equity interests, as well as entities and trusts,
would not be considered principal owners for purposes of the rule. The
Bureau sought comment on its proposed definition, including its
proposal to not include individuals that only indirectly own 25 percent
or more of an applicant's equity interests as principal owners.
Comments Received
The Bureau received comments on this aspect of the proposal from a
number of banks, trade associations, community groups, and a business
advocacy group. Some of the industry commenters and a community group
supported the Bureau's proposed definition for principal owner. A group
of trade associations agreed with the Bureau's proposal to align, in
part, the definition with the customer due diligence rule, stating that
financial institutions are already familiar with ownership concepts
through that rule. Trade association commenters also supported the
Bureau's proposal not to include entities and indirect ownership by
natural persons, with one stating that the concepts of ownership by
entities and indirect ownership would add unnecessary complexity to the
Bureau's final rule and another noting that its members found them
difficult concepts to explain and determine. The community group
supporting the Bureau's proposed definition for principal owner stated
that the proposed definition made intuitive sense, as 25 percent is a
significant amount of ownership.
Several other industry commenters did not support the Bureau's
proposed definition. Specifically, these commenters requested that the
Bureau look to and align with all the concepts of the customer due
diligence rule. The commenters stated that because financial
institutions and customers are familiar with the customer due diligence
rule and financial institutions already identify principal owners
thereunder, consistency between the two regulatory regimes would reduce
complexity and facilitate compliance. A business advocacy group stated
that aligning the rules completely would allow financial institutions
to leverage existing processes and training and focus on customer needs
rather than regulatory interpretation. Another commenter argued that a
new definition for principal owner under the rule would add unnecessary
complexity to the loan origination process. A lender specifically
suggested that financial institutions be required to identify and
verify the identity of each individual who owns 25 percent or more of
the entity, and one individual who controls the entity, as is required
under the customer due diligence rule. Another commenter similarly
argued for replicating this requirement for the rule, arguing that
financial institutions would not find it challenging to trace indirect
ownership because they already do so under the customer due diligence
rule, that the approach would be familiar to small business applicants
structured as legal entities, and that small businesses that are not
legal entities (e.g., sole proprietorships) likely would not have
complicated equity structures.
Two industry commenters that supported aligning principal owner
definition in the Bureau's rule more closely with the customer due
diligence rule than proposed by the Bureau also expressed concern that
differences in the definition between the regulatory regimes would lead
to customer confusion. One of these commenters argued that confusion
would likely result for applicants who will be asked to provide
information about principal owners under both rules at the same point
of the origination process. The other asserted that confusion as a
result of different definitions would increase the possibility that
customers would refuse to provide information.
A bank commented that the Bureau's proposal did not provide enough
guidance or procedures for how financial institutions should handle
reporting for small business applicants whose principal owner(s) are a
separate corporate entity or trust.
Another bank stated that financial institutions should not be
required to determine the ownership of small businesses, which it said
the proposed rule would require.
A trade association, which requested an exclusion for applications
from trusts from coverage under the final rule, raised a question about
who should be considered a principal owner of a trust for data
collection purposes, such as whether they should be the settlors,
beneficiaries, trustees, or some combination thereof.
Final Rule
For the reasons set forth herein, the Bureau is finalizing its
definition of principal owner in Sec. 1002.102(o) and associated
commentary with certain adjustments. The Bureau believes it is
appropriate to align, in part, its
[[Page 35203]]
definition of principal owner with the 25 percent ownership concept in
FinCEN's customer due diligence rule given financial institutions' and
applicants' likely familiarity with that rule's requirements.\329\ The
Bureau does not believe, however, that its definition must completely
match the ownership and control requirements in the customer due
diligence rule as urged by some commenters. While differences between
similar concepts in different regulatory regimes may lead to some
initial confusion, particularly as financial institutions (as well as
small business applicants) already familiar with the customer due
diligence rule implement this final rule's requirements, the Bureau
believes that adding the concepts of indirect ownership by natural
persons, as well as ownership by entities or trusts, to the definition
of principal owner would add unnecessary complexity to this final rule.
---------------------------------------------------------------------------
\329\ 86 FR 56356, 56395 (Oct. 8, 2021).
---------------------------------------------------------------------------
Generally, FinCEN's customer due diligence rule defines a
beneficial owner as not just any individual who directly owns 25
percent or more of a legal entity, but also includes individuals who
indirectly have that amount of ownership in the entity, such as through
multiple corporate structures.\330\ If a trust directly or indirectly
owns 25 percent or more of the entity, the trustee is considered to be
a beneficial owner.\331\ In addition to ownership, the customer due
diligence rule also looks to control. A beneficial owner also includes
the single individual with significant responsibility to control,
manage, or direct the entity.\332\
---------------------------------------------------------------------------
\330\ 31 CFR 1010.230(d)(1). See also Fin. Crimes Enf't Network,
U.S. Dep't of Treas., FinCEN Guidance FIN-2018-G001: Frequently
Asked Questions Regarding Customer Due Diligence Requirements for
Financial Institutions 3 (Apr. 3, 2018), https://www.fincen.gov/sites/default/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf.
Certain legal entities are exempted from the rule. 31 CFR
1010.230(e)(2).
\331\ 31 CFR 1010.230(d)(3).
\332\ 31 CFR 1010.230(d)(2).
---------------------------------------------------------------------------
The Bureau does not believe that it would be appropriate for the
rule's definition of principal owner to incorporate indirect ownership
and control, as suggested by some commenters. This final rule requires
covered financial institutions to collect and report the ethnicity,
race, and sex of small business applicants' principal owners and
includes the definition of principal owner at Sec. 1002.102(o) for the
purpose of facilitating financial institutions' and applicants' ability
to provide such information. The Bureau believes that a simpler
definition for principal owner that aligns with the customer due
diligence rule's general 25 percent or more ownership concept, but
which only applies to individuals (not entities or trusts) with direct
ownership, will encourage applicants to provide their principal owners'
ethnicity, race, and sex and facilitate more accurate reporting. With
the simpler definition for principal owner, applicants do not need to
first make potentially difficult determinations about which individuals
indirectly own or control the small business before providing such
individuals' ethnicity, race, and sex information.
The Bureau does not believe differences between the customer due
diligence beneficial owner definition and the principal owner
definition in this rule will lead applicants to refuse to provide their
principal owners' ethnicity, race, and/or sex information, as suggested
by one commenter. In contrast, the Bureau believes that its principal
owner definition is less complicated and easier to understand and is
more likely to facilitate applicants' willingness to provide their
principal owners' information.
With respect to a commenter's assertion that the NPRM did not
provide enough guidance or procedures for how financial institutions
should handle reporting for small business applicants whose principal
owner(s) are a separate corporate entity or trust, under the final rule
(as generally in the proposal), only individuals are considered
principal owners. Thus, entities, such as trusts, partnerships, limited
liability companies, and corporations, are not principal owners. Final
comment 107(a)(19)-10 clarifies that if an applicant has fewer than
four principal owners (e.g., because only one individual owns 25
percent or more of the equity interests of the small business), the
financial institution reports ethnicity, race, and sex information for
the number of principal owners that the applicant has identified and
reports that the ethnicity, race, and sex fields for additional
principal owners are ``not applicable.'' (In the NPRM, this
clarification generally appeared in proposed appendix G, instruction
25.)
Relatedly, as discussed in the section-by-section analysis of Sec.
1002.106(a), a trust may also be a small business applicant (as opposed
to a trust that is an owner of small business applicant) under the
final rule. In this case, as was noted by a trade association
commenter, it is unclear who should be considered a principal owner for
the purpose of principal owners' ethnicity, race, and sex information.
The Bureau has added new comment 102(o)-2 clarifying that if a trust is
an applicant for a covered credit transaction, a trustee is considered
an owner of the trust, to align with commentary accompanying the
definitions for LGBTQI+-owned business, minority-owned business, and
women-owned business.
As to a commenter's concern that the rule would require financial
institutions to determine the ownership of a business, it is unclear as
to the specific aspect of the Bureau's proposal to which the commenter
was referring. Under the Bureau's proposal (as in the final rule), a
financial institution would collect and report the following
information related to the ownership of an applicant: the applicant's
status as a minority-owned and/or women-owned small business (as well
as LGBTQI+-owned business status), the number of principal owners, and
the ethnicity, race, and sex of those principal owners. A financial
institution can rely (and, in fact, for the protected demographic
information, must rely) upon an applicant's self-reported information.
This aspect of those data points has been substantially finalized as
proposed. Final comment 107(a)(18)-9, regarding the collection and
reporting of women-owned, minority-owned, and LGBTQI+-owned business
status information clarifies that a financial institution must only
report an applicant's responses, even if it verifies or otherwise
obtains such information. Final comment 107(a)(20)-2, regarding the
collection and reporting of the number of an applicant's principal
owners, also provides that a financial institution may rely upon an
applicant's statements or information to report such information. It
further provides that the financial institution is not required to
verify the number of an applicant's principal owners, but if it does
so, then it must report the verified information. Thus, a financial
institution is not required to make its own determinations about the
ownership of a business under the final rule.\333\
---------------------------------------------------------------------------
\333\ The Bureau notes, however, that as part of its proposal
requiring financial institutions to collect principal owners'
ethnicity and race via visual observation or surname in certain
circumstances, a financial institution would have needed to
determine if a representative of the applicant with whom it was
meeting in person was a principal owner. As discussed in the
section-by-section analysis of Sec. 1002.107(a)(19) below, the
Bureau is not finalizing this requirement. Thus, to the extent the
comment was referring to this aspect of the proposal, the
commenter's concern has been rendered moot.
---------------------------------------------------------------------------
In light of the foregoing, the text of final Sec. 1002.102(o) and
final comment 102(o)-1 generally remain unchanged from the proposal,
though upon further consideration the Bureau has changed the reference
to ``natural person'' in the
[[Page 35204]]
proposed definition and related comment to ``individual'' in the final
rule. In user testing conducted on versions of the Bureau's proposed
sample data collection form at appendix E, users expressed confusion
about the term ``natural person.'' \334\ The Bureau does not believe
that there is a meaningful difference between the terms ``individual''
and ``natural person'' and as a result has decided to use the term
``individual'' in the definition for comprehensibility.
---------------------------------------------------------------------------
\334\ CFPB, User testing for sample data collection form for the
small business lending final rule at app. B, at 12, 15 (Mar. 2023),
https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------
The Bureau is finalizing proposed comment 102(o)-2, renumbered as
final comment 102(o)-3, to explain the purpose of the definition of
principal owner; the Bureau has revised this comment to reflect other
changes in the rule.
102(p) Small Business
Final Sec. 1002.102(p) refers to Sec. 1002.106(b) for a
definition of the term ``small business.'' See the section-by-section
analysis of Sec. 1002.106(b) for a detailed discussion of that
definition.
102(q) Small Business Lending Application Register
Proposed Sec. 1002.102(q) would have defined the term ``small
business lending application register'' or ``register'' as the data
reported, or required to be reported, annually pursuant to proposed
Sec. 1002.109. This definition referred only to the data that is
reported, or required to be reported, annually; it did not refer to the
data required to be collected and maintained (prior to reporting).\335\
The Bureau sought comment on its proposed definition of ``small
business lending application register'' or ``register'' in proposed
Sec. 1002.102(q). The Bureau received no comments on this definition,
and therefore is finalizing Sec. 1002.102(q) as proposed.
---------------------------------------------------------------------------
\335\ In contrast, the term ``Loan/Application Register'' in
Regulation C Sec. 1003.2(k) refers to both the record of
information required to be collected pursuant to Sec. 1003.4 as
well as the record submitted annually or quarterly, as applicable,
pursuant to Sec. 1003.5(a).
---------------------------------------------------------------------------
102(r) State
Proposed Sec. 1002.102(r) would have referred to existing Sec.
1002.2(aa) for a definition of the term ``State.'' Existing Sec.
1002.2(aa) defines the term as any State, the District of Columbia, the
Commonwealth of Puerto Rico, or any territory or possession of the
United States. The Bureau requested comment on its proposed approach to
this definition, but did not receive any feedback. The Bureau is
finalizing Sec. 1002.102(r) as proposed. The Bureau believes that,
being consistent with existing Regulation B, this definition will be
familiar to financial institutions.
102(s) Women-Owned Business
Proposed Rule
ECOA section 704B(b)(1) requires financial institutions to inquire
whether applicants for credit are women-owned businesses. For purposes
of the financial institution's inquiry under 704B(b), 704B(h)(6)
defines a business as a women-owned business if (A) more than 50
percent of the ownership or control is held by one or more women, and
(B) more than 50 percent of the net profit or loss accrues to one or
more women. Section 1071 does not expressly define the related terms of
``ownership'' or ``control,'' nor does it describe what it means for
net profits or losses to accrue to an individual.
Proposed Sec. 1002.102(s) would have defined a women-owned
business as a business for which more than 50 percent of its ownership
or control is held by one or more women, and more than 50 percent of
its net profits or losses accrue to one or more women. Proposed comment
102(s)-1 would have explained that a business must satisfy both prongs
of the definition to be a women-owned business--that is, (A) more than
50 percent of the ownership or control is held by one or more women,
and (B) more than 50 percent of the net profits or losses accrue to one
or more women.
Proposed comment 102(s)-2 would have clarified that the definition
of women-owned business is used only when an applicant determines if it
is a women-owned business for purposes of proposed Sec.
1002.107(a)(19). A financial institution would have provided the
definition of women-owned business when asking the applicant to provide
women-owned business status pursuant to proposed Sec. 1002.107(a)(19),
but a financial institution would not have been permitted or required
to make its own determination regarding whether an applicant is a
women-owned business for this purpose.
Proposed comment 102(s)-3 would have further noted that a financial
institution would be permitted to assist an applicant when determining
whether it is a women-owned business but would not be required to do
so, and could provide the applicant with the definitions of ownership,
control, and accrual of net profits or losses set forth in proposed
comments 102(s)-4 through -6. Additionally, for purposes of reporting
an applicant's women-owned business status, a financial institution
would rely on the applicant's determinations of its ownership, control,
and accrual of net profits and losses.
The Bureau proposed to clarify ``ownership'' and ``control'' using
concepts from FinCEN's customer due diligence rule. Proposed comment
102(s)-4 would have clarified that a natural person owns a business if
that natural person directly or indirectly, through any contract,
arrangement, understanding, relationship or otherwise, has an equity
interest in the business. Proposed comment 102(s)-4 would have also
provided examples of ownership and clarified that, where applicable,
ownership would need to be traced or followed through corporate or
other indirect ownership structures for purposes of proposed Sec. Sec.
1002.102(s) and 1002.107(a)(19). Proposed comment 102(s)-5 would have
clarified that a natural person controls a business if that natural
person has significant responsibility to manage or direct the business
and would provide examples of natural persons who control a business.
Proposed comment 102(s)-6 would have clarified that a business's net
profits and losses accrue to a natural person if that natural person
receives the net profits, is legally entitled or required to receive
the net profits or losses, or is legally entitled or required to
recognize the net profits or losses for tax purposes.
The Bureau sought comment on the proposed definition of women-owned
business and possible alternatives that may clarify the term in order
to help ensure that small business applicants can determine whether
they are women-owned businesses for purposes of data collection
pursuant to section 1071.
Comments Received
The Bureau received comments regarding the definition of a women-
owned business from a number of banks, trade associations, and
community groups.
One community group requested that the Bureau add an ``I don't
know'' response to the list of possible responses, as there may be
applicants who cannot make a legal conclusion as to whether the small
business is women-owned.
Regarding the proposed requirement that to be considered a women-
owned business, one or more women must hold ``more than 50 percent'' of
the ownership or control, the Bureau received several comments from
community groups and a CDFI lender
[[Page 35205]]
supporting this requirement. A trade association stated that the Bureau
should revise the requirement to state that one or more women must hold
``50 percent or more'' of the ownership or control because the
statutory definition may result in underreporting for equal
partnerships with mixed gender partners.
Regarding the proposed requirement that to be considered a women-
owned business, more than 50 percent of the net profit or loss must
accrue to one or more women, one community group stated that the
statutory definition is appropriate to prevent illusory ``ownership''
by one or more women. Another commenter supported the definition.
Some commenters stated that the Bureau should not include the
statutory definition requirement that more than 50 percent of the net
profit or loss must accrue to one or more women. A number of commenters
stated that the initial prong of the definition requiring more than 50
percent of ownership or control by a woman is sufficient for
determining ownership and would reduce complexity for borrowers. A CDFI
lender stated that defining ownership on a profit and loss calculation
may not fully serve the objectives of the statute, and asked the Bureau
to consider the CDFI Fund definition of women-owned business.\336\
Several industry commenters asserted that the net profits or losses
prong complicates the definition, can result in inaccurate data
collection (for example, in spousal relationships where each partner
equally owns and controls a small business), implicates the limited
understanding of many small business owners regarding the meaning of
net profits and losses as well as the sensitive nature of these issues,
and that many small business owners will not understand the definition
as provided and will, as a result, decline to answer the question.
---------------------------------------------------------------------------
\336\ The community group cited to the September 2021 CDFI
Transactional Level Report Data Point Guidance, which provides
guidance on providing transactional level report data. Under ``Women
Owned or Controlled,'' the guidance states to ``[r]eport whether the
investee/borrower is more than 50% owned or controlled by one or
more women. If the business is a for-profit entity, report whether
more than 50% of the owners are women. If the business is a
nonprofit entity, report whether more than 50% of its Board of
Directors are women.'' CDFI Fund, CDFI Transactional Level Report
Data Point Guidance, at 33 (Sept. 2021), https://www.cdfifund.gov/sites/cdfi/files/2021-08/CDFITLRGuidance_Final_Sept2021.pdf.
---------------------------------------------------------------------------
A bank asked for clarification whether data (specifically
demographic data) collected in prior years could be reused, and what to
do if there are multiple collections. Specifically, the commenter gave
an example of an applicant that provides demographic information for
one application, and then chooses not to provide information for a
subsequent application, and asking which collection should be
reported.\337\ A trade association stated that it is possible in
certain States for a third party non-owner to act as trustee of a
trust, and that the Bureau should change a comment example to clarify
whether it is the Bureau's intent to presume that the trustee of a
trust is the owner. Another bank also asserted that requiring banks to
collect such information is costly to banks, customers, and
communities. A group of trade associations asserted that the commentary
should be revised to explicitly state that a financial institution must
provide an applicant with the applicable definition.
---------------------------------------------------------------------------
\337\ See the section-by-section analysis of Sec. 1002.107(d)
for a discussion on the use of previously collected data.
---------------------------------------------------------------------------
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.102(s) with one addition and one minor adjustment for clarity,
along with several non-substantive technical revisions to update
citations to other provisions.
Final Sec. 1002.102(s) defines a women-owned business as a
business for which more than 50 percent of its ownership or control is
held by one or more women, and more than 50 percent of its net profits
or losses accrue to one or more women. Final comment 102(s)-1 explains
that a business must satisfy both prongs of the definition to be a
women-owned business and includes an additional sentence to clarify
that a business that is controlled by a woman or by women satisfies
this prong of the definition even if none of the individuals with
ownership in the business are women.
Final comment 102(s)-2 clarifies that the definition of women-owned
business is used only when an applicant determines if it is a women-
owned business for purposes of final Sec. 1002.107(a)(18), and is
finalized as proposed with the exception of one small adjustment for
clarity.
Final comment 102(s)-3 is finalized as proposed and notes that a
financial institution is permitted to assist an applicant when
determining whether it is a women-owned business but is not required to
do so, may provide the applicant with the definitions of ownership,
control, and accrual of net profits or losses set forth in final
comments 102(s)-4 through -6, and that, for purposes of reporting an
applicant's women-owned business status, a financial institution relies
on the applicant's determinations of its ownership, control, and
accrual of net profits and losses.
Final comment 102(s)-4 is finalized with an updated cross-reference
and minor edits for consistency and clarity. It provides examples of
ownership and clarifies that, where applicable, ownership needs to be
traced or followed through corporate or other indirect ownership
structures. With regard to a commenter's assertion that, in certain
states, a trustee could act as a third party non-owner trustee of a
trust, the Bureau believes that in such circumstances, the trustee
would be considered an owner for purposes of this definition. Final
comment 102(s)-4 also clarifies (as it did in the Bureau's proposal)
that a trustee is considered the owner of a trust.
Final comment 102(s)-5 clarifies that an individual controls a
business if that individual has significant responsibility to manage or
direct the business, while final comment 102(s)-6 clarifies that a
business's net profits and losses accrue to an individual if that
individual receives the net profits or losses, is legally entitled or
required to receive the net profits or losses, or is legally entitled
or required to recognize the net profits or losses for tax purposes.
Both comments are finalized with minor edits for consistency and
clarity.
The Bureau does not believe that it would be appropriate to deviate
from the statutory definition of women-owned business, as suggested by
some commenters, and notes that the Bureau's authority to deviate from
the statutory language is limited. The Bureau also believes that many
small business applicants already respond to questions about who owns
and who controls a business entity when completing customer due
diligence forms or otherwise responding to questions related to that
rule and thus will be familiar with the concepts therein. Although the
customer due diligence rule does not address the second prong of the
definition regarding accrual of net profits or losses, final comment
102(s)-6 provides a comprehensive explanation of this prong of the
definition.
With regard to comments urging the Bureau to remove the prong
requiring that more than 50 percent of its net profits or losses accrue
to one or more women in order to be considered a women-owned business,
the Bureau finds that this prong is necessary to prevent illusory
``ownership'' claims by ``straw'' owners.
Finally, in accordance with ECOA section 704B(g)(3), the Bureau may
[[Page 35206]]
release material, as part of its regulatory implementation strategy, to
assist both financial institutions in complying with the requirements
of Sec. 1002.102(s) and small businesses in understanding this
definition.
Proposed Definition of Dwelling
Proposed Sec. 1002.102(j) would have referred to Regulation C
Sec. 1003.2(f) for a definition of the term ``dwelling.'' That
provision defines dwelling to mean a residential structure, whether or
not attached to real property. The term includes but is not limited to
a detached home, an individual condominium or cooperative unit, a
manufactured home or other factory-built home, or a multifamily
residential structure or community. Proposed comment 102(j)-1 would
have provided that Bureau interpretations that appear in supplement I
to part 1003 containing official commentary in connection with Sec.
1003.2(f) are generally applicable to the definition of a dwelling in
proposed Sec. 1002.102(j). Proposed comment 102(j)-2 would have
clarified that the definition of dwelling under existing Sec.
1002.14(b)(2) applies to relevant provisions under existing Regulation
B, and proposed Sec. 1002.102(j) is not intended to repeal, abrogate,
annul, impair, or interfere with any existing interpretations, orders,
agreements, ordinances, rules, or regulations adopted or issued
pursuant to existing Sec. 1002.14(b)(2). The Bureau did not receive
any comments on this aspect of the proposal.
The Bureau is not finalizing its proposed definition of
``dwelling.'' The need for the Bureau to adopt its own definition of
``dwelling'' in this rulemaking is obviated by the Bureau's decision in
this final rule to not require reporting of transactions that would
constitute ``covered loans'' under Regulation C. That decision is
discussed in detail in the section-by-section analysis of Sec.
1002.104 below. The Bureau understands that there may be limited
instances where a dwelling is used as collateral for a covered credit
transaction that does not fall under the definition of a Regulation C
covered loan because it does not involve the purchase, improvement, or
refinance of a dwelling--for example, where a small business seeks to
use their primary dwelling as collateral to obtain working capital such
as inventory. In this example, the transaction would only be reported
under the final rule, not under Regulation C, with a credit purpose of
working capital (includes inventory or floor planning) per final
comment 107(a)(6)-1. Taking into account these limited circumstances,
the Bureau believes that adopting the Regulation C definition of
dwelling is no longer necessary to minimize the compliance risks that
would have arisen from having to report a transaction under both
Regulation C and this final rule.
Section 1002.103 Covered Applications
ECOA section 704B(b) requires that financial institutions collect,
maintain, and report to the Bureau certain information regarding ``any
application to a financial institution for credit.'' For covered
financial institutions, the definition of ``application'' will trigger
data collection and reporting obligations with respect to covered
credit transactions. However, section 1071 does not expressly define
``application.''
The Bureau is finalizing Sec. 1002.103 and associated commentary
with minor revisions for clarity and consistency, to define what is,
and is not, a covered application for purposes of subpart B pursuant to
its authority in ECOA section 704B(g)(1) to prescribe such rules and
issue such guidance as may be necessary to carry out, enforce, and
compile data pursuant to section 1071. Final Sec. 1002.103(a) provides
a general definition of the term ``covered application,'' followed by a
list of the circumstances that are not covered applications in final
Sec. 1002.103(b). For the reasons discussed below, the Bureau believes
that its determinations as to what does and does not constitute a
covered application for purposes of this rulemaking constitute
reasonable interpretations of an ``application'' as used in section
1071.
103(a) Covered Application
Proposed Rule
The Bureau proposed to define a covered application in Sec.
1002.103(a) as an oral or written request for a covered credit
transaction that is made in accordance with procedures used by a
financial institution for the type of credit requested. As noted above,
the term ``application'' is undefined in section 1071. The Bureau
believed its proposed definition of the term was reasonable,
particularly as it would align with the similar definition of
``application'' in existing Sec. 1002.2(f). The Bureau also proposed
commentary to accompany this definition.
In considering the proposed definition of a ``covered
application,'' the Bureau believed that incomplete and withdrawn
applications--which would have generally been captured under proposed
Sec. 1002.103(a)--would be essential to the purposes of section 1071
as a tool to identify potential discrimination and to better understand
the credit market. The definition of ``covered application'' in
proposed Sec. 1002.103(a), which was similar to the definition of
``application'' in existing Sec. 1002.2(f), would have also been
familiar to creditors and would have provided flexibility to
accommodate different application processes.
The Bureau recognized that the proposed definition of ``covered
application'' in Sec. 1002.103(a), while flexible, would have meant
that data collection and reporting may be triggered at different times
for different financial institutions and different types of covered
credit transactions. While the proposed definition of ``covered
application'' would not have provided a bright-line rule, the Bureau
believed the proposed definition would have been familiar to financial
institutions and would have provided consistency with similar
definitions found in existing Regulation B and Regulation C.
As discussed in the NPRM, the Bureau also considered proposing
several other options for defining a ``covered application.'' First,
the Bureau considered triggering collection and reporting based on a
``completed application,'' which is defined in existing Sec. 1002.2(f)
as an application in which the creditor has received ``all the
information that the creditor regularly obtains and considers'' in
evaluating similar products. As noted in the NPRM, the Bureau did not
propose to use the definition of ``completed application'' in existing
Sec. 1002.2(f) for its definition of covered application in subpart B,
as doing so would have excluded incomplete applications and many
withdrawn applications that may reflect demand for credit or potential
discrimination during the application process. The Bureau also
considered proposing to define ``covered application'' as a set of
specific data points that, if collected, would trigger a duty to
collect and report small business lending data. As noted in the NPRM,
the Bureau did not propose this approach for several reasons, including
that it would have introduced a new regulatory definition of
``application,'' would have led to operational changes and complexities
for financial institutions, and could have led to increased evasion.
Proposed comments 103(a)-1 through -3 would have provided
additional guidance on identifying what is a ``covered application.''
Proposed comments 103(a)-4 through -6 would have addressed how a
financial institution reports multiple covered credit transaction
requests at one time or a request for a credit transaction that results
in the origination of multiple
[[Page 35207]]
covered credit transactions. Proposed comment 103(a)-7 would have
addressed how a financial institution would report applications where
there is a change in whether the applicant is requesting a covered
credit transaction.
The Bureau sought comment on its proposed definition of a covered
application in Sec. 1002.103(a) and associated commentary. The Bureau
also sought comment on the advantages and disadvantages of collecting
data on incomplete or withdrawn applications, as well as how collection
would or would not further the purposes of section 1071. In addition,
the Bureau sought comment on reporting of multiple lines of credit on a
single credit account, including how financial institutions internally
consider multiple lines of a credit on a single account and the
Bureau's approach in proposed comment 103(a)-6.
Comments Received
The Bureau received comments on its proposed approach to defining a
covered application from a wide range of lenders, trade associations,
community groups, and a business advocacy group. The overwhelming
majority of commenters to address the issue, including most industry
commenters and some community groups, generally supported the Bureau's
proposal to define a ``covered application'' largely consistent with
the existing Regulation B definition. Several of these commenters
stated that lenders are familiar with the existing Regulation B
definition and so implementing it within this rule would minimize the
need for additional training or new procedures. Commenters also stated
that the proposed definition is a flexible one that can accommodate the
variety of small business lenders, products, and processes that exist
in the marketplace, and thus avoids a one-size-fits-all approach that
would be unworkable in small business lending. Several lenders and
trade associations urged the Bureau to finalize proposed comment
103(a)-1, which would have provided that a financial institution has
latitude to establish its own application process or procedures,
including designating the type and amount of information it will
require from applicants. Some of these commenters also stated that the
proposed comment is consistent with longstanding interpretation of
existing Regulation B and that the flexibility is critical given the
unique nature of commercial credit applications. A community bank
stated that defining an application based on a set of specific data
points would be inappropriate for commercial lending, which is less
standardized than consumer mortgage lending. The bank further noted
that defining an application based on a standardized set of data points
would be unnecessary so long as each data point has a ``not
applicable'' or ``not received'' choice for incomplete applications,
which the commenter emphasized would be important to capture.
Some community groups and community-oriented lenders expressed
support for the Bureau's proposed definition because it would capture
applicants that do not make it to a completed application, and
therefore potentially help identify barriers to credit early in the
application process. These commenters argued that the proposed
definition would further the purposes of section 1071, including by
identifying potential bias, discouragement, or other discrimination.
Similarly, some community-oriented lenders stated that the proposed
definition would strike the right balance of triggering data collection
and reporting requirements only after there is an actual request for
credit, but still early enough in the process to capture most
incomplete, withdrawn, and denied applications.
One community group expressed concern about the lack of
standardization under the proposed definition, but ultimately concluded
that the proposed definition makes sense and any concerns could be
allayed through monitoring. The commenter expressed understanding for
the desire to follow current lender procedures for defining an
application based on existing Regulation B, though noted that how a
lender defines an application should have enough standardization to
generate consistent data and be early enough in the process to capture
incomplete and withdrawn applications, which are necessary to identify
discouragement. The commenter also expressed support for the idea that
peer comparisons may be a reasonable way to check a financial
institution's method of defining an application; for example, by
analyzing whether a financial institution has abnormally high rates of
approval or low rates of incomplete applications.
A number of industry commenters, including community banks, credit
unions, and trade associations, described the small business
application process as informal and consultive. These commenters
explained that the application process often does not involve a written
application or a ``formal'' application, can be months-long, and often
involves extensive back-and-forth communications between the lender and
the small business, including in-person meetings, phone calls, texts,
and emails. One commenter noted that many loans are funded without any
``application,'' but rather based on the business's existing
relationship with the institution and financial information on file.
Some commenters described how the application process can start
informally from a conversation, a general inquiry, or as an offshoot to
deposit activity. Commenters explained that a business will bring in
financial statements, tax returns, business plans, and other documents,
which will be reviewed by the financial institution in order to analyze
and generate the most appropriate package to fit the credit needs of
the business. Several banks stated that business customers will often
``shop around'' with multiple financial institutions to get the best
terms. Several commenters stated that small business lending often
involves a lot of ``hand holding'' and lender involvement to reach a
point where a formal application or a particular product and terms can
be considered. Industry commenters also stated that commercial business
customers are unique and each requires an individualized approach based
on the characteristics of the business and the products of interest.
Several commenters also noted that the small business lending process
differs from mortgage lending, which is highly regimented and uniform.
A number of community banks and other industry commenters expressed
concern that the Bureau's rule implementing section 1071 would
standardize and formalize the small business application process
(which, they asserted, would be to its detriment); they predicted that
business customers would be unhappy with the more rigid lending
structure, and may avoid seeking credit altogether. These commenters
expressed concern that small business lending would become impersonal
and ``form centric,'' and that it would change the fundamental
relationship between lender and borrower, including the personalized
attention and advice currently provided by lenders. Many of these
commenters stated the view that the rule's data collection and
reporting requirements would cause them to lose flexibility and adopt
``check-the-box'' criteria that is at odds with how community banks
conduct business. Several commenters were concerned that at the start
of an inquiry, a lender would need to implement a written application
or other formalized method to collect the required data and that by
doing so, conversations will turn into implied commitments. Commenters
also stated
[[Page 35208]]
the belief that lenders would implement a more rigid application
process in order to avoid triggering data collection and reporting
requirements under the Bureau's rule. Several other commenters argued
that data collection and reporting obligations would require lenders to
rebuild their loan application process and incur additional training
and other costs, would reduce the availability of credit, and would
give large banks an unfair advantage because such entities will have an
easier time implementing the requirements of the Bureau's rule for
online applications.
Most of these commenters' concerns were directed at small business
lending data collection and reporting generally, and not specifically
at the proposed definition of a covered application. However, a few
commenters urged the Bureau to finalize a more concrete definition of
covered application due to the concern that a subjective definition
would be difficult for financial institutions' employees to implement.
One commenter was also concerned about how its practices would be
reviewed by the subjective judgment of examiners. Another commenter
cautioned against reporting of oral applications, noting that it could
lead to inaccurate data if an answer is misheard or mistyped.
Some industry commenters, including trade associations for
community banks, credit unions, and online lenders, requested the
Bureau define a covered application consistent with existing Regulation
B's ``completed application'' definition in existing Sec. 1002.2(f),
which would require reporting only when the lender has received all the
information that the creditor regularly obtains and considers in
evaluating applications for the amount and type of credit requested
(i.e., enough information to make a credit decision). These commenters
argued that triggering data collection and reporting off an ``oral or
written request'' would be unrealistic, unworkable, and too open-ended.
One commenter stated that a mere request is not something a lender can
act or report on because there is insufficient information at that
point to make the required reporting. Another commenter said that
lenders need clear guidance on what events trigger data collection and
the completed application definition would provide the most uniformity
across products and financial institutions. Another commenter stated
that using the completed application definition would avoid collecting
data on incomplete applications, which often come from ``unengaged''
applicants. This commenter also noted that collecting 1071 data could
lead to applicant confusion as to why personal information is being
collected, which could lead to more incomplete applications. The
commenter further argued that completed applications are the most
essential data to capture in small business lending, that there is no
indication Congress intended section 1071 to mirror HMDA or existing
Regulation B, and that discouragement can be investigated using other
1071 data and existing examination authorities. Similarly, two industry
commenters opposed requiring reporting on incomplete or withdrawn
applications, arguing that reporting such transactions would not serve
the purposes of section 1071, would create additional operational and
regulatory burden, and that the focus of the Bureau's rule should be on
declined and originated applications. Another urged the Bureau to avoid
triggering collection based on when a credit check is pulled, noting
that financial institutions may often conduct a soft pull credit check
outside the application process.
In contrast, some community group commenters argued that the
proposed definition of covered application would be too narrow, and
requested that a covered application include all communications where a
business inquires about credit and seeks a credit decision. In support,
the commenters pointed to research identifying discrimination in the
pre-application stage. As noted above, other community group commenters
supported the Bureau's proposed definition of a covered application,
stressing the need to capture applications that do not make it to a
completed application.
The Bureau received several comments on certain aspects of its
proposed commentary to Sec. 1002.103(a). A community bank and a
community group supported proposed comment 103(a)-4, which would have
provided that if an applicant makes a request for two or more covered
credit transactions at one time, the financial institution reports each
request for a covered credit transaction as a separate covered
application. The bank stated that while the proposed approach would
result in more work for the financial institution, it would lead to
more accurate reporting (since each request would generate different
reported data) and the approach would be similar to how data are
reported under Regulation C. The community group commenter stated that
it would be a reasonable approach and would accurately reflect the
varied credit needs of applicants. A group of community group
commenters supported the Bureau's proposed approach to require
reporting of separate applications where an applicant seeks two or more
products at one time, but requested that where the applicant only seeks
one product, but is not sure about the type of product, it should only
be reported as a single covered application. These commenters also
noted a concern that the language in proposed comment 107(a)(5)-2
requiring lenders to maintain reasonable procedures designed to collect
data, including regarding the credit product requested, would require
the lender to identify each product that would be acceptable to the
applicant, and if multiple, report them as separate covered
applications.
In response to the Bureau's request for comments as to how a
financial institution should report applications where there is a
change in whether the request for credit involves a covered credit
transaction, which was addressed in proposed comment 103(a)-7, the
Bureau received feedback from trade associations and a business
advocacy group. These commenters opposed reporting on a transaction in
which the product ultimately pursued is not a covered credit
transaction. They argued that financial institutions should not be
required to report on non-covered credit transactions, collecting
partial data on a product that is not a covered transaction would
affect data quality and be of low value, and doing so would not advance
the purposes of section 1071. Two of the commenters sought
clarification or a safe harbor providing that if a financial
institution collects data on an application that the financial
institution anticipates will be covered by the Bureau's rule
implementing section 1071 at the time of collection, but ultimately is
not covered, the initial collection does not violate existing
Regulation B. Otherwise, the Bureau did not receive any additional
comments directly discussing proposed comment 103(a)-7 and limited
reporting of non-covered credit products, despite seeking comment on
the advantages and disadvantages of requiring full or limited reporting
where an applicant initially seeks a product that is a covered credit
transaction, but ultimately is offered and accepts a product that is
not reportable.
Although the Bureau did not seek comment on the issue, a couple
commenters asked how to report on an application made jointly by
multiple business co-applicants. An agricultural lender requested that,
if an application is submitted by more than one business, the financial
institution be permitted to treat all co-applicants as one applicant
when determining whether a borrower is a ``small business.'' The
commenter
[[Page 35209]]
also asked the Bureau to clarify how to identify whether the
application is from a minority-owned or women-owned business where one,
but not all, co-applicants are minority- and women-owned businesses.
Another commenter requested that the Bureau clarify that loans jointly
made to multiple businesses, where one or more of the co-applicants may
qualify as a small business under the rule, but are not the primary
business seeking the funding, are not subject to data collection and
reporting requirements.
Several commenters asked the Bureau to clarify certain scenarios
related to a covered application, including clarifying that certain
scenarios are not covered applications. Several industry commenters
were concerned that language in the NPRM's preamble--noting that ECOA
section 704B(b)(1) provides that an ``application'' triggering data
collection and reporting obligations occurs without regard to whether
such application is received in person, by mail, by telephone, by
electronic mail or other form of electronic transmission, or by any
other means--may be interpreted to require a financial institution to
accept an application through all of these channels. One commenter
asked for clarification whether a covered application includes an
incomplete application where the information provided is insufficient
to render a credit decision by the lender. A trade association
representing online lenders asked the Bureau to expressly exclude from
the definition of a covered application the circumstance where a
business populates certain information on a web page, but does not
follow through with submitting the form to the financial institution.
The commenter argued that it would be very burdensome for the financial
institution to capture such circumstances as reportable transactions
and that attempting to do so would result in misleading, erroneous, and
unhelpful data. A couple commenters requested certain additional
exclusions from the definition of covered application, including for
HMDA reporters, co-branded and private label credit cards, and
purchased loans.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.103(a) as proposed to define a ``covered application'' as an oral
or written request for a covered credit transaction that is made in
accordance with procedures used by a financial institution for the type
of credit requested. As described above, the overwhelming majority of
commenters, including industry and community group commenters,
supported this definition. As noted by some commenters, the definition
will be familiar to creditors, provides flexibility to accommodate
different application procedures and lending models (including written
and oral applications), and will capture incomplete and withdrawn
applications, which are essential data for identifying potential
barriers to credit, including potential discrimination. Final Sec.
1002.103(a) will also align with the similar definition of
``application'' in existing Sec. 1002.2(f), which is reasonable given
the term ``application'' is otherwise undefined in ECOA and section
1071. Finally, the Bureau believes this approach strikes an appropriate
balance by triggering data collection and reporting requirements only
after there is a request for credit (using procedures defined by the
financial institution), but still early enough in the process to
capture most incomplete, withdrawn, and denied applications, which are
essential data to the purposes of section 1071.
A number of industry commenters, particularly smaller institutions
that engage in relationship lending, described the application process
as informal, high-touch, and involving extensive back-and-forth. The
Bureau believes the final definition of covered application can work
well within the heterogeneous and sometimes iterative context of small
business lending. Indeed, final Sec. 1002.103(a) defines covered
application in a manner that provides financial institutions
flexibility to define an application based on its own unique business
model. Thus, while a financial institution must have some type of
trigger or tipping point within its process when an applicant has made
a request for credit in accordance with its procedures, therefore
triggering a ``covered application,'' financial institutions have
leeway on how precisely to define that tipping point, provided it
occurs in the early stages of the process before a financial
institution has begun meaningfully evaluating or underwriting the
request.\338\ Moreover, as noted above, creditors complying with
existing Regulation B should be familiar with this definition, and have
already incorporated it in some manner into their processes.\339\ In
response to industry commenters' concern that data collection and
reporting under this final rule will standardize and formalize small
business lending, the Bureau notes that most of this feedback was not
directed at the proposed definition of a ``covered application,'' but
rather at the overall data collection and reporting regime. Indeed,
some of the commenters raising these concerns also expressly supported
the proposed definition of a covered application. Moreover, in response
to commenters' general concerns that data collection and reporting
under this rule will standardize and formalize small business lending,
the Bureau does not believe that collection of certain data points will
necessitate that lenders to fundamentally alter how they conduct
business. Moreover, section 1071 is a congressional mandate; the Bureau
has sought to implement it in a manner that furthers the purposes of
the statute while reducing unnecessary burden.
---------------------------------------------------------------------------
\338\ The Bureau recognizes that the flexibility provided in
final Sec. 1002.103(a), which defines a covered application, may
result in data collection and reporting obligations being triggered
at different times for different financial institutions and
different types of covered credit transactions. For example, for a
financial institution that defines an application under its
procedures as the submission of a standard form either online or in-
person, a ``covered application'' will be triggered when an
applicant submits the form. In contrast, another financial
institution may not use a standard form and instead define an
application as a request for credit only when the applicant
authorizes the creditor to pull a credit check on the business and
principal owners to allow the creditor to determine whether the
business, in particular, qualifies for a particular product. In that
circumstance, a ``covered application'' will not be triggered until
that process was satisfied. Using the same example, if the financial
institution orally collects certain information from a prospective
applicant (such as gross annual revenue and business location) and
discusses with the prospective applicant potential credit product
options offered by the financial institution, no ``covered
application'' will be triggered until the prospective applicant
indicates that it wants to proceed to apply for credit and
authorizes the financial institution to pull a credit check.
Similarly, if a prospective applicant merely expresses interest in
knowing the types of products that the creditor offers--not yet
focusing on any particular type of covered credit transaction and
not yet interested in submitting a ``covered application''--the
interaction also will not be reportable under this example.
\339\ The Bureau believes that business creditors should be
familiar with operationalizing this definition based on their
experience providing adverse action notices under existing
Regulation B, which can be triggered in relation to an incomplete
application. See Sec. 1002.9(a)(1) and (c) (requiring notice within
30 days after taking adverse action on an incomplete application or
30 days after receiving an incomplete application). The Bureau
believes that financial institutions may also be familiar with
Regulation C's definition of ``application,'' which generally aligns
with existing Sec. 1002.2(f)'s definition of the term. See Sec.
1003.2(b) (generally defining an ``application'' as ``an oral or
written request for a covered loan that is made in accordance with
procedures used by a financial institution for the type of credit
requested''); see also Regulation C comment 2(b)-1 (noting that
Bureau interpretations that appear in the official commentary to
Regulation B are generally applicable to the definition of
application under Regulation C).
---------------------------------------------------------------------------
[[Page 35210]]
Several commenters had specific suggestions or concerns regarding
the definition of a covered application. Regarding several commenters'
concern that the definition is too subjective, the Bureau notes that a
bright-line definition would likely impose a more rigid process on
financial institutions that would be difficult to implement given the
heterogenous nature of small business lending. Moreover, as noted
above, the definition used in final Sec. 1002.103(a) should be
familiar to financial institutions and will provide consistency with
existing Regulation B and Regulation C. The Bureau is also not adopting
existing Regulation B's definition of a ``completed application,'' as
urged by some commenters. Although the Bureau agrees that a ``completed
application'' definition would provide greater uniformity, the
definition would exclude incomplete applications and most withdrawn
applications. The Bureau believes including such applications is
essential to the purposes of section 1071, as it may reflect demand for
credit and potential discrimination early in the application process.
As to the commenters who took issue with the proposed covered
application definition precisely because it includes incomplete and
withdrawn applications, the Bureau believes collecting data on such
applications is likewise essential for the purposes of section 1071 and
may reveal important trends or information on why small businesses
initially seek credit, but ultimately do not complete the application
process.
On the other hand, the Bureau does not believe it would be
appropriate to expand the definition of ``covered application'' to
include all communications where a business inquires about credit and
seeks a decision. Although discrimination may occur in the pre-
application phase, the Bureau believes that it could be very difficult
as an operational matter for financial institutions to collect 1071
data whenever a business expresses any interest in credit, no matter
how preliminary or informal the request, and that could require
reporting of transactions with missing, unavailable, or erroneous data.
As discussed below in the section-by-section analysis of Sec.
1002.103(b), the Bureau is excluding inquiries and prequalification
requests from the definition of a covered application; many of the
reasons for those exclusions are relevant here as well and thus the
Bureau is not broadening the general definition of a covered
application. In response to a commenter's concern about reporting of
oral applications, the Bureau notes that it is the responsibility of
the financial institution to ensure that it accurately collects and
reports required data pursuant to final Sec. 1002.107, no matter the
method of application. Commenter requests for certain additional
exclusions from the definition of covered application, including for
HMDA reporters, co-branded and private label credit cards, and
purchased loans, are addressed in more detail in the section-by-section
analysis of Sec. 1002.104 below.
Several commenters asked the Bureau to clarify certain scenarios
related to a covered application. First, in response to several
industry commenters' concerns that the language in the NPRM's preamble
discussing ECOA section 704B(b)(1) could be interpreted to require a
financial institution to accept an application through all of these
channels, the Bureau notes that this was not the intent and that it
does not interpret ECOA section 704B(b)(1) in that manner. Rather, the
Bureau interprets the statutory language to mean that data collection
and reporting requirements apply regardless of a financial
institution's method of accepting applications. Thus, whatever the
means used by a financial institution to accept applications (e.g., in
person, by telephone, by electronic transmission, etc.), once a covered
application is triggered, the financial institution has a duty to
collect and report on the application.
Next, a commenter asked whether a covered application includes an
incomplete application where the information provided is insufficient
to render a credit decision by the lender. Assuming the business has
requested a covered credit transaction in accordance with procedures
used by a financial institution for the type of credit requested, the
financial institution would be required to collect and report data,
even if there is insufficient information to render a credit
decision.\340\ Indeed, as noted above, the Bureau believes capturing
incomplete or withdrawn applications is essential to the purposes of
section 1071.
---------------------------------------------------------------------------
\340\ Generally, a ``covered application'' may align with the
information necessary to make a credit decision or it may be
possible to have a ``covered application'' before having information
necessary to make a credit decision--it depends on each financial
institution's own procedures. For example, suppose a financial
institution defines an application under its procedures as the point
when an applicant, or someone on the applicant's behalf, requests
credit by filling out certain key pieces of information on an
application form. If nothing else is required to qualify for credit
and the financial institution's process is to immediately transmit
the application to underwriting for a decision once the form is
submitted, under the proposed definition of ``covered application,''
data collection and reporting obligations would likely be triggered
at the same time there is sufficient information to make a credit
decision. On the other hand, if the financial institution requires
additional verification of information and the institution commonly
makes follow-up requests after the applicant has requested credit
and before submitting the loan file to underwriting, the financial
institution would likely have a ``covered application'' before it
has sufficient information to make a credit decision.
---------------------------------------------------------------------------
In response to a trade association's request to expressly exclude
from the definition of a covered application the circumstance where a
business populates certain information on a web page, but does not
follow through with submitting the form to the financial institution,
the Bureau notes that reporting of such circumstances depends on the
procedures used by a financial institution for the type of credit
requested. For example, if a financial institution's procedures require
an applicant to submit a paper or digital form to the financial
institution in order to be considered for the credit product requested,
then there is no covered application that is reportable until the
business submits the form to the financial institution. If, on the
other hand, the financial institution regularly begins evaluating
information about the applicant even if the form is not ``officially''
submitted to the financial institution, then there is likely a
reportable covered application, even if the applicant has not
``submitted'' the form. In other words, if a financial institution
offering online applications does not track or begin to evaluate
applications until the business presses a ``submit'' button, the
financial institution would not be required to begin tracking partial
information inputted online for purposes of this final rule.
One commenter was concerned that the proposed definition lacked
standardization, and emphasized the need for monitoring to ensure that
financial institutions define an application under their own procedures
in a manner that generates consistent data and is early enough in the
process to capture incomplete and withdrawn applications. The Bureau
agrees that review of data, including peer analysis, is important and
may indicate whether a financial institution collects data in a manner
that appropriately captures incomplete and withdrawn applications. For
example, instances of unusually high approval rates or unusually low
rates of incomplete and withdrawn applications can preliminarily
indicate financial institutions that may be seeking to define an
``application'' in its written
[[Page 35211]]
policies as occurring later in the process than actually occurs in
practice; if a financial institution has a very high approval rate
because all ``applications'' have been vetted earlier in the process,
the financial institution's stated definition of an application likely
does not reflect its actual practices. Similarly, where a financial
institution has very few incomplete or withdrawn applications this
may--depending on the financial institution's product offering and
business model--be a sign that the financial institution is collecting
data or defining an application as occurring after an applicant has
requested credit. While a financial institution has flexibility to
identify its own procedures for what constitutes a request for credit,
thereby triggering data collection and reporting obligations under this
final rule, the Bureau anticipates that in most cases a covered
application will typically occur before the financial institution
underwrites or evaluates the request for credit.
The Bureau is finalizing comment 103(a)-1 with minor revisions for
clarity. Final comment 103(a)-1 underscores that a financial
institution has latitude to establish its own application procedure and
to decide the type and amount of information it will require from
applicants. The Bureau removed the word ``process'' (from the phrase
``process and procedures'') in proposed comment 103(a)-1 to align with
the term ``procedures'' in final Sec. 1002.103(a) and in final comment
103(a)-2; the rewording is not intended to indicate a substantive
change. The Bureau is also finalizing as proposed comments 103(a)-2 and
-3. Final comment 103(a)-2 explains that the term ``procedures'' refers
to the actual practices followed by a financial institution as well as
its stated application procedures, and provides an example. Final
comment 103(a)-3 provides that the commentary accompanying existing
Sec. Sec. 1002.2(f) and 1002.9 is generally applicable to the
definition of ``covered application,'' except as provided otherwise in
final Sec. 1002.103(b).
In response to certain commenter questions about the scope of a
covered application, the Bureau is adding new comment 103(a)-4 to
clarify that the term covered application does not include
solicitations, firm offers of credit, and other evaluations or offers
initiated by the financial institution because in these situations, the
business has not made a request for credit, and provides illustrative
examples. New comment 103(a)-4, including a summary of comments
received relating to the change, is discussed in the section-by-section
analysis of Sec. 1002.103(b).
The Bureau is finalizing comment 103(a)-5 (proposed as comment
103(a)-4) to provide that if an applicant makes a request for two or
more covered credit transactions at one time, the financial institution
reports each request as a separate covered application. The Bureau
believes this approach furthers the purposes of section 1071 by better
capturing demand for credit, including demand for different covered
credit transactions at the same time. The Bureau also believes this
method of reporting will lead to higher data accuracy, as argued by one
commenter, due to the simplicity of the approach. Finally, the Bureau
believes that concerns about duplicative information requests will be
mitigated by permitting financial institutions to reuse certain
previously collected data, as set forth in final Sec. 1002.107(d). In
response to a commenter request, the Bureau is revising final comment
103(a)-5 to clarify that if an applicant is only requesting a single
covered credit transaction, but has not decided on which particular
product, the financial institution reports the request as a single
covered application. This clarification resolves a commenter's concern
that a financial institution will need to report multiple covered
applications if more than one credit product is acceptable to the
applicant. Final comment 103(a)-5 also provides illustrative examples.
The Bureau is finalizing comments 103(a)-6 and -7 (proposed as
comments 103(a)-5 and -6) with minor adjustments for clarity and
consistency. Final comment 103(a)-6 addresses the circumstance where an
initial request for a single covered credit transaction would result in
the origination of multiple covered credit transactions. Similarly,
final comment 103(a)-7 addresses requests for multiple lines of credit
at one time, providing that such requests are reported based on the
procedures used by the financial institution for the type of credit
account.
The Bureau is adopting new comment 103(a)-8 to address reporting of
duplicate covered applications. Under new comment 103(a)-8, a financial
institution may treat two or more duplicate covered applications as a
single covered application for purposes of subpart B, so long as for
purposes of determining whether to extend credit, the financial
institution would also treat one or more of the applications as a
duplicate under its procedures. The Bureau is adding this comment to
respond to commenters' general concerns about duplicative reporting and
because the Bureau does not believe reporting of true duplicates would
further the purposes of section 1071. As set forth in new comment
103(a)-8, however, the provision only applies if the applications are
duplicates that a financial institution would otherwise treat as such
under its own procedures.
The Bureau is finalizing comment 103(a)-9 (proposed as comment
103(a)-7) with revisions for clarity. Final comment 103(a)-9 addresses
how a financial institution reports applications where there is a
change in whether the applicant is requesting a covered credit
transaction. Final comment 103(a)-9 provides that if an applicant
initially requests a product that is not a covered credit transaction,
but prior to final action taken decides to seek instead a product that
is a covered credit transaction, the application is a covered
application and must be reported pursuant to final Sec. 1002.109.
However, if an applicant initially requests a product that is a covered
credit transaction, but prior to final action taken decides instead to
seek a product that is not a covered credit transaction, the
application is not a covered application and thus is not reported. The
Bureau agrees with commenters' concerns that requiring reporting on
applications where the applicant ultimately does not seek a covered
credit transaction could lead to data quality issues, for example, if
only partial data are captured. Although the Bureau sought comment on
whether to require full or limited reporting in order to address
concerns about potential steering in these cases, the Bureau did not
receive any specific comments advocating for either full or limited
reporting. In response to commenter requests for clarification that a
financial institution does not violate existing Regulation B if it
collects otherwise prohibited information on a transaction that
ultimately is not a covered application, the Bureau has revised final
Sec. 1002.112(c)(4) to provide a safe harbor for incorrect
determination of a covered credit transaction if, at the time of
collection, the financial institution had a reasonable basis for
believing that the application was a covered application. The Bureau
has also revised final comment 103(a)-9 to clarify that once a
financial institution determines there is a covered application, it
shall endeavor to compile, maintain, and report the data required under
Sec. 1002.107(a) in a manner that is reasonable under the
circumstances. Final comment 103(a)-9 also discusses reporting if a
financial institution makes a counteroffer for a product that is not a
covered credit
[[Page 35212]]
transaction. Finally, the Bureau revised the language ``during the
application process'' to ``prior to final action taken'' in final
comment 103(a)-9 to provide greater clarity on the applicable
timeframe.
The Bureau is adding new comment 103(a)-10 to address reporting in
situations where a covered financial institution receives a covered
application from multiple businesses that are not affiliates, as
defined in final Sec. 1002.102(a). The Bureau is adding this
commentary in response to commenters' questions about how to report
certain data if there is more than one co-applicant. Final comment
103(a)-10 provides that if a covered financial institution receives a
covered application from multiple businesses who are not affiliates, as
defined by final Sec. 1002.102(a), it shall compile, maintain, and
report data pursuant to final Sec. Sec. 1002.107 through 1002.109 for
only a single applicant that is a small business, as defined in final
Sec. 1002.106(b). A covered financial institution shall establish
consistent procedures for designating a single small business for
purposes of collecting and reporting data under subpart B in situations
where there is more than one small business co-applicant, such as
reporting on the first small business listed on an application form.
The Bureau considered requiring reporting data of all co-applicant
small businesses, but doing so could potentially add significant
complexity and may result in data quality issues. For example,
reporting co-applicants as separate applications would likely result in
duplicative reporting or special rules to address how to modify the
reported data to avoid duplication. Similarly, requiring additional
fields to accommodate reporting of all co-applicants' information would
result in a significant expansion of the total data fields reported,
adding considerable complexity and potentially leading to data quality
issues. Given that only two commenters raised the issue of co-
applicants, the Bureau believes that financial institutions likely do
not frequently encounter applications involving more than one small
business applicant.
On the other hand, the Bureau is not requiring reporting of a small
business co-applicant only if it is the primary business seeking
funding, as suggested by one commenter. The Bureau believes it may not
always be clear who is the ``primary'' applicant if there are multiple
co-applicants; such a rule could be used to evade reporting altogether
in these situations. The Bureau therefore believes that it is
reasonable to require data collection and reporting for a single small
business if there are multiple co-applicants. Final comment 103(a)-10
provides several illustrative examples. In addition, new Sec.
1002.5(a)(4)(x) permits a creditor to collect certain demographic
information concerning a co-applicant without violating existing
Regulation B. See also the section-by-section analysis of Sec.
1002.106(b) for a discussion of calculating gross annual revenue for
purposes of determining small business status under final Sec.
1002.106(b) if there are multiple co-applicants.
Lastly, the Bureau is adding new comment 103(a)-11 to clarify that
refinances and requests for additional credit amounts on an existing
account are covered applications, as further discussed in the section-
by-section analysis of Sec. 1002.103(b).
103(b) Circumstances That Are Not Covered Applications
Proposed Rule
Proposed Sec. 1002.103(b) would have identified certain
circumstances that are not covered applications--even if they may
otherwise be considered an application under existing Sec. 1002.2(f).
Specifically, the Bureau proposed that a covered application would not
include (1) reevaluation, extension, or renewal requests on an existing
business credit account, unless the request seeks additional credit
amounts; and (2) inquiries and prequalification requests. Solicitations
and firm offers of credit would also not have been ``covered
applications'' under the proposed definition. Proposed comments 103(b)-
1 through -5 would have provided additional guidance and examples of
circumstances that do and do not trigger data collection and reporting
for covered applications.
The Bureau sought comment on proposed Sec. 1002.103(b) and
associated commentary concerning circumstances that would not be a
covered application. Solicitations for comment on specific issues are
noted throughout the discussion below.
Reevaluation, extension, or renewal requests on an existing
business credit account, unless the request seeks additional credit
amounts. The Bureau proposed to exclude from the definition of a
``covered application'' requests by borrowers to modify the terms or
duration of an existing extension of credit, other than requests for
additional credit amounts. The Bureau believed that requests to modify
the terms or duration of an existing extension of credit, which occur
with high frequency in the small business lending space, would have
added complexity and burden for financial institutions, while
potentially providing limited additional information relevant to the
purposes of section 1071.
However, the Bureau proposed that reporting would have been
required for requests for additional credit amounts (such as line
increases or new money on existing facilities). The Bureau believed
that capturing requests for additional credit amounts would further the
purposes of section 1071, particularly the community development
purpose, as it would have more accurately captured demand for credit.
Inquiries and prequalification requests. The Bureau proposed to
exclude inquiries and prequalification requests from what constitutes a
``covered application.'' The Bureau believed that requiring data
collection for all inquiries and prequalification requests could create
operational challenges and pose data accuracy issues, including raising
the risk of missing, unavailable, erroneous, or duplicative data.
The Bureau also considered whether to only require reporting of
inquiries and prequalification requests in situations that would
otherwise be treated as an ``application'' under existing Regulation
B--i.e., when the financial institution evaluates information about the
business, decides to decline the request, and communicates this to the
business. Ultimately, the logistics of reporting an inquiry or
prequalification request only in these circumstances (where an inquiry
or prequalification request becomes an ``application'' under existing
Sec. 1002.2(f)) could be operationally challenging for financial
institutions, could lead to data distortion as only denials would be
captured, and could cause unintended market effects.
On the other hand, potential discrimination may occur in these
early interactions with a financial institution. In particular, the
Bureau was concerned about excluding data on inquiries and
prequalification requests when the financial institution evaluates
information about a business and declines the request, as such data may
be useful for identifying potential discouragement of or discrimination
against applicants or prospective applicants.
Ultimately, however, the Bureau believed it was appropriate to
interpret ``application'' as used in section 1071 to exclude inquiries
and prequalification requests given the considerations identified
above, including the timing and often informal nature of such
[[Page 35213]]
interactions, the operational challenges of implementing such a
definition, and related concerns about the reliability of the data.
The Bureau sought comment on a number of issues in connection with
the reporting of inquiries and prequalification requests. For example,
the Bureau sought comment on whether instead to define a ``covered
application,'' consistent with existing Regulation B, to include
inquiries or prequalification requests where the financial institution
evaluates information about the business, decides to decline the
request, and communicates this to the business. Related to this
alternative approach, the Bureau further sought comment on whether
additional data fields would be necessary in order to distinguish
prequalification requests and inquiries from other reported
applications. In addition, if the Bureau were to require reporting of
declined inquiries or prequalification requests, the Bureau sought
comment on whether financial institutions would want the option to
report all prequalification requests and inquiries, to allow for a
comparison with denials.
Solicitations, firm offers of credit, and other evaluations or
offers initiated by the financial institution. Proposed comment 103(b)-
4 would have clarified that the term covered application does not
include solicitations and firm offers of credit. The Bureau explained
that like other reviews or evaluations initiated by the financial
institution, these communications do not involve an applicant
requesting credit, and so would not be ``covered applications.''
Excluding solicitations and firm offers of credit would also be
consistent with the language of ECOA section 704B(b)(1), which
expressly contemplates that an application could arise in response to a
solicitation by a financial institution, though the text is silent on
solicitations without any applicant response. Thus, consistent with the
statutory language, the Bureau proposed that a solicitation or firm
offer of credit could become a ``covered application'' under the
proposed definition if an applicant responds to the solicitation or
offer by requesting a covered credit transaction.
Comments Received
The Bureau received comments on its proposal to identify certain
circumstances that are not covered applications, even if they otherwise
would have been considered an application under existing Sec.
1002.2(f), from a wide range of lenders, trade associations, community
groups, and a business advocacy group.
Some commenters, including several lenders and trade associations,
expressly supported all the clarifications of circumstances that are
not reportable in proposed Sec. 1002.103(b). One noted that the
proposed exclusions would avoid duplicative steps and keep the data
collection focused on its core purposes. Other commenters stated that
the proposed exclusions were appropriate because they would not provide
useful data and that the proposal would help ease financial
institutions' transition to data collection. Comments on particular
aspects of proposed Sec. 1002.103(b) are discussed below.
Reevaluation, extension, or renewal requests on an existing
business credit account, unless the request seeks additional credit
amounts. Many industry commenters supported the Bureau's proposed
exclusion of reevaluations, extensions, or renewal requests on an
existing business credit account. However, industry commenters largely
urged the Bureau to exclude requests for additional credit amounts on
existing accounts. These commenters argued that reporting line
increases would add unnecessary complexity and time to an otherwise
streamlined process that occurs with high frequency, in response to
rapid changes to business conditions, and is typically automated, which
they said further lowers any risk of discrimination. These commenters
argued that data collection for line increases would hurt small
businesses by introducing hurdles in transactions where time is of the
essence, and might discourage businesses from seeking line increases or
creditors from offering them. Commenters also noted differences in how
credit line increases are underwritten compared to other business
credit: the process typically does not involve an application or other
documentation, may involve limited underwriting, and any analysis
performed is usually focused on the business's past performance and
relationship with the financial institution. In addition, commenters
expressed concern that including line increases would distort the data
(for example, by ``double reporting'' accounts or because of the unique
nature of credit line increases) or would provide data of limited
value. A couple commenters emphasized the potential compliance
difficulties for financial institutions, noting that excluding line
increases would be simpler and avoid the need for financial
institutions to determine who initiated a line increase. A trade
association raised the additional concern that reporting of credit line
increases and other requests for additional credit amounts will inflate
the number of originations counted for purposes of determining whether
an institution is a covered financial institution. In support of
excluding modifications more generally, one commenter stated that
modifications are not explicitly covered by other consumer financial
laws and regulations, such as HMDA, the Real Estate Settlement
Procedures Act of 1974 (RESPA), and Regulation Z.
Although opposed to the reporting of line increases, several
commenters urged that, to the extent such transactions are reportable,
the Bureau should mitigate the burden on financial institutions by (1)
exempting any existing account from data collection under the Bureau's
rule; and (2) permitting lenders to rely on prior responses regardless
of when provided, unless there is a reason to believe the data are
inaccurate. In support of the first proposal, these commenters argued
that existing accounts may need challenging technology build-outs to
integrate the rule's data collection requirements and existing clients
may not be used to the collection process.
Most community groups to comment on this issue generally requested
that all such circumstances (reevaluations, extensions, renewals), as
well as refinances, be treated as reportable applications. These
commenters argued that there should be a reportable application
whenever a business communicates an interest in obtaining credit and
has requested lender action, or if the lender takes action on the
request, such as pulling a credit report, the business's tax
information, or obtaining other data that can be used for
underwriting--particularly if the financial institution's actions might
negatively affect the business (for example, by lowering their credit
score). A few commenters specifically focused on renewals and
extensions, urging the Bureau to require reporting of these
transactions, and to separate such transactions in the data from new
originations. These commenters argued that renewals and extensions are
an important source of credit for businesses and not reporting such
circumstances would create a disconnect with Community Reinvestment Act
(CRA) reporting. One commenter urged the Bureau to collect verbal and
written agricultural loan modification or restructuring requests made
to the Farm Service Agency, arguing that such requests constitute
applications under existing Regulation B, highlighting concerns about
discrimination in loan
[[Page 35214]]
servicing and the detrimental effects on businesses when servicing
applications are not granted, including default, acceleration, and
foreclosures. Some commenters further argued that lender-initiated
renewals should also be captured, given the detrimental effect they may
have on a business that is ``denied'' credit or experiences a reduction
in access to credit.
Several commenters requested clarification on aspects of the
Bureau's proposed approach to reevaluation, extension, or renewal
requests. A community bank was uncertain what dates to report under
Sec. 1002.107(a)(2) and (9) (application date and action taken date)
for requests for additional credit on existing accounts, and was
concerned that if the dates changed from the initial origination, it
could be construed as a data misrepresentation. Several other
commenters inquired whether a transaction is a reportable covered
application if a new note is executed as part of a request to
consolidate existing credit amounts under the same terms or as part of
a periodic review extending the credit under the same terms. A sales-
based financing company explained that its customers often request
funding over time, and asserted that each new request for credit should
be reportable.
Inquiries and prequalification requests. The industry commenters to
weigh in on inquiries and prequalification requests, including several
banks, a CDFI lender, trade associations, and a business advocacy
group, overwhelmingly supported the Bureau's proposal to exclude
inquiries and prequalification requests. Commenters argued that
including inquiries and prequalification requests would be
operationally difficult given the high volume of such requests and
because the interactions typically occur before the financial
institution has the infrastructure in place to track requests for
credit. They also argued that including such interactions could be
misleading and lead to data accuracy issues, given the informal nature
of such requests and because many such inquiries are subsequently
abandoned or otherwise left incomplete. A business advocacy group also
noted concerns about duplicative reporting of inquiries and
prequalification requests if the business ultimately submits a credit
application. A group of trade associations for insurance premium
finance lenders argued that including inquiries and prequalification
requests would be unworkable for their lenders, who are often not aware
of a prospective applicant's interest in credit until they receive an
agreement from the applicable insurance agent or broker; as a result,
such financial institutions would be unaware of any inquiries or
prequalification requests. Another commenter argued that reporting such
transactions would effectively punish borrowers for inquiring about
qualification requirements, products, and rates. Finally, one commenter
stated that each financial institution should be permitted to define
what constitutes an application, including any exclusions. Although
industry commenters were generally in favor of the exclusion, a number
of industry commenters stated that the line between inquiries or
prequalification requests and covered applications should be
sufficiently clear to avoid uncertainty during implementation, and
asked the Bureau provide examples, in commentary to the rule, to
differentiate these scenarios.
Conversely, a number of commenters, including a lender and
community groups, urged the Bureau to require reporting on all or some
inquiries and prequalification requests. Citing a study identifying the
prevalence of discrimination in the pre-application phase,\341\
commenters argued that the definition of covered application must be
broad enough to capture pre-application phase discrimination. Several
commenters requested that all communications where a business inquires
about credit and seeks a credit decision should be reportable; another
commenter urged reporting whenever the financial institution pulls a
credit report or takes other action to begin underwriting. Several
other commenters suggested that the Bureau align with existing
Regulation B's treatment of prequalifications by treating denied
inquiries and prequalifications as reportable applications.\342\ One
community group emphasized the importance of having online applications
reported, including online prequalification requests in particular. The
commenter argued that the absence of such data has been detrimental in
the HMDA context, it creates an imbalance between online and
traditional lenders, and the burden of reporting would be low as
lenders are already required to capture such transactions for purposes
of providing adverse action notices.
---------------------------------------------------------------------------
\341\ Nat'l Cmty. Reinvestment Coal., Disinvestment,
Discouragement and Inequity in Small Business Lending (Sept. 2019),
https://ncrc.org/wp-content/uploads/2019/09/NCRC-Small-Business-Research-FINAL.pdf.
\342\ Existing comment 2(f)-3 provides that a creditor treats an
inquiry or a prequalification request as an application if it
evaluates information about the consumer, decides to decline the
request, and communicates this to the consumer.
---------------------------------------------------------------------------
Although the Bureau sought comment on whether, alternatively, to
define a ``covered application'' consistent with Regulation C--which
does not require a financial institution to report prequalification
requests and does not address reporting of inquiries more generally--
the Bureau did not receive any comments directly on this point.
Similarly, the Bureau did not receive any comments directly responding
to its request for comment on the frequency with which financial
institutions accept prequalification requests and what data are
collected in connection with such prequalification requests, as well as
potential effects on the market if some or all prequalification
requests were reportable under section 1071. In addition, the Bureau
did not receive any comments in response to its request for feedback on
whether assumptions \343\ are used in the small business lending
context and whether reporting of assumptions for small business lending
would further the purposes of section 1071.
---------------------------------------------------------------------------
\343\ Regulation C requires the reporting of assumptions for
HMDA. See Regulation C comment 2(j)-5 (discussing when assumptions
should be reported as home purchase loans).
---------------------------------------------------------------------------
Solicitations, firm offers of credit, and other evaluations or
offers initiated by the financial institution. A number of industry
commenters urged the Bureau to exclude ``preapprovals,'' which the
commenters described as credit offered or originated by the financial
institution without an initiating application from the business
(including offers for a different product or offers to extend
additional credit amounts). One of the commenters was particularly
concerned about lender-initiated offers based on data collected or
acquired by the financial institution about the small business; for
example, a financial institution that uses deposit account data to
evaluate a business for credit card offers. The commenter argued that
in these circumstances, the business has not been ``denied'' credit
because it never applied for credit; similarly, the commenter argued,
accepted offers also should not be reported because there is no
initiating application from the business. The commenter further argued
that reporting of originated offers initiated by the financial
institution would skew the data, as it would only reflect approvals.
Reporting of ``denied'' offers, argued the commenter, would be
infeasible, create confusion for the customer, and likely lead lenders
to discontinue extending such offers altogether. Several other industry
commenters similarly urged the Bureau to exclude ``preapprovals,''
though they
[[Page 35215]]
did not explain what precisely they meant by the term. One commenter
argued that while preapprovals are clearly articulated in Regulation C,
``preapprovals'' do not exist in the small business lending space.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.103(b) as proposed to identify certain circumstances that are not
covered applications, even if they otherwise would have been considered
an application under existing Sec. 1002.2(f). Specifically, final
Sec. 1002.103(b) provides that a covered application does not include
(1) reevaluation, extension, or renewal requests on an existing
business credit account, unless the request seeks additional credit
amounts; and (2) inquiries and prequalification requests. The Bureau is
finalizing comments 103(b)-1 through -4 with minor revisions for
clarity and consistency, to provide additional guidance and examples of
circumstances that do and do not trigger data collection and reporting
under the definition of a covered application. The Bureau is finalizing
comment 103(b)-5, which discusses inquiries and prequalification
requests, to provide additional discussion and examples distinguishing
a covered application from an inquiry or prequalification request. As
discussed in the section-by-section analysis of Sec. 1002.103(a)
above, the Bureau is also adding new comment 103(a)-4 to clarify that
solicitations, firm offers of credit, or other evaluations initiated by
the financial institution are not a covered application; however, if
the business seeks to obtain the credit offered, the business's request
constitutes a covered application.
Reevaluation, extension, or renewal requests on an existing
business credit account, unless the request seeks additional credit
amounts. Pursuant to final Sec. 1002.103(b)(1), the Bureau is
excluding reevaluation, extension, or renewal requests on an existing
business credit account, unless the request seeks additional credit
amounts, from the definition of a covered application. The Bureau
believes that requests to modify the terms or duration of an existing
extension of credit--such as extensions on the duration of a credit
line or changes to a guarantor requirement--occur with high frequency
in the small business lending space. If the Bureau were to require
reporting of such circumstances, the Bureau believes it would add
complexity for reporting financial institutions while, as some
commenters have noted, potentially providing limited additional
information relevant to the purposes of section 1071. Moreover, the
Bureau believes that broadly including requests to modify the terms or
duration of existing extensions of credit might affect data quality
absent additional flags to distinguish the transactions from new
originations, as well as to identify the particular nature of the
changes. The Bureau further notes that Regulation C takes a similar
approach by excluding reporting of loan modifications.\344\
---------------------------------------------------------------------------
\344\ See Regulation C comment 2(d)-2. Although CRA regulations
currently require the reporting of renewals, the recent proposed
revisions to the CRA rule would instead use 1071 data once available
to satisfy small business loan and small farm loan data collection
and reporting requirements. 87 FR 33884, 33997-98 (June 3, 2022).
---------------------------------------------------------------------------
Although some commenters argued that such transactions should be
reported because they would provide a better understanding on the
availability of credit, the Bureau believes such benefits would be
modest, particularly absent additional data concerning how the modified
credit request differs from the original request, which would require
the collection of a number of additional data points. Similarly,
although one commenter urged the Bureau to collect verbal and written
agricultural loan modification or restructuring requests made to the
Farm Service Agency, as discussed directly above, the Bureau believes
expanding data collection and reporting requirements to all
modification requests (except requests for additional credit amounts)
would add significant complexity for lenders, could be duplicative, and
may provide limited benefits without knowing the precise terms changed
in the modification request. Nor does the Bureau believe that the
definition of covered application should be expanded to encompass any
expression of interest from a business to obtain credit or action by
the financial institution towards underwriting; as noted above in the
section-by-section analysis of Sec. 1002.103(a) above, triggering data
collection and reporting obligations too early could add significant
complexity and affect data quality.
The Bureau believes that requiring reporting of requests for
additional credit amounts (such as line increases or new money on
existing facilities) is appropriate. Capturing requests for additional
credit amounts directly furthers the purposes of section 1071,
particularly the business and community development purpose, as it will
more accurately capture demand for credit. Although industry commenters
opposed reporting on new credit amounts due to what they described as
the streamlined, fast-paced nature of such reviews, the Bureau believes
those factors do not outweigh the benefits of having these data
collected and reported. Moreover, the Bureau does not believe that
collecting data on such transactions will be so time consuming or
difficult that it will dissuade small businesses from seeking the
additional credit they need, particularly in light of final Sec.
1002.107(d), which permits financial institutions to reuse applicant-
provided data in certain circumstances. Collecting data on requests for
additional credit amounts will assist in fair lending testing and
provide additional insight into small business credit trends and
availability, furthering the purposes of section 1071, even if--as some
commenters suggested--line increases are often underwritten differently
than new requests for credit.
Regarding commenters' concerns about duplicative reporting, the
Bureau notes that pursuant to final Sec. 1002.107(a)(7) and (8), the
financial institution only reports the additional credit amount sought
(and approved or originated, as applicable)--not the entire credit
amount extended--therefore avoiding duplicative reporting. Moreover,
the fact that a request is for a line increase will be reflected in the
reporting of credit purpose pursuant to final Sec. 1002.107(a)(6).
Thus, unlike renewals or modifications more generally, which may occur
for a variety of reasons, requests for additional credit amounts and
the amounts requested will be clearly identifiable in the data. The
Bureau also believes that commenters' concerns about the time and
difficulty associated with collecting data are further mitigated by
final Sec. 1002.107(d), which permits a financial institution to reuse
certain data points under certain circumstances. In response to a
commenter's concern that reporting of credit line increases and other
requests for additional credit amounts will inflate the number of
originations counted for purposes of determining whether an institution
is a covered financial institution, the Bureau notes that new comment
105(b)-4 clarifies that requests of additional credit amounts on an
existing account are not counted as originations for the purpose of
determining whether a financial institution is a covered financial
institution pursuant to Sec. 1002.105(b).
The Bureau is also providing specialized rules for the reporting of
line increases, as suggested by several commenters. One suggested
strategy--exempting accounts that are in place before this final rule
goes into effect--
[[Page 35216]]
could significantly reduce reportable transactions, potentially for
years into the future.\345\ Moreover, under the tiered implementation
period set forth in final Sec. 1002.114(b), the Bureau believes that
financial institutions (and their customers) will have adequate time to
adjust to reporting. Similarly, in response to a different commenter's
question about reporting requests for additional credit amounts, the
Bureau notes that if there is an application for an additional credit
amount on a covered credit transaction, a financial institution must
collect data pursuant to this final rule even if the existing account
was opened prior to the applicable compliance date.
---------------------------------------------------------------------------
\345\ Although information on average business credit card
account age is not publicly available, credit card accounts
typically have no expiration date and so may remain open
indefinitely. Thus, exempting such accounts could create blind spots
in the data for potentially years, or even decades, into the future.
---------------------------------------------------------------------------
The Bureau is also not adopting the commenters' second suggestion--
to indefinitely allow financial institutions to rely on prior applicant
responses--as the commenters provide no reason why reused data are more
trustworthy in the context of requests for additional credit amounts,
compared to other existing customers' requests for new credit. However,
pursuant to final Sec. 1002.107(d), financial institutions may reuse
most applicant-provided data, so long as there is no reason to believe
the data are inaccurate, for up to 36 months. Although not specific to
requests for additional credit amounts, this provision may ease some of
the commenters' concerns.
In response to comments, mainly from community groups, regarding
the importance of having refinance transactions reported, the Bureau is
revising comment 103(b)-2 to make clear that an applicant's request to
refinance, which occurs when an existing obligation is satisfied and
replaced by a new obligation undertaken by the same borrower, is
reportable. The Bureau agrees with commenters that refinance
transactions should be covered applications; they legally constitute a
new credit obligation, and so are typically included within regulatory
schemes governing originations.\346\ Indeed, as one commenter correctly
noted, the Bureau's inclusion of refinancing categories for the credit
purpose data point (in proposed comment 107(a)(6)-1) in the proposed
rule shows that the Bureau intended for refinances to be reportable
transactions.
---------------------------------------------------------------------------
\346\ See, e.g., Fed. Fin. Insts. Examination Council, A guide
to CRA Data Collection and Reporting, at 12 (2015), https://www.ffiec.gov/cra/pdf/2015_CRA_Guide.pdf (stating that an
institution should collect information about small business and
small farm loans that it refinances or renews as loan originations).
Regulation C Sec. 1003.4(a)(3) (requiring reporting of whether the
covered loan is a refinance); Regulation Z Sec. 1026.20(a) (``A
refinancing occurs when an existing obligation that was subject to
this subpart is satisfied and replaced by a new obligation
undertaken by the same consumer. A refinancing is a new transaction
requiring new disclosures to the consumer. . . .'').
---------------------------------------------------------------------------
Several other commenters also requested clarification on aspects of
the Bureau's proposed approach to reevaluation, extension, or renewal
requests. In response to a community bank's questions regarding what
dates to report under Sec. 1002.107(a)(2) and (9) (application date
and action taken date) for requests for additional credit on existing
accounts, the Bureau notes the dates should be based on the new request
for credit. Because a request for additional credit amounts is
considered a separate covered application pursuant to final Sec.
1002.103(a), all data reported, including applicable dates, should be
in reference to the new request for credit, and not the initial
origination. Several other commenters inquired whether a transaction is
a reportable covered application if a new note is executed as part of a
request to consolidate existing credit amounts under the same terms or
as part of a periodic review extending the credit under the same terms.
If an existing obligation is satisfied by a new credit obligation, as
determined by contract and State law, it would generally be reportable
as a covered application (assuming the other conditions of a covered
application are met). Although in certain circumstances this may
require reporting of credit amounts previously outstanding under a
different credit obligation with the same borrower and with similar or
identical terms, the Bureau believes that seeking to exempt these fact-
specific circumstances would add considerable complexity to the rule
and could undermine data quality. The Bureau generally agrees with the
assertion that each new request for credit that is separately evaluated
should be reportable (excluding counteroffers, pursuant to final
comment 107(a)(9)-2). If a financial institution evaluates each new
request for credit, then each of those instances should be reported as
separate covered applications for the amount advanced. For example, if
a small business makes several requests for advances from a merchant
cash advance provider, each of which is evaluated by the provider, each
of those requests will typically constitute a separate covered
application. In contrast, if a financial institution extends a line of
credit up to a specified amount, then any request drawn against the
line within that established limit is authorized and would not be a
separate covered application. See also existing Sec. 1002.2(q), which
defines the term to ``extend credit'' or ``extension of credit.''
Inquiries and prequalification requests. As the Bureau explained in
the NPRM, existing Regulation B recognizes that before a consumer or
business requests credit in accordance with the procedures used by a
creditor for the type of credit requested, a creditor may provide a
prospective applicant with information about credit terms. Generally,
an inquiry occurs when a prospective applicant consumer or business
requests information about credit terms offered by a creditor; a
prequalification request generally refers to a request by a consumer or
business for a preliminary determination on whether the prospective
applicant would likely qualify for credit under a creditor's standards
or for what amount.\347\ Under existing Regulation B comments 2(f)-3
and 9-5, an inquiry or prequalification request may become an
``application'' if the creditor evaluates information about the
consumer or business, decides to decline the request, and communicates
this to the consumer or business; otherwise, such inquiries and
prequalification requests are generally not considered applications
under existing Regulation B. As explained in existing comment 2(f)-3,
whether the inquiry or prequalification request becomes an application
depends on how the creditor responds to the consumer or business, not
on what the consumer or business says or asks. Finally, Regulation C
excludes all prequalification requests from HMDA reporting, even if the
prequalification request constitutes an application under existing
Regulation B.\348\
---------------------------------------------------------------------------
\347\ See Regulation C comment 2(b)-2 (describing
prequalification requests).
\348\ See id.
---------------------------------------------------------------------------
Pursuant to final Sec. 1002.103(b)(2), a ``covered application''
does not include inquiries and prequalification requests, even in
circumstances where the inquiry or prequalification request may
constitute an ``application'' under existing Sec. 1002.2(f). The
Bureau agrees with commenters who stated that reporting inquiries or
prequalification requests would be extremely operationally difficult
given the volume of such requests and because such requests typically
occur very early in the process, making it difficult to obtain or track
applicant-provided data. There could be data quality issues given the
sometimes-informal nature of such
[[Page 35217]]
requests, which could raise the risk of missing, unavailable, or
erroneous data. As noted by one commenter, reporting inquiries and
prequalification requests could also be duplicative if the applicant
subsequently applies for credit in accordance with the procedures
designated by the financial institution; the Bureau would potentially
need to create a separate data field or flag to distinguish such
requests. Requiring reporting of such interactions could also lead
financial institutions to pull back on offering prequalification
reviews or engaging with prospective applicants, which could inhibit
prospective applicants from shopping around for the best terms. As
discussed in the section-by-section analysis of Sec. 1002.103(a)
above, small depository institutions have expressed concern that this
rule will overly formalize small business lending and inhibit
relationship lending. Given these concerns, the Bureau is not expanding
the definition of a covered application to include pre-application
conduct, such as every time a business inquires about credit or if a
financial institution pulls information about the business, as urged by
some community groups.
The Bureau also is not requiring, as suggested by some commenters,
reporting of inquiries and prequalification requests only in situations
that would otherwise be treated as an ``application'' under existing
Regulation B--i.e., when the financial institution evaluates
information about the business, decides to decline the request, and
communicates this to the business. The logistics of reporting an
inquiry or prequalification request only in these circumstances could
be operationally challenging for financial institutions and could lead
to data distortion in a manner inconsistent with the statutory purposes
of section 1071, as only denials would be captured. In this case, a
financial institution may prefer to report all inquiries and
prequalification requests, which could lead to some of the challenges
identified above. Moreover, a financial institution will not know ex
ante whether a prequalification will result in the financial
institution notifying the business it is unlikely to qualify, and so
the financial institution would likely need to collect 1071 data at the
beginning of the interaction regardless. Although the Bureau sought
comment about its concerns related to the reporting of only denials, no
commenters specifically addressed this issue.
As noted above, one commenter emphasized the importance of having
online applications reported, including online prequalification
requests in particular, arguing that the absence of reporting would
lead to a lack of data and an imbalance among lenders. The Bureau
notes, however, that the final rule does not exclude online
applications (nor did the proposal). While prequalification requests
are excluded for the reasons discussed above, that exclusion is not
limited to a particular channel. However, to the extent an online
questionnaire is truly a voluntary tool for businesses to shop around
for potential terms, and not an application under the procedures
established by the financial institution, the Bureau believes such
inquiries should be excluded for the reasons described above.
Of course, requests for credit that meet the definition of
``covered application'' are reportable, even if the application was
preceded by an inquiry or prequalification request. For example, if a
business initially seeks information about potential credit offerings,
the financial institution responds, and then the business submits an
application for a covered credit transaction, the application is
reportable. If, on the other hand, the business asks about potential
credit offerings, but then chooses not to request credit, there is no
covered application.
In response to commenters' request to provide further examples, in
commentary to the rule, to differentiate inquiries or prequalification
requests and covered applications, the Bureau has added to comment
103(b)-5 additional illustrative examples.
The Bureau has also made minor revisions to comment 103(b)-4 for
clarity and consistency.
In sum, the Bureau believes it is appropriate to interpret
``application'' as used in section 1071 to exclude inquiries and
prequalification requests given the considerations identified above,
including the timing and often informal nature of such interactions,
the operational challenges of implementing such a definition, and
related concerns about the reliability of the data. However, the Bureau
does share commenters' concerns about discrimination that may occur in
the pre-application phase. As discussed above, the Bureau believes it
is important for regulators and other enforcers to review data
collected and reported pursuant to section 1071 to preliminarily
identify where financial institutions might not be appropriately
defining an application, and for financial institutions to self-monitor
for the same. For example, as discussed above, very high approval rates
or very low rates of incomplete or withdrawn applications may be a
preliminary indication that the financial institution is evading its
obligations, for example, by collecting 1071 data late in the
application process. Similarly, such rates may also suggest that the
financial institution has a regular practice of decisioning requests
for credit through ``inquiries'' or ``prequalification requests''; if
such reviews are regularly conducted and effectively function as a
prescreening tool for the financial institution, they should be
reported as a ``covered application.'' \349\
---------------------------------------------------------------------------
\349\ See also final comment 103(b)-5.
---------------------------------------------------------------------------
The Bureau believes it is important for regulators and other
enforcers to also carefully review the data for indicia of potential
illegal discouragement in the pre-application stage, and for financial
institutions to self-monitor for the same. For example, analyzing the
rates of applications from small businesses within majority-minority
neighborhoods, as compared to a financial institution's peers, may be
useful to identify potential discrimination. Finally, the Bureau notes
that inquiries and prequalification requests where the institution
evaluates information about the consumer or business, declines the
request, and communicates it to the business or consumer, are
``applications'' under existing Regulation B, and are thus subject to
its requirements regarding ``applications,'' including its adverse
action notification requirements and nondiscrimination provisions. As
stated in final comment 103(b)-1, in no way are the exclusions in final
Sec. 1002.103(b) intended to repeal, abrogate, annul, impair, change,
or interfere with the scope of the term application in existing Sec.
1002.2(f) as applicable to existing Regulation B.
Solicitations, firm offers of credit, and other evaluations or
offers initiated by the financial institution. The Bureau is adding new
comment 103(a)-4 to clarify that the term covered application does not
include solicitations, firm offers of credit, and other evaluations or
offers initiated by the financial institution because the business has
not made a request for credit, and to provide illustrative examples.
The Bureau is adding this comment in response to comments from industry
urging the Bureau to exclude ``preapprovals,'' which the commenters
described as credit offered by the financial institution without an
initiating application from the business. The
[[Page 35218]]
Bureau agrees with commenters who urged that solicitations, reviews, or
evaluations initiated by the financial institution should not, on their
own, be considered ``covered applications'' because the communications
do not involve an applicant requesting credit. Excluding solicitations
and firm offers of credit is also consistent with the language of ECOA
section 704B(b)(1), which expressly contemplates that an application in
response to a solicitation by a financial institution could be an
application under section 1071, but the text is silent on solicitations
without any applicant response.
The Bureau does not agree, however, that such offers or evaluations
should not be reported even where the applicant responds to such a
request and seeks the credit offered, as suggested by one commenter.
Once the applicant responds affirmatively to the solicitation
indicating that it wishes to proceed, there is a request for credit
from the applicant; there is no requirement in the final definition of
a covered application that the applicant be the initiating entity, only
that the applicant make an oral or written request for a covered credit
transaction in accordance with procedures used by a financial
institution for the type of credit requested. Capturing such requests
would also implement the language of ECOA section 704B(b)(1), which
provides that data collection and reporting is required ``whether or
not such application is in response to a solicitation by the financial
institution.'' The commenter also argued that reporting on accepted
solicitations or offers would skew the data as it would only include
accepted offers. The Bureau understands that this may result in some
data skew, but believes this outcome is preferrable to having no data
at all on applicant requests for credit in response to a solicitation.
Thus, solicitations, firm offers of credit, or other evaluations or
offers initiated by the financial institution for a covered credit
transaction may become a ``covered application'' if an applicant
responds to the solicitation or offer by requesting the offered credit.
However, if a financial institution unilaterally--with no request from
the business--increases a credit line or provides some other type of
credit to the business, it would not be considered a covered
application because, similar to a mere solicitation, the transaction
does not involve a request for credit.
Several commenters also asked the Bureau to provide that
``preapprovals'' are not covered applications. As noted above, to the
extent the commenters are referring to evaluations or offers initiated
by the financial institution alone, such events are not covered
applications unless the applicant affirmatively responds, wishing to
proceed. However, a preapproval as described in existing comment 2(f)-
5.i is an example of a covered application. Under that comment, a
preapproval occurs when a creditor reviews a request under a program in
which the creditor, after a comprehensive analysis of an applicant's
creditworthiness, issues a written commitment valid for a designated
period of time to extend a loan up to a specified amount. If a
creditor's program does not provide for giving written commitments,
requests for preapprovals are treated as prequalification requests.
Section 1002.104 Covered Credit Transactions and Excluded Transactions
104(a) Covered Credit Transaction
ECOA section 704B(b) requires financial institutions to collect and
report information regarding any application for ``credit'' made by
women-owned, minority-owned, or small businesses. Although the term
``credit'' is not specifically defined in section 1071, ECOA defines
``credit'' as ``the right granted by a creditor to a debtor to defer
payment of debt or to incur debts and defer its payment or to purchase
property or services and defer payment therefor.'' \350\ As noted above
in the section-by-section analysis of Sec. 1002.102(d), existing
Regulation B further defines ``business credit'' as ``extensions of
credit primarily for business or commercial (including agricultural)
purposes,'' with some exclusions.\351\ As discussed in detail below,
the Bureau is finalizing its proposal that covered financial
institutions report data for all applications for transactions that
meet the definition of business credit unless otherwise excluded.
---------------------------------------------------------------------------
\350\ 15 U.S.C. 1691a(d); see also Sec. 1002.2(j).
\351\ 12 CFR 1002.2(g).
---------------------------------------------------------------------------
Proposed Sec. 1002.104(a) would have defined the term ``covered
credit transaction'' as an extension of business credit that is not an
excluded transaction under proposed Sec. 1002.104(b). Proposed comment
104(a)-1 would have reiterated that the term ``covered credit
transaction'' includes all business credit (including loans, lines of
credit, credit cards, and merchant cash advances) unless otherwise
excluded under Sec. 1002.104(b). The Bureau explained that such credit
transactions for agricultural purposes and HMDA-reportable transactions
would have fallen within the scope of the proposed rule. The Bureau
noted that this was not an exhaustive list of covered credit
transactions; other types of business credit would have constituted
covered credit transactions unless excluded by proposed Sec.
1002.104(b). With respect to excluded transactions, proposed Sec.
1002.104(b) would have stated that the requirements of subpart B do not
apply to trade credit, public utilities credit, securities credit, and
incidental credit. Proposed commentary would have made clear that the
term ``covered credit transaction'' also did not cover factoring,
leases, consumer-designated credit used for business purposes, or
credit secured by certain investment properties.
The Bureau received comments on transaction coverage from many
lenders, trade associations, business advocacy groups, nonbank online
lenders, the offices of two State attorneys general, and community
groups. The Bureau received a few comments from industry expressing
general support for the proposed definition of covered credit
transaction. Many community groups, as well as several community-
oriented lenders and a cross-sector group of lenders, community groups,
and small business advocates, requested expansive and broad product
coverage; some commenters argued that such coverage was needed to
prevent evasion, for comprehensive data analysis, and/or to fulfill
section 1071's statutory purposes. Some commenters suggested the Bureau
monitor the market to ensure that new products are covered by, and
reported under, the rule. A business advocacy group and a joint letter
from community groups, community-oriented lenders, and business
advocacy groups urged the Bureau to subject ``all forms of credit''--
including merchant cash advances, factoring, and leases, in addition to
term loans, credit cards, and other forms of credit--to fair lending
and credit need analysis. They asserted that each of these products
occupies a substantial portion of the ``credit market'' for small
businesses and excluding any of them would allow potentially
detrimental lending practices to proliferate.
For the reasons set forth herein, the Bureau is finalizing its
definition of ``covered credit transaction'' in Sec. 1002.104(a) as
proposed. Final Sec. 1002.104(a) defines the term ``covered credit
transaction'' as an extension of business credit that is not an
excluded transaction under Sec. 1002.104(b). Final comment 104(a)-1
reiterates that the term ``covered credit transaction'' includes all
business credit (including loans, lines of credit, credit cards, and
[[Page 35219]]
merchant cash advances) unless otherwise excluded under final Sec.
1002.104(b). Loans, lines of credit, credit cards, merchant cash
advances, and credit products used for agricultural purposes fall
within the scope of this final rule, which covers the majority of
products that small businesses use to obtain financing.\352\ As
discussed in greater detail below, the Bureau believes that covering
these products in this rule is important to fulfilling the purposes of
section 1071. The Bureau stresses that the products discussed herein do
not constitute an exhaustive list of covered credit transactions; other
types of business credit not specifically described in the rule and its
associated commentary nevertheless constitute covered credit
transactions unless excluded by final Sec. 1002.104(b). In line with
this approach, the Bureau thus is not expressly listing other products
(such as credit extensions incident to factoring arrangements discussed
below) as covered credit transactions.
---------------------------------------------------------------------------
\352\ See White Paper at 21-22.
---------------------------------------------------------------------------
Final Sec. 1002.104(b), in turn, states that the requirements of
subpart B do not apply to trade credit, HMDA-reportable transactions,
insurance premium financing, public utilities credit, securities
credit, and incidental credit. Associated commentary makes clear that
the term ``covered credit transaction'' also does not cover factoring,
leases, consumer-designated credit that is used for business or
agricultural purposes, or credit transaction purchases, purchases of an
interest in a pool of credit transactions, and purchases of a partial
interest in a credit transaction. In response to comments received, the
Bureau is now excluding HMDA-reportable transactions and insurance
premium financing from the scope of this final rule. As a result, the
Bureau believes that proposed commentary that would have made clear
that the term ``covered credit transaction'' does not cover credit
secured by certain investment properties is not necessary.
The Bureau agrees that broad product coverage is important to
fulfill section 1071's statutory purposes, though the Bureau is not
extending coverage to all forms of small business financing as
requested by some commenters. The Bureau believes the exclusions from
the definition of covered credit transaction that it proposed in Sec.
1002.104(b) are appropriate and has added two additional exclusions
(HMDA-reportable transactions and insurance premium financing) in
response to comments received. For the reasons set forth herein, the
Bureau is finalizing Sec. 1002.104 pursuant to its authority under
ECOA section 704B(g)(1) to prescribe such rules and issue such guidance
as may be necessary to carry out, enforce, and compile data under
section 1071.
Comments received on specific types of transactions that are
reportable or not reportable under this rule are discussed in turn
below.
Loans, Lines of Credit, and Credit Cards
Proposed Rule
Proposed Sec. 1002.104(a) would have defined the term ``covered
credit transaction'' as an extension of business credit that is not an
excluded transaction under proposed Sec. 1002.104(b). Proposed comment
104(a)-1 would have reiterated that the term ``covered credit
transaction'' includes all business credit (including loans, lines of
credit, credit cards, and merchant cash advances) unless otherwise
excluded under Sec. 1002.104(b). The Bureau did not propose
definitions for loans, lines of credit, and credit cards because the
Bureau believed these products are generally and adequately covered by
the definition of ``credit'' in proposed Sec. 1002.102(i), which, as
noted above, references existing Sec. 1002.2(j). The Bureau sought
comment on its proposed approach to covered credit transactions and
particularly on whether it should define loans, lines of credit, and
credit cards, and, if so, how.
Comments Received
A few commenters expressed general support for the explicit
coverage of loans, lines of credit, and credit cards. One bank
commenter opined that the Bureau's rule does not need to define loans,
lines of credit, and credit cards because those definitions would add
unnecessary complexities. One community group expressed approval for
the Bureau's proposed coverage of lines of credit, stating that such
products meet important credit needs to help businesses weather
fluctuations in revenues and their coverage will help inform
stakeholders whether minority- and/or women-owned businesses are able
to access this important credit type or whether they experience a
disproportionate amount of denials.
The Bureau received mixed feedback regarding its proposed coverage
of credit cards. A few community groups supported credit card coverage,
with one noting that credit cards are widely used by small businesses,
often with smaller principal balances and higher interest rates than
term loans. This commenter stressed the importance of assessing whether
Hispanic- and African American-owned businesses are more likely to rely
upon credit cards than other businesses and whether the smallest
businesses, and women- and minority-owned businesses, have equitable
access to term loans or are served disproportionately by credit card
loans or other credit products.
By contrast, a few credit union trade associations urged the Bureau
to exclude credit cards from the rule to reduce burden and reporting
volumes. One commenter argued that every credit union that offers even
a single small business credit card product will ultimately become a
covered financial institution unless the Bureau either establishes a de
minimis threshold or expressly excludes small business credit cards.
Another urged the Bureau to exclude credit cards from the rule on the
basis that these products are already covered by the Credit Card
Accountability Responsibility and Disclosure (CARD) Act and the
exclusion would reduce compliance burden without weakening the quality
of resulting data and would relieve lenders of the responsibility to
sort out and isolate business credit card data from consumer credit
card data, which are often both run by the same platform independently
of other commercial lending activities.
Final Rule
For the reasons set forth herein, the Bureau is finalizing its
coverage of loan, lines of credit, and credit cards as proposed. These
products are commonly offered to small business applicants (making up
almost 60 percent of the aggregate dollar volume of various financial
products used by small businesses).\353\ According to a recent Federal
Reserve Banks' survey of employer firms, loans and lines of credit were
the most common forms of financing sought by applicants, with credit
cards in second place.\354\ The Bureau believes that covering these
products is important for advancing both of section 1071's statutory
purposes.
---------------------------------------------------------------------------
\353\ See id. at 21 fig. 2.
\354\ 2022 Report on Employer Firms at 25, https://www.fedsmallbusiness.org/survey/2022/report-on-employer-firms.
---------------------------------------------------------------------------
The Bureau does not believe that it would be appropriate to exclude
credit cards from coverage, as requested by several commenters. The
Federal Reserve Banks found that almost one third of employer firm
applicants sought credit cards \355\ and credit card usage among
minority-owned small businesses is higher than among white-
[[Page 35220]]
owned small businesses.\356\ The Bureau believes that excluding this
popular source of small business financing, particularly among the
smallest businesses and start-ups, would not be consistent with section
1071's statutory purposes. The Bureau has considered the concerns
regarding reporting volumes among credit unions and notes that its
higher originations threshold in final Sec. 1002.105(b) for coverage
under the rule should help alleviate these concerns. The Bureau does
not believe that CARD Act reporting is a sufficient substitute for data
collected under section 1071 because it does not cover business-purpose
credit cards and does not include protected demographic information,
both of which are central to section 1071's statutory purposes.
---------------------------------------------------------------------------
\355\ Id.
\356\ See, e.g., Fed. Rsrv. Bank of N.Y. et al., Latino-Owned
Businesses: Shining a Light on National Trends (Nov. 2018), https://www.newyorkfed.org/medialibrary/media/smallbusiness/2017/Report-on-Latino-Owned-Small-Businesses.pdf (finding that Latino business
owners are more likely than non-Latino white business owners to use
credit cards).
---------------------------------------------------------------------------
The Bureau is finalizing Sec. 1002.104(a) and comment 104(a)-1 as
proposed. The Bureau is not adopting definitions for loans, lines of
credit, and credit cards because it believes these products are
generally and adequately covered by the definition of ``credit'' in
Sec. 1002.102(i).\357\
---------------------------------------------------------------------------
\357\ As noted in the section-by-section analysis of Sec.
1002.107(a)(5) below, the Bureau distinguishes between secured and
unsecured loans and lines of credit when financial institutions
report the type of credit product being applied for. The Bureau does
not believe that this distinction has relevance to whether these
products constitute ``credit.''
---------------------------------------------------------------------------
Merchant Cash Advances
Background and Proposed Rule
As discussed above, proposed Sec. 1002.104(a) would have defined
the term ``covered credit transaction'' as an extension of business
credit that is not an excluded transaction under proposed Sec.
1002.104(b), and proposed comment 104(a)-1 would have reiterated that
the term ``covered credit transaction'' includes all business credit
(including loans, lines of credit, credit cards, and merchant cash
advances) unless otherwise excluded under Sec. 1002.104(b). The Bureau
sought comment on its proposed approach to covered credit transactions,
and in particular, on whether it should define merchant cash advances
and/or other sales-based financing transactions, and if so, how.
As the Bureau explained in the NPRM, merchant cash advances are a
form of financing for small businesses that purport to be structured as
a sale of potential future income. Merchant cash advances vary in form
and substance, but under a typical merchant cash advance, a merchant
receives a cash advance and promises to repay it plus some additional
amount or multiple of the amount advanced (e.g., 1.2 or 1.5, the
``payback'' or ``factor'' ``rate''). The merchant promises to repay by
either pledging a percentage of its future revenue, such as its daily
credit and debit card receipts (the ``holdback percentage''), or
agreeing to pay a fixed daily withdrawal amount to the merchant cash
advance provider until the agreed upon payment amount is satisfied.
Merchant cash advance contracts often provide for repayment directly
through the merchant's card processor and/or via Automated Clearing
House withdrawals from the merchant's bank account.\358\ Merchant cash
advances constitute the primary product under an umbrella term often
referred to as ``sales-based financing;'' generally, transactions
wherein a financial institution extends funds to a business and
repayment is based on the business's anticipated sales, revenue, or
invoices.\359\
---------------------------------------------------------------------------
\358\ This description is based on the Bureau's review of a
sample of merchant cash advance contracts that the Bureau believes
fairly represent typical merchant cash advance contracts in the
market. The Bureau's review comports with observations made by
industry and community groups regarding merchant cash advances.
\359\ As stated below, the Bureau is not specifically defining
sales-based financing in the rule because the Bureau believes these
products are covered by the definition of ``credit'' in final Sec.
1002.102(i). New York and California laws have recently sought to
define sales-based financing. New York law, for example, defines
``sales-based financing'' as ``a transaction that is repaid by the
recipient to the provider, over time, as a percentage of sales or
revenue, in which the payment amount may increase or decrease
according to the volume of sales made or revenue received by the
recipient.'' N.Y. Fin. Serv. 801(j). New York's definition of sales-
based financing also encompasses a true-up mechanism where the
financing is repaid as a fixed payment but provides for a
reconciliation process that adjusts the payment to an amount that is
a percentage of sales or revenue. Id. California law uses a similar
definition. See 10 Cal. Code Reg. 2057(a)(22) (defining sales-based
financing as ``a commercial financing transaction that is repaid by
a recipient to the financer as a percentage of sales or income, in
which the payment amount increases and decreases according to the
volume of sales made or income received by the recipient'' and
including ``a true[hyphen]up mechanism'').
---------------------------------------------------------------------------
The Bureau understands that the merchant cash advance market is
generally dominated by nondepository institutions not subject to
Federal safety and soundness supervision or reporting requirements. The
Bureau also understands that merchant cash advance providers may not be
required to obtain State lending licenses. As a result, information on
merchant cash advance lending volume and practices is limited. The
Bureau notes, however, that a few states have enacted laws that would
impose disclosure requirements upon certain commercial financing
providers, including merchant cash advance providers.\360\
---------------------------------------------------------------------------
\360\ See, e.g., Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (Dec.
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
The California law does not go so far as to amend the California
Financing Law to require factors or merchant cash advance providers
to be licensed, but it does impose first-in-the-nation disclosure
requirements in connection with these products similar to those
imposed under TILA. The California law is implemented through
regulations that took effect on December 9, 2022. See State of Cal.
Dep't of Bus. Oversight, PRO 01-18 Commercial Financing Disclosures
SB 1235 (June 9, 2022), https://dfpi.ca.gov/wp-content/uploads/sites/337/2022/06/PRO-01-18-Commercial-Financing-Disclosure-Regulation-Final-Text.pdf. The New York law is also implemented
through regulations, which have not been finalized yet. See N.Y.
Dep't of Fin. Servs., Revised Proposed New 23 NYCRR 600 (Sept. 14,
2022), https://www.dfs.ny.gov/system/files/documents/2022/09/rp_23nycrr600_text_20220914.pdf.
---------------------------------------------------------------------------
Although the Bureau's 2017 White Paper estimated the merchant cash
advance market constituted less than 1 percent of the aggregate dollar
volume of various financial products used by small businesses in the
U.S. in 2014,\361\ the Bureau notes that more recent evidence suggests
the industry may now be much larger. For example, the 2021 Federal
Reserve Banks' survey of firms with 1-499 employees (``employer
firms'') found that 8 percent of such businesses applied for and
regularly used merchant cash advances.\362\ Moreover, on August 18,
2019, the trade website deBanked reported that according to an
investment bank's projections, ``the [merchant cash advance] industry
will have more than doubled its small business funding to $19.2 billion
by year-end 2019, up from $8.6 billion in 2014.'' \363\
---------------------------------------------------------------------------
\361\ See White Paper at 21 fig. 2, 22 fig. 3.
\362\ Fed. Rsrv. Banks, Small Business Credit Survey--2022
Report on Employer Firms, at 19 (Feb. 22, 2022), https://www.fedsmallbusiness.org/survey/2022/report-on-employer-firms (2022
Small Business Credit Survey). Starting in 2017, the Federal Reserve
Banks began to gather specific data on merchant cash advances for
its annual reports on small business financing for employer firms--
in the 2017 report, the survey found that 7 percent of such
businesses applied for and regularly used merchant cash advances.
Fed. Rsrv. Banks, Small Business Credit Survey--2017 Report on
Employer Firms, at 9 (Apr. 11, 2017), https://www.fedsmallbusiness.org/survey/2017/report-on-employer-firms (2017
Small Business Credit Survey).
\363\ Paul Sweeney, Gold Rush: Merchant Cash Advances Are Still
Hot, deBanked (Aug. 18, 2019), https://debanked.com/2019/08/gold-rush-merchant-cash-advances-are-still-hot/.
---------------------------------------------------------------------------
The Bureau understands that merchant cash advances are often used
by merchants due to the speed and ease with which they can be
obtained,\364\
[[Page 35221]]
particularly for merchants unable to obtain financing from more
traditional sources.\365\ According to the 2021 Federal Reserve Banks'
report regarding firms owned by people of color (both small employer
firms and non-employer firms), Black-owned firms, Hispanic-owned firms,
and Asian-owned firms were more likely to have applied for merchant
cash advances (14 percent, 10 percent, and 10 percent, respectively)
than white-owned firms (7 percent).\366\
---------------------------------------------------------------------------
\364\ See Fed. Rsrv. Banks, Small Business Credit Survey--2021
Report on Employer Firms, at 26 (Feb. 3, 2021), https://www.fedsmallbusiness.org/survey/2021/report-on-employer-firms (2021
Small Business Credit Survey) (reporting that 84 percent of surveyed
credit applicants were approved for a merchant cash advance, as
compared to a 43 percent approval rate for personal loans).
\365\ See 2022 Small Business Credit Survey (noting that only 8
percent of ``high credit risk'' applicants obtained all the
financing sought).
\366\ See Fed. Rsrv. Banks, Small Business Credit Survey--2021
Report on Firms Owned by People of Color, at 30 (Apr. 15, 2021),
https://www.fedsmallbusiness.org/survey/2021/2021-report-on-firms-owned-by-people-of-color (Small Business Credit Survey of Firms
Owned by People of Color).
---------------------------------------------------------------------------
The Bureau believes that the higher frequency of merchant cash
advance use among minority-owned businesses coupled with reports of
problematic provider practices lends credence to claims that merchant
cash advances may raise fair lending concerns. The Federal Trade
Commission (FTC) released a Staff Perspective in February 2020
discussing its concerns with the merchant cash advance industry \367\
and noting the industry's tendency to ``cater to higher-risk businesses
or owners with low credit scores--typically offering them higher-cost
products.'' \368\ The FTC has also filed enforcement actions against
merchant cash advance providers and their principals, in one case
alleging that they misrepresented the terms of merchant cash advances
that they provided, and then used ``unfair collection practices,
including sometimes threatening physical violence, to compel consumers
to pay.'' \369\ In April 2021, the FTC obtained a settlement that
required a merchant cash advance provider to pay more than $9.8 million
to settle charges that it took money from businesses' bank accounts
without permission and deceived business owners about the amount of
financing they would receive and about other features of its financing
products.\370\ More recently, the FTC obtained a court order that
permanently bans a merchant cash advance company and its owner from the
merchant cash advance industry for deceiving and threatening small
businesses and their owners.\371\
---------------------------------------------------------------------------
\367\ Fed. Trade Comm'n, `Strictly Business' Forum, Staff
Perspective, at 6-8 (Feb. 2020), https://www.ftc.gov/system/files/documents/reports/staff-perspective-paper-ftcs-strictly-business-forum/strictly_business_forum_staff_perspective.pdf.
\368\ See id. at 2.
\369\ Press Release, Fed. Trade Comm'n, New York-Based Finance
Companies Deceived Small Businesses, Non-Profits and Seized Their
Personal and Business Assets (June 10, 2020), https://www.ftc.gov/news-events/press-releases/2020/06/new-york-based-finance-companies-deceived-small-businesses. See also Press Release, Fed. Trade
Comm'n, FTC Alleges Merchant Cash Advance Provider Overcharged Small
Businesses Millions (Aug. 3, 2020), https://www.ftc.gov/news-events/press-releases/2020/08/ftc-alleges-merchant-cash-advance-provider-overcharged-small.
\370\ Press Release, Fed. Trade Comm'n, Cash Advance Firm to Pay
$9.8M to Settle FTC Complaint It Overcharged Small Businesses (Apr.
22, 2021), https://www.ftc.gov/news-events/press-releases/2021/04/cash-advance-firm-pay-98m-settle-ftc-complaint-it-overcharged.
\371\ Press Release, Fed. Trade Comm'n, FTC Action Results in
Ban for Richmond Capital and Owner From Merchant Cash Advance and
Debt Collection Industries and Return of More Than $2.7M to
Consumers (June 6, 2022), https://www.ftc.gov/news-events/news/press-releases/2022/06/ftc-action-results-ban-richmond-capital-owner-merchant-cash-advance-debt-collection-industries.
---------------------------------------------------------------------------
Moreover, the Bureau understands that the delinquency/default rate
amongst small businesses that use merchant cash advances is relatively
high--6 to 20 percent according to one estimate \372\ and 10 percent
according to an SEC analysis of one merchant cash advance provider
\373\ (compared with a charge off rate between 0 to 3.59 percent on SBA
loans \374\ and just over 1 percent on certain commercial and
industrial loans \375\). The Bureau believes this high default rate may
be explained by the fact that the typical merchant cash advance
holdback percentage--10 to 20 percent of gross receipts or revenues--
may be onerous for already cash-strapped small businesses.\376\ The
Bureau also understands that it is not uncommon for small businesses
that use merchant cash advances to obtain new merchant cash advances
from other merchant cash advance providers (more than a quarter of such
businesses, by one account); \377\ they also may use one merchant cash
advance to pay off another. Firms that take on added debt loads in this
way (a process known as ``stacking'') ``may not fully recognize the
costs involved, which could potentially jeopardize the financial health
of their businesses.'' \378\
---------------------------------------------------------------------------
\372\ See Bryant Park Capital, Merchant Cash Advance/Small
Business Financing Industry Report, at 28 (Jan. 2016), https://bryantparkcapital.com/wp-content/uploads/2018/06/BPC-MCA-SMB-Financing-Industry-Report.pdf.
\373\ SEC Complaint (Jan. 2020), https://www.sec.gov/litigation/complaints/2020/comp24860.pdf.
\374\ Small Bus. Admin., Table 9--Charge Off Rates as a Percent
of Unpaid Principal Balance (UPB) Amount by Program (Mar. 31, 2022),
https://www.sba.gov/document/report-small-business-administration-loan-program-performance.
\375\ Bd. of Governors of the Fed. Rsrv. Sys., Charge-Off and
Delinquency Rates on Loans and Leases at Commercial Banks (Aug. 22,
2022), https://www.federalreserve.gov/releases/chargeoff/delallsa.htm.
\376\ See Bd. of Governors of the Fed. Rsrv. Sys., Browsing to
Borrow: ``Mom & Pop'' Small Business Perspectives on Online Lenders,
at 9 (June 2018), https://www.federalreserve.gov/publications/files/2018-small-business-lending.pdf (Board Small Business Perspectives)
(noting that when asked ``about the toughest part of running their
businesses, most participants cited the challenges of managing their
cash flow''); id. at 5 (noting that ``[s]ome observers have argued
that the owner's loss of control over cash flow puts some small
businesses at risk''). The Bureau also notes that many merchant cash
advance providers believe that they are not subject to State usury
laws.
\377\ See Opportunity Fund, Unaffordable and Unsustainable: The
New Business Lending, at 3 (May 2016), https://www.leg.state.nv.us/App/InterimCommittee/REL/Document/13129 (stating that ``[m]ore than
a quarter of the businesses in our dataset had loans outstanding
with multiple alternative lenders'').
\378\ Board Small Business Perspectives at 6.
---------------------------------------------------------------------------
As small businesses struggled with the COVID-19 pandemic, reports
of merchant cash advance providers employing aggressive collection
practices continued, such as ``pursuing legal claims against owners
that freeze their bank accounts and . . . pressing their family
members, neighbors, insurers, distributors--even their customers.''
\379\ Given the fact that 84 percent of the credit applicants surveyed
by the Federal Reserve Banks were approved for a merchant cash advance
\380\ and the fact that it appears to have been significantly more
difficult to obtain credit as a ``high credit risk'' applicant during
the COVID-19 pandemic,\381\ the Bureau believes that many vulnerable
small businesses sought merchant cash advances to support their
pandemic recovery.
---------------------------------------------------------------------------
\379\ Gretchen Morgenson, FTC official: Legal `loan sharks' may
be exploiting coronavirus to squeeze small businesses, NBC News
(Apr. 3 2020), https://www.nbcnews.com/business/economy/ftc-official-legal-loan-sharks-may-be-exploiting-coronavirus-squeeze-n1173346.
\380\ See 2021 Small Business Credit Survey at 26.
\381\ Compare id. at 22 (noting that only 7 percent of ``high
credit risk'' applicants obtained all the financing sought), with
Fed. Rsrv. Banks, Small Business Credit Survey--2020 Report on
Employer Firms, at 12 (Apr. 7, 2020), https://www.fedsmallbusiness.org/survey/2020/report-on-employer-firms
(reporting that 23 percent of ``high credit risk'' applicants
obtained all the financing sought) (2020 Small Business Credit
Survey).
---------------------------------------------------------------------------
Comments Received
The Bureau received comments on this aspect of the proposal from a
wide range of lenders, trade associations, business advocacy groups,
community groups, individuals, the offices of two State attorneys
general, and others. The Bureau observes that, throughout the
development of the rule to implement section 1071, merchant cash
advances have been the focus of significant attention and a unique
source of near-consensus among a diverse array of stakeholders--almost
all of whom
[[Page 35222]]
advocated for covering merchant cash advances in the rule.\382\
Comments received in response to the NPRM were no different in that,
with the exception of a sole credit union trade association, the only
commenters that supported the exclusion of merchant cash advances from
the rule were merchant cash advance providers or trade associations
representing merchant cash advance providers (the Bureau is not aware
of any credit unions that offer merchant cash advances as that term is
used herein). Most of these commenters argued that merchant cash
advances do not meet the definition of credit under ECOA or State law
and should instead be treated like traditional factoring arrangements
(described in detail below), which are generally understood not to be
credit. A few of these commenters also asserted that covering merchant
cash advances is contrary to public policy because doing so will
negatively impact access to financing and because they benefit
businesses. Two commenters asserted that the Bureau failed to engage
adequately in cost/benefit analysis as required by section
1022(b)(2)(a) of the Dodd-Frank Act, claiming that some smaller funders
would exit the market due to increased regulatory burdens and costs.
One commenter explained that because the merchant cash advance industry
has never had to track the demographic status of a small business
owner, implementing the Bureau's rule would require costly programming
upgrades, adjustments to merchant cash advance funder systems, and
additional employees to handle the reporting and auditing of these
functions. This commenter also argued the rule would result in a less
competitive market dominated by larger players and would put merchant
cash advances at an unfair disadvantage compared to factoring.
---------------------------------------------------------------------------
\382\ For instance, of the substantive responses to the 2017
request for information, comments authored or co-authored by dozens
of stakeholders (including community and business groups, industry,
and trade associations) expressed explicit support for requiring the
reporting of merchant cash advances (and additional letters
expressed support for covering ``fintech'' or ``alternative online''
products more generally).
---------------------------------------------------------------------------
The Bureau received many comments, primarily from community groups
and community-oriented lenders, expressing broad support for covering
merchant cash advances. A few of these commenters pointed to the fact
that State regulators have started cracking down on the merchant cash
advance industry due to its lack of transparency and potentially
predatory practices. A community group and a cross-sector group of
lenders, community groups, and small business advocates noted that
merchant cash advances are an important and growing part of small
business financing, with the community group relaying one merchant cash
advance provider's announcement that the COVID-19 pandemic created new
demand for its products, in part because the kinds of smaller firms
that it primarily serves encountered greater-than-normal challenges to
accessing capital through traditional bank financing during the
pandemic. The cross-sector group and another community group stressed a
need for transparency and noted that there is insufficient data on
merchant cash advances. The community group acknowledged that reporting
on merchant cash advances may be more complex due to their different
terms but argued that these features make transparency into this
lending channel critical. This commenter also opined that excluding
merchant cash advances from scrutiny would encourage lenders to
``double down'' on their use rather than offer more consumer-friendly
products.
Several supporters of merchant cash advance coverage, including the
offices of two State attorneys general, maintained that merchant cash
advances are clearly credit and they incur repayment liability. A joint
letter from community and business advocacy groups explained that
merchant cash advances are distinct from factoring in that a genuine
factoring transaction creates a completed sale of receivables owed to
the seller as a result of goods delivered or services provided by the
seller to a third party. A few commenters asserted that coverage of
merchant cash advances meets section 1071's statutory purposes. One
online lender noted that merchant cash advances are not regulated. Many
commenters expressed strong concerns about high costs and predatory
practices often associated with merchant cash advances, with the
majority of these commenters expressing particular concern about use of
merchant cash advances among minority business owners. A CDFI lender
explained that it had analyzed several merchant cash advance and
balance sheet lender agreements provided by its clients and discovered
that the average product carried an annual percentage rate of 94
percent, with one product reaching 358 percent. This commenter also
found that, among the Hispanic borrowers in its sample, the average
monthly payment was more than 400 percent of their take-home pay. An
online lender characterized the lack of transparency in pricing
merchant cash advances as a significant market failure that harms small
business owners. A community group expressed strong concerns about the
increasingly common practice of using confessions of judgments (where a
borrower must agree to allow the lender to obtain a legal judgment
without going to court) within merchant cash advance lending, citing an
investigation that found that the number of merchant cash advance cases
ending with a confession in favor of a merchant cash advance provider
in New York State rose from 14 cases in 2014 to over 3,500 cases in
2018.\383\ The commenter noted that the study further found that these
confession of judgment cases won the merchant cash advance industry an
estimated $500 million in 2017.\384\
---------------------------------------------------------------------------
\383\ Zachary R. Mider & Zeke Faux, Sign Here to Lose Everything
Part 1: ``I Hereby Confess Judgment'' (Nov. 20, 2018), https://www.bloomberg.com/graphics/2018-confessions-of-judgment.
\384\ Zachary R. Mider & Zeke Faux, Sign Here to Lose Everything
Part 2: The $1.7 Million Man (Nov. 27, 2018), https://www.bloomberg.com/graphics/2018-confessions-of-judgment-millionaire-
marshal/.
---------------------------------------------------------------------------
Potential coverage of merchant cash advances under the final rule
has also drawn the attention of government entities seeking to regulate
the industry. For example, in response to the SBREFA Outline, the
California Department of Financial Protection and Innovation submitted
a comment letter stating that ``nearly all the data points would be
just as easy for a merchant cash advance company to report as any other
financial institution.'' In addition, FTC staff submitted a comment
letter in response to the Bureau's Request for Information on the Equal
Credit Opportunity Act and Regulation B \385\ noting that the FTC has
brought many actions protecting small businesses but that detecting
illegal conduct in this space can be challenging, particularly with
regard to merchant cash advances. The FTC comment letter urged the
Bureau to remind small business lenders that whether a particular law
applies depends on actual facts and circumstances and not solely on how
one party chooses to characterize the transaction. FTC staff also
recommended that the Bureau help small businesses through data
collection, collecting complaints, and education.\386\
---------------------------------------------------------------------------
\385\ Comment No. CFPB-2020-0026-0117 (Dec. 1, 2020), https://www.regulations.gov/comment/CFPB-2020-0026-0117.
\386\ Id.
---------------------------------------------------------------------------
In response to the NPRM, the offices of two State attorneys general
submitted a comment stating that merchant cash advance transactions
fall within the definition of credit and that the
[[Page 35223]]
inclusion of merchant cash advance transactions is crucial given the
rapid expansion of the merchant cash advance market in the past decade
and limited publicly available data on market size or standard industry
practices. Having brought enforcement actions against multiple merchant
cash advance providers, they also asserted that the unregulated nature
of the merchant cash advance market makes it ripe for the type of
problematic practices that they have directly observed through their
investigations into the industry. They expressed strong support for the
inclusion of merchant cash advance transactions within the scope of the
Bureau's rule, stating their belief that the rule will promote
fairness, transparency, and enhanced data collection in the area of
small business financing, including the rapidly growing merchant cash
advance market that is targeting small businesses.
The Bureau also received a few comments about other aspects of its
proposal to cover merchant cash advances. One commenter advised against
defining merchant cash advances in the rule, arguing that such a
definition could be inconsistent with some State laws and thus may
create additional complexity in complying with the final rule. Another
commenter urged the Bureau to clarify the application of the rule to
merchant cash advances, including by clearly defining merchant cash
advances and explaining how the rule will apply to the particular
features of merchant cash advance products. Two commenters expressed
more general support for coverage of sales-based financing.
Final Rule
For the reasons set forth herein, the Bureau is finalizing its
definition of ``covered credit transaction'' as proposed. Final Sec.
1002.104(a) defines the term ``covered credit transaction'' as an
extension of business credit that is not an excluded transaction under
Sec. 1002.104(b). Final comment 104(a)-1 reiterates that the term
``covered credit transaction'' includes merchant cash advances.
The Bureau believes that the statutory term ``credit'' in ECOA is
intentionally broad so as to include a wide variety of products without
specifically identifying any particular product by name. As noted
above, ECOA defines ``credit'' to mean ``the right granted by a
creditor to a debtor to defer payment of debt or to incur debts and
defer its payment or to purchase property or services and defer payment
therefor.'' As a result, the definition does not explicitly state that
it applies to any type of credit, whether it be installment loans,
credit cards, or merchant cash advances. To the extent there is any
ambiguity about whether a particular product constitutes ``credit,''
Congress appears to have intended for the Bureau (or previously, the
Board) to fill that gap, but neither the Bureau nor the Board have had
occasion to provide further clarity with respect to coverage of sales-
based financing products like merchant cash advances except to note in
commentary that factoring, as ``a purchase of accounts receivable,''
\387\ is not covered by ECOA or Regulation B. However, based on its
review of typical merchant cash advance arrangements and its expertise
with respect to the nature of credit transactions, the Bureau believes
the term ``credit'' encompasses merchant cash advances and other types
of sales-based financing. As a result, the Bureau believes that
merchant cash advances and other sales-based financing are covered by
the definition of ``credit'' in final Sec. 1002.102(i). The Bureau
does not believe it is necessary to specifically define merchant cash
advances or sales-based financing because the broad definition of
``credit'' in ECOA and Regulation B--includes credit products covered
by the rule unless the Bureau specifically excludes them.
---------------------------------------------------------------------------
\387\ Existing comment 9(a)(3)-3.
---------------------------------------------------------------------------
Nor does the Bureau believe that merchant cash advances should be
excluded from the rule as a species of factoring because merchant cash
advances do not constitute factoring within the meaning of the existing
commentary to Regulation B or the definition in final comment 104(b)-1.
In factoring transactions, entities receiving financing sell their
legal right to payment from a third party for goods supplied or
services rendered, and that right exists at the time of the transaction
itself; the provider of funds seeks payment directly from the third
party, and the transaction between the recipient and the provider of
funds is complete at the time of the sale. In other words, the
recipient of the financing has no remaining payment obligation, meaning
that no payment is deferred. In contrast, at the time of the advance in
a merchant cash advance, the recipient of the financing has no existing
rights to payment that it can transfer. The transaction thus
constitutes only a promise by the recipient to transfer funds to the
provider once they materialize at a later date. The Bureau believes
that the ECOA definition of credit, by referring to the right to
``defer'' payments, necessarily invokes this temporal consideration.
The Bureau does not agree with arguments raised by other commenters
that merchant cash advances are not ``credit'' under ECOA.
Specifically, the Bureau does not agree that the purchase of the right
to a specific portion of a merchant's future proceeds, up to an agreed-
upon limit, constitutes a substantially contemporaneous exchange of
value between a merchant cash advance provider and a merchant. The
Bureau notes that a merchant's proceeds from future sales of goods and
services, by definition, do not exist in the present and thus there can
be no contemporaneous exchange of value, substantial or otherwise,
where there is no present right to payment. The Bureau believes
merchant cash advances are clearly distinguishable from back-dated
checks, service contracts with staggered payment schedules, and true
leases (discussed below). Merchant cash advances are typically repaid
over a period of three to 12 months and the merchant has no existing
rights to payment that it can transfer to the merchant cash advance
provider until they materialize at a later date, usually at least a
month later. The Bureau also notes that under Regulation B, a
transaction is ``credit'' if there is a right to defer payment of a
debt--regardless of the number of installments required for repayment
or whether the transaction is subject to a finance charge.\388\
---------------------------------------------------------------------------
\388\ Existing comment 2(j)-1.
---------------------------------------------------------------------------
Furthermore, the Bureau interprets ECOA's definition of credit as
making dispositive whether one party has granted another the right to
repay at some time subsequent to the initial transaction, without
consideration of factors such as the absence of recourse or analysis of
who bears the risk of loss. Merchant cash advance providers grant such
a right: they advance funds to small businesses and grant them the
right to defer repayment by allowing them to repay over time.
Additionally, as a practical matter, the Bureau understands that
merchant cash advances are underwritten and function like a typical
loan (i.e., underwriting of the recipient of the funds; repayment that
functionally comes from the recipient's own accounts rather than from a
third party; repayment of the advance itself plus additional amounts
akin to interest; and, at least for some subset of merchant cash
advances, repayment in regular intervals over a predictable period of
time).
Finally, the Bureau believes that the inclusion of merchant cash
advances in the Bureau's rule is important to fulfilling both the fair
lending and the
[[Page 35224]]
business and community development purposes of section 1071.\389\
Commenters have warned of high costs and predatory practices in this
area, and the Bureau is particularly focused on their increasingly
prevalent use among minority business owners.\390\ The Bureau also
believes that including merchant cash advances will create a more level
playing field across financial institutions that provide cash flow
financing to small businesses by shedding light on such credit
transactions as well as create a dataset that better reflects demand
for such financing by the smallest and most vulnerable businesses.
---------------------------------------------------------------------------
\389\ ECOA section 704B(a).
\390\ See, e.g., Fed. Rsrv. Bank of N.Y. et al., Latino-Owned
Businesses: Shining a Light on National Trends (Nov. 2018) (stating
``Latino business owners are more likely than non-Latino White
business owners to use credit cards, factoring, and merchant cash
advances--products that require less collateral and are associated
with higher average interest rates'').
---------------------------------------------------------------------------
Agricultural-Purpose Credit
Background
As reported by the 2017 Census of Agriculture,\391\ there are about
3.4 million farmers and ranchers (``producers'') working on 2 million
farming and ranching operations (``farms'') in the United States. The
U.S. Department of Agriculture (USDA) Economic Research Service found
that family farms (where the majority of the business is owned by the
operator and individuals related to the operator) of various types
together accounted for nearly 98 percent of U.S. farms in 2020.\392\
Small family farms (less than $350,000 in gross cash farm income)
accounted for 90 percent of all U.S. farms and large-scale family farms
($1 million or more in gross cash farm income) make up about 3 percent
of farms but 44 percent of the value of production.\393\
---------------------------------------------------------------------------
\391\ The Census of Agriculture is conducted by the USDA every
five years and provides a detailed picture of farms and the people
who operate them. See generally U.S. Dep't of Agric., 2017 Census of
Agriculture (Apr. 2019), https://www.nass.usda.gov/Publications/AgCensus/2017/Full_Report/Volume_1,_Chapter_1_US/usv1.pdf.
\392\ Econ. Rsch. Serv., U.S. Dep't of Agric., Farming and Farm
Income (updated Sept. 1, 2022), https://www.ers.usda.gov/data-products/ag-and-food-statistics-charting-the-essentials/farming-and-farm-income/.
\393\ Id.
---------------------------------------------------------------------------
According to the 2020 Annual Report of the Farm Credit
Administration, most agricultural lending (approximately 83 percent) is
done by either commercial banks or the Farm Credit System (FCS), a
network of government-sponsored enterprises regulated by the Farm
Credit Administration, an independent government agency.\394\ The
USDA's Farm Service Agency accounts for a small share (3 percent) of
agricultural credit through direct loans and guarantees of loans made
by private lenders.\395\
---------------------------------------------------------------------------
\394\ Farm Credit Admin., 2020 Annual Report of the Farm Credit
Administration, at 20 (2020), https://www.fca.gov/template-fca/about/2020AnnualReport.pdf.
\395\ Id.
---------------------------------------------------------------------------
In a July 2019 report, the U.S. Government Accountability Office
(GAO) discussed its finding that information on the amount and types of
agricultural credit to socially disadvantaged farmers and ranchers is
limited,\396\ and suggested that this rulemaking may be a way to engage
in ``additional data collection and reporting for nonmortgage loans.''
\397\ The GAO found that, using 2015-2017 USDA survey data, socially
disadvantaged farmers and ranchers represented an estimated 17 percent
of primary producers in the survey, but accounted for only an estimated
8 percent of total outstanding agricultural debt.\398\ Loans to
purchase agricultural real estate accounted for most of socially
disadvantaged farmers and ranchers' outstanding debt (67 percent).\399\
Farms with minority or women primary producers \400\ are, on average,
smaller and bring in less revenue than farms with a non-socially
disadvantaged primary producer (i.e., a white male)--while socially
disadvantaged farmers and ranchers represented 30 percent of all farms,
they operated 21 percent of total farmland and accounted for 13 percent
of the market value of agricultural products sold in 2017.\401\
---------------------------------------------------------------------------
\396\ See Gov't Accountability Off., Agricultural Lending:
Information on Credit and Outreach to Socially Disadvantaged Farmers
and Ranchers is Limited (2019), https://www.gao.gov/assets/gao-19-539.pdf (GAO Report).
\397\ Id. at 12.
\398\ Id. at 16. ``The primary producer is the individual on a
farm who is responsible for the most decisions. Each farm has only
one primary producer.'' Id. at 5.
\399\ Id. at introductory highlights.
\400\ ``Producers'' are individuals involved in farm decision-
making. A single farm may have more than one producer.
\401\ See GAO Report at 7.
---------------------------------------------------------------------------
The share of minority representation in farming, particularly that
of Black farmers, has declined sharply over the last 100 years.\402\
(The number of female producers has increased significantly over the
last 100 years but remains relatively small compared to male farm
producers.\403\) Based on the disposition of numerous lawsuits alleging
discrimination against minority farmers,\404\ the Bureau believes that
credit discrimination may play a role in this decline. The GAO cites
advocacy groups for socially disadvantaged farmers and ranchers, which
have said some socially disadvantaged farmers and ranchers face actual
or perceived unfair treatment in lending or may be dissuaded from
applying for credit because of past instances of alleged
discrimination.\405\ In addition, the GAO cites advocacy groups,
lending industry representatives, and Federal officials in stating that
socially disadvantaged farmers and ranchers are more likely to operate
smaller, lower-revenue farms, have weaker credit histories, or lack
clear title to their agricultural land, which can make it difficult for
them to qualify for loans.\406\ The Bureau understands that determining
the ``creditworthiness'' of a farmer is often a judgmental process in
which lending decisions are de-centralized and involve weighing many
discretionary factors, and believes that there are heightened fair
lending risks in agricultural lending.
---------------------------------------------------------------------------
\402\ In 1910, approximately 893,370 Black farmers operated
approximately 41.1 million acres of farmland, representing
approximately 14 percent of farmers. U.S. Census Bureau, 1910
Census: Volume 5 (Agriculture), Statistics of Farms, Classified by
Race, Nativity, and Sex of Farmers, at 298 (1910), https://www2.census.gov/library/publications/decennial/1920/volume-5/06229676v5ch04.pdf. In 2017, of the country's 3.4 million total
producers, only 45,508 of them (1.3 percent) are Black and they farm
on only 4.1 million acres (0.5 percent of total farmland); by
comparison, 95 percent of U.S. producers are white and own 94
percent of farmland. U.S. Dep't of Agric., 2017 Census of
Agriculture, at 62, 72 (Apr. 2019), https://www.nass.usda.gov/Publications/AgCensus/2017/Full_Report/Volume_1,_Chapter_1_US/usv1.pdf.
\403\ In 1910, women farmers represented approximately 4 percent
of farm workers. See U.S. Census Bureau, 1910 Census: Volume 5
(Agriculture), Statistics of Farms, Classified by Race, Nativity,
and Sex of Farmers, at 340 (1910), https://www2.census.gov/library/publications/decennial/1920/volume-5/06229676v5ch04.pdf. As of 2017,
women account for approximately 36 percent of farmers. See U.S.
Dep't of Agric., 2017 Census of Agriculture, at 62 (Apr. 2019),
https://www.nass.usda.gov/Publications/AgCensus/2017/Full_Report/Volume_1,_Chapter_1_US/usv1.pdf.
\404\ See, e.g., Order, In re Black Farmers Discrimination
Litig., No. 08-mc-0511 (D.D.C. filed Aug. 8, 2008), https://blackfarmercase.com/Documents/2008.08.08%20-%20PLF%20Consolidation%20Order_0.pdf; Pigford v. Glickman, 206 F.3d
1212 (D.C. Cir. 2000). See also Garcia v. Vilsack, 563 F.3d 519
(D.C. Cir. 2009); Love v. Connor, 525 F. Supp. 2d 155 (D.D.C. 2007);
Keepseagle v. Veneman, No. 99-CIV-03119, 2001 U.S. Dist. LEXIS 25220
(D.D.C. Dec. 12, 2001).
\405\ GAO Report at introductory highlights. Additionally, the
GAO cited these sources as noting that some socially disadvantaged
farmers and ranchers may not be fully aware of credit options and
lending requirements, especially if they are recent immigrants or
new to agriculture. Id.
\406\ Id.
---------------------------------------------------------------------------
Proposed Rule
In its proposal, the Bureau noted that credit used for agricultural
purposes is generally covered by the broad definition of credit under
ECOA and
[[Page 35225]]
agricultural businesses are included in section 1071's definition of
small business. Taking into account the information above, the Bureau
stated that covering agricultural credit in this rulemaking was
important for advancing both of section 1071's statutory purposes and
did not propose defining covered credit in a way that would exclude
agricultural credit from coverage. The Bureau sought comment on the
potential costs and complexities associated with covering such credit.
Comments Received
The Bureau received comments on this aspect of the proposal from
many agricultural lenders, banks, trade associations, and community
groups. Several community-oriented lenders and many community groups
voiced support for the Bureau's proposed coverage of agricultural-
purpose credit. A joint letter from community groups, community
oriented lenders, and business advocacy groups asserted that covering
agricultural credit will be helpful in advancing the goals of section
1071 because the vast majority of farms are small and family run, and
farmers are an important part of the community development landscape,
and because the litigation regarding discrimination against Black
farmers shows the risk of discrimination and unequal access is
significant in the agricultural context. A rural community group argued
that the Bureau's legislative mandate is clear on this issue because
agricultural lending falls under ECOA's definition of credit and
farming operations are correctly included in the proposed rule's
definition of small business. Several commenters asserted that covering
agricultural credit serves section 1071's community development and
fair lending statutory purposes. Another community group expressed its
belief that 1071 data will allow for promotion of adaptive and
sustainable agriculture among smaller farmers as opposed to relying on
large agricultural businesses.
Some commenters discussed their belief that including agricultural
credit within the scope of this rule was needed to address historical
and/or continuing discrimination. A rural community group described the
challenges relating to justifying claims in the discrimination
settlements against USDA due specifically to the lack of any other form
of data to quantify the results of disparities in treatment with access
to loans. This commenter also relayed minority farmers' experiences of
being more at risk of foreclosure due to not being told about or not
being given fair access to many farm programs that benefit white
farmers and due to receiving unfavorable loans originated with the
specific intent of pushing these farmers into acceleration and
foreclosure to remove them from their land. This commenter also
detailed how the rule would illuminate a host of factors leading to
disparate treatment of minority farmers, citing conflicts of interest
among staff of local Farm Service Agency offices, disclosure of loan
terms, imposition of collateral requirements, and changes in valuations
of assets in appraisals. This commenter described discouragement of
minority farmers from making loan applications or requesting loss
mitigation and asserted that data collection is a proven way to
document and address such discouragement. The commenter alleged that
agricultural lenders, notably Farm Credit System lenders, lack the data
or any system to comply with ECOA.
One community group maintained that constrained access to capital
has contributed to the staggering loss of Black-owned farmland in the
Deep South, while another said that the Bureau's rule will highlight
the racially disparate impact of facially neutral policies that
disproportionately result in adverse outcomes for Black farmers,
including underwriting decisions based on the types of farm, the
business structure, and land appraisals. A CDFI lender relayed examples
of issues faced by Black farmers, including: (1) lack of access to
fair, affordable credit as a barrier for new farmers; (2) lenders and
local USDA offices that seek to frustrate Black farmers by making
things more complicated and causing lengthy delays that white farmers
do not encounter; (3) lack of relationships with banks resulting in
their being less willing to work with the farmers and provide
assistance during the loan application process; (4) agricultural loan
underwriting criteria that favor beef, cattle, and grain production,
which are often the enterprises of large-scale white farmers; (5)
alternative financing from a private lender not being an adequate
substitute for having fair access to government lending programs with 1
percent interest and 40 year terms; and (6) Black farmers often being
unable to secure financing and thus being left with no choice but to
sell their land to white farmers.
Several commenters stressed the need for transparency due to lack
of sufficient data on agricultural lending markets. One such commenter
noted that the USDA has not made its limited data--which includes only
numbers of loans applied for, made, and denied, at the county level--
easily available to the public. This commenter also argued that
comprehensive data are particularly important to increase equity and
uniformity in loan modifications and restructurings and to assist with
decisions related to pandemic relief programs and the grant of
specialized loan servicing. Another commenter suggested that 1071 data
would help the USDA, the SBA, and other relevant government agencies
better understand the needs of small agricultural businesses and noted
that agricultural credit extends beyond acquisition of inventory
farmland to include operational loans, agricultural machinery and
building loans, and loans to develop local markets for selling
agricultural products. A community group dismissed concerns that
agricultural lending data would be too complex to collect and report,
because it is already reported under CRA.
Some commenters suggested changes and clarifications related to
applying the Bureau's rule to agricultural credit. One community group
suggested the Bureau modify or clarify data collection to identify
forms of disparate treatment unique in small-scale farm operations that
may differ from other small businesses. This commenter also suggested
that the Bureau clarify that the rule covers the Farm Service Agency,
the Farm Credit System, all lenders making Farm Service Agency
guaranteed loans, and the full range of other entities that provide
credit to small farm businesses. A number of Farm Credit System lenders
expressed support for a trade association letter that discussed how
agricultural lending is fundamentally different from small commercial
lending and requested a different small business definition to account
for how they would be disproportionately covered by the rule. These
comments are discussed in more detail in the section-by-section
analysis of Sec. 1002.106(b). One agricultural community group
suggested that base acre payment transactions (transactions that take
into account certain government payments, which are in turn based on a
farm's historic crop yield) should be considered covered credit
transactions because of concerns that base program acres may not
benefit Native American farmers and because base acre payments are
often used to prove or deny a farmer's request for loan origination or
modification.
Some industry commenters requested an exclusion for agricultural
credit from the Bureau's rule. One credit union association argued that
agricultural lending should be exempted because many agricultural
borrowers are serviced by small local community financial institutions,
including credit
[[Page 35226]]
unions whose members are agriculturally based and whose members and
borrowers are represented on the credit unions' board of directors. A
few other commenters asserted that agricultural credit is not
comparable to other types of small business lending and urged the
Bureau to exempt it on those grounds; one stated that it does not make
sense to compare a 200-acre farm with a gas station. A trade
association pointed to different treatment under CRA and HMDA as
evidence that it was unlikely that section 1071 was enacted to cover
agricultural lending because their underwriting criteria are distinct
and different from small business loans. A bank also suggested
exempting agricultural lending, maintaining that its numbers would not
be useful for fair lending purposes because unlike small business loans
that are more on a one loan to one borrower or two-to-one basis, its
agricultural portfolio included multiple loans to the same borrower. A
few commenters argued that covering agricultural credit under the rule
would have an outsized impact on farmers by increasing this cost of
credit and reducing its availability. A trade association asserted that
the burden of section 1071 compliance may force small lenders to reduce
their lending below the exemption threshold, which in turn may limit
the access to agricultural credit because large banks often do not
engage in significant agricultural lending.
Final Rule
For the reasons set forth herein, the Bureau is not defining a
``covered credit transaction'' in final Sec. 1002.104 in a way that
would exclude agricultural credit from the final rule. Credit used for
agricultural purposes is generally covered by the broad definition of
credit under ECOA. First, ECOA's definition of ``credit'' is not
limited to a particular use or purpose and Regulation B expressly
covers agricultural-purpose credit. Further, ECOA does not provide an
exception for agricultural credit, and it assigns enforcement authority
to regulators of agricultural lending such as the Secretary of
Agriculture and the Farm Credit Administration.\407\ Moreover,
agricultural businesses are included in section 1071's statutory
definition of small business.\408\ The Bureau believes that covering
agricultural credit in this rulemaking is important for advancing both
of section 1071's statutory purposes and is not excluding agricultural
credit from the final rule. The Bureau notes that most of the comments
received on this aspect of the proposal were in favor of the rule
covering agricultural lending. Even the many comments that the Bureau
received from Farm Credit System lenders and related associations
generally focused on urging the Bureau to adopt a separate small farm
definition rather than a wholesale exclusion of agricultural credit.
---------------------------------------------------------------------------
\407\ See 15 U.S.C. 1691c; Regulation B Sec. 1002.16(a).
\408\ ECOA section 704B(h)(2) (defining a small business as
having the same meaning as the term ``small business concern'' in
section 3 of the Small Business Act (15 U.S.C. 632)). Section
704B(h)(2) defines small business by reference to the Small Business
Act definition of a small business concern, which includes
independently owned and operated ``enterprises that are engaged in
the business of production of food and fiber, ranching and raising
of livestock, aquaculture, and all other farming and agricultural
related industries.'' 15 U.S.C. 632(a)(1).
---------------------------------------------------------------------------
As noted above, the products discussed in this rule do not
constitute an exhaustive list of covered credit transactions; other
types of business credit not specifically described in the rule and its
associated commentary nevertheless constitute covered credit
transactions unless excluded by final Sec. 1002.104(b). In line with
this approach, the Bureau thus is not delineating certain products
(such as base acre payment transactions) as covered credit
transactions.
The Bureau does not believe it would appropriate to exclude
agricultural credit from the rule, as requested by some commenters.
With regard to the concern that agricultural lending should be exempted
because of the impact on small local community financial institutions,
such as credit unions, the Bureau notes that it is increasing its
institutional coverage threshold, as discussed in the section-by-
section analysis of Sec. 1002.105 below, to limit any risk of impact
on smaller financial institutions or of market disruption in the small
business lending sector. By declining to draw a potentially blurry line
between business-purpose credit and agricultural-purpose credit, the
Bureau also believes that its finalized inclusive approach will better
enable it to ensure that financial institutions that are offering
business credit are complying with the final rule.
With respect to comments asserting that agricultural credit is
unique and not comparable to other types of small business lending, the
Bureau acknowledges that every small business industry has its own
unique characteristics. In order to fulfill section 1071's business and
community development purpose and to address the particularities of
certain lending models, the Bureau is providing clarification regarding
how reporting rules apply to certain covered credit transactions and is
also not covering certain transactions. For the reasons described
herein, however, the Bureau is not categorically exempting agricultural
credit from the rule.
Moreover, the Bureau believes that data on agricultural credit will
be useful for fair lending purposes. As discussed above, there is some
evidence that minority-owned farms may obtain, or may be offered,
higher interest rates and less favorable terms on agricultural credit.
Data collected and reported under this final rule will allow the
Bureau, other government agencies, and other data users to have insight
into the existing market, observe the market for potentially troubling
trends, and conduct fair lending analyses.
The Bureau has considered the comments arguing that covering
agricultural credit under the rule would have an outsized impact on
farmers by increasing this cost of credit and reducing its
availability. The Bureau has also considered the claim that small
lenders will reduce their lending below the exemption threshold, which
in turn may limit the access to agricultural credit because large banks
often do not engage in significant agricultural lending. The Bureau
does not believe that there is a significant risk that lenders will
reduce their agricultural lending as a result of this rule such that
there will be a marked impact on the availability of agricultural
credit. Moreover, as noted in the section-by-section analysis of Sec.
1002.105 below, the Bureau is increasing its institutional coverage
threshold for the final rule to reduce the impact on financial
institutions with the lowest volume of small business lending,
including agricultural lenders.
Based on its review of the GAO Report,\409\ the decline of minority
representation in farming over the last 100 years,\410\ the disposition
of numerous lawsuits alleging discrimination against minority
[[Page 35227]]
farmers,\411\ and comments discussing how the inclusion of agricultural
credit in the rule is needed to address historical and/or continuing
discrimination, the Bureau finds that covering agricultural credit is
crucial to serving section 1071's purpose of facilitating enforcement
of fair lending laws.
---------------------------------------------------------------------------
\409\ See, e.g., GAO Report at 16.
\410\ In 1910, approximately 893,370 Black farmers operated
approximately 41.1 million acres of farmland, representing
approximately 14 percent of farmers. U.S. Census Bureau, 1910
Census: Volume 5 (Agriculture), Statistics of Farms, Classified by
Race, Nativity, and Sex of Farmers, at 298 (1910), https://www2.census.gov/library/publications/decennial/1920/volume-5/06229676v5ch04.pdf. In 2017, of the country's 3.4 million total
producers, only 45,508 of them (1.3 percent) are Black and they farm
on only 4.1 million acres (0.5 percent of total farmland); by
comparison, 95 percent of U.S. producers are white and own 94
percent of farmland. U.S. Dep't of Agric., 2017 Census of
Agriculture, at 62, 72 (Apr. 2019), https://www.nass.usda.gov/Publications/AgCensus/2017/Full_Report/Volume_1,_Chapter_1_US/usv1.pdf.
\411\ See, e.g., Order, In re Black Farmers Discrimination
Litig., No. 08-mc-0511 (D.D.C. filed Aug. 8, 2008), https://blackfarmercase.com/Documents/2008.08.08%20-%20PLF%20Consoli-dation%20Order_0.pdf; Pigford v. Glickman, 206 F.3d 1212 (D.C. Cir.
2000). See also Garcia v. Vilsack, 563 F.3d 519 (D.C. Cir. 2009);
Love v. Connor, 525 F. Supp. 2d 155 (D.D.C. 2007); Keepseagle v.
Veneman, No. 99-CIV-03119, 2001 U.S. Dist. LEXIS 25220 (D.D.C. Dec.
12, 2001).
---------------------------------------------------------------------------
The Bureau furthers finds that covering agricultural credit is
vital to enable communities, governmental entities, and creditors to
identify business and community development needs and opportunities of
small businesses, including small farms. The Bureau agrees with
commenters that stressed the need for transparency due to lack of
sufficient data on agricultural lending markets. The Bureau believes
that the transparency afforded by data collected and reported under
this final rule will empower rural communities to better address the
challenges they face, particularly with regard to equitable credit
access. Representatives of these communities appear to agree--in a
recent letter addressed to the House and Senate Agriculture and
Financial Services and Banking committees characterizing the proposed
rule as ``pro-farmer,'' multiple community groups noted that ``[s]mall
farmers have consistently demanded more transparent and fair markets,
and our members know that having an accurate and up-to-date picture of
agricultural lending will help farmers and consumers, not hurt them.''
\412\ Relatedly, in a recent report, the Bureau found that rural
communities face unique challenges in accessing and using consumer
financial products and that further research is required to better
understand the needs of rural households and how the Bureau can best
ensure that rural residents have equitable access to financial
markets.\413\
---------------------------------------------------------------------------
\412\ HEAL (Health, Environment, Agriculture, Labor) Food All.,
Rural Coal., Nat'l Young Farmers Coal., Ctr. for Responsible Lending
et al., RE: Support for Proposed Section 1071 rule and Opposition to
H.R.7768--Farm Credit Administration Independent Authority Act (R.
Davis) (Sept. 14, 2022), https://www.ushcc.com/advocacy-letters.html.
\413\ CFPB, Data Spotlight: Challenges in Rural Banking Access
(Apr. 2022), https://files.consumerfinance.gov/f/documents/cfpb_data-spotlight_challenges-in-rural-banking_2022-04.pdf.
---------------------------------------------------------------------------
The Bureau notes that many agricultural lenders have already been
collecting and reporting some form of data by HMDA, the CRA, and/or the
Farm Credit Administration and so should be able to adapt to the data
collection requirements mandated by Congress. Additionally, to the
extent that commenters were concerned about the impact on the smallest
agricultural lenders, many of those concerns are addressed by the
Bureau's decision, as discussed in the section-by-section analysis of
Sec. 1002.105(b) below, to require data collection and reporting only
by financial institutions that meet a 100-loan threshold. In short, as
further discussed in part IX below, the Bureau does not anticipate any
material adverse effect on credit access in the long or short term to
rural small businesses.
104(b) Excluded Transactions
Proposed Sec. 1002.104(b) would have provided that the
requirements of subpart B do not apply to trade credit, public
utilities credit, securities credit, and incidental credit. Proposed
comments 104(b)-1 and -2 would have made clear that the term covered
credit transaction also does not cover factoring and leases. Proposed
comments 104(b)-3 and -4 would have clarified that the term covered
credit transaction does not include consumer-designated credit or
credit secured by certain investment properties because such
transactions are not business credit. In the NPRM, the Bureau also
discussed its proposed treatment of extensions of credit made to
governments or governmental subdivisions, agencies, or
instrumentalities and certain purchases of covered credit transactions.
The Bureau received comments on its overall approach to Sec.
1002.104(b) from several banks, trade associations, individuals, and
members of Congress. Two industry commenters supported the exclusions
as proposed, with another commenter expressing support but also
suggesting expansion. Two commenters suggested listing all exclusions
in the regulatory text with any clarifications of those exclusions set
out in the commentary. A bank trade association urged the Bureau to
extend section 1071 requirements to all nontraditional lenders and
nontraditional products to avoid leaving open the opportunity for the
abuse or dissatisfaction of small business borrowers to go undetected
or disadvantaging highly regulated institutions such as community
banks. A joint letter from several members of Congress asked the Bureau
reconsider its proposed exclusions on the grounds that such exclusions
would lead to a gap in understanding of the small business lending
marketplace and whether entities are in compliance with fair lending
laws. Comments received regarding specific exclusions, including
additional exclusions sought by commenters, are discussed in greater
detail below.
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.104(b) to provide that the requirements of subpart B do not apply
to trade credit, HMDA-reportable transactions, insurance premium
financing, public utilities credit, securities credit, and incidental
credit. In response to comments received, the Bureau is excluding HMDA-
reportable transactions from coverage under the final rule. As a
result, the Bureau believes that proposed comment 104(b)-4 that would
have made clear that the term ``covered credit transaction'' does not
cover credit secured by certain investment properties is not necessary.
Final comments 104(b)-1 and -2 make clear that the term covered credit
transaction also does not cover factoring and leases. Final comment
104(b)-3 clarifies that the term covered credit transaction does not
include consumer-designated credit because such transactions are not
business credit. New comment 104(b)-4 provides clarification regarding
certain purchases of covered credit transactions, including pooled
loans, and partial interests. All of these provisions are discussed in
detail below.
The Bureau has considered comments suggesting that all exclusions
be listed in the regulatory text. The Bureau appreciates the need for
clarity in articulating which products must be reported under this
final rule but believes that it can provide sufficient clarity through
its regulatory text and commentary. The Bureau's approach
differentiates between products that meet the definition of both
``credit'' and ``business credit'' under Regulation B, and between
those products that the Bureau is excluding (for reasons discussed
below) pursuant to its exception authority under ECOA section
704B(g)(2). Products excepted under section 704B(g)(2) are enumerated
in the regulatory text. Such specific exclusion is not necessary for
products the Bureau considers not to be ``business credit'' in the
first place; however, the Bureau believes that identifying and
describing some such products in the commentary--which it has done--
will provide clarity and facilitate compliance.
[[Page 35228]]
104(b)(1) Trade Credit
Background
Under existing Regulation B, trade credit refers to a ``financing
arrangement that involves a buyer and a seller--such as a supplier who
finances the sale of equipment, supplies, or inventory; it does not
apply to an extension of credit by a bank or other financial
institution for the financing of such items.'' \414\ Thus, trade credit
typically involves a transaction in which a seller allows a business to
purchase its own goods or services without requiring immediate payment
in full, and the seller is not otherwise involved in financial services
and does not otherwise provide credit that could be used for purposes
other than the purchase of its own goods or services.\415\ Businesses
offering trade credit generally do so as a means to facilitate the sale
of their own goods and not as a stand-alone financing product or a more
general credit product offered alongside the sale of their own goods or
services.
---------------------------------------------------------------------------
\414\ Comment 9(a)(3)-2.
\415\ See comment 9(a)(3)-2.
---------------------------------------------------------------------------
Although ECOA and Regulation B generally may apply to trade credit,
most of the specific notification requirements of existing Regulation B
do not apply to trade credit transactions.\416\ The Bureau's White
Paper estimated that trade credit represents approximately 21 percent
of the aggregate dollar volume of various financial products used by
small businesses.\417\ The Bureau understands that there are tens of
thousands of merchants and wholesalers that extend credit to small
businesses solely in connection with the sale of their goods and
services.
---------------------------------------------------------------------------
\416\ See Sec. 1002.9(a)(3)(ii).
\417\ White Paper at 21 fig. 2.
---------------------------------------------------------------------------
Proposed Rule
The Bureau proposed to not cover trade credit in the section 1071
final rule. Proposed Sec. 1002.104(b)(1) would have defined trade
credit as a financing arrangement wherein a business acquires goods or
services from another business without making immediate payment to the
business providing the goods or services. Proposed comment 104(b)(1)-1
would have provided that an example of trade credit is one that
involves a supplier that finances the sale of equipment, supplies, or
inventory. Proposed comment 104(b)(1)-1 would have provided that an
extension of business credit by a financial institution other than the
supplier for the financing of such items is not trade credit. Proposed
comment 104(b)(1)-2 would have clarified that the definition of trade
credit under existing comment 9(a)(3)-2 applies to relevant provisions
under existing Regulation B, and that proposed Sec. 1002.104(b)(1) is
not intended to repeal, abrogate, annul, impair, or interfere with any
existing interpretations, orders, agreements, ordinances, rules, or
regulations adopted or issued pursuant to existing comment 9(a)(3)-2.
The Bureau sought comment on its proposal to exclude trade credit from
the rule and on its proposed definition of trade credit.
Comments Received
The Bureau received comments on this aspect of the proposal from a
range of commenters, including banks, trade associations, and a
business advocacy group. Several industry commenters expressed general
support for the proposal to exclude trade credit. However, some of
these commenters advocated expanding the exclusion. For instance, one
commenter suggested that all asset-based financing should be excluded
as trade credit, arguing that if the rule should not apply to sellers
to facilitate their sales of goods, the rule also should not apply to
their ``behind the scenes'' non-recourse factors and asset-based
lenders who facilitate those sales. Two commenters urged broadening the
proposed exclusion to include captive finance companies when they are
financing equipment manufactured by their parent companies because
these companies exist solely to facilitate the acquisition of the
original equipment manufacturers' products. A few comments more broadly
asked that the Bureau not limit the exclusion to ``in-house'' trade
credit, suggesting that trade credit offered by financial institutions
allows more suppliers to offer trade credit programs, and as a result
provides more opportunities for credit access to small businesses.
These commenters additionally argued that such expansion is needed to
prevent uneven regulatory treatment, to promote competition in the
market for trade credit, to avoid pushing more business transactions
into a less regulated environment, and to obtain more fulsome data
collection and reporting on trade credit. A trade association asked the
Bureau to clarify that the trade credit exclusion encompasses auctions
where a buyer may pay for acquired property at a later date.
A few other industry commenters urged the Bureau to cover trade
credit in the final rule. Two of these commenters argued that providers
of trade credit, especially in the agricultural sector, are competitors
to traditional lenders, and should be covered. One commenter asked the
Bureau to provide several specific transaction examples so that covered
financial institutions can readily identify those transactions that
they must report on, and those that are exempted. Another commenter
asked the Bureau to clarify whether floor plan financing, which
generally allows merchants to stock inventory available for sale
without advance payment to the manufacturer or distributor, would fall
within the proposed trade credit exclusion. This commenter noted that
floor plan finance companies support merchants by allowing them to
maintain some level of inventory with frequent adjustments to the
financing and payment terms, and they may be affiliated with the
manufacturer or distributor.
Several commenters urged the Bureau to expand its trade credit
exclusion to private label or cobranded credit. These commenters
primarily argued that such transactions need to be quickly completed,
often at a point-of-sale, and that asking for protected demographic
information and other required data may reduce the supply and demand
for such credit. A few commenters suggested that if the Bureau were to
include private label and co-branded transactions in the final rule, it
should only require the collection and reporting of such transactions
over $50,000 to mitigate the impact of their inclusion.
Final Rule
For the reasons set forth herein, the Bureau is finalizing largely
as proposed its exclusion for trade credit in this final rule. Final
Sec. 1002.104(b)(1) defines trade credit as a financing arrangement
wherein a business acquires goods or services from another business
without making immediate payment in full to the business providing the
goods or services. The Bureau has added the words ``in full'' to the
proposed definition to account for the fact that trade credit may
include an immediate partial payment or down payment to the businesses
providing the goods or services. Final comment 104(b)(1)-1 provides
that an example of trade credit is one that involves a supplier that
finances the sale of equipment, supplies, or inventory. Final comment
104(b)(1)-1 provides that an extension of business credit by a
financial institution other than the supplier for the financing of such
items is not trade credit, and it also provides that credit extended by
a business providing goods or services to another business is not trade
credit for the purposes of subpart B where the supplying business
intends
[[Page 35229]]
to sell or transfer its rights as a creditor to a third party, such as
a financial institution. Final comment 104(b)(1)-2 clarifies that the
definition of trade credit under existing comment 9(a)(3)-2 applies to
relevant provisions under existing Regulation B, and that Sec.
1002.104(b)(1) is not intended to repeal, abrogate, annul, impair, or
interfere with any existing interpretations, orders, agreements,
ordinances, rules, or regulations adopted or issued pursuant to
existing comment 9(a)(3)-2.
The Bureau is adopting a definition of ``covered credit
transaction'' that excludes trade credit pursuant to its authority
under ECOA section 704B(g)(1) to prescribe such rules and issue such
guidance as may be necessary to carry out, enforce, and compile data
under section 1071, as well as its authority under ECOA 704B(g)(2) to
adopt exceptions to any requirement of section 1071 and to
conditionally or unconditionally exempt any financial institution or
class of financial institutions from the statute's requirements, as the
Bureau deems necessary or appropriate to carry out the purposes of
section 1071. While trade credit constitutes ``credit'' within the
meaning of Sec. 1002.102(i) and may constitute ``business credit''
within the meaning of Sec. 1002.102(d), depending on its purpose, and
therefore generally covered by ECOA, the Bureau believes that trade
credit is different from products like loans, lines of credit, credit
cards, and merchant cash advances and that there are several reasons to
exclude it from coverage. The Bureau does not believe it would be
appropriate to include trade credit in the scope of this final rule,
despite some commenters' assertions that providers of trade credit in
the agricultural sector would have a competitive advantage over other
lenders.
Trade credit is not a general-use business lending product--that
is, trade creditors generally extend credit as a means to facilitate
the sale of their own goods or services, rather than offering credit as
a stand-alone financial product or as more general credit product
offered alongside the sale of their own goods or services. The Bureau
believes that while trade creditors might meet the definition of a
financial institution under Sec. 1002.105(a), they are not primarily
financial services providers, nor do they have the infrastructure
needed to manage compliance with regulatory requirements associated
with making extensions of credit. The Bureau understands that trade
credit can be offered by entities that are themselves very small
businesses; these entities, in particular, may incur large costs
relative to their size to collect and report small business lending
data in an accurate and consistent manner.\418\ Taken together,
requiring trade credit to be reported under subpart B could lead to
significant data quality issues. The Bureau also wants to avoid the
risk that the fixed costs of coming into compliance with the rule could
lead these businesses to limit offering trade credit to their small
business customers, which may run contrary to the business and
community development purpose of section 1071. These concerns are
distinct from coverage generally under ECOA and Regulation B, which as
noted above may still apply to trade credit.
---------------------------------------------------------------------------
\418\ See Leora Klapper et al., Trade Credit Contracts, 25
Review of Fin. Studies 838-67 (2012), https://academic.oup.com/rfs/article/25/3/838/1616515, and Justin Murfin & Ken Njoroge, The
Implicit Costs of Trade Credit Borrowing by Large Firms, 28 Review
of Fin. Studies 112-45 (2015), https://academic.oup.com/rfs/article/28/1/112/1681329.
---------------------------------------------------------------------------
The Bureau does not believe that the trade credit exclusion should
be expanded to include all asset-based financing, captive finance
companies, or trade credit offered by financial institutions that are
not suppliers of goods or services, as requested by some commenters.
The Bureau believes that, unlike trade creditors themselves, such
providers offer stand-alone credit products in the same way as other
financial institutions and are not retailers or merchants with limited
regulatory compliance experience. As such, the Bureau does not have the
same concerns about data quality or reduced small business lending by
affiliates and facilitators that it does about trade creditors
themselves. Thus, the Bureau is finalizing its definition of trade
credit in Sec. 1002.104(b)(1) to focus on the business providing the
goods or services being financed. The trade credit exclusion does not
extend to affiliates and facilitators of trade creditors that provide
financing, even if only for the trade creditor's products and not for
competing or unrelated products. Thus, provided that they otherwise
meet the definition of a covered financial institution in Sec.
1002.105(b), such affiliates and facilitators must collect and report
data under the rule.
The Bureau also is not making further revisions to the regulatory
text or commentary. With respect to the suggestion that the Bureau
clarify that the trade credit exclusion encompasses auctions, the
Bureau notes that because auction houses generally do not supply
equipment, supplies, or inventory but rather facilitate sales for
others, they do not offer trade credit under final Sec.
1002.104(b)(1). However, other exclusions, such as the exclusion for
incidental credit discussed below, may apply to such transactions. The
Bureau is not adding further transaction examples, as only one comment
requesting such additions and it otherwise appears that commenters
understood that the proposed exclusion was intended to narrowly cover
credit directly extended by the supplier of goods and services.
Regarding floor plan financing, the Bureau notes that under final Sec.
1002.104(b)(1), the trade credit exclusion applies where the
manufacturer or distributor is financing its own inventory, but not
where a financial institution is providing the financing and receiving
payment.
The Bureau is also not expanding the trade credit exclusion to
cover private label or cobranded credit transactions, which are credit
transactions (typically, credit cards, but also revolving lines of
credit and installment loans) that are originated at or facilitated by
financial institutions through retailers either in-store or through a
website. Moreover, as explained in the section-by-section analysis of
Sec. 1002.107(a)(5), the Bureau believes it is important to capture
these products as a separate credit type. As that section explains, a
private-label credit card account is a credit card account that can
only be used to acquire goods or services provided by one business (for
example, a specific merchant, retailer, independent dealer, or
manufacturer) or a small group of related businesses. A co-branded or
other card that can also be used for purchases at unrelated businesses
is not a private-label credit card.
The Bureau believes that covering private label or cobranded credit
transactions supports section 1071's statutory purposes. For instance,
the Bureau believes that having robust data on this important source of
financing will help to better understand small business needs. In
researching the consumer credit card market, for example, the Bureau
learned that while private label card account holding has declined
relative to general purpose cards,\419\ late fees comprised the
[[Page 35230]]
overwhelming majority--91 percent--of all consumer fees and 25 percent
of total interest and fees for private label cards (compared to 45
percent and 7 percent, respectively, for general purpose credit
cards).\420\ Additionally, since private label and cobranded credit
accounts are typically offered and serviced by financial institutions,
with applications typically submitted directly to the financial
institution via a website, the Bureau does not have the same concerns
related to data quality or regulatory compliance as it does with trade
credit offered by a supplier of goods and services who is not in the
business of providing financial services. The Bureau also is not
placing a $50,000 minimum threshold on such transactions, as suggested
by a few commenters, because doing so would exclude significant
portions of small business lending. The Bureau does not believe that
such an approach would further the purposes of section 1071.
---------------------------------------------------------------------------
\419\ The Bureau estimates that around 90 million consumers hold
at least one general purpose and at least one private label card.
Some 79 million hold only general-purpose cards. Just under 9
million hold only private label cards. General purpose cards remain
prevalent, while private label cardholding has become relatively
less common. By year-end 2020, there were 485 million open general
purpose card accounts and 214 million open private label accounts.
General purpose cardholding is just as common today as it was prior
to the Great Recession, though that share is down from 63 percent on
the eve of the pandemic. In contrast, 36 percent of adults held at
least one private label card in 2020, compared to 52 percent in
2005. Consumers in all credit score tiers have seen declines in
private label card account holding. Most general purpose and private
label cards are held by consumers with superprime scores. CFPB, The
Consumer Credit Card Market, at 25-26 (Sept. 2021), https://files.consumerfinance.gov/f/documents/cfpb_consumer-credit-card-market-report_2021.pdf.
\420\ See CFPB, Credit card late fees, at 13 (Mar. 2022),
https://files.consumerfinance.gov/f/documents/cfpb_credit-card-late-fees_report_2022-03.pdf.
---------------------------------------------------------------------------
104(b)(2) HMDA-Reportable Transactions
Proposed Rule
The potential for overlap exists between section 1071 and HMDA
because HMDA reporting requirements apply to mortgages regardless of
whether they are consumer-purpose or business-purpose, so long as they
are secured by residential real property. Section 1071 applies to all
small business credit, regardless of what the credit is to be used for.
For example, a mortgage intended to finance the purchase of an
investment property would be covered by HMDA, assuming relevant
institutional thresholds and other coverage criteria were otherwise
met. If the mortgage applicant is a natural person, their ethnicity,
race, and sex would be captured and reported under HMDA. However, if
the mortgage applicant were a non-natural person (e.g., a limited
liability company or a corporation), then the lender would not collect
demographic data under HMDA. That is, the lender would still need to
report the application under HMDA, but they would report ethnicity,
race, and sex as ``not applicable.'' But under the Bureau's proposed
rule, the lender would have captured the applicant's principal owners'
ethnicity, race, and sex.
In its NPRM, the Bureau stated that by proposing to adopt
Regulation C's definition of dwelling and its commentary regarding
investment properties, the Bureau sought to ensure consistency and
minimize compliance burdens for financial institutions that must also
report credit transactions covered by HMDA (that is, HMDA-reportable
transactions). Using the 2019 HMDA data, the Bureau had found that
close to 2,000 lenders and around 530,000 applications indicated a
``business or commercial purpose'' and around 500,000 applications were
used for an ``investment'' (as defined by the occupancy code) purpose.
Of those applications, around 50,000 were for 5+ unit properties. The
overall number of applications the Bureau expected to be reported
annually under the proposed rule would have been around 26 million.
Thus, the Bureau had anticipated a relatively small but not
insignificant overlap regarding real estate investment loans between
HMDA and section 1071.
Also in its proposal, the Bureau stated that it had considered
excluding all transactions that were also reportable under HMDA but
believed such an exclusion would have added complexity to data
analysis. The Bureau understood that requiring lenders to find and
delete from databases that supply their small business lending data
submission only those transactions that also appear in HMDA may require
a separate scrub of the data and create additional compliance burden,
as well as compliance risk, if HMDA-reportable transactions are not
deleted from a small business lending data submission. For example, if
a small business wants to purchase a 5+ dwelling unit property (that
is, HMDA reportable), the financial institution would have to make sure
it is not collecting protected demographic information on principal
owners, even though that information must be collected for every other
type of loan that same business might apply for. The Bureau also
believed that it may not be possible to identify loans in the HMDA data
that, but for this exclusion, would be reported under the Bureau's rule
implementing section 1071 because the financial institution would need
to know which HMDA applications are for small businesses versus large
businesses. Moreover, excluding HMDA-reportable applications could mean
that a financial institution that is below the HMDA reporting threshold
would not report these loans at all.
Further, in addition to not being able to distinguish which
applications are from small and not large businesses, the Bureau noted
in its proposal its concerns that excluding all transactions that were
also reportable under HMDA may be at odds with the statutory purposes
of section 1071. The Bureau explained that the following proposed data
points would not be collected for applications only reported under
HMDA: (1) the principal owner's ethnicity, race, and sex where the
applicant is an entity not an individual; (2) minority-owned and women-
owned business status; (3) gross annual revenue; and (4) other data
points such as pricing, NAICS code, and number of workers.
For applications that, under the proposal, would have been reported
under both HMDA and section 1071 (generally, business credit secured by
dwellings, with the exception of credit secured by 1-4 individual
dwelling units that the applicant or one or more of the applicant's
principal owners does not, or will not, occupy), the Bureau sought
comment on whether it should require such applications to be flagged as
such when reported under subpart B. The Bureau noted its belief that
for data integrity and analysis purposes, it may be helpful to know if
a loan is in both datasets and a dual reporting flag may help ensure
any data analysis is not double-counting certain applications.
Comments Received
The Bureau received comments on this aspect of the proposal from a
range of commenters, including lenders, trade associations, community
groups, and a business advocacy group. Only one commenter, a community
group, expressly supported dual reporting. The Bureau received a
general suggestion to connect a loan to a HMDA record and then capture,
under HMDA, demographic data on corporate entities, and expand its
coverage to include more lenders, such as government entities and
CDFIs. Two commenters suggested the Bureau provide a section 1071/HMDA
sample form to aid dual reporting compliance. Some industry commenters
generally stressed the need for consistency among reporting regimes and
asked the Bureau to reconcile any differences.
Numerous comments, echoing those made by a trade association, urged
the CFPB to avoid duplicative and inconsistent reporting of HMDA and
CRA data in order to reduce compliance burden and the potential for
inaccurate data reporting. An agricultural lender suggested the Bureau
might be able to obtain 1071 data using the existing
[[Page 35231]]
definitions and collection process currently in place for covered
institutions under HMDA. A few credit union trade associations
maintained that reporting of HMDA-reportable transactions should be
voluntary. A bank recommended the Bureau remove and avoid data
collection requirements that are duplicative and/or inconsistent,
providing the example of misaligned action taken categories or
alternatively, eliminate all business-purpose loans from the HMDA
reporting requirement. A credit union argued that the benefit of dual
reporting does not justify the increased burdens.
A few industry commenters stated that if dual reporting is required
under the final rule, a dual reporting flag would be useful. Another
commenter opposed adoption of a dual reporting flag, arguing that
flagging entries will be a manual process that will increase the time
it takes to file both reports and increase the possibility of making an
error.
Almost all the comments on this aspect of the proposal argued
against the proposal to report HMDA-reportable transactions under this
rule. Some opponents to dual reporting urged the Bureau to exclude all
HMDA-reportable transactions from this rule, while others recommended
excluding transactions covered by this rule (such as business purpose
loans) from Regulation C. A few other commenters did not express a
preference and asked that the Bureau exempt HMDA-reportable
applications from section 1071 reporting, or vice versa. Many
commenters asserted burden and stated that reported data would be
duplicative and/or inconsistent. Several commenters pointed to
differences in census tract reporting requirements as a source of
potential confusion and data errors. And as discussed in the section-
by-section analysis of Sec. 1002.107(a)(19), another urged the Bureau
to consider difficulties caused by the differences in collection and
reporting of the ethnicity, race, and sex fields and the variations in
data specifications for such information.
One bank commenter suggested that avoiding dual reporting may also
avoid materially misrepresenting a lender's total loan application
activity. A few industry commenters argued that reporting under HMDA
alone meets 1071 purposes, with two of these commenters pointing to the
Bureau's website, which states that HMDA ``data help show whether
lenders are serving the housing needs of their communities; they give
public officials information that helps them make decisions and
policies; and they shed light on lending patterns that could be
discriminatory.'' \421\ Two commenters that argued against dual
reporting explained that mortgage lending is fundamentally different
from small business lending. Responding to concerns about data gaps,
two other commenters suggested that if the Bureau tailored the
exception to applications that are reported under HMDA, not
applications that could be reported under HMDA, institutions not
subject to the HMDA reporting regime would still have to report HMDA-
eligible applications under section 1071 because they would not
actually report such applications under HMDA. A bank recommended
separating HMDA and section 1071 reporting such that only after a
transaction was assessed for HMDA-reportability would a financial
institution determine whether the transaction needed to be reported
under section 1071.
---------------------------------------------------------------------------
\421\ CFPB, Mortgage Data (HMDA), About HMDA, https://www.consumerfinance.gov/data-research/hmda/ (last visited Mar. 20,
2023).
---------------------------------------------------------------------------
Final Rule
For the reasons set forth herein, the Bureau is adding new Sec.
1002.104(b)(2) to exclude a covered loan as defined by Regulation C, 12
CFR 1003.2(e), pursuant to its authority under ECOA section 704B(g)(2)
to adopt exceptions to any requirement of section 1071, as the Bureau
deems necessary or appropriate to carry out section 1071's purposes.
Under this approach, for all applications with potential HMDA and
section 1071 overlap, the Bureau would not require reporting under
section 1071 (transactions would only be reportable under HMDA, and the
recordkeeping and demographic data collection obligations of HMDA will
apply). In 2021, there were 61,789 ``business or commercial purpose''
applications (excluding purchased loans), reported under HMDA with the
``investment'' occupancy code, for 5+ unit properties. Of those, 54,436
were from ``non-natural person'' applicants so demographic data under
HMDA was not collected (thus, such data would have been requested for
only for 7,353 of the 61,789 applications in 2021). The Bureau
recognizes that there would continue to be no demographic data
information collected and reported for the ~55,000 HMDA applications
with non-natural person owners. The Bureau is finalizing this exclusion
of HMDA-reportable transactions in order to alleviate concerns from a
broad range of industry commenters about the difficulties associated
with dual reporting, particularly in light of potential inconsistences
related to demographic data collection and recordkeeping. In addition,
this approach resembles the effort by the CRA agencies to eliminate
dual reporting under section 1071 and the eventual CRA rule.
While the Bureau agrees that dual reporting of such transactions
could be useful, the Bureau is mindful of commenters' concerns
regarding burden and that reported data would be somewhat duplicative
and/or potentially inconsistent for data points such as census tract,
and principal owners' ethnicity, race, and sex. The Bureau believes
that excluding all HMDA-reportable transactions would further the
purposes of section 1071 because such an exclusion would limit this
potential inconsistency that could result in poor data quality.
Further, the Bureau is excluding all HMDA-reportable transactions from
this final rule because excluding section 1071 transactions from
Regulation C of HMDA would require a separate rulemaking and would
disrupt ongoing and planning HMDA data collection efforts that have
been in place for years.
The Bureau also agrees that reporting under HMDA alone would meet
section 1071's purposes. Regulation C, which implements HMDA, provides
that its public loan data can be used: (i) to help determine whether
financial institutions are serving the housing needs of their
communities; (ii) to assist public officials in distributing public-
sector investment so as to attract private investment to areas where it
is needed; and (iii) to assist in identifying possible discriminatory
lending patterns and enforcing antidiscrimination statutes.\422\ These
purposes are entirely consistent with section 1071's purposes to
facilitate enforcement of fair lending laws and enable communities,
governmental entities, and creditors to identify business and community
development needs and opportunities of women-owned, minority-owned, and
small businesses.\423\ As the Bureau has previously stated, it believes
that ``HMDA's scope is broad enough to cover all dwelling-secured
commercial-purpose transactions and that collecting information about
all such transactions would serve HMDA's purposes.'' \424\ The Bureau
has also noted that collecting data about dwelling-secured commercial-
purpose transactions serves HMDA's purposes by showing not only the
availability and condition of multifamily housing units, but also the
full extent of leverage on single-family homes, particularly in
communities that
[[Page 35232]]
may rely heavily on dwelling-secured loans to finance small-business
expenditures.\425\
---------------------------------------------------------------------------
\422\ Regulation C Sec. 1003.1(b)(1).
\423\ ECOA section 704(a).
\424\ 80 FR 66127, 66171 (Oct. 28, 2015).
\425\ Id.
---------------------------------------------------------------------------
The Bureau recognizes its finalized approach will result in some
data gaps. Most notably, some section 1071 information will not be
collected for applications reported under HMDA, including the principal
owner's ethnicity, race, and sex where the applicant is not an
individual but an entity (i.e., not a natural person); minority-owned,
women-owned, and LGBTQI+-owned business statuses; gross annual revenue;
pricing; NAICS code; and number of workers. Moreover, at this time, the
Bureau is not tailoring its exception to applications that are actually
reported under HMDA, as opposed to those that could be reported under
HMDA. New Sec. 1002.104(b)(2) excludes all transactions meeting the
definition of a Regulation C ``covered loan,'' which means that
institutions not subject to the HMDA reporting regime (because, for
example, of institutional coverage thresholds) do not have to report
HMDA-eligible applications under section 1071 even though they would
not actually report such applications under HMDA. Additionally, the
Bureau does not believe it would be feasible to connect, as suggested,
an application reported under this final rule to a HMDA record and then
capture, under HMDA, demographic data on corporate entities, and expand
its coverage to include more lenders, such as government entities and
CDFIs.
After considering the comments, the Bureau has concluded that
trying to close all potential data gaps would defeat the purpose of
trying to reduce complexity and alleviate concerns from commenters
about having to implement and maintain two separate reporting systems.
Given the fact that the Bureau expects around 25 million applications
to be reported annually under the final rule, it believes that its
exclusion of HMDA-reportable transactions will result in a relatively
small loss of data and that these data might have been inconsistent
with other 1071 data in ways that could impede analysis, frustrating
the purposes of section 1071. The Bureau also notes that even in its
proposal, and as discussed below, it did not seek to requiring
reporting of all HMDA-reportable transactions under section 1071--only
those ``business or commercial purpose'' applications (excluding
purchased loans), reported under HMDA with the ``investment'' occupancy
code, for 5+ unit properties would have also been reported under 1071.
As a result, the Bureau notes that for 7,353 of the 61,789 such
applications in 2021, there would continue to be no demographic data
information collected and reported for only ~55,000 HMDA applications
with non-natural person owners. The Bureau believes that this is an
acceptable number given how small it is compared to the total number of
reported transactions and given the strong concerns expressed about the
difficulties with compliant dual reporting that could result in poor
data quality and thereby undermine the section 1071 statutory purposes.
As for the number of ``covered loan'' applications that are ultimately
not reported under HMDA, the Bureau believes that these applications
can be excluded for the same reasons explained below in the section-by-
section analysis of Sec. 1002.105(b); financial institutions with the
lowest volume of small business lending might limit small business
lending activity because of the fixed costs of coming into compliance
with the reporting requirements, creating risk of market disruption
which would run contrary to the business and community development
purpose of section 1071. Additionally, as the Bureau explained in HMDA,
the Bureau ``sought to exclude financial institutions whose data are of
limited value in the HMDA dataset, thus ensuring that the institutional
coverage criteria do not impair HMDA's ability to achieve its purposes,
while also minimizing the burden for financial institutions.'' \426\
The Bureau similarly believes that these data would have limited value
in the 1071 dataset--the Bureau will be able to fulfill section 1071's
purposes without it, while reducing burden and complexity for financial
institutions that are not HMDA reporters.
---------------------------------------------------------------------------
\426\ Id. at 66278.
---------------------------------------------------------------------------
Finally, the Bureau notes that section 1071 will capture business
credit transactions that are secured by real estate but are not
presently captured under HMDA. For example, section 1071 will capture
transactions secured by non-dwellings as well as business loans secured
by an applicant's primary residence or residential investment property
as collateral for inventory financing or working capital (such loans
would not be captured under HMDA because they do not involve a home
purchase, home improvement, or refinancing). The small business lending
rule will also capture transactions that are secured by dwellings
located on real property used primarily for agricultural purposes.
Credit Secured by Certain Investment Properties
Based on feedback received during the SBREFA process as well as its
general knowledge regarding both consumer and commercial real estate
lending, the Bureau understands that many financial institutions use
their consumer mortgage lending channels to process credit applications
secured by 1-4 individual dwelling units and used for investment
purposes, while applications for credit secured by 5+ unit multifamily
properties or rental portfolio loans secured by more than four 1-4 unit
residential properties are generally processed through commercial
mortgage lending channels. The Bureau also understands that loans made
through consumer mortgage lending channels are often made pursuant to
the guidelines of Fannie Mae, Freddie Mac, the Federal Housing
Administration, and the Department of Veterans Affairs, and are likely
already reported under HMDA.
In line with the SBREFA Panel's recommendation, the Bureau proposed
that the rule not cover credit secured by certain investment
properties, because such credit may not always be primarily for
business or commercial purposes. Specifically, proposed comment 104(b)-
4 would have explained that a covered credit transaction does not
include an extension of credit that is secured by 1-4 individual
dwelling units that the applicant or one or more of the applicant's
principal owners does not, or will not, occupy. The Bureau did not
propose to exclude credit secured by owner-occupied dwellings; for
example, those secured by a dwelling occupied by a business's sole
proprietor/principal owner. The Bureau proposed to exclude real estate
investment loans only in certain limited circumstances (such as when
credit is secured by non-owner occupied 1-4 dwelling units and not 5+
dwelling units). The Bureau proposed to define ``dwelling'' to have the
same meaning as Regulation C Sec. 1003.2(f). Similarly, proposed
comment 104(b)-4, which would address what does and does not constitute
an investment property, was modeled on Regulation C's comment 4(a)(6)-
4.
In its proposal, the Bureau noted its belief that its exclusion of
credit secured by certain investment properties will better capture
lending to true small businesses (as opposed to consumers seeking to
diversify their investments) and will also better align with financial
institution lending practices. The Bureau stated that it understands
that it may not always be easy for financial institutions to
distinguish between
[[Page 35233]]
business-purpose real estate investment loans and consumer-purpose real
estate investment loans; however, covering all such loans would likely
include some percentage of consumer-purpose loans, which could be
contrary to section 1071's business and community development purpose.
The Bureau sought comment on its proposed approach for credit
secured by certain investment properties, including whether it is
appropriate to consider credit not to be business credit when it is
secured by 1-4 individual dwelling units that the applicant or one or
more of the applicant's principal owners does not, or will not, occupy;
and, if not, whether a different number of dwelling units in the
property securing the credit would be an appropriate way to make a
distinction between business and consumer-purpose credit. The Bureau
also sought comment on whether to permit financial institutions to
voluntarily report real estate investment loan transactions that are
secured by non-owner occupied 1-4 dwelling units.
The Bureau received comments on this aspect of the proposal from
lenders, trade associations, and a community group. Several commenters
supported the exclusion of credit secured by certain investment
properties. A community group stated that the exclusion was appropriate
because the purpose of such credit is investment and not operating a
business of renting out units.
A few comments urged expansion of the proposed exclusion to other
real estate secured lending. A joint letter from several trade
associations representing the commercial real estate industry advocated
for expanding the proposed exclusion to impose a clear boundary between
small business lending and all investment property lending to ensure
that the information gathered under section 1071 reflects true small
business lending. In line with this suggestion, this commenter also
recommended rule text revisions. Another trade association suggested
expanding the exclusion to all non-owner occupied commercial and
multifamily real estate lending, arguing that the credit is
underwritten on the cash flow of the property and the value of the
property itself, rather than the operating revenue of a business, like
other investment properties. Another commenter suggested the Bureau
specifically exempt commercial real estate loans secured by non-owner-
occupied investment real estate to borrowing entities with NAICS codes
5311XX, the industry code for lessors of real estate.
Some comments reflected requests for clarifications and confusion
regarding the proposal. A bank suggested removing occupancy status from
covered credit transaction considerations because occupancy does not
fairly or materially delineate small business lending from consumer
lending and creates complexity in how financial institutions would need
to design processes, systems, and training. Community groups suggested
the Bureau require financial institutions to ask whether the credit
will be used primarily for business purposes, such as to secure rental
income. A bank suggested the Bureau focus on borrower type (natural
person versus entity) instead of property type. A trade association
urged the Bureau to remove the proposed exclusion for credit secured by
certain investment properties and replace it with an exclusion of all
credit subject to Regulation Z. Another bank commenter sought
clarification of the proposed exclusion, noting situations where a
borrower or a related party occupies a dwelling unit but still
considers it to be an investment property and not a business. A trade
association asked the Bureau how to determine owner occupancy for non-
dwelling real estate, such as where a business owns an office building
with multiple rental office spaces, and rents out all of these spaces
except for one space occupied by the business itself. One bank appeared
to believe that credit secured by 1-4 dwelling unit investment
properties would be reportable for both HMDA and section 1071 with
varying reporting requirements.
For the reasons stated herein and in the section above regarding
HMDA-reportable transactions, the Bureau is adding new Sec.
1002.104(b)(2) to exclude a covered loan as defined by Regulation C, 12
CFR 1003.2(e). This new exclusion renders moot the Bureau's
consideration of proposed comment 104(b)-4 by encompassing virtually
all credit that is secured by 1-4 individual dwelling units that the
applicant or one or more of the applicant's principal owners does not,
or will not, occupy. The Bureau's decision also renders moot comments
regarding requests for clarifications and confusion regarding the
proposal.
A ``covered loan'' as defined by Regulation C, 12 CFR 1003.2(e),
means a closed-end mortgage loan or an open-end line of credit that is
not an excluded transaction under Sec. 1003.3(c). A transaction is not
a ``covered loan'' if it is excluded by purpose. For example,
Regulation C excludes agricultural-purpose transactions and
transactions that are secured by a dwelling, as defined by Sec.
1003.2(f), that is located on real property that is used primarily for
agricultural purposes.\427\ The regulation also excludes transactions
otherwise made primarily for a business or commercial purpose \428\
unless the transaction is also: a home improvement loan; \429\ a home
purchase loan; \430\ or a refinancing (including cash-out
refinancing).\431\ Transactions are only covered under HMDA as covered
loans if they are secured by a lien on dwelling. In addition to
principal residences, a dwelling includes, but is not limited to,
manufactured homes, multifamily apartment buildings, and properties for
long-term housing and related services (such as assisted living for
senior citizens or supportive housing for people with disabilities).
Thus, a transaction may need to be reported under section 1071 if it is
secured by a lien on a non-dwelling; for example, a recreational
vehicle, houseboat, a hotel, dormitory, or properties for long-term
housing and medical care if the primary use is not residential. For a
full list of exclusions, please refer to Regulation C, section 1003.3.
The Bureau notes that even if a transaction is excluded under
Regulation C, that does not mean it is necessarily reportable under
section 1071. For example, even though a transaction is a not a HMDA
``covered loan'' if it is a purchase of a partial interest in an
otherwise covered loan, and thus not excluded by new Sec.
1002.104(b)(2), it is also not reportable under this rule because, as
explained below in the section regarding certain purchases of covered
transactions, only the definition of ``covered application'' will
trigger data collection and reporting obligations with respect to
covered credit transactions and such purchases do not involve an
application for credit.
---------------------------------------------------------------------------
\427\ 12 CFR 1003.3(c)(9).
\428\ 12 CFR 1003.3(c)(10).
\429\ 12 CFR 1003.2(i).
\430\ 12 CFR 1003.2(j).
\431\ 12 CFR 1003.2(p).
---------------------------------------------------------------------------
While the Bureau anticipates that adoption of new Sec.
1002.104(b)(2) results in the exclusion of most dwelling-secured
lending, this Bureau is not expanding this exclusion to all investment
(non-owner occupied) property lending, as recommended by a few
commenters. Where a small business seeks credit to invest in commercial
(non-dwelling) real estate, it is likely to apply to a financial
institution's commercial lending division and there are unlikely to be
any difficulties in determining that the transaction is a business-
purpose real estate investment (and not a consumer-purpose real estate
investment). It is
[[Page 35234]]
important for this rule to capture lending to true small businesses (as
opposed to consumers seeking to diversify their investments) to meet
section 1071's business and community development purpose. Moreover,
because such lending is not covered by HMDA, the potential for poor
data quality arising from inconsistent dual reporting does not occur in
this situation. In other words, excluding such transactions from
coverage would not advance section 1071's statutory purposes in the
same way as does excluding HMDA-reportable transactions. Rather,
covering these transactions will allow data users for the first time to
better understand the rationale behind credit decisions, help identify
potential fair lending concerns, and provide financial institutions
with data to evaluate their business underwriting criteria and address
potential gaps for commercial real estate lending and cash flow
financing. In addition, robust data on such credit transactions across
applicants, financial institutions, products, and communities could
help target limited resources and assistance to applicants and
communities, thus furthering section 1071's business and community
development purpose. With respect to fair lending compliance, such data
would help data users analyze potential discriminatory disparities.
104(b)(3) Insurance Premium Financing
To better manage cash flow and help pay for costly property and
casualty insurance premiums, many businesses enter into insurance
premium financing arrangements. Under a typical arrangement, an
insurance premium financing company provides funds to pay for premiums
that are remitted directly to the business's insurance provider, either
directly or through an insurance agent or broker. The business then
repays the premium amount advanced, plus some additional amount in the
form of interest or a service charge, which is sometimes capped by
State law.\432\ If the business fails to repay the loan or otherwise
defaults in its obligation, or if the insurance contract is cancelled,
the insurance premium financing company is empowered under the
financing agreement to demand the unearned premiums directly from the
insurer. The Bureau understands that insurance premium financing
companies have little to no contact with the businesses seeking credit
and insurance premium financing arrangements are typically underwritten
based on the terms of the insurance policy, the financial strength of
the insurer that issued the policy and holds the unearned premium, and
the uncollateralized exposure of the financing company, if any.
---------------------------------------------------------------------------
\432\ See, e.g., Fla. Stat. Ann. section 627.840(3)(b); 215 Ill.
Comp. Stat. Ann. 5/513a10(c).
---------------------------------------------------------------------------
Unlike with other forms of credit, borrowers in insurance premium
financing transactions are not free to use advanced amounts for general
purchases because those amounts are intended solely to cover the cost
of property and casualty insurance premiums and the funds are often
remitted directly to the business's insurer. Moreover, because
insurance premium financing companies are contractually empowered in
the event of default to cancel the insured's insurance coverage and
obtain a refund of unearned premiums to repay the amount advanced,
these transactions are not typically underwritten based on the
insured's ability to repay but on the value of the unearned premium
collateral and the financial strength of the insurance carrier holding
that collateral. The Bureau also understands that, in some cases,
certain contractual terms, including maximum interest rates, are
regulated by State law.\433\
---------------------------------------------------------------------------
\433\ See, e.g., Fla. Stat. Ann. section 627.840 (providing, in
part, that a premium finance company shall not impose a service
charge of more than $12 per $100 per year); 215 Ill. Comp. Stat.
Ann. 5/513a10 (stating that the maximum service charge is $10 per
$100 per year).
---------------------------------------------------------------------------
In the NPRM, the Bureau stated its belief that an organization
offering insurance premium financing, where the organization provides
short-term loans to businesses to pay for property and casualty
insurance, would have been included within the definition of a
financial institution in proposed Sec. [thinsp]1002.105(a), even
though this specific business model was not described in proposed
comment 105(a)-1. The Bureau did not specifically discuss insurance
premium financing in its section-by-section analysis of proposed Sec.
1002.104, noting that the Bureau was proposing to require that covered
financial institutions report data for all applications for
transactions that meet the definition of business credit unless
otherwise excluded.
A group of insurance premium financing trade associations urged the
Bureau to exclude insurance premium financing from the rule. This
comment did not dispute that such financing is credit but argued that
it should not be covered because it is unlike any other form of small
business credit--insurance premium finance lenders do not interact with
or exchange information with the applicant, credit terms (including
interest rate and fees) are preestablished and do not vary, and some
State insurance codes provide requirements regarding interest rates,
fees, disclosures, and other aspects of a premium finance transaction.
This commenter also maintained that insurance premium financing
presents minimal fair lending risk, most of the data proposed to be
required is not currently collected and would not be useful for
comparisons, and financing companies would incur significant costs to
comply, potentially limiting access to this credit. The commenter noted
that FinCEN exempted insurance premium financing companies from its
final rule imposing customer due diligence (beneficial ownership)
obligations under the Bank Secrecy Act. This trade association stated
that, if the Bureau does not exclude insurance premium financing
companies, the Bureau should clarify how the rule will apply to avoid
curtailment of credit and conflict with State insurance laws,
particularly those that prohibit, or at a minimum discourage, insurance
agents and brokers from collecting applicant-provided demographic data
from insureds.
The Bureau also received a letter from several members of Congress
citing potential conflicts between proposed section 1071 requirements
and State regulatory frameworks that they believed would improperly
impair or interfere with State insurance law. They requested the Bureau
reconsider subjecting these products to the final rule because they
believed that doing so would not advance the policy underpinning
section 1071 and would further negatively impact small businesses and
their ability to purchase adequate insurance coverage.
For the reasons set forth herein, the Bureau is excluding insurance
premium financing transactions from the final rule. New Sec.
1002.104(b)(3) defines insurance premium financing as a financing
arrangement wherein a business agrees to pay to a financial
institution, in installments, the principal amount advanced by the
financial institution to an insurer or insurance producer in payment of
premium on the business's insurance contract or contracts, plus
charges, and as security for repayment, the business assigns to the
financial institution certain rights, obligations, and/or
considerations (such as the unearned premiums, accrued dividends, or
loss payments) in its insurance contract or contracts. New Sec.
1002.104(b)(3) adds that this exclusion does not include the financing
of insurance policy premiums obtained in connection with the financing
of goods and services.
[[Page 35235]]
The Bureau is adopting a definition of ``covered credit
transaction'' that excludes insurance premium financing pursuant to its
authority under ECOA section 704B(g)(1) to prescribe such rules and
issue such guidance as may be necessary to carry out, enforce, and
compile data under section 1071, as well as its authority under
704B(g)(2) to adopt exceptions to any requirement of section 1071 and
to conditionally or unconditionally exempt any financial institution or
class of financial institutions from the statute's requirements, as the
Bureau deems necessary or appropriate to carry out the purposes of
section 1071. While insurance premium financing constitutes ``credit''
within the meaning of Sec. 1002.102(i) and may constitute ``business
credit'' within the meaning of Sec. 1002.102(d) (depending on its
purpose), the Bureau believes that it is categorically different from
products like loans, lines of credit, credit cards, and merchant cash
advances and that there are several reasons to believe that excluding
it from coverage advances section 1071's statutory purposes. Insurance
premium financing is not a general-use lending product, but instead,
like trade credit, exists only to facilitate the sale of a specific
nonfinancial product or service. Providers of insurance premium
financing are not primarily financial services providers, nor do they
currently manage compliance with regulatory requirements associated
with making extensions of credit. Taken together, requiring insurance
premium financing to be reported under subpart B may lead to
significant data quality issues. In addition, the fixed costs of coming
into compliance with this final rule could lead insurance premium
financing companies to limit offering this credit to their small
business customers, potentially undermining the business and community
development purpose of section 1071.
The Bureau believes the new exclusion in final Sec. 1002.104(b)(3)
will carve out narrow financing arrangements where the amount financed
is reasonably related to and intended to directly pay the cost of a
business's insurance policy premiums. New Sec. 1002.104(b)(3) also
limits the exclusion to situations where the business assigns the
financial institution certain rights, obligations, and/or
considerations (such as the unearned premiums) in its insurance policy
because the Bureau understands that such security interests ensure that
the underwriting focus is on the insurer, and not the small business
applicant. New Sec. 1002.104(b)(3) clarifies that the exclusion does
not include the financing of insurance contract premiums purchased in
connection with the financing of goods and services.
The Bureau notes that final Sec. 1002.104(b)(3) does not cover
situations where the insurance provider itself provides a business the
right to defer payment of an insurance premium or fee owed by the
business beyond the monthly period in which the premium or fee is due.
However, such arrangements may be covered by the trade credit exclusion
in final Sec. 1002.104(b)(1).
Factoring
Background
In traditional factoring arrangements, a business in need of
financing sells all or a portion of its accounts receivable (existing
but unpaid invoices) to another business, known as a ``factor.'' The
factor then receives payments on the accounts receivable from the
business's debtors or customers directly, and not from the business
that had entered into the factoring transaction. If the business has
sold only a portion of its invoices, then once the account debtors pay
their invoices to the factor, the factor remits the remainder of the
balance to the business after deducting a fee (specifically, a discount
applied to the sold accounts receivable usually stated on a percentage
basis).
The Bureau understands that the factoring market is generally
dominated by nondepository institutions not subject to Federal safety
and soundness supervision or reporting requirements. The Bureau also
understands that generally, factors may not be required to obtain State
lending licenses. As a result, information on factoring volume and
practices is limited. The Bureau notes, however, that the California
and New York disclosure laws mentioned above cover factoring.\434\
---------------------------------------------------------------------------
\434\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
---------------------------------------------------------------------------
The Bureau's 2017 White Paper estimated the factoring market as
constituting around 8 percent of the number of accounts used by small
businesses in the U.S. in 2014.\435\ Based on more recent evidence, the
Bureau believes the industry has not significantly grown. For example,
the 2017 and 2020 Federal Reserve Banks' surveys of firms with 1-499
employees (``employer firms'') found that 4 percent of such businesses
applied for and regularly used factoring.\436\ In the 2020 Small
Business Credit Survey of Employer Firms, this figure dropped to 3
percent of employer firms \437\ and in the 2021 survey, this figure
went back up to 4 percent.\438\
---------------------------------------------------------------------------
\435\ White Paper at 21 fig. 2, 22 fig. 3.
\436\ 2020 Small Business Credit Survey; 2017 Small Business
Credit Survey.
\437\ See 2021 Small Business Credit Survey at 24.
\438\ See 2022 Small Business Credit Survey at 25.
---------------------------------------------------------------------------
An existing comment in Regulation B (comment 9(a)(3)-3) provides
that ``[f]actoring refers to a purchase of accounts receivable, and
thus is not subject to [ECOA or Regulation B].'' Existing Regulation B
does not offer a definition for ``accounts receivable.'' However, if
there is a ``credit extension incident to the factoring arrangement,''
Regulation B's notification rules \439\ apply, as do other relevant
sections of ECOA and Regulation B.\440\ The Bureau understands that the
Board's treatment of credit extensions incident to factoring
arrangements--as a type of credit but one entitled to exemptions from
certain requirements--was motivated by its reading of congressional
intent related to the Women's Business Ownership Act of 1988,\441\
which amended ECOA to extend notification and record retention
requirements to business credit. In its proposed rule on this issue,
the Board explained that it was treating credit extensions incident to
factoring arrangements differently from other forms of business credit
based on ``evidence of congressional intent that the amendments should
not apply to . . . certain types of business credit (such as
applications for trade credit and credit incident to factoring
arrangements).'' \442\
---------------------------------------------------------------------------
\439\ See existing Sec. 1002.9(a)(3)(ii) (requiring a creditor
to notify an applicant, within a reasonable time (as opposed to
within 30 days for credit sought by consumers and businesses with
gross revenues of $1 million or less in preceding fiscal year),
orally or in writing, of the action taken).
\440\ Comment 9(a)(3)-3.
\441\ Public Law 100-533, 102 Stat. 2689 (1988).
\442\ 54 FR 29734, 29736 (July 14, 1989); see also 134 Cong.
Rec. H9282-89 (daily ed. Oct. 3, 1988) (explaining that the
committee recognizes that some forms of commercial loan transactions
and extensions of credit may ``require specialized rules,'' and
that, for example, the committee believes that loans and credit
extensions incidental to trade credit, factoring arrangements, and
sophisticated asset-based loans should continue to be exempted from
the record retention and automatic notification requirements).
---------------------------------------------------------------------------
Proposed Rule
In the NPRM, the Bureau proposed to not cover factoring. Modeled on
the definitions set forth in the New York and California commercial
financing
[[Page 35236]]
disclosure laws,\443\ proposed comment 104(b)-1 would have provided
that factoring is an accounts receivable purchase transaction between
businesses that includes an agreement to purchase, transfer, or sell a
legally enforceable claim for payment for goods that the recipient has
supplied or services that the recipient has rendered but for which
payment has not yet been made. Proposed comment 104(b)-1 would have
also clarified that an extension of business credit incident to a
factoring arrangement is a covered credit transaction and that a
financial institution shall report such a transaction as an ``Other
sales-based financing transaction'' under proposed Sec.
1002.107(a)(5).
---------------------------------------------------------------------------
\443\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
---------------------------------------------------------------------------
The Bureau sought comment on its proposed approach to factoring.
The Bureau also sought comment on how the subset of purported factoring
arrangements that may in fact be credit (i.e., those that are revolving
in nature or that cover anticipated receivables) should be reported
under the rule. Specifically, the Bureau sought comment on whether such
arrangements should be reported as credit extensions incident to
factoring (and thus reported as ``other sales-based financing'') or as
merchant cash advances.
Comments Received
The Bureau received comments on this aspect of the proposal from a
range of commenters, including lenders, trade associations, and
community groups. One commenter urged the Bureau to include the
distinctions between merchant cash advances and factoring that were
discussed in its NPRM preamble in the final rule's text or commentary
to avoid future confusion over what products are ultimately covered by
the final rule. This commenter also asked the Bureau to address the
role of recourse and underwriting in its analysis of whether a
particular financing transaction qualifies as credit. Another commenter
encouraged the Bureau to consider differences between various factoring
product structures and offered some explanations on how the term and
costs of factoring arrangements could be reported. A community group
asked the Bureau to explicitly include credit extensions incident to
factoring arrangements in the list of covered transactions in the final
rule, along with loans, lines of credit, credit cards, and merchant
cash advances.
A wide range of commenters, including many community groups,
community-oriented lenders, several members of Congress, individuals,
and a nonbank online lender, urged the Bureau to cover factoring in the
final rule. One community group suggested the Bureau use its
discretionary authority to define credit broadly, regardless of comment
9(a)(3)-3 in Regulation B or other ECOA provisions, to avoid a conflict
with congressional intent of shedding light on the distribution of
financing to minority-owned, women-owned, and small businesses. Several
commenters shared concerns about insufficient data on factoring and
stressed the need for more transparency and for having a complete
picture of the small business financing market. A few commenters argued
that factoring constitutes a large part of the small business financing
landscape and that section 1071's purposes would not be fulfilled
without covering this product. Several commenters pointed to the fact
that factoring arrangements are often used by minority-owned small
businesses as evidence that they should be covered by the rule, with a
few commenters specifically raising fair lending concerns related to
factoring.
A few commenters questioned factoring's exclusion as non-credit,
with the cross-sector group arguing that its inclusion would not create
compliance concerns for other provisions of Regulation B because
section 1071 is not broadly applicable to the entirety of Regulation B.
That commenter also argued that a factoring arrangement is ``credit''
whenever its recipient is held liable for deferred payments conditional
on the third party's ability to repay. This commenter noted that while
recourse agreements (cited by the commenter as constituting 88 percent
of the industry) enable the factor to pursue payment from the recipient
if the third party fails to repay, non-recourse agreements also enable
factors to seek payments from recipients under a variety of
circumstances. Another community group argued a factoring arrangement
is credit when a small business receives an amount less than the amount
due from its client because the small business recipient in that case
is effectively paying interest and/or fees. A joint letter from
community groups suggested the Bureau make clear that factoring is
excluded only where there is a bona fide sale of an accrued right to
payment without creating any obligations--contingent or otherwise--on
the seller.
Two commenters pointed to the fact that New York and California
both include factoring in their respective commercial financing
disclosure laws as a reason why it should be covered by the rule. Some
commenters expressed strong concerns that the exclusion of factoring
would open a door to potential evasion by merchant cash advance
providers and other actors. Many commenters urged the Bureau to include
factoring within its rule implementing section 1071 in order to monitor
these arrangements and prevent abuses.
Two commenters, both providers of factoring, suggested the Bureau
clarify that non-recourse factoring is covered by the trade credit
exclusion. These commenters noted that non-recourse factors would be
subject to the rule as proposed because it would have provided that the
extension of business credit by a financial institution (such as a
factor) other than a supplier for the financing of the sale of
inventory is not ``trade credit.'' These commenters argued that
compliance would be burdensome and disruptive to their operations, with
one commenter stressing how important non-recourse factoring is in
facilitating the sale of product by sellers to buyers.
Final Rule
For the reasons set forth herein, the Bureau is finalizing comment
104(b)-1 largely as proposed and is not covering factoring under the
rule. The Bureau believes that, as discussed with respect to merchant
cash advances above, a factoring agreement, as described in comment
104(b)-1, is not credit under ECOA because the provider of the funds
does not grant the recipient the right to defer payment. Instead, the
provider of funds seeks payment directly from a third party on a
legally enforceable claim for payment for goods that the recipient has
supplied or services that the recipient has rendered but for which
payment in full has not yet been made. The Bureau also believes that
treating factoring as credit under the rule could create
inconsistencies and compliance concerns related to existing Regulation
B, which currently states that factoring (as a purchase of accounts
receivable) is not subject to ECOA.
The Bureau is finalizing a detailed description of what constitutes
factoring in comment 104(b)-1 because the existing Regulation B
commentary regarding factoring may not provide sufficient clarity for
purposes of collecting and reporting data under section 1071 as it does
not define ``accounts receivable.'' This finalized description, modeled
on the definitions set forth in the New York and California commercial
financing disclosure
[[Page 35237]]
laws,\444\ provides that factoring is an accounts receivable purchase
transaction between businesses that includes an agreement to purchase,
transfer, or sell a legally enforceable claim for payment for goods
that the recipient has supplied or services that the recipient has
rendered but for which payment in full has not yet been made. The
Bureau has added the words ``in full'' to the proposed description to
account for the fact that factoring may include an immediate partial
payment or down payment to the businesses supplying the goods or
services. Comment 104(b)-1 states that it is not intended to repeal,
abrogate, annul, impair, or interfere with any existing
interpretations, orders, agreements, ordinances, rules, or regulations
adopted or issued pursuant to existing comment 9(a)(3)-3.
---------------------------------------------------------------------------
\444\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
---------------------------------------------------------------------------
Based on the Bureau's work to date, comments received, and
conversations with industry stakeholders, the Bureau understands that
purported factoring arrangements may take various forms, including
longer-term or revolving transactions that appear to have credit or
credit-like features, and the Bureau believes that a subset of such
arrangements may constitute credit incident to the factoring
arrangement. Comment 104(b)-1 thus clarifies that an extension of
business credit incident to a factoring arrangement is a covered credit
transaction and that a financial institution shall report such a
transaction as an ``Other sales-based financing transaction'' under
Sec. 1002.107(a)(5). By contrast, arrangements that do not involve
goods or services that have already been supplied or rendered are not
``factoring'' under the Bureau's description. The Bureau makes clear in
comment 104(b)-1 that, despite the fact that some providers may label
such arrangements as factoring, the name used by the financial
institution for a product is not determinative of whether or not it is
a ``covered credit transaction,'' and such arrangements are not
factoring as described in the final rule and are covered.
The Bureau does not believe it would be appropriate to codify
distinctions between merchant cash advances and factoring in the final
rule's text or commentary, as suggested by a commenter. The Bureau
believes that factoring involves the sale of existing and alienable
assets, while merchant cash advances involve a promise of future
payments derived from anticipated receivables. Accordingly, providers
of merchant cash advances--but not factoring that involves the sale of
existing and alienable assets--grant the right to incur debt and defer
its payment at a later date within the meaning of ``credit'' under
Sec. 1002.102(i).
For that reason, to the extent that a purported factoring
arrangement involves multiple revolving transactions such that the
transaction between the recipient and the provider of funds is not
complete at the time of the sale, that transaction constitutes credit,
and the Bureau would expect such a transaction to be reported as an
``Other sales-based financing transaction'' because it constitutes an
extension of business credit that may or may not be incident to a
factoring arrangement (depending on whether the first transaction
involved the sale of existing and alienable assets). In terms of how to
report the term and costs of extensions of credit incident to factoring
arrangements, the Bureau notes that final Sec. 1002.107(a)(12)(v)
would require financial institutions to report, for a merchant cash
advance or other sales-based financing transactions, the difference
between the amount advanced and the amount to be repaid and that final
Sec. 1002.107(a)(5)(iii) requires reporting of estimated loan term for
merchant cash advances and other sales-based financing in certain
circumstances.
As noted above, the products discussed in this preamble do not
constitute an exhaustive list of covered credit transactions; other
types of business credit not specifically described nevertheless
constitute covered credit transactions unless excluded by final Sec.
1002.104(b). In line with this approach, the Bureau is not expressly
delineating additional products (such as credit extensions incident to
factoring arrangements) as covered credit transactions in the final
rule's regulatory text or commentary. Nor is it reopening existing
Regulation B at this time in order to interpret ``credit'' to include
factoring. The Bureau acknowledges that factoring constitutes a large
part of the small business financing landscape, particularly among
minority-owned small businesses, and that it would be helpful to have
more transparency into these arrangements. However, making such a
change as part of this final rule could creating inconsistences and
compliance challenges with respect to existing Regulation B provisions.
The Bureau also does not believe that the question of whether a
factoring arrangement is credit should be determined based on whether
the small business recipient is effectively paying finance charges. For
the reasons discussed in the section-by-section analysis of Sec.
1002.102(i), the Bureau is finalizing a definition of ``credit'' that
largely follows the definition of credit in ECOA \445\ and existing
Sec. 1002.2(j); meaning the right granted by a creditor to an
applicant to defer payment of a debt, incur debt and defer its payment,
or purchase property or services and defer payment therefor. This
longstanding definition does not turn on ``the number of installments
required for repayment, or whether the transaction is subject to a
finance charge,'' \446\ nor on how underwriting is conducted. Rather,
in order for factoring to be credit under ECOA, a factor must grant the
right to defer payment of debt or to incur debts and defer its payment.
---------------------------------------------------------------------------
\445\ See 15 U.S.C. 1691a. Existing Regulation B uses the term
``applicant'' instead of ``debtor.''
\446\ Existing comment 2(j)-1.
---------------------------------------------------------------------------
The Bureau also does not believe it would be appropriate, at this
time, to distinguish between recourse and non-recourse factoring that
involves the business-to-business sale of existing and alienable
assets. The Bureau is aware that a significant proportion of the
factoring market, as it is currently understood, may consist of
recourse factoring, in which factors may pursue repayment from the
recipient of funds if the third party fails to pay, and that even non-
recourse agreements may enable factors to seek repayment from
recipients under some circumstances, such as fraud. As a result, the
Bureau understands that in much of what market participants understand
to be ``factoring'' within the meaning of existing Regulation B, the
transaction between the recipient and the provider of funds is not
conclusively complete at the time of the sale. The Bureau agrees with
commenters that these transactions are, at minimum, akin to credit.
Nevertheless, the Bureau believes that requiring reporting for these
transactions at this time would have the effect of upending market
participants' settled expectations that ``factoring'' is not credit
within the meaning of existing Regulation B. Therefore, data collection
and reporting pursuant to subpart B is not required for an accounts
receivable purchase transaction between businesses that includes an
agreement to purchase, transfer, or sell a legally enforceable claim
for payment for goods that the recipient has supplied or services that
the recipient has rendered but for which payment has not yet been made,
regardless of whether the
[[Page 35238]]
agreement includes recourse or other nonpayment contingency provisions.
The Bureau appreciates the fact that New York and California both
include factoring in their respective commercial financing disclosure
laws and has in fact drawn from the States' helpful regulatory language
for its own section 1071 commentary. However, coverage of factoring by
these or other States \447\ in their commercial financing disclosure
regimes does not affect what constitutes ``credit'' under ECOA. The
Bureau understands concerns that exclusion of factoring may open a door
to potential evasion by merchant cash advance providers and other
actors. However, the Bureau does not agree that it must include
factoring in this final rule in order to monitor these arrangements and
prevent abuses.
---------------------------------------------------------------------------
\447\ Other States, including Virginia and Utah, have passed
similar commercial financing disclosure laws. See, e.g., Virginia H.
1027 (enacted Apr. 11, 2022), https://lis.virginia.gov/cgi-bin/legp604.exe?221+ful+CHAP0516; Utah S.B. 183 (enacted Mar. 24, 2022),
https://le.utah.gov/~2022/bills/static/SB0183.html.
---------------------------------------------------------------------------
In the course of considering financial institutions' compliance
with the rule, the Bureau intends to closely scrutinize secured finance
transactions to ensure that companies are appropriately categorizing
and reporting products as required by section 1071. The Bureau also
intends to obtain more information about the use of recourse and other
nonpayment provisions in the factoring market, including types of these
provisions and the frequency with which factors invoke them. If it
proves necessary to modify existing Regulation B or subpart B, the
Bureau is prepared to exercise all of its available authorities,
including its authority under section 703 of ECOA to make adjustments
that are necessary to prevent circumvention or evasion.
With respect to comments asking the Bureau to clarify that non-
recourse factoring is covered by the trade credit exclusion, the Bureau
notes that while non-recourse factors may not be subject to the trade
credit exclusion because they are not typically a supplier that
finances the sale of equipment, supplies, or inventory, they are likely
providing ``factoring'' as described in final comment 104(b)-1. For the
reasons discussed in the section-by-section analysis of Sec.
1002.104(b)(1), the Bureau is not expanding its exclusion of trade
credit to include third-party financing companies.
Leases
Background
A leasing transaction generally refers to an agreement in which a
lessor transfers the right of possession and use of a good or asset to
a lessee in return for consideration.\448\ Under a ``true'' or
``operating'' lease, a lessee (the user) makes regular payments to a
lessor (the owner) in exchange for the right to use an asset (such as
equipment, buildings, motor vehicles, etc.).
---------------------------------------------------------------------------
\448\ See UCC 2A-103(1)(j) (defining a ``lease'').
---------------------------------------------------------------------------
Leases are not expressly addressed in ECOA or Regulation B. Until
the issuance of the NPRM, the Bureau had never opined on whether ECOA
and Regulation B apply to leases, and the Board made only one statement
about the applicability of ECOA and Regulation B to leases, in the
preamble to a final rule under ECOA. In that 1985 statement, the Board
responded to the Ninth Circuit's opinion in Brothers v. First
Leasing,\449\ which concluded that consumer leasing falls under
ECOA.\450\ The Board stated that it believes that ``Congress did not
intend the ECOA, which on its face applies only to credit transactions,
to cover lease transactions unless the transaction results in a `credit
sale' as defined in the Truth in Lending Act and Regulation Z.'' \451\
The Board then noted that it will continue to monitor leasing
transactions and take further action as appropriate.\452\ The Bureau is
unaware of any such further actions taken by the Board.
---------------------------------------------------------------------------
\449\ 724 F.2d 789 (9th Cir. 1984).
\450\ 50 FR 48018, 48020 (Nov. 20, 1985).
\451\ Id.
\452\ Id. Since then, courts have gone both ways on the issue.
Compare Ferguson v. Park City Mobile Homes, No. 89-CIV-1909, 1989 WL
111916, at *5 (N.D. Ill. Sept. 18, 1989) (consumer leases are
``credit'' under ECOA), with Laramore v. Ritchie Realty Mgmt. Co.,
397 F.3d 544, 547 (7th Cir. 2005) (consumer leases are not
``credit'' under ECOA).
---------------------------------------------------------------------------
The Bureau understands that many financial institutions (such as
equipment finance companies) offer both loans and leases to their small
business customers and some financial institutions comply with
Regulation B for their leases as well as their loans as a matter of
course. Lessor stakeholders have told Bureau staff that from their
perspective, as well as that of their customers, loans and leases are
indistinguishable. The Bureau understands that this is particularly
true of ``financial'' or ``capital'' leases, as defined under article
2A of the Uniform Commercial Code (UCC),\453\ which closely resemble
(and according to some stakeholders, in some cases are
indistinguishable from) term loans. The Bureau understands that
financial leases are treated like assets on buyers' balance sheets,
whereas operating leases are treated as expenses that remain off the
balance sheet. The Bureau understands that the ownership
characteristics of a financial lease also resemble those of a loan--the
financial lease term is the substantial economic life of the asset (as
evidenced by a low dollar purchase option at the end of the lease term
and/or lack of residual financial obligations at the end of the lease
term) and the lessee claims both interest and depreciation on their
taxes. The Bureau understands that for some financial institutions,
reporting loans but not leases may require added cost and effort to
separate them in databases. The Bureau also understands that because
depository institutions currently report both loan and lease activity
to other regulators in their Call Reports, they may prefer to maintain
a consistent approach for section 1071.
---------------------------------------------------------------------------
\453\ The Bureau notes that the UCC separately defines a
``consumer lease.'' See UCC 2A-103(1)(e). The Bureau's analysis
regarding leases does not apply to leases primarily for a personal,
family, or household purpose.
---------------------------------------------------------------------------
Proposed Rule
In the NPRM, the Bureau proposed to not cover leases. Drawing from
the UCC definition of ``lease,'' \454\ which was incorporated into the
New York and California commercial financing disclosure laws,\455\
proposed comment 104(b)-2 would have provided that the term covered
credit transaction does not cover leases, and that a lease, for
purposes of proposed subpart B, is a transfer from one business to
another of the right to possession and use of goods for a term, and for
primarily business or commercial (including agricultural) purposes, in
return for consideration. It would have further stated that a lease
does not include a sale, including a sale on approval or a sale or
return, or a transaction resulting in the retention or creation of a
security interest. The Bureau sought comment on whether there are types
of leases, or leases with certain characteristics, that should be
excluded from proposed comment 104(b)-2 and thus treated as reportable
under section 1071. Based on the practical difficulty cited by some
stakeholders of distinguishing leases from loans, the Bureau also
sought comment on whether financial institutions should be permitted to
voluntarily report lease transactions.
---------------------------------------------------------------------------
\454\ UCC 2A-103(1)(j) (`` `Lease' means a transfer of the right
to possession and use of goods for a term in return for
consideration, but a sale, including a sale on approval or a sale or
return, or retention or creation of a security interest is not a
lease. Unless the context clearly indicates otherwise, the term
includes a sublease.'').
\455\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
---------------------------------------------------------------------------
[[Page 35239]]
Comments Received
The Bureau received comments on this aspect of the proposal from
several community groups and community oriented lenders, trade
associations, an online lender, and several members of Congress. Many
of these comments argued that leases should be covered under the
Bureau's rule. A few commenters suggested that leases were much like
loans and other credit, with one commenter asserting that where a small
business may retain leased equipment, that is akin to lending in which
debt is incurred, payment is deferred and payments are made over a
significant time period for a substantial asset, that is, the
equipment. This commenter noted that the Bureau could apply its
proposed loan threshold to leases. A cross-sector group of lenders,
community groups, and small business advocates maintained that any data
collection on the leasing market would be valuable, even if limited to
credit sale leases or ``$1 leases'' (where the lessee makes payments on
the leased item and at the end of the lease term, purchases the item
for $1), which the commenter viewed as a form of credit sale lease.
A few commenters urged the Bureau to cover this large and growing
share of the small business financing market in order to avoid data
gaps. Two commenters expressed fair lending and predatory practice
concerns regarding leasing--one commenter pointed to a lawsuit filed by
the California State Attorney General against two lease financing
companies operating in 15 states that allegedly forced 193 Black
churches to make lease payments on falsely advertised and faulty
computer kiosks.\456\ Another commenter noted that leases are often
used by minority-owned businesses, in some cases more often than white-
owned businesses. This commenter also noted that New York and
California both include leasing in their respective commercial
financing disclosure laws and that at the Federal level, bicameral
commercial financing disclosure legislation has been introduced to
cover leasing. Two commenters argued that not covering leases in the
final rule would open the door to potential evasion, allowing merchant
cash advance providers and other financing companies to structure
transactions as leases instead of loans.
---------------------------------------------------------------------------
\456\ See Complaint, California v. Television Broadcasting
Online, Ltd., 2011 WL 849066 (Cal. Super. Feb. 2011), https://oag.ca.gov/system/files/attachments/press_releases/n2042_complaint.pdf.
---------------------------------------------------------------------------
Several trade associations, including ones representing equipment
and vehicle lease and finance companies, expressed support for the
Bureau's proposed approach to not cover leases. One commenter commended
the Bureau for recognizing that leases are not treated as credit in the
U.S. regulatory structure and for proposing use of the widely accepted
UCC definition of a lease. Another commenter observed that the Bureau's
proposed definition of ``lease'' would not cover instances where a
lessee purchased or eventually owned the product being leased. This
commenter advised against covering leases in the rule, arguing that
doing so would result in incorrect reporting when applicants' employees
submit lease applications but do not know the full scope of their
employer's ownership makeup or financial holdings; it would also
increase compliance costs, making short-term leases and rentals
significantly more expensive.
Final Rule
For the reasons set forth herein, the Bureau is finalizing comment
104(b)-2 largely as proposed and is not covering leases under the final
rule. Drawing from the UCC definition of ``lease,'' \457\ which was
incorporated into the New York and California commercial financing
disclosure laws,\458\ comment 104(b)-2 provides that the term covered
credit transaction does not cover leases, and that a lease, for
purposes of subpart B, is a transfer from one business to another of
the right to possession and use of goods for a term, and for primarily
business or commercial (including agricultural) purposes, in return for
consideration. It further states that a lease does not include a sale,
including a sale on approval or a sale or return, or a transaction
resulting in the retention or creation of a security interest. In
addition, comment 104(b)-2 clarifies that the name used by the
financial institution for a product is not determinative of whether or
not it is a ``covered credit transaction.''
---------------------------------------------------------------------------
\457\ UCC 2A-103(1)(j) (`` `Lease' means a transfer of the right
to possession and use of goods for a term in return for
consideration, but a sale, including a sale on approval or a sale or
return, or retention or creation of a security interest is not a
lease. Unless the context clearly indicates otherwise, the term
includes a sublease.'').
\458\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B.
---------------------------------------------------------------------------
The Bureau considered several other approaches to covering leasing,
including referring to Regulation Z's definition of ``credit sale.''
Under that definition, a ``credit sale'' is ``a sale in which the
seller is a creditor,'' and it includes a lease--unless the consumer
may terminate it at any time without penalty--where the consumer
``[a]grees to pay as compensation for use a sum substantially
equivalent to, or in excess of, the total value of the property and
service involved'' and ``[w]ill become (or has the option to become),
for no additional consideration or for nominal consideration, the owner
of the property upon compliance with the agreement.'' \459\ The Bureau
understands that financial institutions focused on offering leases and
loans for business purposes are generally not familiar with the
Regulation Z definition of ``credit sale,'' given that Regulation Z
applies only to consumer credit.\460\ The Bureau thus believes that
referring to the Regulation Z definition of ``credit sale'' could
create confusion and would not align with current industry practices.
The Bureau understands that such financial institutions offering leases
primarily for business or commercial (including agricultural) purposes
are more accustomed to applying the UCC definitions of ``lease'' \461\
and ``finance lease,'' \462\ and/or the generally accepted accounting
principles (GAAP) rules issued by the Financial Accounting Standards
Board governing ``operating,'' ``capital,'' and ``finance''
leases.\463\ The Bureau believes that drawing from the UCC definition
of lease will lead to more consistency with financial institutions'
current practices. Nearly all U.S. jurisdictions have adopted Article
2A of the UCC,\464\ and the Bureau
[[Page 35240]]
understands that virtually every form of lease used by major leasing
companies provides that it is governed by the laws of one of the
jurisdictions that has adopted Article 2A.
---------------------------------------------------------------------------
\459\ 12 CFR 1026.2(a)(16).
\460\ See Regulation Z Sec. Sec. 1026.2(a)(12) (defining
``consumer credit'' as ``credit offered or extended to a consumer
primarily for personal, family, or household purposes'') and
1026.3(a)(1) (excluding extensions of credit ``primarily for a
business, commercial or agricultural purpose'').
\461\ UCC 2A-103(1)(j).
\462\ UCC 2A-103(1)(g).
\463\ See Fin. Acct. Standards Bd., Accounting Standards Update:
Leases (Topic 842), No. 2016-02 (Feb. 2016), https://www.fasb.org/Page/ShowPdf?path=ASU+2016-02_Section+A.pdf&title=Update+2016-02%E2%80%94Leases+%28Topic+842%29+Section+A%E2%80%94Leases%3A+Amendments+to+the+FASB+Accounting+Standards+Codification%C2%AE&acceptedDisclaimer=true&Submit=.
\464\ See Ala. Code 7-2A-101 et seq.; Alaska Stat. 45.12.101 et
seq.; Ariz. Rev. Stat. 47-2A101 et seq.; Ark. Code Ann. 4-2A-101 et
seq.; Cal. Com. Code 10101 et seq.; Choctaw Tribal Code 26-2A-101 et
seq.; Colo. Rev. Stat. 4-2.5-101 et seq.; Conn. Gen. Stat. 42a-2A-
101 et seq.; D.C. Code 28:2A-101 et seq.; Del. Code Ann. tit. 6, 2A-
101 et seq.; Fla. Stat. 680.1011 et seq.; Ga. Code Ann. 11-2A-101 et
seq.; Haw. Rev. Stat. 490:2A-101 et seq.; Idaho Code 28-12-101 et
seq.; 810 Ill. Comp. Stat. 5/2A-101 et seq.; Ind. Code 26-1-2.1-101
et seq.; Iowa Code 554.13101 et seq.; Kan. Stat. Ann. 84-2a-101 et
seq.; Ky. Rev. Stat. Ann. 355.2A-101 et seq.; Mass. Gen. Laws ch.
106, 2A-101 et seq.; Md. Code Ann., Com. Law 2A-101 et seq.; Me.
Stat. tit. 11, 2-1101 et seq.; Mich. Comp. Laws 440.2801 et seq.;
Minn. Stat. 336.2A-101 et seq.; Miss. Code Ann. 75-2A-101 et seq.;
Mo. Rev. Stat. 400.2A-101 et seq.; Mont. Code Ann. 30-2A-101 et
seq.; N.C. Gen. Stat. 25-2A-101 et seq.; N.D. Cent. Code 41-02.1-01
et seq.; N.H. Rev. Stat. Ann. 382-A:2A-101 et seq.; N.J. Stat. Ann.
12A:2A-101 et seq.; N.M. Stat. Ann. 55-2A-101 et seq.; N.Y. UCC Law
2-A-101 et seq.; Neb. Rev. Stat. UCC 2A-101 et seq.; Nev. Rev. Stat.
104A.2101 et seq.; Ohio Rev. Code Ann. 1310.01 et seq.; Okla. Stat.
tit. 12A, 2A-101 et seq.; Or. Rev. Stat. 72A.1010 et seq.; Pa. Cons.
Stat. 2A101 et seq.; R.I. Gen. Laws 6A-2.1-101 et seq.; S.C. Code
Ann. 36-2A-101 et seq.; S.D. Codified Laws 57A-2A-101 et seq.; Tenn.
Code Ann. 47-2A-101 et seq.; Tex. Bus. & Com. Code Ann. 2A.101 et
seq.; Utah Code Ann. 70A-2a-101 et seq.; V.I. Code Ann. tit. 11A,
2A-101 et seq.; Va. Code Ann. 8.2A-101 et seq.; Vt. Stat. Ann. tit.
9A, 2A-101 et seq.; W. Va. Code 46-2A-101 et seq.; Wash. Rev. Code
62A.2A-101 et seq.; Wisc. Stat. 411.101 et seq.; Wyo. Stat. Ann.
34.1-2.A-101 et seq.
---------------------------------------------------------------------------
Based on its review of business-purpose leases and its expertise
with respect to the meaning of ``credit,'' the Bureau believes that the
term ``credit'' does not encompass such business leases. In the
business-purpose context, the Bureau understands that in a true lease,
the lessor retains title and will receive the property back after the
conclusion of the lease term, without any expectation by either party
that, for example, ownership of the property will be transferred or
that payments made pursuant to the lease agreement constitute anything
other than payments in exchange for the temporary use of the property.
As a result, the Bureau does not believe that in the business-purpose
context a true lease transaction involves the right to incur debt and
defer its payment, defer payment of a debt, or defer payment for goods
or services.
The Bureau is aware that there are other types of leases with
characteristics that bear some resemblance to forms of credit like
credit sales, such as a contemplated transfer of ownership at the end
of the lease term. The Bureau does not parse whether different types of
leases might constitute ``credit'' but notes that final comment 104(b)-
2's definition of lease does not include a sale, including a sale on
approval or a sale or return, or a transaction resulting in the
retention or creation of a security interest. For further
clarification, the Bureau notes that UCC section 1-203 provides helpful
guidance on how to distinguish a lease from a security interest. For
example, UCC section 1-203 provides, in part, that a lease transaction
creates a security interest if the lessee's payment obligation
continues for the term of the lease and is not subject to termination
by the lessee and the lessee has an option to become the owner of the
goods for no additional consideration or for nominal additional
consideration upon compliance with the lease agreement.\465\ The UCC
additionally provides that additional consideration is nominal if it is
less than the lessee's reasonably predictable cost of performing under
the lease agreement if the option is not exercised.\466\ The UCC
appropriately notes that whether a transaction in the form of a lease
creates a lease or security interest is determined by the facts of each
case.\467\ The Bureau believes that drawing from an established
definition of ``lease'' that small business lenders already use will
minimize compliance risks and will offer sufficient consistency and
clarity regarding interpretation of final comment 104(b)-2.
---------------------------------------------------------------------------
\465\ UCC 1-203(b).
\466\ UCC 1-203(d).
\467\ UCC 1-203(a).
---------------------------------------------------------------------------
The Bureau is not covering leases under this final rule, as
requested by some commenters. The Bureau agrees that some business
leases are structured like loans and other credit but notes that a
commenter's example of a small business being able to retain leased
equipment is an example of the creation of a security interest, not a
lease under final comment 104(b)-2. Similarly, so-called ``$1 leases''
create security interests because the lessee has an option to become
the owner of the goods for nominal additional consideration. As noted
by one commenter, final comment 104(b)-2's definition of lease does not
include a transaction resulting in the retention or creation of a
security interest.
The Bureau understands that bicameral commercial financing
disclosure legislation was introduced in the last Congress to cover
some leasing and other commercial finance products under the Federal
Truth in Lending Act and that New York and California both include
leases in their respective commercial financing disclosure laws. (The
Bureau has in fact drawn from the states' helpful regulatory language
for its own section 1071 commentary.) However, the Bureau does not
believe that the coverage of leases in these particular legislative
efforts has any bearing on what constitutes ``credit'' under ECOA. The
Bureau appreciates commenters' concerns that not covering leases could
open a door to potential evasion and lead to data gaps or fair lending
problems. The Bureau believes that it can observe the small business
financing market for such abuses and prevent them without including all
leases in the rule. For example, in considering financial institutions'
compliance with the rule, the Bureau intends to closely scrutinize
transactions to ensure that companies are appropriately categorizing
and reporting products as required by section 1071.
Consumer-Designated Credit
The Bureau understands that some small business owners may use
consumer-designated credit in order to finance their small businesses--
such as taking out a home equity line of credit or charging business
expenses on their personal credit cards.
The proposed rule would not have covered products designated by the
creditor as consumer-purpose products (consumer-designated credit).
Proposed comment 104(b)-3 would have made clear that the term covered
credit transaction does not include consumer-designated credit used for
business purposes, because such transactions are not business credit.
Proposed comment 104(b)-3 would have provided that a transaction
qualifies as consumer-designated credit if the financial institution
offers or extends the credit primarily for personal, family, or
household purposes. The Bureau sought comment on this proposed
interpretation, including how the Bureau has defined the scope of
consumer-designated credit. The Bureau also sought comment on whether
it should permit financial institutions to voluntarily report consumer-
designated credit when they have reason to believe the credit might be
used for business purposes.
The Bureau received comments on this aspect of the proposal from a
range of banks, credit unions, trade associations, and community
groups. One trade association generally agreed with the Bureau's
approach to consumer-designated credit but asked the Bureau to clarify
whether retail installment sales contracts are covered by the exclusion
of consumer-designated credit. This commenter also asked the Bureau to
confirm that, in determining whether credit is excluded as consumer-
designated credit, existing comment 2(g)-1 interpreting the definition
of ``business credit'' applies, which provides that ``[a] creditor may
rely on an applicant's statement of the purpose for the credit
requested.''
Some industry commenters supported the Bureau's proposed exclusion
of consumer-designated credit. One of these commenters argued that the
inclusion of consumer-designated credit within the rule would
dramatically expand the size of the data collected beyond the purpose
of section 1071, circumventing the congressional intent and increasing
the rule's impact on the availability of credit for all consumers--
[[Page 35241]]
not just business borrowers. Another commenter asked the Bureau to
clarify that it will not challenge the designation of a transaction as
consumer-designated credit, expressing concerns because financial
institutions have no reliable method for validating a latent business
purpose in an application for a consumer-designated credit transaction.
Two banks recommended against requiring financial institutions to
second guess consumers' intentions regarding use of funds by requiring
them to report on loans suspected to be used for business purposes.
Several commenters urged the Bureau to cover consumer credit that
will be used for business purposes. One community group suggested
collecting 1071 data where personal credit card applicants responded
that 50 percent or more of the loan would be used for small business
purposes, asserting that this threshold would sufficiently weed out
applications that would result in nominal amounts of funding for small
business purposes but would still capture ones that are potentially
important for meeting the community development purpose of section
1071. Two commenters expressed concerns that not covering consumer-
designated credit would result in a push toward unregulated products,
with one commenter asserting that a portion of the fintech sector is
engaging in unscrupulous targeting of vulnerable customers (including
racial and ethnic minorities). Two community groups asked the Bureau to
reconsider its proposal, emphasizing how important consumer-designated
credit is as a source of financing for small businesses, particularly
for women-owned and minority-owned small businesses, sole
proprietorships, and new businesses. Another community group
recommended that the Bureau additionally include personal credit card
loans that finance business expenses, asserting that these cards are a
vital source of credit for very small and start-up businesses, as well
as businesses owned by women and people of color.
A number of banks suggested the Bureau exclude all credit subject
to Regulation Z. Some suggested that such an exemption would provide
clarity to the definition of ``covered credit transaction'' and would
ease compliance burden when identifying covered applications,
implementing data collection, and ensuring data integrity in a manner
that meets the statutory purpose. One trade association added that
financial institutions are already familiar with determining loan
purpose under the Regulation Z definition in their everyday lending
activities and that this approach would alleviate confusion with the
proposed exclusion for credit secured by certain investment properties.
For the reasons set forth herein, the Bureau is finalizing comment
104(b)-3 almost entirely as proposed and is not covering consumer-
designated credit under the final rule. Comment 104(b)-3 makes clear
that the term covered credit transaction does not include consumer-
designated credit used for business or agricultural purposes, because
such transactions are not business credit. The Bureau is adding the
reference to agricultural purposes for clarity. Comment 104(b)-3
provides that a transaction qualifies as consumer-designated credit if
the financial institution offers or extends the credit primarily for
personal, family, or household purposes. For example, an open-end
credit account used for both personal and business purposes is not
business credit for the purpose of subpart B unless the financial
institution designated or intended for the primary purpose of the
account to be business-related.
The Bureau believes it is appropriate to interpret section 1071 as
not applying to this type of credit. Most notably, ECOA section 704B(b)
directs financial institutions to collect data in the case of an
application ``for credit for women-owned, minority-owned, or small
business'' (emphasis added). The statute thus applies only to
applications for credit for a business; at the time of an application
for consumer-designated credit, however, the application is not for a
business. Several policy reasons also support this approach. First,
financial institutions may not be able to consistently identify when
consumer-designated credit is being used for business or agricultural
purposes. Inconsistent reporting across financial institutions could
lead to data quality concerns. Credit sought by consumers for both
personal and business purposes could be particularly difficult to
separate into reportable and non-reportable portions. The Bureau
believes that excluding consumer-designated credit will simplify
compliance by obviating the need for financial institutions to identify
and distinguish business uses of consumer-purpose credit products.
Second, not including consumer-designated credit that is used for
business or agricultural purposes within the scope of this rulemaking
makes it clear that the applications reported will all be seeking
credit to use for business/agricultural purposes, which supports
section 1071's directive to collect and report data in the case of an
application for credit for a business. Third, not covering consumer-
designated credit that is used for business or agricultural purposes
provides certainty to financial institutions that offer only consumer-
designated credit that they are not subject to this final rule's data
collection and reporting requirements.
With respect to the request to clarify whether retail installment
sales contracts are covered by the exclusion of consumer-designated
credit, the Bureau notes that this exclusion applies equally to all
credit products. In other words, a retail installment sales contract
qualifies as consumer-designated credit if the financial institution
offers or extends it primarily for personal, family, or household
purposes. The Bureau confirms, as requested, that because the Bureau is
finalizing Sec. 1002.102(d) to define business credit as having the
same meaning as in existing Sec. 1002.2(g), existing comment 2(g)-1
also applies to subpart B. Thus, in determining whether credit is
excluded as consumer-designated credit, a financial institution ``may
rely on an applicant's statement of the purpose for the credit
requested.'' \468\
---------------------------------------------------------------------------
\468\ Existing comment 2(g)-1.
---------------------------------------------------------------------------
The Bureau agrees with commenter concerns that the inclusion of
consumer-designated credit within the rule would dramatically expand
the size of the data collected beyond the purpose of section 1071,
circumventing congressional intent and potentially increasing the
rule's impact on the availability of credit for all consumers--not just
small business borrowers. The Bureau also confirms that financial
institutions may rely on an applicant's statement of purpose for the
credit requested and need not report consumer-purpose loans suspected
to be used for business purposes, recognizing that alternative
approaches would likely result in inconsistent results across lenders
as they tried to discern latent business purposes in an application for
a consumer-designated credit transaction.
With respect to the suggestion that the Bureau require financial
institutions to inquire on an application whether 50 percent or more of
the borrowed funds would be used for small business purposes and
require collection of 1071 data in those instances, the Bureau believes
that this approach would raise many of the policy concerns discussed
above. The Bureau appreciates the concerns about potential fair lending
violations and evasion raised by commenters relating to consumer-
designated credit. The Bureau believes that its finalized bright-line
approach
[[Page 35242]]
will better enable it to ensure that financial institutions that are
offering business credit are complying with the final rule.
The Bureau is not excluding to exclude all credit subject to
Regulation Z from this rule's definition of ``business credit,'' as
suggested by some commenters. The final rule does not cover consumer-
designated credit, which includes Regulation Z credit as well as other
consumer-designated credit that is not encompassed by Regulation Z. The
Bureau notes that some of Regulation Z's provisions apply to business
purpose credit cards \469\ and that Regulation Z does not cover
consumer credit over certain applicable threshold amounts.\470\
---------------------------------------------------------------------------
\469\ See Regulation Z Sec. 1026.12(a) and (b).
\470\ See id. Sec. 1026.3(b).
---------------------------------------------------------------------------
Certain Purchases of Covered Credit Transactions, Including Pooled
Loans and Partial Interests Proposed Rule
As discussed in the section-by-section analysis of Sec. 1002.103
above, ECOA section 704B(b) requires that financial institutions
collect, maintain, and report to the Bureau certain information
regarding ``any application to a financial institution for credit.''
For covered financial institutions, the definition of ``application''
triggers data collection and reporting obligations with respect to
covered credit transactions. In the NPRM, the Bureau noted that under
proposed subpart B, purchasing a loan, purchasing an interest in a pool
of loans, or purchasing a partial interest in a loan does not, in
itself, generate an obligation for a covered financial institution to
report small business lending data. Rather, a reporting obligation
arises on the basis of receiving a covered application for credit. (See
the section-by-section analysis of Sec. 1002.109(a)(3) for additional
information.) The Bureau also noted the corollary point that selling an
originated covered credit transaction would not, in itself, obviate an
existing obligation of a covered financial institution to report small
business lending data for that application, pursuant to proposed
comment 107(a)-1.i.
In addition, the Bureau believed that requiring covered financial
institutions to collect and maintain data related to the purchase of an
interest in a pool of covered credit transactions would do little to
further the purposes of section 1071. The Bureau generally believed
that a pooled loan purchase would arise after credit decisions on the
relevant loans had already been made (e.g., after the loans were
originated) and therefore the Bureau believed that the purchaser of an
interest in a pool of loans would understand that there would be no
section 1071 obligation. Information about the loans in this pool would
already be captured, as the application for each originated loan in the
pool would already be reported (assuming it was originated by a covered
financial institution and otherwise satisfies the requirements of
subpart B). For clarity, however, the Bureau stated in the NPRM
preamble that no reporting obligations arise from purchasing an
interest in a pool of covered credit transactions, including credit-
backed securities or real estate investment conduits. The Bureau
believed that this clarification, similar to Regulation C comment
3(c)(4)-1, would assist covered financial institutions in understanding
the scope of their obligations.
Moreover, the Bureau stated that the purchase of a partial interest
in a loan does not, in itself, generate an obligation for a covered
financial institution to report small business lending data. The Bureau
believed that this approach, combined with proposed Sec.
1002.109(a)(3), provided sufficient clarity for financial institutions
that choose to take part in loan participations. For example, Financial
Institution A receives an application from a small business for a
covered credit transaction and approves the loan, and then Financial
Institution A organizes a loan participation agreement where Financial
Institutions B and C agree to purchase a partial interest. This is a
reportable application for a covered credit transaction for Financial
Institution A, but it is not a reportable application for Financial
Institutions B and C. The Bureau noted that this approach differs from
how loan participations are reported by banks and savings associations
under the CRA. That is, under the CRA, if the loan originated by
Financial Institution A met the definition of a small business loan,
then for any (or all) of the financial institutions that were CRA
reporters, the loans could be reported under the CRA.\471\
---------------------------------------------------------------------------
\471\ See, e.g., 12 CFR 228.21(f) (stating that when assessing
the record of a nonminority-owned and nonwomen-owned bank, the Board
considers loan participation as a factor).
---------------------------------------------------------------------------
The Bureau believed that the statutory purposes of section 1071
encourage the broad collection of small business lending data by
financial institutions. The Bureau was not aware of any reason why data
with respect to covered credit transactions should not be collected
because more than one financial institution holds an interest in the
originated loan. Conversely, the Bureau did not believe that requiring
reporting by each financial institution with a partial interest in a
covered credit transaction would further section 1071's purposes, and
because having a single loan reported by multiple financial
institutions could compromise the quality of the 1071 dataset. Read in
conjunction with proposed Sec. 1002.109(a)(3), however, the Bureau
believed that the covered credit transactions at issue here would
nonetheless generally be reported by one financial institution provided
it met the threshold for originated loans pursuant to Sec.
1002.105(b)--i.e., the financial institution that sold portions of the
loan to other participants.
The Bureau did not expressly exclude loan purchases, the purchase
of an interest in a pool of covered credit transactions or the purchase
of a partial interest in a covered credit transaction in the proposed
rule's regulatory text or commentary, but sought comment on this
approach. With respect to partial interests specifically, the Bureau
solicited comment on how such an exclusion may differ from reporting
obligations under the CRA and, if the Bureau adopted another approach,
how overlapping reporters or data might be flagged to avoid double-
counting certain information.
Comments Received
The Bureau received several comments regarding loan purchases and
loan participations. Commenters did not address pooled loans
specifically. A trade association and two banks agreed that loan
purchases should not be covered; one of these banks requested that the
Bureau add commentary emphasizing this point.
In contrast, two other commenters argued that all loan purchases
should be reported, citing consistency with treatment under CRA and
HMDA. One commenter further stated that excluding loan purchases and
participations from reporting requirements would ignore the role of
financial institutions with a significant percentage of loan purchases,
despite their importance in the small business lending market. The
other commenter stated that 1071 data should replace CRA lending data,
the CRA considers loan purchases, and thus so should the Bureau's rule
for consistency.
Several farm credit lenders and a trade association said that
participation interests and participation loans should be specifically
excluded, noting that a participation interest is legally distinct from
a loan, the purchaser of an interest
[[Page 35243]]
is not considered a creditor, and there is risk of double counting the
data. One commenter asked that the Bureau exclude loan participations
from the definition of ``covered credit transaction'' because a
customer never applies for any lender to participate in a covered
credit transaction. In addition, some farm credit lenders noted that
they frequently enter into loan participation agreements. They stated
that a loan participation is significantly different from the purchase
of a loan because under these agreements, the borrower's contractual
relationship remains solely with the lead lender. These commenters
further stated that requiring a participant to report would be akin to
requiring a trust in a mortgage securitization to report HMDA data.
Final Rule
For the reasons set forth herein, the Bureau is revising the
commentary to Sec. 1002.104(b) to make clear that loan purchases, the
purchase of an interest in a pool of loans, and the purchase of a
partial interest in a credit transaction are not ``covered credit
transactions.'' Specifically, the Bureau is adding comment 104(b)-4 to
clarify that for purposes of subpart B, the term ``covered credit
transaction'' does not include the purchase of an originated credit
transaction, the purchase of an interest in a pool of credit
transactions, or the purchase of a partial interest in a credit
transaction such as through a loan participation agreement. Such
purchases do not, in themselves, constitute applications for business
credit that the purchasing entity makes decisions on. Relatedly, in
order to illustrate reporting obligations regarding pooled loans and
partial interests, the Bureau is also adding examples to the commentary
to Sec. 1002.109(a)(3). The section-by-section analysis of Sec.
1002.109(a)(3) addresses in detail situations where multiple financial
institutions are involved in a covered credit transaction.
While the Bureau acknowledges the important role of loan purchases
in the small business lending market, the Bureau notes that the
definition of ``covered application'' triggers data collection and
reporting obligations with respect to covered credit transactions.
Under the final rule, purchasing an originated loan, purchasing an
interest in a pool of loans, or purchasing a partial interest in a loan
does not, in itself, generate an obligation for a covered financial
institution to report small business lending data regarding the
application underlying the purchased loan. The Bureau has made clear in
final Sec. 1002.109(a)(3) and associated commentary that only the
action taken on the application is reportable.
In response to commenters who urged consistency with HMDA, as noted
above, the statutory language in HMDA contemplates data collection for
loan purchases. Similarly, as interpreted by the agencies administering
CRA, the CRA statute permits banks to fulfill their obligation to meet
local credit needs by lending in low-to-moderate income communities or
by purchasing loans made by others.\472\ Conversely, section 1071 does
not contain such language; it is focused on applications as the trigger
for data collection and reporting obligations. Thus, the Bureau
concludes for this rule that it is appropriate for financial
institutions to have reporting obligations on the basis of making
credit decisions on applications, as explained further in the section-
by-section analysis of Sec. 1002.109(a)(3)--a subsequent purchase of a
loan (or an interest in a pool of loans, or a partial interest in a
loan) is not, in itself, reportable.
---------------------------------------------------------------------------
\472\ See, e.g., 12 CFR 228.22(a)(2) (stating that the Board
will consider both originations and purchases of loans under the
lending test).
---------------------------------------------------------------------------
104(b)(4) Public Utilities Credit
As noted above, the existing definition of business credit in Sec.
1002.2(g) partially excludes public utilities credit, securities
credit, incidental credit, and government credit, as defined in
existing Sec. 1002.3(a) through (d), from requirements of existing
Regulation B. For the purpose of proposed subpart B, the Bureau
proposed complete exclusions for public utilities credit from the
definition of a covered credit transaction in proposed Sec.
1002.104(b). The Bureau also proposed to define business credit in
proposed Sec. 1002.102(d) by reference to existing Sec. 1002.2(g),
which already excludes public utilities credit. The Bureau sought
comment on its proposal to exclude public utilities credit but did not
receive any comments in response.
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.104(b)(2) as proposed. Section 1002.104(b)(2) excludes public
utilities credit, as defined in existing Sec. 1002.3(a)(1). Existing
Sec. 1002.3(a)(1) states that the term public utilities credit refers
to extensions of credit that involve public utility services provided
through pipe, wire, or other connected facilities, or radio or similar
transmission (including extensions of such facilities), if the charges
for service, delayed payment, and any discount for prompt payment are
filed with or regulated by a government unit. Several existing
Regulation B requirements do not apply to public utilities credit
transactions.\473\ Existing comment 3(a)-1 explains that the definition
applies only to credit for the purchase of a utility service, such as
electricity, gas, or telephone service. Credit provided or offered by a
public utility for some other purpose--such as for financing the
purchase of a gas dryer, telephone equipment, or other durable goods,
or for insultation or other home improvements--is not excepted under
Sec. 1002.104(b)(2) but may be excepted if it constitutes trade credit
under Sec. 1002.104(b)(1), or in the example of financing for certain
home improvements, if it does not constitute an extension of business
credit under Sec. 1002.104(a). Existing comment 3(a)-2 states in part
that a utility company is a creditor when it supplies utility service
and bills the user after the service has been provided.
---------------------------------------------------------------------------
\473\ See Sec. 1002.3(a).
---------------------------------------------------------------------------
The Bureau is adopting a definition of ``covered credit
transaction'' that only covers business credit and that fully excludes
public utilities credit pursuant to its authority under ECOA section
704B(g)(1) to prescribe such rules and issue such guidance as may be
necessary to carry out, enforce, and compile data under section 1071,
as well as its authority under ECOA 704B(g)(2) to adopt exceptions to
any requirement of section 1071 and to conditionally or unconditionally
exempt any financial institution or class of financial institutions
from the statute's requirements, as the Bureau deems necessary or
appropriate to carry out the purposes of section 1071. The Bureau
believes that fully excluding public utilities credit from the rule is
reasonable for the same reasons as the Board enumerated when it adopted
exemptions from certain procedural requirements under subpart A.
Specifically, covering public utilities credit under this rule could
potentially result in ``substantial changes in the forms and procedures
of public utilities companies. Costs associated with such changes
would, in all likelihood, be passed along to [small business owners].''
\474\ The Bureau notes that many of the policies and procedures of
public utilities companies are separately regulated at the State and
municipal levels by public service commissions, and at the Federal
level by the Federal Energy Regulatory Commission. The Bureau also
believes that public utilities credit is akin to trade credit and thus
is
[[Page 35244]]
excluding it from coverage under subpart B for the same reasons.
---------------------------------------------------------------------------
\474\ 40 FR 49298, 49305 (Oct. 22, 1975).
---------------------------------------------------------------------------
104(b)(5) Securities Credit
As noted above, the existing definition of business credit in Sec.
1002.2(g) partially excludes public utilities credit, securities
credit, incidental credit, and government credit, as defined in
existing Sec. 1002.3(a) through (d), from requirements of existing
Regulation B. For the purpose of proposed subpart B, the Bureau
proposed complete exclusions for securities credit from the definition
of a covered credit transaction in proposed Sec. 1002.104(b). The
Bureau sought comment on its proposal to exclude securities credit but
did not receive any comments in response.
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.104(b)(3) as proposed. Section 1002.104(b)(3) excludes securities
credit, as defined in existing Sec. 1002.3(b)(1). Existing Sec.
1002.3(b)(1) states that the term securities credit refers to
extensions of credit subject to regulation under section 7 of the
Securities Exchange Act of 1934 or extensions of credit by a broker or
dealer subject to regulation as a broker or dealer under the Securities
Exchange Act of 1934. Several existing Regulation B requirements do not
apply to securities credit transactions.\475\
---------------------------------------------------------------------------
\475\ See Sec. 1002.3(b).
---------------------------------------------------------------------------
The Bureau is adopting a definition of ``covered credit
transaction'' that only covers business credit and that fully excludes
securities credit pursuant to its authority under ECOA section
704B(g)(1) to prescribe such rules and issue such guidance as may be
necessary to carry out, enforce, and compile data under section 1071,
as well as its authority under ECOA 704B(g)(2) to adopt exceptions to
any requirement of section 1071 and to conditionally or unconditionally
exempt any financial institution or class of financial institutions
from the statute's requirements, as the Bureau deems necessary or
appropriate to carry out the purposes of section 1071. The Bureau is
excluding securities credit to foster consistency with existing
Regulation B.
104(b)(6) Incidental Credit
As noted above, the existing definition of business credit in Sec.
1002.2(g) partially excludes public utilities credit, securities
credit, incidental credit, and government credit, as defined in
existing Sec. 1002.3(a) through (d), from requirements of existing
Regulation B. For the purpose of proposed subpart B, the Bureau
proposed complete exclusions for incidental credit from the definition
of a covered credit transaction in proposed Sec. 1002.104(b).
As the Bureau explained in the NPRM, existing Sec. 1002.3(c)(1)
states that incidental credit refers to extensions of consumer credit
other than public utilities and securities credit (i) that are not made
pursuant to the terms of a credit card account; (ii) that are not
subject to a finance charge (as defined in Regulation Z Sec. 1026.4);
and (iii) that are not payable by agreement in more than four
installments. For example, existing comment 3(c)-1 explains that if a
service provider (such as a hospital, doctor, lawyer, or merchant)
allows the client or customer to defer the payment of a bill, this
deferral of debt is credit for purposes of Regulation B, even though
there is no finance charge and no agreement for payment in
installments--meaning that it would not be covered under Regulation Z.
Such extensions of incidental credit are excepted from compliance with
certain procedural requirements as specified in existing Sec.
1002.3(c). The Board created these exceptions in response to commenters
that urged it to minimize burdens on businesses that ``permit their
customers to defer payment of debt as a convenience and are not in the
business of extending credit.'' \476\
---------------------------------------------------------------------------
\476\ 40 FR 49298, 49304 (Oct. 22, 1975).
---------------------------------------------------------------------------
The Bureau sought comment on its proposal to exclude incidental
credit and it received one industry comment in support of the proposed
exclusion.
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.104(b)(4) as proposed. The Bureau is adopting a definition of
``covered credit transaction'' that only covers business credit and
that fully excludes incidental credit pursuant to its authority under
ECOA section 704B(g)(1) to prescribe such rules and issue such guidance
as may be necessary to carry out, enforce, and compile data under
section 1071, as well as its authority under 704B(g)(2) to adopt
exceptions to any requirement of section 1071 and to conditionally or
unconditionally exempt any financial institution or class of financial
institutions from the statute's requirements, as the Bureau deems
necessary or appropriate to carry out the purposes of section 1071. The
Bureau believes that the Board's reasoning with respect to incidental
credit's limited exception under existing Regulation B is equally
applicable and relevant here. Additionally, the Bureau believes that
providers of incidental credit may not intend to extend credit and may
not currently manage compliance with regulatory requirements associated
with making extensions of credit. The Bureau believes an exclusion is
appropriate to further the business and community development purpose
of section 1071 because of the likelihood that these entities may incur
large costs relative to their size to collect and report 1071 data in
an accurate and consistent manner, which could result in entities
limiting credit to their small business customers or in potential data
quality issues.
Government Credit
The existing definition of business credit in Sec. 1002.2(g)
partially excludes public utilities credit, securities credit,
incidental credit, and government credit (that is, extensions of credit
made to governments or governmental subdivisions, agencies, or
instrumentalities--not extensions of credit made by governments), as
defined in existing Sec. 1002.3(a) through (d), from existing
Regulation B.\477\
---------------------------------------------------------------------------
\477\ As explained in existing comment 3-1, under Sec. 1002.3,
procedural requirements of Regulation B do not apply to certain
types of credit. The comment further states that all classes of
transactions remain subject to Sec. 1002.4(a) (the general rule
barring discrimination on a prohibited basis) and to any other
provision not specifically excepted.
---------------------------------------------------------------------------
In its NPRM, the Bureau did not propose in Sec. 1002.104(b) to
separately exclude government credit, as defined in existing Sec.
1002.3(d)(1) to mean ``extensions of credit made to governments or
governmental subdivisions, agencies, or instrumentalities.'' The Bureau
sought comment on its approach to government credit but did not receive
any comments on this aspect of the proposal. For the purpose of subpart
B, the Bureau is finalizing complete exclusions for public utilities
credit, securities credit, and incidental credit from the definition of
a covered credit transaction in final Sec. 1002.104(b), as described
above, but is not adopting a similar exclusion for government credit.
The Bureau is finalizing its approach because it believes that an
express exclusion for extensions of credit made to governments or
governmental subdivisions, agencies, or instrumentalities is not
necessary because such governmental entities would not constitute small
businesses under the final rule.\478\
---------------------------------------------------------------------------
\478\ Government entities are not ``organized for profit'' and
are thus not a ``business concern'' under proposed Sec.
1002.106(a).
---------------------------------------------------------------------------
Additional Requested Exclusions
The Bureau received numerous comments requesting the Bureau exclude
additional products from coverage under the rule. These
[[Page 35245]]
comments and the Bureau's response are discussed below.
Point-of-sale transactions. A trade association urged the Bureau to
fully exempt point-of-sale transactions from the rule, arguing that
data collected in connection with such transactions would be
inaccurate. In the alternative, this commenter suggested an exception
from the requirement to obtain principal owners' ethnicity, race, and
sex information, for credit lines below $50,000. As discussed in the
section-by-section analysis of Sec. 1002.107(c), the Bureau does not
believe it would be appropriate to categorically exempt point-of-sale
transactions. The Bureau also is not adopting a minimum transaction
amount threshold, as discussed below.
Minimum transaction amount threshold. Some industry commenters
requested the Bureau exempt all credit transactions from section 1071
collection and reporting requirements if they fell below a certain
minimum transaction threshold. One commenter asked the Bureau to adopt
a de minimis loan amount exemption of at least $1 million to soften the
rule's impact on small entities and borrowers. A credit union stated
that the Bureau should implement a minimum loan amount of $10 million.
Some banks urged an exemption for ``small loans'' under $25,000,
asserting a need to help institutions, especially smaller institutions,
keep compliance costs down and ensure these credit products remain
available to the small and agricultural businesses who need them most.
Some industry commenters, including several credit union trade
associations, requested an exemption for credit transactions under
$50,000. A few commenters argued such an exemption was needed for
consistency with National Credit Union Administration regulations,
which impose a $50,000 threshold for reporting member business loans.
Two credit union trade associations argued that failing to exempt such
loans would reduce their availability and also reflects a substantial
underestimation of the full impact of the proposed covered financial
institution threshold. Several trade associations also recommended the
Bureau permit voluntary reporting of loans below $50,000. A bank stated
that a $50,000 threshold would result in a significant improvement that
would still allow the Bureau to obtain meaningful data. Another bank
maintained that this exclusion was needed to reduce compliance burdens
related to small loans that are not profitable but that are important
to communities. On the other hand, another commenter stressed the
importance of supporting access to microloans for financing start-up or
growth and suggested separating microloans ($50,000 or less) into a
separate category.
A few industry commenters suggested exempting loans under $100,000.
These commenters generally argued that such an exemption was needed to
keep the cost of loan origination lower for small dollar borrowers,
thereby helping to make more borrowers eligible for credit. Several
industry commenters urged the Bureau adopt a minimum transaction amount
threshold, without specifying a dollar amount. One of these commenters
noted that, due to price inflation, $100,000 would be too small of an
amount for such a threshold and that if a threshold were established,
it would need to be per loan and not cumulative.
For the reasons set forth herein, the Bureau is not adopting an
exemption for credit transactions below a certain dollar threshold. At
the time of the Federal Reserve Banks' 2021 survey of employer firms,
60 percent of employer firms had $100,000 or less in outstanding debt,
with 48 percent of such firms holding $50,000 or less in outstanding
debt.\479\ According to SBA data, more than 87 percent of Paycheck
Protection Program loans in 2021 were loans of $50,000 and below,\480\
and approximately 20 percent of SBA 7(a) loans between 2010 and 2019
were in amounts less than $25,000. In terms of industry adoption of
minimum loan amount thresholds, research by the FDIC shows that only a
small share (14.8 percent) of small banks require a minimum loan amount
for their top loan product to small businesses, compared with a
majority (69.8 percent) of large banks.\481\ Moreover, as discussed in
the section-by-section analysis of Sec. 1002.106(b)(1), the Bureau
believes that loan size a poor proxy for small business size--in fact,
FDIC staff found ``at least $19.1 billion in gross understatement of
small business lending (in which small businesses with less than $1
million in gross annual revenue received loans with amounts greater
than $1 million).'' \482\ Based on this information, the Bureau does
not believe that adopting a minimum transaction amount threshold would
further the purposes of section 1071 because it would exclude
substantial portions of small business lending.
---------------------------------------------------------------------------
\479\ 2022 Small Business Credit Survey at 13.
\480\ Small Bus. Admin., PPP Report: Approvals through 05/31/
2021, https://www.sba.gov/sites/default/files/2021-06/PPP_Report_Public_210531-508.pdf.
\481\ Small Business Lending Survey at 44, https://www.fdic.gov/bank/historical/sbls/full-survey.pdf.
\482\ Fed. Deposit Ins. Corp., Measurement of Small Business
Lending Using Call Reports: Further Insights From the Small Business
Lending Survey, at 7 (July 2020), https://www.fdic.gov/analysis/cfr/staff-studies/2020-04.pdf.
---------------------------------------------------------------------------
Vehicle financing. One bank urged the Bureau to specify that any
motor vehicle financed in the first instance by retail motor vehicle
dealers are deemed consumer loans and thus exempt. A vehicle leasing
trade association also suggested that vehicle financing was so similar
to consumer lending that it should be exempt from section 1071
reporting requirements.
The Bureau is not categorically exempting business-purpose vehicle
financing, even though it may often be offered alongside consumer-
purpose credit. Per existing comment 2(g)-1, the test for deciding
whether a transaction qualifies as business credit is one of primary
purpose. Where a small business applies for vehicle financing primarily
for business or commercial (including agricultural) purposes from a
covered financial institution, the transaction is reportable. For a
broader discussion of vehicle financing with respect to reporting
obligations where multiple financial institutions are involved in a
covered credit transaction, see the section-by-section analysis of
Sec. 1002.109(a)(3).
Letters of credit. A bank asked the Bureau to clarify if letters of
credit are covered credit transactions for purposes of section 1071,
and if they are, this commenter also recommended that the Bureau
exclude these types of transactions from reporting.
The Bureau understands that letters of credit products are
primarily used in the international trade context. Generally, a letter
of credit is an instrument issued by a bank that promises, upon the
presentation of certain documents and/or satisfaction of certain
conditions, to direct payment to a beneficiary of the instrument.
Letters of credit are often presented by buyers of goods who seek to
postpone payment until their goods have been received. Some letters of
credit are secured by a promissory note and are converted if the
customer fails to pay.
ECOA and Regulation B do not address letters of credit. Regulation
Z excludes letters of credit under its comment 2(a)(14)-1.vi. In
finalizing this exclusion, the Board stated that ``[i]ssuance of
letters of credit and execution of option contracts are not extensions
of credit, although there may be an extension of credit when the letter
of credit is presented for payment or the option is exercised, if there
is a deferral of the payment of a debt at that
[[Page 35246]]
time.'' \483\ The Bureau agrees with the Board's assessment of these
products and believes that a letter of credit is not credit under ECOA.
Thus, the Bureau is not covering letters of credit under the final
rule.
---------------------------------------------------------------------------
\483\ 46 FR 20848, 20851 (Apr. 7, 1981).
---------------------------------------------------------------------------
Government programs. Some industry commenters urged the Bureau to
exempt government lending programs (such as the Paycheck Protection
Program) and/or government sponsored/guaranteed loans (such as USDA
loans), arguing that inclusion would discourage participation. One also
argued that the fact that the fees and interest rates for Paycheck
Protection Program loans were set by Congress, meant there was a
reduced risk of discriminatory lending practices related to terms of
the credit transaction. Another suggested that 1071 data collection and
reporting was not required because many government programs already
collected similar information. A few commenters specifically
recommended exempting SBA lending programs, particularly section 504
loans.
The Bureau has considered these comments but is not categorically
exempting credit transactions originated by, sponsored by, facilitated
by, or guaranteed by government entities. According to one source,
there are 65 government-sponsored, grants, loans, and programs that may
benefit small businesses.\484\ The Bureau understands that many small
businesses rely on government programs for credit and believes that
excluding such credit in this final rule would not further either of
section 1071's statutory purposes.
---------------------------------------------------------------------------
\484\ U.S. Chamber of Com., 65 Grants, Loans and Programs to
Benefit Your Small Business (Nov. 17, 2022), https://www.uschamber.com/co/run/business-financing/government-small-business-grant-programs.
---------------------------------------------------------------------------
C-PACE loans. A trade association of Commercial Property Assessed
Clean Energy (C-PACE) loan providers requested an exemption due to
purportedly unique features of C-PACE loans, such as prior approval by
the local government, absence of acceleration, lack of control over the
identity of the obligor, and absence of private remedies.
C-PACE programs generally allow commercial property owners, which
could include small businesses, to receive financing to fund clean-
energy, seismic strengthening, or water conservation improvements to
their properties. The financial obligation arises from voluntary
contract. Various private companies appear to play a significant role
in financing, originating, and administering C-PACE transactions. Under
State law, C-PACE is an assessment that appears on businesses' property
tax bills. Although the commercial property owner signs the financing
agreement, it is typically not a personal liability of the commercial
property owner, and the obligation will stay with the property until
fully paid. C-PACE is secured by a super-priority lien on the
property--if the property is sold through foreclosure, C-PACE (like a
regular property tax lien) is first in line to receive any proceeds
from the sale even if a mortgage was on the property first. The Bureau
understands that typically, only the arrearage on the C-PACE lien gets
paid off in foreclosure, and the rest of the C-PACE indebtedness
remains with the property after foreclosure.
While publicly available data on C-PACE programs appear to be
limited, the Bureau understands that these programs are growing in
popularity; \485\ excluding these loan products from the requirements
of this rule would result in incomplete data about the relevant markets
and would thus not advance section 1071's business and community
development purpose.
---------------------------------------------------------------------------
\485\ See, e.g., Greenworks Lending, C-PACE Financing Sees
Massive Growth Nationally: What you should know about this
alternative development financing mechanism (June 7, 2021), https://commercialobserver.com/2021/06/c-pace-financing-sees-massive-growth-nationally/.
---------------------------------------------------------------------------
The Bureau is not excluding C-PACE financing arrangements from
reporting under section 1071, as requested by one commenter. Based on
its understanding of typical C-PACE financing arrangements and its
expertise with respect to the nature of credit transactions, the Bureau
believes that the term ``credit'' under ECOA and final Sec.
1002.102(i) encompasses these products. Under a C-PACE financing
arrangement, there is (1) a ``debt'' in the form of an obligation to
pay for the cost of property upgrades and (2) a right to defer payment
on that obligation for a term. Similarly, there is (1) a ``purchase[]
[of] property or services'' in the form of property upgrades, and (2) a
right to defer payment on the property or services. The borrower enters
into C-PACE financing through a voluntary transaction. That the parties
agree that payment will be made through an assessment through the
property tax system does not change the Bureau's analysis. ECOA (and
Regulation B) do not specify a particular vehicle or form of payment
for a transaction to constitute credit, nor do they limit the form of
obligation. The Bureau is not specifically defining C-PACE financing
arrangements in the rule because the Bureau believes these products are
covered by the definition of ``credit'' in final Sec. 1002.102(i).
Finally, in the Bureau's judgment, an exclusion of C-PACE loans--
whether by interpretation or by granting an exception--would not
further the fair lending and the business and community development
purposes of section 1071.\486\ This is for three independent reasons.
First, while the Bureau understands that C-PACE financing may present
less fair lending risk compared to some other products because such
financing is based on the value of the property, not the
creditworthiness of the obligor (who can change along with ownership of
the property), the Bureau does not believe that is a sufficient reason
by itself to exclude C-PACE lending from coverage under this final
rule. Section 1071 is not limited to those products with the highest
fair lending risk. Second, the Bureau does not agree that data
collection to provide additional insight into the product is
unnecessary. Third, and most significantly, including C-PACE loans
should create a more level playing field across financial institutions
that provide construction financing to small businesses as well as
create a dataset that better reflects demand for such financing by the
smallest and most vulnerable businesses.
---------------------------------------------------------------------------
\486\ ECOA section 704B(a).
---------------------------------------------------------------------------
Overdraft lines of credit. In its NPRM, the Bureau did not address
overdraft lines of credit other than asking whether they should be
listed as a credit product separate from other lines of credit. The
Bureau received one comment urging exclusion of overdraft lines of
credit on the grounds that their inclusion would significantly expand
the data collection requirements for small business deposit account
applications since most such deposit accounts have an option to obtain
an overdraft line of credit. This commenter also argued that collecting
data on overdraft lines of credit would not further section 1071's
purpose of preventing discrimination against small business credit
applicants because banks conduct little, if any, underwriting when
extending overdraft lines of credit on small business deposit accounts.
The Bureau is not categorically exempting overdraft lines of credit
but notes that they are reportable only where there is an
``application'' under Sec. 1002.103. Providing occasional overdraft
services as part of a deposit account offering would not be reported
for the purpose of subpart B pursuant to new comment 107(a)(6)-8.
[[Page 35247]]
Voluntary Reporting
Absent a specific requirement to collect protected demographic data
(such as in section 1071), ECOA generally blocks collection of such
demographic data in connection with an application for credit. The
Bureau sought comment on whether financial institutions should be
permitted to voluntarily collect and report applicants' protected
demographic information for transactions such as leases (due to the
practical difficulty cited by some stakeholders of distinguishing
leases from loans), consumer-designated credit (when financial
institutions have reason to believe the credit might be used for
business purposes), and real estate investment loan transactions that
are secured by non-owner occupied 1-4 dwelling unit properties pursuant
to proposed Sec. 1002.109.
The Bureau received comments from community groups and trade
associations on this aspect of the proposal. A number of community
groups stated that the Bureau should permit voluntary reporting on
leases and factoring to have the most comprehensive data on the small
business financing market as it relates to minority entrepreneurs. A
community group purporting to address the proposed amendments to
existing Sec. 1002.5(a)(4) commented that the Bureau should permit
voluntary collection not only by financial institutions not covered by
the rule, but also should permit covered financial institutions to
collect data on consumer credit used to fund small businesses.
The Bureau did not receive any industry comments expressing an
interest in being able to voluntarily report non-covered products. In
fact, a few trade associations and a business advocacy group expressly
opposed such voluntary reporting. One trade association argued against
voluntary reporting of non-covered transactions, citing concerns about
the quality of data collected and the creation of an uneven playing
field among financial institutions that would contribute to
misinterpretations of the data by observers. Two other commenters also
argued against the voluntary reporting of consumer-designated credit
used for business purposes, asserting that such reporting would create
confusion, introduce the possibility of error, and put financial
institutions in a position to question their members' intentions.
For the reasons set forth herein, the Bureau is finalizing its
approach to not permit voluntary reporting of non-covered products. The
Bureau sought comment on voluntary reporting to address a potential
pain point for industry but heard no industry interest in such a
solution. The Bureau thus finds it unnecessary to change the proposed
section 1071 collection system to receive data on such non-covered
products. However, as discussed in the section-by-section analysis of
Sec. 1002.112(c)(3), the Bureau is adopting a catch-all safe harbor
that will protect financial institutions who encounter the underlying
situation that voluntary reporting was intended to address.
Specifically, that safe harbor will address situations where a
financial institution has a reasonable basis--at the time of collecting
the protected demographic information required by this rule--to believe
there is a covered application and that data collection is necessary,
including situations in which it later determines that the transaction
is not in fact reportable (because the ultimate transaction is not a
covered product, the business is not small, or there is otherwise not a
covered application).
Section 1002.105 Covered Financial Institutions and Exempt Institutions
ECOA section 704B(h)(1) defines the term ``financial institution''
as ``any partnership, company, corporation, association (incorporated
or unincorporated), trust, estate, cooperative organization, or other
entity that engages in any financial activity.'' The Bureau is
finalizing a definition of financial institution in Sec. 1002.105(a)
consistent with that statutory language. The Bureau is defining a
covered financial institution in Sec. 1002.105(b) as a financial
institution that originated at least 100 covered credit transactions
from small businesses in each of the two preceding calendar years. Only
those financial institutions that meet this loan-volume threshold in
the definition of a covered financial institution would be required to
collect and report small business lending data pursuant to proposed
subpart B.
The Bureau's definitions reflect the broad nature of the data
collection specified in section 1071, while recognizing the risks that
financial institutions with the lowest volume of small business lending
might limit their small business lending activity because of the fixed
costs of coming into compliance with this rule.
The Bureau is finalizing Sec. 1002.105 to implement ECOA section
704B(h)(1) and pursuant to its authority under 704B(g)(1) to prescribe
such rules and issue such guidance as may be necessary to carry out,
enforce, and compile data pursuant to section 1071. The Bureau is also
finalizing Sec. 1002.105(b) pursuant to its authority under 704B(g)(2)
to conditionally or unconditionally exempt any financial institution or
class of financial institutions from the statute's requirements, as the
Bureau deems necessary or appropriate to carry out the purposes of
section 1071. The Bureau is finalizing these provisions and using its
exemption authority under 704B(g)(2) for the reasons set forth below.
105(a) Financial Institution
Proposed Rule
ECOA section 704B(h)(1) defines the term ``financial institution,''
for purposes of section 1071, as ``any partnership, company,
corporation, association (incorporated or unincorporated), trust,
estate, cooperative organization, or other entity that engages in any
financial activity.'' Existing Regulation B, which implements ECOA, has
not otherwise defined this term.
Proposed Sec. 1002.105(a) would have restated the statutory
definition of a financial institution as any partnership, company,
corporation, association (incorporated or unincorporated), trust,
estate, cooperative organization, or other entity that engages in any
financial activity. The Bureau believed that this definition reflects
the broad nature of small business lending data collection specified in
section 1071. Under such a definition, the rule's data collection and
reporting requirements would apply to a variety of entities that engage
in small business lending, including depository institutions (i.e.,
banks, savings associations, and credit unions),\487\ online lenders,
platform lenders, CDFIs, Farm Credit System lenders, lenders involved
in equipment and vehicle financing (captive financing companies and
independent financing companies), commercial finance companies,
governmental lending entities, and nonprofit, nondepository lenders.
---------------------------------------------------------------------------
\487\ Throughout this document, the Bureau is using the term
depository institution to mean any bank or savings association
defined by the Federal Deposit Insurance Act, 12 U.S.C. 1813(c)(1),
or credit union defined pursuant to the Federal Credit Union Act, as
implemented by 12 CFR 700.2. The Bureau notes that the Dodd-Frank
Act defines a depository institution to mean any bank or savings
association defined by the Federal Deposit Insurance Act; there,
that term does not encompass credit unions. 12 U.S.C. 5301(18)(A),
1813(c)(1). To facilitate analysis and discussion, the Bureau is
referring to banks and savings associations together with credit
unions as depository institutions throughout this rulemaking, unless
otherwise specified.
---------------------------------------------------------------------------
The Bureau noted that the broad scope of what may be considered a
``financial activity'' in the proposed
[[Page 35248]]
definition of financial institution would not be the principal
determinative factor as to whether small business lending data
collection and reporting is required; the proposed definition of a
covered financial institution, the proposed definition of a covered
application, and the proposed definition of a covered credit
transaction, among others, all would impose limits on what entities
could be subject to the rule's data collection and reporting
requirements.
Proposed comment 105(a)-1 would have provided a list of examples of
entities that may fit within the definition of a financial institution.
This proposed comment would have made clear that nonprofit and
governmental entities, governmental subdivisions, or governmental
agencies, among others, who conduct financial activity fit within the
definition of a financial institution. Proposed comment 105(a)-2 would
have referred to proposed Sec. 1002.101(a) to reiterate the statutory
exclusion for motor vehicle dealers.
The Bureau sought comment on this proposed definition of a
financial institution, and generally requested comment on whether
additional clarification is needed.
Comments Received
A broad range of commenters, including lenders, trade associations,
community groups, and business advocacy groups, expressed support for
the Bureau's proposed general definition of financial institution. A
number of commenters stated that it is an appropriately broad
definition that captures a wide variety of lenders, including online
lenders, platform lenders, lenders involved in equipment and vehicle
financing, and commercial finance companies. Commenters asserted that a
broad definition will yield meaningful data. Several commenters noted
that capturing a broad array of lenders is essential for achieving the
objectives of section 1071 and that a broad definition is important for
regulatory parity. Other commenters stated that there should be no
exceptions permitted for certain types of lenders and a community group
stated that missing any segment of lending risks encouraging abusive
lending institutions to violate fair lending laws. One trade
association expressed opposition to the proposed definition, however,
arguing that it is too broad because it includes captive vehicle
finance partners.
Several commenters agreed that the rule must apply to government
lenders, with one commenter specifically requesting inclusion of the
Farm Service Agency. An association urged the Bureau to include as
examples in the rule the largest Federal, State, and municipal lending
programs.
Another trade association stated that SBA certified development
companies are certified and regulated by the SBA, and the SBA already
collects application information that includes the data points that the
Bureau proposes to collect. The commenter further asserted that
reproducing these data will likely incur significant one time and
ongoing compliance costs. In contrast, a bank stated that data shows
that the performance levels of the SBA and the lenders participating in
their programs has produced dismal results, permitting some lenders to
enjoy ``preferred'' lender status while not delivering loans to
disadvantaged communities. Moreover, two commenters urged the Bureau to
work with other government agencies to ensure that existing reporting
is leveraged where possible.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.105(a) and its associated commentary as proposed. The Bureau
emphasizes that the list of examples of entities in comment 105(a)-1 is
not exhaustive and that other entities not specifically described may
nonetheless fit within the definition of a financial institution under
Sec. 1002.105(a). The Bureau agrees with commenters that governmental
lenders should be covered by the rule. As explained in the proposed
rule, the Bureau interprets the statute to include government entities
in the definition of financial institution. The definition of the term
``financial institution'' in ECOA section 704B(h)(1) includes the
phrase ``or other entity.'' That term readily encompasses governments
and government entities. Even if the term ``or other entity'' were
ambiguous, the Bureau believes--based on its expertise and experience--
that interpreting it to encompass governments and government entities
promotes the purposes of section 1071.
For example, the Bureau believes that it will be helpful to
identify the business and community development needs and opportunities
of small businesses, including those that are women-owned, minority-
owned, and LGBTQI+-owned, by collecting lending data from both a
county-run assistance program for establishing new businesses and
financial institutions that operate nationwide, like online lenders.
The Bureau also believes that the terms ``companies'' or
``corporations'' under the definition of ``financial institution'' in
ECOA section 704B(h)(1), cover all companies and corporations,
including government-owned or -companies and corporations. And even if
those terms were ambiguous, the Bureau believes--based on its expertise
and experience--that interpreting them to cover government-owned or -
companies and corporations advances the purposes of section 1071,
particularly the business and community development purpose, as it will
more accurately capture demand for credit.
The Bureau is not, however, listing specific examples of covered
governmental lenders/programs in the rule. The Bureau does not believe
such a list is necessary, and inclusion of a specific list could cause
confusion if the listed programs (or those lenders' loan volumes) were
to change.
In response to commenters who raised potential overlap with other
reporting regimes, see part V.D.3 for a detailed discussion of this
issue.
Commenters' requests for specific exclusions, such as for captive
vehicle finance partners, are discussed in the section-by-section
analysis of Sec. 1002.105(b) below.
105(b) Covered Financial Institution
Background
Throughout the rulemaking process, the Bureau has received requests
to adopt a variety of exemptions from collection and reporting
requirements under section 1071. Reasons cited have included
discouraging market disruption, ensuring data quality, alleged lack of
materiality of data from smaller lenders that rarely make small
business loans, and lack of capacity by the lenders sufficient to
justify small business lending as a line of business in light of the
cost of complying with the rule.
As detailed below, the Bureau is adopting an activity-based
exemption. The Bureau defines a covered financial institution in Sec.
1002.105(b) as a financial institution that originated at least 100
covered credit transactions from small businesses in each of the two
preceding calendar years. Only those financial institutions that meet
this loan-volume threshold in the definition of a covered financial
institution will be required to collect and report small business
lending data under this rule. The final rule does not include
categorical exemptions for particular types of institutions from
coverage, but the Bureau notes that its Regulation B does not apply to
motor vehicle dealers.\488\
---------------------------------------------------------------------------
\488\ Regulation B does not apply to a person excluded from
coverage by section 1029 of the Consumer Financial Protection Act of
2010, title X of the Dodd-Frank Wall Street Reform and Consumer
Protection Act, Public Law 111-203, 124 Stat. 1376, 2004 (2010).
---------------------------------------------------------------------------
[[Page 35249]]
Proposed Rule
Activity-based exemption. In the SBREFA Outline, the Bureau stated
that it was considering whether only financial institutions that engage
in a certain amount of small business lending activity should be
required to collect and report 1071 data.\489\ The Bureau explained
that in light of section 1071's potentially broad application to
financial institutions, an activity-based test to determine reporting
responsibility might be appropriate. In particular, the Bureau
expressed concern that financial institutions with the lowest volume of
small business lending might limit their small business lending
activity because of the fixed costs of coming into compliance with the
rule. The Bureau stated that this result could be contrary to the
community development purpose of section 1071.
---------------------------------------------------------------------------
\489\ SBREFA Outline at 12-13.
---------------------------------------------------------------------------
In the NPRM, the Bureau stated that it believed that an activity-
based threshold would provide a simple basis for financial institutions
that infrequently lend to small businesses to determine whether they
have conducted sufficient lending activity as to be required to collect
and report data under proposed subpart B. The Bureau believed that
furnishing a dual activity-based and asset-based threshold, under which
infrequent lenders must ascertain both measurements to determine
whether reporting may be required, would cut against the goal of
simplifying the rule as lenders would then have to track two metrics,
not one. The Bureau believed that a dual threshold would create more
regulatory complexity as compared to only tracking total annual small
business originations.
In particular, the Bureau believed that a primary advantage of an
activity-based threshold--ease of compliance--would be undermined if
the Bureau were to implement a complex, dual threshold eligibility
test. The Bureau wished to ensure that infrequent lenders were not
incurring significant undue compliance costs, particularly while not
reporting data. In general, tracking two thresholds is more complex
than tracking one. The Bureau believed it is also more likely that
financial institutions are already tracking total originations. The
Bureau believed that proposing an activity-based threshold that employs
data already generally collected by financial institutions could
mitigate the risk that section 1071, when implemented, would result in
reduced access to credit.
Activity threshold level. Proposed Sec. 1002.105(b) would have
defined a covered financial institution as a financial institution that
originated at least 25 covered credit transactions for small businesses
in each of the two preceding calendar years. Only those financial
institutions that meet this loan-volume threshold in the definition of
a covered financial institution would be required to collect and report
small business lending data pursuant to subpart B.
The Bureau believed this definition would facilitate compliance by
describing which financial institutions are required to collect and
report small business data. The Bureau also proposed commentary to
accompany proposed Sec. 1002.105(b). In general, the Bureau believed
that fulfilling the purposes of section 1071 necessitates collecting
small business lending data from all sizes and types of financial
institutions (other than those with a low volume of lending activity),
particularly given the variety of entities identified in ECOA section
704B(h)(1). The Bureau proposed to exempt certain financial
institutions from its small business lending rule because it remained
concerned that financial institutions with the lowest volume of small
business lending might limit their small business lending activity due
to the fixed costs of coming into compliance with the rule. That type
of market disruption could run contrary to the business and community
development purpose of section 1071. Section 1071 describes its
community development purpose as ``enabl[ing] communities, governmental
entities, and creditors to identify business and community development
needs and opportunities of women-owned, minority-owned, and small
businesses.'' \490\ In the Bureau's view, ensuring that business and
community development opportunities could be met as well as identified
supported the Bureau's use of its exemption authority under 704B(g)(2)
here.
---------------------------------------------------------------------------
\490\ ECOA section 704B(a).
---------------------------------------------------------------------------
The Bureau proposed to set the activity-based threshold based on
small business originations, rather than applications. The statutory
language of section 1071 generally applies to applications; however,
the Bureau believed that using small business originations for purposes
of defining a covered financial institution is the better approach. The
Bureau expected that financial institutions track their small business
application volumes in various ways, but whether an origination
resulted was a clear and readily identifiable metric. Using an
exemption metric based on applications would have imposed new
obligations on financial institutions solely for purposes of
determining whether or not they are subject to this rule. As discussed
above, the Bureau believed that proposing an activity-based threshold
that employed data already generally collected by financial
institutions could mitigate the risk that section 1071, when
implemented, would result in reduced access to credit. In addition,
even those financial institutions that track total applications now may
not do so in a way that fully aligns with how the Bureau proposed to
define covered applications for purposes of proposed subpart B. Using
the number of originations, as opposed to applications, for an
activity-based threshold was also consistent with the Bureau's
Regulation C.
The Bureau proposed to clarify in Sec. 1002.105(b) that for
purposes of defining a covered financial institution, if more than one
financial institution was involved in the origination of a covered
credit transaction, only the financial institution that made the final
credit decision approving the application shall count the origination.
The Bureau believed that providing this clarifying language would
assist financial institutions in understanding which transactions count
towards the loan-volume threshold. This approach was consistent with
the Bureau's proposed Sec. 1002.109(a)(3).
Proposed comments 105(b)-4 and -5 would have explained when a
financial institution was a covered financial institution following a
merger or acquisition. These proposed comments were largely consistent
with the Bureau's approach to reporting obligations surrounding a
merger under Regulation C,\491\ with modifications to reflect the
nature of the small business lending market and to provide additional
clarifications.
---------------------------------------------------------------------------
\491\ See Regulation C comments 2(g)-3 and -4.
---------------------------------------------------------------------------
Proposed comment 105(b)-6 would have clarified that Regulation B
(including proposed subpart B) generally did not apply to lending
activities that occur outside the United States.
Finally, proposed comment 105(b)-7 would have addressed financial
institutions that do not qualify as covered financial institutions but
may nonetheless wish to voluntarily collect and report small business
lending data. This proposed comment would have reiterated that proposed
[[Page 35250]]
Sec. 1002.5(a)(4)(vii) through (ix) permitted a creditor that was not
a covered financial institution under proposed Sec. 1002.105(b) to
voluntarily collect and report information regarding covered
applications in certain circumstances. If a creditor is voluntarily
collecting applicants' protected demographic information for covered
applications, it shall do so in compliance with proposed Sec. Sec.
1002.107, 1002.108, 1002.111, 1002.112, and 1002.114 as though it were
a covered financial institution. Proposed comment 105(b)-7 would have
further stated that if a creditor was voluntarily reporting those
covered applications to the Bureau, it shall do so in compliance with
proposed Sec. Sec. 1002.109 and 1002.110 as though it were a covered
financial institution.
The Bureau sought comment on its proposed 25 originations threshold
incorporated into the definition of a covered financial institution.
The Bureau also solicited comment on whether this threshold should
alternatively be set at 50 or 100 covered credit transactions. In
addition, the Bureau sought comment on whether an activity-based
threshold should be based on the total number of small business
applications, rather than originations. The Bureau also requested
comment on whether additional clarification was needed for this
proposed definition.
Two-year threshold measurement period. The Bureau proposed to
define a covered financial institution using a loan-volume threshold
that must be achieved in each of the two preceding calendar years.
The Bureau acknowledged that a loan-volume threshold based on a
two-year period could create some operational complexity for some
financial institutions. To be sure that it was not a covered financial
institution, a financial institution would need to maintain records
sufficient to show total small business originations for both years of
the threshold period. The Bureau believed that two years was not a
prohibitively long time, although it is possible that infrequent
lenders may have smaller staff or fewer resources to reliably track
such information for section 1071's purposes. The Bureau believed that
a two-year threshold period was advisable to eliminate uncertainty
surrounding data collection responsibilities. Under this proposal, a
financial institution that may not frequently lend to small businesses,
but that experiences an unusual and unexpectedly high lending volume in
a single year would not be a covered financial institution. As
discussed in part VIII below, in order to comply with the Bureau's
rule, a financial institution may need to undertake substantial one-
time costs that include operational changes, such as staff training,
information technology changes, and develop policies and procedures.
Therefore, the Bureau believed it appropriate to propose a two-year
threshold period to provide more stability around reporting
responsibilities. Regulations that implement HMDA and the Community
Reinvestment Act provide similar periods to determine coverage.
The Bureau noted that employing a two-year approach would delay
reporting for new, potentially active entrants. For example, under this
proposal a large lender that enters the market and originates hundreds
or even thousands of small business loans in its first two calendar
years of lending would not report its covered applications. That is,
under the Bureau's proposal, this financial institution would not be
required to collect and report data on its covered applications for
small businesses in those first two years, although the institution
could choose to voluntarily collect and report data. The Bureau
recognized, however, that triggering data collection and reporting
requirements based on lenders' estimates of their projected future
volume could be challenging to implement.
The proposed two-year threshold period could pose other challenges
for financial institutions that conduct small business lending activity
near the proposed 25 small business originations threshold. See the
section-by-section analysis of Sec. 1002.5(a)(4) above for a
discussion of Sec. 1002.5(a)(4)(viii), which would allow a financial
institution to collect ethnicity, race, and sex information pursuant to
proposed subpart B for a covered application under certain
circumstances during the second year of the threshold period. See the
section-by-section analysis of Sec. 1002.114(c)(2) below for
discussion of additional flexibility that the Bureau is finalizing
regarding measuring lending activity prior to the rule's compliance
date.
Proposed comment 105(b)-1 would have clarified the meaning of a
preceding calendar year for purposes of the proposed activity-based
threshold. See the section-by-section analysis of Sec. 1002.114(c)(3)
below for additional discussion regarding measuring lending activity
prior to the rule's compliance date. Proposed comment 105(b)-2 would
have emphasized that a financial institution qualifies as a covered
financial institution based on total covered credit transactions
originated for small businesses, rather than covered applications
received from small businesses. Proposed comment 105(b)-3 would have
explained that whether a financial institution is a covered financial
institution depends on its particular small business lending activity
in the two preceding calendar years, and that the obligations of a
covered financial institution is an annual consideration for each year
that data may be compiled and maintained under proposed Sec.
1002.107(a).
Other requested exemptions. The Bureau did not propose to adopt
alternative exemptions or exceptions to the definition of covered
financial institution, other than the loan-volume threshold as
described above.
With respect to government lenders, in the proposal the Bureau
stated that it has not identified, nor did small entity representatives
or other stakeholders provide, policy or legal rationales for excluding
government lenders from the rule. The Bureau believed that collecting
information on small business lending by government entities furthered
the purposes of section 1071. Moreover, the Bureau believed, as
described above in the discussion of proposed comment 105(a)-1, that
government entities were included within the phrase ``other entity'' in
the ECOA section 704B(h)(1) definition of ``financial institution.''
For example, the Bureau believed that it would be helpful to identify
the business and community development needs of women-owned, minority-
owned, and small businesses by collecting lending data from both an
online lender and a county-run assistance program for establishing new
businesses.
For the same reasons, the Bureau did not believe that exempting
not-for-profit lenders from data collection was consistent with the
purposes of section 1071. The Bureau believed that organizations exempt
from taxation pursuant to 26 U.S.C. 501(c) play a crucial role in
lending to small businesses, particularly those that are women- or
minority-owned, in certain communities.
With respect to the concern that certain financial institutions may
encounter difficulty absorbing compliance costs, the Bureau believed
that directly considering a financial institution's activity is a more
appropriate way to address this concern and not a categorical
exemption. With respect to a financial institution's lending importance
for a community or region (such as low income or rural) as a reason to
include categorical exemptions, the Bureau believed that
[[Page 35251]]
such arguments emphasize the importance of collecting and analyzing
such data to further the purposes of section 1071 rather than justify
an exemption. Finally, with respect to the concern that certain
business models or products are not conducive to data collection or
reporting, the Bureau believed it would most appropriately address such
concerns by providing clarification regarding how reporting rules apply
to certain covered credit transactions and also not covering certain
transactions. See the section-by-section analyses of Sec. Sec.
1002.104(b) and 1002.109(a)(3). The Bureau proposed comment 105(a)-1,
discussed above, consistent with the considerations discussed here.
Therefore, for the reasons described above, the Bureau did not
propose to define a covered financial institution by providing
alternative exemptions or exceptions. The Bureau sought comment on this
approach, including data or information that might bear upon any such
alternative exemptions in light of section 1071's purposes.
Comments Received
Commenters expressed a variety of perspectives with respect to the
Bureau's proposal regarding potential exemptions. Feedback from most
industry commenters generally was in support of exempting certain
financial institutions from data collection and reporting obligations.
Most feedback in support of pursuing exemptions focused on the
potential burden of new regulatory requirements, with some commenters
cautioning that collection and reporting obligations could lead to an
increase in the cost of credit and could cause lenders to exit the
market. A few commenters connected these potential costs with section
1071's purpose of identifying business and community development needs
and opportunities (chiefly arguing that costs might lead to higher
costs of lending or lower lending volume), or otherwise expressed a
general belief that some exemptions were consistent with statutory
purposes. In addition, many commenters, mostly community groups, urged
caution with respect to the extent of any such exemptions, arguing that
not capturing a significant amount of small business lending data would
run contrary to the general purposes of section 1071.
Activity-based exemption. Many commenters supported the general
concept of an activity-based threshold. A large bank asserted that an
origination-based approach would ensure that collected data represents
a comprehensive view of the small business lending landscape. A few
commenters stated that a clear, bright line rule is helpful, and that
an activity threshold is relatively simple for low-volume lenders to
apply. Moreover, two commenters said that an activity threshold creates
a level playing field, while a CDFI lender stated that such an approach
will ensure that the Bureau captures data from lenders that are small
in asset size but active in small business lending. Two commenters,
however, noted that some lenders may not currently track applicant GAR
and this may somewhat increase burden of counting originations to small
businesses.
A community group urged the Bureau to guard against evasion of the
activity-based threshold through the creation of subsidiaries, stating
that the Bureau should include a rule that for the purposes of
determining the loan threshold, loans are counted at the parent
institution or holding company level.
A number of commenters opposed an activity-based threshold. Two
banks stated that it was confusing because the threshold is only for
originations, yet all applications are reported. One of the banks
stated that a financial institution may not know whether it would meet
the threshold until very close to the reporting period, while another
bank stated it may be difficult to know which loans are covered for
purposes of determining loan activity.
Several industry commenters asserted that an activity-based
threshold is not a good metric for banks, with several banks suggesting
that an asset-size coverage definition would be more straightforward
and consistent. Commenters explained that lending varies each year,
while assets are more predictable and forecastable. A few community
banks stated that an activity-based threshold based solely on
originations is misguided and results in a one-size-fits-all exemption
that disregards the unique characteristics that exist in communities
across the country, resulting in reduced access to credit. Several
industry commenters stated that an activity-based threshold could
encourage lenders to deny applications or reduce their lending to stay
under the threshold. Additionally, several commenters noted that some
lenders near the threshold may go back and forth between being covered
or not.
Counting originations. Several lenders, trade associations, and a
community group, expressed support for counting originations, not
applications, for determining coverage. The community group asserted
that this approach is consistent with CRA and HMDA.
A few commenters provided feedback on how originations should be
counted for purposes of determining the threshold. A trade association
asserted that all Paycheck Protection Program loans and similar future
government programs should be exempt from the originations threshold.
In addition, two commenters stated that additional credit amounts, such
as line increases, should not count as a separate credit product for
purposes of counting originations for the threshold. One noted that
very small businesses may request multiple line increases in a year.
Activity threshold level. The Bureau received a large number of
comments regarding the activity threshold level from a range of
stakeholders, including lenders and community groups. Many community
groups and some industry commenters, including community-oriented
lenders and a few large banks, along with a minority business advocacy
group and several members of Congress, supported the proposed 25 loan
threshold, citing its broad coverage. Commenters stated that the
proposed threshold allows for coverage of banks, nondepository lenders,
``fintech'' lenders, CDFIs, and other types of financial institutions.
A community-oriented lender argued that gathering data from small
business lenders or all types and sizes is critical, given that
entrepreneurs of color are less likely to be approved for capital by
banks, often turning to alternative lenders as a result. Another
commenter stated that even a 25-origination lender will have
substantial data with respect to adverse actions or declinations, up to
four times as much.
Commenters asserted that this threshold was an appropriate approach
to excluding de minimis lenders, was simple to apply, and would yield
meaningful data collection. A few commenters argued that the activity
threshold should not be increased above 25 loans, given the Bureau's
estimated costs of compliance. Some commenters cited similarities to
the 2015 HMDA rule, with one commenter further asserting that when the
HMDA threshold was raised, certain lenders no longer reported data.
Commenters asserted that gathering robust lending data will ensure that
the rule implementing section 1071 is fulfilling the statutory purposes
and community development organizations need sufficient data that cover
enough of the market. In addition, one commenter urged a 10-loan
threshold, asserting that is the minimum threshold that is necessary to
change lending behavior
[[Page 35252]]
and improve access to capital for Black business borrowers. This
commenter further asserted that all regulated financial institutions
that maintain FDIC deposit insurance should report their small business
lending results.
Many commenters, including community groups, community-oriented
lenders, individual commenters, and a business advocacy group,
emphasized that section 1071's statutory purposes could be frustrated
if the threshold were increased. Commenters argued that it would be
impossible to meet the statutory purposes of the rule unless most of
the market is covered. A commenter further asserted that if the
threshold were increased, the database would no longer be statistically
representative of actual lending and would not be able to accurately
reveal whether credit needs were being met in all communities.
Commenters stated that increasing the threshold will disproportionately
harm many small business owners, rural communities, banking deserts and
redlined areas that may find that ``small'' lenders make up a
significant portion of the local lending market. Commenters stated that
accurately measuring access to credit, and pursuing fair lending
enforcement when warranted, would be substantially diminished if too
many lenders and loans are exempt from reporting, particularly in
smaller cities and rural areas. Another commenter asserted that if the
Bureau elected to use a higher threshold it would exclude gathering
data from commercial lenders that are small, but still impact many
people. Moreover, a commenter stated that the Bureau's estimates show
decreased coverage of banks at higher thresholds.
Commenters stated that it is important to ensure coverage of rural
areas, which may be in persistent poverty, and which are often served
by small lenders. Moreover, a community group stated that the threshold
must cover intermediate-sized banks, which are important to rural
communities and small cities, and whose information has been missing
from CRA data since 2003. Commenters stated that increasing the
threshold could frustrate enforcement of the CRA, and risk the chance
that the data are not representative of the actual small business
lending landscape. A commenter further asserted that comprehensive data
are needed to assist in fair lending actions at the local level.
In contrast, nearly all industry commenters opposed the proposed
coverage threshold of 25 originations annually for two consecutive
years. Commenters stated that the threshold was too low and would lead
to increased costs and burden, particularly for community banks and
credit unions. Numerous banks and trade associations expressed concern
that too many small banks would be subject to the rule with a 25-loan
activity threshold. For example, two trade associations asserted that
at least 780 banks under $100 million in assets would be subject to
reporting, and these institutions average 13 employees at 1.6 branches.
In addition, several members of Congress asserted that the proposed
threshold levels for the rule were far too stringent, and would
drastically impact the ability of small institutions to make loans to
small businesses and decrease access to credit for minority-owned,
women-owned, and small businesses. Several commenters argued that small
lenders have little data to offer relative to the costs of acquiring
the data. One also asserted that it was unreasonable to subject
thousands of additional small depository institutions to a complex and
costly rule to collect data on approximately four percent of the small
business lending market. Many of commenters suggested higher
thresholds, with requests ranging from 100 to 1,000 transactions
annually, using the same two-year test. In particular, a large number
of commenters requested thresholds at 100, 200, 500, or 1,000 loans
annually.
A number of industry commenters supported a 100-loan threshold.
Many of these commenters urged the Bureau to set institutional coverage
similar to HMDA at that time, both for consistency and because lenders
already reporting HMDA data would incur lower compliance costs because
they already have data collection systems in place. Moreover,
commenters asserted that a 100-loan threshold would still capture an
estimated 95 percent of businesses loans in the country.
Conversely, a CDFI lender and two business advocacy groups opposed
a 100-loan threshold, arguing that the Bureau's estimates show narrower
coverage of small business lending at that threshold level. Another
CDFI lender stated that nearly a half billion in lending would be
obscured from reporting in its community with a 100-loan threshold.
A credit union trade association stated that a 100-loan threshold
was too low. This commenter asserted that researchers draw
statistically significant conclusions from HMDA data which covers
approximately 90 percent of the mortgage market, and because a 100-loan
threshold covers more than that percentage of the small business
market, the rule would gather more data than is necessary.
In the context of discussing the rule's threshold, numerous
commenters, including community banks, credit unions, and trade
associations, along with a group of State bank regulators, cautioned
the Bureau regarding the risk of small lenders exiting the market due
to the rule's burden. Commenters argued that the rule will damage small
institutions' ability to remain competitive and would favor large
lenders with large compliance teams. Many commenters stated that small
community banks and credit unions lack the staff or resources,
including automation capabilities, to comply with the reporting
requirements, with numerous institutions sharing the limited number of
full-time staff that they had dedicated to business and agricultural
lending.
Commenters further argued that Dodd-Frank Act mortgage rules
resulted in many community banks leaving the mortgage lending business,
and this proposal would produce similar results. For example, several
commenters argued that HMDA and TILA-RESPA integrated disclosure rules
led to market exodus, and they were concerned that there would be
similar market exit of local lenders following the proposed rule
implementing section 1071.\492\ Commenters stated that communities
could be left without a hometown bank and small businesses may seek
credit from unregulated lenders. Moreover, two national trade
associations stated that about 30 percent of surveyed franchised light-
duty and commercial truck dealerships would discontinue small business
credit extensions.
---------------------------------------------------------------------------
\492\ CFPB, Integrated Mortgage Disclosure Rule Under the Real
Estate Settlement Procedures Act (Regulation X) and the Truth in
Lending Act (Regulation Z), 78 FR 80225 (Dec. 31, 2013).
---------------------------------------------------------------------------
Several commenters also argued that the rule would exacerbate bank
consolidation, particularly in rural and underserved areas, as the
additional regulatory burden on community banks would lead to more
mergers and acquisitions. Commenters further asserted that
consolidation would reduce lending options for consumers and small
businesses, and would discourage some smaller financial institutions
from making small business loans. A few commenters stated that the rule
would damage relationship banking and create an environment with less
competition.
Numerous commenters also asserted that the rule is likely to reduce
access to credit, as small banks and credit unions do not have the
economies of scale to absorb the reporting costs, and thus compliance
costs will be passed
[[Page 35253]]
along to small business customers. Several commenters stated that they
would have to reconsider their product offerings. For example, one bank
stated that they might need to also reconsider their consumer product
offerings and prices, and a credit union stated they might consider
reducing lending to avoid being covered by the rule. In addition, one
bank stated that they may need to charge additional fees for
agricultural borrowers, while another bank stated that they would
either need to increase their origination fee or greatly increase the
minimum loan amounts. Another bank stated that as operating costs
increase, they will be forced to adjust their business model by either
increasing interest rates on loans, decreasing interest rates on
deposits, or implement other account fees. Moreover, several commenters
stated that the 25-loan threshold would limit small business lending
flexibility, which could stifle lending innovation and result in
lenders choosing to set minimum loan amounts.
In addition, many commenters argued that the 25-loan threshold
would have a negative effect on lending in small and rural communities.
Commenters stated that small banks, which are vulnerable to increased
compliance costs, are often located in rural areas where lending
options are limited. Several commenters stated that the rule risks
underserved areas being afforded fewer loan options. Commenters further
asserted that the rule's regulatory burden would drive consolidation in
rural and underserved areas, limiting access to credit in these
communities.
Several commenters drew comparisons to HMDA. One bank stated that
when it was subject to HMDA reporting, they struggled with compliance
and eventually elected to reduce lending. In addition, several
commenters asserted that the proposed 25-loan threshold was
inconsistent with the reporting threshold of 100 closed-end mortgages
in Regulation C at the time. Commenters argued that although their
institution was exempt from HMDA reporting, and although their
commercial lending unit is small, they would not qualify for the
proposed 25-origination exemption from reporting under section 1071. A
State bankers association stated that half of their survey respondents
are exempt from HMDA, while only six believed they would be exempt with
a 25-loan threshold. The commenter further stated that these small
financial institutions--83 percent under $250 million in assets--have
no data collection infrastructure in place. Some other commenters
similarly asserted that many smaller institutions do not have data
collection infrastructure in place and stated that they would incur
significant costs.
In addition, some commenters asserted that the Bureau did not
provide a sufficient rationale for a 25-loan threshold, arguing that
the Bureau has not shown why this threshold is necessary and
appropriate to carry out section 1071's purposes. Several commenters
argued that the Bureau could obtain sufficient data at a higher
threshold. Another commenter stated that the Bureau did not fully
consider coverage, in particular how much data would be forgone at each
threshold. A group of trade associations further asserted that the
Bureau is obligated to provide coverage estimates for nondepository
institutions and that RFA estimates are not sufficient.
While the Bureau did not propose an asset-based threshold in the
proposed rule, numerous industry commenters requested an asset size
threshold, ranging from $50 million to $10 billion. However, some
industry commenters as well as community groups counseled against an
asset-based exemption, arguing that exemptions should be based instead
on lending activity, and that size-based exemptions risked under-
reporting in important markets. For example, one commenter stated that
an asset-based threshold could affect different regions of the country
and risk ``blind spots'' in the data. Some commenters said that assets
are not an applicable measurement for many lenders, such as
nondepository institutions. A bank trade association stated that asset-
based exemptions have been exploited by market disruptors partnering
with exempted institutions to create an uneven regulatory playing
field.
Other requested exemptions. A number of commenters opposed
exemptions for specific categories of lenders (consistent with the
Bureau's proposal), with several commenters noting that capturing a
broad array of lenders is essential for achieving the objectives of
section 1071. Some commenters asserted that the rule must apply to
government and public sector lenders, merchant cash advance companies,
nondepository lenders, non-profit lenders, online lenders, and/or
commercial finance providers. A State bankers association stated that
the Bureau should specifically name industrial loan companies to make
clear that all nonbank entities making small business loans are covered
by the rule. Community groups asserted that all lenders are obligated
to comply with fair lending laws, and requiring data disclosure will
assist with ensuring compliance. Moreover, several industry commenters
stated that a broad definition is important to ensure a level
regulatory playing field and to ensure a comprehensive view of the
entire small business lending market. A bank trade association urged
the Bureau to pay close attention to nonbank lenders, which the
commenter stated are roughly 30 percent of the current market and not
currently subject to the Bureau's supervision.
In contrast, a large number of industry commenters urged the Bureau
to exclude specific types of entities from coverage under the rule.
Some requested that certain types of lenders such as credit unions or
CDFIs be excluded from the rule entirely, while others requested
certain indirect lending/multi-party business models be excluded, such
as when applications are made via loan brokers, equipment dealers, or
motor vehicle dealers. Numerous industry commenters noted the unique
burdens they believed the rule would place on small banks and credit
unions, while a subset of these commenters argued that the Bureau
should exempt these smaller institutions from the rule altogether.
Several commenters requested an exemption for CDFIs, stating that
they are mission-driven institutions and dedicating resources to new
regulatory requirements would detract from their community focus.
Moreover, some commenters argued that requiring CDFIs to report would
be duplicative, as CDFIs already report lending data to the CDFI Fund
that shows that they are providing financial products for small
businesses in their communities. Commenters further cited the Treasury
Department's certification process for CDFIs and stated that CDFIs are
already held to a high standard. Several commenters cited that the
Bureau decided to exempt CDFIs when implementing the Qualified Mortgage
rule. Conversely, a number of community groups argued that the rule
must apply to all financial institutions, including CDFIs.
A number of commenters urged the Bureau to exempt community banks
from reporting requirements, stating that community banks already incur
substantial regulatory burden and would be put at a competitive
disadvantage under the rule. Several commenters emphasized the ``high-
contact and relationship-based business lending model'' of community
banks. A community bank asserted that community banks should be
commended for advancing over 50 percent of the nation's small business
loans and over 80 percent of the nation's agriculture loans despite
holding less
[[Page 35254]]
than 20 percent of the nation's deposits. Another community bank stated
that currently they are not subject to HMDA or CRA reporting
requirements and thus this rulemaking poses the threat of significant
new burdens on small community banks as well as on those community
banks that are already subject to HMDA reporting.
In addition, some commenters stated that covering community banks
will have the opposite effect of section 1071's purposes. Commenters
asserted that community banks would incur substantial burden in
gathering new data, which would make it more burdensome and expensive
to offer small business loans, thus raising the cost of credit. A
community bank stated that, if adopted as written, the rule's paperwork
burden will harm community banks, waste critical resources, and further
restrict lending. Another community bank stated that the rule as
proposed may very well be the final straw of regulation that will drive
small community banks out of business with devastating impact on the
small communities they serve. Moreover, commenters argued that the
Bureau was designed to regulate large, complex financial institutions,
not community banks.
Several commenters also urged the Bureau to exempt credit unions
from reporting requirements, stating that credit unions have not
demonstrated a pattern of unfair lending, that they seek to help women-
owned and minority-owned businesses, and that credit unions are member-
owned and not-for-profit. A trade association asserted that credit
unions would like to furnish more small business loans, but a reporting
regime will increase costs. Some commenters stated that exempting
credit unions would allow them to remain competitive lenders and would
avoid imposing new burdens on members. In contrast, a number of
commenters--including community groups, community-oriented lenders, a
business advocacy group, and a bank trade association--opposed special
treatment for credit unions, citing a 2020 Federal Reserve study that
shows a higher percentage of Black and Hispanic-owned firms sought
loans from credit unions and CDFIs. In addition, a commenter stated
that 2018-2020 HMDA data show that 73 percent of credit union lending
in Mississippi went to white borrowers and 15 percent to Black
borrowers.
One farm credit lender stated that Farm Credit System institutions
should be exempt from collection and reporting, while another asserted
that FCA financial institutions should have a qualified exemption that
permits voluntary reporting. The latter commenter stated that these
financial institutions are already reporting lending on Young,
Beginning, and Small lending efforts and volume to the Farm Credit
Administration. In addition, one commenter asserted that a lack of
understanding of the Farm Credit System by the Bureau in this
rulemaking will have unintended consequences for their customers. In
contrast, a community group urged the Bureau to apply the rule
implementing section 1071 to agricultural lenders, stating that
historic discrimination against minority and disadvantaged groups has
been well documented in agriculture, and including agricultural lenders
will hold financial institutions accountable to equitably serving small
farms and mid-sized farms, beginning farmers, and historically
underserved farmers. Another community group asserted that Farm Service
Agency activity should also be covered by the rule.
Several commenters requested an exemption for institutions outside
of Metropolitan Statistical Areas, with many specifying that rural
institutions should be exempt from the rule. Commenters stated that
rural banks and credit unions often play a vital role in their
communities and acquiring data from rural lending will result in fewer
institutions willing to conduct rural lending. Several industry
commenters asserted that the new burden to these institutions will
increase the cost of credit, and will be a significant detriment for
local small businesses seeking access to credit. A bank argued that
many rural loans are small dollar loans to sole proprietors such as
farmers and ranchers and without an exemption, the nation's most rural
and remote borrowers will have a harder time obtaining credit for their
businesses.
Two banks requested exemptions for CRA reporters, arguing that
financial institutions subject to Board, FDIC, or OCC regulations under
the CRA are already being assessed to ensure that they are identifying
and meeting the credit needs of the small businesses in their
communities. In addition, one of the banks stated that CRA-examined
institutions with at least a satisfactory rating for its two previous
exams should be exempt from reporting requirements. In contrast,
another commenter opposed exempting CRA reporters, stating that big
banks and ``shadow lenders'' have the most impact on small business
lending and have thwarted the effective oversight and enforcement of
the CRA.
The Federal Home Loan banks argued that they should be exempt from
the rule, explaining that the proposed definition of covered financial
institution inadvertently would capture lending to their financial
institution member/borrowers because those members are small
businesses. They stated that applying the rule implementing section
1071 to them is unnecessary in light of the comprehensive FHFA
regulatory regime that applies to credit extended by the Federal Home
Loan banks to their small and diverse financial institution members.
A trade association urged the Bureau to exempt SBA certified
development companies from the rule, stating that these financial
institutions are certified and regulated by the SBA and have a mission
to assist small businesses with access to capital, including businesses
in underserved communities. In addition, two development companies
stated that they do not have the budget to incur these new reporting
costs.
A few commenters requested an exemption for minority depository
institutions. A national trade association asserted that Congress has
determined that such institutions play an important role in serving
underserved communities and minority populations, the intent behind
section 1071 is already met by minority depository institutions, and
therefore, the rule should not redundantly be applied to this special
class of financial institutions. One bank stated that minority
depository institutions are mission-driven to support their
communities, while another bank asserted that these institutions are
certified by the Treasury Department for serving historically
underserved communities and/or low-to-moderate income Americans.
A trade association stated that retailers by their very nature are
not financial institutions and thus should not be covered by the rule.
The commenter further argued that applying this rule to retailers will
have a negative impact on retail employees and customers as offering
credit at retail could be reduced or eliminated, affecting overall
access to credit. Moreover, the commenter stated that the retail
environment is different from a typical bank, in that employees are not
trained in the specifics of financial products, and the environment may
not be practical for obtaining more sensitive information.
Two trade associations requested an exemption for loan brokers. One
argued that there could be duplicative or inaccurate reporting in cases
where technology companies match an applicant with multiple third-party
[[Page 35255]]
lenders. The other argued that it is appropriate to have a similar
approach to HMDA and data can be obtained from the lender instead of
the broker.
Several commenters urged the Bureau to exempt indirect lending
transactions where the applicant interacts only with a vendor partner,
such as equipment dealers and manufacturers. Commenters argued that the
financial institution does not directly interact with the applicant,
only the dealer or manufacturer, and thus the fair lending purpose of
section 1071 would not be furthered. A trade association asserted that
such an exemption would be consistent with the Bureau's proposed
approach to motor vehicle dealers. A business advocacy group stated
that, alternatively, there should be flexibility with respect to the
timing and collection of this information. They further argued that the
equipment dealer or manufacturers' employees are not trained staff for
the financial institution and the data may be less accurate.
Some commenters stated that indirect auto lenders should be exempt
from the rule. One commenter stated that the Bureau should exclude
motor vehicle dealers, and by extension, financial institutions when
they are working with motor vehicle dealers. Two commenters stated that
while indirect lenders may be involved in credit decisions, compliance
with the rule would be difficult, as the financial institutions that
evaluate and purchase the auto loan never meet the applicant. One also
said that it was unclear what information indirect lenders would be
required to gather.
In addition, two motor vehicle dealer trade associations urged the
Bureau to exempt motor vehicle dealers. They argued that collecting new
data will slow applications, raise compliance burden, and increase the
risk of inaccurate data. They stated that motor vehicle dealers do not
have the resources to comply with a rule in the manner that a financial
institution would. Moreover, they stated that survey data indicates 30
percent of dealers might choose to leave the market rather than face
these compliance costs. Two other trade associations pointed to Board
regulations implementing ECOA and argued that the dealer would be
prohibited under the law from asking the business owner for ethnicity,
race, and sex demographic data. In addition, a bank expressed confusion
over how a covered financial institution can require an exempt motor
vehicle dealers to collect 1071 data. Another commenter noted that many
dealers act as intermediaries between buyers and financial
institutions, and requested that the Bureau work with small motor
vehicle dealers to make the direct and indirect impacts of the
rulemaking the least burdensome possible.
One State bankers association asserted that much valuable small
business lending data will not be captured given the Dodd-Frank Act
exclusion for motor vehicle dealers and urged the Bureau to advocate in
Congress as necessary to include them in the rule.
A trade association urged the Bureau to exempt captive vehicle
partners from reporting, arguing that these institutions are
inextricably tied to entities that are exempt. The trade association
further argued that it would be confusing in terms of reporting
responsibility, as there are many creditors involved in a single loan
and its subsequent assignment, and the finance partner does not
directly interact with the applicant. Furthermore, the commenter stated
that a lack of regulatory relief could lead to market exit and that
captive finance companies are crucial to the economy.
Commenters urged the Bureau to exempt a variety of other entities,
including institutions outside of direct CFPB supervisory authority,
mission-driven banks, and financial institutions that identify as small
businesses. In addition, some commenters urged the Bureau to adopt
exemptions similar to HMDA using exemption factors such as asset size,
location test, federally related test, and loan activity. One merchant
cash advance provider stated that merchant cash advance funders should
not be considered covered financial institutions because they do not
extend credit or provide loans.
In addition, several commenters cited the firewall requirement and
said that certain financial institutions should be exempted from the
entire rule due to the challenges associated with the statutory
firewall provision. One commenter said that banks under $1 billion
should be exempted on this basis, a few said community banks should be
exempted on this basis, and one commenter said that all but the largest
lenders or all depository lenders should be exempted.
Two-year threshold measurement period. Commenters who addressed the
issue were in support of a two-year threshold measurement period, with
one community group citing its consistency with CRA and HMDA.
Final Rule
For the reasons set forth herein, the Bureau is revising Sec.
1002.105(b) to set the activity-based coverage threshold at 100
originations in each of the two preceding calendar years, rather than
25 originations as proposed. The Bureau is also finalizing its proposal
not to exempt particular types of institutions from the rule. The
Bureau believes that a 100-loan activity threshold achieves section
1071's purposes while minimizing any risk that low volume small
business lenders would reduce their lending activity. The Bureau is
adding comments 105(b)-3 and -4, as explained below, as well as making
other minor revisions to the commentary for additional clarity.
The Bureau is finalizing Sec. 1002.105(b) pursuant to its
authority under ECOA section 704B(g)(1) to prescribe such rules and
issue such guidance as may be necessary to carry out, enforce, and
compile data pursuant to section 1071 and its authority under
704B(g)(2) to adopt exceptions to any requirement of section 1071 and,
conditionally or unconditionally, exempt any financial institution or
class of financial institutions from the requirements of section 1071,
as the Bureau deems necessary or appropriate to carry out the purposes
of section 1071.
Activity-based exemption. The activity-based threshold for coverage
in the final rule will provide a simple basis for financial
institutions that infrequently lend to small businesses to determine
whether they have conducted sufficient lending activity as to be
required to collect and report data under the final rule. Furthermore,
in comparison to an asset-based exemption or a dollar-volume threshold,
the Bureau believes that an activity-based exemption is a more
compelling basis for exempting certain financial institutions from
coverage in light of section 1071's business and community development
purpose.
While several commenters expressed support for an asset-based
threshold or a dual asset-based and activity-based threshold, the
Bureau believes an activity-based threshold is considerably less
complex. Moreover, small business lending activity is more directly
related to a given financial institution's role in the small business
lending market than a measurement of the financial institution's size
as measured in total assets.
In addition, the Bureau believes that an activity-based exemption
is a superior approach to a size-based exemption because an exemption
based on asset size would apply only to depository institutions. The
Bureau is unaware of a similar size metric for nondepository
institutions, and commenters did not offer one. In addition, the Bureau
agrees with commenters who stated that an asset-based exemption
approach might create an uneven playing field and might risk
[[Page 35256]]
presenting a cost disadvantage for other small financial institutions.
Moreover, exempting proportionately more depository institutions
than nondepository institutions may present a challenge to the
comprehensiveness of the small business applicants' demographic data
collected under section 1071 as well as to the lending by different
types of lenders. A recent small business credit survey revealed racial
disparities in applications under the SBA's Paycheck Protection
Program: the data showed white-owned firms were most likely to apply
for a loan through a small bank (defined as under $10 billion in
assets), while Black-owned firms were three times as likely as white-
owned firms to apply for a loan through an online lender.\493\
Exempting depository institutions using an asset-based threshold and
not similarly exempting nondepository institutions could run counter to
the purposes of section 1071 and undermine the utility of the data, as
well as the purposes of the Bureau, which are, in part, ``to implement
and, where applicable, enforce . . . consistently'' Federal laws
including ECOA.\494\
---------------------------------------------------------------------------
\493\ Small Business Credit Survey of Firms Owned by People of
Color at 14.
\494\ 12 U.S.C. 5511(a).
---------------------------------------------------------------------------
A few commenters asserted that an activity-based threshold could
encourage lenders to deny applications or reduce their lending to stay
under the threshold. These are speculative fears, but to the extent
that institutions intend to take such action, the Bureau reminds
financial institutions that inconsistencies in the way an institution
applies its policies could give rise to a fair lending violation under
ECOA. Denied applications must indicate the principal reason(s) for the
adverse action, as required by Sec. 1002.9(b)(2).
Regarding a commenter's concern about potential evasion of the
activity-based threshold through the creation of subsidiaries, see the
section-by-section analysis of Sec. 1002.109(a)(2) which addresses
reporting by subsidiaries.
Counting originations. The Bureau agrees with commenters who
asserted that using a coverage threshold based on the number of
originations rather than applications for purposes of defining a
covered financial institution is the better approach. As one commenter
pointed out, many financial institutions are already familiar with this
approach due to its consistency with CRA and HMDA. Using originations
provides a clear and readily identifiable metric for financial
institutions. One commenter stated that the Paycheck Protection Program
and similar future government programs should be exempt from the
threshold. As discussed above, the Bureau is not exempting specific
government programs from the activity-based threshold. However, by the
time this rule is effective and implemented, lending activity conducted
pursuant to the Paycheck Protection Program will have long since ceased
and such loans will not be included in origination counts, rendering
such commenter concerns moot.
In addition, the Bureau agrees with commenters who stated that
additional credit amounts, such as line increases, should not count as
a separate origination for purposes of counting the activity-based
threshold. Financial institutions may receive multiple requests for
additional credit amounts on existing accounts in any given year and
such activity may make it more difficult for institutions to determine
coverage under the rule. In order to address this issue, the Bureau is
adding comment 105(b)-5 which clarifies that for purposes of
determining coverage under Sec. 1002.105(b), requests for additional
credit amounts on an existing account are not counted as originations.
Moreover, as discussed in Sec. 1002.106(b)(2), every five years
the gross annual revenue threshold used to define a small business in
Sec. 1002.106(b)(1) shall be adjusted, if necessary, to account for
inflation. The first time such an update could occur is early 2030,
with an effective date of January 2031. The Bureau is adding comment
105(b)-4 to clarify how financial institutions reporting data should
count originations in this situation, explaining that a financial
institution seeking to determine whether it is a covered financial
institution applies the gross annual revenue threshold that is in
effect for each year it is evaluating.
Two-year threshold measurement period. Consistent with commenters
who addressed the issue, the Bureau believes that a two-year threshold
period is advisable to minimize uncertainty surrounding data collection
responsibilities.
Activity threshold level. Supporters of the 25-loan threshold and
supporters of the 100-loan threshold each argued that the Bureau should
set the threshold with reference to the HMDA threshold for closed-end
loans. Given the differences in statutory authorities and between home
mortgages and small business loans, the Bureau does not believe that
the activity-based thresholds implementing HMDA and section 1071 must
be the same.\495\
---------------------------------------------------------------------------
\495\ The Bureau's 2015 HMDA Rule set the closed-end loan
threshold at 25 originated loans for each of the two preceding
calendar years. Then, in 2020, the Bureau increased the threshold to
100 closed-end loans, effective the same year. However, in September
2022, the United States District Court for the District of Columbia
vacated the 2020 HMDA Rule's increased reporting threshold for
closed-end mortgage loans as arbitrary and capricious under the
Administrative Procedure Act. Nat'l Cmty. Reinvestment Coal. v.
Consumer Fin. Prot. Bureau, No. 20-cv-2074, 2022 WL 4447293 (D.D.C.
Sept. 23, 2022).
Accordingly, the threshold for reporting data about closed-end
mortgage loans is 25, which was the threshold set by the 2015 HMDA
Rule. The court upheld the 2020 HMDA Rule's increase in the open-end
credit threshold.
See also CFPB, Home Mortgage Disclosure (Regulation C); Judicial
Vacatur of Coverage Threshold for Closed-End Mortgage Loans,
Technical Amendment, 87 FR 77980 (Dec. 21, 2022), https://files.consumerfinance.gov/f/documents/cfpb_judicial-vacatur-_technical-amendment_2022-12.pdf.
---------------------------------------------------------------------------
Table 1 below provides the Bureau's estimated share of depository
institutions, estimated share of small business loans from those
institutions (measured in total number of loans), and estimated share
of small business credit from those institutions (measured in dollars)
that would be covered by a loan-volume threshold of 25, 50, or 100
small business loans. This information is based on FFIEC and NCUA Call
Reports, as well as CRA submissions.\496\ The Bureau estimates that a
depository institution is covered for a particular loan-volume
threshold as of 2019 if the estimated number of originations for that
institution exceeded the threshold in both 2017 and 2018. Given the
limitations of the existing source data (limitations acknowledged by
the congressional mandate of section 1071), the Bureau cautions that
these estimates cannot provide a complete sense of the possible
consequences of adopting each particular threshold. These estimates
apply only to depository institutions.\497\
---------------------------------------------------------------------------
\496\ On the bank Call Report and in the Community Reinvestment
Act data, for small bank and small farm loans, banks report on
business loans with original amounts of $1 million or less and farm
loans with original amounts of $500,000 or less. For lines of credit
or loan commitments, banks report the size of the line of credit or
commitment when it was most recently approved. Banks include loans
guaranteed by the SBA and other government entities in their small
loans to businesses. Banks do not report loans to nonprofit
organizations in this category. Thus, these data collections would
include loans made to purchase, for example, individual vehicles and
pieces of equipment for the nation's largest businesses.
\497\ Under these data collections, banks report small loans
made to businesses and farms (regardless of the borrower's size).
Credit unions report commercial loans over $50,000 made to members
(also, regardless of the borrower's size). The methodologies and
assumptions used to produce these estimates are further documented
in the Supplemental estimation methodology for institutional
coverage and market-level cost estimates in the small business
lending rulemaking. This document is available at https://https.consumerfinance.gov/data-research/research-reports/supplemental-estimation-methodology-institutional-coverage-market-level-cost-estimates-small-business-lending-rulemaking/.
\498\ There were 10,525 depository institutions as of December
31, 2019, including 112 credit unions that are not Federally
insured.
[[Page 35257]]
Table 1--Estimated Depository Institution Coverage by Loan Volume (as of 2019)
----------------------------------------------------------------------------------------------------------------
Coverage category 25 Loans 50 Loans 100 Loans
----------------------------------------------------------------------------------------------------------------
Institutions Subject to Reporting.... 38%-40% of all 27%-30% of all 17%-19% of all
depository depository depository
institutions \498\. institutions. institutions.
SBL Institutions Subject to Reporting 63%-67% of SBL 46%-50% of SBL 29%-32% of SBL
\499\. depository depository depository
institutions. institutions. institutions.
Banks and Savings Associations (SAs) 70%-73% of all banks 52%-56% of all banks 33%-36% of all banks
Subject to Reporting. and SAst \500\. and SAs. and SAs.
SBL Banks and SAs Subject to 71%-75% of SBL banks 53%-57% of SBL banks 33%-37% of SBL banks
Reporting. and SAs. and SAs. and SAs.
Credit Unions Subject to Reporting... 7% of all credit unions 4% of all credit unions 2% of all credit
\501\. unions.
SBL Credit Unions Subject to 31% of SBL credit 18% of SBL credit 8% of SBL credit
Reporting. unions. unions. unions.
Share of Total Small Business Credit 98.3%-98.6%............ 96.7%-97.3%............ 94.2%-95.1%.
by Depository Institutions (Number
of Loans Originated) Captured.
Share of Total Small Business Credit 95.3%-96.0%............ 89.4%-91.0%............ 81.0%-83.0%.
by Depository Institutions (Dollar
Value of Loans Originated) Captured.
----------------------------------------------------------------------------------------------------------------
Table 1 above shows that as the loan-volume threshold rises, the
estimated share of depository institutions subject to section 1071
decreases substantially. Likewise, the estimated share of small
business loans and small business credit captured by the rule would
also decrease, although those decreases are less pronounced. The Bureau
has no information for nondepository institutions (other than for Farm
Credit System institutions based on their Call Report data \502\) such
that the Bureau could provide similar estimates for comment. The Bureau
requested in the NPRM such information and data that might bear on any
activity-based exemption for nondepository institutions and did not
receive any substantive information.
---------------------------------------------------------------------------
\499\ A depository institution is considered an ``SBL
institution'' if it has any small business loans on its balance
sheet.
\500\ Based on FFIEC Call Report data, there were 5,177 banks
and savings associations as of December 31, 2019.
\501\ Based on the 2019 NCUA Call Report data, there were 5,348
credit unions as of December 31, 2019, including 112 credit unions
that are not Federally insured.
\502\ To estimate the number of Farm Credit System (FCS) members
covered by the final rule, the Bureau considers the Young,
Beginning, and Small Farmers Reports for all Farm Credit System
lenders as of December 31, 2019. For the purposes of estimating
coverage, the Bureau assumes that all loans made by FCS members to
farmers are covered loans. Thus, the Bureau estimates that the rule
will cover almost all FCS small business loans.
---------------------------------------------------------------------------
The Bureau notes that the above estimates represent small business
lending data prior to the COVID-19 pandemic and ensuing policy
responses. The Bureau is keenly aware that many financial institutions,
including those that may not have historically participated actively in
small business lending, served their communities by becoming
participating lenders in the SBA's Paycheck Protection Program. This
program ended on May 31, 2021. Because financial institutions' initial
determinations of whether they are covered under this final rule, and
if so into which compliance date tier they fall, will be based on 2022
and 2023 originations (see final Sec. 1002.114(b)), institutions'
Paycheck Protection Program lending activity will not factor into
whether a given financial institution qualifies as a covered financial
institution because such lending ceased in May 2021.
After considering the feedback from commenters, the Bureau seeks to
minimize impact on the financial institutions with the lowest volume of
small business lending due to the fixed costs of coming into compliance
with this final rule. Numerous industry commenters cautioned the Bureau
regarding the risk of market disruption due to the rule's burden and
cost. Many argued that the relatively large fixed cost of complying
with section 1071's data collection and reporting requirements would
significantly increase the cost of small business credit. Commenters
argued that the rule will damage small institutions' ability to remain
competitive, would hasten consolidation, and would favor large lenders
with large compliance teams. A number of lenders discussed the ways in
which they may be forced to limit their lending, particularly in rural
and underserved areas. Several lenders asserted that a 100-loan
threshold was preferable, in part because HMDA reporters already have
data collection infrastructure in place.
The Bureau stated in the NPRM that it was also considering a 50 or
100 origination threshold. After consideration of the comments, the
Bureau believes that a 100-loan activity threshold is more appropriate.
The Bureau believes that this adjustment will best address widespread
industry concerns regarding compliance burdens for the smallest
financial institutions and that it is consistent with the purposes of
section 1071. A 100-loan threshold will ease compliance burdens for the
smallest financial institutions and will still capture the overwhelming
majority of the small business lending market, including the majority
of agricultural lending. As demonstrated in Table 1, a 100-loan
threshold captures nearly 95 percent of the share of small business
loans originated by depository institutions. In short, while a 100-loan
origination threshold decreases data coverage in comparison to a 25-
loan origination threshold, a 100-loan origination threshold massively
expands data availability relative to the status quo.\503\
---------------------------------------------------------------------------
\503\ See part IX.H below for additional analysis on coverage of
rural vs. non-rural depository institution branches. The Bureau
notes that it has no data on the geography of lending for all
depository institutions. Furthermore, commenters provided no
additional data. As such, the Bureau is unable to estimate coverage
of rural vs. non-rural small business loans.
---------------------------------------------------------------------------
Other requested exemptions. The Bureau agrees with commenters who
[[Page 35258]]
urged broad coverage of financial institutions under the rule. The
Bureau believes that, in light of the text and purposes of section
1071, the Bureau should generally adopt the posture that all manner of
small business lenders should be subject to reporting. The Bureau is
not categorically exempting any particular type of financial
institution from coverage. The Bureau believes that exemptions for any
category of financial institution--whether credit unions, community
banks, CDFIs, minority depository institutions, government lenders,
non-profit lenders, agricultural lenders, retailers, or merchant cash
advance providers--would create significant gaps in the data and would
create an uneven playing field between different types of institutions.
Inclusion of data from not-for-profit lenders is likely to be
particularly helpful in identifying further opportunities for business
and community development, including by for-profit creditors. Moreover,
the Bureau believes that most policy arguments made by industry for
being exempt from this rule are better addressed by adjusting the
activity-based threshold to 100 originated loans. The higher activity
threshold will help minimize compliance costs for all types of smaller
financial institutions with lower lending volumes but still result in a
comprehensive dataset that furthers section 1071's statutory purposes.
Comment 105(a)-2 refers to Sec. 1002.101(a) to reiterate the
statutory exclusion for motor vehicle dealers. Given the statutory
exclusion, motor vehicle dealers are not required to report small
business lending data to the Bureau. See the section-by-section
analysis of Sec. 1002.109(a)(3) for further discussion on reporting
obligations where multiple financial institutions are involved in a
covered credit transaction, including indirect lending transactions.
With respect to addressing the particularities of certain lending
models, the Bureau is not categorically exempting particular financial
institutions from coverage. The Bureau is, however, providing
clarification regarding how reporting rules apply to certain covered
credit transactions and is also not covering certain transactions. See
the section-by-section analyses of Sec. Sec. 1002.104(b) and
1002.109(a)(3). Regarding the request by some commenters to be exempted
from this rule due to the statutory firewall requirement, see the
section-by-section analysis of Sec. 1002.108.
Section 1002.106 Business and Small Business
ECOA section 704B(h)(2) defines the term ``small business'' as
having the same meaning as ``small business concern'' in section 3 of
the Small Business Act.\504\ The Bureau is defining a small business
consistent with the statutory language. In particular, the Bureau is
defining a small business to have the same meaning as the term ``small
business concern'' in 15 U.S.C. 632(a), as implemented by 13 CFR
121.101 through 121.107. Notwithstanding the size standards set forth
in 13 CFR 121.201, for purposes of subpart B, the Bureau is providing
that a business is a small business if its gross annual revenue for its
preceding fiscal year is $5 million or less. The SBA Administrator has
approved the Bureau's use of this alternate small business size
standard pursuant to the Small Business Act.\505\ The Bureau has also
obtained approval for this gross annual revenue threshold to adjust, if
need, for inflation or deflation every five years (after January 1,
2025) using the Consumer Price Index for All Urban Consumers (U.S. city
average series for all items, not seasonally adjusted), rounded to the
nearest multiple of $500,000.
---------------------------------------------------------------------------
\504\ 15 U.S.C. 632.
\505\ 15 U.S.C. 632(a)(2)(C).
---------------------------------------------------------------------------
Under the final rule, financial institutions will need to consider
whether an applicant is a business under Sec. 1002.106(a) and if the
applicant is a business, whether it is small under Sec. 1002.106(b).
The Bureau believes that these definitions implement the statutory
language of section 1071 while reflecting the need for a wide variety
of financial institutions to apply a simple, broad definition of a
small business that is practical across the many product types,
application types, technology platforms, and applicants in the market.
For the reasons set forth below, the Bureau is adopting Sec.
1002.106 to implement ECOA section 704B(h)(2) and pursuant to its
authority under ECOA section 704B(g)(1) to prescribe such rules and
issue such guidance as may be necessary to carry out, enforce, and
compile data under section 1071.
106(a) Business
Background
ECOA section 704B(h)(2) defines the term ``small business'' as
having the same meaning as ``small business concern'' in section 3 of
the Small Business Act.\506\ The Small Business Act provides a general
definition of a ``small business concern,'' authorizes the SBA to
establish detailed size standards for use by all agencies, and permits
an agency to request SBA approval for a size standard specific to an
agency's program. The SBA's regulations define a ``business concern''
as ``a business entity organized for profit, with a place of business
located in the United States, and which operates primarily within the
United States or which makes a significant contribution to the U.S.
economy through payment of taxes or use of American products, materials
or labor.'' \507\
---------------------------------------------------------------------------
\506\ 15 U.S.C. 632.
\507\ 13 CFR 121.105.
---------------------------------------------------------------------------
Proposed Rule
Proposed Sec. 1002.106(a) would have defined a business as having
the same meaning as the term ``business concern or concern'' in 13 CFR
121.105. This proposed definition is consistent with ECOA section
704B(h)(2), which defines the term ``small business'' as having the
same meaning as ``small business concern'' in section 3 of the Small
Business Act.\508\ The SBA issued 13 CFR 121.105, entitled ``How does
SBA define `business concern or concern,''' pursuant to the Small
Business Act. The Bureau referred to the entirety of that section for
additional information. In particular, the Bureau noted that this
definition would include elements such as being ``a business entity
organized for profit'' that has ``a place of business located in the
United States'' and ``operates primarily within the United States or .
. . makes a significant contribution to the U.S. economy.'' \509\
---------------------------------------------------------------------------
\508\ 15 U.S.C. 632.
\509\ 13 CFR 121.105(a)(1).
---------------------------------------------------------------------------
The Bureau sought comment on its proposed definition of a business,
and generally sought comment on whether additional clarification is
needed.
Comments Received
Comments received focused primarily on the Bureau's proposed
business size standard, which are discussed in the section-by-section
analysis of Sec. 1002.106(b) below. The Bureau did receive some
comments, however, on its proposed approach to the definition of
business concern from a few banks, trade associations, a business
advocacy group, and an online lender. These commenters requested that
the Bureau consider certain modifications or adjustments to the
definition of a business concern, such as clarifying that the term does
not include non-profit entities, government agencies, certain trusts,
foreign entities, and certain real estate holding companies.
[[Page 35259]]
One bank generally supported the proposed definition but requested
clarification that the definition of business concern excludes
``passive businesses'' and non-natural borrowing entities that are
established by applicants solely for tax, anonymity, and other such
purposes not intended to earn profit through business production,
operations, or service delivery. This commenter noted that it is common
for consumer borrowers to establish limited liability companies or
trusts solely to acquire properties and conduct similar transactions,
or for use in remaining anonymous to preserve their physical safety,
and requested that these scenarios be explicitly excluded because these
entities' obligations and contributions do not align with those of
small businesses.
A few commenters recommended that applications from nonprofit
organizations also be exempted. A few commenters specifically requested
the Bureau exclude any not-for-profit organizations, which might
include non-operating entities, holding companies, trusts, special
purpose vehicles, pass-through entities, holding companies that are not
organized for profit, and limited liability companies that are not
formed for business purposes.
Two commenters asked the Bureau to confirm that public agencies and
government institutions are excluded from the coverage of the final
rule. One commenter asked the Bureau to exclude foreign-owned entities
from the final rule. A bank asked for clarification on whether a
``small business'' can be taxed under the owner's Social Security
number (as opposed to an employer identification number) or whether
people that have a ``hobby'' business or farm that report income under
Schedule C or F within their tax returns are considered a small
business.
A trade association suggested the Bureau exclude applications from
trusts (which could be a single purpose trust, such as a land trust
that is established only to hold specific real estate, a traditional
estate planning vehicle or, though more infrequently, a business trust)
from coverage under the final rule. This commenter stated that
including trusts could raise difficult issues regarding who should be
considered for data collection purposes (the settlors, beneficiaries,
trustees or some combination thereof), what is the ``net profit or
loss'' of the trust, as well as who is entitled to that net profit or
loss. The commenter argued that such burdens would not be justified by
the minimal information that would be generated with respect to
reporting of lending to trusts.
One commenter argued for the inclusion of a test that would discern
between independent contractors and what it called ``actual'' small
businesses, as it believes that the credit needs and experiences of
independent contractors and many small businesses can differ greatly.
Another suggested the Bureau confirm that the proposed definition of
``small business'' excludes subsidiaries of large corporate entities.
A trade association for community banks recommended the Bureau
exclude farms from the definition of ``small business,'' arguing that
the underwriting criteria for small farm loans differ from other small
business loans and that this distinction is acknowledged in several
Federal laws such as CRA and HMDA. This commenter argued that the
proposed originations-based coverage threshold would likely lead to
many small lenders reducing their agricultural lending below the
threshold, thereby limiting the access to credit for small farms, and
concluded that an exemption was needed to acknowledge the uniqueness of
agricultural lending.
Final Rule
For the reasons discussed herein, the Bureau is finalizing Sec.
1002.106(a) as proposed, to define the term business as having the same
meaning as the term ``business concern or concern'' in 13 CFR 121.105.
As noted above, this definition includes elements such as being ``a
business entity organized for profit'' that has ``a place of business
located in the United States'' and ``operates primarily within the
United States or . . . makes a significant contribution to the U.S.
economy.'' \510\ This definition also provides that a business concern
may take a number of different legal forms, including a trust, sole
proprietorship, partnership, limited liability company, corporation,
joint venture, or cooperative, except that where the form is a joint
venture there can be no more than 49 percent participation by foreign
business entities in the joint venture.\511\ The Bureau is not
providing interpretations of this SBA regulation in subpart B, as
requested by some commenters, because the Bureau believes that existing
SBA interpretations are responsive to commenters' request for
clarification. For example, financial institutions are not required to
collect and report data for not-for-profit applicants, because they are
not ``organized for profit'' and are thus not a ``business concern.''
\512\ Moreover, the Bureau expects that applications from foreign
businesses will fall outside the scope of the rule's data collection
and reporting requirements unless they have a place of business located
in the United States and they either operate primarily within the
United States or they make a significant contribution to the U.S.
economy through payment of taxes or use of American products,
materials, or labor.
---------------------------------------------------------------------------
\510\ 13 CFR 121.105(a)(1).
\511\ 13 CFR 121.105(b).
\512\ See id., which states that a business concern may be in
the legal form of an individual proprietorship, partnership, limited
liability company, corporation, joint venture, association, trust or
cooperative, except that where the form is a joint venture there can
be no more than 49 percent participation by foreign business
entities in the joint venture.
---------------------------------------------------------------------------
The Bureau also does not believe it would be appropriate to deviate
from the term ``business concern or concern'' in 13 CFR 121.105 by
adopting additional exclusions such as one for passive businesses. As
discussed above, section 1071 defines small business as referring to
the definition of small business concern in section 3 of the Small
Business Act. The Bureau thus must look to this definition, and the
SBA's implementing regulations, in defining both a business and a small
business for purposes of this final rule. (The SBA Administrator's
approval for the Bureau's alternate size standard for this rulemaking
is discussed in the section-by-section analysis of Sec. 1002.106(b)
below.)
In addition, the Bureau believes that covering applications from
all types of businesses in its rule (including passive businesses \513\
and non-operating entities) is important for advancing both of section
1071's statutory purposes. The Bureau is thus not adopting such
exclusions requested by commenters. However, because the Bureau
understands that passive businesses and non-operating entities are
generally affiliated with other businesses (for example as subsidiaries
of large corporate entities), and because financial institutions are
permitted to consider affiliate revenue in determining whether a
business is small for purposes of this rule, the Bureau anticipates
that applications from most
[[Page 35260]]
of these kinds of businesses ultimately will not be reportable since
many such businesses will not be ``small'' businesses under the rule
implementing section 1071. (See the section-by-section analysis of
Sec. 1002.106(b) for additional related discussion.)
---------------------------------------------------------------------------
\513\ The SBA defines a business as passive if: (i) it is not
engaged in a regular and continuous business operation (the mere
receipt of payments such as dividends, rents, lease payments, or
royalties is not considered a regular and continuous business
operation); or (ii) its employees are not carrying on the majority
of day to day operations, and the company does not provide effective
control and supervision, on a day to day basis, over persons
employed under contract; or (iii) it passes through substantially
all of the proceeds of the financing to another entity. 13 CFR
107.720(b)(1).
---------------------------------------------------------------------------
The Bureau does not agree that trusts must be excluded, as
suggested by one commenter, on the grounds that covering applications
from trusts could raise difficult issues regarding who should be
considered the principal owner for data collection purposes. Treatment
under the final rule differs, for certain data points, based on whether
the applicant's owner is a trust or whether the applicant itself is a
trust. When a financial institution seeks to extend credit to a small
business applicant whose ownership interests or assets are owned by a
trust, the trust or trustee often needs to be the applicant for the
credit. In such situations, because only individuals who are direct
owners are considered principal owners under final Sec. 1002.102(o),
entities such as trusts would not be principal owners and thus the
financial institution would not need to collect or report principal
owners' ethnicity, race, and sex or the number of principal owners. And
as outlined in new comment 102(o)-2, if the applicant for a covered
credit transaction is a trust, a trustee is considered the principal
owner of the trust for reporting purposes. The Bureau also notes that
only a trust organized for profit would meet the definition of a
``business concern'' and fall within the scope of the rule. The Bureau
believes that these clarifications sufficiently address the commenter's
concerns and that covering different types of business structures in
its final rule is important for advancing both of section 1071's
statutory purposes. Thus, the Bureau is not defining business in a way
that would exclude trusts from the final rule.
In response to comments asking the Bureau to confirm that public
agencies and government institutions are excluded from the coverage of
the final rule, the Bureau notes that an express exclusion for
extensions of credit made to governments or governmental subdivisions,
agencies, or instrumentalities is not necessary because such
governmental entities do not constitute businesses under the final
rule. Specifically, government entities are not ``organized for
profit'' and are thus not a ``business concern'' under final Sec.
1002.106(a).
With respect to the suggestion that the Bureau develop a test to
identify independent contractors (and presumably exclude them), the
Bureau notes that it is not requiring financial institutions to collect
or report an applicant's business structure. Independent contractor
arrangements can take many forms; the Bureau does not believe it would
be appropriate to exclude from coverage under section 1071, for
example, a business that acts as an independent contractor to another
business, simply by virtue of that arrangement. Finally, the Bureau
notes that the SBA has routinely treated independent contractors as
business concerns \514\ and based on both of section 1071's statutory
purposes, the Bureau is not convinced that it should define business in
a way that would deviate from the SBA's approach and exclude
independent contractors from the final rule.
---------------------------------------------------------------------------
\514\ For example, in an interim final rule implementing changes
related to loans made under the Paycheck Protection Program, the SBA
stated ``SBA has determined that changing the calculation for sole
proprietors, independent contractors, and self-employed individuals
will reduce barriers to accessing the [Paycheck Protection Program]
and expand funding among the smallest businesses.'' 86 FR 13149,
13150 (Mar. 8, 2021) (emphasis added).
---------------------------------------------------------------------------
In response to a commenter's request for clarification on whether a
``small business'' can be taxed under the owner's Social Security
number (as opposed to an employer identification number) or whether
people that have a ``hobby'' business or farm that report income under
Schedule C or F within their tax returns are considered a small
business, the Bureau notes that generally, tax documentation is not
dispositive for the SBA's definition of a small business concern. In
many instances (for example, with startup businesses), the business may
not have any tax returns available or the business may be a sole
proprietorship that is taxed under its owner's Social Security number.
As long as the business is a ``small business concern'' in 15 U.S.C.
632(a) (as implemented in 13 CFR 121.101 through 121.107) and its gross
annual revenue for its preceding fiscal year is $5 million or less, it
is a small business under this final rule.
For reasons discussed in the section-by-section analysis of Sec.
1002.104(a), the Bureau is not adopting a categorical exclusion for
farms from the definition of ``small business.'' Credit used for
agricultural purposes is generally covered by the broad definition of
``credit'' under ECOA. ECOA's definition of credit is not limited to a
particular use or purpose and Regulation B expressly covers
agricultural-purpose credit; ECOA does not provide an exception for
agricultural credit; and it assigns enforcement authority to regulators
of agricultural lending such as the Secretary of Agriculture and the
Farm Credit Administration.\515\ Moreover, agricultural businesses are
encompassed in section 1071's statutory definition of small
business.\516\ With respect to the concerns that the Bureau's proposed
originations-based threshold would likely lead to many small lenders
reducing their agricultural lending below the exemption threshold, the
Bureau notes that it is increasing the exemption threshold as discussed
in the section-by-section analysis of Sec. 1002.105(b) above.
Moreover, the Bureau believes that covering agricultural businesses in
its rule is important for advancing both of section 1071's statutory
purposes, particularly given historical and/or continuing
discrimination against Black farmers and the need for transparency into
agricultural lending both for fair lending enforcement and business and
community development. The Bureau is thus not defining small business
in a way that would exclude such businesses from the final rule.
---------------------------------------------------------------------------
\515\ See 15 U.S.C. 1691c; Regulation B Sec. 1002.16(a).
\516\ ECOA section 704B(h)(2) (defining a small business as
having the same meaning as the term ``small business concern'' in
section 3 of the Small Business Act (15 U.S.C. 632)). Section
704B(h)(2) defines small business by reference to the Small Business
Act definition of a small business concern, which includes
independently owned and operated ``enterprises that are engaged in
the business of production of food and fiber, ranching and raising
of livestock, aquaculture, and all other farming and agricultural
related industries.'' 15 U.S.C. 632(a)(1).
---------------------------------------------------------------------------
106(b) Small Business Definition
106(b)(1) Small Business
Background
Section 1071 data collection purposes, requirements, and potential
impacts. A key component of the Bureau's fair lending work under the
Dodd-Frank Act is to ensure fair, equitable, and nondiscriminatory
access to credit for both individuals and their communities.\517\
Section 1071 of the Dodd-Frank Act, which amended ECOA, requires
financial institutions to collect and report to the Bureau data
regarding applications for credit for women-owned, minority-owned, and
small businesses. ECOA section 704B(h)(2) states that ``[t]he term
`small business' has the same meaning as the term `small business
concern' in section 3 of the Small Business Act (15 U.S.C. 632).''
Section 1071 was adopted for the dual statutory purposes of
facilitating fair lending enforcement and enabling communities,
governmental entities, and creditors to identify business and community
development needs and
[[Page 35261]]
opportunities of women-owned, minority-owned, and small
businesses.\518\
---------------------------------------------------------------------------
\517\ See 12 U.S.C. 5493(c)(2)(A).
\518\ ECOA section 704B(a).
---------------------------------------------------------------------------
As set forth in section 1071, the data that financial institutions
are required to collect and report to the Bureau include, among other
things, the gross annual revenue of the business in its preceding
fiscal year, the type and purpose of the loan, the census tract for the
applicant's principal place of business, and the ethnicity, race, and
sex of the principal owners of the business.\519\ ECOA section
704B(f)(2)(C) further provides that information compiled and maintained
under the statute shall be ``annually made available to the public
generally by the Bureau, in such form and in such manner as is
determined by the Bureau, by regulation.'' The Bureau believes that the
collection and subsequent publication of robust and granular data
pursuant to section 1071 regarding credit applications for small
businesses will provide much-needed transparency to an otherwise opaque
market and help ensure fair, equitable, and nondiscriminatory access to
credit.
---------------------------------------------------------------------------
\519\ ECOA section 704B(e)(2).
---------------------------------------------------------------------------
The Bureau understands that access to fair, equitable, and
nondiscriminatory credit is crucial to the success of small businesses.
Small businesses--including women-owned and minority-owned small
businesses--need access to credit to smooth out business cash flows and
to enable entrepreneurial investments that take advantage of, and
sustain, opportunities for growth. The market these businesses turn to
for credit is vast, varied, and complex. Overall, small businesses have
many options when it comes to financing, including a wide range of
products and providers. Yet market-wide data on credit to small
businesses remain very limited, particularly with respect to
applicants' protected demographic information at the core of section
1071. The Bureau believes that its rulemaking implementing section 1071
of the Dodd-Frank Act will provide critical data for financial
institutions, community groups, policy makers, and small businesses.
SBA size standards. The Small Business Act permits the SBA
Administrator to prescribe detailed size standards by which a business
concern may be categorized as a small business, which may be based on
the number of employees, dollar volume of business, net worth, net
income, a combination of these, or other appropriate factors.\520\
---------------------------------------------------------------------------
\520\ 15 U.S.C. 632(a)(2)(A) and (B).
---------------------------------------------------------------------------
As implemented by the SBA, these size standards generally hinge on
average annual receipts or the average number of employees of the
business concern and are customized industry-by-industry across 1,012
6-digit NAICS codes. Specifically, the SBA typically uses two primary
measures of business size for size standards purposes: (i) average
annual receipts \521\ for businesses in services, retail trade,
agricultural, and construction industries, and (ii) average number of
employees for businesses in all manufacturing, most mining and
utilities industries, and some transportation, information and research
and development industries.\522\ To measure business size, the SBA also
uses financial assets for certain financial industries, and for the
petroleum refining industry it uses refining capacity and employees.
The SBA's size standards are used to establish eligibility for a
variety of Federal small business assistance programs, including for
Federal government contracting and business development programs
designed to assist small businesses in obtaining Federal contracts and
for the SBA's loan guarantee programs, which provide access to capital
for small businesses that are unable to qualify for and receive
conventional loans elsewhere.
---------------------------------------------------------------------------
\521\ Effective January 6, 2020, the SBA changed its regulations
on the calculation of average annual receipts for all its receipts-
based size standards from a three-year averaging period to a five-
year averaging period. 84 FR 66561 (Dec. 5, 2019).
\522\ The SBA now uses a 24-month average to calculate a
business concern's number of employees for eligibility purposes in
all its programs. 87 FR 34094 (June 6, 2022).
---------------------------------------------------------------------------
Under the Small Business Jobs Act of 2010,\523\ the SBA is required
to review all size standards no less frequently than once every five
years.\524\ The SBA's lowest size standards based on average annual
receipts are currently used for agricultural industries. At the time of
the Bureau's NPRM, the SBA used a $1 million average annual receipts
standard for 46 out of 64 agricultural industries.\525\
---------------------------------------------------------------------------
\523\ Public Law 111-240, 124 Stat. 2504 (2010).
\524\ 15 U.S.C. 632 note.
\525\ See Small Bus. Admin., Table of size standards (effective
Oct 1, 2022), https://www.sba.gov/document/support-table-size-standards.
---------------------------------------------------------------------------
The SBA has since maintained or increased its size standards across
all industries. Following the SBA's implementation of revised size
standards in May and June 2022 \526\ and its inflation adjustment of
monetary-based industry size standards in November 2022,\527\ a $1
million standard is no longer used for any industry. The size standards
for agricultural industries now range from $2.25 million to $34
million, and the size standards for non-agricultural industries now
range from $8 million to $47 million. In April 2022, the SBA also
proposed increasing 150 size standards for businesses in manufacturing
and other sectors (excluding wholesale trade and retail trade) that are
based on the number of employees.\528\ The SBA also increased size
standards for 57 industries in the wholesale trade and retail trade
sectors.\529\
---------------------------------------------------------------------------
\526\ Through a series of rules that became effective on May 2,
2022, the SBA implemented revised size standards for 229 industries
(all using average annual receipts standards) to increase
eligibility for its Federal contracting and loan programs. See 87 FR
18607 (Mar. 31, 2022); 87 FR 18627 (Mar. 31, 2022); 87 FR 18646
(Mar. 31, 2022); 87 FR 18665 (Mar. 31, 2022). The SBA did not reduce
any size standards--it either maintained or increased the size
standards for all 229 industries, in many cases with size standard
increases of 50 percent or more. Effective July 14, 2022, the SBA
also increased size standards for 22 wholesale trade industries and
35 retail trade industries. 87 FR 35869 (June 14, 2022).
\527\ 87 FR 69118 (Nov. 17, 2022) (adjusting monetary-based
industry size standards (i.e., receipts- and assets-based) for
inflation that occurred since 2014 by adding an additional 13.65
percent inflation increase to these size standards).
\528\ 87 FR 24752 (Apr. 26, 2022) (establishing 250 employees
and 1,500 employees, respectively, as the minimum and maximum size
standard levels for Manufacturing and other industries (excluding
Wholesale and Retail Trade), up from the current minimum of 100
employees and the current maximum of 1,500 employees in the SBA's
existing size standards).
\529\ 87 FR 35869 (June 14, 2022).
---------------------------------------------------------------------------
The Small Business Act further provides that no Federal agency may
prescribe a size standard for categorizing a business concern as a
small business concern absent approval by the SBA Administrator.\530\
The SBA's rule governing its consideration of other agencies' requests
for approval of alternate size standards requires that the agency
seeking to adopt an alternate size standard consult in writing with the
SBA's Division Chief for the Office of Size Standards in advance of
issuing an NPRM containing the proposed alternate size standard.\531\
The Bureau met this requirement and also provided a copy of the
published NPRM to the Division Chief for the Office of Size Standards.
The Bureau subsequently obtained approval from the SBA Administrator
for its alternate small business size standard contained in this final
rule.
---------------------------------------------------------------------------
\530\ 15 U.S.C. 632(a)(2)(C); see also 13 CFR 121.903(a)(5).
\531\ 15 U.S.C. 632(a)(2).
---------------------------------------------------------------------------
Market considerations. A wide variety of financial institutions,
with varying levels of sophistication and experience, extend credit to
small businesses. This rulemaking applies to a broad range of financial
institutions. Banks and credit unions that serve a breadth of customers
[[Page 35262]]
typically organize their commercial lending operations into segments
based on a combination of risk, underwriting, product offering, and
customer management factors that are appropriate to each segment. The
three most frequent organizational groupings are retail/small business,
middle market, and large corporate banking. Commercial customers are
generally assigned to an organizational grouping based on their revenue
potential and aggregate credit exposure, with smaller accounts assigned
to the retail/small business banking area. The overwhelming
preponderance of small businesses are found in the retail/small
business banking group, which may also conduct consumer banking.
Today, the distinguishing characteristic that many larger financial
institutions (principally banks with $10 billion or more in assets) use
to assign small businesses into the retail/small business banking group
is gross annual revenue.\532\ While cut-offs vary by financial
institution, the Bureau understands that a common demarcation for
small/retail customers are those with less than $5 million, or
sometimes up to $10 million, in gross annual revenue. The maximum
amount of a retail/small business banking term loan or credit line is
typically $5 million or less.
---------------------------------------------------------------------------
\532\ See Fed. Deposit Ins. Corp., Small Business Lending
Survey, at 11 (2018), https://www.fdic.gov/bank/historical/sbls/full-survey.pdf (FDIC Small Business Lending Survey) (finding that a
substantial majority of large banks use gross annual revenue (61.8
percent) as a limit to define small businesses).
---------------------------------------------------------------------------
Financial institutions that do not conduct SBA lending generally do
not collect or consider the number of employees of a small business
applying for credit, but they often capture gross annual revenue
information, including for regulatory compliance purposes.
Specifically, retail/small business lenders routinely collect
applicants' gross annual revenue information because notification
requirements under existing Regulation B vary for business credit
applicants depending on whether they ``had gross revenues of $1 million
or less in [their] preceding fiscal year.'' \533\ For a business
applicant with gross annual revenues of $1 million or less, a creditor
must provide a notification following an adverse action, such as a
credit denial, that is generally similar to that provided to a consumer
in both substance and timing.\534\ As a result, small business lenders
often adopt compliance management systems similar to those found among
consumer lenders.
---------------------------------------------------------------------------
\533\ 12 CFR 1002.9(a)(3)(i).
\534\ Id. The notification requirements for applicants with
gross annual revenues in excess of $1 million are generally more
flexible in substance and also do not impose a firm deadline for
provision of a Regulation B notification. 12 CFR 1002.9(a)(3)(ii).
---------------------------------------------------------------------------
The Bureau believes it is important for a financial institution to
be able to quickly determine at the beginning of the application
process whether an applicant is a ``small business'' for purposes of
this final rule. Financial institutions generally cannot inquire about
an applicant's protected demographic information (including the
ethnicity, race, and sex of an applicant's principal owners) without
being legally required to do so.\535\ As discussed in the Overview of
this part V, this final rule will only require (and thus only permit)
such inquiries for small business applicants.\536\ While the Bureau is
allowing financial institutions flexibility in when they seek this
protected demographic information, the Bureau believes that financial
institutions generally have the best chance of obtaining it and
supporting the purposes of section 1071, if they ask for it in the
earlier stages of the application process. As a result, a financial
institution may need to know, even before the application is initiated,
which application path the applicant must follow--a 1071-governed or a
non-1071-governed application path.
---------------------------------------------------------------------------
\535\ See 12 CFR 1002.5(a).
\536\ Such inquiries are also permitted for co-applicants of
small businesses pursuant to final Sec. 1002.5(a)(4)(x).
---------------------------------------------------------------------------
Early feedback. From very early on in its discussions with
stakeholders regarding section 1071, the Bureau has received feedback
focused primarily on how the Bureau might define a business size
standard. For example, in response to the Bureau's 2017 request for
information, many stakeholders expressed concern about the difficulties
in determining the appropriate NAICS code for businesses and in
applying the NAICS-based standards in determining whether a business
loan applicant is a small business. Commenters who addressed the issue
of a small business definition were universally in favor of the Bureau
adopting something less complex than the SBA's size standards based on
6-digit NAICS codes. Commenters noted that the use of these standards
is relatively complex and would introduce burdens for this rule with
limited benefit.
Likewise, during the SBREFA process, small entity representatives
generally preferred a simple small business definition and expressed
concern regarding the complexity of the SBA's NAICS-based size
standards. Some small entity representatives supported an approach for
defining a small business that would use an applicant's gross annual
revenue for determining whether it was ``small'' (thresholds under
consideration at SBREFA were $1 million and $5 million). For most small
entity representatives, nearly all their small business customers had
less than $5 million in gross annual revenue; most were under $1
million. Several small entity representatives remarked that a $1
million gross annual revenue threshold would be too low, noting that it
would exclude many businesses defined by SBA regulations as ``small'';
some of these small entity representatives said that a $5 million gross
annual revenue threshold would be acceptable. Some small entity
representatives advocated for higher revenue thresholds, such as $8
million or $10 million. Some small entity representatives supported a
more complex approach that would distinguish between applicants in
manufacturing and wholesale industries (500 employees) and all other
industries ($8 million in gross annual revenue). One small entity
representative also supported another approach, which was closest to
the SBA's existing size standards, stating that it reflects the SBA's
substantially different definitions of a small business across
different industries. Feedback from stakeholders other than small
entity representatives also reflected broad support for the Bureau
pursuing a simplified version of the SBA small business definition.
Proposed Rule
Proposed Sec. 1002.106(b) would have defined a small business as
having the same meaning as the term ``small business concern'' in 15
U.S.C. 632(a), as implemented in 13 CFR 121.101 through 121.107.
Proposed Sec. 1002.106(b) would have further stated that,
notwithstanding the size standards set forth in 13 CFR 121.201, for
purposes of proposed subpart B, a business is a small business if its
gross annual revenue, as defined in proposed Sec. 1002.107(a)(14), for
its preceding fiscal year is $5 million or less. The Bureau's proposal
noted it was seeking SBA approval for this alternate small business
size standard pursuant to the Small Business Act.\537\
---------------------------------------------------------------------------
\537\ 15 U.S.C. 632(a)(2)(C).
---------------------------------------------------------------------------
Proposed comments 106(b)-1 and 106(b)-2 would have clarified the
obligations of covered financial institutions when new information
changed the determination of whether an applicant is a small business,
giving rise to requirements under proposed subpart B and/or
prohibitions under
[[Page 35263]]
existing Regulation B. The Bureau acknowledged that a financial
institution's understanding of an applicant's gross annual revenue may
change as the application proceeds through underwriting.
Proposed comment 106(b)-3 would have explained that a financial
institution may rely on an applicant's representations regarding gross
annual revenue (which may or may not include an affiliate's revenue)
for purposes of determining small business status under proposed Sec.
1002.106(b).
The Bureau sought comment on this proposed definition of a small
business, including the $5 million gross annual revenue size standard,
as well as whether additional clarification is needed for any aspect of
this proposed definition. The Bureau also sought comment on whether
another variation of the proposed size standard would better serve the
purposes of section 1071, such as a lower revenue size standard or a
higher one, potentially at the $8 million or $10 million level. The
Bureau also sought comment on whether, in addition to the above-
described gross annual revenue-based size standard, a small business
definition that also included any business that was furnished a loan
pursuant to an SBA program (regardless of the applicant's gross annual
revenue) would further the purposes of section 1071.
Similarly, the Bureau sought comment on whether a threshold based
on $8 million gross annual revenue or 500 employees (depending on the
type of business) would align more closely with section 1071's
purposes. Likewise, the Bureau sought comment on whether a variation of
the proposed size standard, such as using an applicant's average gross
annual revenue averaged over two or five years, would better serve the
purposes of section 1071. In addition, the Bureau sought comment on
defining a small business consistent with the entirety of existing SBA
regulations, including any advantages or disadvantages that using such
a definition might pose specifically in the context of this rulemaking.
Specifically, the Bureau sought comment on how the proposed size
standard would fit in with a financial institution's current lending or
organization practices. The Bureau sought comment on whether the
proposed size standard would introduce additional difficulties or
challenges for SBA lenders.
Comments Received
The Bureau received many comments supporting the use of a simple
gross annual revenue threshold from a range of lenders and trade
associations, along with a community group, a technology service
provider, a business advocacy group, several members of Congress, and
others. Many commenters said that a gross annual revenue threshold was
simple, objective, relatively easy to apply at the time of application,
and/or will make compliance easier. One bank more generally emphasized
the need for a simplified definition of small business that is easily
determinable at the time of application. Another commenter noted that
determining the appropriate NAICS codes and the number of employees is
not easy early on in the application process. A bank stated that
revenue thresholds provide a consistent and transparent line of
delineation. Some commenters asserted that a gross annual revenue
threshold was preferable to the SBA's more complex size standards that
change over time. One commenter asserted that a gross annual revenue
threshold was the only feasible way to implement section 1071 and that
trying to apply SBA size standards would massively complicate the data
collection process, lead to the introduction of errors that would
undermine data accuracy and interfere with financial institutions'
ability to extend credit to business applicants in a prompt and
efficient manner. One agricultural lender argued that having to
determine whether a business is small for the purposes of the rule
could delay communicating a credit decision in violation of ECOA and
the Farm Credit Act, while another commenter hypothesized that
financial institutions may decline loan requests due to inadequate
financial documentation for a small business determination. Another
commenter expressed general support for a broad definition of small
business.
Despite the broad support for a gross annual revenue threshold,
commenters disagreed on where to set the threshold. Some commenters
supported the proposed threshold of $5 million or less in gross annual
revenue. A trade association stated that the proposed approach was
sufficiently broad and could encompass as great a portion of the
population of minority- and women-owned businesses as practical. One
agricultural lender asked for additional context and insight for the $5
million threshold and an explanation regarding how a number larger than
$1 million, which the Bureau had previously considered during the
SBREFA process, meets the intent of Congress under section 1071. A bank
advocated for a $250,000 gross annual revenue threshold, asserting that
most businesses that surpass this threshold have access to or already
utilize an attorney or accountant, either one of which should be able
to adequately advise on the presence of any discriminatory terms.
The Bureau received some comments expressing general disapproval of
its proposed approach to the gross annual revenue threshold. A few
banks argued that a $5 million threshold is too high, with one adding
that this was particularly true in community bank areas and another
suggesting that the Bureau did not adequately support its proposal with
statistics. A few industry commenters asserted that an expansive small
business definition would burden their organizations with significant
costs and that the Bureau should instead reduce the number of
businesses that are reportable under the regulation. A women's business
advocacy group suggested the Bureau have ``multiple levels'' in its
small business definition. Several commenters noted a preference for a
gross annual revenue threshold lower than $5 million, without
specifying an amount. A credit union suggested the Bureau ensure that
both annual revenue and asset size \538\ be taken into consideration.
---------------------------------------------------------------------------
\538\ It is unclear whether the commenter was referring to the
asset size of the small business or asset size of the financial
institution.
---------------------------------------------------------------------------
Most commenters that suggested an alternative small business
definition expressed preference for a $1 million gross annual revenue
threshold. Some industry commenters asserted that a $1 million
threshold would be less burdensome, less costly, and/or would simplify
compliance as compared to the proposed $5 million threshold. One said
that anything other than a $1 million threshold may be too complex for
applicants and/or financial institutions, which could lead to less than
expected levels of data integrity and misalignment with the 1071
statutory purposes. Several industry commenters and a business advocacy
group argued that a gross annual revenue threshold of $1 million or
less is more in line with congressional intent and purpose. A bank
asserted that it would be more feasible to implement a firewall between
underwriter and customer because a $1 million threshold would avoid a
complete change in how the bank underwrites and processes small
business loan applications.
Some commenters said that a $1 million threshold would better align
with existing Regulation B adverse action notification requirements,
with one adding that misalignment leads to compliance costs. A bank
suggested the Bureau amend the existing Regulation B
[[Page 35264]]
requirements on adverse actions to ensure consistency with this rule
and avoid confusion with loan officers and loan processers.
Many more commenters advocated for alignment with CRA regulations
that use $1 million or less in annual revenue to define a small
business, with some arguing that misalignment with the CRA would lead
to increased compliance costs. Some industry commenters stressed the
need for consistency between reporting regimes, asserting that the
proposed threshold did not align with other regulatory requirements
such as CRA. One commenter suggested that inconsistency with CRA would
add another nuance to data validation. A State bankers association
suggested that a $1 million threshold would also better align with
Small Business Development Center and Small Business Investment Company
program guidelines. A credit union trade association suggested that a
$1 million gross annual revenue threshold would be consistent with the
SBA's definitions for some types of small businesses, including most
agricultural small businesses.
Some commenters said that a $1 million threshold would cover most
(over 95 percent) of small businesses as defined by the SBA size
standards in effect at the time of the NPRM. Similarly, many commenters
argued that the proposed $5 million threshold would be overinclusive
and a $1 million threshold would better exclude non-small businesses.
One bank said this overinclusiveness would be particularly notable in
middle/rural America, while another argued that the proposed definition
would create inequity and inflated costs for banks serving small-to-
midsize markets by picking up a disproportionate number of businesses
as small businesses under the rule.
Two credit union trade associations argued that the proposed $5
million threshold would increase the size of the 1071 data collection,
the risk to data privacy, and the costs associated with compliance for
covered financial institutions. Two other commenters suggested that a
$1 million threshold would accomplish the goals of section 1071 without
unnecessary drawbacks.
In contrast, some commenters requested a more expansive size
standard for defining small businesses under the rule. A number of
community groups expressed a preference for a $7.5 million threshold,
citing language from the SBA's website \539\ indicating that most non-
manufacturing businesses with average annual receipts under $7.5
million will qualify as a small business. A few other commenters
expressed a preference for a $8 million threshold. A CDFI lender
maintained that a $8 million threshold was the most common SBA size
standard threshold for average annual receipts, would cover more
manufacturing and wholesale businesses, and received broad support from
small entity representatives (though they recommended eliminating the
500 employees standard for manufacturing and wholesale that was part of
that option under consideration at SBREFA). Another commenter opined
that a threshold of $8 million (adjusted every five years according to
the SBA's recalibrations) would better cover the small business market,
account for differences in business types (such as manufacturing) and
regional economic conditions, and would more closely align with what
lenders already consider small businesses. Finally, a joint letter from
community groups, community oriented lenders, and business advocacy
groups asserted that a threshold lower than $8 million would lead to
significantly less data against which to compare lending patterns and
to identify lending trends and gaps.
---------------------------------------------------------------------------
\539\ Small Bus. Admin., Basic requirements, https://www.sba.gov/federal-contracting/contracting-guide/basic-requirements
(last visited Mar. 20, 2023).
---------------------------------------------------------------------------
Existing SBA size standards. Several commenters recommended the
Bureau use the SBA's definition and size standards. One credit union
trade association asserted that the SBA definition is already used by
credit unions and all financial services providers as the industry
standard and thus using an alternative definition would only create
confusion and inconsistent Federal regulations, thereby harming credit
unions' ability to serve their members. A bank argued that having
different definitions and requirements across similar regulatory
obligations would result in more burden and costs due to the unique
review and maintenance of each obligation.
Loan size. Some industry commenters suggested defining a small
business by the credit amount requested. Several said that small
businesses should be defined by loans of $1 million or less. A bank
asserted that this would be a much more reasonable definition of what a
small business is and will encompass the majority of its commercial
lending to small businesses. A few commenters argued that this would
better align with CRA and call report requirements. Another commenter
noted that loan size does not fluctuate over time like revenue and it
is easy to identify at the beginning of the application process. Some
credit union commenters suggested requiring reporting for small
business loans up to $10 million. A few other industry commenters
suggested adopting a maximum amount applied for ``exclusion'' of
$750,000 in order to exempt applications from non-small businesses.
These commenters asserted that such an exclusion would harmonize this
rule with the SBA's maximum direct loan amount. A few commenters
expressed disapproval of a $1 million loan size threshold, noting many
small businesses borrow amounts far more than $1 million while many
large businesses borrow amounts far below that threshold.
Small farm definition. The Bureau received comments from many
agricultural lenders suggesting that the $5 million gross annual
revenue threshold would be overinclusive when applied to farms and that
agricultural lending needs a different small business definition for
purposes of section 1071 in order to capture only truly small farms.
One commenter asserted that under the Small Business Act's implementing
regulations, the Bureau must take into account differing industry
characteristics. Specifically, many agricultural lenders suggested that
the Bureau's definition of ``small business'' align with the Farm
Credit Administration's (FCA) definition of ``small farmer,'' which is
a ``farmer, rancher, or producer or harvester of aquatic products who
normally generates less than $250,000 in annual gross sales of
agricultural or aquatic products.'' \540\ A few also urged the Bureau
not to ignore the USDA small farm definitions.\541\ One commenter noted
that even a $1 million threshold would be too high because 96 percent
of farms had less than $1 million in annual sales of agricultural
products. Several commenters suggested that the FCA
[[Page 35265]]
definition would facilitate compliance because staff and compliance
professionals at Farm Credit lenders are already very familiar with
that standard and because it would be confusing and burdensome for
staff to manage two competing regulatory definitions of ``small''
customers.
---------------------------------------------------------------------------
\540\ Farm Credit Admin., Bookletter 040--Revised: Providing
Sound and Constructive Credit to Young, Beginning, and Small
Farmers, Ranchers, and Producers or Harvesters of Aquatic Products,
at 2 (Aug. 10, 2007), https://ww3.fca.gov/readingrm/Handbook/FCA%20Bookletters/BL-040%20REVISED.docx.
\541\ The USDA Economic Research Service (USDA-ERS) measures
farm size by annual gross cash farm income--a measure of the farm's
revenue (before deducting expenses) that includes sales of crops and
livestock, payments made under agricultural Federal programs, and
other farm-related cash income including fees from production
contracts. Econ. Rsch. Serv., U.S. Dep't of Agric., Farm Structure
and Contracting (last updated Mar. 8, 2022), https://www.ers.usda.gov/topics/farm-economy/farm-structure-and-organization/farm-structure-and-contracting/. Within this
classification system, small family farms have gross cash farm
income less than $350,000, with subcategories of low-sales farms
(gross cash farm income less than $150,000) and moderate-sales farms
(gross cash farm income between $150,000 and $349,999). Id.
---------------------------------------------------------------------------
Several commenters noted that approximately half of Farm Credit
System loans outstanding were to ``small farmers'' and that this level
of coverage would more than accomplish section 1071's statutory
purposes. One agricultural lender noted that over 76 percent of its
loan volume portfolio would fall within the proposed $5 million ``small
business'' definition (approximately 3,770 loans) but 10.7 percent of
the loan volume portfolio falls under the FCA definition (approximately
2,730 loans).
Other suggested size standards. A trade association representing
online lenders recommended the Bureau adopt an easy-to-administer
definition based on 4-digit NAICS codes. This commenter argued that
while a singular revenue or number of employees standard to designate
small businesses might be simpler for the Bureau, it would not be a
true reflection of the small business market. The commenter asserted
that employing the first 4 digits of the NAICS codes would provide
measurements that differentiates broadly by industry, but provides a
standard that gives lenders flexibility, allowing them to use data
supplied by the borrower without having to undertake a costly and time-
consuming verification process of the data provided.
Many community groups, community-oriented lenders, and a minority
business advocacy group urged the Bureau to adopt the 500 employee/$8
million test set forth in the SBREFA Outline. A few of these commenters
said this was an easily implemented definition that covered the bulk of
small businesses as defined by the SBA without the complexities of the
SBA's NAICS-code based definitions, whereas the Bureau's proposal would
exclude 270,000 businesses that the SBA classifies as small businesses,
with many such businesses disproportionately located within retail
trade and construction industries, where small businesses are more
likely to be owned by people of color.
One comment letter suggested defining a small business as having a
gross annual revenue of $1 million and including a threshold for the
number of employees required for a business to be deemed small. They
referenced the SBA's size standards, which use a 100-employee threshold
for some industries, but suggested the Bureau use a similar definition
or alter its small business definition to include more minority- and
women-owned small businesses.
Other issues. A few comments addressed the role of affiliate
revenue in business size determinations. A bank suggested aligning
treatment of affiliate revenue with current CRA requirements \542\ to
avoid reporting disparities from institution to institution for
similarly situated applicants. Pointing to SBA rules and guidance, two
other industry commenters asserted that subsidiaries of large companies
should be excluded from the definition of ``small business'' if the
aggregate revenues for all affiliates, as defined in 13 CFR 121.103,
exceed the gross annual revenue threshold.
---------------------------------------------------------------------------
\542\ The CRA requires an institution to rely on the revenues
that it considered in making its credit decision when indicating
whether a small-business or small-farm borrower had gross annual
revenues of $1 million or less--in the case of affiliated
businesses, the institution would aggregate the revenues of the
business and the affiliate to determine whether the revenues are $1
million or less only if the institution considered the revenues of
the entity's parent or a subsidiary corporation of the parent as
well as that of the business. See Fed. Fin. Insts. Examination
Council, A Guide to CRA Data Collection and Reporting, at 13 (Jan.
2001), https://www.ffiec.gov/cra/pdf/cra_guide.pdf.
---------------------------------------------------------------------------
Two commenters asked for clarification related to business size
determinations involving multiple applicants. One suggested the Bureau
clarify that loans jointly made to multiple borrowers are not
reportable where one or more of the borrowers may qualify as a small
business under the rule but is not the primary business seeking the
funding. Another commenter suggested the Bureau (i) allow lenders to
treat all co-borrowers as one applicant such that the gross annual
revenue of all co-borrowers would be aggregated for purposes of
assessing whether the loan is a small business loan and (ii) clarify
how to identify loans to a ``minority-owned business'' or a ``women-
owned business'' when one, but not all, co-borrowers meet the
definitions of these terms.
A group of insurance premium finance trade associations noted that
their members do not obtain any financial information or information
about for-profit status regarding any applicant and suggested the
Bureau permit their members to ask the insured business if it is a
small business (after furnishing the regulation's operative definition)
when the signed premium finance agreement is submitted to the lender or
immediately after the lender receives the signed premium finance
agreement.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.106(b)(1) (proposed as Sec. 1002.106(b)) to define a small
business as having the same meaning as the term ``small business
concern'' in 15 U.S.C. 632(a), as implemented in 13 CFR 121.101 through
121.107. As discussed above, the Bureau believes that adopting existing
statutory and regulatory small business definitions, which are widely
understood and already the subject of notice and comment, is consistent
with the purposes of section 1071 and will facilitate compliance. Final
Sec. 1002.106(b)(1) further states that, notwithstanding the size
standards set forth in 13 CFR 121.201, for purposes of subpart B, a
business is a small business if its gross annual revenue, as defined in
final Sec. 1002.107(a)(14), for its preceding fiscal year is $5
million or less. The Bureau believes this definition implements the
statutory language of section 1071 while reflecting a need for
financial institutions to apply a simple, broad definition of a small
business across industries. The Bureau has obtained SBA approval for
this alternate small business size standard pursuant to the Small
Business Act.\543\
---------------------------------------------------------------------------
\543\ 15 U.S.C. 632(a)(2)(C); 13 CFR 121.903.
---------------------------------------------------------------------------
The Bureau believes that adopting this gross annual revenue
standard is consistent with the purposes of section 1071 and addresses
the concerns that the Bureau has heard with respect to determining
whether applicants are small businesses for purposes of complying with
section 1071, particularly regarding determining the applicant's NAICS
code, and the implications thereof. Due to concerns expressed by other
stakeholders, which are described above, and upon its own further
consideration as discussed in this section-by-section analysis under
Alternatives Considered below, the Bureau is not adopting suggested
alternative standards, including, but not limited to a $1 million gross
annual revenue standard, a $7.5 or $8 million gross annual revenue
standard, a threshold based on loan size, a different standard for
agricultural lending, nor the existing SBA size standards.
The Bureau agrees with the many commenters who said that a
definition of small business for purposes of section 1071 based on a
gross annual revenue threshold was simple, objective, relatively easy
to apply at the time of application, and/or will make compliance
easier. The Bureau understands that a majority of large banks already
use gross annual revenue
[[Page 35266]]
thresholds to delineate small business lending within their own
institutions.\544\ The Bureau also agrees that a gross annual revenue
threshold is the preferred way to implement section 1071 to avoid
overly complicating the data collection process, leading to the
introduction of errors that would undermine data accuracy, or
interfering with financial institutions' ability to extend credit to
business applicants in a prompt and efficient manner. The Bureau
believes that a simplified definition of small business that does not
require determining the appropriate NAICS codes and/or the number of
employees will satisfy lenders' needs to easily determine small
business status early in the application process and avoid delays in
communicating a credit decision.
---------------------------------------------------------------------------
\544\ See FDIC Small Business Lending Survey at 11.
---------------------------------------------------------------------------
While the Bureau received broad support for a simple gross annual
revenue threshold generally, it received narrower support for a
threshold of $5 million or less in gross annual revenue. The Bureau
believes that a $5 million threshold strikes the right balance in terms
of broadly covering the small business financing market to fulfill
section 1071's statutory purposes while meeting the SBA's criteria for
an alternative size standard.\545\ As described above, the SBA is
generally increasing size standards across industries and no longer
uses a $1 million annual receipts standard for any industry. As a
result, the Bureau's $5 million standard is sufficiently inclusive
relative to the SBA size standards. Moreover, while there is no clear
consensus on a simplified size standard that uniformly covers all small
business financing markets,\546\ the Bureau understands that among the
banks that already use a gross annual revenue threshold to delineate
small business lending, the majority of banks of all sizes use a
threshold above $1 million in firm gross annual revenue.\547\ In fact,
larger banks typically use even higher thresholds (for banks with less
than $1 billion in assets, 25.1 percent use a threshold greater than $5
million in firm gross annual revenue, while 37.0 percent of banks with
$1 billion to $10 billion in assets use a gross annual revenue
threshold of $5 million or more).\548\
---------------------------------------------------------------------------
\545\ See 15 U.S.C. 632(a)(2)(C); 13 CFR 121.903.
\546\ See, e.g., FDIC Staff Report at 10 (discussing various
gross annual revenue thresholds ranging from $1 million to $10
million and resolving ``[g]iven the lack of consensus on the correct
definition of a small business, [to] present results using both
thresholds wherever possible'').
\547\ Id. at 9.
\548\ Id.
---------------------------------------------------------------------------
The Bureau has considered the potential effect of applying a $5
million gross annual revenue threshold to both non-agricultural and
agricultural industries and compared that standard to coverage under
the SBA's existing size standards. Among non-agricultural industries,
the Bureau estimates \549\ that over 1.5 million (27 percent) small
businesses would not be covered by an alternative $1 million gross
annual revenue threshold and at a $2 million threshold, the rule would
have been underinclusive by 12 percent. (This and other size standards
suggested by commenters are discussed in detail under Alternatives
Considered below.) At a $8 million threshold, the percentage of
underinclusivity falls to approximately 4 percent, or approximately
235,000 non-agricultural businesses.
---------------------------------------------------------------------------
\549\ The Bureau used the most recent Statistics of U.S.
Businesses (SUSB) from Census (from 2017) to estimate the total
number of businesses that would be under- or over-included for
section 1071, relative to the SBA's size standards and based on
various revenue-based size standard alternatives. We use SBA size
standards as of May 2022 which reference 2017 NAICS codes; these
NAICS codes are consistent with the SUSB data. The 2017 SUSB only
contains information on employer businesses.
---------------------------------------------------------------------------
Applying an $8 million threshold to agricultural businesses, the
Bureau's analysis \550\ shows that over 20,000 such businesses that are
not considered small under the SBA's size standards would have their
applications reported to the Bureau.\551\ With the finalized $5 million
gross annual revenue threshold, relative to current SBA size standards,
all small farms' applications will be reported to the Bureau, along
with applications from 14,000 agricultural businesses that are not
considered small under the SBA's size standards. Thus, the Bureau
believes that its $5 million gross annual revenue threshold strikes an
appropriate balance between covering the applications of most
businesses that are considered small under the SBA's size standards,
while minimizing the number of businesses above the SBA's size
standards whose applications will be reported to the Bureau, and in a
way that satisfies the SBA's criteria for approving an alternative size
standard under its regulations.
---------------------------------------------------------------------------
\550\ The Bureau's analysis of agricultural industries used the
2017 Census of Agriculture from the USDA, relative to the SBA's size
standards, based on various revenue-based size standard
alternatives. The Bureau notes that because the Census of
Agriculture does not have the granularity of the SUSB, it made some
additional strong assumptions. The Census of Agriculture also does
not have the same employer/non-employer distinction as the SUSB and
therefore includes information on all farms.
\551\ In the Census of Agriculture, there is just a $5+ million
category so this number would not change for thresholds above $5
million.
---------------------------------------------------------------------------
The Bureau also notes that in their proposal to amend their
regulations implementing the CRA, the Board, FDIC, and OCC proposed to
define the terms ``small business'' and ``small farm'' consistent with
the Bureau's definitions in its NPRM.\552\ Thus, per the CRA proposal,
once 1071 data are available, the agencies would transition from the
current CRA definitions of small business and small farm loans to
definitions that cover loans to small businesses and small farms with
gross annual revenues of $5 million or less.\553\ Given the many
comments that the Bureau received advocating for CRA alignment, the
Bureau strongly supports the CRA agencies' efforts and believes that
finalizing its proposed small business definition will streamline
reporting and minimize compliance risks for financial institutions that
are also reporting covered credit transactions under CRA and would
simplify data analysis for CRA-reportable transactions. See part
II.F.2.i above for further discussion of the CRA and its relationship
to this rule.
---------------------------------------------------------------------------
\552\ 87 FR 33884, 33890 (June 3, 2022).
\553\ Id. at 33899.
---------------------------------------------------------------------------
With respect to a commenter's suggestion that the Bureau increase
the existing Regulation B threshold for notification to business credit
applicants for consistency with this rule, the Bureau does not believe
such a change would be appropriate at this time. Given the fact that
these notification requirements have been in place for close to 50
years and financial institutions have invested in compliance
infrastructure around these requirements, the Bureau believes that the
notification threshold in existing Regulation B should not be amended
without additional research and input from stakeholders.
To address ECOA and existing Regulation B's general prohibition
against inquiring about protected demographic information in connection
with a credit transaction,\554\ and to clarify the obligations of
covered financial institutions under subpart B, the Bureau is adopting
final comments 106(b)(1)-1 and 106(b)(1)-2 to address situations when
new information may arise that could change the determination of
whether an applicant is a small business. The Bureau acknowledges that
a financial institution's understanding of an applicant's gross annual
revenue may
[[Page 35267]]
change as the institution proceeds through underwriting. The Bureau is
finalizing comment 106(b)(1)-1 (proposed as 106(b)-1) with updated
cross-references to other portions of the final rule. Final comment
106(b)(1)-1 explains that if a financial institution initially
determines an applicant is a small business as defined in final Sec.
1002.106(b) based on available information and obtains data required by
final Sec. 1002.107(a)(18) and (19), but the financial institution
later concludes that the applicant is not a small business, the
financial institution may process and retain the data without violating
ECOA or Regulation B if it meets the requirements of final Sec.
1002.112(c)(4). The Bureau is finalizing comment 106(b)(1)-2 (proposed
as 106(b)-2) with certain revisions for additional clarity. Final
comment 106(b)(1)-2 explains that if a financial institution initially
determines that the applicant is not a small business as defined in
final Sec. 1002.106, but then later concludes the applicant is a small
business prior to taking final action on the application, the financial
institution must report the covered application pursuant to final Sec.
1002.109. In this situation, the financial institution shall endeavor
to compile, maintain, and report the data required under final Sec.
1002.107(a) in a manner that is reasonable under the circumstances.
---------------------------------------------------------------------------
\554\ See existing Sec. 1002.5(a)(2); 15 U.S.C. 1691(b)(5).
---------------------------------------------------------------------------
The Bureau is finalizing comment 106(b)(1)-3 (proposed as comment
106(b)-3) to explain that a financial institution is permitted to rely
on an applicant's representations regarding gross annual revenue (which
may or may not include an affiliate's revenue) for purposes of
determining small business status under final Sec. 1002.106(b)(1). The
comment further clarifies that, if the applicant provides updated gross
annual revenue information or the financial institution verifies such
information, the financial institution must use the updated or verified
information in determining small business status. The Bureau has
changed the heading of this comment and has removed some of the
introductory language to this comment for clarity as suggested by
several commenters; this change is not intended to alter the meaning of
this comment.
The Bureau has considered comments regarding the role of affiliate
revenue in business size determinations. The Bureau agrees that
subsidiaries of large companies should be excluded from the definition
of ``small business'' provided that the aggregate revenues for all
affiliates, as defined in 13 CFR 121.103, exceed the $5 million gross
annual revenue threshold--and, indeed, this is consistent with what the
Bureau proposed. The Bureau is not, however, adopting the mandate in
the SBA regulations, which provide that the average annual receipts
size of a business concern with affiliates must be calculated by adding
the average annual receipts of the business concern with the average
annual receipts of each affiliate.\555\ The Bureau understands that the
SBA totals the average annual receipts of the applicant and all of its
affiliates in determining size because in order to be eligible for
certain Federal programs and certain Federal contracts and
subcontracts, a firm must be a ``small business concern.'' \556\
Because the size standard used for this rule is only to determine
whether data collection is required pursuant to section 1071 and has no
bearing on eligibility for Federal small business assistance, the
Bureau does not believe it is necessary to mandate that financial
institutions consider affiliate revenue in determining an applicant's
small business status.
---------------------------------------------------------------------------
\555\ 13 CFR 121.104(d)(1).
\556\ Small Bus. Admin., Small Business Compliance Guide, at 4
(July 2020), https://www.sba.gov/sites/default/files/2020-10/AFFILIATION%20GUIDE_Updated%20%28004%29-508.pdf.
---------------------------------------------------------------------------
The Bureau believes that this approach to use of affiliate revenue
in size determinations will address concerns related to treatment of
passive businesses and non-operating entities, such as special purpose
vehicles. The Bureau understands that passive businesses and non-
operating entities are generally affiliated with other businesses (for
example as subsidiaries of large corporate entities). The Bureau notes
that final Sec. 1002.102(a) adopts the SBA's expansive view of what
constitutes affiliation,\557\ and it is therefore unlikely that a
special purpose entity or other large project financing investment
entity would be formed without any affiliation with an established
entity--rather, they are likely created as subsidiaries of an existing
business or as joint ventures between existing businesses.\558\ Thus,
financial institutions will be able to exclude businesses that are, in
fact, middle- or large-sized applicants from data collection and
reporting under this final rule by considering these businesses'
affiliate revenues, which will likely exceed the $5 million gross
annual revenue threshold for purposes of the definition of a small
business. For example, if a financial institution receives an
application for financing from a special purpose vehicle or shell
company established for the purpose of acquiring significant commercial
real estate (such as a hospital building), the financial institution
could rely on information provided by the applicant regarding its, and
its affiliates, gross annual revenue for purposes of determining small
business status under Sec. 1002.106(b). As discussed in greater detail
below, the Bureau also believes that its approach to affiliate revenue
further obviates the need to define a small business by the credit
amount requested as suggested by some commenters.
---------------------------------------------------------------------------
\557\ 13 CFR 121.103; see also Small Bus. Admin., Small Business
Compliance Guide (July 2020), https://www.sba.gov/sites/default/files/2020-10/AFFILIATION%20GUIDE_Updated%20%28004%29-508.pdf
(affiliation can be based on (1) ``control (when one controls or has
the power to control the other, or a third party or parties controls
or has the power to control both)''; (2) ownership; (3) ``stock
options, convertible securities, and agreements to merge''; (4)
management; (5) identity of interest''; or (6) ``franchise and
license agreements'').
\558\ Similarly, where a substantial portion of its assets and/
or liabilities of a special purpose entity is the same as a
predecessor entity, the SBA's definition of a business concern
specifically dictates that the annual receipts and employees of the
predecessor must be taken into account in determining size of the
new business concern. 13 CFR 121.105(c).
---------------------------------------------------------------------------
The Bureau has considered the comments regarding business size
determinations involving multiple unaffiliated applicants and does not
agree with the suggested approach to allow financial institutions to
treat all co-applicants as one applicant by aggregating their gross
annual revenues for purposes of assessing business size. The Bureau
does not believe that (in situations not involving affiliated entities)
such an approach would be consistent with the SBA's definitions of
business concern and small business concern. The Bureau is addressing
commenters' requests for clarification on this issue by adding new
comment 106(b)(1)-4, which provides that if a covered financial
institution receives a covered application from multiple businesses who
are not affiliates, as defined by final Sec. 1002.102(a), where at
least one business is a small business under final Sec. 1002.106(b),
the financial institution shall compile, maintain, and report data
pursuant to final Sec. Sec. 1002.107 through 1002.109 regarding the
covered application for only a single applicant that is a small
business. The comment clarifies that the financial institution shall
not aggregate unaffiliated co-applicants' gross annual revenues for
purposes of determining small business status under final Sec.
1002.106(b) and provides a cross reference to final comment 103(a)-9
for additional details.
[[Page 35268]]
In response to the group of insurance premium finance trade
associations that highlighted their members' challenges with
determining small business status, the Bureau notes that insurance
premium financing arrangements are excluded under final Sec.
1002.104(b)(4) for the reasons set forth in the corresponding section-
by-section analysis.
Alternatives Considered
Gross annual revenue of $1 million. In the NPRM, the Bureau did not
propose a $1 million gross annual revenue threshold, expressing concern
that such a threshold likely would not satisfy the SBA's requirements
for an alternative size standard across industries and would exclude
too many businesses designated as small under the SBA's size standards.
Nevertheless, as discussed above, many commenters requested the Bureau
adopt a $1 million gross annual revenue threshold.
The SBA no longer uses a $1 million annual receipts standard for
any industry and the Bureau does not believe that a gross annual
revenue threshold of $1 million would be more in line with
congressional intent and purpose. Congress did not specify a gross
annual revenue threshold for defining a small business under section
1071 but instead pointed to the SBA's definition of small business
concern.\559\ However, Congress set forth a process to allow the Bureau
to prescribe an alternative size standard, if approved by the SBA
Administrator.\560\ Given the fact that the SBA no longer uses a $1
million standard for any industry \561\ and is thus unlikely to approve
an alternative size standard at that threshold for all industries, the
Bureau believes that its small business definition is a more
appropriate alternative size standard.
---------------------------------------------------------------------------
\559\ In ECOA section 704B(h)(2), Congress provided that ``[t]he
term `small business' has the same meaning as the term `small
business concern' in section 3 of the Small Business Act (15 U.S.C.
632).''
\560\ 15 U.S.C. 632(a)(2)(C).
\561\ Through a series of rules that became effective on May 2,
2022, the SBA implemented revised size standards for 229 industries
(all using average annual receipts standards) to increase
eligibility for its Federal contracting and loan programs. See 87 FR
18607 (Mar. 31, 2022); 87 FR 18627 (Mar. 31, 2022); 87 FR 18646
(Mar. 31, 2022); 87 FR 18665 (Mar. 31, 2022). The SBA did not reduce
any size standards--it either maintained or increased the size
standards for all 229 industries, in many cases with size standard
increases of 50 percent or more. Effective July 14, 2022, the SBA
also increased size standards for 22 wholesale trade industries and
35 retail trade industries. 87 FR 35869 (June 14, 2022). Effective
December 19, 2022, the SBA added an additional 13.65 percent
inflation increase to the monetary small business size standards. 87
FR 69118 (Nov. 17, 2022).
---------------------------------------------------------------------------
While it is true that a $1 million threshold would better align
with existing Regulation B adverse action notification requirements,
the Bureau believes that the flexibilities built into the final rule
for small business size determinations will obviate the need for
changes to adverse action operations, including compliance with
existing Regulation B adverse action notification requirements. The
Bureau also notes that the concerns raised by many commenters regarding
alignment with CRA regulations would likely be resolved if the CRA
proposal, which expressly seeks alignment with the Bureau's alternative
small business definition, is finalized. With respect to suggested
alignment with Small Business Development Center and Small Business
Investment Company program guidelines, the Bureau points to the fact
that credit transactions made under programs with lower thresholds are
by default small business transactions for the purposes of the final
rule and thus not inconsistent.
The Bureau has considered the comments arguing that a $5 million
threshold would be overinclusive and a $1 million threshold would
better exclude non-small businesses. Based on the Bureau's analysis,
neither a $1 million threshold nor $5 million threshold would be
overinclusive among non-agricultural industries relative to the SBA's
current size standards. On the other hand, the Bureau estimates that,
in terms of the number of SBA ``small'' firms whose applications would
not be reported to the Bureau, a $1 million threshold would be 4.5
times more underinclusive than a $5 million threshold. Moreover,
research conducted by FDIC staff found that among banks with $1 billion
to $10 billion in assets, more than one-third of self-described small
business lending would be excluded under the $1 million gross annual
revenue definition and that among banks with more than $10 billion in
assets, nearly two-thirds would be excluded.\562\ Based on this study,
FDIC staff concluded that ``for the typical bank, a [gross annual
revenue] threshold of $1 million is overly conservative and would
exclude many firms that should properly be considered small
businesses.'' The Bureau agrees with this conclusion, and likewise
believes that a $1 million gross annual revenue threshold would not
satisfy the SBA's requirements for an alternative size standard across
industries and would exclude too many businesses designated as small
under the SBA's size standards.
---------------------------------------------------------------------------
\562\ FDIC Staff Report at 10.
---------------------------------------------------------------------------
Gross annual revenue of $7.5 to $8 million. The Bureau is not
adopting a $7.5 million or $8 million gross annual revenue threshold,
as suggested by a number of commenters. While the Bureau agrees that a
threshold of $7.5 to 8 million would more expansively cover SBA small
businesses (the Bureau estimates that under a $8 million threshold,
applications from approximately 130,000 more SBA ``small'' firms would
be reported to the Bureau as compared to a $5 million threshold), the
Bureau does not believe that this definition more closely aligns with
what lenders already consider small businesses based on comments
received in support of a lower than $5 million threshold. Moreover, the
Bureau notes that while an $8 million threshold would be less
underinclusive among non-agricultural industries relative to SBA size
standards, it would be more overinclusive among agricultural
businesses.
Loan size. The Bureau does not believe that it would be appropriate
to define a small business based on the size of the loan applied for
(i.e., by adopting a maximum ``amount applied for'' exclusion) such as
one in the amount of $750,000 (for SBA alignment) or $1 million (for
CRA alignment), as suggested by some commenters. The Bureau likewise is
not defining a small business based on whether a loan is for an amount
up to $10 million, as suggested by some commenters, or any other
size.\563\ As explained in the NPRM, the Bureau believes that such
potential definitions do not bear a sufficient relationship to the size
of the business or its operations. For instance, under a definition
similar to existing CRA requirements, application data for businesses
with low revenue that may be applying for large loans would be
excluded. The Bureau does not believe that adopting such an approach
would further the purposes of section 1071. The Bureau likewise agrees
with commenters cautioning against using the CRA definition based on
loan size, because many small businesses borrow amounts far more than
$1 million while many large businesses borrow amounts far below that
threshold.\564\
---------------------------------------------------------------------------
\563\ It is possible that these commenters intended to advocate
for a $10 million gross annual revenue threshold. For the reasons
stated above, the Bureau does not believe a definition of small
business using a $10 million gross annual revenue threshold would
fulfill section 1071's statutory purposes.
\564\ See, e.g., FDIC Small Business Lending Survey at 17
(finding that at banks with assets of $1 billion to $10 billion, at
least $19.1 billion in gross understatement of small business
lending (in which small businesses with less than $1 million in
gross annual revenue received loans with amounts greater than $1
million)).
---------------------------------------------------------------------------
[[Page 35269]]
Existing SBA size standards. Despite some recommendations that the
Bureau use the SBA's definition and size standards, the Bureau believes
the SBA's size standards are not suitable for this data collection
initiative and prefers to establish a small business definition
specifically tailored to this rulemaking implementing section 1071.
A simple, easy-to-implement small business definition is necessary
in light of the general prohibition in existing Regulation B against
creditors' inquiring about protected demographic information in
connection with a credit transaction unless otherwise required by
Regulation B, ECOA, or other State or Federal law, regulation, order,
or agreement.\565\ ECOA section 704B(e)(2)(G), as implemented by this
rule, requires a financial institution to collect and report the
ethnicity, race, and sex of the principal owners of the business. Thus,
in order to avoid potential liability under ECOA and existing
Regulation B, a financial institution must accurately determine that a
business credit application is subject to section 1071 before inquiring
about the applicant's protected demographic information. The Bureau
does not believe the SBA's existing size standards allow for the quick
and accurate determination of small business status required for this
1071 data collection initiative. Specifically, the Bureau does not
believe this determination can be quickly and accurately made if, as
required under the SBA's existing size standards, the financial
institution must determine the appropriate 6-digit NAICS code for the
business and then apply the NAICS-based size standards to determine
whether an applicant for business credit is a small business.
---------------------------------------------------------------------------
\565\ ECOA provides that it is not discrimination for a
financial institution to inquire about women-owned or minority-owned
business status, or the ethnicity, race, and sex of principal owners
pursuant to section 1071. 15 U.S.C. 1691(b)(5).
---------------------------------------------------------------------------
As discussed above, commenters expressed concern to the Bureau
about the difficulties in determining the appropriate 6-digit NAICS
code for businesses and in applying the SBA's NAICS-based size
standards. They generally preferred a simple small business definition
and expressed concern that the SBA's approach to defining a small
business--which bases classification on an applicant's 6-digit NAICS
code--is relatively complex in this context. The Bureau believes that
removing a NAICS code-based small business determination as a step in
determining small business status will both facilitate compliance and
better achieve the purposes of section 1071. The Bureau understands
that one reason that commenters expressed a strong desire for a simple
approach to determining whether an applicant is small is that this
initial determination may drive the application process. To comply with
section 1071 requirements, financial institutions may use a different
application process, or different or additional application materials,
with small business credit applicants than they do with applicants that
are not small businesses. Thus, quickly and accurately determining
whether an applicant is a small business at the outset of the
application process may be a crucial step, one that financial
institutions would benefit from being able to seamlessly accomplish.
Considering the requirements and prohibitions in ECOA with respect to
protected demographic information, the Bureau understands the import
that financial institutions have placed on both the speed and accuracy
of this determination.
Notwithstanding its decision to not rely on NAICS codes in its
small business definition, the Bureau believes that NAICS codes possess
considerable value for section 1071's fair lending purpose as well as
its business and community development purpose. As discussed in the
section-by-section analysis of Sec. 1002.107(a)(15) below, the Bureau
is therefore requiring financial institutions to collect and report 3-
digit NAICS sector codes for applications subject to this final rule.
However, the Bureau believes that gathering NAICS code information at
some point during the application process, while still the subject of
some concern for financial institutions, differs in kind from requiring
NAICS information as a necessary step to beginning an application (and
correctly determining which type of application to initiate). In
addition, the NAICS information now required by the final rule is a 3-
digit NAICS code instead of a 6-digit code as proposed; this
information will provide valuable data to analyze fair lending patterns
and identify business subsectors with unmet credit needs, while
limiting the burden this collection may impose on financial
institutions and small business applicants.
The Bureau also believes that its simplified alternative size
standard will provide reporting results that are largely consistent
with what would be reported by adopting the full SBA size standards.
The Bureau used data from the U.S. Census's 2012 Statistics of U.S.
Businesses (SUSB) and the U.S. Department of Agriculture's 2012 Census
of Agriculture to analyze how various alternative approaches would
change the number of businesses considered ``small'' under this rule
relative to the SBA definition.\566\ Among the 7.2 million small
employer businesses and farms, the Bureau estimates that 365,000
businesses that would be small under the SBA's existing size standards
will not be covered by the Bureau's $5 million gross revenue standard.
The Bureau further estimates that the Bureau's rule will cover some
14,000 agricultural businesses that would not be small under the SBA's
existing size standards. The Bureau believes that such variation with
respect to the SBA's current size standards is an appropriate trade-off
for the reasons described herein.
---------------------------------------------------------------------------
\566\ The 2012 SUSB is the most recent Census product to have
categories of revenue and employees granular enough to conduct this
analysis. The Bureau constructed the 2012 equivalents of the second
and third alternatives due to the vintage of the SUSB data available
and used the SBA's 2012 size standards for the analysis. The 2012
SUSB only covers employer firms or businesses with at least one
employee.
---------------------------------------------------------------------------
The Bureau notes, however, that some industries will have greater
divergence between which businesses are small under the Bureau's $5
million gross annual revenue alternative size standard and which
businesses are small under the SBA's existing size standards. That is,
applications for businesses that are small under the SBA's existing
size standards will be reported to the Bureau less from some industries
than others. In general, there will be a larger proportion of
businesses whose applications will not be reported in industries with a
higher revenue-based size standard. The industries most affected by
this are the retail trade and construction industries. Other industries
disproportionately affected may include manufacturing, wholesale trade,
health care and social assistance, and professional, scientific, and
technical services. The Bureau received limited public feedback with
respect to such concerns.
The Bureau also believes that a simplified size standard will be
important for financial institutions that may not frequently engage in
small business lending in determining whether they are covered under
this final rule. As discussed in the section-by-section analysis of
Sec. 1002.105(b), small business lending data collection and reporting
is required only for financial institutions that originated at least
100 covered credit transactions for small businesses in each of the two
preceding calendar years. Financial institutions that do not frequently
lend
[[Page 35270]]
to small businesses will seek to track precisely how many such
transactions they have originated. The Bureau believes that it is
important to empower financial institutions to quickly ascertain
whether a covered credit transaction was originated for a small
business, so that infrequent lenders can continue to monitor whether
compliance with this final rule is required.
The Bureau believes that its $5 million gross annual revenue
standard is a more efficient and appropriate measure of applicant size
for purposes of determining whether small business lending data
collection is required pursuant to section 1071. The Bureau understands
that the SBA generally bases business concern size standards on average
annual receipts or the average number of employees of the business
concern, as customized industry-by-industry across 1,012 6-digit NAICS
codes. The SBA typically uses two primary measures of business size for
size standards purposes: (i) average annual receipts \567\ for
businesses in services, retail trade, agricultural, and construction
industries, and (ii) average number of employees \568\ for businesses
in all manufacturing industries, most mining and utilities industries,
and some transportation, information, and research and development
industries.\569\ The Bureau understands that the SBA's size standards
are used to establish eligibility for a variety of Federal small
business assistance programs, including for Federal government
contracting and business development programs designed to assist small
businesses in obtaining Federal contracts and for the SBA's loan
guarantee programs, which provide access to capital for small
businesses that are unable to qualify for and receive conventional
loans elsewhere. The Bureau notes that its $5 million size standard
will only be used to determine whether small business lending data
collection is required pursuant to section 1071, and has no bearing on
eligibility for Federal small business assistance. Moreover, the Bureau
believes it is far more likely that an applicant will be able to
readily respond to a question regarding its gross annual revenue for
the preceding fiscal year--something already contemplated by existing
Regulation B for all business credit to determine whether adverse
action notice requirements apply \570\--than offer the closest metric
currently in use by SBA regulations, which is generally average annual
receipts across the previous five fiscal years.\571\
---------------------------------------------------------------------------
\567\ The Bureau understands that the SBA changed its
regulations on the calculation of average annual receipts for all
its receipts-based size standards, and for other agencies' proposed
receipts-based size standards, from a three-year averaging period to
a five-year averaging period, outside of the SBA Business Loan and
Disaster Loan Programs. 84 FR 66561 (Dec. 5, 2019).
\568\ Generally, the average number of employees of the business
concern is used (including the employees of its domestic and foreign
affiliates) based upon numbers of employees for each of the pay
periods for the preceding completed 24 calendar months. See 13 CFR
121.106(b)(1).
\569\ To measure business size, the SBA also uses financial
assets for certain financial industries, and for the petroleum
refining industry, it uses refining capacity and employees.
\570\ See 12 CFR 1002.9(a)(3).
\571\ 13 CFR 121.104(a) and (c).
---------------------------------------------------------------------------
The Bureau believes that requiring application of existing SBA size
standards for this rule could result in many financial institutions
having to undergo extensive operational and/or compliance management
system changes. The Bureau believes that it will reduce burden for
financial institutions, particularly those without sophisticated
compliance management systems or familiarity with SBA lending, to
comply with a gross annual revenue size standard for the section 1071
small business definition that better aligns with current lending
practices.
If the Bureau were to adopt a small business definition using the
existing SBA size standards that vary by industry based on 6-digit
NAICS codes, financial institutions would only be able to request an
applicant's protected demographic information further along in the
application process, once they have obtained the multiple pieces of
data that would be necessary to determine whether the applicant is
small and, therefore, the 1071 process applies. This delay could make
it more difficult for financial institutions to collect applicants'
protected demographic information (particularly for applications that
are withdrawn or closed for incompleteness early in the application
process), which is important to both of section 1071's statutory
purposes. These data collection considerations differ from those
applicable to SBA lending programs, whereby a lender often cannot (and
should not) make an accurate eligibility determination for an SBA loan
until later in the application process, often after a loan has already
been initially decisioned and after the lender has collected
information related to size, time in business, and other data.
In order to allow financial institutions to expeditiously determine
whether this rule applies, the Bureau is seeking to minimize complexity
for financial institutions in determining whether a covered application
is reportable because the applicant business is a small business--a
necessary determination for the collection of protected demographic
information pursuant to section 1071. The Bureau believes, and most
commenters agreed, that this rule will benefit from a universal, easy-
to-apply reporting trigger that does not need to be supported by
additional documentation or research. Such a reporting trigger must be
easily understood by small business owners who may be completing an
application online, or by the tens of thousands of customer-facing
personnel who take small business applications in an industry with a
recent turnover rate of over 20 percent.\572\ The Bureau also believes
that a gross annual revenue reporting trigger will facilitate better
compliance with section 1071 requirements because it aligns with many
larger financial institutions' current lending and organizational
practices, which use gross annual revenue to assign small businesses
into their retail/small business banking groups.\573\
---------------------------------------------------------------------------
\572\ Jim Dobbs, Employee churn surges at banks despite pay
hikes, Am. Banker (Sept. 9, 2022), https://www.americanbanker.com/news/employee-churn-surges-at-banks-despite-pay-hikes.
\573\ See Fed. Deposit Ins. Corp., Small Business Lending
Survey, at 12 (2018), https://www.fdic.gov/resources/publications/small-business-lending-survey/2018-survey/section2.pdf (finding that
a substantial majority of large banks use gross annual revenue (61.8
percent) as a limit to define small businesses).
---------------------------------------------------------------------------
Requiring financial institutions to rely on the SBA's existing size
standards for purposes of 1071 data collection and reporting
requirements could pose risks to the efficient operation of small
business lending. Based on the overwhelmingly consistent feedback the
Bureau has received from stakeholders on this issue, the Bureau
believes that using the SBA's existing size standards for the purposes
of section 1071--wherein the financial institution must quickly
determine the appropriate 6-digit NAICS code for businesses and then
apply a variety of standards, including potentially gathering
information to determine five years of the applicant's average annual
receipts or employee information--would not align with current lending
and organizational practices. Application of the SBA's existing size
standards, at the beginning of the application process, could slow down
the application process, particularly at institutions that otherwise
would often be able to render credit decisions in a matter of minutes;
the Bureau believes that financial institutions may be compelled to
raise the cost of credit or originate fewer covered credit transactions
as a result.
[[Page 35271]]
Such an outcome could needlessly affect access to credit for small
businesses. The Bureau believes that eliminating credit opportunities
or reducing access to credit for small businesses, including women-
owned and minority-owned small businesses, in this way would frustrate
the statutory purpose of section 1071 to ``enable communities,
governmental entities, and creditors to identify business and community
development needs and opportunities of women-owned, minority-owned, and
small businesses.'' \574\
---------------------------------------------------------------------------
\574\ ECOA section 704B(a).
---------------------------------------------------------------------------
The Bureau expects that many financial institutions, for
efficiency, will bifurcate their business credit application procedures
based on an initial determination of whether the application will be
subject to this rule. The Bureau therefore believes that many financial
institutions will not proceed with taking applicant information until
the financial institution is able to determine that the applicant is
small (in which case, this rule requires it to collect and report the
applicant's protected demographic information) or that the applicant is
not small (where ECOA generally prohibits the financial institution
from collecting protected demographic information). If this process
necessitates determining the correct NAICS code for the applicant, and
in many cases, requesting five years of average annual receipts or the
24-month average number of employees from the applicant pursuant to
SBA's existing size standards, the Bureau believes that businesses
seeking credit would encounter, at a minimum, otherwise avoidable
delays in application processing.
Section 1071 is also unique in that Congress specified that the
data collection regime include a particular form of revenue for the
businesses at issue. As discussed in the section-by-section analysis of
Sec. 1002.107(a)(14) below, section 1071 requires a financial
institution to collect ``the gross annual revenue of the business in
the last fiscal year of the women-owned, minority-owned, or small
business loan applicant preceding the date of the application.'' \575\
The Bureau considered whether under section 1071 a financial
institution should have to apply two different revenue-based rules
(first, one for determining whether the business is small under the
existing SBA size standards and therefore 1071 data must be collected
and reported; and, second, if the business is small, another for
reporting the business's gross annual revenue in the last fiscal year),
or whether applying only one revenue-based standard for implementing
section 1071 could be sufficient. Requiring financial institutions to
apply different standards could be unnecessarily confusing and
burdensome, as well as also increase the potential for errors in data
collection and reporting. Moreover, as discussed below, section 1071
amends ECOA, which already incorporates the concept of gross annual
revenue as implemented under existing Regulation B's adverse action
notice requirements.
---------------------------------------------------------------------------
\575\ Id.
---------------------------------------------------------------------------
Small farm definition. The Bureau is not adopting a different small
business definition for farms. Many agricultural lenders suggested
aligning with the Farm Credit Administration's (FCA) small farmer
definition for agricultural financing transactions, primarily arguing
that: (i) the proposed $5 million threshold is substantially
overinclusive as applied to the farming community and would cover
almost all the customers of FCS lenders; (ii) aligning with the FCA's
``small farmer'' definition would facilitate compliance and reduce
burden because FCS lenders are very familiar with the standard; and
(iii) this change would take into account the unique nature of the
agricultural industry, which is disproportionately dominated by family
farms.
The Farm Credit Act of 1971 authorizes the FCS to provide financing
and services to farmers and ranchers through FCS banks and
associations. The Act also provides the FCA, an independent Federal
agency, authority to regulate and examine these institutions and it
requires them to report annually to FCA about the operations and
achievements of the associations' lending and service programs for
young, beginning, and small farmers and ranchers. FCA's definition of
``small farmer'' is ``a farmer, rancher, or producer or harvester of
aquatic products who normally generates less than $250,000 in annual
gross sales of agricultural or aquatic products.'' \576\ The FCA has
not updated this threshold since it was first adopted in 1998 although
it has since considered whether to change it.\577\
---------------------------------------------------------------------------
\576\ Farm Credit Admin., Bookletter 040--Revised: Providing
Sound and Constructive Credit to Young, Beginning, and Small
Farmers, Ranchers, and Producers or Harvesters of Aquatic Products,
at 2 (Aug. 10, 2007), https://ww3.fca.gov/readingrm/Handbook/FCA%20Bookletters/BL-040%20REVISED.docx.
\577\ 84 FR 5389, 5390 (Feb. 21, 2019) (``Several agricultural
and economic cycles have occurred since 1998, and we are considering
whether the $250,000 gross sales amount continues to be appropriate
or should be revised or indexed to reflect the changes, including
the economic conditions presently affecting agricultural
producers.'')
---------------------------------------------------------------------------
The NPRM made clear the Bureau's intention to cover agricultural
credit, and the Bureau did not propose a separate small farm definition
or any other adjustments specifically for agricultural credit. Prior to
the SBA increasing its size standards for small farms, the Bureau
acknowledged in the NPRM that its proposed $5 million size standard
could result in data reporting on applications from approximately
77,000 businesses that would not be considered small under the SBA size
standards in effect at that time, the vast majority of which would be
farms (for which, at that time, the SBA predominantly used a $1 million
standard). Conversely, the Bureau estimated that 270,000 primarily non-
agricultural businesses that would be small under the SBA's size
standards in effect at the time of the NPRM would not be covered under
the proposed $5 million gross annual revenue standard.
As noted above, the SBA's size standards for agricultural
industries have increased since the NPRM and now range from $2.25
million to $34 million average annual receipts--which now means that
the $5 million gross annual revenue standard the Bureau is finalizing
is markedly more aligned with SBA's size standards for farms than it
was at the time of the NPRM. The Bureau believes that these recent
changes to the SBA size standards, which were based on extensive
research and a notice and comment rulemaking, further suggest that a
definition of small farms based on $250,000 in annual gross sales,
preferred by certain commenters, would not sufficiently cover small
agricultural businesses.
The Bureau does not believe that the Small Business Act requires
the Bureau to adopt a separate definition for small farms, as implied
by one commenter. The Small Business Act provides that the SBA
Administrator must ``ensure that the size standard varies from industry
to industry to the extent necessary to reflect the differing
characteristics of the various industries and consider other factors
deemed to be relevant by the Administrator.'' \578\ The Bureau
believes, and explained to the SBA when obtaining its approval, that
this rule will benefit from a universal, easy-to-apply reporting
trigger that reflects the need for a wide variety of financial
institutions to apply a simple, broad definition of a small business
that is practical across the many product types, application types,
technology platforms, and applicants in the market.
[[Page 35272]]
In particular, the Bureau believes that the size standard finalized
here is consistent with factors that the SBA has previously identified
as relevant to the proper exercise of its discretion in this respect--
the SBA considers (1) current economic conditions, (2) its mission and
program objectives, (3) the SBA's current policies, (4) impacts on
small businesses under current and proposed or revised size standards,
(5) suggestions from industry groups and Federal agencies, and public
comments on the proposed rule, and (6) whether a size standard based on
industry and other relevant data successfully excludes businesses that
are dominant in the industry.\579\
---------------------------------------------------------------------------
\578\ 15 U.S.C. 632(a)(3).
\579\ See 85 FR 62372, 62373 (Oct. 2, 2020) (discussing the
SBA's revised size standard methodology).
---------------------------------------------------------------------------
While the Bureau received widespread support for a simple gross
annual revenue threshold, it also understands, as explained by some
commenters, that many agricultural lenders generally do not collect
gross annual revenue for underwriting or regulatory compliance
purposes, which could complicate use of a gross annual revenue
threshold to determine small business status. Nonetheless, ECOA section
704B(e)(2)(F) requires financial institutions to collect and report
gross annual revenue under section 1071. As discussed in its section-
by-section analysis of Sec. 1002.107(a)(14), the Bureau is finalizing
comment 107(a)(14)-2, which first clarifies that pursuant to final
Sec. 1002.107(c), a financial institution shall maintain procedures
reasonably designed to collect applicant-provided data, including the
gross annual revenue of the applicant. The final comment then states
that if a financial institution is nonetheless unable to collect or
determine the specific gross annual revenue of the applicant, the
financial institution reports that the gross annual revenue is ``not
provided by applicant and otherwise undetermined.'' The Bureau believes
that permitting this reporting flexibility for agricultural lenders and
other financial institutions will reduce the complexity and difficulty
of reporting gross annual revenue information, particularly when an
application has been denied or withdrawn early in the process and the
gross annual revenue could not be collected.
While the Bureau acknowledges arguments that the FCA definition
might facilitate compliance among FCS lender staff and other compliance
professionals who are already familiar with that definition, the Bureau
does not believe it would be appropriate to deviate from its otherwise
widely supported cross-industry approach. While the Bureau acknowledges
that the market share of total farm business debt held by FCS lenders
is significant (44.4 percent at the end of 2020 \580\), the Bureau is
mindful that many other types of non-FCS lenders participate in this
important small business lending market. Such lenders would not be able
to leverage familiarity with the existing FCA definition and may engage
in other types of non-farm lending that would not be subject to this
definition. As a result, these lenders may not equally benefit from
applying the FCA definition to agricultural small businesses. Indeed,
the Bureau understands that an association of community banks issued a
letter to oppose efforts to obtain special treatment for FCS lenders,
stating that ``[i]t would be totally inappropriate to exempt FCS
lenders from onerous regulatory burdens while subjecting smaller
lenders, such as community banks, to those regulations even as both
types of lenders are serving the same customer base in many
instances.'' \581\ The Bureau believes a consistent small business
definition that applies to all financial institutions will result in
consistency across the 1071 data, more robust fair lending analyses,
and arguably an even playing field for compliance across all financial
institutions.
---------------------------------------------------------------------------
\580\ Farm Credit Admin., 2021 Annual Report, at 16 (2022),
https://www.fca.gov/template-fca/about/2021AnnualReport.pdf.
\581\ Letter from Indep. Cmty. Bankers of Am., to Senate Chairs
Stabenow and Brown and Ranking Members Boozman and Toomey (June 23,
2022), https://www.icba.org/docs/default-source/icba/advocacy-documents/letters-to-congress/senate-letter-opposing-fca-independent-authority-act.pdf?sfvrsn=8d2f1c17_0.
---------------------------------------------------------------------------
The Bureau acknowledges that a $5 million gross annual revenue
threshold will be somewhat overinclusive relative to SBA and Census of
Agriculture standards. Some agricultural lenders lament that the
threshold would cover almost all their lending and several commenters
argued in favor of the FCA definition instead for section 1071 purposes
because, they said, it would capture a substantial amount of data while
mitigating some of the impact of the compliance cost. As discussed
above, the Bureau believes that its $5 million gross annual revenue
threshold strikes an appropriate balance between covering the
applications of most businesses that are considered small under the
SBA's size standards, while minimizing the number of businesses above
the SBA's size standards whose applications will be reported to the
Bureau, and in a way that satisfies the SBA's criteria for approving an
alternative size standard under its regulations. In striking this
balance, the Bureau considered section 1071's statutory purposes, and
it believes that a broader scope of coverage with regard to
agricultural businesses is warranted, given the historical and/or
continuing discrimination against Black farmers and the need for
transparency into agricultural lending both for fair lending
enforcement and business and community development.
Other suggested size standards. The Bureau is not adopting a small
business definition based on 4-digit NAICS codes, as suggested by one
commenter. As explained above in its discussion of existing SBA size
standards, the Bureau believes needing to obtain even a 4-digit NAICS
code at the beginning of the application process would often result in
a financial institution not being able to determine whether an
applicant for business credit is small (and thus subject to the data
collection requirements of this final rule) until later in the
application process. Similarly, the Bureau believes that a small
business definition based on both number of employees and gross annual
revenues (e.g., the 500 employee/$8 million standard set forth in the
SBREFA Outline and suggested by commenters or one commenter's 100
employee/$1 million standard) would mean that a financial institution
would only be able to request an applicant's protected demographic
information further along in the application process, once they have
obtained the multiple pieces of data that would be necessary to
determine whether the applicant is small and, therefore, only at that
later stage would it be able to determine that such data collection is
required. This delay could interfere with financial institutions'
ability to collect these data, particularly for applications that are
withdrawn or closed for incompleteness early in the application
process, which would limit the usefulness of the data for section
1071's statutory purpose of fair lending enforcement.
106(b)(2) Inflation Adjustment
Inflation is a general increase in the overall price level of the
goods and services in the economy; deflation marks a general decrease
in the same. A price index, of which there are several types, measures
changes in the price of a group of goods and services. The Board's
Federal Open Market Committee currently finds that an annual increase
in inflation of 2 percent in the price index for personal
[[Page 35273]]
consumption expenditures, produced by the Department of Commerce, is
most consistent over the longer run with the Board's mandate for
maximum employment and price stability.\582\ The United States Bureau
of Labor and Statistics, which publishes several price indices, found
that from December 2020 to December 2021, ``consumer prices for all
items rose 7.0 percent, the largest December to December percent change
since 1981.'' \583\
---------------------------------------------------------------------------
\582\ Bd. of Governors of the Fed. Rsrv. Sys., What is inflation
and how does the Federal Reserve evaluate changes in the rate of
inflation? (last updated Sept. 2016), https://www.federalreserve.gov/faqs/economy_14419.htm.
\583\ U.S. Bureau of Labor Stat., Consumer Price Index: 2021 in
review (Jan. 2022), https://www.bls.gov/opub/ted/2022/consumer-price-index-2021-in-review.htm.
---------------------------------------------------------------------------
In order to keep pace with changes to the SBA's own size standards
and the potential impact of future inflation or deflation, the Bureau
stated in the NPRM that it was considering whether it might update its
proposed $5 million gross annual revenue size standard over time
(perhaps at the end of a calendar year in order to allow financial
institutions to use the same threshold consistently throughout the
year). The Bureau sought comment on how this should be done and the
frequency at which it should occur.
Two community groups and a CDFI lender requested that the Bureau
address adjustments of its gross annual revenue threshold for defining
a small business under the rule. The community groups suggested annual
adjustments for inflation, while the CDFI lender suggested an
adjustment every five to ten years to account for future inflation and
keep pace with changes to the SBA's own size standards. Conversely, a
bank argued against incremental adjustments, stating that the Bureau
should set its small business definition once in the final rule.
Another bank suggested that the Bureau wait to determine if the
threshold needs adjusting after it has sufficient data to analyze after
several years of collection.
For the reasons set forth herein, the Bureau is finalizing new
Sec. 1002.106(b)(2) to provide that every five years after January 1,
2025, the gross annual revenue threshold set forth in Sec.
1002.106(b)(1) shall adjust based changes to the Consumer Price Index
for All Urban Consumers (U.S. city average series for all items, not
seasonally adjusted), as published by the United States Bureau of Labor
Statistics (CPI-U). Any such adjustment will be rounded to the nearest
multiple of $500,000. If an adjustment is to take effect, it will do so
on January 1 of the following calendar year.
New comment 106(b)(2)-1 clarifies the Bureau's inflation adjustment
methodology. The comment explains that the base for computing each
adjustment (both increases and decreases) is the January 2025 CPI-U;
this base value will be compared to the CPI-U value in January 2030 and
every five years thereafter. The comment provides several examples
illustrating this comparison. New comment 106(b)(2)-1 makes clear that
if, as a result of rounding to the nearest multiple of $500,000, there
is no change in the gross annual revenue threshold, there will be no
adjustment.
New comment 106(b)(2)-2 provides that if publication of the CPI-U
ceases, or if the CPI-U otherwise becomes unavailable or is altered in
such a way as to be unusable, then the Bureau shall substitute another
reliable cost of living indicator from the United States Government for
the purpose of calculating adjustments pursuant to final Sec.
1002.106(b)(2).
The Bureau agrees with several commenters that it should provide
for a mechanism to update the rule's $5 million gross annual revenue
size standard over time to account for the potential impact of
inflation or deflation. In order to minimize operational disruptions,
the Bureau is not adopting an annual adjustment for inflation; instead,
a determination regarding the need to adjust the threshold will occur
every five years, beginning in 2030, to account for future inflation or
deflation on a schedule similar to the SBA's own size standards, which
are required to be reviewed no less frequently than once every five
years under the Small Business Act.\584\ Recently, the SBA added a
13.65 percent inflation increase to its receipts- and assets-based size
standards.\585\ Moreover, in order to mitigate commenters' concerns
discussed in the section-by-section analysis of Sec. 1002.107(a)(14)
regarding complexity and difficulty of collecting gross annual revenue
information, the Bureau will round any such adjustment to the nearest
multiple of $500,000. The Bureau believes that this rounding, in
combination with the approach in final comment 107(a)(14)-1--clarifying
that a financial institution need not verify applicant-provided gross
annual revenue information, and providing language that a financial
institution may use to ask the applicant for such information--will
make it easier for financial institutions to more quickly determine
small business status for the purpose of rule applicability. The Bureau
also believes that this approach is consistent with existing Bureau
procedures for inflation adjustments (albeit in a more streamlined
way), provides transparency for replication, and will result in less-
frequent changes in the reporting requirements of financial
institutions, thereby reducing the disruption that an annual inflation
adjustment might cause in this situation.
---------------------------------------------------------------------------
\584\ Pub. L. 111-240, 124 Stat. 2504 (2010); see also 13 CFR
121.102(c) (requiring the SBA examine the impact of inflation on
monetary size standards (e.g., receipts, tangible net worth, net
income, and assets) and make necessary adjustments at least once
every five years).
\585\ 87 FR 69118 (Nov. 17, 2022).
---------------------------------------------------------------------------
The Bureau is providing commentary to ensure transparency regarding
its inflation methodology, which will allow financial institutions to
better anticipate and prepare for potential inflation or deflation
adjustments. To further explain its methodology, the Bureau is
providing the following illustration, which assumes that compliance
with the rule was required beginning July 1, 2014, subject to the same
five-year adjustment schedule described above. In this illustration,
the base for computing each adjustment would be January 2015, which had
a CPI-U value of 233.707. Here, the CPI-U value for January 2020
(257.971) would be used for the first five-year inflation update since
January 2015 and would update the gross annual revenue threshold to
reflect the change in the CPI between January 2015 and January 2020. As
demonstrated with the formulas below, the percentage change between
those two years' CPI-U values would be calculated (about 10.4 percent)
and then would be applied to the $5 million gross annual revenue
threshold to get a value of $5,519,112. This would be rounded to
$5,500,000 and would become the new threshold effective in January
2021.
[[Page 35274]]
[GRAPHIC] [TIFF OMITTED] TR31MY23.209
All subsequent adjustments would be made in the same manner. For
instance, using the above illustrative example, the following
calculation would be performed in January 2025 (ten years after January
2015, five years after January 2020):
[GRAPHIC] [TIFF OMITTED] TR31MY23.210
The CPI-U series \586\ used for the Bureau's inflation adjustment
methodology is public and can be used by anyone wishing to perform the
calculation themselves. Additionally, the Bureau of Labor and
Statistics provides an inflation calculator for this exact CPI-U
series, which allows any entity to easily calculate an adjusted gross
annual revenue threshold without the need for manual calculations.\587\
---------------------------------------------------------------------------
\586\ Specifically, the Bureau of Labor and Statistics series is
CUUR0000SA0 and a chart with its values for all months and years is
available at https://data.bls.gov/timeseries/CUUR0000SA0. The CPI-U
is released on a month lag, so the value for January is available in
February.
\587\ This calculator is available at https://www.bls.gov/data/inflation_calculator.htm and uses the CUUR0000SA0 as the basis for
its calculation. To use this calculator for the illustrative example
above, enter 5,000,000 in the $ field, enter January 2015 as the
starting date, and January 2020 in the subsequent date field. Click
on calculate, and the result is $5,519,111.54, the same number as
above, which would be rounded to the nearest $500,000, i.e.,
$5,500,000.
---------------------------------------------------------------------------
In addition to new comment 106(b)(2)-2, discussed above, which
clarifies the timing of its inflation adjustments, the Bureau believes
that the adjustment schedule set forth below will also be helpful to
explain the inflation adjustment timing:
Table 2--Inflation/Deflation Adjustment Schedule
------------------------------------------------------------------------
Inflation/deflation adjustment
Date schedule
------------------------------------------------------------------------
January 2025........................... Base month/year for computing
each adjustment.
January 2030........................... Reference month/year for the
first five-year inflation
adjustment.
Spring-Summer 2030..................... Calculation performed to
determine changes in the CPI-U
between January 2025 and
January 2030.
January 2031........................... If necessary, effective date
for the adjusted gross annual
revenue threshold amount.
January 2035........................... Reference month/year for the
second five-year inflation
adjustment.
Spring-Summer 2035..................... Calculation performed to
determine changes in the CPI-U
between January 2025 and
January 2035.
January 2036........................... If necessary, effective date
for the adjusted gross annual
revenue threshold amount.
------------------------------------------------------------------------
Section 1002.107 Compilation of Reportable Data
107(a) Data Format and Itemization
Background
ECOA section 704B(e) requires financial institutions to ``compile
and maintain'' records of information provided by applicants ``pursuant
to a request under subsection (b),'' and requires them to ``itemiz[e]''
such information to ``clearly and conspicuously disclose'' a number of
data points enumerated in the statute in section 704B(b) and
(e)(2).\588\ In addition, section 704B(e)(2)(H) provides the Bureau
with authority to require ``any additional data that the Bureau
determines would aid in fulfilling the purposes of [section 1071].''
Section 1071's statutory purposes are twofold: (1) to facilitate
enforcement of fair lending laws; and (2) to enable communities,
governmental entities, and creditors to identify business and community
development needs and opportunities of women-owned, minority-owned, and
small businesses.\589\
---------------------------------------------------------------------------
\588\ As discussed in greater detail above in E.2 of the
Overview to this part V, the Bureau interprets the phrase ``pursuant
to a request under subsection (b)'' in section 1071 as referring to
all of the data points contemplated by ECOA section 704B(e), not
merely whether the applicant is a minority-owned, women-owned, or
small business.
\589\ ECOA section 704B(a).
---------------------------------------------------------------------------
Proposed Rule
The Bureau proposed to adopt the data points enumerated in ECOA
section 704B(b) and (e)(2)(A) through (G) largely consistent with its
proposals under consideration at SBREFA, but with certain changes as
discussed in the proposed rule. Consistent with its
[[Page 35275]]
approach in the SBREFA Outline,\590\ the Bureau proposed data points
pursuant to its statutory authority set forth in section 704B(e)(2)(H)
relating to pricing, time in business, NAICS code, and number of
workers. In addition, based on feedback from small entity
representatives and other stakeholders and in the course of developing
the proposed rule, the Bureau identified several additional data points
that it believed would be important to the quality and completeness of
the data collected and would aid significantly in furthering the
purposes of section 1071. The Bureau proposed to adopt additional data
points regarding application method, application recipient, denial
reasons, and number of principal owners. In addition, the Bureau relied
on ECOA section 704B(e)(2)(H), as well as its authority under
704B(g)(1), to propose certain clarifications to the data points
enumerated in section 704B(b) and (e)(2)(A) through (G).
---------------------------------------------------------------------------
\590\ SBREFA Outline at 34-35.
---------------------------------------------------------------------------
In regard to the specific method by which a financial institution
would collect the data points, the proposed rule would have required a
covered financial institution to compile and maintain data regarding
covered applications from small businesses, and required that the data
be compiled in the manner prescribed for each data point and as
explained in associated Official Interpretations (included in the
proposed rule) and the Filing Instructions Guide that the Bureau
anticipated later providing on a yearly basis. The proposed rule then
explained that the data compiled would include the items described in
proposed Sec. 1002.107(a)(1) through (21). The Official
Interpretations, sometimes referred to as official comments or official
commentary, would provide important guidance on compliance with the
regulation and were discussed in relation to each data point as well as
other regulatory provisions. The Filing Instructions Guide would
provide instructions on the operational methods for compiling and
reporting data, including which codes to report for different required
information. The Filing Instructions Guide would be updated yearly, as
is the Filing Instructions Guide that is used with HMDA compilation and
reporting.\591\ Proposed comment 107(a)-1 would have provided general
guidance on complying with Sec. 1002.107(a).
---------------------------------------------------------------------------
\591\ See generally Fed. Fin. Insts. Examination Council, The
Home Mortgage Disclosure Act, https://ffiec.cfpb.gov/ (last visited
Mar. 20, 2023).
---------------------------------------------------------------------------
The Bureau crafted the proposed rule in consideration of the
concerns and input of the small entity representatives and other
stakeholders. First, the proposed rule would generally not have
required a financial institution to verify applicant-provided
information and limited the data points proposed pursuant to ECOA
section 704B(e)(2)(H) to those that the Bureau believed would be most
useful for the purposes of section 1071. In addition, the Bureau
considered the costs, including data quality scrubs, automation and
training, that would be imposed by the collection and reporting of the
proposed data points; these were discussed in the proposed rule and
that discussion is now updated in part IX below. The Bureau attempted
to craft the collection and reporting requirements to be as clear and
operationally manageable as possible, and requested comment on
potential methods for increasing clarity and manageability.
In regard to concerns from small entity representatives and other
stakeholders about being required to collect applicants' protected
demographic information for purposes of section 1071, the Bureau noted
that several small entity representatives reported collecting this kind
of information currently in certain situations (because they are CDFIs,
or because they are participating in certain SBA or similar guarantee
programs). In addition, the Bureau crafted the proposed rule to provide
flexibility for financial institutions in the collection and reporting
of this information. The Bureau also did not propose an exemption for
small financial institutions from reporting data points adopted
pursuant to ECOA section 704B(e)(2)(H), as suggested by some small
entity representatives and commenters, though it did propose an
exemption from the rule for certain institutions with limited small
business credit originations.
The Bureau sought comment on its proposed approach to the
collection and reporting of data points, including the specific
requests for input above and in the section-by-section analysis of each
of the proposed data points.
Comments Received
The Bureau received numerous comments discussing the general data
point collection and reporting requirements from banks, trade
associations, credit unions, farm credit institutions, community
groups, lenders, research institutions, an association of State bank
supervisors, and a Federal agency. This comment summary section will
discuss the comments regarding the overall data points first, then
focus on those that dealt specifically with the data points proposed
pursuant to ECOA section 704B(e)(2)(H) (often making statements similar
to those on the overall data points). Comments regarding individual
data points are discussed below in the section-by-section analyses that
follow.
General data point comments. Several community groups and a
business advocacy group supported the overall data points requirements,
stating that robust data are essential for understanding underwriting,
gaps in lending, unmet community needs, and other issues that stand in
the way of equitable, responsible lending. A business advocacy group
stated that the recent enhancement of HMDA data proves the importance
of robust data because of its strongly positive impact on lending to
minorities. That commenter also stated that the rule should start out
with the collection of granular data because discrimination often
involves not only credit denials but also less favorable credit terms.
A joint comment letter from community groups, community oriented
lenders, and business advocacy groups stated that CDFIs and mission-
driven lenders, who will have to comply with the data point reporting
requirements, view the costs as reasonable considering the benefits of
the rule. Two community-oriented lenders made similar statements,
saying that they already collect most of this information for
underwriting and compliance with other requirements. One also stated
that it does not plan to raise fees or restrict access to credit as a
result of the rule. One rural community group stated that the data
points will be important for understanding agricultural lending and for
that reason supported the inclusion of agricultural lending under the
rule.
Several industry commenters stated that the data points were too
numerous and would be burdensome to collect and report. These
commenters stated that setting up the compliance system would be
particularly costly and that the cost would have to be passed on to
customers, and one suggested that the Bureau should reconsider moving
forward with the rule. These commenters also stated that financial
institutions do not currently collect these data points. A trade
association for online lenders stated that collecting these data points
would interfere with online lenders' business model and the Bureau
should obtain this information from other sources, such as the SBA, the
Minority Business Development Agency, and the Treasury Department. A
bank stated that 1071 data disclosure
[[Page 35276]]
will help address significant racial and gender gaps but asked that the
Bureau consider the depth and breadth of the data collected because
community banks are faced with what it referred to as seemingly
continuous data collection (for HMDA, Bank Secrecy Act, etc.) and
regulatory exams. The bank also asked that the collection method be
``SMART'' (specific, measurable, attainable, realistic, and timely) in
order to reduce burden.
Several banks suggested that HMDA data yield useful fair lending
analyses in the residential mortgage market because those loans are
underwritten similarly. In contrast, they stated, small business loans
are more complex and unique and have to be manually underwritten to
consider numerous variables in accordance with the individual
institution's standards, rendering any fair lending analyses flawed and
unreliable. One of these commenters suggested that if fair lending
analysis is to be performed using only the data points proposed,
lenders will be forced to revamp and substantially limit the inputs
used in decision making, ultimately leading to a smaller number of
product offerings and fewer approvals for small business loans overall.
Industry commenters also made several other suggestions and
requests regarding the proposed data points. Two commenters asked that
the Bureau eliminate or reduce the use of free-form text to report
additional information, suggesting that the information gathered would
be burdensome, hard to trend, open to different interpretations, and
unreliable. Two commenters stated that it was important that applicants
provide their information voluntarily. A trade association asked for
reporting flexibility when information is not available, recommending
the use of ``declined to answer'' if the applicant declined, and ``not
available'' for all other circumstances in which the applicant did not
provide the information notwithstanding the lender's inquiry.
One commenter asked for a rule provision stating that the
collection and reporting requirements under the rule are not intended
to limit the range of data that a financial institution may collect,
use, and share for its own purposes. That commenter stated that
technology companies currently use numerous data points when making
credit decisions that enable them to extend credit to a wider range of
applicants, and limiting their ability to do so could limit access to
credit for small businesses.
Issues regarding data points proposed pursuant to ECOA section
704B(e)(2)(H). The Bureau received numerous comments from lenders,
community groups, and individual commenters supporting inclusion of the
data points proposed pursuant to ECOA section 704B(e)(2)(H). Several of
these commenters stated that such data points are important because the
dataset must include key underwriting variables in order to fulfill
section 1071's fair lending purpose. One commenter stated that these
data points are necessary to ensure proper analysis and not allow
lenders, as HMDA reporters have done, to hide behind data not collected
as a reason for lending disparities. Two commenters stated that such
data points are necessary because robust data are needed to illuminate
who lenders are serving and who they are excluding.
Several commenters stated that the Bureau must require the
collection and public dissemination of a database detailed enough to
meaningfully achieve section 1071's fair lending and community
development purposes. Others suggested that the data points proposed
pursuant to ECOA section 704B(e)(2)(H) will allow comparisons of small
businesses in general with very small businesses, which they view as
the bedrock of communities. One commenter said that such data points
will help CDFIs better understand the small business credit market,
especially in low-income communities, and whether and how
discrimination in small business lending is occurring. That commenter
and another also stated that robust data will help policymakers and the
public to better understand lending gaps and unmet community needs.
One lender stated that the proposed data points will provide
insight on the quality of the capital accessed by different demographic
groups of small business applicants, which will be useful in not only
identifying potentially discriminatory lending practices, but also
highlight capital gaps in the marketplace that lenders may be able to
fill. It also said that the data will show how financial institutions
compare across key metrics and help determine if an institution has
equitable lending, providing an unprecedented snapshot of the lending
landscape for small businesses.
The Bureau received a large number of comments, mainly from
industry, objecting to the inclusion of data points proposed pursuant
to ECOA section 704B(e)(2)(H). Commenters made many objections, but the
most common was that such data points are not collected now and would
add significantly to the burden imposed by the rule, raising costs for
borrowers. Many commenters also stated that several of these data
points would be of little use and some suggested that they could result
in inaccurate data. Many commenters suggested that the extra burden
would reduce the availability of small business credit, and some stated
that the extra burden of such data points would limit community banks'
survivability and speed up consolidation and the closing of branches in
rural and underserved communities. Other commenters also stated that
these data points would be particularly difficult for institutions that
do not have any reporting requirements under HMDA, credit unions, auto
finance lenders, CDFIs, and/or smaller lenders in general. Several
commenters stated that because farm credit associations are often
customer owned, the increased costs would be imposed directly on the
borrowers. One commenter stated that the data points proposed pursuant
to ECOA section 704B(e)(2)(H) can fluctuate during loan processing, and
would create tracking issues and reporting errors. Some commenters
suggested that small business applicants would not want to provide so
much information, which would slow down and interfere with the lending
process.
Numerous commenters stated that small business lending is complex
and nuanced and very different from residential lending, and the
partial information provided by the data points would lead to
inaccurate interpretations and potentially interfere with current
credit approval methods. Several of these commenters stated that if
statistical disparities are detected using the more straightforward
data points adopted pursuant to ECOA section 704B(e)(2)(A) through (G),
those disparities can be researched on an institution, transaction, or
file basis, providing the same information that the Bureau has proposed
to collect pursuant to 704B(e)(2)(H), but within context and without
raising false positive flags. Those commenters and others stated that
including too many unreliable and nuanced data point analyses will
result in numerous false positives and inaccurate and unfair
conclusions by community groups and their members, and potentially
regulators. A State bankers association stated that these data could be
used against banks as a competitive advantage for credit unions and
other non-traditional lenders. Conversely, a credit union trade
association stated that any rule to implement section 1071 will widen
the competitive gulf between credit unions and big banks and
``fintechs'' that have the economies of scale and the
[[Page 35277]]
technological sophistication to automate complex functions, and the
data points proposed pursuant to ECOA section 704B(e)(2)(H) would make
this problem worse. Another commenter stated that it would be unfair to
compare some such data points between regulated and non-regulated
entities because regulated entities have additional costs.
Some commenters who objected to the inclusion of data points
pursuant to ECOA section 704B(e)(2)(H) suggested that the Bureau should
first require the data points enumerated in 704B(e)(2)(A) through (G),
then add any other appropriate data points over time. They explained
that this approach would allow the Bureau to assess the burden and
potential restriction of small business credit imposed by the data
points in 704B(e)(2)(A) through (G) before moving forward with further
requirements only if appropriate and beneficial. Some commenters also
pointed out that HMDA reporting evolved over many years and the ``all
at once'' approach in the proposal is a mistake and will not allow
lenders time to adjust.
Several small lenders and their trade associations stated that if
the Bureau opts to require some or all of the data points proposed
pursuant to ECOA section 704B(e)(2)(H), then it should consider partial
collection of data for community banks and other small lenders. A trade
association for community banks suggested that the cost of such data
points would include expensive data quality scrubs to avoid negative
exam findings, which would be disproportionately borne by smaller
financial institutions. That commenter was also concerned that the rule
could require the standardization and homogenization of small business
lending, damaging the customized and relationship-based lending for
which community banks are valued. The commenter went on to state that
if community banks are forced to standardize, it will especially harm
the vulnerable small businesses that most benefit from the high-touch,
relationship-based lending that they offer.
Some commenters stated that the data points proposed pursuant to
ECOA section 704B(e)(2)(H) would create serious privacy risks. Several
commenters suggested that this was especially a concern in rural areas
where the applicant might be identified through certain data points,
such as the combination of the NAICS code and census tract, and this
risk might lead some small businesses to not apply for credit. Some of
these commenters also stated that it would be disadvantageous for
financial institutions to have access to pricing terms of their
competitors. One of these commenters stated that collecting more data
points would increase business borrower perception that this
information is being used in the credit decision.
One commenter suggested that data collection mandates in excess of
what the law requires may be found to be ``arbitrary and capricious,''
if a court decides that the Bureau has ``relied on factors which
Congress has not intended it to consider'' or ``offered an explanation
for its decision that runs counter to the evidence before the agency.''
The commenter did not explain whether or how the proposed data points
might be viewed this way. Another commenter stated that the full scope
of data that the rule would require financial institutions to report is
inconsistent with the operation of business credit markets, and that
Congress established a limited scope data collection regime in section
1071. That commenter further stated that if Congress intended to
require all covered financial institutions to proactively deliver the
same data required in fair lending enforcement actions, Congress would
have written that into the law. Although not specifically mentioning
the relevant legal standard for inclusion of such data, several
industry commenters argued that some or all of the data points proposed
pursuant to ECOA section 704B(e)(2)(H) would not fulfill the purposes
of section 1071.
Final Rule
As discussed in the section-by-section analyses that follow, the
Bureau has made changes to many of the proposed data points in order to
carry out the purposes of section 1071 more effectively and to reduce
any difficulties the rule might impose on small business lenders. In
particular, the Bureau has sought to: (1) improve the usefulness of the
data points for fair lending analysis and for business and community
development purposes; and (2) facilitate compliance by, among other
things, focusing on the reporting of information the financial
institution already collects or possesses. The Bureau's NPRM approach,
comments received, and final rule (including changes to specific data
points) are discussed for each data point in turn. The Bureau notes
that proposed Sec. 1002.107(a)(19), ``women-owned business status,''
has been combined with proposed Sec. 1002.107(a)(18), ``minority-owned
business status,'' and the final Sec. 1002.107(a)(18) data point now
addresses ``minority-owned, women-owned, and LGBTQI+-owned business
statuses.'' As a result, the data points in proposed Sec. 1002.107(20)
and (21) have been renumbered as final Sec. 1002.107(19) and (20).
The Bureau is finalizing the introductory text to Sec.
1002.107(a), regarding data format and itemization, to reflect the
number of data points in the final rule. Final Sec. 1002.107(a)
provides that a covered financial institution shall compile and
maintain data regarding covered applications from small businesses, and
that the data shall be compiled in the manner prescribed in the
individual data point provisions and the Filing Instructions Guide for
subpart B for the appropriate year. Furthermore, the data compiled
shall include the items described in final Sec. 1002.107(a)(1) through
(20). The Bureau believes that these methods will facilitate compliance
and yield quality data, and did not receive comments on the specific
text of Sec. 1002.107(a) or associated commentary.
The Bureau is finalizing comment 107(a)-1 to provide general
guidance on complying with Sec. 1002.107(a). Comment 107(a)-1 explains
that a covered financial institution (i) reports the data enumerated in
Sec. 1002.107(a) even if the credit originated pursuant to the
reported application was subsequently sold by the institution; (ii)
annually reports data for covered applications for which final action
was taken in the previous calendar year; and (iii) annually reports
data for a covered application on its small business lending
application register for the calendar year during which final action
was taken on the application, even if the institution received the
application in a previous calendar year. The Bureau believes that these
operational instructions will clarify a financial institution's
collection and reporting requirements and so facilitate compliance. The
Bureau also believes that these instructions will help to ensure the
accuracy and consistency of the data collected and reported. The Bureau
did not receive comments on comment 107(a)-1.
The final rule adds new comment 107(a)-2, which explains that a
covered financial institution may use technology such as autocorrect
and predictive text when requesting applicant-provided data under
subpart B that the financial institution reports via free-form text
fields, provided that such technology does not restrict the applicant's
ability to write in its own response instead of using text suggested by
the technology. The Bureau believes that the ability to use autocorrect
and predictive text will facilitate the use of free-form text boxes.
The Bureau considered commenters' objections to the use of free-form
text
[[Page 35278]]
boxes for collecting and reporting data under this final rule. Although
the Bureau is aware that data collected with predetermined lists is
easier to report and work with, the Bureau believes that free-form text
responses will provide useful information that would not otherwise be
collected, as they have done for HMDA data, and the use of autocorrect
and predictive text will facilitate use of free-form text boxes and
reduce inadvertent errors or typos.
The Bureau is finalizing comment 107(a)-3 (which was numbered as
comment 107(a)-2 in the proposal) as proposed, except that the final
rule adds a web address instead of the placeholder in the proposed
rule. Final comment 107(a)-3 explains that additional details and
procedures for compiling data pursuant to Sec. 1002.107 are included
in the Filing Instructions Guide, which is available at https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/. As explained above, the Bureau did not receive
comments on the use of the Filing Instructions Guide.
The Bureau is also adding new comment 107(a)-4, to make clear that
the Bureau may add additional response options to the lists of
responses contained in certain of the individual data-point comments,
via the Filing Instructions Guide, and instructs financial institutions
to refer to the Filing Instructions Guide for any updates for each
reporting year. For example, a credit purpose provided frequently in
the free-form text box for that data point could be added to the
response options via listing in the Filing Instructions Guide. The
Bureau believes that such flexibility will enhance the quality and
currency of the data collected. In addition, because financial
institutions must refer to the Filing Instructions Guide when
compiling, maintaining and reporting their data, the Bureau does not
believe that this flexibility will add operational difficulty to the
reporting of data under this final rule.
General data point issues. In regard to the comments suggesting
that the overall data point collection regime is too burdensome, the
Bureau notes that most of the data points are enumerated in the statute
and the Bureau has implemented the data points in such a way as to
reduce the burden of compilation and reporting as much as feasible
while fulfilling the purposes of section 1071. The Bureau does not
require verification of applicant-provided data, allows responses of
``not applicable'' and ``not provided by applicant and otherwise
undetermined'' when appropriate, and provides several safe harbors to
facilitate compliance. In addition, the Bureau believes that it has set
up the compilation and reporting system in a way that is specific,
measurable, attainable, realistic and timely, as requested by a
commenter. In addition, see the discussion below regarding other data
points considered for further information on the question of the rule's
burden and the issue of accuracy of fair lending analysis and small
business credit data.
In regard to the suggestion that the Bureau use other sources to
obtain information regarding small business credit instead of via this
rulemaking, as explained above the Bureau does not believe that
currently available sources are sufficient to carry out the purposes of
section 1071, and Congress required the Bureau to promulgate a rule to
collect the data. In addition, the Bureau notes that the data collected
under this rule are not exclusive, and financial institutions may
collect any other data allowable under current law to use in processing
or underwriting small business credit. For this reason, the Bureau does
not believe that this final rule will interfere with online lenders'
business practices, which a commenter was concerned about, or the
business practices of other entities that offer small business credit.
In addition, the Bureau does not believe that compilation of data under
this final rule will interfere with relationship banking by community
banks, because they will continue to be able to relate to and serve
customers as they have done previously, and may continue to make credit
decisions in any legally appropriate fashion that they have done in the
past.
As for the commenter's concern that applicant responses be
voluntary, the Bureau notes that although financial institutions are
required to have processes and procedures in place to collect these
data, applicants are free to choose not to answer their requests. For
the collection of demographic data, applicants may select an option of
``I do not wish to respond'' or similar. For many of the other data
points, so long as a financial institution maintains procedures
reasonably designed to collect applicant-provided data, a financial
institution may report ``not provided by applicant and otherwise
undetermined.'' In regard to the commenter's request that the Bureau
allow responses of ``declined to answer'' and ``not available,'' the
Bureau believes that the reporting options of ``not provided by
applicant and otherwise undetermined'' and ``not applicable'' are more
suited to this data collection, and notes that the commenter did not
explain why the suggested responses would be better.
Issues regarding data points adopted pursuant to ECOA section
704B(e)(2)(H). The Bureau is finalizing its proposed data points with
certain changes as described in the respective section-by-section
analyses of those data points below. The Bureau is relying on ECOA
section 704B(e)(2)(H), as well as its authority under 704B(g)(1), to
make clarifications to certain of the data points set forth in 704B(b)
and (e)(2)(A) through (G), as described in the section-by-section
analyses of those data points below.
Pursuant to its statutory authority set forth in ECOA section
704B(e)(2)(H), the Bureau is adopting data points for pricing, time in
business, NAICS code, number of workers, application method,
application recipient, denial reasons, and number of principal owners.
The Bureau has determined that these data points will serve the
purposes of section 1071, improve the utility of the data for
stakeholders, and reduce the occurrence of misinterpretations or
incorrect conclusions based on analysis of an otherwise more limited
dataset. In finalizing these data points, the Bureau considered the
additional operational complexity and potential reputational harm
described by commenters that collecting and reporting these data points
could impose on financial institutions. The Bureau seeks to respond to
industry concerns by adopting a limited number of data points that will
offer the highest value in light of section 1071's statutory purposes.
For this reason, the Bureau is not adopting certain additional data
points suggested by commenters such as credit score, applicant's
disability status, or business structure (see the discussion below).
In addition, the Bureau did not choose to take an incremental
approach to adding data points, as several commenters suggested, or
permit collecting and reporting of certain data points to be phased in
over time. The Bureau believes the information from the data points
adopted pursuant to ECOA section 704B(e)(2)(H) will enhance the
usefulness of the data points enumerated in 704B(e)(2)(A) through (G),
and further section 1071's purposes for the reasons stated above and in
the descriptions of those data points in the section-by-section
analyses below, and so should be collected and reported as soon as
possible. In addition, data from these data points will be an important
part of the privacy risk assessment that the Bureau will conduct after
the first full year of data are received. In response to the
[[Page 35279]]
commenters who expressed concern about privacy risks, the Bureau notes
that when making modification and deletion decisions prior to
publication of the data, it intends to consider re-identification risk
and other cognizable privacy risks. See part VIII below for additional
information.
As explained above, numerous industry commenters stated that data
points adopted pursuant to ECOA section 704B(e)(2)(H) would make the
rule more burdensome, result in greater costs for not only financial
institutions but also their small business customers, and potentially
lead to a reduction in credit availability. The Bureau does not believe
that the effects on the small business credit market from the data
points adopted pursuant to ECOA section 704B(e)(2)(H) will be so
pronounced. Rather, such data points will add only incremental costs to
the rule,\592\ and the Bureau has carefully crafted all the data points
in the final rule to provide flexibility by allowing reporting of
information that is already present in the credit file or easily
gathered from the applicant. In addition, the final rule does not
require verification, allows for responses of ``I do not wish to
respond'' or similar, ``not applicable,'' and ``not provided by
applicant and otherwise undetermined'' when appropriate, and provides
several safe harbors to facilitate compliance and reduce costs in the
compilation and reporting of the data points.
---------------------------------------------------------------------------
\592\ See part IX.F.5 below for a discussion of the economic
impacts of an alternative that only includes the data points
specified in ECOA section 704B(e)(2)(A) through (G).
---------------------------------------------------------------------------
Numerous industry commenters also stated that the small business
credit market is different from the residential housing market
disclosed in HMDA data, and the varied and complex nature of the small
business application, underwriting and approval processes will cause
the data collected pursuant to ECOA section 704B(e)(2)(H) to suggest
false positives for discrimination. Although the potential risk of
misinterpretation exists with all public data, the Bureau notes that
any fair lending analysis of the public dataset should be considered
preliminary to meaningful further investigation, and inferences from
the public data alone are not determinative of unlawful
discrimination.\593\ Furthermore, the Bureau believes that the
additional information from these data points is more likely to
eliminate false positives than to create them. For example, knowing
applicants' time in business will help to avoid comparing credit
outcomes for established businesses with outcomes for riskier start-ups
and expecting them to be similar. In this way, regulators engaged in
fair lending analysis, and the financial institutions they are
examining or researching, will be able to avoid unnecessary further
investigation.
---------------------------------------------------------------------------
\593\ In regard to the HMDA dataset for 2020, the Bureau
publicly stated that ``HMDA data are generally not used alone to
determine whether a lender is complying with fair lending laws. The
data do not include some legitimate credit risk considerations for
loan approval and loan pricing decisions. Therefore, when regulators
conduct fair lending examinations, they analyze additional
information before reaching a determination about an institution's
compliance with fair lending laws.'' See CFPB, FFIEC Announces
Availability of 2020 Data on Mortgage Lending (June 17, 2021),
https://www.consumerfinance.gov/about-us/newsroom/ffiec-announces-availability-of-2020-data-on-mortgage-lending/.
---------------------------------------------------------------------------
Many industry commenters also suggested that information from data
points adopted pursuant to ECOA section 704B(e)(2)(H) will be
unreliable and not useful for data users. However, the Bureau considers
the information required to be reported to be very useful in fulfilling
the fair lending and business and community development purposes of
section 1071, as explained in the section-by-section analysis of each
of these data points below. Although, as one commenter pointed out,
some of these data may change in the course of credit processing, HMDA
data and the data from the data points specified in ECOA section
704B(e)(2)(A) through (G) often do the same. The Bureau believes that
financial institutions will use the appropriate information from the
credit file and report accurately, as the overwhelming majority of HMDA
reporters do now.
As explained above, some commenters stated that many applicants
will not want to provide the requested information and some may be
concerned that the information will be used in the credit decision if
too much information is requested. The Bureau does not believe that
these problems will be widespread, and to the extent that they do
manifest, the financial institution can use the appropriate responses
to indicate that the applicant did not wish to provide information. The
Bureau also believes that applicants for small business credit expect
to be asked for numerous pieces of information, and the applicant-
provided data points adopted pursuant to ECOA section 704B(e)(2)(H)
(NAICS code, number of workers, time in business, and number of
business owners) do not appear likely to raise red flags.
Other commenters were concerned that different types of financial
institutions would fare differently regarding the data points adopted
pursuant to ECOA section 704B(e)(2)(H), and this difference would
create competitive distortions. The Bureau does not believe that the
structure of a financial institution will have a large effect on the
difficulty of reporting such data points. Because all covered financial
institutions have the same responsibilities under this final rule, the
Bureau believes that the effects on different financial institution
types will be similar. Numerous commenters also stated that small
financial institutions, such as community banks and small credit
unions, would be disadvantaged because they lack the economies of scale
to allow them to readily absorb the rule's costs. Several of these
commenters requested an exemption for these institutions from any data
points adopted pursuant to ECOA section 704B(e)(2)(H), but the Bureau
has determined that such an additional exemption that focuses
specifically on such data points is not appropriate. As explained in
the section-by-section analysis of Sec. 1002.105 above, the proposed
exemption for certain institutions with limited small business credit
originations is now finalized at a higher transaction level than
proposed, exempting a larger number of small financial institutions
from section 1071's data collection and reporting obligations.
Furthermore, the usefulness of the data collected would be reduced if
the dataset is incomplete for some financial institutions. In addition,
the Bureau will provide assistance to small institutions and compliance
vendors during the implementation period to help them transition to the
new rule's requirements.
In regard to the commenters who discussed legal issues involved in
this rulemaking, the Bureau notes that each of the data points adopted
pursuant to ECOA section 704B(e)(2)(H) fulfills the purposes that
Congress stated in section 1071, fair lending and business and
community development, as explained in the section-by-section analyses
that follow. In addition, the Bureau has carefully considered the
evidence before it, including from the SBREFA process and public
comments, and has based its decisions regarding these data points on
that evidence in relation to the factors that Congress intended it to
consider. Furthermore, as explained above, the Bureau does not consider
that the full data collected, whether pursuant to ECOA section
704B(e)(2)(A) through (G) or pursuant to section 704B(e)(2)(H), should
be used alone to determine whether a lender is complying with fair
lending laws. When regulators conduct fair lending examinations, they
will
[[Page 35280]]
consider additional information before reaching a determination about
an institution's compliance. The Bureau considers the scope of data
reported to be well within the parameters of congressional intent
apparent in section 1071.
Other Data Points Considered
As mentioned above, small entity representatives and other
stakeholders suggested some additional data points for the Bureau's
consideration, and the Bureau considered others in the development of
the proposed rule. Because of the operational complexities likely to be
posed by each of these potential data points, as well as the reasons
explained below, the Bureau chose not to propose to include any of the
following data points in the rule. Nonetheless, the Bureau sought
comment on whether the following potential data points or any others
would further the purposes of section 1071 and thus should be
considered for inclusion in the final rule.
Type of business/entity structure (sole proprietorship, C-
corporation, limited liability company, partnership, etc.). This
information could be useful in providing context to the ethnicity,
race, and sex data regarding applicants' principal owners. However, the
Bureau believed that collecting the number of principal owners, as
proposed in Sec. 1002.107(a)(21), would better serve this purpose.
Credit score. Collecting credit score and other credit information
could be particularly useful for the fair lending purpose of section
1071. However, because of the different types of scores and different
situations in which a financial institution would or would not access
scores, the Bureau believed that this data point could be quite
complicated and involve complex sub-fields, which could pose
operational difficulties for financial institutions in collecting and
reporting this information. These complexities could also make it
difficult for data users to understand and interpret credit score data.
Credit reporting information, including whether credit information
was accessed. This data point could also be complicated and involve
complex sub-fields, making it difficult for financial institutions to
collect and report. As with credit score, these complexities could also
make it difficult for data users to understand and interpret these
data. In addition, it was not clear that this information would be
useful without also collecting credit score.
Percentage ownership of each principal owner and percentage
ownership by women and by minorities. This information could be useful
in providing context to the ethnicity, race, and sex data regarding
applicants' principal owners. However, the Bureau was concerned that
requesting this type of percentage data could be confusing to
applicants and could result in inconsistent responses across applicants
and institutions. The Bureau believed that collecting the number of
principal owners (those individuals who each directly own 25 percent or
more of the equity interests of a business), as proposed in Sec.
1002.107(a)(21), would better serve this same purpose.
Whether the applicant has an existing relationship with the
financial institution and the nature of that relationship. This
information could provide additional context for a financial
institution's credit decision, and thus could be useful for both of
section 1071's statutory purposes. However, the Bureau believed that
the usefulness of the data collected might not justify the additional
operational complexity of identifying and tracking such relationships
for reporting.
Customer number, and/or unique (but anonymous) identification
number for applicants or associated persons for tracking of multiple
applications. This information could be useful to track multiple
applications by a single small business within a particular financial
institution, whether submitted at one time or over the course of the
year. However, the Bureau believed that the potential difficulties
posed by requiring the reporting of this information--particularly for
applications that have been withdrawn or abandoned--would not be
warranted in light of the utility of the data.
Comments Received
Type of business/entity structure. The Bureau received comments
from some lenders, community groups, and others requesting the
inclusion of a data point for type of business structure. The Bureau
did not receive any comments specifically opposing the inclusion of
type of business structure, though the Bureau understands the
overwhelming industry opposition to all data points adopted pursuant to
ECOA section 704B(e)(2)(H) likely implicates this one.
Commenters stated that collecting type of business structure would
allow for better analysis of credit outcomes, because different
structures may indicate varying levels of sophistication and can be
viewed differently by creditors. One commenter pointed out that Black
and Latino business owners are more likely to have non-employer
businesses, and type of business structure could help identify those
businesses and track their access to credit. That commenter also stated
that without the information about business structure, it will not be
possible to identify gaps in capital access between sole
proprietorships (often minority owned) and other forms, and so
collecting business structure will help ensure that future capital
programs, whether private or public, adequately include or target
business structures. One commenter stated that business structure,
along with credit score, would be important for rooting out patterns of
discriminatory or exclusionary lending practices in the deep South. A
CDFI lender stated that being able to differentiate between sole
proprietors versus corporations is also key for philanthropic efforts
that may aid the work of mission-based lenders working with specific
underserved communities, and added that it already collects this
information for the SBA 7(a) program, Paycheck Protection Program, and
the CDFI Fund. Discussing the Bureau's suggestion that collecting the
number of principal owners would provide the desired context, a
commenter stated that under the proposal, only a natural person who
directly owns at least 25 percent of a business is counted as a
principal owner, and thus a partnership, corporation, and sole
proprietorship could appear similarly situated despite presenting
different credit needs.
Credit score. The Bureau received numerous comments from community
groups, community-oriented lenders, business advocacy groups, and
others requesting the inclusion of a data point for credit score. The
Bureau did not receive any comments specifically opposing the inclusion
of credit score, though the Bureau understands the overwhelming
industry opposition to all data points adopted pursuant to ECOA section
704B(e)(2)(H) as likely implicating this one.
Commenters stated that including a data point for credit score,
along with other key underwriting criteria, was important for effective
fair lending analysis. A joint letter from community and business
advocacy groups stated that the Federal Reserve Banks in their annual
small business surveys have found large disparities in credit access
even after controlling for credit scores, and other commenters agreed
that this was the case. Many compared the situation to HMDA, where
credit scores were only recently required, suggesting that the lack of
credit scores allowed lenders to avoid accountability. A number of
community groups stated
[[Page 35281]]
that, in addition to fair lending, credit scores allow users to
understand the characteristics of applicants that are denied credit so
as to identify areas of unmet need. A joint letter from community
groups and community oriented lenders stated that more than half of
Black individuals and 41 percent of Latinos have low or no credit
scores, which impacts their ability to access financing. One community
group stated that since the Bureau implemented the expanded HMDA data
collection rules, they have determined that in their county Black
mortgage applicants are more than 10 percent likelier than white
applicants to be denied for credit history, and that having more robust
information would allow them to better advocate to their financial
partners for more equitable credit scoring models in small business
lending. A CDFI lender stated that lenders rely heavily on credit
scores to assess borrower risk and creditworthiness, and they are used
in many cases to screen for pre-qualified and/or pre-approved
applicants before moving further in the application process. Several
rural community groups stated that credit score reporting would be
important for analyzing potential discrimination in farm credit.
Numerous commenters suggested that requiring credit scores would
not be as complicated or difficult as the Bureau stated in the proposed
rule, pointing out that HMDA currently requires credit score reporting
and this rule could use a similar method. Commenters said lenders that
rely on an individual or composite credit score of business owners
should be required to report that score and the scoring model used, as
is currently required under HMDA. A CDFI lender stated that it would be
straightforward for lenders to disclose borrower credit scores, type
(personal or business), and scoring model and version in accordance
with HMDA procedures, including the options to select not applicable
and write in the name and credit scoring model if not listed. Once
commenter suggested requiring only personal credit scores because
business scores were not yet industry standard. A community group
suggested that the Bureau use the Federal Reserve Bank of Atlanta's
small business credit survey method, which they said accommodates a
single score irrespective of how it was used by the lender. Another
CDFI lender stated that it already collects credit score for the CDFI
Fund. Several commenters stated that privacy would not be a problem,
and some suggested that credit scores could be released in ranges or
other non-specific methods to avoid any issue.
Disability status. Although the Bureau did not propose or seek
comment on the possibility of including the disability status of
applicant owners as a data point, a number of commenters requested that
the Bureau do so. An advocacy group for persons with disabilities
stated that this population is twice as likely as people without
disabilities to be living in poverty, twice as likely to use costly
nonbank lending, and twice as likely to be unbanked. They stated
further that people with disabilities that are part of the labor force
are more likely to own small businesses than those without
disabilities, and that for a growing number of adults with
disabilities, establishing small businesses has become a viable path to
improve their economic stability and security. Finally, they stated
that the absence of disability data renders people with disabilities
invisible and creates an obstacle to understanding and analyzing
potential discriminatory lending practices and creates a challenge in
advocating for and designing effective policies. Other commenters
referred to and supported this organization's comment letter.
Some commenters stated that discrimination against people with
disabilities is clearly present in society, and several suggested that
including a disability data point would further enforcement and
implementation of section 1071, the Americans with Disabilities Act,
and various bank vendor procurement programs, amongst other laws and
initiatives. One commenter stated that people with disabilities often
face significant economic disparities such as lower net worth or
thinner credit history that may create barriers to entrepreneurship. A
CDFI lender stated that it already collects this information for the
SBA 7(a) program.
Additional agricultural data. Although the Bureau did not propose
or seek comment on the issue, two rural community groups requested that
the final rule include additional data points regarding agricultural
credit. One of these commenters stated that the Bureau should require
reporting of farm marketing strategies, years of farmer experience, and
certain kinds of farm production certifications (USDA Organic, animal
welfare, labor standard certification, etc.) to help determine if all
farm operations are treated equally in the lending process. The other
requested that information regarding base acre payments (farm program
benefit payments) be reported because information on program benefits
attached to base acres is valuable to minority farmers' farm credit
loan making and servicing. That commenter also asked that the Bureau
require reporting on collateral requirements, on differences in
appraised value or loans or loan modifications rejected based on
failure to appraise, on refinancings precipitated by required
graduation from Farm Service Agency loans, and on all forms of loan
modifications that have historically been a central factor in farm loss
for farmers of color.
Other requested data points. The Bureau received requests for
several other additional data points that were not proposed and on
which it did not seek comment. Commenters suggested that the Bureau
require reporting on veteran status, limited English proficiency
status, and senior citizen status in order to monitor risks to these
groups. A CDFI lender stated that it already collects veteran status
for SBA 7(a) loans and other programs. They also stated that it
collects information on low-income owned or controlled status for the
CDFI Fund, though did not specifically ask the Bureau to require
reporting of that information or veteran status.
Commenters also requested that the Bureau require reporting of the
appraised value of collateral in relation to the loan amount, the
origination date, community of residence (using ZIP code, school zone
or other demographic data), the type of purchaser of the originated
credit, and a legal entity identifier (LEI) for the small business
applicant.
Final Rule
The Bureau is adopting a limited number of data points pursuant to
the authority set forth in ECOA section 704B(e)(2)(H) that it believes
will offer the highest value in light of section 1071's statutory
purposes. The Bureau believes that the potential additional data points
that it sought comment on would pose operational complexities, as would
the other data points suggested by commenters. For these reasons, and
the reasons explained below, the Bureau is not including any of the
following data points in this final rule.
Type of business/entity structure. The Bureau believes that
collecting the number of principal owners will be more useful than type
of business structure in providing additional useful context to the
ethnicity, race, and sex data regarding applicants' principal owners.
In addition, the Bureau believes that the number of workers and gross
annual revenue data points will provide useful context regarding the
size and sophistication of the applicant, which
[[Page 35282]]
appears to address the primary reason that commenters wanted type of
business structure to be collected.
Credit score. Although the Bureau agrees with commenters that this
data would be useful for fair lending analyses, it nonetheless could be
quite complicated and involve complex sub-fields, which could pose
operational difficulties for financial institutions, especially given
the use of business credit scores as well as personal credit scores in
small business lending.
Disability status. The Bureau did not propose or seek comment on
including this data point, and so does not have the benefit of robust
stakeholder input as to whether and how to implement it. More
importantly, ECOA does not include disability as one of the enumerated
bases on which discrimination is prohibited, and so it is not clear
that the Bureau has the legal authority to include this data point.
Additional agricultural data. The Bureau did not propose or seek
comment on including these data points, and so does not have the
benefit of robust stakeholder input as to whether and how to implement
them. In addition, the Bureau does not have sufficient other
information to assess the importance or feasibility of requiring that
these data points be reported.
Other requested data points. The Bureau did not propose or seek
comment on including these data points regarding veteran, limited
English proficiency, and senior citizen status, and so does not have
the benefit of robust stakeholder input as to whether and how to
implement them. In addition, the Bureau does not have sufficient other
information to assess the importance or feasibility of requiring that
these data points be reported.
Credit reporting information, including whether credit information
was accessed. Commenters did not focus on this potential additional
data point that the Bureau sought comment on, instead focusing their
requests on the related potential credit score data point discussed
above. For the reasons discussed above, the Bureau is not including
this data point in the final rule.
Percentage ownership of each principal owner and percentage
ownership by women and by minorities. The Bureau did not receive
comments on this potential additional data point that the Bureau sought
comment on. For the reasons discussed above, the Bureau is not
including this data point in the final rule.
Whether the applicant has an existing relationship with the
financial institution and the nature of that relationship. The Bureau
did not receive comments on this potential additional data point that
the Bureau sought comment on. For the reasons discussed above, the
Bureau is not including this data point in the final rule.
Customer number, and/or unique (but anonymous) identification
number for applicants or associated persons for tracking of multiple
applications. The Bureau did not receive comments on this potential
additional data point that the Bureau sought comment on. For the
reasons discussed above, the Bureau is not including this data point in
the final rule.
107(a)(1) Unique Identifier
Proposed Rule
ECOA section 704B(e)(2)(A) requires financial institutions to
collect and report ``the number of the application . . . .'' Regulation
C includes a similar reporting requirement for a universal loan
identifier,\594\ though some insured credit unions and depositories
whose lending activity falls below applicable thresholds are partially
exempt and only need to report a non-universal loan identifier.\595\
Both the universal loan identifier and the non-universal loan
identifier use only alphanumeric characters, and do not allow use of
identifying information about the applicant or borrower in the
identifier. The universal loan identifier is ``unique'' in the national
HMDA reporting market because it uses a unique LEI for the reporting
institution and then the identifier is required to be unique within
that institution.\596\ The universal loan identifier must be no more
than 45 characters and the non-universal loan identifier must be no
more than 22 characters.\597\
---------------------------------------------------------------------------
\594\ 12 CFR 1003.4(a)(1)(i).
\595\ 12 CFR 1003.3(d)(5).
\596\ 12 CFR 1003.4(a)(1)(i)(A), (B)(2). The non-universal loan
identifier is only required to be unique within the annual loan/
application register in which the covered loan or application is
included. 12 CFR 1003.3(d)(5)(ii).
\597\ The universal loan identifier length limit is included in
the Bureau's yearly HMDA Filing Instructions Guide. See CFPB, Filing
instructions guide for HMDA Data collected in 2023 (2022), https://ffiec.cfpb.gov/. The length limit for the non-universal loan
identifier is in Regulation C Sec. 1003.3(d)(5).
---------------------------------------------------------------------------
The Bureau proposed to require that financial institutions report
an alphanumeric identifier starting with the LEI of the financial
institution. This unique alphanumeric identifier would have been
required to be unique within the financial institution to the specific
covered application and to be usable to identify and retrieve the
specific file corresponding to the application for or extension of
credit. The Bureau also proposed commentary with additional details, as
discussed below.
For clarity, the Bureau included language in proposed comment
107(a)(1)-1 that would have explained that the identifier can be
assigned at any time prior to reporting the application. Proposed
comment 107(a)(1)-1 would also have provided the formatting
requirements for the unique identifier. The Bureau proposed an
identifier of 45 characters or fewer, as is currently required for
HMDA. The Bureau made clear in the proposal that the unique identifier
would not need to stay ``uniform'' throughout the application and
subsequent processing. Proposed comment 107(a)(1)-1 would have also
explained that refinancings or applications for refinancing must be
assigned a different identifier than the transaction that is being
refinanced.
Proposed comment 107(a)(1)-2 would have made clear that the unique
identifier must not include any directly identifying information
regarding the applicant or persons (natural or legal) associated with
the applicant. The Bureau was aware that internal identification
numbers assigned by the financial institution to the application or
applicant could be considered directly or indirectly identifying
information, and requested comment on this issue. The Bureau also noted
that due to privacy risks the Bureau was proposing to not publish
unique identifier in unmodified form; the Bureau sought comment on
potential modifications to or deletion of this data point in the
published application-level data. Proposed comment 107(a)(1)-2 would
have also cross-referenced proposed Sec. 1002.111(c) and related
commentary, which would have prohibited any personally identifiable
information concerning any individual who is, or is connected with, an
applicant, in records retained under proposed Sec. 1002.111.
As stated above, the Bureau proposed to require that the unique
identifier begin with the financial institution's LEI. Pursuant to
proposed Sec. 1002.109(b)(1)(vi), any covered financial institution
that did not currently use an LEI would have been required to obtain
and maintain an LEI in order to identify itself when reporting the
data. Although a ``check digit''--a portion of an identifying number
that can be used to check accuracy--is required for the HMDA universal
loan identifier, the Bureau did not propose to require its use in the
1071 unique identifier.
The Bureau sought comment on its proposed approach to the unique
identifier data point. In addition, the
[[Page 35283]]
Bureau requested comment on the use of the LEI in the unique identifier
and the possible use of a check digit.
Comments Received
The Bureau received comments on the unique identifier data point
from several lenders and trade associations. Some commenters supported
the data point as proposed; several stated that it was a reasonable and
appropriate means of implementing the statutory requirement. Another
lender noted that it already reports this type of data for Paycheck
Protection Program and CDFI Fund lending. A trade association stated
that community banks prefer not to be required to create this
identifier too early in the credit origination process. A national auto
finance trade association noted that its members generally assign
application or loan numbers to new credit applications, but not
necessarily to credit line increases, and suggested that financial
institutions will have this data without needing the Federal Reserve to
issue a parallel rule to implement section 1071 for motor vehicle
dealers.\598\
---------------------------------------------------------------------------
\598\ ECOA authority over motor vehicle dealers lies with the
Board, not the Bureau, because Regulation B does not apply to a
person excluded from coverage by section 1029 of the Consumer
Financial Protection Act of 2010, title X of the Dodd-Frank Wall
Street Reform and Consumer Protection Act, Public Law 111-203, 124
Stat. 1376, 2004 (2010).
---------------------------------------------------------------------------
A community bank stated that the cost of creating a customer
identification numbering system that does not use the employer
identification number, taxpayer identification number, or Social
Security number (SSN) would be passed on to the borrower. That
commenter requested that the Bureau allow use of the last four digits
of the employer identification number, taxpayer identification number,
or SSN for identification purposes. They also expressed confusion as to
how an LEI (which it may not currently have) could be incorporated with
the loan number in its system for reporting, and stated that the Bureau
did not provide sufficient guidance on how to incorporate the unique
identifiers into its current system.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(1) with a minor edit for clarity. Financial institutions
will report an alphanumeric identifier, starting with the LEI of the
financial institution, that is unique within the financial institution
to the specific covered application. The identifier must be usable to
identify and retrieve the specific file or files corresponding to the
application for or extension of credit.
The Bureau is finalizing comment 107(a)(1)-1 with a minor change.
As apparent from the instructions in comment 107(a)(1)-1, the Bureau
chose to follow the well-known and workable HMDA format to avoid
introducing new complications. With respect to the concerns raised by
one commenter about the unique identifier data point, the Bureau notes
that a customer identification number is not required. The unique
identifier refers to the application or origination being reported, not
the customer who applies for or borrows the funds. In addition, comment
107(a)(1)-1 makes clear that financial institutions may assign the
unique identifier at any time prior to reporting the application,
facilitating compliance. The Bureau believes that final Sec.
1002.107(a)(1) will accommodate different institutions' numbering
systems because the unique identifier can be created separately from
those internal systems. In order to foster uniformity of format and
avoid confusion as to what constitutes a ``unique'' identifier, comment
107(a)(1)-1 now requires that any alphabetical characters in the unique
identifier be upper-case.
The Bureau is finalizing comment 107(a)(1)-2 with a minor change
described below. Final comment 107(a)(1)-2 states that the unique
identifier must not include any directly identifying information
regarding the applicant or persons (natural or legal) associated with
the applicant. In regard to the use of directly identifying
information, such as an SSN or taxpayer identification number, the
Bureau notes that section 1071 specifically forbids financial
institutions from using personally identifiable information concerning
any individual who is, or is connected with, an applicant in compiling
and maintaining data for reporting.\599\ Although the Bureau has
preliminarily determined not to release unique identifier data reported
to the Bureau in unmodified form in the public, application-level
dataset, inclusion of a small business's employer identification number
or a natural person's SSN or taxpayer identification number could
present a risk of fraud or identity theft. Thus, for clarity, the
Bureau is including in comment 107(a)(1)-2 that SSN and employer
identification number, in whole or partial form, are examples of
directly identifying information that must not be used.
---------------------------------------------------------------------------
\599\ ECOA section 704B(e)(3).
---------------------------------------------------------------------------
The final rule requires that the unique identifier begin with the
financial institution's LEI. Final Sec. 1002.109(b)(1)(vi) requires
any covered financial institution that does not currently use an LEI to
obtain and maintain an LEI in order to identify itself when reporting
data to the Bureau. The Bureau does not believe that including the
financial institution's LEI in its unique identifiers will pose
particular difficulties for reporting institutions; as noted above, the
unique identifier can be assigned at any time prior to reporting an
application. The Bureau also believes that including the LEI will
increase the specificity and usefulness of the identifier and the
record it identifies.
The Bureau did not receive comments discussing the possible
inclusion of a ``check digit,'' which is required for the HMDA
universal loan identifier but was not proposed as part of the 1071
unique identifier. The Bureau believes that, based on its expectations
for small business lending data submission platform, a check digit will
be unnecessary, as well as potentially complicated for small financial
institutions to implement, and thus it is not included in the final
rule.
107(a)(2) Application Date
Proposed Rule
ECOA section 704B(e)(2)(A) requires financial institutions to
collect and report the ``date on which the application was received.''
The Bureau proposed to require reporting of application date in
Sec. 1002.107(a)(2) as the date the covered application was received
by the financial institution or the date on a paper or electronic
application form. Proposed comments 107(a)(2)-1 and -2 would have
clarified the need for a financial institution to take a consistent
approach when reporting application date, and would have provided
guidance on how to report application date for applications not
submitted directly to the financial institution or its affiliate
(indirect applications). The Bureau also proposed a safe harbor in
Sec. 1002.112(c)(4), which would have provided that a financial
institution does not violate proposed subpart B if it reports on its
small business lending application register an application date that is
within three calendar days of the actual application date pursuant to
proposed Sec. 1002.107(a)(2).
The Bureau sought comment on its approach to collecting application
date in proposed Sec. 1002.107(a)(2) and associated commentary. The
Bureau also sought comment on how best to
[[Page 35284]]
define the ``application date'' data point in light of the Bureau's
definition of ``covered application'' in proposed Sec. 1002.103.
Comments Received
The Bureau received feedback on its proposal to require reporting
of application date in Sec. 1002.107(a)(2) from several lenders, trade
associations, and a community group. Most commenters to address this
data point supported proposed Sec. 1002.107(a)(2). A trade association
stated that application date is currently collected in its financial
institutions' work flows. A trade association urged the Bureau to
define application date in a manner that is consistent with existing
Regulation B, so to avoid inconsistency, though it did not identify any
aspect of proposed Sec. 1002.107(a)(2) that would be inconsistent with
existing Regulation B. Similarly, a bank urged the Bureau to align
application date with HMDA--to increase efficiency for the customer,
facilitate compliance, and avoid duplicative collections--but did not
identify whether or how proposed Sec. 1002.107(a)(2) would differ from
how financial institutions report application date under Regulation C.
A community bank urged the Bureau to provide a concrete definition of
application date, explaining that a subjective definition would
discourage banks from small business lending, and that application date
is often difficult to pinpoint as there frequently is no written
application and the application process may occur over time, both in-
person and by phone.\600\
---------------------------------------------------------------------------
\600\ Comments primarily directed at how to define an
application under section 1071, rather than the date reported for
that application, are discussed in connection with the section-by-
section analysis of Sec. 1002.103(a) above.
---------------------------------------------------------------------------
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(2) to require reporting of application date as the date the
covered application was received or the date on a paper or electronic
application form. The Bureau believes the flexibility to report either
the date the covered application was received or the date shown on a
paper or electronic application form will accommodate institutions'
varied practices. While several commenters urged the Bureau to align
reporting of application date with existing Regulation B and Regulation
C, the commenters did not identify how the proposed definition would
differ from those regulatory provisions, and the Bureau believes they
do not conflict. For example, a financial institution may report
application date based on the date a ``covered application'' was
received, and final Sec. 1002.103(a) defines a covered application
largely based on Regulation B's definition of an application in
existing Sec. 1002.2(f). Similarly, Regulation C Sec.
1003.4(a)(1)(ii) requires reporting of the date the application was
received or the date shown on the application form. While a commenter
urged the Bureau to provide a concrete definition of application date,
the commenter never indicated whether or how the proposed definition
was vague.\601\
---------------------------------------------------------------------------
\601\ As discussed in more detail in the section-by-section
analysis of Sec. 1002.103(b), if the covered application is
requesting additional credit on an existing account, all data
reported, including applicable dates, relate to the new request for
credit rather than the initial origination.
---------------------------------------------------------------------------
Final Sec. 1002.107(a)(2) states that application date may be the
date ``the covered application was received;'' the Bureau has removed
the phrase that followed in proposed Sec. 1002.107(a)(2), which read
``by the financial institution . . . '' to reflect that not all covered
applications will be received directly by the financial institution.
The Bureau is also adopting new comment 107(a)(2)-2 to provide guidance
on when an application is ``received'' for covered applications
submitted directly to the financial institution or its affiliate.
Comment 107(a)(2)-1 is finalized with minor revisions for clarity
and consistency, to provide guidance on maintaining a consistent
approach to reporting application date. Final comment 107(a)(2)-3
(proposed as comment 107(a)(2)-2) provides guidance on how a financial
institution reports application date where a covered application was
not submitted directly to the financial institution or its affiliate.
Lastly, final comment 107(a)(2)-4 is adopted to note the safe harbor in
final Sec. 1002.112(c)(1), which provides that a financial institution
does not violate subpart B if it reports on its small business lending
application register an application date that is within three business
days of the actual application date pursuant to final Sec.
1002.107(a)(2).
107(a)(3) Application Method
Proposed Rule
ECOA section 704B(e)(2)(H) authorizes the Bureau to require
financial institutions to compile and maintain ``any additional data
that the Bureau determines would aid in fulfilling the purposes of
[section 1071].'' The Bureau believes that application method data will
aid in fulfilling the purposes of section 1071.
The Bureau did not address the method of application as a potential
data point under consideration in the SBREFA Outline. However, during
the SBREFA process, one CDFI small entity representative suggested
collecting information regarding the way an application was taken (in
person, by phone, or online) in order to monitor for possible
discouragement of applicants.\602\ Relatedly, several small entity
representatives that took applications for credit primarily or entirely
online asserted that such channels were less likely to result in
discrimination and more likely to increase access to credit to women-
owned and minority-owned small businesses.
---------------------------------------------------------------------------
\602\ SBREFA Panel Report at 30-31.
---------------------------------------------------------------------------
In light of the feedback during the SBREFA process and further
consideration by the Bureau of additional data that would aid in
fulfilling the purposes of section 1071, the Bureau proposed to require
financial institutions to collect and report application method. The
Bureau proposed Sec. 1002.107(a)(3) to define this data point as the
means by which the applicant submitted the covered application directly
or indirectly to the financial institution. The Bureau also proposed
commentary to accompany proposed Sec. 1002.107(a)(3).
The Bureau believed that data on application method would improve
the market's understanding of how applicants apply for credit which, in
turn, would facilitate fair lending enforcement and the business and
community development purposes of section 1071. In addition, the Bureau
believed that collecting data on application method would aid in
analysis of multiple data points collected and reported by financial
institutions, including the ethnicity, race, and sex of applicants'
principal owners.
Finally, data on application method would assist in analyzing data
reported under, and assessing compliance with, proposed Sec.
1002.107(a)(20), which would have required financial institutions to
collect principal owners' ethnicity and race via visual observation or
surname in certain circumstances. The Bureau explained that having
application method reporting would allow the Bureau and other data
users to determine, for example, which applications could be subject to
data collection via visual observation or surname (because the
financial institution met with the applicant in person) and, together
with information reported under proposed
[[Page 35285]]
Sec. 1002.107(a)(20), which of those applications did and did not have
information collected that way.
The Bureau proposed comment 107(a)(3)-1 to clarify that a financial
institution would comply with proposed Sec. 1002.107(a)(3) by
reporting the means by which the applicant submitted the application
from one of the following options: in-person, telephone, online, or
mail. Proposed comment 107(a)(3)-1 would have explained how financial
institutions are to choose which application method to report,
including via a ``waterfall approach'' when they have contact with an
applicant in multiple ways. Proposed comments 107(a)(3)-1.i through .iv
would have provided detailed descriptions and examples of each of the
four proposed application methods.
The Bureau proposed comment 107(a)(3)-2 to provide guidance on what
application method a financial institution would report for
interactions with applicants both online and by mail. In short, a
financial institution would have reported application method based on
the method by which it, or another party acting on its behalf,
requested the ethnicity, race, and sex of the applicant's principal
owners pursuant to proposed Sec. 1002.107(a)(20). Proposed comment
107(a)(3)-2 also would have provided separate examples of when the
application method should be reported as ``online'' and ``mail.''
The Bureau sought comment on its proposed approach to this data
point.
Comments Received
The Bureau received comments on its proposed application method
data point from a number of banks, trade associations, and community
groups. Several commenters supported the Bureau's proposal to require
financial institutions to report data on application method; some noted
that such data would facilitate fair lending enforcement and/or further
the community development purpose of section 1071. A community group
asserted that data on the application method would enable the
comparison of application outcomes based on the application channel at
specific institutions and could also help assess whether applicants are
receiving comparable access to comparable credit across application
channels. Another community group stated that data on application
method would help shed light on the issue of whether newer, online
lenders are more effective at reaching underserved populations and
businesses. One commenter suggested the Bureau create more categories,
particularly to distinguish email from web portal because an
application received by email often reflects a more personal
relationship than does an application submitted via web portal.
In contrast, several banks and trade associations opposed the
proposed requirement to collect application method data and urged the
Bureau to drop it from the final rule. A few commenters said that this
data point was added ``late'' in the rulemaking process or without
adequate public input.
Industry commenters explained that application method data are not
currently collected nor recorded in the loan file. A bank stated that
it would need to collect the data manually because it does not have a
way to record or report the information and asserted that this data
collection requirement would affect its ability to serve the credit
needs of its community. Several other commenters noted that this data
point is not a factor in the credit decision and argued that there is
no information or insight that can be gleaned from it. Some commenters
also questioned how the data point would provide value in fair lending
analysis. One commenter suggested the data have limited value and that
the Bureau's policy goals can be achieved by combining publicly
available data with section 1071's statutory requirements; for example,
collection of census tract data will indicate whether a loan was
originated in a ``credit desert,'' thereby eliminating the need for the
application method data point.
Some commenters asserted that the proposed waterfall approach was
problematic and would introduce complexity into reporting application
method data. These commenters explained that there are multiple
interactions between the lender and the applicant throughout the
application process and suggested that reporting application method
using the proposed waterfall approach would require the financial
institution to document each interaction with an applicant. They
further said that could lead to a cumbersome process in trying to
determine exactly how an application was received and could result in
unintentional errors. One industry commenter stated that an application
may start out as an email request, followed up by a phone call, and
then be completed in person. This commenter suggested that there would
be difficulty collecting the data accurately because the proposal did
not allow for multiple methods of application, particularly because the
definition of application is at the financial institution's discretion.
A bank suggested that the Bureau drop the waterfall approach and allow
financial institutions to designate the best way to determine
application method. A group of trade associations likewise requested
that the Bureau drop the waterfall approach, and instead have financial
institutions report the application method where the ethnicity, race,
and sex of the applicant's principal owners was requested. A few
commenters suggested that the application method should be based only
on the initial contact. Two of these commenters indicated that basing
the application method on initial contact would provide clear
requirements in the event that the applicant provides information via
two methods: for example, when an applicant applies online but later
provides information by telephone.
A group of trade associations noted that while the data point is
about the means by which the application was submitted, the proposed
commentary discusses when a financial institution meets with the
applicant or communicates with the applicant by telephone. This
commenter stated that the proposed commentary was confusing and did not
provide clear guidance on compliance.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(3) with a number of revisions to the associated commentary.
Pursuant to its authority under ECOA section 704B(e)(2)(H), the Bureau
believes that collecting data on application method would aid in
fulfilling the purposes of section 1071, as explained below.
Initially, the Bureau believes that data on application method will
improve the market's understanding of how applicants apply for credit.
In addition, data on application method will support 1071's statutory
purposes by, inter alia, providing additional context for the business
and community development needs of particular geographic regions. For
instance, application method may help data users analyze the extent to
which financial institutions may be providing access to credit online
or by telephone in ``credit deserts'' where financial institutions do
not have branch operations.
In addition, the Bureau believes that collecting data on
application method will aid in analysis of multiple data points
collected and reported by financial institutions, including the
ethnicity, race, and sex of applicants' principal owners. For example,
these data will assist the Bureau and other data users in identifying
whether applicants are more or less likely to
[[Page 35286]]
provide this (and other) 1071 information in different application
channels. This information may also assist in determining whether a
financial institution has procedures to collect applicant-provided data
at a time and in a manner that are reasonably designed to obtain a
response, as required by Sec. 1002.107(c).
The Bureau explained in the NPRM that having application method
data would be useful in analyzing data reported under, and assessing
compliance with, proposed Sec. 1002.107(a)(20) related to collecting
the ethnicity and race of principal owners via visual observation or
surname in certain circumstances. However, as explained in the section-
by-section analysis of Sec. 1002.107(a)(19) below, the Bureau has
removed the visual observation or surname requirement from this final
rule. Consequently, the proposed waterfall approach is less relevant
for assessing compliance with final Sec. 1002.107(a)(19). In
combination with the concerns expressed by commenters regarding
compliance complexities, including the need to document multiple
interactions between the financial institution and applicant, the
Bureau has decided not to adopt the proposed waterfall approach for
reporting application method.
The Bureau is thus adopting comments 107(a)(3)-1.i through .iv with
revisions to reflect the removal of the waterfall. The Bureau believes
these changes will also address a commenter's concern regarding
potential confusion about the proposed commentary's treatment of
meetings and other interactions with applicants. Relatedly, the Bureau
is not finalizing proposed comment 107(a)(3)-2, which would have
provided guidance on reporting for interactions with applicants both
via mail and online under the waterfall approach.
In addition, the Bureau has added new guidance in comment
107(a)(3)-1 to clarify what a financial institution reports if it
retains multiple versions of the application form. The Bureau has also
made a few minor revisions in comments 107(a)(3)-1.i through .iv for
clarity. Final comment 107(a)(3)-1 lists the options a financial
institution reports for the means by which an applicant submitted the
application. In final comment 107(a)(3)-1.i, the Bureau has clarified
that the in-person application method applies, for example, to those
applications submitted at a branch office, including applications hand
delivered by an applicant. In final comment 107(a)(3)-1.ii, the Bureau
has clarified that an application submitted via telephone call is
reported as ``telephone.'' In final comment 107(a)(3)-1.iii, the Bureau
has clarified that an application submitted via website, mobile
application (commonly known as an app), fax transmission, or text-based
electronic communication is also reported as ``online.'' The Bureau
does not believe it is appropriate to distinguish between applications
submitted by email and applications submitted through a web portal, on
the basis that an application that is emailed reflects a more personal
relationship, as suggested by a commenter. The Bureau believes that
both application methods are appropriately reportable as ``online''
because they reflect an electronic communication. The Bureau notes that
various electronic communication methods provided in final comment
107(a)(3)-1.iii can reflect a personal relationship. For example, an
applicant may have begun communications with the financial institution
through email, followed by text messages, and then submitted the
application through the financial institution's website. All of these
methods can potentially reflect a personal relationship.
The Bureau removed the hand delivery at a teller window example in
comment 107(a)(3)-1.iv because, under the final rule, an application
hand delivered by an applicant at a branch is reported as ``in-person''
pursuant to final comment 107(a)(3)-1.i. Regarding a suggestion from
commenters that the Bureau use the method by which ethnicity, race, and
sex of the principal owners are collected for reporting this data
point, the Bureau does not believe that such an approach is necessary
given that it is not finalizing its proposed requirement to collect
principal owners' ethnicity and race via visual observation or surname
in certain circumstances. In addition, the Bureau does not believe that
application method should be based on initial contact, as suggested by
a few commenters. As explained by commenters, there could be multiple
interactions between the lender and applicant throughout the pre-
application and application process. Thus, the initial interaction may
not amount to an application submission because, for example, the
initial contact was simply an inquiry.\603\ In light of commenters'
concerns regarding the potential difficulties in identifying
application method, the Bureau believes that its approach to final
Sec. 1002.107(a)(3), which is tied to an applicant submitting an
application, is preferable to the suggestions made by commenters.
---------------------------------------------------------------------------
\603\ Under Sec. 1002.103(b)(2), a covered application does not
include inquiries and prequalification requests.
---------------------------------------------------------------------------
Regarding commenters' concerns about the utility of this data
point, the Bureau believes that application method data will facilitate
the fair lending and business and community development purposes of
section 1071, as explained above. This information cannot be replicated
by combining data points specifically enumerated in section 1071, such
as census tract, with other publicly available data. Application method
is not intended solely to identify ``credit deserts,'' as the commenter
appeared to suggest, and although census tract information might
provide information as to where the proceeds will be applied (or the
location of the applicant's headquarters/main office, or another
location), that does not necessarily indicate where (or how) the
financial institution interacted with the applicant. With respect to
comments stating that application method is not currently collected nor
is it considered as part of the credit decision, the Bureau believes
that removal of the proposed waterfall approach will make collecting
this data easier than contemplated in the proposed rule.
Finally, this data point was introduced with sufficient time for
the public to provide feedback and offer alternatives. The data point
was suggested by small entity representatives during the SBREFA process
and was included in the SBREFA Panel Report. It was also included in
the proposed rule and the Bureau specifically sought--and obtained--
comment on it. As noted, the Bureau has made changes as a result of
that feedback.
107(a)(4) Application Recipient
Proposed Rule
ECOA section 704B(e)(2)(H) authorizes the Bureau to require
financial institutions to compile and maintain ``any additional data
that the Bureau determines would aid in fulfilling the purposes of
[section 1071].'' The Bureau believes that information regarding how an
application is received will enhance small business lending data and
aid in fulfilling the purposes of section 1071.
The Bureau proposed Sec. 1002.107(a)(4), which would have required
financial institutions to collect and report the application recipient,
meaning whether the applicant submitted the covered application
directly to the financial institution or its affiliate, or whether the
applicant submitted the covered application
[[Page 35287]]
indirectly to the financial institution via a third party. Proposed
comment 107(a)(4)-1 would have clarified that if a financial
institution is reporting actions taken by its agent consistent with
proposed comment 109(a)(3)-3, then the agent is considered the
financial institution for the purposes of proposed Sec.
1002.107(a)(4).
The Bureau sought comment on its proposed approach to this data
point.
Comments Received
The Bureau received comments on the proposed application recipient
data point from industry and community groups. A community group
expressed its support, noting that in combination with the application
method data point under proposed Sec. 1002.107(a)(3), it would help
stakeholders determine whether traditional banking or online lending is
most effective in reaching underserved small businesses or whether the
effectiveness of the lending model depends on local context and
conditions. A trade association also expressed its support, stating
that the information can help data users understand the relationship
between lender and applicant. This commenter further noted that
recipient data would provide context for other collected and reported
data and also improve transparency around when and whether an
intermediary is considered a financial institution for the purposes of
this data collection. In addition, a CDFI lender stated its general
support of the Bureau's proposal to collect application recipient data.
In contrast, a number of banks and trade associations opposed the
Bureau's proposal to collect application recipient data for various
reasons. One trade association raised a concern that the application
recipient data point was not included in the SBREFA Outline and, along
with several other industry commenters, pointed out it is not one of
the data points expressly enumerated in ECOA section 704B(e)(2).
Several industry commenters stated that the data are not currently
collected and a few of these commenters further stated that such data
are not used or considered in the underwriting decision. Several
industry commenters argued that the data point is burdensome and two
banks stated they would need to collect the data manually because their
systems are not equipped to collect the data. Other industry commenters
questioned the value of the data point or how it fulfills the statutory
purposes of section 1071. One industry commenter stated it is not
dispositive of fair lending violations. Two banks urged the Bureau to
drop the data point from the final rule or provide an exemption for
certain institutions. One of these banks urged the Bureau to drop the
data point from the final rule because it does not have affiliates nor
does it accept applications indirectly and thus would not provide any
data. The other bank commented that community banks should be exempt if
they do not use actual third parties, but instead use a third-party
online application system within the bank's firewall, and suggested
that the only reason this data point should apply is if a bank is truly
working with a third party, not a vendor who helps manage online tools.
A trade association urged the Bureau to eliminate the application
recipient data point from the final rule until a later determination
can be made regarding its necessity.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(4) and related commentary with a small modification for
clarity. Final Sec. 1002.107(a)(4) requires the financial institution
to report whether the applicant submitted the covered application
directly to the financial institution or its affiliate, or whether the
applicant submitted the covered application indirectly to the financial
institution via a third party. Final comment 107(a)(4)-1 explains that
if a financial institution is reporting actions taken by its agent
consistent with comment 109(a)(3)-3, then the agent is considered the
financial institution for the purposes of Sec. 1002.107(a)(4). The
comment also provides an example. The Bureau believes data on
application recipient will facilitate fair lending analysis and enable
a better understanding of business and community development needs.
Pursuant to ECOA section 704B(e)(2)(H), the Bureau believes that
collecting data on application recipient will aid in fulfilling the
purposes of section 1071.
Regarding commenters' concerns that application recipient data are
not currently collected nor used in underwriting decisions, the Bureau
anticipates that financial institutions know and track how they receive
applications for small business loans. The Bureau does not believe it
would be difficult to track this information, even if the financial
institution does not currently collect the information.
With respect to the comments received that question how application
recipient data fulfill the purposes of section 1071, the Bureau
believes that collecting data on application recipient, in combination
with application method, as discussed above, will improve the market's
understanding of how small businesses interact with financial
institutions when applying for credit which, in turn, will facilitate
fair lending analysis, including the identification of risks in small
business lending. Regarding the comment that application recipient data
are not dispositive of fair lending violations, the Bureau agrees that
such data would not be dispositive of a violation on their own, but
believes data on application recipient can be used in combination with
other data points or information to provide a more robust analysis.
With respect to promoting the business and community development
purposes of section 1071, the Bureau believes that data on application
recipient will improve the public's understanding of the structure of
small business lending originations across the market, the methods by
which credit is originated for particular groups or underserved
markets, and trends over time (for example, to the extent applicant
preferences shift from in-person to online interactions). In addition,
application recipient data may assist with an understanding of the
business and community development needs of an area or applicant. For
example, such data may help data users understand whether financial
institutions making credit decisions are directly interacting with the
applicant and/or generally operate in the same community as the
applicant. Moreover, data on application recipient will allow the
Bureau and data users to better understand the relationship between the
covered financial institution and the applicant in the context of
certain other data collected and reported under this final rule.
The Bureau is not removing the application recipient data point
from the final rule or providing an exemption, as suggested by some
commenters, for financial institutions that do not have affiliates, do
not accept applications indirectly, and/or do not use third parties.
Some financial institutions employ a wide variety of lending models in
extending credit to small businesses. They may receive applications for
credit directly from the applicant and some financial institutions may
receive applications routed to them through third parties, such as
brokers or vehicle or equipment dealers. Some financial institutions
issue credit cards branded for particular retailers, for which
applications are taken in person at the retailer's store locations.
Some brokers and dealers may send applications to a single financial
institution, while others may
[[Page 35288]]
send them to multiple financial institutions at the same time. In these
types of application scenarios involving third parties, the financial
institution may not directly interact with the applicant at all during
the application process. Information regarding whether the applicant
submitted the application directly to the financial institution is
necessary to further the purposes of section 1071, including by
improving the market's understanding of how small businesses interact
with financial institutions when applying for credit and whether the
financial institution is operating in the same community as the small
business. This is true even if a particular financial institution does
not accept applications indirectly or does not use third parties, and
reporting of this data point should be simple for financial
institutions in that situation.
Finally, this data point was introduced with sufficient time for
the public to provide feedback and offer alternatives. It was also
included in the proposed rule and the Bureau specifically sought--and
obtained--comment on it. Given the wide variety of lending models
financial institutions currently use when extending credit to small
businesses, the Bureau believes it is timely and appropriate to include
this data point in this final rule.
107(a)(5) Credit Type
Proposed Rule
Section 1071 requires financial institutions to collect and report
``the type and purpose of the loan or other credit being applied for.''
\604\ (The credit purpose data point is discussed in the section-by-
section analysis of Sec. 1002.107(a)(6) immediately below.) For HMDA
reporting, Regulation C requires numerous data points that indicate the
type of credit applied for or originated: the type of guarantees used;
lien order; loan term; the presence of nontraditional contract terms
including balloon, interest only, and negative amortization payments;
variable rate information; open-end status; and reverse mortgage
status.\605\ Section 1071 provides no additional information or details
regarding what aspects of credit type should be collected and reported.
---------------------------------------------------------------------------
\604\ ECOA section 704B(e)(2)(B).
\605\ Regulation C Sec. 1003.4(a)(2), (14), (25), (27), (28),
(37), and (38).
---------------------------------------------------------------------------
The Bureau proposed in Sec. 1002.107(a)(5) to require that
financial institutions collect and report the following information
regarding the type of credit applied for or originated: (i) The credit
product; (ii) The type or types of guarantees that were obtained for an
extension of credit, or that would have been obtained if the covered
credit transaction were originated; and (iii) The length of the loan
term, in months, if applicable. These aspects of credit type are
discussed in turn below. This proposal was consistent with the approach
presented in the SBREFA Outline, and would have required the financial
institution to choose the credit product and guarantee(s) from a
specified list. (These lists were provided in the commentary
accompanying proposed Sec. 1002.107(a)(5).) The lists included choices
for ``Other'' and ``Not provided by applicant and otherwise
undetermined,'' as appropriate, to facilitate compliance.
The Bureau sought comment on its proposed approach to the credit
type data point, including the lists of products and guarantees
proposed and the other specific requests for input below.
Credit product. The first subcategory the Bureau proposed to
include in the credit type data point was the credit product (i.e., a
commonly understood category of small business lending like term loans
or lines of credit) which the Bureau considered to be an integral part
of the statutory requirement to collect credit type.
Proposed comment 107(a)(5)-1 would have presented the instructions
for collecting and reporting credit product and the proposed list of
credit products from which financial institutions would select.
Proposed comment 107(a)(5)-1 would have explained that a financial
institution would comply with Sec. 1002.107(a)(5)(i) by selecting the
credit product requested from the list provided in the comment. It
would also have explained that if an applicant requests more than one
credit product, the financial institution reports each credit product
requested as a separate application. Proposed comment 107(a)(5)-1 would
have also explained that if the credit product for an application does
not appear on the list of products provided, the financial institution
would select ``other'' as the credit product and report the specific
product via free-form text.
Proposed comment 107(a)(5)-2 would have explained that, pursuant to
proposed Sec. 1002.107(c)(1), a financial institution would be
required to maintain procedures reasonably designed to collect
applicant-provided data, which includes credit product. However, if a
financial institution was nonetheless unable to collect or otherwise
determine credit product information because the applicant did not
indicate what credit product it sought and the application was denied,
withdrawn, or closed for incompleteness before a credit product was
identified, the proposed comment would have explained that the
financial institution would report that the credit product was ``not
provided by applicant and otherwise undetermined.''
Proposed comment 107(a)(5)-3 would have explained how a financial
institution would report a transaction that involves a counteroffer.
The comment would have stated that if a financial institution presents
a counteroffer for a different credit product than the product the
applicant had initially requested, and the applicant does not agree to
proceed with the counteroffer, a financial institution would report the
application for the original credit product as denied pursuant to
proposed Sec. 1002.107(a)(9). If the applicant agrees to proceed with
consideration of the financial institution's counteroffer, the
financial institution would report the disposition of the application
based on the credit product that was offered, and would not report the
original credit product applied for. In addition, proposed comment
107(a)(5)-6 would have explained when ``other sales-based financing
transaction'' would be used for reporting.
The Bureau noted that, under its proposal, line increases would be
reportable so that the small business lending market could be tracked
accurately. See the section-by-section analysis of Sec. 1002.103(a)
above for additional details. However, the Bureau did not propose that
line increases be included as a separate item in the credit product
list.
The Bureau sought comment on its proposed approach to this
subcategory, including the appropriateness and usefulness of the
products included in the list, whether there were other products that
should be added, and the proposed treatment of counteroffers. The
Bureau also sought comment on how financial institutions currently
handle increases in lines of credit and whether a line increase should
be considered a credit product, and on whether an overdraft line of
credit should be considered a product separate from a line of credit
and thus added to the product list.
Type of guarantee. The second data field the Bureau proposed to
include in the credit type data point was guarantee. Proposed comment
107(a)(5)-4 would have presented the instructions for collecting and
reporting type of guarantee and the proposed list of guarantees from
which financial institutions would select. Proposed comment 107(a)(5)-4
would also have explained that a financial institution
[[Page 35289]]
complies with Sec. 1002.107(a)(5)(ii) by selecting the type or types
of guarantee(s) obtained for an originated covered credit transaction,
or that would have been obtained if the covered credit transaction were
originated, from the list provided in the comment.
Proposed comment 107(a)(5)-4 would have also explained that the
financial institution may select, if applicable, up to a maximum of
five guarantees for a single application or transaction. Small business
credit may have more than one guarantee, such as an SBA guarantee and a
personal guarantee, and the Bureau believed that more complete
information could be collected by requiring as many as five to be
reported.
Proposed comment 107(a)(5)-4 would have also explained that if the
type of guarantee for an application or originated transaction does not
appear on the list of guarantees provided, the financial institution
selects ``other guarantee,'' and reports the type of guarantee as free-
form text. As with credit product, the Bureau believed that allowing
financial institutions to choose ``other'' when a guarantee for the
application does not appear on the provided list would facilitate
compliance. In addition, collecting this information on ``other''
guarantee types would assist the Bureau in monitoring trends in usage
of other types of guarantees and key developments in the small business
lending market, which the Bureau could use to inform any future
iterations of the list.
Finally, proposed comment 107(a)(5)-4 would have provided that if
no guarantee is obtained or would have been obtained if the covered
credit transaction were originated, the financial institution would
select ``no guarantee.'' Because a small business credit transaction
does not always involve use of a guarantee, the Bureau did not propose
to include ``not provided by applicant and otherwise undetermined'' as
an option. If no guarantee was identified for an application, the
financial institution would report ``no guarantee.''
The Bureau sought comment on its proposed approach to this
subcategory, including the appropriateness and usefulness of the items
listed, and whether there are other guarantees that should be added.
The Bureau also sought comment on whether five is the appropriate upper
limit for reporting guarantees.
Loan term. The third subcategory the Bureau proposed to include in
the credit type data point was the loan term. Proposed comment
107(a)(5)-5 would have presented the instructions for collecting and
reporting loan term. Specifically, it would have explained that a
financial institution complies with proposed Sec. 1002.107(a)(5)(iii)
by reporting the number of months in the loan term for the covered
credit transaction, and that the loan term is the number of months
after which the legal obligation will mature or terminate. The comment
would have further explained how to measure the loan term and the
possible use of rounding.
Proposed comment 107(a)(5)-5 would have also made clear that if a
credit product, such as a credit card, does not have a loan term, the
financial institution would report loan term as ``not applicable.'' The
financial institution would also report ``not applicable'' if the
application is denied, withdrawn, or determined to be incomplete before
a loan term has been identified.
The Bureau sought comment on its proposed approach to this
subcategory.
Comments Received
The Bureau received comments on its proposed approach to the credit
type data point from a number of banks, community-oriented lenders,
trade associations, community groups, and others.
Several commenters, including community-oriented lenders, community
groups, a trade association, and a business advocacy group, supported
the credit type data point as proposed, though some suggested small
changes to the three individual subcategories discussed below. One
commenter stated that to avoid the pitfalls that limited the use of
HMDA data for spotting predatory trends in mortgages, the Bureau must
collect sufficiently granular data on applicants and credit terms,
including credit type. That commenter further stated that this
information is critical because discrimination is not just evidenced in
loan denials, but also less favorable credit terms. A community group
stated that the information collected for the credit type data point
would allow for more effective analysis than the current CRA small
business information. A trade association stated that despite the added
complexity of requiring three ``data points'' for the one listed in the
statute, the Bureau has accounted for and addressed some of the
concerns that community banks have raised related to credit type. That
commenter went on to state its approval of the simple reporting of
counteroffers and the ability to mark fields as ``not provided by
applicant'' in the case of incomplete applications. Finally, a lender
stated that it already collects the credit type information for the
CDFI Fund.
Only one commenter opposed the credit type data point as a whole,
stating that credit type and other data points would be a waste of time
and efficiency.
Credit product. Two community groups and an auto finance trade
association expressed support for the product list the Bureau proposed.
The community groups stated that the list was nuanced and would provide
useful differentiation between products. One explained that being able
to determine which products were accessed could help in understanding
bias in the credit market more accurately than CRA data currently
allows for. An auto finance trade association specifically expressed
support for the inclusion of ``other'' and ``unknown'' to facilitate
compliance.\606\
---------------------------------------------------------------------------
\606\ The proposed rule used the terms ``other'' and ``not
provided by applicant and otherwise undetermined.''
---------------------------------------------------------------------------
One commenter stressed the importance of providing detail in
distinguishing credit products, and several commenters requested
changes to the credit products list. A joint letter from community
groups and business advocacy groups stated that there might be value in
separating out mortgages, auto loans and equipment financing as
discrete secured loan types but treating all other term loan
applications together, rather than treating secured term loans as one
category and unsecured term loans as another. A community group asked
that refinances and renewals be added to the product list, stating that
this information would help demonstrate community credit needs. That
commenter went on to state that listing refinances in the credit
purpose data point, as proposed, would be confusing, and that the
Bureau should look at the ways refinances are reported under HMDA and
CRA. Several minority business advocacy groups, along with a joint
letter from community groups, community oriented lenders, and business
advocacy groups, responded to the Bureau's request for comment by
encouraging the Bureau to include ``overdraft line of credit'' in the
list of credit products. These commenters stated that overdraft can
contain hidden costs, so having a way to monitor lenders who provide it
could be useful.. A trade association opposed the inclusion of
overdraft line of credit in the credit products list, though it did not
provide a reason. Several community groups commented that the Bureau
should require reporting of collateral requirements and value, instead
of simply requiring ``secured'' and ``unsecured'' for items in the
credit product list. One of these commenters suggested that collateral
info would
[[Page 35290]]
shed light on underwriting changes and approaches during various
economic conditions, allow stakeholders to understand why pricing might
be lower on some loans and the risk that some loans might pose to
borrowers.
A joint letter from community and business advocacy groups objected
to the requirement to report each credit product requested as a
separate application, stating that this would seem to require the
lender to report each credit type requested as a separate application
even when the applicant is seeking only one transaction but is open to
alternative structures, and even though there would be only one action
taken and one set of terms.
Type of guarantee. Several community groups expressed support for
including guarantees as part of the credit type data point. These
commenters stated that data on government guarantee programs would
allow for better analysis of their usage, including whether minority
and women owned businesses are being steered to these loans. One of
these commenters stated that requiring reporting on all types of
guarantees would facilitate analysis of whether minority and women
owned businesses were receiving more costly or onerous credit. That
commenter also stated that personal guarantees can at times be abusive,
and reporting of those would allow better monitoring of this issue.
Although it did not specifically express support for requiring
reporting of guarantees, a trade association for auto finance lenders
stated that its members will have this information for reporting.
Two industry commenters objected to the collection of guarantees as
part of the credit type data point on the grounds that the statute does
not require reporting of guarantees and asking that the credit type
data point be limited to credit product and loan term. Those
commenters, and several others who did not object to the general
guarantee reporting requirement, were concerned in particular about the
requirement to report what guarantees would have been obtained if the
transaction had been originated. Some commenters stated that such a
requirement extends into mere speculation, and would undermine the
accuracy, reliability, and consistency of the data. Another commenter
stated that it would not be possible to report what guarantees would
have been obtained, and joint letter from community groups and business
advocacy groups stated that the requirement could be problematic in the
case of a declined application because the lender would be speculating
as to potential guarantees, such as personal guarantees, from owners or
non-owners. That comment went on to recommend that the Bureau either
limit the reporting of this field to offers and counteroffers that are
made (i.e., allow financial institutions to report type of guarantee as
``not applicable'' for declined applications, as is permitted with
respect to the loan term and loan pricing data fields) or, for declined
applications, require reporting only if the requested guarantee were a
government or programmatic guarantee (such as SBA, USDA or some other
third-party guarantee program).
A community group and two CDFI lenders requested that the list of
guarantees be changed in certain ways. The community group stated that
the data should distinguish whether the guarantee is offered by the
natural person(s) owning the business or the business itself, because
it matters whether a creditor can seize assets of a person or the
business. One of the CDFI lenders requested that the guarantee
categories be broken down further to detail collateral coverage, which
is often the deciding factor on approval or denial, and because people
of color own homes (and amass wealth) at much lower rates than whites.
That commenter went on to suggest that these details could shed light
on the credit needs of minority small business owners and whether
financial institutions are applying collateral requirements equitably.
The other lender requested that State guarantee and local guarantee be
separated on the list, rather than the combined ``state or local
guarantee'' that was proposed. That commenter stated that
differentiating between the performance of these two levels of
government would be critical for understanding the focus of future
reforms or capital flows through these entities. The commenter also
provided statistics suggesting that conflating State and local
guarantees would not be as informative as separating them.
Loan term. A community group and a community-oriented lender stated
their support for the proposed loan term provision. The community group
stated that loan term length influences pricing and other terms and
conditions, and would help in explaining differences in these features.
That commenter also suggested that loan term should be straightforward
to report for lenders. In addition, a national auto finance trade
association stated that its members would have this information to
report.
A number of banks and a trade association objected to the proposal
to have the loan term measured from the first payment period rather
than the date of origination. These commenters stated that they do not
measure loan term in this way, and having to do so for reporting would
cause unnecessary and significant compliance difficulties. They asked
to be able to measure loan term from the date of origination of the
credit. Another bank objected to the reporting of loan term for
applications, stating that applicants seldom make an application that
specifies the desired loan term.
Although the proposed rule did not discuss how or whether merchant
cash advance providers would report loan term, the Bureau did seek
comment on proposed Sec. 1002.107(a)(12)(v) and its commentary, the
pricing provision for merchant cash advances, including whether to
require additional pricing information for merchant cash advances, and
whether merchant cash advances could be structured in ways that evade
the proposed reporting requirement. Two commenters urged the Bureau to
make clear that merchant cash advance providers must report loan term,
and must not use the proposed rule's provision stating that ``not
applicable'' could be reported for a product that has no loan term.
These commenters discussed the importance of loan term in comparing
different credit pricing and stated that merchant cash advances are
sometimes abusive and are used disproportionately by minority
businesses. These commenters also stated that loan term can be readily
ascertained for merchant cash advances and they described different
methods for doing so. One method suggested was that when a merchant
cash advance is paid off before reporting, the provider should report
the actual length of time to repayment. In addition, they suggested
that for a partially paid merchant cash advance the provider could
project the amount of time to repayment based on the amount already
paid. One of these commenters, a cross-sector group of lenders,
community groups, and small business advocates, stated that merchant
cash advance providers establish an estimated loan term when they
underwrite an advance, and that most merchant cash advance contracts
have an estimated payment amount.
Final Rule
The Bureau is finalizing Sec. 1002.107(a)(5) certain changes to
facilitate compliance and enhance the quality and usefulness of the
data reported. Final Sec. 1002.107(a)(5) requires that financial
institutions collect and report the following information regarding the
type of credit applied for or originated: (i) the credit product; (ii)
[[Page 35291]]
the type or types of guarantees that were obtained for an extension of
credit, or that would have been obtained if the covered credit
transaction were originated; and (iii) the length of the loan term, in
months, if applicable.
The Bureau believes that it is reasonable to interpret the
statutory term ``credit type'' to comprise the three required
subcategories, because they are critical to understanding the nature of
small business credit applied for and provided, as explained below. For
the reasons discussed herein, the Bureau believes that the
subcategories of credit product (including collateral), guarantee type,
and loan term will aid in fulfilling the purposes of section 1071.
Financial institutions generally have all of the information required
for this data point when they process applications (and the reporting
regime is sufficiently flexible when they do not), so the Bureau does
not believe there is anything in this approach that will impose
particular operational difficulty. Additionally, the Bureau believes it
is reasonable to interpret type of credit ``applied for'' to include
the type of credit actually originated when an application results in
an extension of credit.
The statutory term ``type . . . of the loan'' is ambiguous, and the
Bureau reasonably interprets the term to include the credit product,
any guarantee obtained, and the term of a loan because an accurate and
useful record of the ``type'' of loan or credit would include those
data fields. In the alternative, ECOA section 704B(e)(2)(H) authorizes
the Bureau to require inclusion of ``any additional data that the
Bureau determines would aid in fulfilling the purposes of [section
1071],'' and for the reasons discussed herein, the Bureau has also
determined that the subcategories of credit product (including
collateral), guarantee type, and loan term will aid in fulfilling those
purposes.
Credit product. The Bureau is finalizing the credit product
subcategory with certain changes to the associated commentary to
facilitate compliance and enhance the quality and usefulness of the
data reported. Final Sec. 1002.107(a)(5)(i) requires financial
institutions to compile and maintain data on the credit product applied
for or originated. The Bureau continues to consider credit product to
be an integral part of the statutory requirement to collect credit
type. The Bureau believes information about the various products sought
by applicants will further the purposes of section 1071 by
demonstrating, for example, how small businesses of different sizes or
in different sectors choose to pursue, or ultimately access, different
forms of credit.
The Bureau distinguishes between secured and unsecured term loans
and lines of credit in its list of credit products because it believes
that whether a term loan or line of credit is collateralized can have
such a significant effect on things like approval rates and pricing
that secured and unsecured products fundamentally differ in kind. For
this reason, the Bureau believes that including information on the use
of collateral in the credit product subcategory will help data users to
avoid inaccurate interpretations of data. The Bureau believes that
whether a loan is secured or unsecured will be part of an application
or loan file and, as a result, will not be operationally difficult to
report once a financial institution's section 1071 compliance system is
set up.
Final comment 107(a)(5)-1 presents the instructions for collecting
and reporting credit product and the list of credit products from which
financial institutions will select. Comment 107(a)(5)-1 explains that a
financial institution complies with Sec. 1002.107(a)(5)(i) by
selecting the credit product applied for or originated from the list
provided in the comment. The Bureau believes that the list of credit
products provided in final comment 107(a)(5)-1 aligns with the most
common types of credit products in small business lending. Final
comment 107(a)(5)-1 also explains that if the credit product for an
application does not appear on the list of products provided, the
financial institution selects ``other'' as the credit product and
reports the specific product via free-form text. The Bureau believes
that allowing financial institutions to choose ``other'' when the
credit product for the application does not appear on the provided list
will facilitate compliance. In addition, collecting this information on
``other'' credit products will assist the Bureau in tracking product
trends and key developments in the small business lending market, which
the Bureau can use to inform any future iterations of the list.
Comment 107(a)(5)-1 also explains that if an applicant requests
more than one credit product at the same time, the financial
institution reports each credit product requested as a separate
application. The issue of how to collect and report multiple products
applied for at the same time affects several data points, but is most
salient for credit type. The Bureau believes that requiring a separate
application to be reported for each credit product requested will yield
more complete and useful data, and that a financial institution will
not experience operational difficulties in copying the relevant
information, identical for most data points, to separate lines in the
small business lending application register. However, the Bureau has
changed the language regarding this requirement from the proposed rule,
in order to clarify that when the applicant is seeking only one
transaction but is open to alternative product types, the financial
institution reports only one application. Comment 107(a)(5)-1 now
includes instructions on how to report credit product when the
applicant only requests a single covered credit transaction, but has
not decided which particular product to request. The Bureau believes
that this new language will facilitate compliance and lead to the
collection of more accurate data. The issue of reporting requests for
multiple covered credit transactions at one time is discussed more
fully in the section-by-section analysis of Sec. 1002.103(a) above.
As explained above, many commenters suggested changes to the list
of products in comment 107(a)(5)-1. In regard to the requests to
separate out mortgages, auto loans and equipment financing as discrete
secured loan types, to include additional information about collateral,
and to make ``refinancing'' a credit product rather than a credit
purpose, the Bureau believes that its credit product taxonomy presents
a clear, uncomplicated framework using the basic forms of credit
extended to small businesses. Including types of collateral and
different refinancings as part of credit products would complicate the
taxonomy and introduce categorization difficulties, for example with
partial refinancings. Under the final rule, these types of credit will
be reported using the credit product applied for or originated, from
the list in comment 107(a)(5)-1, and the extra information suggested
may or may not be appropriately included in the credit purpose data
point under Sec. 1002.107(a)(6), depending on the situation.
Similarly, the Bureau believes that the overdraft aspect of overdraft
lines of credit will best be reported using the credit purpose
``overdraft,'' and that the credit product will then be reported as a
line of credit, secured or unsecured. The Bureau believes that this
arrangement will help preserve the uncomplicated framework of the
credit products list. See the section-by-section analysis of Sec.
1002.107(a)(6) below for further discussion.
As a result of further analysis and consideration, the Bureau has
made one change from the proposal to the final
[[Page 35292]]
credit products list in comment 107(a)(5)-1. The proposed ``credit card
account'' product has now been separated into ``credit card account,
not private-label,'' and ``private-label credit card account.'' The
Bureau believes that private-label credit cards form a distinct and
important market segment that operates differently from other credit
cards, and this distinction will facilitate robust data analysis and
better further the purposes of section 1071. The Bureau also believes
that financial institutions will have the information needed for
reporting these different types of accounts readily available, and so
separating the two types will not cause operational difficulty. In
addition to the change in the credit product list in comment 107(a)(5)-
1, the Bureau has added new comments 107(a)(5)-2 and -3 to explain the
difference between these card products and facilitate compliance. Final
comment 107(a)(5)-2 provides a definition of credit card accounts that
are not private-label and includes instructions on reporting these
products. Final comment 107(a)(5)-3 provides a definition of private-
label credit card accounts and includes instructions on reporting these
products.
The Bureau is also finalizing comments 107(a)(5)-4, -5 (which were
numbered as comments 107(a)(5)-2 and -3 in the proposal) and comment
107(a)(5)-6 as proposed. Final comment 107(a)(5)-4 describes the
situation in which a financial institution reports that the credit
product was ``not provided by applicant and otherwise undetermined.''
The Bureau believes that permitting this response will facilitate
compliance and enhance the quality of data collected. As discussed
above, commenters supported the flexibility afforded by this kind of
response.
Final comment 107(a)(5)-5 provides instructions on how a financial
institution reports a transaction that involves a counteroffer. The
comment states that if a financial institution presents a counteroffer
for a different credit product than the product the applicant had
initially requested, and the applicant does not agree to proceed with
the counteroffer, a financial institution reports the application for
the original credit product as denied pursuant to Sec. 1002.107(a)(9).
If the applicant agrees to proceed with consideration of the financial
institution's counteroffer, the financial institution reports the
disposition of the application based on the credit product that was
offered, and does not report the original credit product applied for.
The Bureau believes that, in the complex circumstances created by
counteroffers, the meaning of the type of credit ``applied for'' is
ambiguous, and it is reasonable to interpret the credit product
``applied for'' to mean the credit product considered via the
applicant's response to the counteroffer. For a discussion of the
Bureau's treatment of counteroffers more generally, see the section-by-
section analysis of Sec. 1002.107(a)(9) below.
Final comment 107(a)(5)-6 explains that for an extension of
business credit incident to a factoring arrangement that is otherwise a
covered credit transaction, a financial institution selects ``other
sales-based financing transaction'' as the credit product, and provides
a cross reference to comment 104(b)-1. The Bureau believes that this
explanation will facilitate reporting of applications involving this
important market segment.
Type of guarantee. The Bureau is finalizing the requirement to
report guarantees as a subcategory of the credit type data point with
changes to enhance the quality of the data collected and facilitate
compliance. The final rule requires a financial institution to report
the type or types of guarantees that were obtained for an extension of
credit, or that would have been obtained if the covered credit
transaction were originated.
The Bureau considers the guarantee obtained for an extension of
credit to be part of the credit ``type'' because it is fundamental to
the nature of the transaction in that it meaningfully impacts terms
such as interest rates, such that guarantee information can help to
explain potential disparities in outcomes and reduce inaccurate
conclusions, aiding in fulfilling the fair lending purpose of section
1071. Indeed, in common parlance, small business credit transactions
are often referred to using the name of the guarantee (e.g., ``a 7(a)
loan,'' referring to the SBA 7(a) guarantee). Because various types of
guarantees are available for different credit products, the Bureau
believes that guarantee type should constitute a separate subcategory
within the credit type data point, so that data users can conduct
separate analyses with respect to credit product and guarantees, and to
avoid excessive complexity in the credit product data field. The Bureau
further believes that information on the distribution of government
loan guarantees (such as those provided in SBA programs) across
different geographic areas and applicant groups will allow a better
understanding of how those programs function on the ground, aiding in
fulfilling the business and community development purpose of section
1071. As with collateral, information on guarantees is generally a part
of an application or loan file and the Bureau does not believe it will
be operationally difficult to report once a financial institution's
1071 compliance system is set up.
Final comment 107(a)(5)-7 (which was numbered as comment 107(a)(5)-
4 in the proposal) presents the instructions for collecting and
reporting type of guarantee and the list of guarantees from which
financial institutions will select. The Bureau believes the list of
guarantee types provided in comment 107(a)(5)-7 aligns with the most
common types of guarantees used in small business lending. Final
comment 107(a)(5)-7 also explains that a financial institution complies
with Sec. 1002.107(a)(5)(ii) by selecting the type or types of
guarantee(s) obtained for an originated covered credit transaction, or
that would have been obtained if the covered credit transaction were
originated, from the list provided in the comment.
The Bureau agrees with the commenters who suggested that clarity
was needed on how to report guarantee type when the covered credit
transaction is not originated. Consequently, comment 107(a)(5)-7 now
states that if an application is denied, withdrawn, or closed for
incompleteness before any guarantee has been identified, the financial
institution selects ``no guarantee.'' The Bureau believes that this
reporting option will facilitate compliance and result in the
collection of more reliable data. The Bureau also agrees that
separating State and local guarantees, so that they can be tracked
individually, will enhance the quality of the data collected. Comment
107(a)(5)-7 now includes separate items for these guarantee types, and
states that the financial institution chooses State government
guarantee or local government guarantee, as applicable, based on the
entity directly administering the program, not the source of funding.
The Bureau believes that this instruction will facilitate compliance
and enhance the quality of the data collected. The Bureau also believes
that differentiating between State and local guarantees will not cause
operational difficulty for reporters because the financial institution
will have the information in the loan file.
The Bureau understands that there may be some value in collecting
the additional information suggested by commenters on whether a natural
person or business makes a guarantee and the nature of the collateral
backing a guarantee. However, the Bureau
[[Page 35293]]
believes that these items will increase the complexity and operational
difficulty of compliance in reporting the type of guarantee and has not
included them in the final rule.
Loan term. The Bureau is finalizing the requirement to report loan
term as part of the credit type data point with certain changes to the
associated commentary to facilitate compliance and enhance the quality
of the data collected. Final Sec. 1002.107(a)(5)(iii) requires a
financial institution to report the length of the loan term, in months,
if applicable.
As with the consumer lending market, the pricing and sustainability
of closed-end credit transactions for small businesses are associated
with term length, and without awareness of the term of the loan, data
users will have less of an understanding of the types of credit being
made available to applicants. Credit with a one-month term may differ
not just in degree but in kind from credit with a 60-month term. The
Bureau thus believes that the length of the loan term is a fundamental
attribute of the type of credit that applicants are seeking such that
it should be treated as a separate subcategory within credit type. As
with other elements of the credit type data point, loan term
information will allow data users to reduce inaccurate conclusions or
misinterpretations of the data, aiding in fulfilling both the fair
lending and business and community development purposes of section
1071. Likewise, the loan term will be part of the application or loan
file and should not be operationally difficult to report once a
financial institution's 1071 compliance system is set up.
Final comment 107(a)(5)-8 (which was numbered as comment 107(a)(5)-
5 in the proposal) presents the instructions for collecting and
reporting loan term. Specifically, it explains that a financial
institution complies with Sec. 1002.107(a)(5)(iii) by reporting the
number of months in the loan term for the covered credit transaction,
and that the loan term is the number of months after which the legal
obligation will mature or terminate. In the proposed rule, this comment
included language that would have required financial institutions to
measure the loan term in the way that loan terms are generally
described in real property transactions. However, the Bureau agrees
with those commenters who stated that such a provision would create
compliance difficulties. Although the final comment continues to allow
the loan term to be measured for real property transactions in the way
the Bureau proposed, it makes clear that loan term for small business
credit is generally measured from the date of origination and should be
reported that way.
Final comment 107(a)(5)-8 also makes clear that if a credit
product, such as a credit card, does not have a loan term, the
financial institution reports loan term as ``not applicable.'' The
Bureau believes that permitting the use of ``not applicable'' in these
situations will facilitate compliance and aid in the collection of
appropriate data. However, the Bureau does not consider products that
have an estimated loan term, such as certain merchant cash advances and
other sales-based financing transactions, as products that do not have
a loan term. The Bureau agrees with those commenters who suggested that
merchant cash advance providers should report loan term so that
appropriate comparisons can be made with other products. Consequently,
comment 107(a)(5)-8 now provides that for merchant cash advances and
other sales-based financing transactions, the financial institution
complies with Sec. 1002.107(a)(5)(iii) by reporting the loan term, if
any, that the financial institution estimated, specified, or disclosed
in processing or underwriting the application or transaction. The
Bureau notes that loan term for a merchant cash advance or other sales-
based financing transaction can also be the estimated loan term
disclosed in a State or locally required disclosure, if applicable. The
comment also explains that if more than one loan term is estimated,
specified, or disclosed, the financial institution reports the one it
considers to be the most accurate, in its discretion. The Bureau
believes that these instructions will enhance the quality of the data
collected and facilitate compliance by providing clear guidance on
these providers' reporting responsibilities. The Bureau chose not to
use the other loan term measurements that commenters suggested because
they would likely have introduced significant operational difficulty.
The Bureau believes that merchant cash advance and other sales-based
financing providers will not have operational difficulty reporting an
estimate that they already possess. If a merchant cash advance or other
sales-based financing provider does not estimate, specify, or disclose
a loan term as part of the processing or underwriting of the
application or transaction, the provider may report that the loan term
is ``not applicable.''
The proposed rule's loan term comment would have also provided that
the financial institution would report ``not applicable'' if the
application is denied, withdrawn, or determined to be incomplete before
a loan term has been identified. However, in order to facilitate
compliance, enhance the quality of information collected, and for
consistency with the other data points in the final rule, final comment
107(a)(5)-8 now provides that for a credit product that generally has a
loan term, the financial institution reports ``not provided by
applicant and otherwise undetermined'' if the application is denied,
withdrawn, or determined to be incomplete before a loan term has been
identified. The Bureau believes that the availability of this response
will facilitate the reporting of the loan term subcategory for
applications in these situations.
107(a)(6) Credit Purpose
Proposed Rule
Section 1071 requires financial institutions to collect and report
``the type and purpose of the loan or other credit being applied for.''
\607\ (The credit type data point is discussed in the section-by-
section analysis of Sec. 1002.107(a)(5) immediately above.)
---------------------------------------------------------------------------
\607\ ECOA section 704B(e)(2)(B).
---------------------------------------------------------------------------
The Bureau proposed in Sec. 1002.107(a)(6) to require that
financial institutions collect and report the purpose or purposes of
the credit applied for or originated. Proposed comment 107(a)(6)-1
would have presented instructions for collecting and reporting credit
purpose and would have provided the proposed list of credit purposes
from which financial institutions would select.
The proposed list of credit purposes was similar to the list in the
SBREFA Outline, with certain adjustments. First, the items on the
SBREFA list that described types of collateral, such as commercial real
estate, were updated to more clearly reflect that the financial
institution would be collecting and reporting the purpose of the loan,
and not the form of collateral, though the form of collateral might be
referred to in describing that purpose. In addition, the proposed
listed purposes involving real property would have differentiated
between dwelling and non-dwelling real property. The Bureau believed
that this distinction would help in collecting more precise and useful
data. To facilitate compliance the Bureau proposed to include ``not
applicable'' in the purposes list for use when an application is for a
credit product that generally has indeterminate or numerous potential
purposes, such as a credit card. Proposed comment 107(a)(6)-5 would
have also explained
[[Page 35294]]
the use of ``not applicable'' as a response.
Proposed comment 107(a)(6)-2 would have explained that if the
applicant indicated or the financial institution was otherwise aware of
more than one purpose for the credit applied for or originated, the
financial institution would have reported those purposes, up to a
maximum of three, using the list provided, in any order it chose.
Proposed comment 107(a)(6)-3 would have explained that if a purpose
of the covered credit transaction did not appear on the list of
purposes provided, the financial institution would report ``other'' as
the credit purpose and report the purpose as free-form text. For
efficiency and to facilitate compliance, proposed comment 107(a)(6)-3
would have also explained that if the application had more than one
``other'' purpose, the financial institution would choose the most
significant ``other'' purpose, in its discretion, and would report that
``other'' purpose. The comment would have then explained that a
financial institution would report a maximum of three credit purposes,
including any ``other'' purpose reported.
Proposed comment 107(a)(6)-4 would have explained that, pursuant to
proposed Sec. 1002.107(c)(1), a financial institution would maintain
procedures reasonably designed to collect applicant-provided
information, which would include credit purpose. However, if a
financial institution was nonetheless unable to collect or determine
credit purpose information, the financial institution would have
reported that the credit purpose was ``not provided by applicant and
otherwise undetermined.''
In order to facilitate compliance, the Bureau also proposed
comments 107(a)(6)-6 and -7. Proposed comment 107(a)(6)-6 would have
clarified that, as explained in proposed comment 104(b)-4, subpart B
did not apply to an extension of credit that was secured by 1-4
individual dwelling units that the applicant or one or more of the
applicant's principal owners did not, or would not, occupy. Proposed
comment 107(a)(6)-7 would have clarified the collection and reporting
obligations of financial institutions with respect to the credit
purpose data point, explaining that the financial institution would be
permitted, but not required, to present the list of credit purposes
provided in comment 107(a)(6)-1 to the applicant. Proposed comment
107(a)(6)-7 would have further explained that the financial institution
would also be permitted to ask about purposes not included on the list
provided in proposed comment 107(a)(6)-1. Finally, proposed comment
107(a)(6)-7 would have clarified that if an applicant chose a purpose
or purposes that were similar to purposes on the list provided, but
used different language, the financial institution would report the
purpose or purposes from the list provided.
The Bureau sought comment on its proposed approach to the credit
purpose data point. In addition, the Bureau sought comment on whether
there were any purposes that should be added to or modified on its
proposed list. In particular, the Bureau sought comment on the
potential usefulness of including ``agricultural credit'' and
``overdraft line of credit'' in the credit purposes list. Finally, the
Bureau requested comment on whether further explanations or
instructions with respect to this data point would facilitate
compliance.
Comments Received
The Bureau received comments on its proposed approach to the credit
purpose data point from a number of lenders, trade associations, and
community groups, along with a minority business advocacy group.
Several community groups expressed support for the credit purpose data
point as proposed by the Bureau, and a CDFI lender explained that it
already collects this information. A community group stated that the
proposal accurately captured the wide variety of credit purposes and
then expressed specific support for distinguishing dwellings from non-
dwellings, allowing reporting of three credit purposes, and inclusion
of the ``other'' category with a free-form text box. In addition, this
commenter suggested that the proposed method for credit purpose
collection could work well with the CRA.
A trade association representing community banks also supported the
proposal for credit purpose, especially the flexibility provided by the
``not applicable'' and ``not provided by applicant and otherwise
undetermined'' options, and the provision allowing a financial
institution to report the credit purposes in any order it chooses, when
the institution is aware of more than one purpose. That commenter said
that these accommodations would facilitate compliance while still
achieving the policy goals of the law. A trade association representing
auto finance lenders also stated support for the flexibility provided
by the ``not applicable'' and ``not provided by applicant and otherwise
undetermined'' options. Two banks opposed the credit purpose proposal,
explaining that it would require extensive changes and burdensome
ongoing operations, and that the interplay with other regulatory
requirements was unclear. One of these commenters also questioned the
usefulness of the data collected. However, neither commenter suggested
alternative ways to implement the statutorily required credit purpose
data point.
Several commenters asked that the Bureau clarify certain aspects of
the credit purpose proposal. Two industry commenters requested
clarification of the circumstances when institutions should use ``not
provided by applicant and otherwise undetermined'' as opposed to ``not
applicable.'' Several industry commenters requested guidance on when to
use ``owner-occupied'' versus ``non-owner occupied'' for non-dwelling
real property. Another asked about how to report when the loan is
mixed-use (business and consumer purpose). A joint letter from
community groups and community oriented lenders requested that the
Bureau clarify that the category ``Working capital (includes inventory
or floor planning)'' also includes salaries, rents, and other daily
expenses. A credit union trade association suggested that the Bureau
clarify how transactions should be reported when made directly to a
sole proprietor, not to the business directly, explaining that credit
unions may find it confusing to report a loan purpose that implies that
the business itself is the recipient.
Several commenters requested more substantial changes in the
proposed credit purpose data point. Two joint comment letters, each
representing multiple community groups and other entities, requested
that the Bureau require more granular reporting in certain situations,
especially with regard to real property loans. These comments suggested
collecting real property loan data on rental purpose, whether buildings
are mixed-use, the number and type of units in buildings, as well as a
way to easily connect to a HMDA record for any loan that is reported
under both regimes. One of these comments asked that the Bureau make it
easier to determine if a capital expense loan is used to maintain a
business or expand it. Another community group requested that the
Bureau disaggregate the purchase-construction-repair purpose from
refinancing for things like real estate, vehicles, and equipment,
perhaps by adding a separate data point. Another requested that
refinancings (along with renewals) should be listed as a credit product
in the credit type data point, rather than as a credit purpose. That
same commenter requested that financial institutions not be allowed to
use their own list of purposes, as
[[Page 35295]]
proposed, and suggested that the Bureau consider providing a sample
application form, which would include the rule's list of credit
purposes, to facilitate data collection.
Several industry commenters responded to the Bureau's request for
comment on including ``agricultural credit'' as a credit purpose. These
commenters mostly requested that new purposes specifically geared to
agricultural lending be included, though they did not offer any
examples of such purposes. The commenters emphasized that agricultural
lending is different from other business lending and suggested that
choosing from the credit purposes listed would be difficult for this
market. A community group stated that it might be confusing to list
agricultural credit as a credit purpose as the credit product data
point would collect that they are farm loans.\608\
---------------------------------------------------------------------------
\608\ The Bureau notes that the proposed rule did not expressly
list agricultural loans (or similar) on either the credit products
list or credit purposes list.
---------------------------------------------------------------------------
Several community groups and a minority business advocacy group
responded to the Bureau's request for comment on whether the final rule
should include ``Overdraft line of credit'' as a credit purpose. These
commenters supported inclusion of overdraft as a purpose, stating that
it should be monitored for potential abuses, especially abuses in
communities of color. No industry commenters discussed the possible
inclusion of overdraft lines of credit as a credit purpose.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(6) and associated commentary with certain revisions for
clarity, to improve the usefulness of the data collected, and to
accommodate a new coverage exclusion for HMDA-reportable transactions.
Final Sec. 1002.107(a)(6) requires that financial institutions collect
and report the purpose or purposes of the credit applied for or
originated.
Final comment 107(a)(6)-1 provides instructions for collecting and
reporting credit purpose and presents the list of credit purposes from
which financial institutions will select. The final list of purposes is
very similar to the proposed list but deletes two purposes that
describe credit likely to be HMDA reportable, includes one additional
purpose (``overdraft'') and makes minor edits to accommodate those
changes and for clarity. The Bureau believes that the list of credit
purposes provided in comment 107(a)(6)-1 appropriately aligns with the
purposes of credit sought in the small business credit market.
Because the Bureau is adopting an exclusion for HMDA-reportable
credit, the proposed purposes list's differentiation between dwelling
and non-dwelling real property is no longer necessary. In addition, the
purposes in the list that pertained to dwellings were very likely to be
HMDA-reportable, and so have been removed in the final rule. See the
section-by-section analysis of Sec. 1002.104(b) above for further
discussion of this exclusion.
The Bureau agrees with the commenter who suggested that ``Working
capital (includes inventory or floor planning)'' will often also
include salaries, rents, and other daily expenses. However, the final
rule does not include these items in the credit purposes list
description of working capital because the Bureau believes the term is
already clear, and listing these items may cause confusion as to other
working capital items that are not listed.
The Bureau has not added ``Agricultural credit'' or specific
purposes associated with agricultural credit to the list of credit
purposes in the final rule. First, although ``farm loans'' are not
listed as a credit product in the credit type data point, the NAICS
data point in final Sec. 1002.107(a)(15) will make clear when the
small business borrower is an agricultural business. In addition, other
business types are not included in the credit purposes list and doing
so with agriculture could cause confusion. As far as including specific
agricultural purposes in the purposes list, the commenters who
suggested this did not provide examples, and the Bureau did not propose
such purposes. Going forward, the Bureau may learn of specific
agricultural credit purposes from the ``Other'' free-form text box, and
if appropriate, potentially add them to the rule later.
The Bureau agrees that overdraft should be separately identified as
a credit purpose in the list in comment 107(a)(6)-1 in order to observe
its use in the market. Rather than ``Overdraft line of credit'' as
referenced in the proposal's preamble, the Bureau is using the term
``Overdraft.'' In order to facilitate compliance regarding overdraft as
a credit purpose, the Bureau is adding new comment 107(a)(6)-8 to the
final rule, which makes clear that when overdraft is an aspect of the
covered credit transaction applied for or originated, the financial
institution reports ``Overdraft'' as a purpose of the credit. The new
comment also explains that the financial institution reports credit
type pursuant to Sec. 1002.107(a)(5)(i) as appropriate for the
underlying covered credit transaction, such as ``Line of credit--
unsecured.'' The Bureau does not believe that reporting overdraft as a
credit purpose will create operational difficulties for financial
institutions because the information will be readily apparent as an
aspect of the credit. Finally, new comment 107(a)(6)-8 makes clear that
providing occasional overdraft services as part of a deposit account
offering would not be reported for the purpose of subpart B.
The Bureau is finalizing comments 107(a)(6)-2 through -5 with minor
edits to accommodate the removal of purposes related to the exclusion
for HMDA-reportable transactions and for clarity. Final comment
107(a)(6)-2 explains that if the applicant indicates or the financial
institution is otherwise aware of more than one purpose for the credit
applied for or originated, the financial institution reports those
purposes, up to a maximum of three, using the list provided, in any
order it chooses. Since applicants may have more than one purpose for a
credit transaction, the Bureau believes it is appropriate to require
collection and reporting of more than one credit purpose for this data
point in that situation. The Bureau believes that having financial
institutions report up to three credit purposes will provide useful
data. The Bureau also believes that allowing financial institutions
discretion as to the order of the credit purposes reported will
facilitate compliance.
Final comment 107(a)(6)-3 explains that if a purpose of an
application does not appear on the list of purposes provided, the
financial institution reports ``other'' as the credit purpose and
reports the credit purpose as free-form text. The Bureau believes that
allowing financial institutions to choose ``other'' when a credit
purpose for the application did not appear on the provided list will
facilitate compliance. In addition, the Bureau believes that collecting
this information on ``other'' credit purposes will assist in monitoring
trends in this area and key developments in the small business lending
market, which the Bureau can use to inform any future changes to the
list.
Final comment 107(a)(6)-4 makes clear that, pursuant to final Sec.
1002.107(c)(1), a financial institution shall maintain procedures
reasonably designed to collect applicant-provided data, which includes
credit purpose. However, the comment further explains that if a
financial institution is nonetheless unable to collect or determine
credit purpose information,
[[Page 35296]]
the financial institution reports that the credit purpose is ``not
provided by applicant and otherwise undetermined.'' The Bureau agrees
with the industry commenters who stated that this provision would
provide flexibility and believes that permitting use of this response
will facilitate compliance and enhance the quality of data reported.
In order to facilitate compliance, final comment 107(a)(6)-5
explains that if the application is for a credit product that generally
has indeterminate or numerous potential purposes, such as a credit
card, the financial institution may report credit purpose as ``not
applicable.'' As with the ``not provided by applicant and otherwise
undetermined'' purpose, the Bureau agrees with the industry commenters
who felt that this provision would provide appropriate flexibility. The
Bureau does not believe that there will be confusion about the
situations for which ``not provided by applicant and otherwise
undetermined'' (as explained in final comment 107(a)(6)-4) and ``not
applicable'' (as explained in final comment 107(a)(6)-5) are
appropriate to use. The commenters who suggested that such confusion
might occur did not explain why the proposed language would not be
sufficient.
Final comment 107(a)(6)-6 provides details on the collection of
credit purposes by financial institutions. The comment states that,
pursuant to Sec. 1002.107(c)(1), a financial institution shall
maintain procedures reasonably designed to collect applicant-provided
data, including credit purpose. In addition, the financial institution
is permitted, but not required, to present the list of credit purposes
provided in comment 107(a)(6)-1 to the applicant. The financial
institution is also permitted to ask about credit purposes not included
on the list provided in comment 107(a)(6)-1. If the applicant chooses a
purpose or purposes not included on the provided list, the financial
institution follows the instructions in comment 107(a)(6)-3 regarding
reporting of ``other'' as the credit purpose. If an applicant chooses a
purpose or purposes that are similar to purposes on the list provided,
but uses different language, the financial institution reports the
purpose or purposes from the list provided. The Bureau believes that
the explanations and instructions in the final commentary accompanying
Sec. 1002.107(a)(6) will reduce any confusion as to how a financial
institution reports this data point when an application involves
multiple credit purposes, and in other situations.
The Bureau believes that prohibiting financial institutions from
using their own credit purpose lists, as one commenter suggested, would
not be appropriate because the Bureau does not have sufficient
information to create a definitively comprehensive credit purposes list
and wishes to provide institutions the flexibility appropriate to their
market segment. In regard to that commenter's suggestion that the
Bureau provide a sample application form, this issue is discussed in
the section-by-section analysis of appendix E below. In addition, the
Bureau does not believe additional clarification regarding how to
report credit purpose for business loans made to sole proprietors is
necessary.
Because the Bureau is providing a complete exclusion for HMDA-
reportable transactions in the final rule, the Bureau is not finalizing
proposed comment 107(a)(6)-6, which would have provided a cross-
reference to the partial exclusion for dwelling-secured credit in the
proposed rule.
New comment 107(a)(6)-7 explains that real property is owner-
occupied if any physical portion of the property is used by the owner
for any activity, including storage. The Bureau adds this explanation
in response to comments asking for clarity on this issue. The Bureau
believes that the language provided clearly indicates the meaning of
``owner-occupied'' for reporting purposes and will facilitate
compliance and help in the collection of uniform data.
In regard to the commenters that objected to the entire credit
purpose data point as excessively burdensome and not providing useful
information, the Bureau notes that this data point was specified by
Congress in section 1071 as one that financial institutions must
collect and report; these commenters did not suggest a different method
of collection. The Bureau also believes, along with the national trade
association representing small banks whose comment is described above,
that the reporting accommodations included in the credit purpose
provision will facilitate compliance while still achieving the policy
goals of section 1071.
Although some additional useful information might be collected if
the Bureau were to expand the credit purpose data point to include the
more granular reporting requested by community groups, such changes
would make the collection more difficult for financial institutions as
well as potentially confusing for small business applicants; the Bureau
does not believe that further granularity is necessary at this time,
especially at the risk of obtaining potentially less accurate or
complete data overall. In regard to making ``refinancing'' a credit
product rather than a credit purpose as proposed, the Bureau believes
that its credit product taxonomy presents a clear, uncomplicated
framework using the basic forms of credit extended. Making refinancing
a product would complicate the taxonomy and introduce categorization
difficulties, for example with partial refinancings. As for including
renewals, the section-by-section analysis of Sec. 1002.103(b) above
discusses this issue.
107(a)(7) Amount Applied For
Proposed Rule
Section 1071 requires financial institutions to collect and report
``the amount of the credit or credit limit applied for, and the amount
of the credit transaction or the credit limit approved.'' \609\ The
Bureau stated in the SBREFA Outline that it was considering requiring
financial institutions to report the amount applied for data point
using the initial amount of credit or credit limit requested by the
applicant at the application stage, or later in the process but prior
to the financial institution's evaluation of the credit request.\610\
---------------------------------------------------------------------------
\609\ ECOA section 704B(e)(2)(C).
\610\ SBREFA Outline at 28.
---------------------------------------------------------------------------
The Bureau proposed Sec. 1002.107(a)(7) to require a financial
institution to collect and report ``the initial amount of credit or the
initial credit limit requested by the applicant.'' Proposed comment
107(a)(7)-1 would have explained that a financial institution is not
required to report credit amounts or limits discussed before an
application is made, but must capture the amount initially requested at
the application stage or later. In addition, proposed comment
107(a)(7)-1 would have stated that if the applicant does not request a
specific amount, but the financial institution underwrites the
application for a specific amount, the financial institution reports
the amount considered for underwriting as the amount applied for.
Finally, proposed comment 107(a)(7)-1 would have instructed that if the
applicant requests an amount as a range of numbers, the financial
institution reports the midpoint of that range.
To address the situation where the financial institution requests
an amount applied for but the applicant nonetheless does not provide
one, proposed comment 107(a)(7)-2 would have explained that, in
compliance with proposed Sec. 1002.107(c)(1), a financial institution
shall maintain procedures reasonably designed to collect
[[Page 35297]]
applicant-provided information, which includes the credit amount
initially requested by the applicant. However, if a financial
institution is nonetheless unable to collect or otherwise determine the
amount initially requested, the financial institution would have been
required to report that the amount applied for is ``not provided by
applicant and otherwise undetermined.''
Proposed comment 107(a)(7)-3 would have provided instructions for
reporting the amount applied for in regard to firm offers. Proposed
comment 107(a)(7)-3 would have explained that when an applicant
responds to a ``firm offer'' that specifies an amount or limit, which
may occur in conjunction with a pre-approved credit solicitation, the
financial institution reports the amount applied for as the amount of
the firm offer, unless the applicant requests a different amount. If
the firm offer does not specify an amount or limit and the applicant
does not request a specific amount, proposed comment 107(a)(7)-3 would
have explained that the amount applied for is the amount underwritten
by the financial institution.
Proposed comment 107(a)(7)-4 would have explained that when
reporting a covered application that seeks additional credit amounts on
an existing account, the financial institution reports only the
additional credit amount sought, and not any previous amounts sought or
extended. The Bureau noted that a request to withdraw additional credit
amounts at or below a previously approved credit limit amount on an
existing open-end line of credit would not be a covered application,
and so proposed comment 107(a)(7)-4 would not have applied to such a
situation.
The Bureau sought comment on its proposed approach to the amount
applied for data point. The Bureau also requested comment on how best
to require reporting of amount applied for in situations involving
multiple products or credit lines under a single credit limit. The
Bureau also requested comment on potential methods for avoiding
misinterpretations of disparities between the amount applied for and
the amount approved or originated. Finally, the Bureau requested
comment on its proposed approach to reporting when a range of numbers
is requested.
Comments Received
The Bureau received comments from lenders, trade associations,
community groups, and others regarding this proposed data point.
Community groups and a CDFI lender supporting the Bureau's approach to
the collection of the amount applied for data point. One commenter said
that it works with minority farmers whose loans are approved for far
less than what they originally applied for and that the data would give
them information regarding lending practices involving minority farm
businesses. Several commenters stated that amount applied for and
amount approved or originated are key data for fair lending purposes.
One said that Black-, Latino-, and Asian-owned businesses have been
substantially less likely to receive the full small business loan
amount requested than white-owned small businesses. Another commenter
requested that the Bureau scrutinize lenders when the application and
approval amounts are conspicuously close, especially if there is a
disproportionate impact on women and minority-owned businesses, because
some lenders may dissuade applicants from making a specific request and
steer them to the considered underwriting amount that is lower than the
financing need of the small business.
A community group noted that amounts should not be reported in
ranges since the statute requires reporting of amounts and furthermore,
that ranges are not useful for assessing whether lenders are responding
adequately to credit needs. This community group also commented that
with respect to line increases, it makes sense for the lender to report
the additional amount instead of the additional and original amount
because it is more precise in terms of being able to assess whether
credit needs are being met.
Several industry commenters and a group of State banking regulators
expressed concerns about collecting the data in light of the lending
process where the ``amount applied for'' can fluctuate throughout the
application stage. One trade association commented that financial
institutions should not be required to report amounts stated before an
application is made because applicants state a loan amount early on but
that loan amount usually changes throughout the process for various
reasons. Another stated that many business credit applications include
offers, counteroffers, and negotiations. One commenter stated that even
though the initial amount requested appears useful it does not reflect
the true dynamic of the small business lending process. The commenter
reasoned that it is not uncommon during the application process to see
the actual loan amount fluctuate as the entrepreneur further refines
their capital needs, and that makes tracking this type of information
not particularly relevant or reflective of the process. A credit union
trade association recommended that financial institutions have the
discretion to report an ``amount applied for'' that is determined at a
later stage, rather than at the first request of the applicant, because
reporting the initial credit request could inaccurately represent the
lending process. A group of state banking regulators commented that
some applicants may not request an amount or may request a range, and
some financial institutions will not require such information at the
outset. They stated that mandating reporting of a requested loan amount
would impose increased compliance burdens and has the potential to
disrupt the relationship aspect of small business lending.
Two industry commenters requested the Bureau clarify how financial
institutions should report the amount applied for when a firm offer of
credit specifies a range of possible amounts, for example, amounts
between $20,000 and $40,000. These commenters stated they believe such
offers should be deemed not to specify an amount or limit and that
institutions should be able to report the amount underwritten as the
amount applied for. They reasoned that reporting the top of the range
as the amount applied for in these circumstances could be misleading
because many applicants likely will not qualify for amounts at the top
of the range. A bank suggested that when an applicant indicates a
range, each financial institution should be able to decide whether to
report the low, midpoint, or high end of the range so long as it is
consistent for the financial institution's entire small business
lending application register.
Two business advocacy groups noted that uncertainty regarding key
definitions could create compliance challenges and requested that the
Bureau provide additional clarity as to the meaning of ``applied for.''
A bank stated that its systems do not have a way to collect and record
this data point and that it would need to collect it manually, which
would affect its ability to serve its customers and community.
The Bureau did not receive comments on how best to require
reporting for situations involving multiple products or credit lines
under a single credit limit or potential methods for avoiding
disparities between amount applied for and amount originated or
approved.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(7) and associated commentary with revisions and an addition
in the commentary for
[[Page 35298]]
clarity. The Bureau notes that for HMDA, Regulation C Sec.
1003.4(a)(7) requires reporting of ``the amount of the covered loan or
the amount applied for, as applicable,'' which requires reporting of
the amount applied for only when the credit is not originated. Because
section 1071 uses the conjunction ``and'' rather than ``or,'' the
Bureau reads section 1071 to require collection and reporting of the
amount applied for regardless of whether the application is ultimately
approved or originated.\611\ The Bureau believes its interpretation of
``the amount of the credit or credit limit applied for'' pursuant to
ECOA section 704B(e)(2)(C) is reasonable and appropriate.
---------------------------------------------------------------------------
\611\ The amount approved or originated data point is addressed
in the section-by-section analysis of Sec. 1002.107(a)(8).
---------------------------------------------------------------------------
With respect to the commenter that indicated that some lenders may
dissuade applicants from making a specific request and steer them to
the considered underwriting amount, which may be lower than their
financing needs, the Bureau believes that it is necessary to capture
both the amount applied for and amount approved or originated to
fulfill the statutory purposes of section 1071, including facilitating
fair lending enforcement. The Bureau believes the amount applied for
and the amount approved data points are necessary to identify
potentially discriminatory practices, such as discouragement or
steering, in the lending process. For example, greater differences
between amount applied for and amount originated among protected groups
could indicate a fair lending concern. The Bureau notes that if a
financial institution were to seek to unduly influence or alter the
amount requested by the applicant in order to avoid reporting it, such
conduct would violate the requirement in final Sec. 1002.107(c) to not
discourage an applicant from responding to requests for applicant-
provided data and to maintain procedures to collect such data at a time
and in a manner that are reasonably designed to obtain a response.
Regarding commenters' concerns that the amount applied for can
change throughout the lending process, the Bureau acknowledges that
there could be complexity in pinpointing the specific initial amount
requested by an applicant in the fluid process of a small business
credit application. The Bureau acknowledges that this complexity could
make this data point challenging for financial institutions to collect
and report. Nonetheless, the statute requires that the amount applied
for be reported, and the information is important for both of section
1071's statutory purposes. The Bureau is finalizing comment 107(a)(7)-1
with minor edits for clarification. Final comment 107(a)(7)-1 provides
that the financial institution reports the initial amount of credit or
the credit limit initially requested by the applicant at the
application stage and is not required to report credit amounts or
limits discussed before an application is made. The Bureau believes
that this guidance will provide a flexible compliance regime that will
accommodate different business practices. A financial institution will
not be required to report amounts discussed before the application is
made, which will accommodate preliminary informal interactions.
Regarding the recommendation that financial institutions have the
discretion to report an amount determined at a later stage rather than
the initial request of the applicant, the Bureau notes that the statute
requires the amount applied for to be reported even though a small
business credit application process can be fluid. Therefore, a
financial institution should report the initial request of the
applicant if the lending process has already reached the application
stage. In regard to ranges of amounts requested, the Bureau does not
believe that permitting financial institutions to decide whether to
report the low, midpoint, or high end of the range, as requested by a
commenter, would yield data that will be comparable to the other data
collected for this data point because different financial institutions
will be applying different rules for what to report. The Bureau
believes that more uniform information will be more useful and should
not create extra difficulty for financial institutions to collect.
Therefore, to facilitate compliance, final comment 107(a)(7)-1 provides
that for amounts that were requested as a range of numbers, the
financial institution reports the midpoint of the range. In addition,
for clarity, the Bureau moved guidance on what to report if an
applicant does not request a specific amount to final comment
107(a)(7)-2, as explained below.
With respect to the comment that an amount may not be initially
required or that some applicants may not request an amount or may
request a range, the Bureau understands that a specific amount may not
be provided by the applicant and that a specific amount is often not
required by many financial institutions for products such as credit
cards, as the financial institution assigns the credit limit as part of
the credit evaluation process. Final comment 107(a)(7)-2 provides that
in situations where the applicant does not request a specific amount at
the application stage, but the financial institution underwrites the
application for a specific amount, the financial institution reports
the amount that was considered in underwriting. Final comment
107(a)(7)-2 also provides that if a particular type of credit product
does not involve a specific amount requested, then the financial
institution reports ``not applicable.'' The Bureau believes this method
will aid compliance with section 1071 and yield appropriate data by
avoiding the need to report a preliminary number when a financial
institution's business practices do not result in there being such a
number to report. For clarity, the Bureau moved guidance regarding
amounts that are otherwise undetermined that was addressed in proposed
comment 107(a)(7)-2 to final comment 107(a)(7)-5, as explained below.
Regarding the request that the Bureau clarify how institutions
should report the amount applied for when a firm offer of credit
specifies a range of possible amounts, the Bureau added guidance in
final comment 107(a)(7)-3 that addresses this situation. ``Firm
offers'' involve solicitations to small businesses when they have been
pre-approved for a term loan, line of credit, or credit card.\612\ The
Bureau understands that financial institutions often provide an amount
in such solicitations and the Bureau believes that when the applicant
knows the amount of the pre-approval before responding, that figure
could appropriately be considered as the amount applied for. However,
if no amount appears in the pre-approved solicitation, the Bureau
considers that an applicant responding to the firm offer has not
requested a specific amount, and reporting of the amount underwritten
would be appropriate. Final comment 107(a)(7)-3 provides that when an
applicant responds to a firm offer, a financial institution reports the
amount applied for as the amount of the firm offer, unless the
applicant requested a different amount. If, on the other hand, the firm
offer did not contain a specified amount and the applicant did not
request one, then the financial institution reports the amount applied
for as the amount that was underwritten. The Bureau did not propose
guidance that addresses what financial institutions report when a firm
[[Page 35299]]
offer specifies a range of possible amounts. The Bureau agrees with the
commenters that such offers should be treated similarly to those
situations where a firm offer did not specify an amount. To address
this scenario, final comment 107(a)(7)-3 states that if the firm offer
specifies an amount or limit as a range of numbers and the applicant
does not request a specific amount, the amount applied for is the
amount underwritten by the financial institution. The Bureau believes
that this guidance will aid compliance and yield useful data.
---------------------------------------------------------------------------
\612\ See 15 U.S.C. 1681a(l); see also Regulation B comment
12(b)(7)-1 (describing offers of credit).
---------------------------------------------------------------------------
The Bureau is finalizing comment 107(a)(7)-4 as proposed. The
comment explains that when reporting a covered application that seeks
additional credit amounts on an existing account, the financial
institution reports only the additional credit amount sought, and not
any previous amounts extended.
The Bureau added final comment 107(a)(7)-5 to address situations
where the initial amount applied for cannot be determined.
Specifically, the comment provides that under Sec. 1002.107(c)(1), a
financial institution shall maintain procedures reasonably designed to
collect applicant-provided data, which includes the credit amount
initially requested by the applicant (other than for products that do
not involve a specific amount requested). However, the Bureau
understands that there may be situations in which amount applied for
was not collected and could not be otherwise determined. Thus, final
comment 107(a)(7)-5 provides that if a financial institution is unable
to collect or otherwise determine the amount initially requested, the
financial institution reports that the amount applied for is ``not
provided by applicant and otherwise undetermined.'' The Bureau believes
that providing this reporting flexibility will facilitate compliance by
accommodating different business practices.
With respect to the commenter that indicated that its systems do
not have a way to collect this data point, the Bureau believes that the
data on the amount applied for will generally be available in the loan
files and should not present particular difficulties in reporting.
Regarding the request from commenters that the Bureau provide
additional clarity as to the meaning of applied for, the commenters did
not indicate specific issues in the amount applied for data point that
require clarification. The Bureau believes it has addressed in this
final rule the requests for clarity from other commenters as well as
other clarifications the Bureau believes are appropriate.
107(a)(8) Amount Approved or Originated
Proposed Rule
Section 1071 requires financial institutions to collect and report
``the amount of the credit transaction or the credit limit approved.''
\613\
---------------------------------------------------------------------------
\613\ ECOA section 704B(e)(2)(C).
---------------------------------------------------------------------------
Proposed Sec. 1002.107(a)(8) would have required that the amount
approved or originated data point be collected and reported as follows:
(i) for an application for a closed-end credit transaction that is
approved but not accepted, the financial institution collects and
reports the amount approved by the financial institution; (ii) for a
closed-end credit transaction that is originated, the financial
institution collects and reports the amount of credit originated; and
(iii) for an application for an open-end credit transaction that is
originated or approved but not accepted, the financial institution
collects and reports the amount of the credit limit approved.
Proposed comment 107(a)(8)-1 would have provided general
instructions for the amount approved or originated data point,
explaining that a financial institution reports the amount approved or
originated for credit that is originated or approved but not accepted.
For applications that the financial institution, pursuant to proposed
Sec. 1002.107(a)(9), would have reported as denied, withdrawn by the
applicant, or incomplete, the financial institution would have reported
that the amount approved or originated is ``not applicable.''
Proposed comment 107(a)(8)-2 would have explained that when a
financial institution presents multiple approval amounts from which the
applicant may choose, and the credit is approved but not accepted, the
financial institution reports the highest amount approved. Proposed
comments 107(a)(8)-3 and -4 would have provided specific instructions
for identifying and reporting the amount approved or originated for
closed-end transactions, including refinancings.
Proposed comment 107(a)(8)-5 would have provided instructions
regarding counteroffers and the amount approved or originated data
point, explaining that if an applicant agrees to proceed with
consideration of a counteroffer for an amount or limit different from
the amount for which the applicant applied, and the covered credit
transaction is approved and originated, the financial institution
reports the amount granted. Proposed comment 107(a)(8)-5 would have
further explained that if an applicant does not agree to proceed with
consideration of a counteroffer or fails to respond, the institution
reports the action taken on the application as denied and reports ``not
applicable'' for the amount approved or originated. The proposed
comment would have provided a reference to proposed comment 107(a)(9)-
2, which discusses the action taken data point in relation to
counteroffers.\614\
---------------------------------------------------------------------------
\614\ See the section-by-section analysis of Sec.
1002.107(a)(9) for a complete discussion of how the final rule
treats reporting obligations for applications involving
counteroffers.
---------------------------------------------------------------------------
The Bureau sought comment on its proposed approach to the amount
approved or originated data point. The Bureau also requested comment on
potential methods for avoiding misinterpretations of disparities
between the credit amount or limit applied for and the credit amount or
limit originated or approved and on the possible use of ranges of
numbers for reporting the amount applied for and amount approved or
originated data points. In addition, the Bureau requested comment on
whether it would be useful and appropriate to require reporting of the
amount approved as well as the amount originated for closed-end credit
transactions.
Comments Received
The Bureau received comments on the amount approved or originated
data point from lenders, trade associations, and community groups.
Almost all of the comments received supported the Bureau's proposal. A
bank and a trade association commented that the Bureau's proposal is a
reasonable and appropriate means of implementing the statutory
requirement. A community group and a CDFI lender highlighted the
usefulness of the data for fair lending purposes, including identifying
potentially discriminatory lending practices. The CDFI lender suggested
that the data can help show how financial institutions compare across
key metrics and reveal capital gaps in the market that lenders may be
able to fill. Two commenters supported the proposal's requirement that
data collection on amount approved or originated be required for
transactions that are approved but not accepted, not just those that
are originated. A trade association commented that different standards
are appropriate for closed-end and open-end products, while a community
group noted that it is appropriate to report the credit limit in cases
of open-end credit. Another trade association emphasized the Bureau's
proposal regarding counteroffers and
[[Page 35300]]
that it appropriately allows for negotiations prevalent in small
business lending. A community group requested that the Bureau not
permit reporting of amounts in ranges, stating that the statute
requires reporting of specific amounts and that ranges are not useful
for assessing whether lenders are responding to credit needs
adequately.
Two banks expressed concerns about the overall proposed requirement
to collect data on amount approved or originated. One suggested that
the data are meaningless because the majority of loan requests at a
community bank are not submitted formally and in most cases the amount
approved is what was requested. That bank also noted that it would be
rare for the amount to change and it does not have a way to currently
track the information, thus adding burden. Another bank recommended
that financial institutions should not be generally required to report
information on applications where no credit was extended, such as
applications that were not completed by the applicant or where the
applicant did not accept the terms. This bank reasoned that the amount
approved data point is irrelevant because the loan was not originated
and that it does not further the purposes of section 1071 because the
information would not help the Bureau materially understand credit
opportunities nor help ensure fair lending laws are enforced.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(8) and associated commentary as proposed. The Bureau is
also adding new comment 107(a)(8)-6. The Bureau reads the statutory
language ``the amount of the credit transaction or the credit limit
approved'' to require the amount of the credit limit approved to be
reported for open-end applications, and the amount of the credit
transaction to be reported for closed-end applications. The Bureau
believes the phrase ``the amount of the credit transaction or the
credit limit approved'' to be ambiguous in regard to closed-end
transactions because the most common meaning of the word
``transaction'' in the context for closed-end credit transactions would
be an originated loan. Thus, the Bureau reasonably interprets the
statute as requiring reporting of the amount originated for closed-end
credit transactions. In the alternative, section 1071 authorizes the
Bureau to include any ``additional data that the Bureau determines
would aid in fulfilling the purposes of [section 1071].'' The Bureau
believes that it is appropriate to use its exception authority under
ECOA section 704B(g)(2) to require the amount originated, rather than
the amount approved, for originated closed-end credit transactions,
because excluding the amount approved for originated closed-end
transactions, and requiring collection of the amount originated
instead, would enhance the utility and quality of the data being
reported, thus further the fair lending and business and community
development purposes of section 1071.
In response to the commenters' suggestion that data on applications
should not be reported in situations where the application is withdrawn
or incomplete as well as the commenter's suggestion that the data are
meaningless, the Bureau believes there is value in the data to be
reported, even if no amount is reported for the amount approved or
originated data point. Other information to be reported for the
application that was, pursuant to Sec. 1002.107(a)(9), withdrawn by
the applicant or incomplete, can help further the fair lending and
community development purposes of section 1071. For example, data from
applications that are withdrawn or incomplete can help identify
potential discriminatory practices in the application process and also
indicate demand for credit by small business applicants. This would not
be possible if data on applications that are withdrawn or incomplete
are not reported. Accordingly, final comment 107(a)(8)-1 explains that
for applications a financial institution, pursuant to Sec.
1002.107(a)(9), reports as denied, withdrawn by the applicant, or
incomplete, the financial institution reports that the amount
originated or approved is ``not applicable.'' The Bureau also believes
that reporting ``not applicable'' for amount approved or originated in
certain circumstances will facilitate compliance for this data point.
The Bureau does not believe, as suggested by one commenter, that
data on applications where the applicant did not accept the terms would
not further the statutory purposes of section 1071. The data will help
facilitate fair lending enforcement by indicating the credit that had
been offered to different types of applicants when the transaction does
not close and there is no amount originated to report. Reporting data
with respect to the amount approved will also aid in fulfilling the
business and community development purpose of section 1071 by providing
a more complete picture of the credit being offered to different
businesses and communities.\615\
---------------------------------------------------------------------------
\615\ The Bureau similarly believes that reporting the amount
originated on closed-end credit transactions that are originated
also fulfills the purposes of section 1071. For these transactions,
reporting of the amount originated would aid in fulfilling the
enforcement of fair lending laws by indicating the credit that had
been provided to different types of applicants in actual
transactions. It would also aid in fulfilling the business and
community development purpose of section 1071 by providing a more
complete and accurate picture of the credit actually being provided
to different businesses and in different communities.
---------------------------------------------------------------------------
As stated above, the Bureau is finalizing the commentary to Sec.
1002.107(a)(8) as proposed. Final comment 107(a)(8)-2 provides guidance
on reporting the amount approved or originated data point when the
transaction involves multiple approval amounts. The Bureau believes
that reporting the highest amount approved when credit is approved but
not accepted will most accurately reflect the amount of credit that was
made available to the applicant in this situation. Final comments
107(a)(8)-3 and -4 provide guidance on reporting amount approved or
originated for closed-end transactions and refinancings, respectively.
Final comment 107(a)(8)-5 provides guidance on reporting amount
approved or originated when the transaction involves counteroffers.
The Bureau is adding comment 107(a)(8)-6 to provide guidance on
reporting amount approved or originated with respect to existing
accounts. Comment 107(a)(8)-6 provides that the financial institution
reports only the additional credit amount approved or originated for an
existing account, and not any previous amounts that were extended. The
Bureau believes this will help facilitate compliance for this data
point.
The Bureau did not receive specific comments with respect to this
data point on methods for avoiding misinterpretations of disparities
between credit amount or limit applied for and credit amount or limit
originated or approved and whether it would be useful and appropriate
to require reporting of amount approved as well amount originated for
originated closed-end credit transactions. The Bureau is therefore not
requiring reporting of that additional data.
107(a)(9) Action Taken
Proposed Rule
ECOA section 704B(e)(2)(D) requires financial institutions to
report the ``type of action taken'' on an application.
The Bureau proposed in Sec. 1002.107(a)(9) to require reporting of
the action taken by the financial institution on the covered
application, reported as originated, approved but not
[[Page 35301]]
accepted, denied, withdrawn by the applicant, or incomplete. In
addition, the Bureau proposed to categorize all incomplete applications
as a single category of ``incomplete,'' rather than following the
approach in Regulation C of separately reporting denials based on
incompletes and notices of incompleteness. Although the Bureau
considered expanding the action taken codes to those currently used in
Regulation C (including preapprovals or purchased loans), the Bureau
did not believe those additional fields would have been appropriate or
necessary in the context of section 1071 given the diversity of
processes and other complexities in the small business lending space
and because section 1071, unlike HMDA, does not expressly reference
loan purchases.
Proposed comment 107(a)(9)-1 would have provided additional clarity
on when a financial institution should select each of the proposed
action taken codes. The financial institution would have identified the
applicable action taken code based on final action taken on the covered
application.
Proposed comment 107(a)(9)-2 would have provided instructions for
reporting action taken on covered applications that involve a
counteroffer, along with examples. The Bureau's proposed treatment of
counteroffers would have aligned with how counteroffers are treated
under existing Sec. 1002.9 notification procedures and how they are
reported under Regulation C.\616\ The Bureau also considered, but did
not propose, adding an action taken category or flag for counteroffers.
The Bureau believed the addition of a counteroffer flag or field would
have provided limited useful information beyond what would have been
captured under the proposal.
---------------------------------------------------------------------------
\616\ Regulation C comment 4(a)(8)(i)-9.
---------------------------------------------------------------------------
Proposed comment 107(a)(9)-3 would have discussed reporting action
taken for rescinded transactions. Proposed comment 107(a)(9)-4 would
have clarified that a financial institution reports covered
applications on its small business lending application register for the
year in which final action is taken. Finally, proposed comment
107(a)(9)-5 would have provided guidance for reporting action taken if
a financial institution issues an approval that is subject to the
applicant meeting certain conditions.
The Bureau sought comment on proposed Sec. 1002.107(a)(9) and its
associated commentary.
Comments Received
The Bureau received comment on its proposal in Sec. 1002.107(a)(9)
to require reporting of action taken from a wide range of lenders,
trade associations, and community groups.
Action taken categories in general. A number of commenters,
including community groups, lenders, and a trade association supported
the action taken reporting categories in proposed Sec. 1002.107(a)(9).
Two industry commenters agreed that proposed Sec. 1002.107(a)(9) was a
reasonable and appropriate means of implementing section 1071. One
community group stated that the action taken codes are an essential
metric to enforce fair lending laws and that the proposed action taken
categories are substantially similar to those used for HMDA reporting,
and so will be familiar to lenders. A joint letter from community
groups, community oriented lenders, and business advocacy groups
similarly supported use of the action taken fields that are also used
for HMDA reporting. A trade association noted that action taken
information is not typically collected by motor vehicle dealers in
indirect vehicle finance transactions, but may be included by the
finance source as part of the credit application decision.
Some commenters focused on particular proposed action taken
categories, urging the Bureau to retain a proposed action taken
category and not combine categories. For example, a several lenders and
community groups specifically supported collection on incomplete and
withdrawn applications. They asserted that it is important to collect
data on applications that do not go through the full lending process
(i.e., through loan decisioning) in order to identify potential
discouragement. Several commenters further explained that capturing
incomplete and withdrawn applications would be important for fair
lending assessments, as it would identify potential disparities in
treatment, discouragement, and steering. In response to the Bureau's
request for comment on whether to combine the ``withdrawn by
applicant'' and ``incomplete'' categories, a community group supported
the Bureau's proposed approach to keep the categories separate. The
commenter asserted that data analysis and fair lending assessments
would be more accurate if the withdrawn and incomplete categories are
kept separate, as they represent different actions by the applicant.
Another community group commenter supported distinct action taken
categories for approvals and denials, noting, for example, research
finding disparities in credit denials for Black, Latino, and Asian
small businesses.\617\ A lender, however, urged the Bureau to use
caution in interpreting and analyzing data collected under section
1071, noting for example that a high denial rate for different types of
businesses (e.g., small or minority-owned businesses) could be
reflective of a financial institution's high volume of applications
from such small businesses and not of a pattern of discriminatory
lending.
---------------------------------------------------------------------------
\617\ See Fed. Rsrv. Bank of Atlanta, Small Business Loan
Turndowns, Personal Wealth and Discrimination (July 2002), https://www.federalreserve.gov/pubs/feds/2002/200235/200235pap.pdf.
---------------------------------------------------------------------------
In response to the Bureau's request for comment on whether to
retain the ``approved but not accepted'' category, two community groups
urged the Bureau to include this category among the available action
taken options. The commenters argued that the approved but not accepted
category could be used to identify instances where an applicant was
offered loan terms that did not meet the needs of the small business
(such as high pricing or other unfavorable terms), and could be tracked
to identify potential disparities among women-owned or minority-owned
small businesses, or other vulnerable populations. Another commenter
argued that data may be misconstrued if approved but not accepted loans
are treated as ``denials.''
In contrast, several community banks urged the Bureau to remove
certain proposed action taken categories. For example, a community bank
argued against use of withdrawn by applicant or denied action taken
codes, stating that there was no reason to report such applications and
it would violate the applicant's trust. A different community bank
urged the Bureau to remove the incomplete category, noting that
financial institutions treat incompleteness as a denial under existing
Regulation B (because it requires an adverse action notice or a notice
of incompleteness), and that such events are better captured as denials
or withdrawals.
In the NPRM, the Bureau also sought comment on whether the Bureau's
proposal to categorize all incomplete applications as a single category
of ``incomplete'' (closed or denied) should instead be reported
consistent with the approach in Regulation C, which provides separate
categories for denials (including on the basis of incompleteness) and
files closed for incompleteness (if the financial institution sent a
written notice of
[[Page 35302]]
incompleteness). A few industry and community group commenters
specifically supported diverging from Regulation C and reporting
denials based on incompleteness as ``incomplete'' applications, rather
than ``denied'' applications. A CDFI lender and a community group
stated that doing so would be in line with the intent of section 1071
and would lead to more accurate data by reserving the denied category
exclusively for creditworthiness and underwriting factors. One trade
association stated that such reporting would be easier to comply with
and provide less opportunity for data errors, while another trade
association noted that additional subcategories of incomplete would
create confusion and add difficulty for financial institutions.
In contrast, several banks and a group of bank trade associations
urged the Bureau to align reporting of incomplete applications with
HMDA reporting. A bank commented that aligning with HMDA would increase
efficiency for the customer, facilitate compliance, and ensure that
financial institutions only need to collect data once. Similarly,
several commenters argued that misalignment with HMDA would add
substantial difficulty for financial institutions required to report
under HMDA. However, some of those same commenters also stated that
they were sympathetic to the Bureau's underlying reasons for wanting to
report all incomplete applications in one category, and argued that
this was further reason to exclude all HMDA transactions. A bank asked
for clarification on how to report an application that results in
adverse action based on incompleteness.
Treatment of counteroffers. The majority of commenters to address
the issue, including several lenders, trade associations, and a
community group, supported the Bureau's proposal as related to
counteroffers. In response to the Bureau's request for comment on
whether counteroffers that are not accepted should be reported as
``approved but not accepted,'' rather than ``denied,'' several
commenters, including a community group and a CDFI lender, supported
the Bureau's proposal that declined counteroffers would be recorded as
denials and accepted counteroffers would be reported as originations.
Several CDFI lenders further commented that this proposal would avoid
lenders seeking to game the system and avoid reporting denials by
giving unreasonable counteroffers likely to be denied by the applicant.
In contrast, a trade association argued that counteroffers that are not
accepted should be reported as ``approved but not accepted'' as it
would better reflect the availability of credit. A bank asked how to
report an accepted counteroffer that does not ultimately lead to an
origination, and urged consistency with HMDA.
In response to the Bureau's request for comment on whether to
specifically capture data on counteroffers, several industry commenters
supported the Bureau's proposal to not separately track counteroffers.
One of these commenters urged the Bureau to not separately track
counteroffer terms (such as the amount requested and approved) as it
would create burden for financial institutions, and if the offer was
ultimately accepted, would not provide meaningful data. Similarly,
other industry commenters argued that determining what is a
counteroffer would be difficult and it would be infeasible to capture
all data points for each counteroffer. A bank said that small business
lending involves many discussions between the lender and the applicant,
and so capturing counteroffers would be extraordinarily complex and
require additional training. The industry commenters also stated that
capturing counteroffers could lead to confusion and data errors. One of
the commenters further urged the Bureau to align with Regulation C,
which it asserted does not require reporting of counteroffers.
On the other hand, a CDFI lender and a joint letter from community
and business advocacy groups urged the Bureau to require reporting of
any counteroffers and their terms. These commenters suggested the
Bureau modify the action taken fields to add ``counteroffer accepted''
and ``counteroffer rejected,'' and require reporting of pricing
information on these options. The joint letter argued that separate
reporting of counteroffers would provide visibility into pricing of
credit offers made but not accepted or offers that otherwise do not
result in an origination. The commenter further took issue with the
aspect of the proposal that would require a lender to report it has
denied an application, when it has in fact it had approved it on
different terms. A CDFI lender similarly argued that the proposal
provides a loophole for financial institutions, and urged the Bureau to
require reporting of pricing on the initial request and any
counteroffers to prevent exploitative lending. The commenter
acknowledged, however, that the Bureau's proposal does not penalize
entities seeking to provide assistance to businesses, which often
entails multiple counteroffers to best meet the business's needs.
Finally, the joint letter from community and business advocacy
groups asserted that the proposed definition of a counteroffer is
problematic. Under the proposal, a counteroffer was described to occur
when a financial institution offers to grant credit on terms other than
those originally requested by the applicant. The commenter stated,
however, that nothing requires a lender to initially solicit from
applicants what terms they are seeking (other than amount applied for
and credit type), and so it would not be clear when to treat an offer
as a ``counteroffer'' for purposes of the rule.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(9) with a minor revision for consistency, to require
reporting of the action taken by the financial institution on the
covered application, reported as originated, approved but not accepted,
denied, withdrawn by the applicant, or incomplete. Most commenters to
address this issue generally supported the Bureau's proposed action
taken categories, noting that the approach was a reasonable one and
would assist in fair lending enforcement.
Although the Bureau sought comment on whether to remove or combine
certain of the action taken categories, the Bureau is finalizing the
list of categories as proposed in Sec. 1002.107(a)(9). The Bureau is
not eliminating the ``approved but not accepted category''; data
collected under this category would reflect demand for credit, and as
noted by some commenters, could potentially be used to identify offers
made that do not meet the needs of small businesses. Moreover, no
commenter expressly urged the Bureau to remove the ``approved but not
accepted'' category. The Bureau is also retaining the ``withdrawn by
the applicant'' and ``incomplete'' action taken categories. As noted by
some commenters, capturing data on incomplete and withdrawn
applications is important to identifying potential discrimination and
discouragement during the application process, and thus consistent with
the purposes of section 1071. Next, the Bureau is keeping ``withdrawn
by the applicant'' and ``incomplete'' as separate action taken
categories; the categories represent different actions by the
applicant, and so keeping them distinct will lead to more accurate data
analysis, including better fair lending analysis. Moreover, the Bureau
believes a high incidence of incomplete applications could potentially
indicate that there is an issue with the level of
[[Page 35303]]
assistance provided by a financial institution (for example, not
providing reasonable support or assistance to ensure an applicant
satisfies all credit conditions; or providing more support to some
applicants than others). Although a couple of community banks urged the
Bureau to remove the ``denied,'' ``withdrawn by applicant,'' or
``incomplete'' action taken categories as unnecessary or inconsistent
with current lender practice, the Bureau believes retaining those
categories further the purposes of section 1071, as described above.
The Bureau is also finalizing Sec. 1002.107(a)(9) to require a
financial institution to report all incomplete applications--whether
the application is closed or denied based on incompleteness--as the
``incomplete'' action taken category. While this proposed approach is
not consistent with Regulation C comments 4(a)(8)(i)-4 and -6, there
could be potential errors in the data if financial institutions report
incomplete denials separate from notices of incompleteness. As noted by
commenters, grouping all incomplete applications together would lead to
more useful data by reserving the denied category solely for
creditworthiness and underwriting decisions. Moreover, as noted by
several commenters, grouping all incomplete applications in one
category would be easier for financial institutions to implement.
Although several industry commenters urged the Bureau to align
reporting of incomplete applications with Regulation C in order to
increase efficiency and facilitate compliance, those concerns are
mitigated by the Bureau's decision to exclude reporting of all HMDA-
reportable transactions, as set forth in final Sec. 1002.104(b)(2).
Indeed, one of the commenters advocating for alignment with Regulation
C also stated that they were sympathetic to the Bureau's reasons for
wanting all incomplete applications reported under a single category.
In response to a commenter's question regarding the reporting of
applications where an adverse action notice is provided based on
incompleteness, under final Sec. 1002.107(a)(9), the financial
institution would report such an application as ``incomplete,'' rather
than ``denied.'' In response to another commenter's concern that data
may be misconstrued if approved but not accepted loans are treated as
``denials,'' the Bureau notes that there is a separate action taken
category for ``approved but not accepted'' (see final Sec.
1002.107(a)(9) and associated commentary for reporting of that action
code).
The Bureau is also finalizing as proposed its treatment of
counteroffers in final comment 107(a)(9)-2. The Bureau agrees with
commenters that this approach (requiring that counteroffers that are
not accepted to be reported as ``denied,'' rather than ``approved but
not accepted'') would prevent lenders from trying to improperly
influence how their data are reported by extending unreasonable
counteroffers that are likely to be denied. This approach is also
consistent with existing Sec. 1002.9 notification procedures and
reporting of counteroffers under Regulation C,\618\ and so will be
familiar to financial institutions. In response to a commenter's
concern that this approach would not capture the availability of credit
(as rejected counteroffers would be reported as ``denials''), the
Bureau believes the considerations noted above--preventing gamesmanship
and consistency with existing Regulation B and Regulation C--outweigh
the potential benefit of alternate reporting. In response to a
commenter's question about how a financial institution reports an
accepted counteroffer that does not ultimately lead to an origination,
the Bureau directs the commenter to final comment 103(a)(9)-2, which
provides that if an applicant agrees to proceed with consideration of
the financial institution's counteroffer, the financial institution
reports the action taken as the disposition of the application based on
the terms of the counteroffer.
---------------------------------------------------------------------------
\618\ Regulation C comment 4(a)(8)(i)-9.
---------------------------------------------------------------------------
The Bureau is also finalizing comment 107(a)(9)-2 to not separately
track counteroffers as an additional action taken category or flag. As
noted by some commenters, it would be potentially infeasible to capture
all data points for every back-and-forth counteroffer with an
applicant, and attempting to do so would likely lead to confusion,
heightened complexity, and data errors. The Bureau also believes that
even without a counteroffer flag or field, the data will capture many
of the terms of an accepted counteroffers (such as pricing, guarantee,
etc.), as well as the amount initially requested by the applicant.
Therefore, the addition of a counteroffer flag or field would provide
limited useful information beyond what will already be captured under
section 1071. Moreover, while a counteroffer flag or field might be
useful as a screening tool for potential discrimination (for example,
if women-owned businesses or minority-owned businesses are provided
higher rates of counteroffers or denials compared to male- or non-
Hispanic white-owned businesses), a flag alone would lack any
specificity that could be leveraged for further fair lending analysis.
While several commenters urged the Bureau to require reporting of
accepted and rejected counteroffers, as well as their pricing terms,
the Bureau does not believe the benefits of additional reporting would
outweigh the added complexity, logistical challenges, and potential
data accuracy issues involved in reporting counteroffers. For example,
while some commenters suggested adding counteroffer rejected and
counteroffer accepted action taken categories, and to require reporting
of pricing, the commenter does not explain how a financial institution
would report multiple back-and-forth counteroffers connected to a
single covered application, which some commenters report is typical in
small business lending. Moreover, focusing solely on the pricing term
of a counteroffer would leave unknown other material terms of a
counteroffer, such the amount offered, duration, or a requirement to
have a co-signer or guarantor. In response to commenters' concerns that
not capturing counteroffers would mean a lack of visibility into
counteroffers that are made but not accepted, the Bureau agrees that
such information would not be captured, however, as described above,
the Bureau believes that reporting of such data would add significant
complexity, could undermine data quality, and would provide only
limited additional benefits. Regarding some commenters' criticism that
the definition of a counteroffer is flawed because it presumes a lender
has solicited all requested terms from the applicant, the Bureau
believes the description of a counteroffer in final comment 107(a)(9)-2
as an offer to grant credit or terms other than those originally
requested by the applicant is a reasonable one: an applicant will
likely specifically request the terms most important to the applicant,
the definition is consistent with existing Regulation B and Regulation
C and so will be familiar to financial institutions, and the commenters
do not propose an alternative.
The Bureau is finalizing the commentary to Sec. 1002.107(a)(9)
with minor revisions for clarity and consistency. Final comment
107(a)(9)-1 provides additional clarity on when a financial institution
should select each of the proposed action taken codes. The comment
further clarifies that a financial institution identifies the
applicable action taken code based on final action taken on the covered
application.
[[Page 35304]]
Final comment 107(a)(9)-2 provides instructions for reporting
action taken on covered applications that involve a counteroffer, along
with examples. As described above, final comment 107(a)(9)-2 provides
that if a financial institution makes a counteroffer to grant credit on
terms other than those originally requested by the applicant and the
applicant declines to proceed with the counteroffer or fails to
respond, the institution reports the action taken as a denial on the
original terms requested by the applicant. If the applicant agrees to
proceed with consideration of the financial institution's counteroffer,
the financial institution reports the action taken as the disposition
of the application based on the terms of the counteroffer.
Final comment 107(a)(9)-3 discusses reporting action taken for
rescinded transactions. Final comment 107(a)(9)-4 clarifies that a
financial institution reports covered applications on its small
business lending application register for the year in which final
action is taken. Finally, final comment 107(a)(9)-5 provides guidance
for reporting action taken if a financial institution issues an
approval that is subject to the applicant meeting certain conditions.
107(a)(10) Action Taken Date
Proposed Rule
In addition to requiring financial institutions to collect and
report the type of action they take on an application, ECOA section
704B(e)(2)(D) requires financial institutions to collect and report the
``date of such action.''
The Bureau proposed Sec. 1002.107(a)(10) to require action taken
date to be reported as the date of the action taken by the financial
institution. Proposed comments 107(a)(10)-1 through -5 would have
provided additional details on how to report the action taken date for
each of the action taken categories in proposed Sec. 1002.107(a)(9).
For example, proposed comment 107(a)(10)-1 would have explained that
for denied applications, the financial institution reports either the
date the application was denied or the date the denial notice was sent
to the applicant.
Proposed comment 107(a)(10)-4 would have explained that for covered
credit transactions that are originated, a financial institution
generally reports the closing or account opening date. That proposed
comment also stated that if the disbursement of funds takes place on a
date later than the closing or account opening date, the institution
may, alternatively, use the date of initial disbursement.
The Bureau sought comment on its proposed approach to the action
taken date data point as well as whether it should adopt data points to
capture application approval date and/or the date funds are disbursed
or made available.
Comments Received
The Bureau received comments on the proposed action taken date data
point from lenders, trade associations, and consumer groups. One
commenter expressed its support for the data points regarding an
application, including action taken date, noting that the data will
provide insight regarding the quality of the capital accessed and that
it will be useful in identifying potentially discriminatory lending
practices, as well as highlight capital gaps in the marketplace that
lenders may be able to fill. Furthermore, this commenter noted that the
data will show how financial institutions compare across key metrics
and help determine if the institution has equitable lending. Industry
commenters expressed their support for the proposed data point as a
reasonable and appropriate means of implementing the statutory
requirement. A CDFI lender noted that defining ``action taken date'' as
the one in which the financial institution acts is correct.
Several commenters provided feedback on whether the Bureau should
adopt separate data points for application approval date and the date
funds were disbursed or made available. A trade association opposed
adoption of separate data points for the date the application was
approved and the date the funds were disbursed or made available. This
trade association reasoned that it would add degrees of complexity to
the compliance process and the Bureau would be chasing de minimis data
points that have diminishing value. A bank also opposed the separate
data points explaining that the Bureau would already gather enough
information from gathering the application date and the action taken
date to find timing discrepancies and suggested the Bureau focus more
on underwriting data to determine discriminatory and other fair lending
issues. A CDFI lender explained that in many cases the gap between an
approval and disbursal of funds can be affected by several factors
outside a lender's control, such as an applicant's availability to sign
closing documents.
On the other hand, three commenters urged the Bureau to adopt
separate data points for application approval date and the date funds
were disbursed or made available. A community group commented that
separate data fields would be important for fair lending and community
development purposes because if any institutions are delaying the
availability of funds for unreasonable periods of time after loan
approval, they would not be serving community needs, and it could also
possibly indicate fair lending problems if protected classes
disproportionately experience delays. Another community group suggested
that discrimination in the agricultural industry occurs when loan
approvals are delayed or not approved in a timely manner. This
community group noted that untimely disbursement of funds could
drastically impact the opportunity for a small business to succeed.
They further noted that farmers lose entire seasons of income when the
operating loans which they timely applied for are not approved in a
timely manner. A third community group stated that lenders have a
history of delaying loan approvals for farmers of color compared to
white farmers.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(10) and its associated commentary with minor edits for
clarity and consistency. The Bureau believes the action taken date data
point is a reasonable interpretation of ECOA section 704B(e)(2)(D),
which requires financial institutions to collect and report the ``date
of such action'' taken on an application. The Bureau notes that its
approach for this data point largely mirrors the Regulation C approach
for action taken date in Sec. 1003.4(a)(8)(ii) and related commentary,
with modifications to align with the action taken categories in final
Sec. 1002.107(a)(9).
Final Sec. 1002.107(a)(10) requires financial institutions to
report the date of the action taken by the financial institution on the
application. Final comments 107(a)(10)-1 through -5 provide guidance on
how to report the action taken date for each of the action taken
categories provided in final Sec. 1002.107(a)(9). For applications
that were denied, final comment 107(a)(10)-1 provides that a financial
institution reports either the date the application was denied or the
date the denial notice was sent to the applicant. For applications that
were withdrawn by the applicant, final comment 107(a)(10)-2 provides
that a financial institution reports either the date the express
withdrawal was received or the date shown on the notification form in
the case of a written withdrawal. For applications that were approved
but not accepted by the applicant, final
[[Page 35305]]
comment 107(a)(10)-3 provides that a financial institution reports any
reasonable date, such as the approval date, the deadline for accepting
the offer, or the date the file was closed. The comment notes, however,
that the financial institution should generally be consistent in its
approach.
The Bureau is finalizing comments 107(a)(10)-4 and -5 with minor
edits for clarity and consistency to facilitate compliance. Final
comment 107(a)(10)-4 provides that for applications that result in an
extension of credit, a financial institution generally reports the
closing or account opening date. However, if the disbursement of funds
takes place on a date later than the closing or account opening date,
the institution may, alternatively, use the date of initial
disbursement. The comment further provides that the financial
institution should generally be consistent in its approach. Final
comment 107(a)(10)-5 provides that for applications that are closed for
incompleteness, a financial institution reports either the action taken
date or the date the denial or incompleteness notice was sent to the
applicant.
The Bureau is not adopting in this final rule a requirement that
financial institutions report both the date the application was
approved and the date the funds were disbursed. Two of the commenters
who requested this change specifically focused on loan approval delays,
which seems to indicate the issue is with delays in the loan approval
process rather than the timing of the fund disbursements or credit
availability. The application date and action taken date together will
provide information about the length of time it takes for an
application to reach the credit decision. In addition, the Bureau
believes that the time between a loan's approval and the date of funds
availability is dependent on many factors, some of which may not be
within the control of the financial institution, as suggested by a
commenter. Accordingly, the Bureau is not adopting a requirement that
financial institutions report, in all cases, the date the funds were
disbursed or made available.
107(a)(11) Denial Reasons
Proposed Rule
ECOA section 704B(e)(2)(H) authorizes the Bureau to require
financial institutions to compile and maintain ``any additional data
that the Bureau determines would aid in fulfilling the purposes of
[section 1071].'' The Bureau proposed Sec. 1002.107(a)(11) to require
financial institutions to collect and report the principal reason or
reasons an application was denied.
Proposed Sec. 1002.107(a)(11) would have required reporting of the
principal reason or reasons the financial institution denied the
covered application. Proposed comment 107(a)(11)-1 would have explained
that a financial institution complies with proposed Sec.
1002.107(a)(11) by reporting the principal reason or reasons it denied
the application, indicating up to four reasons, and the financial
institution would report only the principal reason or reasons it denied
the application, even if there are fewer than four reasons. The
proposed comment provided an example to illustrate. The proposed
comment would have also stated that the reason(s) reported must
accurately describe the principal reason or reasons the financial
institution denied the application. Finally, the proposed comment
provided a list of denial reasons from which financial institutions
would select the principal reason or reasons for denying a covered
application.
Proposed comment 107(a)(11)-1 would also have explained that a
financial institution would have reported the denial reason as
``other'' where none of the enumerated denial reasons adequately
describe the principal reason or reasons it denied the application, and
the institution would report the denial reason or reasons as free-form
text. Proposed comment 107(a)(11)-2 would have clarified that a
financial institution complies with proposed Sec. 1002.107(a)(11) by
reporting that the requirement is not applicable if the action taken on
the application, pursuant to Sec. 1002.107(a)(9), is not a denial.
The Bureau sought comment on its proposed approach to the denial
reasons data point, including whether the denial reason categories
listed in proposed comment 107(a)(11)-1 sufficiently cover the common
credit denial reasons in the small business lending industry. The
Bureau also sought comment on the potential utility of denial reason
data as well as on the potential burdens to industry in reporting
denial reasons, in light of the proposed denial reason categories and
the data's ability to aid in fulfilling the purposes of section 1071.
Comments Received
The Bureau received comments on the denial reasons data point from
lenders, trade associations, and community groups. A number of these
commenters supported the Bureau's proposal to collect data on denial
reasons, stating that it would aid in fair lending analysis and further
the community development purpose of section 1071. A community group
said that an analysis of different types of lenders could determine
whether industry-wide practices could be creating unnecessary barriers,
and denial reason data could help to illuminate those practices. Some
commenters noted that denial reasons can help policymakers and the
public determine legitimate reasons that small businesses do not
qualify for certain forms of credit and will, in turn, enable
policymakers to work towards solutions. A trade association commented
that the data has the potential to help identify ways to improve
service in underserved communities and agreed this is an opportunity to
provide financial institutions with data to evaluate their business
underwriting criteria and address potential gaps as needed. Another
community group stated that this data point is one of the single most
important items the Bureau can collect in its aim to carry out section
1071 and illuminate the reasons behind disparate results in small
business lending. A bank commented that reporting of denial reasons
would help identify roadblocks to gaining access to credit.
Commenters generally agreed with the Bureau's approach to
collecting reasons for denial. Community groups supported the range of
the Bureau's proposed list of reasons for denial as well as the
Bureau's proposal for a financial institution to select up to four
reasons. A trade association commented that the proposed list of
reasons for denial adequately cover the potential reasons and noted
that the list largely aligns with the HMDA/Regulation C denial reasons.
This commenter also noted the importance of the option for financial
institutions to select ``other'' and report additional denial reason
information as free-form text.
Several community groups suggested that personal credit score must
be included as an option as it is often cited as the reason for denial.
They asserted that if low credit scores or other reasons for denial
correlate with a business owner's race or location, but do not
correlate with loan performance, then it would be important for lenders
to use alternative methods for assessing creditworthiness that do not
have a disparate impact on business owners of color or certain
communities. Another commenter suggested that the Bureau consider
clarifying the government criteria option, recommending that the option
should only be used if no other principal reason applies and should
come after other reasons to ensure that it does not mask those other
reasons. A trade association suggested that the
[[Page 35306]]
Bureau allow financial institutions the discretion to choose whether to
report the data; however, that commenter also indicated that if the
Bureau were to require the denial reasons data point then the proposed
denial reasons did represent a full picture of the typical reasons for
denial. Other commenters suggested the Bureau follow the flexible
approach of financial institutions providing denial reasons in ECOA
adverse action notices. Two banks asked the Bureau to compare the
reporting requirement against other reporting regimes, such as HMDA and
CRA, to avoid duplicative and inconsistent reporting.
Some industry commenters opposed the Bureau's proposal to collect
denial reasons. A few commenters stated that these data are not tracked
or maintained. A bank said stated they will need to build a new and
independent tracking system if the data are mandated. A joint trade
association letter noted that in indirect vehicle financing
transactions, dealerships are not often provided and do not have access
to reasons why a third-party financing source denied a credit
application. A bank questioned what the Bureau intends to do with the
data and stated that it is not necessary to meet the goals and
requirements of section 1071. The bank further asserted that it would
eventually result in additional regulatory requirements that continue
to push small and mid-size lenders from the small business lending
market. Another bank raised concerns about reporting denial reason
data, asserting that there are multiple factors involved in the
decisions and the use of raw data without any other means to evaluate
the individual decisions made could lead to allegations of
discrimination against banks based solely upon data that reflect
disparate impact based on ethnicity, race, or gender. Another commenter
expressed a similar concern that requiring denial reasons under certain
categories could lead to damaging misinterpretations. A trade
association urged the Bureau to drop the denial reasons data point from
the final rule, stating that the requirement is drafted in a rigid
manner that is unlikely to produce accurate or reliable data. That
commenter also stated that the Bureau and other regulatory agencies
already have access to these data because financial institutions are
already providing denial reasons under the ECOA adverse action notice
requirement. In addition, commenters further noted that the proposed
denial reason data point is incompatible with the Bureau's flexible
approach to providing adverse action reasons in ECOA adverse action
notices.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(11) and associated commentary with minor revisions. The
final rule requires that financial institutions collect and report, for
denied applications, the principal reason or reasons the financial
institution denied the covered application. The Bureau believes data
regarding denial reasons will further the fair lending and business and
community development purposes of section 1071. Data on denial reasons
will allow data users to better understand the rationale behind denial
decisions, help identify potential fair lending concerns, and provide
financial institutions with data to evaluate their business
underwriting criteria and address potential gaps as needed. Robust data
on application denial reasons across applicants, financial
institutions, products, and communities should help target limited
resources and assistance to applicants and communities, thus furthering
section 1071's business and community development purpose. Furthermore,
data on denial reasons will help data users analyze potential denial
disparities, and could facilitate more efficient and less burdensome
fair lending examinations. Therefore, pursuant to ECOA section
704B(e)(2)(H), the Bureau determines that collecting data on denial
reasons would aid in fulfilling the purposes of section 1071.
Final comment 107(a)(11)-1 explains that a financial institution
reports the principal reason or reasons it denied the application,
indicating up to four reasons and makes clear that the financial
institution reports only the principal reason or reasons it denied the
application. Final comment 107(a)(11)-1 also provides a list of denial
reasons from which financial institutions select the principal reason
or reasons for denying a covered application. In addition, final
comment 107(a)(11)-1 explains that a financial institution reports the
denial reason as ``other'' when none of the enumerated denial reasons
adequately describes the principal reason or reasons it denied the
application, and reports the denial reason or reasons as free-form
text. The Bureau believes that including the option to select ``other''
will facilitate compliance and that collecting such information will
enable the Bureau to observe trends and key developments in the small
business lending market. In addition, the Bureau may use the
information to inform any future iterations of the list.
The Bureau is making a revision in comment 107(a)(11)-1.iii to
change ``use of loan proceeds'' to ``use of credit proceeds'' to
reflect commonly understood categories of small business lending like
term loans or lines of credit. The Bureau is also making a
clarification in comment 107(a)(11)-1.iii to broaden the scope of the
``use of credit proceeds'' denial reason. Final comment 107(a)(11)-
1.iii explains that a financial institution reports the denial reason
as ``use of credit proceeds'' if it denies an application because, as a
matter of policy or practice, it places limits on lending to certain
kinds of businesses, products, or activities it has identified as high
risk. The Bureau is removing the example provided in the proposed rule
because the Bureau does not believe an example is necessary and
financial institutions know what they consider to be high risk to them.
Moreover, financial institutions may have different policies on credit
activities or products they consider high risk such that a high risk
activity or product to one financial institution may not be considered
high risk to another.
The Bureau is also making a minor revision in comment 107(a)(11)-
1.v to clarify that a denial reason based on collateral refers to
collateral that was insufficient or otherwise unacceptable to the
financial institution. The Bureau also removed the example that
appeared in proposed comment 107(a)(11)-1.vi.
The Bureau is making a minor change in comment 107(a)(11)-1.vii to
clarify that a denial reason based on ``government criteria'' refers to
government loan program criteria. Government loan program criteria for
this purpose refers to those loan programs backed by government
agencies that have specific eligibility requirements. Accordingly,
final comment 107(a)(11)-1.vii lists ``government loan program
criteria'' as a denial reason option.
The Bureau does not share the concerns raised by commenters that
denial reason data may lead to unjustified conclusions that do not
necessarily meet the goals and purposes of section 1071. Rather, as
explained above, the Bureau believes data on denial reasons can help
identify potential lending concerns and help data users analyze
potential denial disparities. In fact, the Bureau believes that
including denial reasons in 1071 data should reduce the risk of
inaccurate accusations of fair lending violations, as it would allow
financial institutions to point to potentially legitimate reasons for
disparities.
[[Page 35307]]
With respect to the comments that denial reasons are not currently
tracked or maintained, the Bureau believes that most financial
institutions already have information on denial reasons, or at least
should be prepared to provide the information. The Bureau understands
from commenters that there may be creditors that are not subject to the
adverse action notice requirements under Regulation B and such
institutions may face greater challenges in implementing the denial
reason data reporting requirement than those institutions that are
already subject to Regulation B requirements.\619\ Nevertheless, the
Bureau believes that data on denial reasons will further the fair
lending and business and community development purposes of section 1071
by helping to identify potential fair lending concerns and providing
financial institutions with data to evaluate their lending criteria and
address potential gaps. Moreover, data on denial reasons not only help
identify potential fair lending concerns, but are critical to
understanding the rationale behind a financial institution's decision
to deny credit, which can provide small business applicants the
information they need to be able to access capital.
---------------------------------------------------------------------------
\619\ Existing Sec. 1002.9(a)(3) requires creditors to provide
the specific reasons for adverse action taken or to notify business
credit applicants of their right to request the reasons for denying
an application or taking other adverse action.
---------------------------------------------------------------------------
For transactions involving indirect vehicle financing where the
dealership may not have the reasons why a third-party financing source
denied a credit application, the Bureau believes that the entity that
makes the final credit decision will be able to provide or obtain the
reasons for denying a credit application. See section-by-section
analysis of Sec. 1002.109(a)(3) for a discussion of which institutions
have a reporting obligation in transactions involving multiple
financial institutions.
With respect to the suggestion from a commenter that the Bureau
should allow financial institutions to report denial reason data
voluntarily, the Bureau believes optional reporting is not the
appropriate approach, given the need for consistent and meaningful data
to further the purposes of section 1071.
Regarding the suggestion that the denial reason data point in the
final rule should mirror the HMDA reporting requirements or other
reporting regimes, the Bureau's approach to the final rule is to
largely mirror the Regulation C reporting requirements but with
modifications that better reflect the business or agricultural lending
(rather than mortgage lending) context. The Bureau believes that
aligning closely to a known regulatory scheme, such as Regulation C,
will facilitate compliance. Regarding the suggestion that the Bureau
provide more flexibility so that financial institutions can report the
reasons that were provided in an adverse action notice, the Bureau
believes, and as a commenter noted, the denial reasons proposed and
finalized in this rule are a comprehensive list and represent a full
picture of the common denial reasons for small business credit. In
addition, the Bureau believes the inclusion of ``other'' as a reason
for denial and the free-form text field, which will enable financial
institutions to report a denial reason that is not otherwise listed,
will provide flexibility, and will facilitate compliance.
107(a)(12) Pricing Information
Proposed Rule
ECOA section 704B(e)(2)(H) authorizes the Bureau to require
financial institutions to compile and maintain ``any additional data
that the Bureau determines would aid in fulfilling the purposes of
[section 1071].'' The Bureau proposed, in Sec. 1002.107(a)(12), to
require financial institutions to report certain pricing information
for covered credit transactions. Specifically, proposed Sec.
1002.107(a)(12)(i)(A) would have required financial institutions to
report the interest rate that is or would be applicable to the covered
credit transaction; proposed Sec. 1002.107(a)(12)(ii) would have
required financial institutions to report the total origination charges
for a covered credit transaction; proposed Sec. 1002.107(a)(12)(iii)
would have required financial institutions to report the broker fees
for a covered credit transaction; proposed Sec. 1002.107(a)(12)(iv)
would have required financial institutions to report the total amount
of all non-interest charges that are scheduled to be imposed over the
first annual period of the covered credit transaction; proposed Sec.
1002.107(a)(12)(v) would have required financial institutions to
report, for merchant cash advances or other sales-based financing
transactions, the difference between the amount advanced and the amount
to be repaid; and proposed Sec. 1002.107(a)(12)(vi) would have
required financial institutions to report information about any
prepayment penalties applicable to the covered credit transaction.
Proposed comment 107(a)(12)-1 would have clarified that, for
applications that the financial institution reports as denied,
withdrawn by the applicant, or incomplete, the financial institution
reports pricing information as ``not applicable.'' Proposed Sec.
1002.107(a)(12) would have applied only to credit transactions that
either have been originated or have been approved by the financial
institution but not accepted by the applicant.
Comments Received
The Bureau sought comment on proposed Sec. 1002.107(a)(12) and its
commentary, including on additional information that could help reduce
misinterpretations of disparities in pricing, such as more information
about the nature of the collateral securing the credit. The Bureau also
sought comment on ways to reduce burden on financial institutions with
respect to overlaps or conflicts between State law disclosure
requirements and the Bureau's proposal. Numerous commenters addressed
the proposed pricing data point in their feedback. The Bureau addresses
feedback on proposed Sec. 1002.107(a)(12) generally in this section;
feedback on specific aspects of proposed Sec. 1002.107(a)(12)(i)
through (vi) is addressed in the section-by-section analyses that
follow.
Many commenters expressed views on whether the Bureau should
require financial institutions to report any pricing data. Some
commenters, including community groups, trade associations, a lender,
and a technology service provider, supported the inclusion of pricing
information. These commenters stated pricing information will help data
users understand not simply whether credit is available to certain
borrowers, but the terms of such credit. Several community groups said
that pricing information would help with fair lending analysis, with
one community group stating that academic research and mystery shopping
tests suggested the presence of discrimination in the small business
lending market. Other community groups said that pricing information
would allow users to identify unmet business needs. A community group
commented that lenders were already collecting much of the proposed
pricing data for SBA and CDFI programs, while a trade association
supported the proposal but noted that CDFIs would need more time to
comply than larger financial institutions.
Industry commenters generally opposed including pricing information
in the final rule. These commenters made several arguments in support
of their position. First, they asserted that the final rule should
include only data points specifically enumerated in the
[[Page 35308]]
statute. One commenter suggested that because pricing was not expressly
enumerated in the statute, Congress therefore did not intend for the
data collected and reported pursuant to section 1071 to include pricing
information. Other commenters said that pricing data (along with other
data points adopted pursuant to ECOA section 704B(e)(2)(H)) would
increase the burden on financial institutions because, for example,
pricing information can change throughout the application and
underwriting process. And several industry commenters who generally
objected to the inclusion of any data points pursuant to section
704B(e)(2)(H) claimed that lenders lack systems that can calculate or
collect all the proposed pricing data.
Second, these commenters stated that commercial financing is less
standardized than consumer financing, such that pricing is influenced
by a wide variety of factors that they believed would not be adequately
reflected in the 1071 data. Factors cited included the credit score of
the applicant, the nature and value of collateral, the loan purpose and
type, the presence of bundled services, the applicant's cash flow, the
type of business, the size of any down payment, the strength of any
guarantee, and debt service coverage ratio. Commenters elaborated on
certain factors specific to certain financial institutions or
transaction types. For example, a few commenters stated that community
banks might make loans with higher interest rates than other lenders to
comply with safety and soundness requirements. Some agricultural
lenders and a trade association commented that farm credit borrowers
periodically receive patronage dividends from lenders, which
effectively lowers the cost of credit. And a group of trade
associations representing the insurance premium financing industry
stated that the pricing of insurance premium financing is determined
almost entirely by the value of the unearned premiums, negating the
benefit of pricing data for these transactions.
The absence of information about these other factors affecting the
price of credit, commenters argued, would cause data users to draw
inaccurate conclusions when analyzing pricing in the 1071 data. As a
result, commenters claimed, financial institutions would suffer
reputational harm from erroneous accusations of fair lending violations
or other harmful pricing practices. However, a community group
commented that advocates knew how to responsibly use pricing data and
typically approach regulators or industry before publicizing pricing
discrepancies. Industry commenters also argued that misleading data
would reduce financial institutions' willingness to consider
individualized factors in the lending process, restricting the
availability of credit to small business applicants.
Many industry commenters also opposed the disclosure of any pricing
information because of competition and privacy concerns. These
commenters claimed that disclosure would reveal confidential
information that would put financial institutions at a disadvantage.
For example, competitors could attract borrowers with loans that were
cheaper but inferior in other respects. These commenters also asserted
that disclosure of pricing information would harm the privacy interests
of applicants, especially in small communities where users could re-
identify borrowers.
Instead of including pricing information in the final rule, several
industry commenters suggested that analysis of pricing data was more
appropriate in the supervision and examination context. One trade
association asserted that requiring pricing data in the rule would be
redundant of, or usurp, the supervisory activities of the prudential
regulators because those agencies also collect and use pricing
information in their exams. Another group of trade associations said
the Bureau could use information it gathers in the course of exercising
its supervision authority to determine whether pricing data could
further fair lending purposes before requiring such data in the rule.
In contrast to industry commenters, who generally objected to
reporting any pricing information, community groups requested
additional pricing information. Specifically, numerous community groups
and a minority business advocacy group, as well as some lenders and a
technology service provider, asked the Bureau to require financial
institutions to report the annual percentage rate (APR) for a covered
credit transaction. These commenters stated that APR was the only
easily understandable, uniform, and comprehensive single pricing
measure for comparing diverse transactions. These commenters generally
did not argue that the proposed pricing data point lacked value, but
that APR would provide additional information that was superior in
certain respects. For example, a cross-sector group of lenders,
community groups, and small business advocates asserted that the
diversity of transactions in the small business lending market
increased the value of APR, because comparing loan pricing would be
difficult without a single measure. This group further stated that
unlike the proposed pricing data, which lacked a time period, APR
standardizes the cost of a transaction over a year.
A few commenters believed that APR would make the pricing data
easier for data users to understand. Some stated that although
sophisticated data users might be able to estimate APR from the
proposed data points, the 1071 data should allow anyone to gain
information about small business loan pricing. Also, the cross-sector
group's comment discussed above noted that many small business owners
are familiar with APR from their consumer financing transactions.
Regarding burden, several of these commenters asserted that
calculating APR was feasible in the small business lending market, with
many noting that APR is a formula amenable to calculation through an
automated process using generally available software. For non-
traditional transactions such as merchant cash advances, commenters
suggested estimating the term length from repayment data or from the
term, if any, that the financial institution calculated during the
underwriting process. Indeed, some of these commenters also believed
that the market was evolving toward the use of APR for commercial
finance transactions. They cited the New York and California commercial
financing disclosure laws, as well as private disclosure initiatives
that include the APR, such as the SMART Box and Small Business
Borrower's Bill of Rights.\620\ A CDFI lender predicted that financial
institutions would eventually use a single disclosure to comply with
all State disclosure laws, which would resolve any issues with
differing APR methodologies among the states. A bank commented that if
the Bureau required pricing information, it should adopt only APR
because reporting APR was simpler than reporting multiple pieces of
pricing information.
---------------------------------------------------------------------------
\620\ See Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; N.Y. S.B. S5470B (July
23, 2020), https://legislation.nysenate.gov/pdf/bills/2019/S5470B;
Innovative Lending Platform Ass'n, The SMART Box Model Disclosure--
In Depth, https://innovativelending.org/smart-box-model-disclosure-depth/ (last visited Mar. 20, 2023); Responsible Bus. Lending Coal.,
Small Business Borrower's Bill of Rights (2021), http://www.borrowersbillofrights.org/bill-of-rights.html.
---------------------------------------------------------------------------
A few commenters suggested alternatives if the Bureau did not adopt
APR, including requiring APR for a subset of transactions for which
[[Page 35309]]
calculating APR was feasible or having the Bureau calculate and publish
APR data itself.
Although industry commenters largely did not address APR, a few
offered arguments against its inclusion in the final rule. A group of
trade associations questioned the existence of a trend toward the use
of APR in commercial financing, noting that only California and
Virginia had adopted commercial financing disclosure laws at the time
of the NPRM. This group also speculated that Congress believed APR may
be inappropriate for the small business lending market because it did
not extend TILA to commercial credit in the Dodd-Frank Act. Other
commenters discussed the burden of reporting APR. Several banks stated
that lenders would need to change their systems to calculate APR for
small business loans. A State bankers association asserted that the
terms of small business loans did not allow APR to be calculated. And a
CDFI lender stated that APR calculations are infeasible for loans made
under the SBA's 7(a) program.\621\ Such loans, the commenter explained,
have fees that may vary based on the type or purpose of the loan, which
makes the APR difficult to determine accurately.
---------------------------------------------------------------------------
\621\ See Cong. Rsch. Serv., Small Business Administration 7(a)
Loan Guaranty Program, https://fas.org/sgp/crs/misc/R41146.pdf
(updated June 30, 2022) (discussing the SBA's flagship 7(a) loan
guarantee program).
---------------------------------------------------------------------------
Finally, some commenters directed their feedback to the scope of
the proposed pricing data point. Some community groups asked the Bureau
to require pricing information for all counteroffers because, they
asserted, such information would illuminate situations where lenders
are prepared to extend credit on less desirable terms than those
requested by the applicant. An industry commenter recommended limiting
the pricing information to originated transactions because it believed
pricing information for approved applications held no fair lending
value. But some community groups commented that including approved
applications in reported pricing data would further fair lending
purposes, such as allowing data users to evaluate whether financial
institutions are offering high-priced loans to minority applicants that
the applicants do not accept. A trade association commented that the
pricing information should include only interest rate and origination
charges but offered no explanation for its position.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(12) and associated commentary with certain adjustments.
Final Sec. 1002.107(a)(12)(i) through (vi) require reporting of the
following for covered credit transactions that are originated or
approved by the financial institution but not accepted by the
applicant: interest rate; total origination charges; broker fees; the
total amount of all non-interest charges that are scheduled to be
imposed over the first annual period; for a merchant cash advance or
other sales-based financing transaction, the difference between the
amount advanced and the amount to be repaid; and information about any
applicable prepayment penalties. The details of final Sec.
1002.107(a)(12)(i) through (vi) are discussed in turn in the section-
by-section analyses that follow; the discussion here focuses on the
Bureau's overall approach to the pricing data point.
The Bureau is finalizing comment 107(a)(12)-1 as proposed, which
clarifies that, for applications that the financial institution reports
as denied, withdrawn by the applicant, or incomplete, the financial
institution reports pricing information as ``not applicable.''
As discussed in the NPRM, the Bureau believes that pricing data
will further both the fair lending purpose and the business and
community development purpose of section 1071. The majority of small
businesses are run by a single owner without extensive financial
experience or expert staff to navigate the commercial credit
marketplace, which lacks many of the Federal protections found in
consumer lending.\622\ Heightened risks to fair lending and small
business development may arise from different pricing for the same
products and the selective marketing of higher-priced or even predatory
and unsustainable products. Because price-setting is integral to the
functioning of any market, any analysis of the small business lending
market--including to enforce fair lending laws or identify community
and business development opportunities--would be less meaningful
without this information.
---------------------------------------------------------------------------
\622\ For example, TILA's standardized disclosure requirements
for residential mortgage loans and limits on linking compensation to
mortgage loan terms, including pricing, do not apply to business
loans. See, e.g., 15 U.S.C. 1639b, Regulation Z Sec. 1026.36
(TILA's prohibition on basing mortgage loan originator compensation
on loan terms).
---------------------------------------------------------------------------
Research conducted for the Department of Commerce has found that
minority-owned businesses tend to pay higher interest rates on business
loans than those that are not minority-owned,\623\ and a report by the
Federal Reserve Bank of Atlanta found that minority-owned firms more
frequently applied for potentially higher-cost credit products, and
were also more likely to report challenges in obtaining credit, such as
being offered high interest rates.\624\ In addition, research conducted
for the SBA has found that Black- and Hispanic-owned businesses were
less likely to have business bank loans and more likely to use more
expensive credit card financing.\625\ The 2020 Small Business Credit
Survey by a collaboration of Federal Reserve Banks found that small
business applicants to nonbank lenders, such as online lenders and
finance companies, were more likely to report high interest rates or
unfavorable terms than applicants to depository institutions.\626\ To
the extent that the recovery from the lingering economic disruptions
following the COVID-19 pandemic is still ongoing when covered financial
institutions begin collecting data under this final rule, and in regard
to emergencies affecting small business access to credit that may occur
in the future, tracking pricing in this segment of the market is
particularly important.
---------------------------------------------------------------------------
\623\ Minority Bus. Dev. Agency, U.S. Dep't of Com., Disparities
in Capital Access between Minority and Non-Minority-Owned
Businesses: The Troubling Reality of Capital Limitations Faced by
MBEs, at 3, 5, 21, 36-37 (2010), https://archive.mbda.gov/page/executive-summary-disparities-capital-access-between-minority-and-non-minority-businesses.html.
\624\ Fed. Rsrv. Bank of Atlanta, Report on Minority Owned
Firms: Small Business Credit Survey (Dec. 2019), https://www.fedsmallbusiness.org/-/media/project/smallbizcredittenant/fedsmallbusinesssite/fedsmallbusiness/files/2019/20191211-ced-minority-owned-firms-report.pdf.
\625\ Alicia Robb, Financing Patterns and Credit Market
Experiences: A Comparison by Race and Ethnicity for U.S. Employer
Firms, at 47 (2018) (prepared for Off. of Advocacy, Small Bus.
Admin.), https://advocacy.sba.gov/2018/02/01/financing-patterns-and-credit-market-experiences-a-comparison-by-race-and-ethnicity-for-u-s-employer-firms/.
\626\ However, the survey noted that online lenders tended to
receive applications with lower credit scores so applicant risk
could play a role in higher interest rates for nonbank lenders. See
2020 Small Business Credit Survey at 15.
---------------------------------------------------------------------------
The Bureau believes pricing data are important because they offer
useful insight into underwriting disparities and are necessary for data
users to examine predatory pricing or pricing disparities. For example,
they might show that a particular market segment is expanding and
apparently filling an important need, but the new credit offered might
be predatory in nature. Pricing information will allow the Bureau and
others to understand the situation more accurately. Data collection
without pricing information
[[Page 35310]]
could have the unintended consequence of incentivizing irresponsible
lending, as providers seeking to increase representation of underserved
groups could be encouraged to adopt high-cost models of lending.
Without information on pricing, data users would be unable to
screen for fair lending pricing risks, and regulators would be less
able to focus their enforcement and supervision resources appropriately
on situations of greater possibility for questionable activities. In
addition, if potential discriminatory conduct is monitored effectively
in regard to credit approvals, but not in regard to pricing, industry
compliance systems may focus solely on approvals and denials and ignore
potential pricing disparities. Having pricing data available will also
increase transparency and help demonstrate to lenders where business
opportunities exist to offer sustainable credit to underserved markets.
In addition, it could demonstrate to small businesses the availability
of more affordable credit.
Pricing information that is separately enumerated as the interest
rate and general categories of fees will allow data users to more
precisely analyze the components of a credit transaction's price. For
example, data users will be able to identify potentially discriminatory
price disparities within upfront fees charged to borrowers at
origination that may not be visible in a single pricing metric.
Similarly, information about which components of a transaction's price
may be relatively more expensive should allow data users to better
identify business and community development initiatives because they
will be able to target their initiative at the particular component,
such as the interest rate, that may be most responsible for the
relatively high price of the transaction. The Bureau's decision not to
require reporting of APR, as requested by some commenters, is discussed
in more detail below.
The Bureau disagrees with commenters who suggested the pricing data
point lacks congressional authorization. ECOA section 704B(e)(2)(H)
authorizes the Bureau to require financial institutions to compile and
maintain ``any additional data that the Bureau determines would aid in
fulfilling the purposes of [section 1071].'' This provision reflects
Congress's understanding that certain information not explicitly
identified in section 1071 may advance the statutory purposes. As
described herein, the pricing data point satisfies this standard.
The Bureau understands that the small business lending market is
flexible and tailored to the situations of small business applicants
and borrowers. For this reason, pricing for small business credit is
affected by numerous factors, some of which are not reflected in the
1071 data. For example, the final rule does not require financial
institutions to report applicants' credit scores, which would provide
useful information for explaining pricing differences between
transactions. But the Bureau believes that commenters have understated
the amount of information the final rule includes about factors
relevant to pricing. For example, the final rule includes information
about the existence and nature of collateral; \627\ the credit purpose
and type; \628\ the applicant's industry,\629\ size,\630\ and history;
\631\ the type of guarantee; \632\ and the type of the lender.\633\
This information will provide important context for pricing data.
---------------------------------------------------------------------------
\627\ See final Sec. 1002.107(a)(5) (indicating whether credit
is secured or unsecured); final Sec. 1002.107(a)(6) (suggesting,
along with the credit type data point, whether a loan is secured by
a dwelling).
\628\ See final Sec. 1002.107(a)(5) (credit type); final Sec.
1002.107(a)(6) (credit purpose). The Bureau also notes that
insurance premium finance transactions are not covered by the final
rule (see final Sec. 1002.104(b)(3)). Thus, the unique challenges
of interpreting pricing information cited by commenters for those
transactions will not affect data users.
\629\ See final Sec. 1002.107(a)(15) (NAICS code).
\630\ The gross annual revenue and number of workers data points
are related to the applicant's size. See final Sec. 1002.107(a)(14)
and (16).
\631\ See final Sec. 1002.107(a)(17) (time in business).
\632\ See final Sec. 1002.107(a)(5)(ii) (guarantees).
\633\ See final Sec. 1002.109(b) (financial institution
identifying information).
---------------------------------------------------------------------------
More broadly, the 1071 data need not reflect every determinant of
credit pricing to provide value to users. The pricing data will further
fair lending enforcement by allowing regulators to better understand
fair lending risks and allocate their resources accordingly. As
explained in the NPRM, HMDA data have long served a similar function.
Some commenters questioned the analogy to HMDA data, citing greater
standardization in the mortgage market. But the same basic utility--
signaling fair lending risk--exists even if the nature of the signal
differs. Indeed, with respect to entities it supervises, the Bureau
similarly uses pricing data, when available in small business
examinations, to help identify fair lending risk.
Regarding suggestions that the Bureau consult supervisory and
examination data before adopting any pricing data requirements, the
Bureau has relied on its experience in these areas while developing the
final rule. The Bureau does not believe this rule is redundant of the
supervision and examination activities of any Federal agency. Moreover,
confidential supervisory information available only to Federal
regulators is no substitute for a publicly available dataset.
Furthermore, comments that focus narrowly on comparisons between
applicants ignore the business and community development purpose of
section 1071. Data users can examine pricing data at a more general
level to further this purpose. For example, government entities could
develop loan programs designed to increase the availability of credit
to certain small businesses whose existing financing options carry high
prices.
Regarding comments about the harmful consequences of potentially
misleading data, the Bureau anticipates noting when disclosing the 1071
data that the data alone generally do not offer proof of compliance
with fair lending laws.\634\ And the Bureau expects community groups to
use the data responsibly, with knowledge of these limitations, which
such groups say they have. The Bureau does not believe, as suggested by
commenters, that pricing data would reduce the availability of credit
to small business applicants. Instead, by helping to reduce fair
lending risk and identify business and community development
opportunities, the pricing data will help expand access to credit.
Privacy and confidentiality concerns about the pricing data are
discussed in part VIII.B.6.x below.
---------------------------------------------------------------------------
\634\ For example, the FFIEC cautions users of HMDA data that
``HMDA data are generally not used alone to determine whether a
lender is complying with fair lending laws.'' CFPB, Summary of 2021
Data on Mortgage Lending (2022), https://www.consumerfinance.gov/data-research/hmda/summary-of-2021-data-on-mortgage-lending/.
---------------------------------------------------------------------------
The Bureau understands that many financial institutions will incur
costs to collect and report pricing information. The Bureau has
attempted to reduce the difficulty of collecting and reporting these
data in several ways. For example, final Sec. 1002.107(a)(12) is
limited to approved applications and originated transactions. These are
transactions for which financial institutions generally would have to
determine the price to approve (or originate) the transaction. Other
transactions--i.e., those that are denied, withdrawn by the applicant,
or incomplete--are likely to have pricing information that is subject
to change or that has not yet been determined. In addition, final Sec.
1002.107(a)(12) generally takes a broad, functional approach to the
reportability of pricing information, rather than defining
reportability according to complex factors such as how a fee is
[[Page 35311]]
denominated or the nature of the collateral securing a transaction. The
Bureau believes this will simplify the collection and reporting
process. Despite any remaining burden for financial institutions, the
Bureau believes that pricing data are important for achieving both of
section 1071's purposes.
Further reducing the potential difficulty of reporting pricing
data, the Bureau has decided against requiring financial institutions
to report APR at this time. Calculating and reporting APR across the
diverse types of commercial transactions covered by the final rule may
require complex estimates to generate necessary variables for the APR
formula. Many merchant cash advances, for example, lack a disclosed
periodic payment amount. Thus, financial institutions would have to
estimate this term, if they do not do so now, to calculate an APR.
Although financial institutions may estimate some of the necessary
information during underwriting, they may not estimate it according to
the same formula, and may not maintain such information in a system
designed for data reporting. The Bureau understands that many financial
institutions will calculate APR to comply with State commercial
financing disclosure laws.\635\ But many financial institutions are not
currently subject to such State laws, or are subject to State laws that
do not require APR disclosure.\636\ As noted in the NPRM, the Bureau
will continue to monitor regulatory developments in the small business
lending market. The Bureau considered requiring reporting of APR only
for transactions where it is less complex to calculate, as some
commenters suggested. But a limited-transaction APR reporting
requirement would negate two important benefits that commenters cited
for APR: using it to compare diverse types of transactions and to apply
a single intuitive pricing measure for nontraditional types of
financing.
---------------------------------------------------------------------------
\635\ Cal. Dep't of Fin. Prot. & Innovation, Commercial
Financing Disclosures (2022), https://dfpi.ca.gov/wp-content/uploads/sites/337/2022/06/PRO-01-18-Commercial-Financing-Disclosure-Regulation-Final-Text.pdf; N.Y. Dep't of Fin. Servs., Proposed
Disclosure Requirements for Certain Providers of Commercial
Financing Transactions (2022), https://www.dfs.ny.gov/system/files/documents/2022/09/rp_23nycrr600_text_20220914.pdf.
\636\ Utah Dep't of Fin. Insts., Commercial Financing
Registration and Disclosure Act (2022), https://le.utah.gov/xcode/Title7/Chapter27/C7-27_2022050420220504.pdf.
---------------------------------------------------------------------------
The Bureau understands commenters' concerns over the accessibility
and comparability of rate and fees versus APR. Final Sec.
1002.107(a)(5)(iii) requires financial institutions to report loan
term; the Bureau has added to final comment 107(a)(6)-8 a requirement
that financial institutions report, for merchant cash advances and
other sales-based financing, the loan term, if any, that the financial
institution estimated, specified, or disclosed in processing or
underwriting the application or transaction. This information will
provide important context for data users comparing the pricing of
different transactions and help address the criticism over the lack of
a time period for pricing data. Regarding accessibility, the Bureau
believes the pricing data will be generally understandable by data
users. Most of the pricing data are similar to information found on
existing consumer and commercial credit disclosures, including the
State commercial financing disclosures cited by commenters.
Additionally, the Bureau anticipates that government agencies,
researchers, press organizations, community groups, and others will
publish research and reports using the small business lending data,
just as they do now with HMDA data. These publications may render
pricing information in a form more accessible to other users.
Finally, the Bureau is not adopting modifications to the scope of
the pricing data point. As discussed above, limiting the pricing data
to approved and originated transactions reduces the difficulty of
reporting while providing important information about the pricing
decisions of financial institutions. The Bureau does not believe, as
suggested by a commenter, that approved but not accepted applications
lack value for fair lending analysis. Rather, these applications are
similarly valuable because they also reflect transactions for which the
lender has made a credit decision and set the pricing for the
transaction. Lastly, limiting final Sec. 1002.107(a)(12) to interest
rate and origination charges would deprive data users of the benefits
of other pricing information. The importance of each aspect of the
pricing data point is discussed in the section-by-section analyses that
follow.
107(a)(12)(i) Interest Rate
Proposed Rule
Proposed Sec. 1002.107(a)(12)(i)(A) would have required financial
institutions to report the interest rate that is or would be applicable
to the covered credit transaction. If the interest rate is adjustable,
proposed Sec. 1002.107(a)(12)(i)(B) would have required the submission
of the margin, index value, and index name that is or would be
applicable to the covered credit transaction at origination.\637\
---------------------------------------------------------------------------
\637\ It should be noted that not all covered credit
transactions include an interest rate. Final Sec.
1002.107(a)(12)(v) applies to certain covered credit transactions
that do not include an interest rate. The discussion of final Sec.
1002.107(a)(12)(iv) below also addresses other covered credit
transactions that may not include an interest rate.
---------------------------------------------------------------------------
Proposed comment 107(a)(12)(i)-1 would have clarified that if a
covered credit transaction includes an initial period with an
introductory interest rate, after which the interest rate adjusts, a
financial institution complies by reporting information about the
interest rate applicable after the introductory period. Proposed
comment 107(a)(12)(i)-2 would have explained that a financial
institution reports the interest rate applicable to the amount of
credit approved or originated reported in proposed Sec. 1002.107(a)(8)
if a covered credit transaction includes multiple interest rates
applicable to different credit features. Lastly, proposed comment
107(a)(12)(i)-3 listed a number of indices to report and directed that
if the index used does not appear on the list of indices provided, the
financial institution reports ``other'' and provides the name of the
index via free-form text field.
Proposed Sec. 1002.107(a)(12)(i)(B) would have provided that, for
adjustable interest rates based upon an index, a financial institution
must report the margin, index value, and index name that is or would be
applicable to the covered credit transaction at origination. Proposed
comment 107(a)(12)(i)-4 would have clarified that a financial
institution complies with proposed Sec. 1002.107(a)(12)(i)(B) by
reporting the index value at the time the application is approved by
the financial institution. The Bureau sought comment on whether the
index value should be reported based on a different time period or
whether the index value should be reported at the time of approval.
The Bureau sought comment on proposed Sec. 1002.107(a)(12)(i) and
its commentary, including whether a different measure of pricing would
provide more accurate data, whether additional information about
pricing (for example, amortization type or adjustment frequency) would
provide beneficial data to help ascertain fair lending risk and further
the business and community development purpose of section 1071, and
whether there are additional indices that should be included in the
list from which financial institutions choose to report the applicable
index on adjustable rate transactions. Lastly, the Bureau sought
[[Page 35312]]
comment on whether there may be covered credit transactions where the
interest rate may change after origination based on factors such as if
the borrower maintains an account at the financial institution or if
some other condition is met, and if so, whether additional commentary
would be helpful to provide more guidance on which rate to report in
that circumstance.\638\
---------------------------------------------------------------------------
\638\ The Bureau did not receive any comments on this
solicitation.
---------------------------------------------------------------------------
Comments Received
The Bureau received comments specifically regarding the collection
of interest rate from banks and trade associations, among others. While
some commenters supported the Bureau's proposal, several industry
commenters had questions regarding how the provision would work. The
community group stated that interest rate information is beneficial as
long as data users have access to both the initial interest rate and
the interest rate after a potential initial rate reset. An industry
commenter agreed that interest rate information would be helpful in
conducting fair lending analyses. In contrast, a bank commenter
asserted that interest rate information is of limited value.
Regarding the details of the Bureau's proposal to collect interest
rate, a bank commenter noted that commercial loans may have more than
one interest rate. With respect to indices for variable rate
transactions and the Bureau's solicitation of comment on whether the
index value should be reported based on a different time period or if
at approval is the most appropriate time to measure, a group of trade
associations asserted in their comment that the index value is often
not related to the timing of approval or origination, and will not
provide useful data, while a bank commented that it would be less
burdensome to report the index value used to establish the interest
rate rather than the value at the time of approval. A State bankers
association asserted that the index value at approval may not have any
connection to the price of the loan, providing the example of
agricultural lending where the rate and terms are set after the
financial institution approves the loan. Two industry commenters noted
that the index value could change between approval and origination.
Another bank requested that Constant Maturity Treasury (CMT) rate be
included in the list of indices. Two trade associations inquired as to
how to report an internal index used to set the rate on a variable rate
transaction, while a bank commenter stated that use of internal indices
that are unique to a financial institution would make interest rate
data difficult to interpret.
A bank requested clarification of the term ``introductory period.''
Another bank asserted that for a variable interest rate transaction
with a five-year introductory period, the interest rate data reported
at approval will be outdated and inaccurate when the period ends.
Finally, a trade association inquired as to how a financial institution
would report an interest rate that is unknown at origination, such as a
line of credit whose interest rate changes based on the amount
advanced.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(12)(i) with one addition, as well as with other adjustments
and additions to the commentary to address comments received regarding
introductory interest rate periods and adjustable interest rates. Final
Sec. 1002.107(a)(12)(i) requires financial institutions to report the
interest rate that is or would be applicable to the covered credit
transaction. If the interest rate is adjustable, final Sec.
1002.107(a)(12)(i)(B) requires the submission of the margin, index
value, introductory rate period expressed in months (if applicable),
and the index name that is or would be applicable to the covered credit
transaction. As with all aspects of pricing within Sec.
1002.107(a)(12), this requirement applies to credit transactions that
either have been originated or have been approved by the financial
institution but not accepted by the applicant.
The Bureau believes that collection of the interest rate on the
covered credit transaction furthers both the fair lending purpose and
the business and community development purpose of section 1071 by
allowing regulators, small business advocates, and industry to conduct
fair lending reviews and monitor the market for emerging high-cost
products. In addition, the availability of this pricing metric will
provide pricing transparency and will encourage the development of
successful lending models because policymakers, community
organizations, investors, banks seeking partnerships, and others will
have better visibility into which business models are successful at
providing sustainable credit to minority-owned, women-owned, and other
underserved small businesses.
Furthermore, research has found that minority-owned businesses tend
to obtain, or be offered, higher interest rates on business credit than
non-minority-owned businesses.\639\ The collection of interest rate
(along with fees) will allow the Bureau, other government agencies, and
other data users to have insight into the existing market, monitor the
market for potentially troubling trends, and conduct fair lending
analyses that adequately take into account this important metric.
---------------------------------------------------------------------------
\639\ U.S. Dep't of Com., Minority Business Development Agency,
Disparities in Capital Access between Minority and Non-Minority-
Owned Businesses: The Troubling Reality of Capital Limitations Faced
by MBEs, at 3, 5, 21, 36-37 (2010), https://archive.mbda.gov/page/executive-summary-disparities-capital-access-between-minority-and-non-minority-businesses.html.
---------------------------------------------------------------------------
In general, interest rate information should be in or readily
determinable from the credit file, and thus available for reporting. To
the extent that it is not, the Bureau notes that certain State-level
commercial lending disclosures, notably those of California and New
York, require the disclosure of APR.\640\ Because the interest rate
must be known to calculate APR, the Bureau believes that final Sec.
1002.107(a)(12)(i) imposes little burden on financial institutions that
already include the interest rate on such disclosures required by State
law, as well as on the contract between the financial institution and
the applicant.
---------------------------------------------------------------------------
\640\ See N.Y. S.898, section 803(c) (signed Jan. 6, 2021)
(amending S.5470-B), https://legislation.nysenate.gov/pdf/bills/2021/s898; Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235.
---------------------------------------------------------------------------
As noted above, final Sec. 1002.107(a)(12)(i) remains largely the
same as proposed Sec. 1002.107(a)(12)(i). However, the Bureau has
added to final Sec. 1002.107(a)(12)(i)(B) a requirement that financial
institutions report the initial rate period expressed in months (if
applicable) (along with the margin, index value, and the index name
that is or would be applicable to the covered credit transaction, as
proposed). The Bureau agrees with commenters that for transactions with
a variable interest rate where there is an initial rate and the
interest rate resets after a certain period, at the time the financial
institution approves the transaction and sets the interest rate, the
financial institution will not know the future value of the index used
to create the interest rate. By collecting the number of months of the
initial period (if any), the rule will allow data users to determine
the accurate interest rate applicable to the transaction because they
will have the name of the index and the timing of the index value. For
example, as written in final comment 107(a)(12)(i)-2, if a
[[Page 35313]]
financial institution originates a covered credit transaction with a
fixed initial interest rate of 0 percent for six months following
origination, after which the interest rate will adjust according to a
Prime index rate plus a 3 percent margin, the financial institution
reports the 3 percent margin, the number ``6'' for the length of the
initial rate period, Prime as the name of the index used to adjust the
interest rate, and ``not applicable'' for the index value.
New comment 107(a)(12)(i)-1 clarifies that a financial institution
complies with Sec. 1002.107(a)(12)(i) by reporting the interest rate
applicable to the amount of credit approved or originated as reported
pursuant to final Sec. 1002.107(a)(8). The Bureau is adopting this
comment to address the issue raised by a commenter as to how a
financial institution would report an interest rate that is unknown at
origination or where the rate changes based on the amount advanced,
such as with some lines of credit.
The Bureau is adopting comment 107(a)(12)(i)-2 (renumbered from
107(a)(12)(i)-1 in the proposal) with several alterations. Final
comment 107(a)(12)(i)-2 clarifies that if a covered credit transaction
includes an initial period with an introductory interest rate of 12
months or less, after which the interest rate adjusts upwards or shifts
from a fixed to a variable rate, a financial institution complies with
the provision by reporting information about the interest rate
applicable after the introductory period. If a covered transaction
includes an initial rate period of more than 12 months after which the
interest rate resets, a financial institution complies with the
provision by reporting information about the interest rate applicable
prior to the reset period. Final comment 107(a)(12)(i)-2 also provides
two examples to illustrate these scenarios. The Bureau's revisions to
this comment address a commenter's request to clarify the term
``introductory period'' (which the Bureau has done by clarifying that
an introductory period includes an initial period of 12 months or less
after which the interest rate adjusts upward or shifts from a fixed to
a variable rate), as well as another commenter's concern that in a
transaction with a five-year introductory period, the interest rate
reported at approval will be outdated and inaccurate when the period
ends.
Final comment 107(a)(12)(i)-3 (renumbered from proposed comment
107(a)(12)(i)-2 with one non-substantive adjustment) clarifies that if
a covered credit transaction includes multiple interest rates
applicable to different credit features, a financial institution
complies with Sec. 1002.107(a)(12)(i) by reporting the interest rate
applicable to the amount of credit approved or originated reported
pursuant to final Sec. 1002.107(a)(8). The comment also provides an
example.
Final comment 107(a)(12)(i)-4 (renumbered from proposed comment
107(a)(12)(i)-3) includes a list of indices for reporting the
appropriate index for variable rate transactions, and also specifies
that a financial institution reports ``other'' and reports the index
name in free-form text if the applicable index is not listed. The
Bureau has added CMT to the list of indices in the comment, as
requested by a commenter. In response to requests from a number of
commenters for clarification as to how a financial institution should
report internal indices, the Bureau has also added ``Internal Index''
to the list of indices in the comment. The Bureau believes that
allowing financial institutions to choose ``other'' when an index used
does not appear on the provided list will facilitate compliance. In
addition, collecting this information on ``other'' indices will assist
the Bureau in monitoring trends in this area and key developments in
the small business lending market, which the Bureau could use to inform
any future iterations of the list.
Final comment 107(a)(12)(i)-5 (renumbered from proposed comment
107(a)(12)(i)-4) clarifies that a financial institution complies with
Sec. 1002.107(a)(12)(i) by reporting the index value used to set the
rate that is or would be applicable to the covered transaction.
Proposed comment 107(a)(12)(i)-4 would have required financial
institutions to report, for covered transactions with an adjustable
interest rate, the index value applicable at the time the application
was approved by the financial institution. Some commenters stated that
the index value at the time of approval may have no relationship to the
index value used to set the interest rate and that it would be less
burdensome to report the index value used to establish the interest
rate rather than the value at the time of approval. To address these
concerns, the Bureau has adjusted final comment 107(a)(12)(i)-5 to
require reporting of the index value used to set the rate that is or
would be applicable to the covered transaction. In most cases, this
will be the index value at the time of approval, because the financial
institution will set the pricing when the credit decision is made, but
in cases where there might be a difference, this comment as revised
will ensure that financial institutions are reporting the index value
actually used to establish the interest rate, rather than the value
that otherwise exists at the time of approval.
107(a)(12)(ii) Total Origination Charges
Proposed Rule
Proposed Sec. 1002.107(a)(12)(ii) would have required financial
institutions to report the total origination charges for a covered
credit transaction. Total origination charges are the total amount of
all charges payable directly or indirectly by the applicant and imposed
directly or indirectly by the financial institution at or before
origination as an incident to or a condition of the extension of
credit, expressed in dollars.
Proposed comment 107(a)(12)(ii)-1 would have clarified that charges
imposed uniformly in cash and credit transactions are not reportable.
Proposed comment 107(a)(12)(ii)-2 would have provided guidance on
reporting charges imposed by third parties. Proposed comment
107(a)(12)(ii)-3 would have clarified that broker fees are included in
the total origination charges.\641\ Proposed comment 107(a)(12)(ii)-4
would have provided guidance on reporting charges for other products or
services paid at or before origination. And proposed comment
107(a)(12)(ii)-5 would have listed examples of reportable charges.
---------------------------------------------------------------------------
\641\ For more information on broker fees, see the section-by-
section analysis of Sec. 1002.107(a)(12)(iii) below.
---------------------------------------------------------------------------
The Bureau sought comment on proposed Sec. 1002.107(a)(12)(ii) and
its commentary, including whether concepts and guidance adapted from
Regulation Z, such as proposed comment 107(a)(12)(ii)-1 on comparable
cash transactions, were applicable in the small business lending
context such that they should be incorporated as drafted. The Bureau
also sought comment on whether to enumerate certain types of charges
separately in the 1071 data, and whether to include or exclude certain
types of charges in the total origination charges.
Comments Received
The Bureau received comments specifically regarding total
origination charges from several banks and trade associations, along
with a community group and a joint letter from a cross-sector group of
lenders, community groups, and small business advocates.
A few industry commenters questioned the utility of information
about total origination charges. For example, several commenters
asserted that proposed Sec. 1002.107(a)(12)(ii) would not provide
useful data because the amount of origination charges may vary based on
factors not captured by
[[Page 35314]]
the 1071 data, such as geographical differences in appraisal fees. A
group of trade associations stated that including broker fees while
itemizing them separately in another data field would inflate the
amount of origination charges. And a bank preferred to report only
origination points but believed that such data would provide only
limited value. This commenter did not define origination points but the
Bureau understands the term to refer to one way that financial
institutions denote fees paid to the lender for originating the loan.
However, the cross-sector group commented that total origination
charges would be especially helpful for data users examining the cost
of merchant cash advances because these transactions include upfront
fees not otherwise captured in the pricing data.
A few commenters asserted that reporting total origination charges
would be burdensome. For example, several industry commenters stated
that calculating the finance charge under Regulation Z, which defines
certain charges similar to the proposed total origination charges data
field, is complex and not performed for commercial credit transactions.
And a trade association suggested that the proposed treatment of
certain charges, such as a borrower's premium for property insurance,
was unclear.
Several commenters addressed specific aspects of total origination
charges. For example, a community group stated that charges imposed
uniformly in cash and credit transactions should be reportable because,
they asserted, such charges are rare and the existence of such an
exclusion may encourage fee shifting. Conversely, a trade association
stated that any charge imposed uniformly on all applicants should be
excluded because such a charge could not be the source of a pricing
disparity. Several industry commenters stated that third-party charges
should be excluded because the imposition of such fees is often outside
a financial institution's control, while a group of trade associations
found the treatment of such charges confusing. Finally, another trade
association stated that aligning the definition of total origination
charges to Regulation C's definition of origination charges used to
report data under HMDA \642\ would provide helpful clarity because the
Regulation C definition is understood to include only charges retained
by the financial institution.
---------------------------------------------------------------------------
\642\ 12 CFR 1003.4(a)(18).
---------------------------------------------------------------------------
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(12)(ii) with additional clarifying commentary. Final Sec.
1002.107(a)(12)(ii) requires financial institutions to report the total
amount of all charges payable directly or indirectly by the applicant
and imposed directly or indirectly by the financial institution at or
before origination as an incident to or a condition of the extension of
credit, expressed in dollars. As with all aspects of pricing within
Sec. 1002.107(a)(12), this requirement applies to credit transactions
that either have been originated or have been approved by the financial
institution but not accepted by the applicant.
The Bureau is finalizing comments 107(a)(12)(ii)-1 through -5 as
proposed. In addition, the Bureau is adopting final comment
107(a)(12)(ii)-6, which clarifies the reporting of a net lender credit
provided by a financial institution to an applicant at origination.
As discussed in the NPRM, total origination charges provide
information about an important component of pricing for small business
credit: the upfront cost of originating and extending credit. This
relatively specific information enables insight into credit pricing
that would be obscured by more general information, such as the trade-
offs between the interest rate and the upfront charges. Indeed, new
comment 107(a)(12)(ii)-6 enhances users' ability to examine the
relationship between components of credit pricing by clarifying how to
report net lender credits provided to the applicant. For example,
without information about net lender credits, transactions where a
borrower accepted a lender credit at origination in exchange for a
higher interest rate would appear to have inflated prices. Moreover, by
generally covering all upfront fees and credits regardless of how they
are structured and denominated, final Sec. 1002.107(a)(12)(ii) limits
financial institutions' opportunity to shift fees to excluded charges
by giving similar fees different names. Thus, final Sec.
1002.107(a)(12)(ii) will enable users to better understand pricing
disparities and identify potential business and community development
opportunities.
The Bureau disagrees with commenters who claimed that information
about total origination charges would not have value. Although such
charges are affected by factors not included in the 1071 data, final
Sec. 1002.107(a)(12)(ii) will still provide insight into pricing in
the small business lending market. General information about upfront
charges will enable users to better understand fair lending
disparities, even if they cannot conclusively determine the existence
of unlawful disparities from the data alone. And users need not attempt
to make precise comparisons among individual applicants to identify
business and community development needs and opportunities. Regarding
broker fees, the Bureau believes that such charges are an important
component of the upfront cost of credit and notes that Regulation Z
also includes them in the finance charge.\643\ Also, broker fees are
separately itemized in final Sec. 1002.107(a)(12)(iii) so that users
who are concerned about the impact of including broker fees can deduct
them from the total origination charges.
---------------------------------------------------------------------------
\643\ Compare final comment 107(a)(12)(ii)-3, with Regulation Z
Sec. 1026.4(a)(3).
---------------------------------------------------------------------------
Regarding commenters' concerns about burden, the Bureau understands
that some financial institutions find calculation of the finance charge
in Regulation Z Sec. 1026.4--which is similar to final Sec.
1002.107(a)(12)(ii)'s description of total origination charges--to be
complex. But final Sec. 1002.107(a)(12)(ii) is simpler in several
important respects. First, final Sec. 1002.107(a)(12)(ii) excludes all
credit costs occurring after origination of a covered credit
transaction, such as interest and time-price differential. And final
Sec. 1002.107(a)(12)(ii) adopts a more inclusive approach to upfront
charges than Regulation Z's finance charge, which has numerous
provisions addressing specific fees.\644\ This simplified approach
should make the total origination charges less burdensome to calculate
than the finance charge. Regarding a commenter's question about the
treatment of a borrower's premium for property insurance, this charge
is handled using the general approach to charges for other products or
services described in comment 107(a)(12)(ii)-4: such charges are
included in the total origination charges only if the financial
institution requires the purchase of such other product or service as a
condition of or an incident to the extension of credit.
---------------------------------------------------------------------------
\644\ For example, the finance charge excludes application fees
charged to all applicants for credit, and numerous fees in
transactions secured by real property. See Regulation Z Sec.
1026.4(c)(1) (application fees) and (7) (real estate-related fees).
---------------------------------------------------------------------------
The Bureau is not making certain specific changes to the total
origination charges data field suggested by commenters. First, final
Sec. 1002.107(a)(12)(ii) maintains the
[[Page 35315]]
exclusion for charges imposed uniformly in cash and credit
transactions, similar to the exclusion in Regulation Z's finance
charge, because the Bureau believes that pricing data better serves
section 1071's statutory purposes when it focuses on the cost of credit
that the lender is imposing rather than capturing all costs that may be
associated with a particular transaction (whether financed or not).
Furthermore, the Bureau is not excluding charges simply because a
financial institution imposes them uniformly on all applicants for
credit. Even if such charges--given their uniformity--were to hold no
value for fair lending analysis, they would still be part of the
upfront cost of credit that data users may wish to examine in
identifying business and community development needs and opportunities.
Final Sec. 1002.107(a)(12)(ii) also adopts the proposal's treatment of
third-party charges, with such charges being reportable only if a
financial institution either requires the use of a third party as a
condition of or an incident to the extension of credit, even if the
applicant can choose the third party; or retains a portion of the
third-party charge, to the extent of the portion retained.\645\ This
approach focuses final Sec. 1002.107(a)(12)(ii) on those upfront
third-party charges that are effectively set by the lender as a cost of
credit. The Bureau believes this approach is consistent with that
requested by commenters who did not want third-party charges to be
reportable if they were outside of a financial institution's control.
Regulation Z's finance charge definition uses a similar standard for
third-party charges, and the Bureau is not aware of significant
confusion over its applicability. Finally, Regulation C's definition of
total origination charges, which is taken directly from the amount
disclosed to borrowers of closed-end consumer credit transactions
secured by real property,\646\ is limited in ways that the Bureau
believes would reduce the value of final Sec. 1002.107(a)(12)(ii) in
the small business lending context. For example, new comment
107(a)(12)(ii)-6 clarifies that financial institutions may report a
negative amount to reflect a net credit provided by the lender, but
such credits could not be included in Regulation C's total origination
charges data point.
---------------------------------------------------------------------------
\645\ See final comment 107(a)(12)(ii)-2.
\646\ Regulation Z Sec. 1026.38(f)(1).
---------------------------------------------------------------------------
107(a)(12)(iii) Broker Fees
Proposed Rule
Proposed Sec. 1002.107(a)(12)(iii) would have required financial
institutions to report the broker fees for a covered credit
transaction. Broker fees are the total amount of all charges included
in the total reportable origination charges that are fees paid by the
applicant directly to a broker or to the financial institution for
delivery to a broker, expressed in dollars. Proposed comment
107(a)(12)(iii)-1 would have provided an example of reporting different
types of broker fees. Proposed comment 107(a)(12)(iii)-2 would have
clarified that financial institutions would use a ``best information
readily available'' standard regarding fees paid directly to a broker
by an applicant.
The Bureau sought comment on proposed Sec. 1002.107(a)(12)(iii)
and its commentary, including on the knowledge that financial
institutions might have about direct broker fees and the challenges of
reporting such information.
Comments Received
The Bureau received comments specifically regarding broker fees
from several lenders, trade associations, and community groups. A
community group stated that information about broker fees would help
data users monitor for abusive practices. Conversely, a group of trade
associations asserted that the Bureau had not established that broker
fees were inflating the cost of credit in the small business lending
market. This commenter also speculated that Congress was unconcerned
with broker fees in this market because it had not extended certain
TILA protections to commercial transactions or explicitly identified
broker fees in section 1071.
Several commenters addressed the reporting of broker fees paid
directly to the broker. A trade association commented that the amount
of such fees may be difficult for a financial institution to obtain,
while a bank said that documenting efforts to verify direct broker fees
would be burdensome. A community group said that the Bureau's proposed
``best information readily available'' standard was reasonable, while a
joint letter from community groups and business advocacy groups asked
the Bureau to separately itemize indirect broker fees in order to
provide more information about charges that are imposed by the lender.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(12)(iii) and associated commentary as proposed. As with all
aspects of pricing within Sec. 1002.107(a)(12), this requirement to
report broker fees applies to credit transactions that either have been
originated or have been approved by the financial institution but not
accepted by the applicant.
As discussed in the NPRM, loan brokers play an important role in
the small business lending market. The market has shifted to include
more nonbank and nontraditional lenders offering different types of
financial products, which creates opportunities for intermediaries,
such as brokers, who might assist applicants in navigating among
potential lenders or products.\647\ These intermediaries offer benefits
to applicants but also create risks for those applicants arising from
misaligned incentives.\648\ Indeed, the small business lending market
lacks certain substantive protections against misconduct that are found
in the consumer credit market, such as the prohibition on basing
certain loan originator compensation on the terms of a
transaction.\649\
---------------------------------------------------------------------------
\647\ See, e.g., 2022 Small Business Credit Survey (reporting
that 40 percent of respondents applied for credit at either an
online lender or a finance company in 2021).
\648\ See Fin. Stability Oversight Council, 2016 Annual Report,
at 126 (2016), https://home.treasury.gov/system/files/261/FSOC-2016-Annual-Report.pdf (discussing intermediaries in alternative lending
arrangements and explaining that ``[i]n other markets, business
models in which intermediaries receive fees for arranging new loans
but do not retain an interest in the loans they originate have, at
times, led to incentives for intermediaries to evaluate and monitor
loans less rigorously''). Because of the potential risks involved in
multi-party business arrangements, the FFIEC's Interagency Fair
Lending Examination Procedures emphasize the importance of
understanding the role that brokers play in a financial
institution's lending process. Fed. Fin. Insts. Examination Council,
Interagency Fair Lending Examination Procedures, at 3 (2009),
https://www.ffiec.gov/PDF/fairlend.pdf (instructing examiners to
consider an institution's organization of its credit decision-making
process, including identification of the delegation of separate
lending authorities and the extent to which discretion in pricing or
setting credit terms and conditions is delegated to various levels
of managers, employees, or independent brokers or dealers and an
institution's loan officer or broker compensation program).
\649\ Regulation Z Sec. 1026.36 (implementing TILA's
prohibition on basing residential mortgage loan originator
compensation on loan terms).
---------------------------------------------------------------------------
Information about broker fees will help data users better
understand the small business lending market in general and the impact
broker fees have on credit pricing in particular. Although broker fees
are included in final Sec. 1002.107(a)(12)(iii)'s definition of total
origination charges, separately enumerating the total broker fees will
allow data users to better understand the role that brokers play in the
price of
[[Page 35316]]
small business credit. For example, data users will be able to analyze
whether broker fees specifically appear to be creating fair lending
risk or higher-priced transactions for certain communities. Empowering
data users to engage in this level of analysis will aid in fulfilling
both the fair lending enforcement and business and community
development purposes of the statute.
The Bureau acknowledges the lack of data regarding the extent to
which broker fees may or may not be inflating the cost of credit. This
insufficiency, however, is exactly what 1071 data are intended to help
address. Moreover, final Sec. 1002.107(a)(12)(iii) is valuable to data
users even in the absence of any problematic pricing practices
regarding brokers because it will help shed light on an important
aspect of commercial financing arrangements. The final rule includes
numerous data points, including much of the pricing data point, that do
not capture information that about intrinsically or especially abusive
conduct, but that will help data users identify fair lending concerns
and identify business and community development needs and
opportunities. Regarding Congress's intent, the Bureau notes that
section 1071 expressly authorizes the Bureau to require financial
institutions to compile and maintain ``any additional data that the
Bureau determines would aid in fulfilling the purposes of [section
1071].'' \650\ As discussed herein, final Sec. 1002.107(a)(12)(iii)
satisfies this requirement.
---------------------------------------------------------------------------
\650\ ECOA section 704B(e)(2)(H).
---------------------------------------------------------------------------
The Bureau understands that financial institutions often may not
have complete access to information regarding the amount of broker fees
that an applicant pays directly to a broker. Thus, final comment
107(a)(12)(iii)-2 clarifies that a financial institution may rely on
the best information readily available to the financial institution at
the time final action is taken. Information readily available can
include, for example, information provided by an applicant or broker
that the financial institution reasonably believes regarding the amount
of fees paid by the applicant directly to the broker. The Bureau
believes commenters may be overestimating the burden associated with
this standard, which contemplates only consulting information
``readily'' available rather than performing a searching inquiry into
the amount of direct broker fees. As noted in the NPRM, the same
standard is used for reporting certain HMDA data under Regulation C,
and it does not appear to be unduly burdensome in that context.\651\
Additionally, many nonbank financial institutions will need to
determine the amount of broker fees in certain circumstances to comply
with State commercial financing disclosure laws.\652\
---------------------------------------------------------------------------
\651\ See Regulation C comments 4(a)(31)-4 and 4(a)(32)-5.
\652\ For example, California's commercial financing disclosure
law requires lenders to determine the finance charge, which includes
``any charge that would be a finance charge under 12 CFR part
1026.4.'' Cal. Code Regs. tit. 10, section 943(a)(1), https://dfpi.ca.gov/wp-content/uploads/sites/337/2022/06/PRO-01-18-Commercial-Financing-Disclosure-Regulation-Final-Text.pdf. In turn,
Regulation Z Sec. 1026.4(a)(3) generally includes fees charged by a
mortgage broker, whether paid directly or indirectly. California law
also requires separate disclosure of broker fees that are included
in the amount financed by the borrower. Cal. Code Regs. tit. 10,
section 956(a)(5).
---------------------------------------------------------------------------
Finally, the Bureau is not requiring separate itemization of
indirect broker fees at this time. Such fees could be imposed for a
variety of reasons and in a variety of ways; the Bureau believes that
additional information and stakeholder feedback would be beneficial
before adopting such a requirement.
107(a)(12)(iv) Initial Annual Charges
Proposed Rule
Proposed Sec. 1002.107(a)(12)(iv) would have required financial
institutions to report the total amount of all non-interest charges
that are scheduled to be imposed over the first annual period of the
covered credit transaction, expressed in dollars.
Proposed comment 107(a)(12)(iv)-1 would have provided an example of
how to calculate the amount to report. Proposed comment 107(a)(12)(iv)-
2 would have highlighted that a financial institution should exclude
interest expenses from the initial annual charges reported. Proposed
comment 107(a)(12)(iv)-3 would have noted that a financial institution
should not include any charges for events that are avoidable by the
applicant, including for example, charges for late payment, for
exceeding a credit limit, for delinquency or default, or for paying
items that overdraw an account. Proposed comment 107(a)(12)(iv)-4 would
have provided examples of initial annual charges that may be scheduled
to be imposed during the initial annual period, including monthly fees,
annual fees, and other similar charges. Finally, proposed comment
107(a)(12)(iv)-5 would have clarified that a financial institution
complies with the provision by reporting as the default the highest
amount for a charge scheduled to be imposed, and provides an example of
how to calculate the amount reported when the scheduled fee to be
imposed may be reduced based upon a specified occurrence.
The Bureau sought comment on proposed Sec. 1002.17(a)(12)(iv) and
its commentary, including whether to include or exclude certain types
of charges as reportable under initial annual charges. The Bureau also
sought comment on the likelihood that financial institutions would
schedule charges in the second year of a covered credit transaction and
beyond specifically in an effort to avoid reporting the charges for
purposes of section 1071. Finally, the Bureau sought comment on how it
should treat situations where the applicant has informed the financial
institution that it expects to regularly incur ``avoidable charges,''
and whether such charges should be reported as a scheduled charge.
Comments Received
The Bureau received comments specifically regarding the collection
of initial annual charges from lenders, trade associations, and
community groups.
A community group stated that the Bureau should finalize the
provision as proposed, but that the Bureau should conduct research to
determine if lenders are shifting fees beyond the first year. Several
community groups and a lender requested that the Bureau require
financial institutions to also report charges scheduled to be imposed
after the first year to avoid encouraging lenders to impose charges
disproportionately in the later years of the loan's term.
With respect to avoidable fees, a community group stated that the
Bureau should include all fees that could be imposed at the lender's
discretion in order to avoid evasion. A bank and a joint letter from
bank trade associations argued that including avoidable fees that the
applicant intends to incur would unfairly inflate the prices of some
loans and create documentation problems for lenders. One commenter
asserted that, for loans with terms shorter than one year, financial
institutions should not be made to speculate as to what constitutes the
initial period on short term loans and what could occur during the
initial annual period regarding charges.
A State bankers association expressed concern that the terms
``scheduled'' and ``initial period following origination'' were not
defined in the NPRM. That commenter and a bank asserted that many
charges that may be incurred during the first year may be uncertain,
[[Page 35317]]
such as an inspection fee for a construction project where the timing
of inspections is determined by events occurring after origination. The
State bankers association also stated that some loans may have multiple
transactions within a one-year period, such as a line of credit that
was originated and then increased, and asserted that it is unclear
whether associated charges would be reported twice or combined.
Final Rule
For the reasons set forth herein, the Bureau is adopting Sec.
1002.107(a)(12)(iv) and associated commentary with additions and
adjustments to commentary to address comments regarding speculative
charges and transactions with terms of less than one year. Final Sec.
1002.107(a)(12)(iv) provides that a financial institution reports only
charges scheduled to be imposed over the first annual period of the
covered credit transaction. The Bureau understands that there are a
variety of ways that small business credit transactions may be
structured. This includes, for example, whether there is an interest
rate imposed on the transaction, whether there are finance charges, and
whether there are a myriad of other fees that may be scheduled to be
paid or are contingent upon some occurrence. In addition, the Bureau
understands that scheduled fees may constitute a substantial part of
the cost of a covered credit product, and without knowledge of those
fees, the cost of the credit would be incomplete. The Bureau believes
that final Sec. 1002.107(a)(12)(iv) enables data users to have a more
accurate understanding of the cost of the covered credit transaction
than if the data lacked information about scheduled fees.
There may be small business credit transactions that do not include
an interest rate, but do include a monthly finance charge. If the
financial institution were only required to report the interest rate on
these types of transactions, the true cost of credit would be obscured
because the monthly finance charge would not be reported. In addition,
small business credit, like consumer credit, may include a number of
other fees, such as annual fees and other similar charges. The
information collected and reported under final Sec.
1002.107(a)(12)(iv) allows data users to have a more complete picture
of the cost of the covered credit transaction and promotes market
transparency, thus furthering the business and community development
purpose of section 1071. In addition, this pricing data furthers the
fair lending purpose of section 1071 as it enhances the ability to
understand the cost of credit and any disparities that may exist.
The Bureau believes that by requiring only scheduled charges to be
reported (rather than the submission of all potential charges, some of
which could be speculative), the data reported will be more accurate
than if a financial institution were to make an educated guess as to
what unscheduled charges will be imposed over the first annual period.
Final Sec. 1002.107(a)(12)(iv) does not require a financial
institution to itemize the charges reported thereunder. The Bureau also
believes that requiring charges to be itemized would add a considerable
amount of complexity for financial institutions in collecting and
reporting the initial annual charges, given the range of fees that
could be charged and the variations in how they might be imposed.
A financial institution complies with final Sec.
1002.107(a)(12)(iv) by not including charges for events that are
avoidable by the applicant; this restriction is explained more fully in
final comment 107(a)(12)(iv)-3 (unchanged from the proposal), which
provides examples of types of avoidable charges. As noted above, the
Bureau believes that the accuracy of the data reported is enhanced by
only including charges that are scheduled to be imposed and not
including potential charges that are contingent upon an action (or
inaction) by the borrower. The Bureau also believes that only requiring
financial institutions to report such charges for the first year, and
not the life of the loan, will reduce any burden associated with
reporting the data. This information should be included in the contract
and, at most, would require a simple calculation to arrive at the total
charges for the initial annual period. An example of how to calculate
the initial annual charges for the first annual period is found in
final comment 107(a)(12)(iv)-1. Additionally, to address comments
received regarding uncertain or speculative charges, the Bureau has
revised final comment 107(a)(12)(iv)-1 to state explicitly that, in a
transaction where there will be a charge in the initial annual period
following origination but the amount of that charge is uncertain at the
time of origination, a financial institution complies by not reporting
that charge as scheduled to be imposed during the initial annual period
following origination.
The Bureau is finalizing comments 107(a)(12)(iv)-2 (providing that
a financial institution complies with the provision by excluding any
interest expense from the initial annual charges reported) and -4
(providing examples of charges scheduled to be imposed during the
initial annual period) as proposed. The Bureau is also finalizing
comment 107(a)(12)(iv)-5 as proposed. This comment provides additional
explanation about what amount to report when the financial institution
provides a discount on the charge if certain conditions are met. The
Bureau understands that some financial institutions may provide a
discount on specific charges when certain conditions are met. For
example, a financial institution may provide a discount on a monthly
charge if the borrower maintains a checking account at the financial
institution. In such a circumstance, final Sec. 1002.107(a)(12)(iv)-5
requires the financial institution to report the non-discounted amount
to maintain consistency across the data that are reported by all
financial institutions.
The Bureau is adopting new comment 107(a)(12)(iv)-6 to clarify
that, for a transaction with a term less than one year, a financial
institution complies with the provision by reporting all charges
scheduled to be imposed during the term of the transaction. This
comment was added to address requests for clarification regarding how
to report the data for transactions with terms less than one year as
well as what is meant by initial annual period.
107(a)(12)(v) Additional Cost for Merchant Cash Advances or Other
Sales-Based Financing
Proposed Rule
Proposed Sec. 1002.107(a)(12)(v) would have required financial
institutions to report additional cost data for merchant cash advances
or other sales-based financing transactions. Specifically, this cost is
the difference between the amount advanced and the amount to be repaid,
expressed in dollars. Proposed comment 107(a)(12)(v)-1 would have
provided an example of the difference between the amount advanced and
the amount to be repaid for a merchant cash advance.
The Bureau sought comment on proposed Sec. 1002.107(a)(12)(v) and
its commentary, including whether to require additional pricing
information for merchant cash advances, and whether merchant cash
advances could be structured in ways that evade the proposed reporting
requirement, such as by omitting or making variable the amount to be
repaid.
Comments Received
The Bureau received comments specifically regarding this aspect of
the
[[Page 35318]]
proposal from several industry and community group commenters. Several
joint letters from community groups, community oriented lenders, and
business advocacy groups, as well as a trade association, asked the
Bureau to require reporting the loan term for merchant cash advances or
other sales-based financing transactions. These commenters stated that
the loan term was necessary to compare the pricing of merchant cash
advances, and offered potential methodologies for estimating unknown
loan terms, including those from State commercial financing disclosure
laws. A lender asked the Bureau to accommodate future transaction types
by allowing financial institutions to report amounts under Sec.
1002.107(a)(12)(v) even if the transaction is not a merchant cash
advance or other sales-based financing transaction. Finally, a cross-
sector group of lenders, community groups, and small business advocates
agreed that Sec. 1002.107(a)(12)(v), along with the other pricing
data, would capture the cost of merchant cash advances.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(12)(v) and comment 107(a)(12)(v)-1 as proposed. Final Sec.
1002.107(a)(12)(v) requires financial institutions to report the
difference between the amount advanced and the amount to be repaid,
expressed in dollars, for merchant cash advances or other sales-based
financing transactions. As with all aspects of pricing within final
Sec. 1002.107(a)(12), this requirement applies to credit transactions
that either have been originated or have been approved by the financial
institution but not accepted by the applicant.
As discussed in the NPRM, some types of commercial financing
contain pricing terms that are difficult to reflect in data about
interest rate and fees. For example, under a typical merchant cash
advance, a merchant receives a cash advance and promises to repay it
(plus some additional amount) to the merchant cash advance provider.
Merchant cash advance providers generally do not provide an interest
rate, and while they may charge fees at origination or during the first
year, the majority of a merchant cash advance's cost to the merchant
comes from the additional amount repaid by the merchant on top of the
amount advanced. This additional amount may be expressed as a multiple
of the amount advanced in the form of a factor rate or percentage, or
it may be derived by comparing the total payback amount to the amount
actually advanced. This additional amount is typically not
characterized as interest, so it would not be reported under final
Sec. 1002.107(a)(12)(i). Nor is this additional amount characterized
as a fee charged at origination or scheduled to be imposed during the
first year after the transaction, so it would not be reported under
final Sec. 1002.107(a)(12)(ii) or (iv). Without an additional pricing
data field to capture this additional amount along with any other fees
the merchant cash advance provider charges, data users attempting to
analyze merchant cash advance pricing would miss most of the cost of
credit associated with these transactions. Therefore, the inclusion of
this data field aids in fulfilling both the fair lending enforcement
and business and community development purposes of the statute.
The Bureau believes that collecting and reporting this data will
impose relatively little burden on financial institutions, because they
can determine the additional amount repaid by computing the difference
between the amount of revenue purchased and the purchase price
typically found in the merchant cash advance contract. Commenters
generally did not make assertions to the contrary.
As discussed in the section-by-section analysis of Sec.
1002.107(a)(5) above, the Bureau is requiring, for merchant cash
advances and other sales-based financing transactions, that financial
institutions report the loan term, if any, that the financial
institution estimated, specified, or disclosed in processing or
underwriting the application or transaction. This information will
allow data users to better understand and use the information reported
pursuant to final Sec. 1002.107(a)(12)(v). However, the Bureau is not
adopting one commenter's suggestion regarding future transaction types
that may resemble merchant cash advances or other sales-based
financing, as the Bureau believes such transactions should be
adequately covered by the ``other sales-based financing'' label and
thus this information would be reportable for such transactions.
107(a)(12)(vi) Prepayment Penalties
Proposed Rule
Proposed Sec. 1002.107(a)(12)(vi)(A) would have required financial
institutions to report whether the financial institution could have
included a prepayment penalty under the policies and procedures
applicable to the covered credit transaction. Proposed Sec.
1002.107(a)(12)(vi)(B) would have required financial institutions to
report whether the terms of the covered credit transaction include a
charge imposed for paying all or part of the transaction's principal
before the date on which the principal is due. Proposed comment
107(a)(12)(vi)-1 would have provided additional information on how to
determine whether the applicable policies and procedures allow a
financial institution to include prepayment penalties in the loan
agreement.
The Bureau sought comment on proposed Sec. 1002.107(a)(12)(vi) and
its commentary, including whether to enumerate other types of
contingent charges separately in the 1071 data to more accurately
reflect the cost of covered credit transactions. The Bureau also sought
comment on whether there are alternative data that would provide
similar insight into whether certain borrowers are being steered into
covered credit transactions containing prepayment penalty terms or
other similar contingent terms.
Comments Received
The Bureau received comments regarding the reporting of prepayment
penalty information from lenders, trade associations, and community
groups. A number of community groups supported the proposal to collect
prepayment penalty information. One asserted that information on
prepayment penalties is important for data users to determine whether
such charges are targeting underserved borrowers. Another noted that
research by the Federal Reserve Board shows that many small business
borrowers do not expect the balloon finance charge that many merchant
cash advances and other transactions impose for prepayment.\653\ A
joint letter from community and business advocacy groups requested that
the Bureau ensure that financial institutions cannot evade the
reporting requirement by changing how prepayment penalties are
described.
---------------------------------------------------------------------------
\653\ Barbara Lipman & Ann Marie Wiersch, Bd. of Governors of
the Fed. Rsrv. Sys., Browsing to Borrow: ``Mom & Pop'' Small
Business Owners' Perspectives on Online Lenders and Products (June
2018), https://www.federalreserve.gov/publications/files/2018-small-business-lending.pdf.
---------------------------------------------------------------------------
A number of trade associations and banks questioned the necessity
of prepayment penalty data and claimed that it would be misleading. A
group of trade associations stated that the Bureau offered no evidence
that these penalties impact community development or are used in a
discriminatory fashion. The same commenter also asserted that nearly
all merchant cash advance providers collect a charge for prepaying the
amount advanced, but this charge would not be reflected in the proposed
[[Page 35319]]
prepayment penalty data point, leading to the data appearing to inflate
the apparent cost of non-merchant cash advance credit. A State bankers
association asserted that nondiscriminatory reasons exist for certain
loans to have prepayment penalties even if a lender's general policies
and procedures do not provide for them, so the reported data could not
be used to detect steering. A bank stated that the proposal would not
detect steering because it does not clarify whether the prepayment
penalty applies to the transaction requested or the transaction
approved.
Two trade association comments asserted that lending policies are
written in general terms and do not address prepayment penalties.
Another trade association commented that it is possible that every loan
``could'' have a prepayment penalty.
A number of commenters requested that the Bureau change the scope
of the data collection. A lender stated that the data collection should
be limited to a binary flag and not require details on the potential
penalties themselves. Two banks and a State bankers association stated
that the data collection should be limited to whether a prepayment
penalty was actually charged because a lender's policies might change
during the reporting year and are dependent on external factors, such
as the requirements of a third-party guarantor. A joint letter from
community and business advocacy groups asserted that the Bureau should
require reporting of the amount of any prepayment penalty and the term
over which the penalty could be imposed. Finally, a cross-sector group
of lenders, community groups, and small business advocates stated that
the data collection should be modified to capture the balloon finance
charge that nearly all merchant cash advances, and many other small
business loans, charge on prepayment. This commenter stated that,
because this charge is the finance charge that would be paid over the
original term of the loan, it would not be considered a ``penalty.''
Final Rule
For the reasons set forth herein, the Bureau is adopting final
Sec. 1002.107(a)(12)(vi) with one technical correction, adopting
comment 107(a)(12)(vi)-1 as proposed, and adding new comment
107(a)(12)(vi)-2 regarding charges that become due immediately on
prepayment. Final Sec. 1002.107(a)(12)(vi)(A) requires a financial
institution to report whether it could have included a charge to be
imposed for paying all or part of the transaction's principal before
the date on which the principal is due under the policies and
procedures applicable to the covered credit transaction
(notwithstanding whether such a provision was in fact included in this
specific credit transaction). Final Sec. 1002.107(a)(12)(vi)(B)
requires financial institutions to report whether the terms of the
covered credit transaction do in fact include such a charge. These
provisions allow data users to determine what percentage of covered
credit transactions could contain a prepayment penalty term, what
percentage of such transactions actually contain such a term, and,
together with other data points, the demographic profile of borrowers
whose contracts do and do not include the term. The two provisions work
together to allow data users to better determine whether certain
borrowers are being steered towards covered credit transactions
containing prepayment penalty terms.
Final comment 107(a)(12)(vi)-1 elaborates on the requirement to
report whether financial institutions could have included a prepayment
penalty in the covered credit transaction to clarify that the
applicable policies and procedures are those that the financial
institution follows when evaluating applications for the specific
credit type and credit purpose requested. The Bureau believes this
provision will ensure that similar credit products are being analyzed
together and reduces the possibility that potential fair lending risk
is incorrectly identified. In response to commenters who said that
financial institutions' policies may change during the reporting year,
the Bureau notes that comment 107(a)(12)(vi)-1 explains that the
relevant policies and procedures are those in effect at the time of the
covered credit transaction. A financial institution would not report
based on different policies and procedures that might be adopted later
in the reporting period.
New comment 107(a)(12)(vi)-2 explains that a financial institution
complies with final Sec. 1002.107(a)(12)(vi) by reporting as a
prepayment penalty any balloon finance charge that may be imposed for
paying all or part of the transaction's principal before the date on
which the principal is due and provides an example which illustrates a
balloon finance charge that should be reported. As explained above, one
commenter stated that most merchant cash advances and many other
transactions have finance charges that would be paid over the entire
term of the loan but that immediately become due on prepayment. The
Bureau agrees that it was not sufficiently clear that these balloon
finance charges would have been covered under the proposed description
of a prepayment penalty. In addition, another commenter asked the
Bureau to make clear that financial institutions cannot evade the
reporting requirement by changing how prepayment penalties are
described. New comment 107(a)(12)(vi)-2 was added to address both of
these concerns.
In response to commenters asserting that prepayment penalty data
are unnecessary or misleading, the Bureau notes that small business
loan contracts may include prepayment penalties and the penalties can
be sizable and structured as a percent of the remaining outstanding
balance. The Bureau also understands that there may be concern among
stakeholders, including community groups, that certain small business
applicants may be steered toward loans containing prepayment penalty
terms. The collection of data regarding which contracts contain a
prepayment penalty and whether a prepayment penalty could have been
imposed on specific contract types allows the data to be analyzed for
fair lending purposes to see if certain groups are more frequently
entering into contracts containing prepayment penalties. From a market
competition standpoint, financial institutions may want to know how
frequently their competitors are using prepayment penalties, and
collection of these data could improve market transparency and new
product development opportunities. The Bureau is not convinced by
commenters' assertions that the data will not be valuable nor that it
should require reporting of additional data related to prepayment
penalties. The Bureau believes the type of data required to be reported
pursuant to final Sec. 1002.107(a)(12)(vi) strikes the right balance
between collecting information helpful to analyze for the purposes
mentioned above and not requiring financial institutions to provide
information regarding prepayment penalties.
107(a)(13) Census Tract
Proposed Rule
Section 1071 requires financial institutions to collect and report
``the census tract in which is located the principal place of business
of the . . . applicant.'' \654\ This provision is similar to Regulation
C, which requires reporting of the census tract in certain
circumstances if the property securing the loan (or proposed to secure
the loan,
[[Page 35320]]
if the transaction was not originated) is in a county with a population
of more than 30,000.\655\ Under Regulation C, the financial institution
generally finds the census tract by geocoding using the address of the
property. Geocoding is the process of using a particular property
address to locate its geographical coordinates, and from those
coordinates one can identify the corresponding census tract.
---------------------------------------------------------------------------
\654\ ECOA section 704B(e)(2)(E).
\655\ Regulation C Sec. 1003.4(a)(9)(ii)(C). Regulation C also
requires reporting of the property address for all applications.
---------------------------------------------------------------------------
CRA reporting of business loans by depository institutions also
requires reporting of census tract. The Bureau understands that CRA
allows reporting of a census tract based on the address or location
where the proceeds of the credit will be principally applied.\656\
---------------------------------------------------------------------------
\656\ See 2015 FFIEC CRA Guide at 16.
---------------------------------------------------------------------------
The Bureau proposed Sec. 1002.107(a)(13) to require financial
institutions to collect and report the census tract data point using a
``waterfall'' approach. The proposed rule would have required a
financial institution to collect and report the census tract in which
is located: (i) The address or location where the proceeds of the
credit applied for or originated will be or would have been principally
applied; or (ii) If the information in (i) is unknown, the address or
location of the main office or headquarters of the applicant; or (iii)
If the information in both (i) and (ii) is unknown, another address or
location associated with the applicant. In addition, the proposed rule
would have required that the financial institution also indicate which
one of the three types of addresses or locations listed in (i), (ii),
or (iii) the census tract is based on. Although the proposed rule did
not specifically require it, the Bureau assumed that financial
institutions or their vendors would generally use a geocoding tool to
analyze the appropriate address to identify a census tract number.
The proposed approach would have required a financial institution
to report the census tract of the proceeds address if it was available
but would not have required a financial institution to ask about it
specifically. Financial institutions would have been able to apply the
waterfall approach to the addresses they were currently collecting;
they would not have been required to specifically ask for the proceeds
or headquarters addresses. In addition, the proposed method would have
allowed a financial institution to report that it was unsure about the
nature of the address if it had no information as to the nature or
function of the business address it possessed.
Proposed comment 107(a)(13)-1 would have provided general
instructions on using the waterfall reporting method, with examples for
guidance. The Bureau believed that this comment would facilitate
compliance and sought comment on whether any additional instructions or
examples would be useful.
Proposed comment 107(a)(13)-2 would have explained that a financial
institution would comply with proposed Sec. 1002.107(a)(13) by
identifying the appropriate address or location and the type of that
address or location in good faith, using appropriate information from
the applicant's credit file or otherwise known by the financial
institution. The comment would also have made clear that a financial
institution would not be required to investigate beyond its standard
procedures as to the nature of the addresses or locations it collects.
Proposed comment 107(a)(13)-3 would have explained that pursuant to
proposed Sec. 1002.107(c)(1) a financial institution would be required
to maintain procedures reasonably designed to collect applicant-
provided information, which would include at least one address or
location for an applicant for census tract reporting. However, the
comment would have further explained that if a financial institution
was nonetheless unable to collect or otherwise determine any address or
location for an application, the financial institution would report
that the census tract information was ``not provided by applicant and
otherwise undetermined.''
The Bureau proposed a safe harbor in Sec. 1002.112(c)(1)
(renumbered as Sec. 1002.112(c)(2) in the final rule), which would
have stated that an incorrect entry for census tract would not be a
violation of ECOA or subpart B if the financial institution obtained
the census tract by correctly using a geocoding tool provided by the
FFIEC or the Bureau. Proposed comment 107(a)(13)-4 would have cross-
referenced that provision. See the section-by-section analysis of Sec.
1002.112(c)(2) below for additional discussion of this safe harbor.
During the SBREFA process, some small entity representatives
explained that they generally collect the main office address of the
small business, which for sole proprietorships will often be a home
address, and were generally not aware of the proceeds address. The
Bureau's proposed waterfall approach would accommodate this situation
by allowing financial institutions to report census tract using the
address that they currently collect. While several small entity
representatives were already geocoding applicants' addresses, others
were concerned about the burden associated with geocoding for HMDA and
one expressed a preference for the CRA method of geocoding, as did
several other stakeholders. Accordingly, the Bureau sought comment on
the difference between geocoding for HMDA and for CRA, and any specific
advantages or disadvantages associated with geocoding under either
method. In regard to a small entity representative's request for a
Federal government tool capable of batch processing for geocoding of
addresses, the Bureau noted that it was considering the utility of such
a tool. As the SBREFA Panel recommended, the Bureau sought comment on
the feasibility and ease of using existing Federal services to geocode
addresses in order to determine census tract for section 1071 reporting
purposes (such as what is offered by the FFIEC for use in reporting
HMDA and CRA data).
The Bureau sought comment on its proposed approach to the census
tract data point. In addition to the specific requests for input above,
the Bureau noted that the waterfall method was intended to allow CRA
reporters to provide the same data for both reporting regimes, but
requested comment on whether the proposed method would achieve this
goal and, if not, whether and how this data point should be further
coordinated with CRA.
Comments Received
The Bureau received comments on this aspect of the proposal from
numerous lenders, trade associations, community groups, and others.
Several commenters supported the inclusion of the census tract data
point, and many specifically discussed and supported the proposed
waterfall approach to reporting. One CDFI lender stated that it
currently collects this information for the CDFI Fund. Several
community groups discussed the importance of knowing where loans were
made to combat redlining and ensure that socially disadvantaged farmers
and other small businesses can have appropriate access to credit. A
community group and a trade association agreed with the Bureau's
proposal that the waterfall method would allow section 1071 reporting
to match CRA requirements. Another trade association said that
financial institutions would be able to use an address provided by the
applicant and agreed that reporting of the proceeds address would allow
coordination with CRA, though it did not comment on the
[[Page 35321]]
proposed waterfall. Although they supported the waterfall approach, two
community groups requested that financial institutions be required to
ask for the location where the proceeds of the credit would be used,
stating that this method would allow for better coordination with CRA
and better fulfillment of the purposes of section 1071.
Several industry commenters stated that the census tract data point
would be confusing and difficult to report. One commenter pointed out
that multiple applicant addresses and address changes for applicants
would complicate reporting. A national auto finance trade association
stated that its members do not work with census tracts and that
technical and process changes would be necessary to deliver this data.
A trade association stated that geocoding will be a significant
burden for many credit unions, the vast majority of which do not
collect census tract information for small business loans. That
commenter further stated that although some CDFI credit unions collect
census tract information, many are completely unfamiliar with census
tracts--particularly credit unions that are not HMDA reporters. The
commenter also said that the FFIEC geocoder does not permit batch
inputs, which it said further slows application processes. Finally, the
commenter requested that the Bureau develop a free tool that permits
batch inputs and better enables efficient and cost-effective
compliance.
Two banks and a trade association commented that many banks that
are not HMDA reporters are unfamiliar with census tracts. Commenters
also stated that the FFIEC geocoder works efficiently for addresses in
and close to metro areas, but not as easily for more rural addresses,
and in relation to new subdivisions and developments. They further
pointed out that when an address is not ``matched'' in the FFIEC
system, it requires manual plotting, which is time-consuming and
difficult, and stated that a bank that makes strictly agricultural
loans might find many non-matching addresses. Finally, two of these
commenters suggested that reporting the State and county codes should
be sufficient when there is no match in the FFIEC geocoder.
Several industry commenters specifically objected to the waterfall
reporting method, which they stated was confusing and difficult, and
many suggested it should not be mandatory. Some of these commenters
requested clarification on how to report if there are multiple proceeds
addresses, or if the bank learns of a different proceeds address after
the loan closes. In addition, two commenters asked that the Bureau
clarify whether the census tract should match the mailing address of
the applicant or the physical address.
Numerous banks and trade associations stated that section 1071
reporting requirements, especially the census tract data point,
overlapped or conflicted with HMDA and CRA reporting requirements,
creating unnecessary difficulties. Most of these commenters asked that
the Bureau coordinate these requirements and provide a complete
exemption from section 1071, HMDA, or CRA for loans that overlap.
Commenters requesting exemptions did not explain why the use of the
proceeds address would not allow coordination between section 1071 and
CRA census tract reporting.
Some industry commenters expressed concern that census tract
information, especially when combined with the NAICS business type and
other reported data, could facilitate reidentification of small
business applicants. These commenters stated that this risk would be
greater in rural areas.
Comments addressing the Bureau's proposed safe harbor for use of
certain geocoders are addressed in the section-by-section analysis of
Sec. 1002.114(c)(1) below.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(13) and associated commentary with a minor edit for
clarity. Final Sec. 1002.107(a)(13) requires that financial
institutions collect and report the census tract data point using the
``waterfall'' approach described above.
In regard to the comments expressing concern about the burden
associated with collecting and reporting census tract information using
a geocoder and by other means, the Bureau notes that census tract is
specifically enumerated as a data point in the statute. In addition,
the Bureau believes that its reporting method for the census tract data
point leverages existing industry information collection practices and
will result in useful information to further section 1071's purposes
while avoiding imposing much additional burden on financial
institutions. The waterfall method allows a financial institution to
report census tract using an address it already has, with no further
investigation; allows a financial institution to avoid further
investigation when it is unsure about the nature of the address
reported; and allows current CRA reporters to report the same address
for this rule as they do for CRA.\657\ In addition, the waterfall
method prioritizes the proceeds address, which the Bureau considers to
be particularly useful for both the fair lending and business and
community development purposes of section 1071.
---------------------------------------------------------------------------
\657\ As explained below, the current CRA rulemaking envisions
replacing small business and small farm CRA data collection with the
1071 data collection, but in the event CRA data is still reported
under the current regime for some period of time after compliance
with this rule is required, the Bureau believes that the ability to
report the same data in the interim should reduce any operational
difficulties related to census tract. See 87 FR 33884, 33997, 34005
(June 3, 2022).
---------------------------------------------------------------------------
The waterfall approach adopted in the final rule requires a
financial institution to report the census tract of the proceeds
address if it is available, but does not require a financial
institution to ask about it specifically. This provision is meant to
address potential concerns about reporters spending time on complex,
fact-specific questions and unintentionally misreporting this data
point, which could occur if financial institution staff have to
determine what kind of address they are reporting based on insufficient
information. The Bureau believes that this option will be particularly
helpful if the application is denied or withdrawn early in the
application process before the nature of any address provided by the
applicant is clear.
Requiring financial institutions to inquire as to the address where
the proceeds will be applied, as some commenters requested, might
result in slightly more proceeds addresses being reported. However, the
Bureau does not believe that the extra information reported in certain
instances would be worth the extra difficulty across all small business
applications. In addition, the Bureau believes that the waterfall
approach in collecting census tract data provides sufficient
flexibility; making use of the waterfall voluntary, as some commenters
suggested, would result in less useful information being collected
while only reducing difficulty by a small amount. In regard to the
comment asking whether the physical or mailing address or location
should be used, the Bureau notes that the credit proceeds will be
applied at a physical location, and the main office or headquarters of
a business will also occupy a physical location. The third option in
the waterfall, ``another address or location,'' does not suggest the
nature of such an address, but the financial institution will need to
have enough information to determine a census tract for that location.
As explained above, the Bureau understands that CRA currently
requests reporting of a census tract based on the
[[Page 35322]]
address or location where the proceeds of the credit will be
principally applied.\658\ The Bureau also believes that CRA reporting
on this data point is reasonably flexible, and a financial institution
will be able to coordinate the two compliance regimes to report the
same census tract. The commenters who stated that this data point would
conflict with CRA reporting did not explain why they believed this to
be so, and other industry commenters agreed that the census tract data
point for section 1071 would allow coordinated reporting with CRA. The
Bureau also notes that the recent CRA interagency proposed rule, if
finalized, would eventually replace CRA small business and small farm
data with data collected pursuant to section 1071, in which case this
issue would likely be moot.\659\
---------------------------------------------------------------------------
\658\ See, e.g., Off. of the Comptroller of Currency, Fed. Rsrv.
Sys., Fed. Deposit Ins. Corp., Community Reinvestment Act;
Interagency Questions and Answers Regarding Community Reinvestment;
Guidance, 81 FR 48506, 48551-52 (July 25, 2016).
\659\ See 87 FR 33884, 33997, 34005 (June 3, 2022).
---------------------------------------------------------------------------
Although the Bureau sought comment on the differences between HMDA
and CRA census tract reporting, no commenters provided information on
this issue. In regard to commenter concerns about overlaps or conflicts
with HMDA reporting, the Bureau notes that the final rule excludes
HMDA-reportable transactions from coverage, as discussed in the
section-by-section analysis of Sec. 1002.104(b)(2) above, so that
concern is now moot as well.
The Bureau notes that section 1071's description of the census
tract data point refers to the census tract for the applicant's
``principal place of business.'' \660\ The Bureau considers the
waterfall approach in final Sec. 1002.107(a)(13) to be a reasonable
interpretation of the undefined statutory term ``principal place of
business,'' which the Bureau understands not to have a standard
definition, and thus believes to be ambiguous. First, the Bureau
believes that the address or location of the main office or
headquarters of the applicant fits easily into one of the common
meanings of ``principal place of business.'' In addition, the Bureau
anticipates that, generally, the address where the loan proceeds will
be applied will also be the main office or headquarters address.\661\
The primary exception to this principle will be in the case of credit
intended for purchase, construction/improvement, or refinancing of real
property; under these circumstances, the Bureau reasonably interprets
the term ``principal place of business'' to mean the principal location
for business activities relating to the extension of credit at issue.
Although ``another address or location associated with the applicant''
might not always be the principal place of business of the applicant,
the Bureau considers this information to be the financial institution's
best option for reporting data on the principal place of business when
the nature of a location is unknown.
---------------------------------------------------------------------------
\660\ ECOA section 704B(e)(2)(E).
\661\ According to U.S. Census 2019 SUSB data, there are
6,081,544 firms with fewer than 500 employees (which will be used,
for this purpose, as a rough proxy for a ``small business''); those
firms collectively have 6,588,335 establishments (i.e., locations).
This means that, at most, approximately 8 percent of firms with
fewer than 500 employees could have more than one location. See U.S.
Census Bureau, 2019 SUSB Annual Datasets by Establishment Industry
(Feb. 2022), https://www.census.gov/programs-surveys/susb/data/tables.html. According to the U.S. Census Bureau's Non-employer
Statistics, there are 27,104,006 non-employer establishments
(regardless of revenue size). Non-employer firms account for fewer
than 4 percent of all sales, though, and the vast majority are sole
proprietorships. While not impossible, the Bureau believes it is
very unlikely that non-employer firms would have more than one
location. See U.S. Census Bureau, All Sectors: Nonemployer
Statistics by Legal Form of Organization and Receipts Size Class for
the U.S., States, and Selected Geographies: 2019 (2019), https://data.census.gov/cedsci/table?q=NONEMP2019.NS1900NONEMP&tid=NONEMP2019.NS1900NONEMP&hidePreview=true.
---------------------------------------------------------------------------
In the alternative, section 1071 authorizes the Bureau to include
any ``additional data that the Bureau determines would aid in
fulfilling the purposes of [section 1071].'' The Bureau has determined
that requiring reporting of the proceeds address will aid in fulfilling
both the fair lending and business and community development purposes
of section 1071 by providing more useful information on the location of
the activity financed for fair lending analysis and understanding where
the business and community development is occurring. Requiring
reporting of another address or location associated with the applicant
when both the proceeds address and the main office or headquarters
address are not available will provide location data when otherwise
none would be present, thus also aiding in fulfilling both the fair
lending and business and community development purposes of section 1071
by providing more useful information on location for fair lending
analysis and understanding where the business and community development
will likely be occurring. In addition, requiring data on the nature of
the address reported will aid in fulfilling both the fair lending and
business and community development purposes of section 1071 by
facilitating accurate analyses of the data reported. Also, in the
alternative, to the extent that ``the principal place of business of
the . . . applicant'' is understood to mean only ``main office or
headquarters address'' (which, as explained above, the Bureau does not
adopt as its interpretation of the statutory term) the Bureau believes
it is appropriate to use its exception authority under ECOA section
704B(g)(2) to provide that financial institutions in certain situations
may report the proceeds address or ``another address or location
associated with the applicant,'' because the Bureau believes those
addresses will carry out the purposes of section 1071 more
appropriately than requiring the main office or headquarters address in
every situation.
The Bureau is finalizing comment 107(a)(13)-1 through -4 with a
minor edit for consistency. Comment 107(a)(13)-1 provides general
instructions on using the waterfall reporting method, with examples for
guidance, which will facilitate compliance.
Final comment 107(a)(13)-2 explains that a financial institution
complies with Sec. 1002.107(a)(13) by identifying the appropriate
address or location and the type of that address or location in good
faith, using appropriate information from the applicant's credit file
or otherwise known by the financial institution. The comment also makes
clear that a financial institution is not required to investigate
beyond its standard procedures as to the nature of the addresses or
locations it collects. The Bureau believes that this guidance strikes
the right balance by allowing flexibility in reporting, and also
requiring appropriate good faith compliance in exercising that
flexibility, thereby yielding quality data. In regard to commenters'
concerns about reporting census tract when there are multiple proceeds
addresses, the Bureau notes that the rule requires reporting using the
address where the proceeds will be or would have been principally
applied, and allows for other addresses to be used if that address is
unknown. As final comment 107(a)(13)-2 makes clear, as long as a
financial institution determines which address to use in good faith, it
will be in compliance with the rule. The Bureau believes that including
detailed instructions on how to determine which proceeds address to
report would increase the difficulty of reporting while only marginally
enhancing the quality of the data reported. In regard to the comment
about what to report when the proceeds or other address changes,
because comment 107(a)(13)-2 requires that the address/location be
identified in good faith, an address that the financial institution
knows is no longer accurate
[[Page 35323]]
would not be appropriate to use in determining the census tract when a
more accurate address is available.
Final comment 107(a)(13)-3 explains that pursuant to final Sec.
1002.107(c)(1) a financial institution is required to maintain
procedures reasonably designed to collect applicant-provided data,
which includes at least one address or location for an applicant for
census tract reporting. However, the comment further explains that if a
financial institution is nonetheless unable to collect or otherwise
determine any address or location for an application, the financial
institution reports that the census tract information was ``not
provided by applicant and otherwise undetermined.'' Based on the
Bureau's understanding of financial institutions' application
procedures, the Bureau believes it is highly unlikely that a financial
institution will not obtain some type of address for the applicant.
Nonetheless, the Bureau permits financial institutions to report this
data point using the ``not provided by applicant and otherwise
undetermined'' response in order to facilitate compliance in those rare
instances when the financial institution does not have the data
requested. The reference in the comment to final Sec. 1002.107(c)(1)
makes clear, however, that a financial institution must maintain
procedures reasonably designed to collect at least one address. As with
the previous comment, the Bureau believes that this comment strikes the
right balance by facilitating compliance and also emphasizing the
requirement to collect appropriate data.
Final comment 107(a)(13)-4 cross-references a safe harbor the
Bureau is finalizing in Sec. 1002.112(c)(2), which states that an
incorrect entry for census tract will not be a violation of ECOA or
subpart B if the financial institution obtains the census tract by
correctly using a geocoding tool provided by the FFIEC or the Bureau.
See the section-by-section analysis of Sec. 1002.112(c)(2) below for
additional discussion of this safe harbor. In regard to commenters'
requests for a new Federal geocoding tool that allows for batch
processing, the Bureau continues to explore this option.
Finally, as discussed above, some commenters were concerned about
reidentification risk in regard to census tract reporting, especially
when combined with NAICS industry codes and other data, and especially
in rural areas. The Bureau appreciates concerns regarding the potential
re-identification risk posed by the publication of unmodified census
tract data. Accordingly, the Bureau believes that, if it decides to
publish census tract, modification may be appropriate to mitigate
potential re-identification risk to small business applicants and
related natural persons. The Bureau notes that it will consider
carefully what data will be publicly released, and will carefully
protect applicant privacy, while preserving the utility of the dataset.
See part VIII.B.6.xi below for discussion of this issue.
107(a)(14) Gross Annual Revenue
Proposed Rule
Section 1071 requires financial institutions to collect and report
``the gross annual revenue of the business in the last fiscal year of
the . . . applicant preceding the date of the application.'' \662\
---------------------------------------------------------------------------
\662\ ECOA section 704B(e)(2)(F).
---------------------------------------------------------------------------
Proposed Sec. 1002.107(a)(14) would have required reporting of the
gross annual revenue of the applicant for its preceding full fiscal
year prior to when the information is collected. The Bureau proposed to
require reporting of a specific value for gross annual revenue--rather
than a range--to simplify the reporting of gross annual revenue
information for financial institutions and because it believed that a
precise value would be more useful for data users, including the
Bureau.
Proposed comment 107(a)(14)-1 would have clarified that a financial
institution need not verify gross annual revenue information provided
by the applicant to comply with proposed Sec. 1002.107(a)(14), as some
small entity representatives and other stakeholders suggested. The
proposed comment would have explained that the financial institution
may rely on statements of or information provided by the applicant in
collecting and reporting gross annual revenue. The proposed comment
would have also stated, however, that if the financial institution
verifies the gross annual revenue provided by the applicant, it must
report the verified information. The Bureau believed that a requirement
to verify gross annual revenue could be operationally difficult for
many financial institutions, particularly in situations in which the
financial institution does not collect gross annual revenue currently.
The Bureau also did not believe that such a requirement was necessary
in fulfilling either of section 1071's statutory purposes. However, the
Bureau believed that reporting verified gross annual revenue when the
financial institution already possesses that information would not be
operationally difficult and would enhance the accuracy of the
information reported.
Proposed comment 107(a)(14)-1 would have also provided specific
language that a financial institution could use to ask about an
applicant's gross annual revenue and would have explained that a
financial institution could rely on the applicant's answer. The Bureau
believed this language would facilitate compliance for financial
institutions that currently do not collect gross annual revenue,
collect it only in limited circumstances, or would otherwise find its
collection challenging, as some small entity representatives and other
stakeholders suggested.
Overall, the Bureau believed that this approach in proposed comment
107(a)(14)-1--clarifying that a financial institution need not verify
applicant-provided gross annual revenue information and providing
language that a financial institution may use to ask for such
information--should reduce the complexity and difficulty of collecting
gross annual revenue information.
The Bureau believed that situations could arise in which the
financial institution has identified that an applicant is a small
business for the purposes of proposed Sec. 1002.106(b) through, for
example, an initial screening question asking whether the applicant's
gross annual revenue is below $5 million, but then the specific gross
annual revenue amount could not be collected. Therefore, the Bureau
proposed comment 107(a)(14)-2, which would have first clarified that
pursuant to proposed Sec. 1002.107(c)(1), a financial institution
shall maintain procedures reasonably designed to collect applicant-
provided information, including the gross annual revenue of the
applicant. The proposed comment would have then stated that if a
financial institution is nonetheless unable to collect or determine the
specific gross annual revenue of the applicant, the financial
institution reports that the gross annual revenue is ``not provided by
applicant and otherwise undetermined.'' The Bureau believed that
permitting this reporting flexibility would reduce the complexity and
difficulty of reporting gross annual revenue information, particularly
when an application has been denied or withdrawn early in the process
and the gross annual revenue could not be collected.
Proposed comment 107(a)(14)-3 would have clarified that a financial
institution is permitted, but not required, to report the gross annual
revenue for the applicant that includes the revenue of affiliates as
well. The proposed comment would have stated that, for example, if the
financial
[[Page 35324]]
institution does not normally collect information on affiliate revenue,
the financial institution reports only the applicant's revenue and does
not include the revenue of any affiliates when it has not collected
that information. The Bureau believed that permitting, but not
requiring, a financial institution to include the revenue of affiliates
will carry out the purposes of section 1071 while reducing undue burden
on financial institutions in collecting gross annual revenue
information. Proposed comment 107(a)(14)-3 would have concluded by
explaining that in determining whether the applicant is a small
business under proposed Sec. 1002.106(b), a financial institution may
rely on an applicant's representations regarding gross annual revenue,
which may or may not include affiliates' revenue. This approach
regarding affiliate revenue in proposed comment 107(a)(14)-3 was
consistent with the approach regarding affiliate revenue for purposes
of determining whether an applicant is a small business under proposed
Sec. 1002.106(b). The Bureau believed that this operational
equivalence between proposed Sec. 1002.107(a)(14) and proposed Sec.
1002.106(b) would facilitate compliance and enhance the consistency of
the data.
In the NPRM, the Bureau expressed skepticism regarding some small
entity representatives' suggestions to allow estimation or
extrapolation of gross annual revenue based on partially reported
revenue, noting, for example, that a seasonal business's bank
statements for its busy season would likely yield an inflated gross
annual revenue when extrapolated to a full year. The Bureau sought
comment on whether financial institutions should be permitted to
estimate or extrapolate gross annual revenue from partially reported
revenue or other information, and how such estimation or extrapolation
would be carried out. The Bureau also noted that estimation or
extrapolation of gross annual revenue would be sufficient for the
purposes of determining small business status under proposed Sec.
1002.106(b), subject to the requirement under proposed comment
107(a)(14)-1 that a financial institution must report verified gross
annual revenue information if available.
The Bureau sought comment on its proposed approach to the gross
annual revenue data point, as well as the specific requests for comment
above. As the SBREFA Panel recommended, the Bureau also sought comment
on how the timing of tax and revenue reporting can best be coordinated
with the collection and reporting of gross annual revenue. In addition,
the Bureau sought comment on the effect of cash flow versus accrual
accounting on reporting of gross annual revenue.
Comments Received
The Bureau received comments on its proposed approach to the gross
annual revenue data point from a range of lenders, trade associations,
and community groups. With the exception of several agricultural
lenders, industry commenters generally did not object to the Bureau's
proposal to require the collection and reporting of gross annual
revenue as required by ECOA section 704B(e)(2)(F) and three commenters
(two community groups and a lender) expressed support for the proposed
gross annual revenue data point. One of the community groups asserted
that the gross annual revenue of the small business is a critical data
element since research shows that smaller businesses are less likely to
receive loans and that this data point is needed to assess whether
banks are meeting credit needs of small businesses. The other community
group remarked that it was critically important to allow for analysis
looking at smaller buckets of small businesses based on gross revenue.
Several agricultural lenders, echoing comments from a major
agricultural credit trade association, argued that the Bureau should
not require the collection or reporting of gross annual revenue
information for agricultural credit and urged the Bureau to use its
exception authority to eliminate this data point for agricultural
credit. The commenters argued that collecting gross annual revenue
information would pose substantial challenges for them given the
prevalence of the ``non-standard'' agricultural borrower, including the
majority of farmers who only farm on a part-time basis, and because
many agricultural loans are currently decisioned with principal
reliance on credit scoring systems, without considering revenue from
farming or off-farm income. One agricultural lender explained that its
underwriting standards include personal W-2 and other off-farm income,
arguing that inclusion of that information in reporting this data point
would be misleading as to the size of the business applying for a loan
because off-farm income is not truly business income. The same
commenter asserted that if, on the other hand, the off-farm income is
not reported, the data would be misleading as they would show many
loans approved to farmers with low business revenue (where they have
sufficient personal income) and other loans denied to farmers with
higher business revenue (because of insufficient personal income).
Another commenter noted it was unclear how to calculate gross annual
revenue for many agricultural credit transactions because for both
estate planning and asset preservation purposes, many family farms are
set up using complex business entities consisting of multiple trusts,
corporations, partnerships, and limited liability entities, and that
this means that the applicant signing the note may differ from the
denoted mortgagors and guarantors, but all of whom are family members
or business entities they own. Many of these agricultural lenders
suggested that instead of gross annual revenue information, the
appropriate metric for agricultural credit should be ``gross sales of
agricultural or aquatic products'' as defined by the Farm Credit
Administration in the prior year.
Some bank commenters suggested the Bureau align with other
reporting regimes (such as HMDA and CRA) by adopting a definition of
gross annual revenue based on annual revenue relied upon to make the
credit decision. Several explained inconsistencies among regulatory
approaches to gross annual revenue, pointing out the Bureau's proposal
would require collecting gross annual revenue from the preceding fiscal
year, whereas HMDA reporting requires use of the income considered in
making the credit decision and the CRA utilizes gross annual revenue
used to make the credit decision. Several commenters asserted that
using a prior year's gross annual revenue would be problematic for many
small businesses that cannot produce usable financial statements,
including tax returns, immediately upon the close of a fiscal year. One
such commenter elaborated that tax returns, which are often the only
available income statements, may not be ready until September,
resulting in many lenders relying on a tax return from two years ago or
using a pro forma revenue outline. Another bank commenter asserted that
using similar, but differently defined, data points between section
1071 and CRA would complicate the reporting process and could be
avoided by aligning the definitions. One commenter recommended aligning
with CRA for originated loans by using gross annual revenue used to
make the credit decision, but for non-originated loans (which are not
reported under the CRA) using gross annual revenue information that has
been provided by applicants absent credit decisions (such as in cases
of some withdrawn or incomplete applications).
[[Page 35325]]
Some commenters provided market intelligence related to the
collection of gross annual revenue data. A trade association stated
that collecting gross annual revenue information can be complicated
because many small businesses have loan guarantors and co-borrowers.
Another trade association explained that in the vehicle financing
context, the borrower employee who is responsible for acquiring the
vehicle may not be familiar with the total revenue of the company and
the owner(s) of the company may not want to share this information with
all employees. A few industry commenters stated that there are many
instances where gross annual revenue information is not collected in
the normal course of business because underwriting may be based on
other factors such as a cash flow analysis, net income, or debt-to-
service ratio. For this reason, one of these commenters stated that it
should be clear that applicants have no obligation to provide gross
annual revenue information. Another asserted that where an applicant
declines to provide gross annual revenue information, the Bureau is
creating a significant regulatory challenge for the financial
institution by requiring it to submit application-level information
when it will not know for certain whether the business is a small
business nor have any reliable way of obtaining gross annual revenue
information absent a third-party provider, which do not exist for many
industries. Conversely, a community group stated that gross annual
revenue was likely to be collected as part of the underwriting process.
A number of industry commenters requested clarification regarding
how to report gross annual revenue information. A few commenters
requested guidance regarding appropriate sources for gross annual
revenue information. One bank commenter requested consistency in what
defines gross annual revenue and asked whether gross sales listed on a
tax return constitute an acceptable source for this information.
Another commenter asked the Bureau to delineate whether tax returns,
accountant prepared financial statements, or internal profit and loss
statements constitute acceptable source documentation.
Several industry commenters asked for guidance or made suggestions
regarding how to calculate gross annual revenue. One asked whether the
Bureau intends for gross annual revenue to be defined as the total of
all income (account credits) for the year before subtracting any
expenses (account debits). Another asked whether, in the case of a
business that uses a calendar year for its fiscal year and applies for
a loan early in the next fiscal year with many unknown numbers related
to the prior fiscal year, the applicant should provide an estimate or
whether the applicant should provide the information from the next
preceding fiscal year. Two commenters suggested that the Bureau clarify
that different business units within the financial institution may use
different methods to determine gross annual revenue, as long as the
methods are used consistently within each business unit. Another asked
if, in the case of an applicant that owns two or more businesses, the
financial institution should only collect and report the gross annual
revenue of the business being financed and not combined revenues of all
owned businesses.
A number of industry commenters asked for clarification and made
suggestions regarding how to report gross annual revenue for a startup
business, a new line of business, or a business with a change in
structure or ownership. A few commenters asked whether ``zero'' and/or
``not available'' is an acceptable response for a startup business. One
commenter urged the Bureau to define gross annual revenue in a
straightforward manner that does not impact credit opportunities (nor
compliance) for newly formed businesses that do not have historical
gross annual revenue. Another commenter suggested the Bureau address or
exempt new businesses from section 1071 reporting. Two commenters asked
whether ``zero'' or ``not provided by applicant and otherwise
undetermined'' should be reported when a borrower is establishing a new
line of business but already has revenue in other businesses; one also
asked if treatment should differ based on whether or not the new
business line was in the same industry as the existing businesses. A
bank commenter opined that for a start-up business, the financial
institution should use the actual gross annual revenue to date
(including the reporting of $0 if a new business has had no revenue to
date) and that pro-forma projected revenue figures should not be
reported since these figures do not reflect actual gross revenue.
Another bank commenter suggested the Bureau develop FAQs and other
documents that applicants can consult to help them determine what
number to supply for gross annual revenue, particularly when a business
is starting up or establishing a new business line. Another industry
commenter asked how to handle situations where there is a change in
structure or ownership of the business and it is unclear how the gross
annual revenue should apply to the applicant.
Two industry commenters specifically suggested changes related to
how to report the gross annual revenue of single purpose entities and
other real estate financing vehicles. Both suggested allowing a
financial institution to rely on the gross annual revenue generated by
the property or the applicant's projected gross annual revenue for
purposes of determining the small business status of the applicant. One
also suggested specific revisions to the commentary to incorporate its
suggestions.
The Bureau also received some general comments regarding the
treatment of gross annual revenue information from an applicant's
affiliate. A trade association expressed support for the Bureau's
proposal to clarify that a financial institution need not verify gross
annual revenue information provided by the applicant and is permitted--
but not required--to report the gross annual revenue for the applicant
that includes the revenue of affiliates as well. Two community group
comments urged the Bureau to require reporting on the gross annual
revenue of parent companies and beneficial owners of limited liability
companies in order to avoid obfuscating extensive property ownership.
Some industry commenters provided suggestions regarding how to
handle gross annual revenue information from the parent companies or
affiliates of applicants. A bank inquired whether revenue or income
relied upon from co-signers or guarantors that are not affiliates of
the borrower should be factored into the gross annual revenue
determination. A group of trade associations suggested specific
technical revisions to the commentary for clarity. Two bank commenters
noted there may be inconsistencies in the data where one institution
looks like it is lending more to small(er) businesses because it opts
not to include gross annual revenue of affiliates. Two other commenters
asked that reportable gross annual revenue be the gross annual revenue
of both the applicant and all of its affiliates. A bank recommended the
Bureau further explain how to handle situations where the applicant is
using multiple owned businesses/affiliates to support sufficient
cashflow, and whether there are repercussions for excluding/including
multiple revenues used in the credit decision. A group of trade
associations representing the commercial real estate industry asked
[[Page 35326]]
the Bureau to provide additional guidance on what types of entities may
be affiliates of an applicant, e.g., as a result of common ownership or
common control. Another trade association suggested that the Bureau
make minor revisions to commentary to clarify that a lender that does
not collect affiliate revenue in all transactions is not precluded from
collecting affiliate revenue in some transactions.
A few commenters specifically asked for clarity regarding the
treatment of real estate affiliate revenue. These commenters explained
that many of their loans are to real estate investors who often form
and apply through a single[hyphen]purpose limited liability company
that has no gross annual revenue (and therefore would meet the proposed
definition of a small business) but that may be affiliates of many
other single[hyphen]purpose limited liability companies and individual
owners. These commenters noted that they typically underwrite these
loans based on a schedule of other real estate in which the single
purpose entity (or its sponsor) has an ownership interest and by using
a global debt coverage calculation that considers the combined income
of the applicant and all affiliated businesses, which can often exceed
$5 million annually. A group of trade associations representing the
commercial real estate industry stated that under the SBA's general
principles of affiliation, the single purpose entities that own that
other real estate would be affiliates of the applicant single purpose
entity, because of the overlapping ownership interest. They also stated
that the single purpose entities on the schedule of real estate could
additionally be affiliates of the applicant single purpose entity where
one or more officers, directors, managing members, or partners controls
the board of directors or management of both the applicant single
purpose entity and the single purpose entities on the schedule of real
estate. A bank asked the Bureau to clarify that such businesses should
be determined to be ``small businesses'' for which data collection and
reporting is required only if the combined income of the business and
its related affiliates does not exceed the threshold set. The group of
trade associations suggested revisions to the commentary that, in the
case of single purpose entities, would allow a financial institution to
consider the owners of any real property listed on a schedule of real
estate as affiliates of the applicant and would also, under certain
circumstances, allow a financial institution to estimate the gross
annual revenue of any income-producing real property for purposes of
determining an applicant's small business status. They also suggested
that for an applicant that is a newly created single purpose entity, a
financial institution should be permitted to apply the $5 million gross
annual revenue threshold to either the gross annual revenue of the
property for its most recent fiscal year under its prior owner or the
single purpose entity's projected gross annual revenue.
Some commenters asked for guidance or argued in favor of using
estimates and extrapolations when exact gross annual revenue
information is unavailable. A bank asked if using an estimate was
permitted when the applicant does not have prior fiscal year
information completed. Another commenter suggested that when an
applicant does not provide information regarding its gross annual
revenue but that applicant's revenue is tracked through a technology
company's online platform (e.g., its sales on the company's online
marketplace), a covered financial institution should be able to report
gross annual revenue based on revenue information obtained from the
platform data. The commenter argued that permitting use of this
alternative data point would serve the purposes of section 1071 by
enabling technology companies to collect and report information on a
greater number of applications, while also reducing the compliance
burden for financial institutions. Two commenters argued that for
consistency, the Bureau should allow financial institutions to
extrapolate or estimate an applicant's gross annual revenue, claiming
that the Bureau proposed to allow institutions (not just applicants) to
rely on extrapolated or estimated revenue data for determining whether
or not a business is a small business.
Many industry commenters supported the Bureau's proposal to permit
financial institutions to rely upon gross annual revenue information
provided by the applicant without any requirement to verify. Many of
these commenters noted that they do not currently collect gross annual
revenue information with every application and even if it is collected,
they do not always verify the amount provided, as underwriting is often
based on other factors such as a cash flow analysis or debt-to-service
ratio. One commenter noted that the flexibility to use the gross annual
revenue provided by the applicant and without verification allows
financial institutions to continue using current, proven underwriting
practices and does not add to the compliance burden by requiring
additional revenue verification steps.
The Bureau received some general comments regarding its proposal to
not require verification of gross annual information but to require
reporting of verified information when available. Two banks requested
further clarification regarding the meaning of ``verification,'' one of
whom argued that neither the identification and assessment of income
figures (not the same as gross annual revenue) by a financial
institution during the underwriting and credit decision process nor the
post-origination independent testing and validation of the small
business data file should be considered ``verification.'' The other
bank stated that exact gross annual revenue information is not always
known until a tax return is completed and asked if the self-reported
gross annual revenue information should be reported or the information
found later on the tax return.
Two community groups urged the Bureau to require the verification
of gross annual revenue information. One noted that tax returns are
generally available and can be used to confirm the applicant's gross
annual revenue information. The other asserted that because the
accuracy of determining whether credit needs of small businesses are
being met hinges on the accuracy of collecting and reporting the
revenue size of the business and because using tax documents or cash
flow information makes it feasible for the lender to verify annual
revenue, the Bureau should require the verification of gross annual
revenue information. This community group argued that if affiliates are
not accounted for in data collection, the data could include businesses
that exceed the revenue limits established by the Bureau, thereby
reducing the efficacy of the data in reporting on the experiences of
small businesses in the lending marketplace. The commenter suggested
that the Bureau thus investigate this issue and determine whether there
are feasible methods a lender can use to identify the presence of
affiliates.
Some industry commenters suggested the Bureau provide a safe harbor
and/or remove its proposed requirement to report verified gross annual
revenue information. Commenters requested the Bureau specify that the
financial institution has no responsibility to verify the number
supplied by the applicant. A few commenters also suggested the Bureau
institute a safe harbor to ensure that whatever gross annual revenue
number is supplied by the applicant can be reported. Commenters urged
the Bureau to clarify that a financial institution is not liable
[[Page 35327]]
for misinterpretation in answering questions or providing information
to the applicant beyond the proposed gross annual revenue question. One
commenter suggested that if it is the lender's practice to revise the
application information in its system to reflect what it believes to be
a verified number, the Bureau should permit the lender to report the
verified number retained in its system, rather than requiring the
lender to maintain both numbers in its system. This commenter also
argued that a lender's verification of revenue should not result in the
lender being required to change the applicant's self-classification as
being a small business or not being a small business because the
determination of whether or not an applicant is a ``small business''
needs to be made by the applicant at the time of application.
Several community groups and a CDFI lender expressed support for
reporting gross annual revenue as a specific dollar amount rather than
in ranges. These commenters emphasized the importance of having precise
and accurate data on gross annual revenue because this information is a
fundamental determinant of whether a business is deemed to be small and
all of its attendant information is captured and collected as part of
the 1071 dataset. One commenter argued gross annual revenue in discrete
units rather than bands was needed to assess the availability of credit
to the smallest businesses, especially those owned by women and people
of color. Another commenter asserted that revenue categories should be
more detailed than those in the CRA small business loan data because
research revealed the inadequacies with the CRA classifications since
businesses with revenues below $500,000 had markedly less access to
loans than businesses with revenues above this amount. This commenter
argued in the alternative that should the Bureau adopt a range for
gross annual revenue, it should select the mid-point with $10,000
increments as a continuous variable as the most accurate for capturing
experiences of the range of small businesses in the lending
marketplace.
With regard to the time frame for usability of gross annual revenue
information, a bank stated that gross annual revenue information should
only be usable for one fiscal year. A trade association suggested that
financial institutions not be required to re-request gross annual
revenue for new credit applications when they can rely on their records
from previous transactions.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(14) and associated commentary with revisions for clarity
and consistency. Final Sec. 1002.107(a)(14) requires reporting of the
applicant's gross annual revenue for its preceding fiscal year. The
Bureau is requiring that financial institutions report a specific value
for gross annual revenue--rather than a range--to simplify the
reporting of gross annual revenue information for financial
institutions and because it believes a precise value is more useful for
data users, including the Bureau. However, the Bureau has not yet
determined how it will publish gross annual revenue data in the
dataset. The Bureau will consider whether modification techniques, such
as ranges, may be appropriate after it conducts its full privacy
analysis. See part VIII below for further discussion about the privacy
analysis and public disclosure of data.
The Bureau is not categorically exempting agricultural credit from
the requirement to collect and report gross annual revenue, as
requested by some commenters. The Bureau understands, as noted by
commenters, that most farmers in this country farm on a part-time basis
and that the gross annual revenue data point may pose challenges given
the prevalence of ``non-standard'' agricultural borrowers such as
customers applying jointly despite having separate farming operations.
The Bureau also understands from commenters that many Farm Credit
System lenders decision applications without either considering off-
farm income or revenue from farming; instead, lenders rely principally
on credit scoring systems. Nevertheless, the Bureau believes that
omitting the gross annual revenue data point for agricultural credit
transactions would introduce inconsistency in data collected across
different industries and would not support section 1071's statutory
purposes. The Bureau notes that data users will be able to identify
agricultural credit transactions using the reported 3-digit NAICS code
and make any necessary adjustments in their analyses to account for
particularities unique to agricultural industries. The Bureau also
believes, as discussed below, that the suggested gross annual revenue
question in final comment 107(a)(14)-1 will facilitate compliance for
agricultural lenders that currently do not collect gross annual
revenue, particularly because the financial institution may rely on the
applicant's answer. As discussed above in the section-by-section
analysis of Sec. 1002.106(b), the Bureau does not believe that ``gross
sales of agricultural or aquatic products'' in the prior year would be
an appropriate metric for agricultural credit in this final rule, nor
that this should form the basis for a separate small business
definition for agricultural businesses.
The Bureau has considered the comments regarding the collection and
reporting of gross annual revenue and it believes its approach in final
comment 107(a)(14)-1--clarifying that a financial institution need not
verify applicant-provided gross annual revenue information, and
providing language that a financial institution may use to ask for such
information--will reduce commenters' concerns regarding complexity and
difficulty of collecting gross annual revenue information.
Final comment 107(a)(14)-1 clarifies that a financial institution
reports the applicant's gross annual revenue for the fiscal year
preceding when the information was collected. The Bureau believes this
will clarify the timing requirements for collection of the gross annual
revenue data point. The final comment provides specific language that a
financial institution may use to ask about an applicant's gross annual
revenue and explains that a financial institution may rely on the
applicant's answer (unless subsequently verified or updated), even if
the applicant's statements or information is based on estimation or
extrapolation. The Bureau believes this language will facilitate
compliance for financial institutions that currently do not collect
gross annual revenue, collect it only in limited circumstances, or
would otherwise find its collection challenging, as some commenters
suggested.
Final comment 107(a)(14)-1 also clarifies that a financial
institution need not verify gross annual revenue information provided
by the applicant to comply with final Sec. 1002.107(a)(14). The
comment explains that the financial institution may rely on the
applicant's statements or on information provided by the applicant in
collecting and reporting gross annual revenue. The comment also states,
however, that if the financial institution verifies the gross annual
revenue provided by the applicant it must report the verified
information. The Bureau understands, as noted by industry commenters,
that a requirement to verify gross annual revenue would be
operationally difficult for many financial institutions, particularly
in situations in which the financial institution does not currently
collect gross annual revenue. The Bureau does not believe that such a
[[Page 35328]]
requirement is necessary to fulfill either of section 1071's statutory
purposes. However, the Bureau believes that reporting verified revenue
when the financial institution already possesses that information will
not be operationally difficult and will enhance the accuracy of the
information collected. For the same reasons and for the reasons
outlined in its discussion of final comment 107(c)-5, the Bureau is
clarifying in final comment 107(a)(14)-1 that a financial institution
reports updated gross annual revenue data if it obtains more current
data from the applicant during the application process. The comment
states that if this updated information is on data the financial
institution has already verified, the financial institution reports the
information it believes to be more accurate, in its discretion.
With respect to the suggestions that the Bureau further clarify the
meaning of ``verify,'' the Bureau believes that additional specificity
in the rule itself could unnecessarily constrain financial
institutions. The Bureau interprets the word ``verification'' to mean
the intentional act of determining the accuracy of information
provided, in this case for the purpose of processing and underwriting
the credit application, and potentially changing that information to
reflect the determination. Gross annual revenue information that may or
may not be more accurate than applicant-provided data and is not part
of a financial institution's verification of the file's applicant-
provided data or used by the institution in processing or underwriting
the application need not be reported. The Bureau agrees with the
commenter who stated that post-origination independent testing and
validation of the small business data file does not constitute
``verification.'' In situations where a financial institution verifies
only a portion of the small business's provided gross annual revenue
figure (perhaps because the institution is relying on that portion for
its credit decision), the financial institution has not verified the
entire gross annual revenue amount provided by the applicant, and it
may continue to rely on the applicant's statement or information, and
it need not report the partially verified information.
The Bureau does not believe it would be appropriate to use a
definition of gross annual revenue for this rule based on the annual
revenue relied upon to make the credit decision. Given both the
statutory language requiring the collection and reporting of ``the
gross annual revenue of the business in the last fiscal year'' and
section 1071's statutory purposes, the Bureau believes that using the
small business's entire gross annual revenue, which may differ from
revenue relied upon in making the credit decision, is the better
approach to implement this data point in final Sec. 1002.107(a)(14).
Moreover, the Bureau notes that--unlike for this final rule--a
business's gross annual revenue is not determinative of either HMDA or
CRA coverage. Here, the Bureau believes it is important to obtain the
applicant's entire gross annual revenue for more accurate
identification of business and community development needs and
opportunities. The Bureau thus agrees with commenters that gross annual
revenue data are important to assess the availability of credit to the
smallest firms, especially those owned by women, minorities, and
LGBTQI+ individuals. Moreover, for credit transactions that are
underwritten without consideration or collection of a small business's
gross annual revenue, no information would be reported for this data
point under a relied-upon standard. Lastly, the Bureau believes it
important to ensure that the gross annual revenue figure used to
determine small business status is the same total figure as the gross
annual revenue reported for the data point. Using different figures
could create data discrepancies and disconnects and would ultimately
result in greater compliance risk for financial institutions.
In addition, the Bureau does not believe that financial
institutions need a safe harbor to ensure that whatever gross annual
revenue number is supplied by the applicant can be reported or that it
would be appropriate to remove the requirement to report verified gross
annual revenue information when the financial institution in fact
verifies it. Final comment 107(a)(14)-1 already clarifies that a
financial institution need not verify gross annual revenue information
provided by the applicant to comply with final Sec. 1002.107(a)(14)
and thus a safe harbor is not necessary to allow reporting of the gross
annual revenue number supplied by the applicant. As one commenter
explained, some financial institutions already revise application
information in their systems with a verified gross annual revenue
number and thus the Bureau does not believe that reporting verified
revenue when the financial institution already possesses that
information will be operationally difficult. In such situations, the
financial institution may report the verified number retained in its
system and is not required to maintain both numbers in its system.
Moreover, the Bureau agrees with the commenter who stated that the
accuracy of determining whether the credit needs of small businesses
are being met hinges on collecting and reporting the revenue size of
the business and thus the Bureau believes that reporting verified
revenue when available will enhance the accuracy of the information
collected.
With respect to requests for guidance from commenters regarding
acceptable sources of gross annual revenue information, the Bureau does
not believe it would be appropriate to require the use of any specific
documentation. However, the Bureau notes that gross annual revenue
information can be reasonably derived from a variety of sources
including tax returns, accountant-prepared financial statements,
internal profit and loss statements, cash flow analyses, or any type of
business income documentation that the financial institution reasonably
relies on in the normal course of business.
With respect to comments regarding how to calculate gross annual
revenue, the Bureau notes that the suggested applicant question in
final comment 107(a)(14)-1 states that gross annual revenue is the
amount of money the business earned before subtracting taxes and other
expenses. The comment further states that an applicant may provide
gross annual revenue calculated using any reasonable method. Different
business units within the financial institution may use different
methods to ascertain gross annual revenue, as long as the methods are
used consistently within each business unit.
The Bureau believes that situations could arise in which the
financial institution has identified that an applicant is a small
business for the purposes of final Sec. 1002.106(b) through, for
example, a screening question asking whether the applicant's gross
annual revenue is $5 million or less, but then the financial
institution is unable to collect or determine a specific gross annual
revenue amount. Therefore, the Bureau is finalizing comment 107(a)(14)-
2 substantively as proposed. The comment first clarifies that pursuant
to final Sec. 1002.107(c), a financial institution shall maintain
procedures reasonably designed to collect applicant-provided data,
including the gross annual revenue of the applicant. The final comment
then states that if a financial institution is nonetheless unable to
collect or determine the specific gross annual revenue of the
applicant, the financial institution reports that the gross annual
revenue is ``not provided by applicant and otherwise undetermined.''
The
[[Page 35329]]
Bureau believes that permitting this reporting flexibility will reduce
the complexity and difficulty of reporting gross annual revenue
information, particularly when an application has been denied or
withdrawn early in the process and gross annual revenue could not be
collected.
The Bureau is finalizing comment 107(a)(14)-3 with minor revisions
for clarity and consistency. The Bureau is adopting commenters'
suggestions to add a cross reference to comment 106(b)(1)-3 and to
remove an example provided in the proposed commentary for additional
clarity. This example would have provided that if the financial
institution does not normally collect information on affiliate revenue,
the financial institution reports only the applicant's revenue and does
not include the revenue of any affiliates when it has not collected
that information. The Bureau shares the commenter's concern that this
comment may be interpreted to preclude a financial institution that
does not collect affiliate revenue in all transactions from collecting
affiliate revenue in some transactions and believes the comment is
sufficiently clear without this example.
Final comment 107(a)(14)-3 also clarifies that a financial
institution is permitted, but not required, to report the gross annual
revenue for the applicant that includes the revenue of affiliates as
well. For example, if the financial institution has not collected
information on affiliate revenue, the financial institution reports
only the applicant's revenue and does not include the revenue of any
affiliates. The Bureau is adopting suggested revisions to comment
107(a)(14)-3 and additionally notes that a financial institution that
does not collect affiliate revenue in all transactions is not precluded
from collecting affiliate revenue in some transactions. The Bureau
believes this comment is responsive to one commenter's question about
how to report gross annual revenue for an applicant with two businesses
because it permits, but does not require, reporting of gross annual
revenue for an applicant that includes the revenue of affiliates, which
may include a business with common ownership. Final comment 107(a)(14)-
3 concludes by explaining that in determining whether the applicant is
a small business under proposed Sec. 1002.106(b), a financial
institution may rely on an applicant's representations regarding gross
annual revenue, which may or may not include affiliates' revenue. The
Bureau noted that final comment 106(b)-3 follows the same approach to
affiliate revenue for purposes of determining whether an applicant is a
small business under final Sec. 1002.106(b). The Bureau believes that
this operational equivalence between final Sec. 1002.107(a)(14) and
final Sec. 1002.106(b) will facilitate compliance and enhance data
consistency.
The Bureau recognizes, as noted by commenters, that there may be
inconsistencies in the data where one financial institution looks like
it is lending more to small(er) businesses as it opts not to include
gross annual revenue of affiliates versus another financial institution
that opts to include such revenue when it reports the gross annual
revenue of an applicant. However, the Bureau is not requiring reporting
of the gross annual revenue of both the applicant and all of its
affiliates, nor is it requiring reporting of revenue for parent
companies and beneficial owners of limited liability companies. The
Bureau believes that permitting, but not requiring, a financial
institution to include the revenue of affiliates will carry out the
purposes of section 1071 while reducing undue burden on financial
institutions in collecting gross annual revenue information. The Bureau
considered whether there are feasible methods to identify the presence
of affiliate revenue, as a commenter suggested, but ultimately has
determined that such an identifier could interfere with allowing a
financial institution to rely on an applicant's self-reported gross
annual revenue information and, in any case, would introduce additional
complexity into reporting. In response to a question about whether
revenue or income relied upon from co-signers or guarantors that are
not affiliates of the applicant should be factored into the gross
annual revenue determination, the Bureau notes that the final rule only
requires the collection and reporting of gross annual revenue of the
applicant.
The Bureau understands there may also be instances, as indicated by
one commenter, where the applicant may use multiple owned businesses/
affiliates to support sufficient cashflow, and in those instances, a
financial institution may rely on an applicant's representations
regarding gross annual revenue that include affiliates' revenue. For
additional guidance on what types of entities may be affiliates of an
applicant, e.g., as a result of common ownership or common control, see
the section-by-section analyses of Sec. Sec. 1002.102(a) and
1002.106(b).
The Bureau has considered the comments regarding the treatment of
real estate affiliate revenue, but is not adopting revisions to, in the
case of single purpose entities, allow a financial institution to
categorize all owners of any real property listed on an applicant's
Schedule Of Real Estate Owned as affiliates of the applicant. The
Bureau is likewise not adopting revisions to allow a financial
institution to estimate or project the gross annual revenue of any
income-producing real property for purposes of determining the
applicant's small business status. The Bureau agrees that under the
SBA's general principles of affiliation, ``common investments''
affiliation can be based on shared investments in or joint ownership of
real estate.\663\ Thus, the owners of real estate that is also owned by
the applicant may be affiliates of the applicant. However, the Bureau
is not adopting the suggested revisions to commentary because affiliate
determinations are inherently fact-specific and rebuttable,\664\ and
the Bureau does not believe it would be appropriate to categorize all
entities as affiliates based on a form listing.
---------------------------------------------------------------------------
\663\ See 13 CFR 121.103(f) (``Individuals or firms that have
identical or substantially identical business or economic interests
(such as family members, individuals or firms with common
investments, or firms that are economically dependent through
contractual or other relationships) may be treated as one party with
such interests aggregated.'') (emphasis added); Small Bus. Admin.,
Small Business Compliance Guide: A Guide to the SBA's Size Program
and Affiliation Rules (July 2020), https://www.sba.gov/sites/default/files/2020-10/AFFILIATION%20GUIDE_Updated%20%28004%29-508.pdf.
\664\ See, e.g., 13 CFR 121.103(f) (``Where SBA determines that
such interests should be aggregated, an individual or firm may rebut
that determination with evidence showing that the interests deemed
to be one are in fact separate.'').
---------------------------------------------------------------------------
The Bureau has considered the comments regarding whether financial
institutions should be permitted to estimate or extrapolate gross
annual revenue from partially reported revenue or other information,
and is making a minor revision in final comment 107(a)(14)-1 to
emphasize a manageable method for collecting full gross annual revenue
when a financial institution does not already do so. Specifically,
final comment 107(a)(14)-1 clarifies that a financial institution may
rely on the applicant's statements or on information provided by the
applicant in collecting and reporting gross annual revenue, even if the
applicant's statement or information is based on estimation or
extrapolation, and that an applicant may provide gross annual revenue
calculated using any reasonable method. As such, when an applicant does
not yet have fiscal year information completed (a hypothetical provided
by a commenter), the applicant may choose to provide its gross annual
revenue using any reasonable method, including
[[Page 35330]]
estimating or extrapolating based on a prior fiscal year's tax return.
The Bureau believes that this flexibility will help address concerns
from commenters that tax returns may not be immediately available upon
the close of a fiscal year. As noted by another commenter, an applicant
may alternatively wish to provide revenue figures generated by a
technology company's online platform (e.g., through sales on the
company's online marketplace). The Bureau notes that under final Sec.
1002.107(b), however, a financial institution must report verified
gross annual revenue information if available. Moreover, as provided by
new comment 107(c)-5, a financial institution reports updated
applicant-provided data if it obtains more current data during the
application process; if this updated information is on data the
financial institution has already verified, the financial institution
reports the information it believes to be more accurate, in its
discretion.
The Bureau also wishes to clarify some apparent confusion among
some commenters who claimed that the proposal would have allowed
financial institutions to extrapolate or estimate an applicant's
revenue to determine whether or not a business is a small business. The
proposal indicated that financial institutions could rely on
extrapolated or estimated revenue information provided by applicants.
The Bureau is making this position clear with final comment 107(a)(14)-
1. The Bureau sought comment on whether financial institutions should
be permitted to estimate or extrapolate gross annual revenue from
partially reported revenue or other information, and how such
estimation or extrapolation would be carried out. On this issue, the
Bureau does not believe that it would be appropriate to permit such
estimation or extrapolation for the identification of small businesses
about whom data collection and reporting is required, and thus
financial institutions' own extrapolation or estimation should likewise
not be used in reporting gross annual revenue in order to maintain
consistency.
With respect to comments asking how to report gross annual revenue
for a startup business, a new line of business, and/or a business with
a change in structure or ownership, the Bureau is adding new comment
107(a)(14)-4, which notes that in a typical startup business situation,
the applicant will have no gross annual revenue for its fiscal year
preceding when the information is collected because either the startup
existed but had no gross annual revenue or it simply did not exist in
the preceding fiscal year. In these situations, the financial
institution reports that the applicant's gross annual revenue in the
prior fiscal year is ``zero.'' The Bureau agrees with the commenter
that suggested, for a start-up business, the financial institution
should use the actual gross annual revenue for its preceding fiscal
year (including the reporting of $0 if a new business has had no
revenue to date) and that pro forma projected revenue figures should
not be reported since these figures do not reflect actual gross
revenue.
In situations where an applicant is establishing a new line of
business but already has revenue in other businesses, such as in the
case of a sole proprietor with an established in-home child-care center
who now seeks financing to start a new line of business offering house-
cleaning services, the Bureau notes that final comment 107(a)(14)-3
clarifies that a financial institution is permitted, but not required,
to report the gross annual revenue for the applicant that includes the
revenue of affiliates as well. This comment may also apply to
situations where there is a change in structure or ownership of the
business. In response to a question from a commenter, the Bureau does
not believe that treatment of affiliate gross annual revenue
information should differ based on whether or not the new business line
was in the same industry as the existing businesses. The Bureau notes
that according to the definition of affiliate provided in final Sec.
1002.102(a), which refers to the SBA's rules for determining
affiliation (13 CFR 121.103), affiliation is not limited to businesses
in the same industry. The Bureau also notes that final Sec.
1002.106(a) defines a business as having the same meaning as the term
``business concern or concern'' in 13 CFR 121.105, which expressly
provides that a firm will not be treated as a separate business concern
if a substantial portion of its assets and/or liabilities are the same
as those of a predecessor entity and that the annual receipts and
employees of the predecessor will be taken into account in determining
size. This successor-in-interest rule would apply to situations where a
business reorganized, and a new entity emerges with essentially the
same assets and liabilities as the old concern.\665\
---------------------------------------------------------------------------
\665\ See Size Appeal of Willowheart, LLC, SBA No. SIZ-5484, at
*4 (July 10, 2013).
---------------------------------------------------------------------------
The Bureau is not exempting new businesses from having application
data reported, as suggested by one commenter, because the Bureau
believes that doing so would contravene section 1071's statutory
purposes. The Bureau does not believe that the final rule will
disproportionately impact credit opportunities (or compliance) for
newly formed businesses that do not have the historical gross annual
revenue. However, as suggested by a commenter, the Bureau will track
questions related to collecting and reporting gross annual revenue
information and may develop FAQs or other materials as necessary to
help financial institutions help applicants determine what number to
supply for gross annual revenue, particularly when a business is
starting up or establishing a new business line.
The final rule does not permit financial institutions the option to
use the gross annual revenue figures provided by an applicant for up to
three years from the date of an application for which the information
was gathered, as requested by one commenter. However, under final Sec.
1002.107(d), discussed below, the Bureau is permitting financial
institutions to reuse previously collected gross annual revenue
information when the data were collected within the same calendar year
as the current covered application. The statutory requirement is for
the applicant's gross annual revenue in the last fiscal year preceding
the date of the application; the Bureau does not believe that revenue
information from years prior to the last fiscal year would satisfy this
requirement.
107(a)(15) NAICS Code
Proposed Rule
The SBA customizes its size standards on an industry-by-industry
basis using 1,012 6-digit NAICS codes.\666\ The first two digits of a
NAICS code broadly capture the industry sector of a business. The third
digit captures the industry's subsector, the fourth captures the
industry group, the fifth captures the industry code, and the sixth
captures the national industry. The NAICS code thus becomes more
specific as digits increase and the 6-digit code is the most specific.
---------------------------------------------------------------------------
\666\ See U.S. Census Bureau, North American Industry
Classification System, at 41 (2022) https://www.census.gov/naics/reference_files_tools/2022_NAICS_Manual.pdf. At the time of the
NPRM, there were 1,057 6-digit NAICS codes. See U.S. Census Bureau,
North American Industry Classification System, at 26 (2017) https://www.census.gov/naics/reference_files_tools/2017_NAICS_Manual.pdf.
---------------------------------------------------------------------------
ECOA section 704B(e)(2)(H) authorizes the Bureau to require
financial institutions to compile and maintain ``any additional data
that the Bureau determines would aid in fulfilling the purposes of
[section 1071].'' The Bureau proposed in Sec. 1002.107(a)(15) to
require that
[[Page 35331]]
financial institutions collect and report an applicant's 6-digit NAICS
code. Proposed comment 107(a)(15)-1 would have provided general
background on NAICS codes and would have stated that a financial
institution complies with proposed Sec. 1002.107(a)(15) if it uses the
NAICS codes in effect on January 1 of the calendar year covered by the
small business lending application register that it is reporting.
Proposed comment 107(a)(15)-2 would have clarified that, when a
financial institution is unable to collect or determine the applicant's
NAICS code, it reports that the NAICS code is ``not provided by
applicant and otherwise undetermined.''
The Bureau also proposed that financial institutions be permitted
to rely on NAICS codes obtained from the applicant or certain other
sources, without having to verify that information itself.
Specifically, proposed comment 107(a)(15)-3 would have clarified that,
consistent with proposed Sec. 1002.107(b), a financial institution may
rely on applicable applicant information or statements when collecting
and reporting the NAICS code and would have provided an example of an
applicant providing a financial institution with the applicant's tax
return that includes the applicant's reported NAICS code. Proposed
comment 107(a)(15)-4 would have provided that a financial institution
may rely on a NAICS code obtained through the financial institution's
use of business information products, such as company profiles or
business credit reports, which provide the applicant's NAICS code.
The Bureau believed that collecting the full 6-digit NAICS code (as
opposed to the 2-digit sector code) would better enable the Bureau and
other stakeholders to drill down and identify whether disparities arise
at a more granular level and would also enable the collection of better
information on the specific types of businesses that are accessing, or
struggling to access, credit. For example, a wide variety of
businesses, including those providing car washes, footwear and leather
goods repair, and nail salons, all fall under the 2-digit sector code
81: Other Services (except Public Administration). With a 2-digit NAICS
code, all of these business types would be combined into one analysis,
potentially masking different characteristics and different outcomes
across these business types.
To address concerns related to the complexity of determining a
correct NAICS code, the Bureau proposed a safe harbor to indicate that
an incorrect NAICS code entry is not a violation of subpart B if the
first two digits of the NAICS code are correct and the financial
institution maintains procedures reasonably adapted to correctly
identify the subsequent four digits (see proposed Sec.
1002.112(c)(2)). The proposed NAICS-specific safe harbor would have
been available to financial institutions in addition to the general
bona fide error exemption under proposed Sec. 1002.112(b).
The Bureau sought comment on its proposal to collect 6-digit NAICS
codes together with the safe harbor described in proposed Sec.
1002.112(c)(2). The Bureau also sought comment on whether requiring a
3-digit NAICS code with no safe harbor would be a better alternative.
Comments Received
The Bureau received comments from a wide range of lenders, trade
associations, community groups, and others regarding the reporting of a
6-digit NAICS code as proposed in Sec. 1002.107(a)(15). Numerous
community groups as well as a few lenders supported the Bureau's
proposal and urged collection of a 6-digit NAICS code. Several
commenters emphasized that 1071 data would adequately achieve a fair
lending purpose only if they contain key variables that are used in
underwriting and enable meaningful fair lending analysis. Commenters
stated that NAICS codes provide critical context to understanding
credit underwriting decisions and help ensure that fair lending
analysis is focused on similarly situated businesses. A few commenters
stated that these data must be reported so that lenders cannot hide
behind data not collected as the justification for their lending
disparities.
A bank and a bank trade association stated that NAICS code could
potentially be helpful in demonstrating a non-discriminatory basis for
credit decisions with respect to applicants in different industries.
The trade association stated that, at most, the Bureau should only add
limited data points pursuant to ECOA section 704B(e)(2)(H) that are
considered by the financial institution in the credit underwriting
process, citing NAICS code and time in business as examples.
Another trade association said that NAICS codes have the advantage
of being independently defined and available for reference. The
commenter stated that if a NAICS code is supplied by the applicant and
published by the Bureau only in the aggregate, the NAICS code can
contribute useful information without unduly burdening lenders.
Some commenters stated that a 2- or 3-digit NAICS code would be too
high a level of aggregation to facilitate fair lending analysis. A CDFI
lender stated that a 6-digit code will offer the most precise insight
into the industries that lenders serve, whereas a 3-digit NAICS code
will leave unnecessary ambiguity in the data. The commenter provided
the example of a dry cleaner sharing the same 3-digit NAICS code as a
mortuary and a parking lot.
Furthermore, a number of community groups and several lenders
stated that 6-digit NAICS codes are useful for identifying certain
industries' ability to access small business credit and to identify
areas of unmet need. For example, one community group asserted that the
ability to identify needs and opportunities for small businesses
requires the ability to compare lending by sector to the total number
of businesses in that sector based on other public data sources.
Moreover, some lenders and community groups said that it is already
standard practice for many small business lenders to collect NAICS
codes. For example, these commenters noted that lenders already collect
NAICS codes for SBA loans, Equal Employment Opportunity Commission
certifications, and CDFI loans.
In contrast, many industry commenters, along with several business
advocacy groups and other commenters, generally opposed the data points
proposed pursuant to ECOA section 704B(e)(2)(H), including NAICS code,
as discussed in the section-by-section analysis of Sec. 1002.107(a)
above. In addition, the majority of industry commenters to address this
issue specifically opposed collection of 6-digit NAICS codes. These
commenters expressed concerns about the burden on both lenders and
applicants and the complexity of determining the appropriate NAICS
code. Concerns raised by commenters included, for example, that
collecting NAICS codes would slow the loan application process; most
lenders are unfamiliar with NAICS codes or do not currently collect
them; lenders would have to change their operating procedures
significantly which would create strain on staff and resources; and it
would add more costs to the lending process which may be passed on to
small business borrowers.
Many industry commenters also voiced concern regarding accuracy and
data integrity, explaining that small businesses often do not know
their NAICS code or may operate in multiple NAICS sectors. Other
challenges cited by commenters included the business changing over
time; codes having overlapping definitions; and
[[Page 35332]]
classifications being prone to human error. For example, two trade
associations noted that their members who made Paycheck Protection
Program loans reported that many applicants were unfamiliar with NAICS
codes. Additionally, some industry commenters expressed concern about
verifying applicant-provided data and potential liability if the NAICS
code is incorrect. One commenter noted that NAICS code classifications
could be subject to change based on SBA rulemaking and thus financial
institutions would need to monitor such developments. A credit union
trade association stated that the identification of business and credit
needs can be accomplished without explicit reference to NAICS codes,
such as by leveraging already existing data sources and voluntary
surveys of business owners. In addition, the trade association asserted
that sector-specific analysis of business credit supply and demand is
best left to the SBA, which already collects NAICS information through
its lending programs.
Several commenters raised concerns that requiring NAICS codes would
add confusion to the lending process. A trade association argued that
requiring NAICS codes will create frustration for the small business
borrower, including delayed application processing, and additional time
and operational burden by banks to ensure the information is gathered
and entered. They asserted that while NAICS codes are generally
provided with some tax documents, lenders found borrower confusion when
making Paycheck Protection Program loans, particularly when certain
NAICS codes allowed for a more generous loan amount and certain small
businesses were unable to benefit from higher loan amounts for certain
sectors due to mismatched NAICS codes. Another commenter stated that
applicants may struggle to determine which code to report, especially
if the nature of the business changes over time or falls under multiple
categories.
A number of industry commenters also expressed concern regarding
privacy risks in collecting the 6-digit NAICS code. These commenters
highlighted the risk of borrower re-identification, particularly in
rural areas and smaller communities. Some commenters stated that NAICS
code combined with census tract would make it easy to re-identify a
small business. In addition, while a community group supported
collection of a 6-digit code, it stated that the public database should
provide only 4-digit NAICS codes to address privacy concerns.
In addition, a few commenters asserted that collecting NAICS codes
would not advance the purposes of section 1071, arguing that collecting
NAICS codes does not provide information that would inform fair lending
analysis. For example, one bank stated that NAICS code would be of
minimal value to fair lending analytics given the complexity of small
business lending, such as the scope and size of the business. Moreover,
several banks stated that they do not currently collect NAICS codes and
that NAICS codes are not used in underwriting or financial analysis
purposes.
A few industry commenters supported collection of a 2-digit NAICS
code, stating that this would achieve the intended policy goal without
creating unnecessary burdens and heightened costs, as well as protect
the privacy of market participants. A trade association for online
lenders supported collection of a 4-digit NAICS code, stating it would
provide sufficient information while mitigating risk of re-
identification and avoiding potential impacts and delays to the
borrower during the application process. A joint letter from community
and business advocacy groups urged the Bureau to permit the submission
of a 3-digit code where the applicant does not provide a 6-digit code.
Finally, one commenter suggested that the Bureau coordinate with the
U.S. Census Bureau to create a suffix to a business's NAICS code that
would identify its minority-owned or women-owned status. The commenter
stated that this would create efficiencies across organizations and
provide an easier and more neutral method of collecting demographic
information on applications. The commenter further noted that this
suffix could be easily masked when loans are sent to underwriters to
ensure it does not impact their decisions.
Final Rule
For the reasons set forth herein, the Bureau is revising Sec.
1002.107(a)(15) to require that financial institutions collect a 3-
digit NAICS code for the applicant. The Bureau is also finalizing
proposed comments 107(a)(15)-1, -2, and -5, with minor adjustments for
consistency. Final comment 107(a)(15)-1 explains what a NAICS code is,
and final comment 107(a)(15)-2 addresses what to report if a financial
institution is unable to collect or otherwise determine the applicant's
NAICS code. Proposed comments 107(a)(15)-3 and -4, which addressed a
financial institution's reliance on information from the applicant and
from other sources, have been removed as those issues are now addressed
in final comment 107(b)-1. Final comment 107(a)(15)-3 (proposed as
comment 107(a)(15)-5) cross-references the safe harbor in final Sec.
1002.111(c)(3) for incorrect 3-digit NAICS code entries. The Bureau has
considered commenters' concerns regarding the difficulties in obtaining
an accurate NAICS code as well as the importance of NAICS codes for
fair lending and community development analysis. The Bureau believes
that collecting the 3-digit NAICS code will achieve the right balance
between minimizing burden on financial institutions and small business
applicants, while also providing valuable data to analyze fair lending
patterns and identify industry subsectors with unmet credit needs.
The Bureau believes that NAICS code data will considerably aid in
fulfilling both section 1071's fair lending purpose and its business
and community development purpose, even if the NAICS code is not
necessary for determining whether an applicant is a small business.
While it will not provide the same level of detail as a 6-digit code,
the 3-digit code will still help ensure that fair lending analysts are
comparing applicants with similar profiles, thereby controlling for
factors that might provide non-discriminatory explanations for
disparities in underwriting and pricing decisions. Moreover, NAICS
subsector codes are useful for identifying business and community
development needs and opportunities of small businesses, which may
differ widely based on industry, even controlling for other factors.
For example, 3-digit NAICS codes will help data users identify
subsectors where small businesses face challenges accessing credit and
understand how small businesses in different industries use credit.
Furthermore, the Bureau believes that publication of NAICS codes
(subject to potential modification and deletion decisions by the
Bureau, as discussed in part VIII below) will help provide for some
consistency and compatibility with other public datasets related to
small business lending activity, which generally use NAICS codes. This
ability to synthesize 1071 data with other datasets may help the public
use the data in ways that advance both the business and community
development and fair lending purposes of section 1071. The Bureau
agrees with commenters' concerns that the 2-digit NAICS code would not
provide sufficiently detailed information to aid regulators and the
public in monitoring particular industries' access to small business
credit.
[[Page 35333]]
The Bureau recognizes that covered financial institutions not
currently using NAICS codes will need to gain familiarity with the
NAICS code system and refer to NAICS subsector classifications for all
relevant applications before reporting 3-digit NAICS codes to the
Bureau. To address concerns related to the complexity of determining a
correct NAICS code, particularly for covered financial institutions
that do not currently use NAICS codes, the Bureau is permitting a
financial institution to rely on applicable applicant information or
statements when compiling and reporting the NAICS code, as well as
permitting a financial institution to rely on a NAICS code obtained
through the financial institution's use of business information
products, such as company profiles or business credit reports (see
final comment 107(b)-1). In other words, a financial institution may
rely on oral or written statements from an applicant, other information
provided by an applicant such as a tax return, or third-party sources
such as business information products. The Bureau believes that being
able to rely on NAICS codes obtained from the applicant or third-party
sources significantly eases potential difficulties for financial
institutions in collecting and reporting a 3-digit NAICS code and
mitigates concerns about inadvertently reporting an inaccurate code.
In response to industry concerns regarding the accuracy of the
NAICS code and the burden of verifying applicant-provided data, the
Bureau emphasizes that financial institutions are permitted to rely on
NAICS codes obtained from the applicant or third-party sources, without
having to verify that information. Furthermore, the Bureau has expanded
the NAICS code safe harbor in final Sec. 1002.112(c)(3), which makes
clear that the safe harbor extends to financial institutions that rely
on an applicant's representations or on other information regarding the
NAICS code. Final Sec. 1002.112(c)(3) also provides a safe harbor for
incorrect 3-digit NAICS code entries, where the financial institution
identifies the NAICS code itself, provided that it maintains procedures
reasonably adapted to correctly identify a 3-digit NAICS code. The
Bureau has also removed the term ``appropriate'' from the regulatory
text of Sec. 1002.107(a)(15). The Bureau believes the term is
unnecessary, particularly in light of the revisions to the NAICS code
safe harbor in final Sec. 1002.112(c)(3), and removing it may help
avoid potential confusion regarding NAICS codes the financial
institution obtains from the applicant or other sources.
Additionally, the Bureau understands that multiple NAICS codes may
apply to a single business. While this may be more of a concern with 6-
digit codes, if more than one 3-digit code applies to a single
business, only one 3-digit NAICS code should be reported.
The Bureau acknowledges community groups' concern that collecting
anything less than 6-digit NAICS codes will result in less precise data
about industry classification. The Bureau nonetheless believes that its
final rule requiring collection and reporting of 3-digit NAICS codes
(along with the expanded safe harbor) strikes an appropriate balance in
addressing the concerns raised by industry and the importance of NAICS
code information in fair lending and community development analysis.
The Bureau will monitor the utility of the NAICS code data point and,
if warranted, may revisit the required number of digits in the future.
Although the Bureau will address re-identification concerns
generally by modifying or deleting data upon publication, the Bureau
notes that its shift to 3-digit NAICS codes will decrease the risk of
re-identification of small business borrowers and related natural
persons in rural areas and smaller communities. See part VIII below for
further discussion about the privacy analysis and public disclosure of
data.
107(a)(16) Number of Workers
Proposed Rule
ECOA section 704B(e)(2)(H) authorizes the Bureau to require
financial institutions to compile and maintain ``any additional data
that the Bureau determines would aid in fulfilling the purposes of
[section 1071].'' In the proposed rule, the Bureau stated that it
believed that data providing the number of persons working for a small
business applicant would aid in fulfilling the business and community
development purpose of section 1071. These data would allow users to
better understand the job maintenance and creation that small business
credit is associated with and help track that aspect of business and
community development.
Proposed Sec. 1002.107(a)(16) would have required financial
institutions to report the number of non-owners working for the
applicant.
Proposed comment 107(a)(16)-1 would have discussed the collection
of the number of workers. The proposed comment would have stated that
in collecting the number of workers from an applicant, the financial
institution would explain that full-time, part-time, and seasonal
workers, as well as contractors who work primarily for the applicant,
would be counted as workers, but principal owners of the business would
not. The proposed comment would have further stated that if the
financial institution was asked, it would explain that volunteers would
not be counted as workers. This treatment of part-time, seasonal,
contract, and volunteer workers would follow the SBA's method for
counting employees,\667\ with minor simplifications. The Bureau sought
comment on whether further modifications to the number of workers data
point were needed to facilitate this operational simplification.
---------------------------------------------------------------------------
\667\ See 13 CFR 121.106(a).
---------------------------------------------------------------------------
Proposed comment 107(a)(16)-1 would have also explained that
workers for affiliates of the applicant would only be counted if the
financial institution were also collecting the affiliates' gross annual
revenue.
The proposed comment would have further explained that the
financial institution could rely on statements of or information
provided by the applicant in collecting and reporting number of
workers, but if the financial institution verifies the number of
workers provided by the applicant, it must report the verified
information.
Proposed comment 107(a)(16)-1 would have also provided sample
language that a financial institution could use to ask about the number
of workers, if it does not collect the number of workers by another
method. The Bureau provided the sample language in the proposed
comment, which implements the simplified version of the SBA definition
referenced above. The Bureau sought comment on this method of
collection, and on the specific language proposed.
Proposed comment 107(a)(16)-2 would have first clarified that a
financial institution shall maintain procedures reasonably designed to
collect applicant-provided information, including the number of workers
of the applicant. The proposed comment would have then stated that if a
financial institution is nonetheless unable to collect or determine the
number of workers of the applicant, the financial institution reports
that the number of workers is ``not provided by applicant and otherwise
undetermined.''
The Bureau sought comment on its proposed approach to the number of
workers data point, as well as on the specific requests for comment
above.
[[Page 35334]]
The Bureau also sought comment on whether financial institutions
collect information about the number of workers from applicants using
definitions other than the SBA's, and how the collection of this data
point could best be integrated with those collections of information.
Comments Received
The Bureau received comments on its proposed number of workers data
point from lenders, trade associations, and community groups. A number
of commenters supported the Bureau's proposal. A few commenters urged
the Bureau to adopt the number of workers data point, suggesting that
it is important for business and community development purposes. A CDFI
lender and community group commenter said that the number of workers
data point will help provide a greater understanding of owner-operated
and microbusiness needs and accessibility to affordable credit. Another
community group commented that the data point provides insight into the
number of jobs created, retained and/or supported by access to credit.
This community group further noted that the data point would also
assist in analysis of whether businesses of various sizes fare
differently in the lending marketplace. Many community groups expressed
support for collecting data on the number of workers because they
believe it will help indicate whether smaller businesses of various
sizes will require more support and technical assistance when it comes
to credit access. A minority business advocacy group commented that the
data will help determine various levels of economic development and
impact across the country. A few commenters agreed with the Bureau's
proposed method of collecting the number of non-owner workers and
including part-time staff, seasonal staff, and contractors that work
primarily for the business.
A trade association commented that the important considerations are
that the Bureau provide language for lenders to provide to applicants
to help applicants correctly answer the question and that the Bureau
emphasize that financial institutions may rely on statements made by
the applicant without incurring risk. Another industry commenter
suggested that the final rule enable principal owners to count
themselves as workers because this method is more common in industry
and would avoid confusion. A bank recommended that the final rule
expressly permit covered financial institutions to collect required
data from applicants through a variety of means, including on the
application form, supplemental documents or forms, or the sample data
collection form. A CDFI lender suggested that the Bureau require
financial institutions to report the breakdown of full-time and part-
time workers.
The Bureau received many comments from industry opposing the
proposal to collect data on the number of workers. Some commenters
stated that data on the number of workers is not currently collected
and that some customers do not readily have this information available,
though several noted they had collected it for Paycheck Protection
Program loans. A trade association stated that the data are unfamiliar
to the applicant or difficult to obtain and will result in additional
complexity, confusion, and significant operational and regulatory
costs. Several commenters indicated that it is not a factor in the
credit decision. A bank stated that it is not in the banker's role to
determine this information and there is no reason to collect and
monitor this data point if the small business is a creditworthy
borrower.
A few industry commenters questioned the value of this data point,
arguing that it would not aid in fulfilling the fair lending purpose of
section 1071. Two asserted that without context (for example,
separating full-time versus part-time and contract workers) there seems
to be little value in collecting the information. One suggested that
collection is further complicated when the gross annual revenue of an
affiliate is considered, because then the number of workers for the
affiliate must be included. Several industry commenters also stated
that the proposed general exclusion of affiliate employees is
problematic because some of these employees may perform substantial
services for the applicant.
A bank commented that the CRA already considers the impact of
adding jobs through small business and community development loans.
Another bank commented that SBA uses either the gross annual revenue or
number of workers, depending on the type of business, to qualify
businesses as small and because the Bureau's proposal already contains
a gross annual revenue size test, it would be unnecessary to collect
the number of workers because it is irrelevant to the credit decision
and determining the size of the business.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(16) with an addition and a minor revision to the associated
commentary. Pursuant to its authority under ECOA section 704B(e)(2)(H),
the Bureau believes that data on the number of workers will aid in
fulfilling the business and community development purpose of section
1071. Data on the number of persons working for a small business
applicant will provide data users and relevant stakeholders with a
better understanding of the job maintenance and creation that small
business credit provides.
In response to comments regarding the complexity and difficulty in
collecting information about the number of workers, the Bureau is
adding a new comment to require that financial institutions report the
number of workers using ranges rather than reporting the specific
number of workers. Final comment 107(a)(16)-1 provides that a financial
institution complies with Sec. 1002.107(a)(16) by reporting the number
of people who work for the applicant using the ranges prescribed in the
Filing Instructions Guide. The Bureau believes that reporting the
number of workers in ranges rather than a specific numerical value will
eliminate some of the collection difficulties expressed by commenters,
such as determining the exact number of employees when that number
varies throughout the year.
The Bureau is finalizing comment 107(a)(16)-2 (renumbered from
comment 107(a)(16)-1 in the proposed rule) with some revisions as well
as additional guidance on how a financial institution may collect
information about the number of workers in light of final comment
107(a)(16)-1. Specifically, a financial institution may collect the
number of workers from an applicant using the ranges specified by the
Bureau in the Filing Instructions Guide (as indicated in final comment
107(a)(16)-1) or as a numerical value. Final comment 107(a)(16)-2
retains from proposed comment 107(a)(16)-1 the discussion on collecting
the number of workers, including the sample language to provide to
applicants to ask about the number of workers and the statement that a
financial institution may rely on the applicant's response, but the
Bureau is making minor edits for clarity. The Bureau agrees with
commenters that these provisions are helpful, and is including them to
facilitate compliance.
The Bureau agrees with commenters' recommendations that financial
institutions should be able to rely on statements made by the applicant
and should be permitted to collect required data from applicants
through a variety of means. First, the rule does not limit the means by
which the number of workers data can be collected, and
[[Page 35335]]
though it provides optional language to use, it does not require the
use of that language. The Bureau believes that allowing financial
institutions to rely on applicant-provided data will sufficiently
safeguard accuracy such that the resulting data will aid in fulfilling
the purposes of section 1071. The Bureau also believes that reporting
the verified number of workers when the financial institution already
possesses that information will not be operationally difficult, and
will enhance the accuracy of the information collected. To facilitate
compliance with the regulation, the Bureau provides guidance related to
reliance on all applicant-provided data, including number of workers,
in final comment 107(b)-1. Generally, that comment permits reliance on
statements of the applicant or information provided by an applicant;
however, if a financial institution verifies information, it reports
the verified data. For more information on relying on statements made
by or provided by an applicant, see the section-by-section analysis of
Sec. 1002.107(b).
The Bureau is finalizing comment 107(a)(16)-3 (renumbered from
proposed comment 107(a)(16)-2) with a minor edit for clarity. Final
comment 107(a)(16)-3 cites to Sec. 1002.107(c), which provides that a
financial institution shall maintain procedures reasonably designed to
collect applicant-provided data, which includes the number of workers
of the applicant. Comment 107(a)(16)-3 further explains that a
financial institution reports that the number of workers is ``not
provided by applicant and otherwise undetermined'' if, despite such
procedures, the financial institution is unable to collect or determine
the information. The Bureau believes that allowing this response will
facilitate compliance when an applicant does not provide the requested
data.
The final rule does not require financial institutions to report
the distinction between various worker categories such as full time
versus part time, as recommended by some commenters. The Bureau
believes that requiring distinctions between various worker categories
could introduce unnecessary complexity and compliance challenges. The
final rule also does not include principal owners in the number of
workers, as recommended by a commenter. The final rule requires the
separate collection of the number of principal owners in final Sec.
1002.107(a)(20), and the Bureau believes that this differentiation will
improve the granularity and usefulness of the data collected.
The Bureau acknowledges comments noting that some financial
institutions do not collect or maintain data on number of workers nor
is the information used in their credit decisions. However, the Bureau
believes that number of workers is critical to further the business and
community development purpose of section 1071 and the Bureau does not
believe it will be particularly difficult for financial institutions to
obtain this information if they do not do so already. The Bureau has
also provided sample language in final comment 107(a)(16)-2 that a
financial institution may use to ask an applicant about the number of
workers.
With respect to questions from commenters about how the number of
workers data point meets section 1071's purposes, as discussed above
the Bureau believes the data will provide insight into small business
credit that contributes to job creation and maintenance, as well as
other trends in the small business market's ability to grow and
maintain workers, and the full set of data required to be collected and
reported under this final rule should provide sufficient context for
meaningful understanding of this data point. Regarding the comment that
the CRA already considers the impact of adding jobs through small
business and community development loans, the Bureau notes that data
collected under section 1071 vary from data collected under CRA and the
institutions subject to section 1071 are not necessarily subject to
CRA. Regarding the concerns raised by commenters that the number of
workers for an applicant's affiliates must be counted if the
affiliates' gross annual revenues are considered, the Bureau notes that
the applicant is already providing information on affiliate(s) in this
situation, and the financial institution can simply ask a question
regarding number of workers, perhaps using the language provided in
final comment 107(a)(16)-2, and tell the applicant to include affiliate
information.
107(a)(17) Time in Business
Proposed Rule
ECOA section 704B(e)(2)(H) authorizes the Bureau to require
financial institutions to compile and maintain ``any additional data
that the Bureau determines would aid in fulfilling the purposes of
[section 1071].'' In the proposed rule, the Bureau stated that it
believed that data providing the time in business of a small business
applicant would aid in fulfilling both the business and community
development and fair lending purposes of section 1071.
The Bureau proposed Sec. 1002.107(a)(17) to require a financial
institution to collect and report the time the applicant has been in
business, described in whole years, as relied on or collected by the
financial institution. Proposed Sec. 1002.107(a)(17) would have
required the data be reported in whole years, rather than ranges of
time, because a financial institution would have a definite number of
years if it collects this information presently, and the Bureau
believed that time in business reported in whole years would make the
data more granular and useful.
Proposed comment 107(a)(17)-1 would have provided guidance on how
to report one of the two methods (relied on or collected) for reporting
the time-in-business data point. The proposed comment would have
explained that, regardless of which method is used, the financial
institution must report the time in business in whole years, or
indicate if a business has not begun operating yet, or has been in
operation for less than a year. Proposed comment 107(a)(17)-1 would
have explained that when the financial institution relies on an
applicant's time in business as part of a credit decision, it reports
the time in business relied on in making the credit decision. However,
the comment would have further explained that proposed Sec.
1002.107(a)(17) would not require the financial institution to rely on
an applicant's time in business in making a credit decision.
Proposed comment 107(a)(17)-1 would have also explained that the
financial institution may rely on statements or information provided by
the applicant in collecting and reporting time in business; however,
pursuant to proposed Sec. 1002.107(b), if the financial institution
verifies the time in business provided by the applicant, it must report
the verified information. This guidance would have applied whether the
financial institution relies on the time in business in making its
credit decision or not, although the Bureau believed that verification
would be very uncommon when the financial institution is not relying on
the information.
Proposed comment 107(a)(17)-2 would have provided instructions on
how to report the time in business relied on in making the credit
decision. The proposed comment would have stated that when a financial
institution evaluates an applicant's time in business as part of a
credit decision, it reports the time in business relied on in making
the credit decision. For
[[Page 35336]]
example, the proposed comment would have further explained, if the
financial institution relies on the number of years of experience the
applicant's owners have in the current line of business, the financial
institution reports that number of years as the time in business.
Similarly, if the financial institution relies on the number of years
that the applicant has existed, the financial institution reports the
number of years that the applicant has existed as the time in business.
Proposed comment 107(a)(17)-2 would have then concluded by stating that
a financial institution reports the length of business existence or
experience duration that it relies on in making its credit decision,
and is not required to adopt any particular definition of time in
business.
Proposed comment 107(a)(17)-3 would have stated that a financial
institution relies on an applicant's time in business in making a
credit decision if the time in business was a factor in the credit
decision, even if it was not a dispositive factor. The proposed comment
would have provided the example that if the time in business is one of
multiple factors in the financial institution's credit decision, the
financial institution has relied on the time in business even if the
financial institution denies the application because one or more
underwriting requirements other than the time in business are not
satisfied.
Proposed comment 107(a)(17)-4 would have clarified that if the
financial institution does not rely on time in business in considering
an application, pursuant to proposed Sec. 1002.107(c)(1) it shall
still maintain procedures reasonably designed to collect applicant-
provided information, which includes the applicant's time in business.
The proposed comment would have explained that in collecting time in
business from an applicant, the financial institution complies with
proposed Sec. 1002.107(a)(17) by asking for the number of years that
the applicant has been operating the business it operates now. The
proposed comment would have further explained that when the applicant
has multiple owners with different numbers of years operating that
business, the financial institution collects and reports the greatest
number of years of any owner. Proposed comment 107(a)(17)-4 would have
then concluded by making clear that the financial institution does not
need to comply with the instruction if it collects and relies on the
time in business by another method in making the credit decision.
Proposed comment 107(a)(17)-5 would have explained that pursuant to
proposed Sec. 1002.107(c)(1) a financial institution shall maintain
reasonable procedures to collect information provided by the applicant,
which includes the time in business of the applicant, but if the
financial institution is unable to collect or determine the time in
business of the applicant, the financial institution reports that the
time in business is ``not provided by applicant and otherwise
undetermined.''
The Bureau sought comment on its proposed approach to this data
point. The Bureau also sought comment on whether time-in-business
information may be less relevant or collectable for certain products or
situations (such as retailer-branded credit cards acquired at point of
sale) and whether reporting ``not applicable'' should be allowed in
those instances. In addition, the Bureau sought comment on whether
there should be an upper limit on time in business--for example, to
allow reporting of ``over 20 years'' for any applicant of that
duration, rather than requiring reporting of a specific number of
years.
Comments Received
The Bureau received comments on its proposed time in business data
point from a number of lenders, trade associations, and community
groups. A number of commenters supported the Bureau's proposal to
collect time in business data with some pointing out the importance of
time in business for the fair lending and community development
purposes of section 1071. A trade association noted that time in
business data are potentially useful for lenders, policymakers,
regulators, and communities and that this is a common credit
consideration for the type of small business lending undertaken by
certain financial institutions. This trade association asserted that
the data can help explain differences in underwriting risk among small
business applicants and avoid misinterpretation of the dataset by
distinguishing potentially riskier new businesses from established
businesses. A community group stated that this data point is needed to
assess if access to credit is reasonably available and whether there
are geographical barriers that do not seem present in other areas based
on analysis of the data. This commenter further stated that such
analysis can help stakeholders identify and ameliorate any access to
credit barriers for younger firms.
A bank and a trade association commented that this data point could
be helpful in demonstrating a non-discriminatory basis for different
credit decisions and may provide helpful context for evaluating the
basis for credit decisions and conducting an accurate, fact-based fair
lending analysis. A community group stated that lenders already collect
or consider the number of years a small business has been in operation
as it is an element of loan risk and underwriting. This commenter
further stated that time-in-business data would allow the assessment of
whether businesses of similar duration are likely to receive credit at
comparable terms, such as by comparing Black-owned, Latino-owned, and
Asian-owned start-ups with white-owned start-ups. A number of
commenters noted in discussing data points, including time in business,
that fair lending analysis requires a robust set of key variables that
are used in underwriting. Relatedly, other commenters stated that data
collected under the Bureau's rule must be sufficient to allow data
users to understand the characteristics of applicants that are denied
credit so as to identify areas of unmet need and also to be able to
compare declined applicants with those who are approved for credit to
look for evidence of discrimination.
Commenters specifically pointed out the importance of collecting
information regarding whether a business is a start-up. A community
group noted start-ups and younger businesses generally have more
difficulties qualifying for credit, and other commenters pointed out
that it is well known that start-ups often struggle to access
financing.
In contrast, the Bureau received many comments from lenders and
trade associations generally opposing the Bureau's proposal to collect
time in business. One trade association questioned how asking how long
a company has been in operation furthers fair lending purposes. A few
banks stated that the information is not considered for underwriting
purposes or relevant to the creditworthiness of the applicant. An
agricultural lender asserted that time in business data can be unknown,
misleading, or not relevant. A few industry commenters asserted that
time in business data are not currently collected or maintained by
lenders. Some commenters said collecting time in business data would
impose compliance burden and one also said that it would add friction
to the application process. A bank stated that customers do not have
this type of information readily available when applying for a
commercial loan. Another bank noted that the data point adds a layer of
complexity, will not provide useful information that advances section
1071, and goes beyond what other laws,
[[Page 35337]]
such as HMDA, require financial institutions to collect. A trade
association commented that time in business is unfamiliar to the
applicant or difficult to obtain and will result in additional
complexity, confusion, and significant operational and regulatory
costs. Another trade association said this data point involves
complexities because many small businesses cannot provide an exact
amount of time in business due to name changes, mergers and
acquisitions, and other routine events that complicate this
calculation. A bank stated that its borrowers rarely keep good enough
records to properly state the date they began doing business. An
agricultural lender stated that time in business can be difficult to
determine for a farming operation that may have begun as a lifestyle
venture or arose from multiple generations of farming.
Some commenters expressed concerns with the data to be collected as
well as the method of reporting. A bank stated that it makes loans for
startup companies and relies on the applicant's experience in the given
industry rather than the length of time they have operated their
current business; however, underwriting for an established business
uses the length of time that specific business has been in operation.
Although the Bureau's proposal allows for the consideration of business
experience or business longevity, this commenter and several others
asserted that the resulting data gathered will not be comparable and
analysis of that data will be meaningless. Another bank stated that in
most cases, the credit decision is a combination of the number of years
the applicant has been in business and the number of years the
principals have been in the industry, but if one institution reports
the number of years the applicant has been in business and another
reports the number of years of experience of the principals, they would
not appear to be as similarly situated as they are; therefore, it will
be impossible to make comparisons or draw accurate conclusions with
respect to the information submitted. Another bank pointed out this
same issue and stated that the mixture of responses would lead to
unreliable information, unjustifiable conclusions, and unjustified
burden on applicants and financial institutions. Other banks and a
trade association also indicated that the credit decision can be based
on a combination of the number of years the applicant has been in
business and the number of years the principals have been in the
industry. Two of these commenters also said that the Bureau did not
provide guidance on how to report the data in these circumstances.
A bank trade association commented that many small business
borrowers create new entities for various reasons and expressed concern
that the data collected could suggest lenders are giving more favorable
treatment to new small businesses as opposed to existing ones. Another
trade association stated that collecting time in business using
management or owner experience rather than the age of the business
itself undercuts the Bureau's rationale that time in business could
explain the difference in underwriting risk among small business
applicants and avoid misinterpretation of data. This commenter
recommended that time in business be collected at the financial
institution's option. A bank was concerned that time in business data
may make it appear to discriminate against start-up businesses,
explaining that its practice has been to avoid providing financing for
start-up businesses unless it can secure government guaranties because
in distressed areas where the bank generally lends, start-up businesses
have historically been unable to sustain a repayment history for the
loan term due to business closure and liquidation. Therefore, the bank
explained, if comparing this information for fair lending, it will
appear that they are discriminating against start-up businesses when
there are studies showing that minority-owned businesses are under-
financed as start-ups.
Several commenters requested the Bureau provide clarification on
certain aspects of reporting the data point or made recommendations for
reporting the data. A bank suggested that the Bureau collect the time
the business has been active regardless of ownership experience or time
the current owners have owned this business. A community group
recommended that financial institutions be required to report the time
in business used when underwriting the loan because time in business
could refer to either the time period since the business was formally
incorporated or the time period of operation. A bank requested
clarification on temporary lapses in business and how to report
seasonal businesses. Several agricultural lenders and a trade
association suggested that if this data point is not dropped then the
Bureau should tie it to the established Farm Credit data point, ``Year
began Farming,'' because Farm Credit associations already collect
``Year began farming.'' These commenters reasoned that there would be
needless confusion in the context of agricultural credit if there were
separate and competing definitions of ``Time in business'' and ``Year
began farming.'' A bank recommended that the easiest way to report time
in business information is with a number in the column; however, it
suggested that for newer businesses, particularly for those with less
than one year in business, the number should be reported in ranges,
e.g., 0-6 months or 7-12 months. A community group said that credit
card lenders should not be able to routinely report ``not applicable''
for this data point because the information should not be too hard to
ask for on an application form. A bank and a trade association
requested that the Bureau allow all financial institutions to report
the applicant's time in business, whether used in credit underwriting
or collected from the applicant, and to rely on the information
provided by the applicant. These commenters also requested that the
Bureau include in the final rule a safe harbor from liability for
reporting the applicant-provided time in business. Another trade
association also recommended that the Bureau clarify that financial
institutions may rely on statements made by the applicant without
incurring risk.
A bank commented that putting an upper limit on years to report is
not a good idea and said that time in business should always be
reported as a specific number of years. The bank reasoned that there
are businesses that struggle at the 5 year mark, the 10 year mark, or
the 50 year mark. According to this bank, one should not assume that
applicants are ``fine'' because those years are above an arbitrary
number the Bureau has chosen.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(a)(17) with revisions to the regulatory text and commentary.
As explained below, financial institutions will be required to report
the time the applicant has been in business, but the Bureau has revised
the requirements to provide financial institutions more flexibility in
collecting the information. Pursuant to its authority under ECOA
section 704B(e)(2)(H), the Bureau determines that collecting data on
time in business will further the purposes of section 1071, as further
explained below.
The Bureau believes that time in business will advance both
statutory purposes of section 1071. Research illustrates the role that
start-ups and new businesses play in the business ecosystem and in
promoting important community development aims, such as
[[Page 35338]]
creating new jobs.\668\ Financial institutions often have special
credit policies regarding start-ups and other young businesses,
including whether the institution will extend credit to start-ups at
all, the type(s) of credit products start-ups and new businesses can
apply for, and the amount of credit for which they can be approved.
Studies generally show that start-ups experience greater difficulty in
accessing credit.\669\
---------------------------------------------------------------------------
\668\ See, e.g., Small Bus. Admin., 2018 Small Business
Profiles, at 1-2 (2018), https://www.sba.gov/advocacy/2018-small-business-profiles-states-and-territories?utm_medium=email&utm_source=govdelivery; John
Haltiwanger et al., Who Creates Jobs? Small versus Large versus
Young, 95(2) Review of Econ. & Stat., at 347-61 (2013), https://direct.mit.edu/rest/article/95/2/347/58100/Who-Creates-Jobs-Small-versus-Large-versus-Young.
\669\ For example, a Federal Reserve Bank of New York report,
based on data from the 2016 Small Business Credit Surveys that
included information from 12 Federal Reserve Banks, provides
statistics on how start-ups are less likely to receive credit as
compared to mature businesses, even with comparable credit scores.
See Fed. Rsrv. Bank of N.Y., Small Business Credit Survey: Report on
Start-up Firms, at iv (2017), https://www.newyorkfed.org/medialibrary/media/smallbusiness/2016/SBCS-Report-StartupFirms-2016.pdf.
---------------------------------------------------------------------------
Time in business data will benefit data users, including financial
institutions, policymakers, economic analysts, and communities by
allowing them to better identify the proportion of small businesses
seeking credit that are start-ups or relatively new businesses, the
type(s) of credit offered to these groups, the geographic setting of
these businesses, the types of financial institutions that are reaching
such businesses, and where communities might focus business development
efforts. The data may also aid policymakers in addressing issues
impacting the growth of small start-ups. The data, particularly as to
unmet demand, could help interested financial institutions identify
lending opportunities to reach more start-ups and new businesses,
promoting both business and community development. This data point will
also facilitate fair lending analyses by providing a useful control to
identify similarly situated applicants and eliminate some false
positives, while also allowing monitoring of potential disparate
treatment of relatively new minority- and women-owned small businesses.
The Bureau understands from commenters that there are complexities
associated with collecting time in business information from an
applicant for various reasons, including applicant difficulty providing
an exact time because of prior name changes, events that affected the
applicant's structure, multi-generational ownership, and others
discussed by commenters above. In light of the feedback received, the
Bureau has revised the requirements for reporting time in business
information, based on the financial institution's procedures. The
Bureau is also not finalizing this data point to include data as relied
on by the financial institution to make a decision. Rather, the final
rule requires financial institutions to report time in business as
collected or otherwise obtained. Although this requirement is similar
to reporting the time in business relied on, the new language makes
clear that the financial institution reports the time in business
collected or obtained regardless of whether it relied on that
information in underwriting the application. Commenters indicated that
they may base their credit decision on a combination of factors, such
as the time the applicant has been in existence and the time the owners
have been in the industry, while other commenters indicated that they
do not collect or use time in business for underwriting purposes. The
Bureau believes that standardizing the time in business data point to
be based on what the financial institution collects or obtains
streamlines the requirement and provides flexibility for the financial
institution to report time in business information based on its credit
policies or programs rather than having to select a time in business
method specifically for reporting pursuant to this rule. Accordingly,
the Bureau is not finalizing ``as relied on or collected by the
financial institution'' in the regulatory text. Final regulatory text
for Sec. 1002.107(a)(17) requires reporting of the time the applicant
has been in business; however, the Bureau is providing further details
guidance in commentary regarding time in business collection and
reporting, as explained below. As some commenters suggested, allowing
different methods for measuring time in business will have an effect on
the comparability of the data, but information about the time in
business actually collected by the financial institution for its own
purposes will be useful for fair lending analysis and will impose less
operational difficulty than requiring reporting based on a single
definition. For example, this method will allow a financial institution
to use the ``year began farming'' date, as suggested by some
commenters, to report time in business without further inquiry.
Final comment 107(a)(17)-1.i provides that a financial institution
reports time in business in whole years if, as part of its procedures,
it collects or obtains the number of years an applicant has been in
business. Final comment 107(a)(17)-1.i also provides guidance to make
clear that if the financial institution reports the number of whole
years, the financial institution rounds down to the nearest whole year.
Final comment 107(a)(17)-1.ii provides that if a financial institution
does not collect or obtain the number of years an applicant has been in
business, but as part of its procedures it determines whether or not
the applicant has been in business less than two years, then the
financial institution reports the applicant's time in business as
either less than two years or two or more years. Final comment
107(a)(17)-1.iii provides that if a financial institution does not
collect or obtain time in business, either as number of years or a
determination as to whether the applicant has been in business less
than two years, then the financial institution complies with the rule
by asking the applicant whether it has been in business less than two
years or two or more years. The Bureau is not finalizing the provision
in proposed comment 107(a)(17)-1.ii to require financial institutions
to indicate whether an applicant has not begun operating yet or has
been in operation less than a year. In addition, the Bureau is not
requiring that newer business applicants' time in business be reported
in ranges, as one commenter suggested. The Bureau believes that time in
business information reported in whole years or an indication of over
or under two years can provide data users with robust information
regarding start-ups and newer businesses as well as the maturity of
other businesses, thus furthering the purposes of section 1071 while
also simplifying collection and reporting. Issues such as whether to
report the time in business based on the time of incorporation or time
of business opening, lapses in business operation such as for a
seasonal business, and new business entities that do not actually
constitute a new enterprise should all be considered within the
financial institution's discretion in collecting time in business. The
Bureau does not believe that these scenarios will have a significant
effect on the quality of the data reported, but crafting a rule that
takes them into account could considerably increase the operational
difficulty of compliance.
Final comment 107(a)(17)-2 provides that a financial institution
that collects time in business as part of its procedures is not
required to collect or obtain time in business information pursuant to
a specific definition for the purposes of this rule. The comment
[[Page 35339]]
provides examples of how a financial institution may define time in
business, including by asking the applicant when the business started
or based on the owner's experience in the industry. As discussed above,
the Bureau understands from commenters that a financial institution may
collect and/or consider for underwriting both the number of years the
applicant has been in business and the number of years of experience an
owner has in the industry. In response to a comment requesting
clarification and to mitigate other commenter concerns, final comment
107(a)(17)-2 provides that if a financial institution collects the
number of years the applicant has existed as well as another measure of
time in business, such as the number of years of experience an owner
has in the industry, the financial institution reports the number of
years the applicant has existed as the time in business. The Bureau
believes that this method will result in more uniform and comparable
data on time in business and should not cause operational difficulty
because the financial institution will be reporting information that it
already collects.
Comment 107(a)(17)-3 (renumbered from proposed comment 107(a)(17)-
6) is finalized with minor clarifications. Final comment 107(a)(17)-3
provides that a financial institution is required to maintain
procedures reasonably designed to collect applicant-provided data,
which includes time in business; however, if the financial institution
is nonetheless unable to collect this information, then the financial
institution reports ``not provided by applicant and otherwise
undetermined'' for the time in business data point. The Bureau believes
that providing this reporting option will facilitate compliance.
The Bureau acknowledges commenters' arguments that time in business
is not collected by some financial institutions now nor used by such
institutions for underwriting purposes. However, other industry
commenters indicated that they do collect and use time in business for
underwriting (for example, commenters stated the credit decision is
based on a combination of the number of years the applicant has been in
business and the number of years the principals or owners have in the
industry).
Commenters also expressed concern with the burden associated with
collecting time in business information. The Bureau does not believe it
would be too difficult for financial institutions to collect this
information if they do not already do so, and the ability to merely ask
whether a business has existed for less than two years or two years or
more should reduce any complexity for applicants in providing the
information. The Bureau also believes that collection of time in
business will further the dual purposes of section 1071, as discussed
above. The final rule does not permit time in business information be
reported at the financial institution's option, as the Bureau believes
that if it made this data point optional, very little data would be
reported.
With respect to the concern raised by a commenter that reporting
time in business information may cause a financial institution to
appear to discriminate against start-up businesses because of its
policy to avoid providing financing to start-ups, the Bureau believes
that time in business information will help mitigate concerns of data
misrepresentation and help explain the credit decision made by a
financial institution. For example, data indicating that an applicant
is relatively new with little experience or financial history could
explain why the financial institution denied the application or
approved it for less than what was applied for.
With respect to the recommendation that the Bureau allow all
financial institutions to report the applicant's time in business
whether used in credit underwriting or collected from the applicant,
the final rule provides this flexibility for financial institutions.
The final rule also allows the financial institution to collect
applicant-provided data, including time in business information, from
appropriate third-party sources. See final Sec. 1002.107(b).
The Bureau is not adopting a safe harbor from liability for
reporting the applicant-provided time in business for the reasons
provided in the section-by-section analysis of Sec. 1002.112(c).
Guidance related to relying on information provided by an applicant and
appropriate third-party sources, including time in business
information, is provided in final comment 107(b)-1. (Similar content
was included in proposed comment 107(a)(17)-1.) That comment explains
that a financial institution needs report verified information only if
it verifies information from the applicant for its own business
purposes. Because the rule makes clear that a financial institution may
rely on statements made by or information from the applicant regarding
time in business and need not verify its accuracy, the Bureau does not
believe that a safe harbor is necessary. For more information on
relying on information provided by an applicant, see the section-by-
section analysis of Sec. 1002.107(b).
107(a)(18) Minority-Owned, Women-Owned, and LGBTQI+-Owned Business
Statuses Background
ECOA section 704B(b) requires financial institutions to inquire
whether applicants for credit are minority-owned and/or women-owned
businesses and to maintain a record of the responses to that inquiry
separate from the applications and accompanying information. Section
704B(c) provides that applicants for credit may refuse to provide
information requested pursuant to 704B(b). ECOA section 704B(e)(2)(H)
authorizes the Bureau to require financial institutions to compile and
maintain ``any additional data that the Bureau determines would aid in
fulfilling the purposes of [section 1071].'' The Bureau is finalizing
Sec. 1002.107(a)(18) to address how a financial institution would
collect and report an applicant's minority-owned and women-owned
business statuses, along with LGBTQI+-owned business status which the
Bureau believes would aid in fulfilling the purposes of section 1071.
The Bureau proposed appendix F to provide instructions to aid
financial institutions when collecting minority-owned business status
pursuant to proposed Sec. 1002.107(a)(18) and women-owned business
status pursuant to proposed Sec. 1002.107(a)(19). However, there was
some duplication between what was contained in proposed appendix F and
in proposed Sec. 1002.107(a)(18) and (19) and associated commentary.
As discussed further herein, final Sec. 1002.107(a)(18) differs
from proposed Sec. 1002.107(a)(18) in a number of ways, largely to
streamline the rule and facilitate compliance. First, the final rule
combines proposed Sec. 1002.107(a)(18) and (19) into final Sec.
1002.107(a)(18). Next, final Sec. 1002.107(a)(18) also requires
collection of LGBTQI+-owned business status. Finally, the commentary to
final Sec. 1002.107(a)(18) incorporates the information contained in
proposed appendix F.
Proposed Rule--Proposed Sec. 1002.107(a)(18) and (19)
In order to implement the section 1071 requirement that financial
institutions inquire whether applicants for credit are minority-owned
and/or women-owned businesses, the Bureau proposed Sec.
1002.107(a)(18) to address minority-owned business status, and Sec.
1002.107(a)(19) to address women-owned business status. The text of
these
[[Page 35340]]
proposed provisions was otherwise identical in their language. Proposed
Sec. 1002.107(a)(18) and (19) would have required financial
institutions to collect and report whether an applicant is a minority-
owned or women-owned business, respectively. Proposed Sec.
1002.107(a)(18) and (19) would also have required financial
institutions to collect and report whether minority-owned business
status or women-owned business status, respectively, was being reported
based on previously collected data pursuant to proposed Sec.
1002.107(c)(2). When the financial institution requests minority-owned
and women-owned business statuses from an applicant, the financial
institution would have been required to inform the applicant that the
financial institution cannot discriminate on the basis of the
applicant's minority-owned or women-owned business status, or on
whether the applicant provides this information. Finally, proposed
Sec. 1002.107(a)(18) and (19) would have referred to proposed appendix
F for additional details regarding how financial institutions are
required to collect and report minority-owned or women-owned business
statuses, respectively. Proposed appendix F would have included a
requirement that a financial institution inform an applicant that the
applicant is not required to respond to the financial institution's
questions regarding the applicant's minority-owned business status and
women-owned business status and inform the applicant of a prohibition
on financial institutions requiring applicants to provide this
information.\670\
---------------------------------------------------------------------------
\670\ Proposed appendix G would have included a similar
requirement to notify applicants that they are not required to
provide information regarding principal owners' ethnicity, race, and
sex and of a similar prohibition on financial institutions requiring
that applicants provide such information.
---------------------------------------------------------------------------
Proposed comments 107(a)(18)-1 and 107(a)(19)-1 would have
clarified that a financial institution would be required to ask an
applicant if it is a minority-owned business or women-owned business,
respectively, for each covered application unless the financial
institution is permitted to report minority-owned business status or
women-owned business status, respectively, based on previously
collected data. Additionally, the financial institution would have been
required to permit an applicant to refuse to answer the financial
institution's inquiry and to inform the applicant that it is not
required to provide the information. The financial institution would
have reported the applicant's response, its refusal to answer the
inquiry (such as when the applicant indicates that it does not wish to
provide the requested information), or its failure to respond (such as
when the applicant fails to submit a data collection form) to the
inquiry.
Proposed comments 107(a)(18)-2 and 107(a)(19)-2 would have
explained that a financial institution must inform the applicant that
the financial institution cannot discriminate on the basis of an
applicant's minority-owned business status or women-owned business
status, respectively, or on whether the applicant provides the
information. These proposed comments would also have clarified that a
financial institution may combine this non-discrimination notice
regarding minority-owned business status or women-owned business
status, respectively, with the similar non-discrimination notices that
a financial institution is required to provide when requesting women-
owned business status or minority-owned business status, respectively,
and a principal owner's ethnicity, race, and sex if a financial
institution requests such information in the same data collection form
or at the same time.
Proposed comments 107(a)(18)-3 and 107(a)(19)-3 would have
explained how, pursuant to proposed Sec. 1002.111(b), financial
institutions must record an applicant's response regarding minority-
owned business status and women-owned business status pursuant to
proposed Sec. 1002.107(a)(18) or (19), respectively, separate from the
application and accompanying information. These proposed comments would
have also provided examples of how responses could be recorded
separately from the application and accompanying information.
Proposed comments 107(a)(18)-4 and 107(a)(19)-4 would have stated
that pursuant to proposed Sec. 1002.107(c)(1), a financial institution
shall maintain procedures reasonably designed to collect applicant-
provided information, which includes the applicant's minority-owned
business status or women-owned business status, respectively. However,
if a financial institution did not receive a response to its inquiry,
the financial institution would have reported that the applicant's
minority-owned business status or women-owned business status,
respectively, is ``not provided by applicant.''
Proposed comments 107(a)(18)-5 and 107(a)(19)-5 would have stated
that notwithstanding proposed Sec. 1002.107(b) (regarding verification
of applicant-provided information), a financial institution would have
reported the applicant's response, its refusal to answer the inquiry,
or its failure to respond to the inquiry pursuant to proposed Sec.
1002.107(a)(18) or (19), respectively, even if the financial
institution verifies or otherwise obtains an applicant's minority-owned
business status or women-owned business status for other purposes.
Moreover, a financial institution would not have been required or
permitted to verify the applicant's responses to the financial
institution's inquiries pursuant to proposed Sec. 1002.107(a)(18) or
(19) regarding minority-owned business status or women-owned business
status, respectively.
Proposed comments 107(a)(18)-6 and 107(a)(19)-6 would have
clarified that a financial institution does not report minority-owned
business status or women-owned business status, respectively, based on
visual observation, surname, or any basis other than the applicant's
response to the inquiry that the financial institution makes to satisfy
proposed Sec. 1002.107(a)(18) or (19), respectively, or, if the
financial institution was permitted to report based on previously
collected data, on the basis of the applicant's response to the inquiry
that the financial institution previously made to satisfy Sec.
1002.107(a)(18) or (19), respectively.
Proposed comments 107(a)(18)-7 and 107(a)(19)-7 would have
clarified that a financial institution may report minority-owned
business status or women-owned business status, respectively, based on
previously collected data if the financial institution is permitted to
do so pursuant to proposed Sec. 1002.107(c)(2) and its commentary.
The Bureau sought comment on its proposed approach to these data
points, including the proposed methods of collecting and reporting the
data. The Bureau also requested comment on whether additional
clarification regarding any aspect of these data points is needed. In
particular, the Bureau sought comment on whether applicants are likely
to have difficulty understanding and determining the information they
are being asked to provide and, if so, how the Bureau may mitigate such
difficulties.
Proposed Rule--Proposed Appendix F
Proposed appendix F would have provided instructions to aid
financial institutions when collecting minority-owned business status
pursuant to proposed Sec. 1002.107(a)(18) and women-owned business
status pursuant to proposed Sec. 1002.107(a)(19).
The Bureau proposed appendix F pursuant to its authority under ECOA
[[Page 35341]]
section 704B(g)(1) to prescribe such rules and issue such guidance as
may be necessary to carry out, enforce, and compile data pursuant to
section 1071, in order to facilitate compliance with the statutory
requirements to collect minority-owned and women-owned business
statuses pursuant to 704B(b)(1). Further, the Bureau proposed appendix
F pursuant to its obligation in 704B(g)(3) to issue guidance to
facilitate compliance with the requirements of section 1071, including
assisting financial institutions in working with applicants to
determine whether the applicants are women-owned or minority-owned
businesses.
The Bureau sought comment on the proposed instructions, and
generally sought comment on whether additional clarification regarding
any aspect of the proposed instructions was needed. The Bureau further
requested comment on whether additional or different instructions were
needed for financial institutions that choose not to use a paper data
collection form to collect minority-owned business status or women-
owned business status, such as collecting such information using a web-
based or other electronic data collection form, or over the telephone.
The Bureau also sought comment regarding the challenges faced by both
applicants and financial institutions by the data collection
instructions prescribed in appendix F and specifically requested
comment on ways to improve the data collection of minority-owned
business status and women-owned business status.
Comments Received--Women-Owned and Minority-Owned Business Statuses
The Bureau received comments on proposed Sec. 1002.107(a)(18) and
(19) and appendix F from some industry and community group commenters.
Commenters uniformly supported the Bureau's proposal that the financial
institution would rely solely on the applicant to determine minority-
owned and women-owned business statuses, and that institutions should
not be required or permitted to verify an applicant's response. One
commenter requested that a financial institution not be required to
conduct any follow-up if an applicant fails to provide the information.
Another noted that owners and ownership status may change from day to
day. One said that the back-office functions of financial institutions
will need to ensure the data are being reported correctly and identify
any issues in the data, which will require an increase in staff.
A commenter asserted that applicants should be permitted to self-
report whether they have been certified by a third-party organization
as a minority- and/or women-owned business and the name of the
certifying organization, which it said would promote the objectives of
section 1071 by encouraging responses of relevant and verifiable
information. Another commenter suggested that the Bureau coordinate
with the U.S. Census to create a minority and women-owned business
suffix to a business's NAICS code which identifies their minority or
women-owned business status.
Regarding appendix F, some commenters supported the proposed
approach to collecting information. Several commenters requested that
the Bureau eliminate duplication and include all mandatory statements
in the rule text, rather than in the appendices.
Comments Received--LGBTQI+-Owned Business Status
As discussed in the section-by-section analysis of Sec.
1002.102(k) and (l) above, regarding the definitions for LGBTQI+
individual and LGBTQI+-owned business, the Bureau sought comment on
whether it should adopt a data point to collect an applicant's lesbian,
gay, bisexual, transgender, or queer (LGBTQ+)-owned business status,
similar to the way it proposed to collect minority-owned business
status and women-owned business status.
The Bureau received comments from several banks, individual
commenters, and community groups on this issue. Some commenters did not
support including such a data point in the final rule, generally
stating that asking for such information would be offensive, would be
considered an invasion of privacy, or would damage bank-customer
relationships. One commenter said that applicants are unlikely to
provide this information and that an applicant's LGBTQ+-owned business
status is not considered in the lending process and thus should not be
part of this data collection.
A few commenters also stated that asking for such information could
potentially further segregate and stigmatize LGBTQ individuals and
their businesses, when they already face bias and discrimination. These
commenters also raised concerns about the privacy and security of the
collected information, noting that storing it with financial
institutions and in a nationwide database exposes the information to
not only authorized persons but also potentially to hackers. These
commenters argued that although there is some protection in the Federal
employment law context due to the U.S. Supreme Court's opinion in
Bostock v. Clayton County,\671\ there are States where discrimination
against LGBTQ individuals is legal and thus inferences about one's
sexuality could have serious negative impacts. They also expressed
concern that this information could be used for unintended purposes.
One commenter also expressed a concern that previously collected
information about an applicant's LGBTQ+-owned business status could be
used inappropriately.
---------------------------------------------------------------------------
\671\ 140 S. Ct. 1731 (2020). See the section-by-section
analysis of Sec. 1002.107(a)(19), under Proposed Rule--Collecting
Sex, for a discussion of the Court's holdings in Bostock.
---------------------------------------------------------------------------
Other commenters supported inclusion of LGBTQ+-owned business
status in the final rule, generally asserting the collection of
information about a business' LGBTQ+-owned status is appropriate and
necessary under the law. One commenter stated that businesses owned by
LGBTQ+ individuals face discrimination and bias and urged the Bureau to
use its ECOA section 704B(e)(2)(H) authority to require the collection
of such information. Another commenter argued that data about lending
availability to LGBTQ-owned businesses will enhance the Bureau's
ability to enforce fair lending laws to protect them from
discrimination in credit, and identify their credit needs. Another
commenter stated that collecting applicants' LGBTQ+-owned business
status is necessary to ensure that LGBTQ+ small business owners are
being treated fairly by lenders and fulfill the purposes of section
1071. One commenter suggested that the Bureau include an inquiry to
identify businesses who have experienced impermissible sex
discrimination under ECOA without requiring information on the owners'
specifically held identities if they do not wish to disclose them. This
commenter suggested this would be consistent with the Bureau's proposal
regarding the collection of ethnicity and race.
A commenter also stated that there is public and congressional
support for the collection of LGBTQ+-owned business status information,
noting that H.R. 1443, the LGBTQ Business Equal Credit Enforcement and
Investment Act, would have amended ECOA to include a definition for
``LGBTQ-owned business'' and require the collection of LGBTQ-owned
business status.\672\
---------------------------------------------------------------------------
\672\ H.R. 1443, 117th Cong. (2021).
---------------------------------------------------------------------------
Commenters suggested that the Bureau adopt the same approach it
proposed using for collecting minority-owned and women-owned business
statuses, by providing applicants with a definition for LGBTQ-owned
business
[[Page 35342]]
status and allowing respondents to indicate whether they are or are not
such a business. Another commenter recommended that financial
institutions not be allowed to collect or report such information on
the basis of visual observation, surname analysis, or any method other
than applicant-provided responses. This commenter also stated that
financial institutions should not be permitted or required to verify an
applicant's LGBTQ+-owned business status.
Final Rule--Business Status in General
For the reasons set forth herein, the Bureau is adopting Sec.
1002.107(a)(18) with a number of changes to require collection of
minority-owned business status, to incorporate collection women-owned
business status (from proposed Sec. 1002.107(a)(19)) and to add
LGBTQI+-owned business status, along with a number of conforming
changes to the commentary. The Bureau has also incorporated information
from proposed appendix F into the commentary to final Sec.
1002.107(a)(18),\673\ added additional commentary for parity with final
Sec. 1002.107(a)(19) regarding collection of principal owners'
ethnicity, race, and sex, and updated a number of cross-references.
---------------------------------------------------------------------------
\673\ In certain instances where language in proposed appendix F
and commentary to proposed Sec. 1002.107(a)(18) and (19) were
similar, language in the final regulatory text or commentary has
been revised to improved clarity. In other instances, language from
proposed appendix F is imported wholesale to provide clarity and
streamline the rule.
---------------------------------------------------------------------------
Final Sec. 1002.107(a)(18) requires the collection of information
regarding whether the applicant is a minority-owned, women-owned, and/
or LGBTQI+-owned business. When requesting minority-owned, women-owned,
and LGBTQI+-owned business statuses from an applicant, Sec.
1002.107(a)(18) requires that a financial institution inform the
applicant that the financial institution cannot discriminate on the
basis of minority-owned, women-owned, or LGBTQI+-owned business
statuses, or on whether the applicant provides this information.
Final comment 107(a)(18)-1 clarifies that a financial institution
must ask an applicant whether it is a minority-owned, women-owned, and/
or LGBTQI+-owned business. A financial institution must permit an
applicant to refuse (i.e., decline) to answer the inquiries and must
inform the applicant that it is not required to provide the
information. The financial institution must report the applicant's
substantive responses, that the applicant declined to answer, or its
failure to respond to an inquiry, as applicable.
Final comment 107(a)(18)-2 clarifies that a financial institution
must provide the applicants with definitions of the terms minority-
owned business, women-owned business, and LGBTQI+-owned business when
inquiring about these business statuses. A financial institution
satisfies this requirement if it provides the definitions set forth in
the sample data collection form in appendix E.
Final comment 107(a)(18)-3 clarifies that a financial institution
may combine on the same paper or electronic data form the business
status questions along with the data requested in Sec. 1002.107(a)(19)
(principal owners' ethnicity, race, and sex) and Sec. 1002.107(a)(20)
(number of principal owners).
Final comment 107(a)(18)-4 (renumbered from comment 107(a)(18)-2 in
the proposal and incorporating additional information from proposed
appendix F) explains that a financial institution must inform the
applicant that the financial institution cannot discriminate on the
basis of an applicant's business statuses or on whether the applicant
provides the information. Under the final rule, a financial institution
must also inform the applicant that Federal law requires it to ask for
an applicant's minority-owned, women-owned, and LGBTQI+-owned business
statuses to help ensure that all small business applicants for credit
are treated fairly and that communities' small business credit needs
are being fulfilled (this disclosure would have been optional under the
NPRM). The Bureau believes that this notice should be compulsory,
rather than voluntary, to ensure that applicants receive information
about the data collection rule and its purposes. See the section-by-
section analysis of Sec. 1002.107(a)(19) for further explanation and
discussion of comments received on this issue.
Final comment 107(a)(18)-5 explains that a financial institution
must maintain the record of an applicant's responses to the financial
institution's inquiry separate from the application and accompanying
information.
Final comment 107(a)(18)-6 explains that if a financial institution
does not receive a response to the financial institution's inquiry for
purposes of Sec. 1002.107(a)(18), the financial institution reports
that the applicant's business statuses were ``not provided by
applicant.''
Final comment 107(a)(18)-7 explains that a financial institution
reports that the applicant responded that it did not wish to provide
the information about an applicant's business statuses if the applicant
declines or refuses to provide the information by selecting such a
response option on a paper or electronic form. The financial
institution reports an applicant's refusal to provide such information
in this way, if the applicant orally declines to provide such
information for a covered application taken by telephone or another
medium that does not involve providing any paper or electronic
documents.
Final comment 107(a)(18)-8 explains that if an applicant both
provides a substantive response to the financial institution's inquiry
regarding business status and also checks the ``I do not wish to
provide this information'' box or similar for that question, the
financial institution reports the applicable business status(es)
provided by the applicant (rather than reporting that the applicant
declined to provide the information).
Final comment 107(a)(18)-9 explains that, notwithstanding Sec.
1002.107(b) (regarding verification of applicant-provided data), a
financial institution must report the applicant's substantive
response(s), that the applicant declined to answer the inquiry, or the
applicant's failure to respond to the inquiry, even if the financial
institution verifies or otherwise obtains an applicant's business
statuses for other purposes, and provides an example of such a
situation.
With regard to commenters who asserted that applicants should be
able to rely upon minority-owned or women-owned business status
certifications received from a third-party organization, the Bureau
believes that the definitions of minority-owned or women-owned business
statuses from third-party organizations may not align with the
definitions found in section 1071 and codified in this rule, and thus
reliance on them would not be appropriate. As addressed above, final
comment 107(a)(18)-2 clarifies that a financial institution must
provide applicants with definitions of the terms minority-owned
business, women-owned business, and LGBTQI+-owned business, as provided
in this rule, when asking questions about these business statuses.
Final Rule--LGBTQI+-Owned Business Status
For the reasons set forth herein, the Bureau is exercising its
authority under ECOA section 704B(e)(2)(H) to require financial
institutions to request information about whether an applicant is a
LGBTQI+-owned business. The Bureau believes that the collection of this
information will further section
[[Page 35343]]
1071's statutory purposes. Specifically, the Bureau believes that the
collection of this information will help address an information gap
about small business lending and facilitate fair lending enforcement
and the identification of business and community development needs and
opportunities for small businesses.
Based on the limited information available, the Bureau believes
that LGBTQI+-owned businesses may experience particular challenges
accessing small business credit. For example, one report found that,
while LGBTQ businesses were equally likely to apply for financing, they
were less likely to receive it, with about 46 percent of LGBTQ-owned
businesses reporting that they had received none of the financing that
they had applied for in the past year, as compared to 35 percent of
non-LGBTQ businesses that applied for funding. The report noted that
LGBTQ-owned businesses were more likely than non-LGBTQ businesses to
explain their denial was due to lenders not approving financing for
``businesses like theirs'' (33 percent versus 24 percent), among other
reasons.\674\ The same report also found that LGBTQ-owned businesses
that applied for Paycheck Protection Program funding in 2021 were less
successful in receiving funding applied for than non-LGBTQ
businesses.\675\
---------------------------------------------------------------------------
\674\ Spencer Watson et al., Ctr. for LGBTQ Economic Advancement
& Research and Movement Advancement Project, LGBTQ-Owned Small
Businesses in 2021, 10-11 (July 2021), http://www.lgbtq-economics.org/research/lgbtq-small-businesses-2021 (analyzing 2021
data from Small Business Credit Survey administered by the Federal
Reserve Banks). As used in the report, the term ``LGBTQ-owned
business'' refers to businesses where individuals who identify as
lesbian, gay, bisexual, transgender, or queer own 50 percent or more
of the business. Id. at note a.
\675\ Id. at 8-9 (only 54 percent of LGBTQ-owned businesses
received all the Paycheck Protection Program funding they applied
for in 2021, and 17 percent received none of the funding applied
for, compared to 68 percent and 10 percent of all non-LGBTQ owned
businesses, respectively).
---------------------------------------------------------------------------
ECOA section 704B(e)(2)(H) provides the Bureau with broad
discretion to collect ``any'' additional data it determines would aid
in fulfilling the purposes of section 1071. As discussed, the Bureau
has determined that the collection of business applicants' LGBTQI+-
owned business status information, in addition to requiring information
on principal owners' specifically held sex/gender identity, as
discussed in the section-by-section analysis of Sec. 1002.107(a)(19)
below, will facilitate the purposes of section 1071 and is thus
exercising its authority under section 1071 to require its collection.
Similar to the proposed (and final) approaches for collecting
women-owned and minority-owned business statuses, financial
institutions are required to provide the definition of ``LGBTQI+-owned
business'' under Sec. 1002.102(l) when requesting information about an
applicant's LGBTQI+-owned business status as provided by final comment
107(a)(18)-2. Financial institutions are also required to provide the
same notices when requesting an applicant's LGBTQI+-owned business
status, such as the notice that the applicant is not required to
provide the information under final comment 107(a)(18)-1 and other
notices under final comment 107(a)(18)-4. Other provisions set out in
commentary for minority-owned and women-owned business statuses
likewise apply to LGBTQI+-owned business status; for example, a
financial institution reports only the applicant's response to the
inquiry about its LGBTQI+-owned business status, even if it verifies or
otherwise obtains an applicant's LGBTQI+-owned business status for
other purposes. See, e.g., comments 107(a)(18)-6, -7, and -9.
Final comment 107(a)(18)-5 also clarifies that an applicant's
responses about whether it is an LGBTQI+-owned business must be kept
separately from the small business's application form and accompanying
documents. ECOA section 704B(b)(2) requires a financial institution to
maintain a record of the ``responses to [the] inquiry'' required by
section 704B(b)(1) separate from the application and accompanying
information. As explained in part E.2 in the Overview to this part V,
the Bureau interprets section 704B(b)(2) to refer to an applicant's
responses to protected demographic information, which includes whether
the applicant is a minority-owned business and/or a women-owned
business, and the ethnicity, race, and sex of the applicant's principal
owners. This is because these data points require financial
institutions to request demographic information that has no bearing on
the creditworthiness of an applicant and that financial institutions
would not be otherwise able to request absent the data collection
requirements under section 1071 and the final rule as a result of
Regulation B's general prohibition on inquiring about the sex of an
applicant or any other person in connection with a credit
transaction.\676\ Likewise, the Bureau considers the LGBTQI+-owned
business status data point to be protected demographic information that
has no bearing on an applicant's creditworthiness, as also noted by
some commenters, and which financial institutions would be unable to
collect without the requirement to do so in final Sec.
1002.107(a)(18). As a result, the Bureau believes that it is necessary
to require a financial institution to maintain an applicant's response
to the inquiry about whether it is a LGBTQI+-owned business separately
from the rest of the business's application and accompanying
information under final Sec. 1002.111(b), similar to the requirement
with respect to responses about an applicant's minority-owned and
women-owned business statuses.
---------------------------------------------------------------------------
\676\ 86 FR 56356, 56386-87 (Oct. 8, 2021); id. at 56501-02. See
also 12 CFR 1002.5(b).
---------------------------------------------------------------------------
The Bureau acknowledges commenters' concerns that requesting
information as to whether applicants are LGBTQI+-owned businesses could
be offensive, be considered an invasion of privacy by applicants, or
damage bank-customer relationships. Final comment 107(a)(18)-4 provides
that a financial institution must inform the applicant that Federal law
requires it to ask for an applicant's minority-owned, women-owned, and
LGBTQI+-owned business statuses to help ensure that all small business
applicants for credit are treated fairly and that communities' small
business credit needs are being fulfilled. Sample language for this
notice, which provides a brief, plain language explanation of the
purpose of the data collection, appears in the sample data collection
form in appendix E. The Bureau believes providing such context will
help to mitigate negative reactions an applicant may have to a
financial institution's request for such information. Further, as
stated on the sample data collection form, applicants have the right to
refuse to provide this information, as provided under comment
107(a)(18)-1.
The Bureau acknowledges commenters' arguments that applicants are
unlikely to respond to the inquiry about LGBTQI+ status and that
therefore financial institutions should not be required to ask.
However, the Bureau and other data users are unable to conduct
comprehensive fair lending and business and community development
analyses without this data point, even as applicants are individually
entitled to refuse to provide it.
Some commenters expressed concern that LGBTQI+-owned business
status could be detrimentally used against LGBTQI+ individuals and
their businesses. As discussed in greater detail in part VIII below,
the Bureau acknowledges that an individual person's LGBTQI+ status
likely is sensitive personal information that could pose personal
privacy risks as well as other non-personal commercial
[[Page 35344]]
privacy risks. Part VIII also contains a more comprehensive analysis of
how privacy interests may be appropriately protected. In addition, the
Bureau is finalizing Sec. 1002.110(e), which prohibits financial
institutions and third parties from disclosing protected demographic
information except in limited circumstances.
107(a)(19) Ethnicity, Race, and Sex of Principal Owners
ECOA section 704B(e)(2)(G) requires financial institutions to
compile and maintain certain information, including the race, sex, and
ethnicity of an applicant's principal owners. However, section 1071
does not set out what categories should be used when collecting and
reporting this information. The Bureau proposed Sec. 1002.107(a)(20)
to address how a financial institution would collect and report the
ethnicity, race, and sex of an applicant's principal owners.
Proposed Sec. 1002.107(a)(20) would have required financial
institutions to collect and report the ethnicity, race, and sex \677\
of the applicant's principal owners as well as whether this information
is being reported based on previously collected data pursuant to
proposed Sec. 1002.107(c)(2). It would have also required financial
institutions to report, in certain circumstances, whether ethnicity and
race are being reported by the financial institution on the basis of
visual observation or surname analysis. Proposed Sec. 1002.107(a)(20)
would have required financial institutions to collect and report
ethnicity, race, and sex data as prescribed in proposed appendix G.
Proposed appendix G would have included a requirement that a financial
institution inform an applicant that the applicant is not required to
respond to the financial institution's questions regarding its
principal owners' ethnicity, race, or sex and would have also included
a prohibition on financial institutions requiring applicants to provide
this information. Proposed Sec. 1002.107(a)(20) would have also
required that when the financial institution requests ethnicity, race,
and sex information from an applicant, the financial institution must
inform the applicant that the financial institution cannot discriminate
on the basis of a principal owner's ethnicity, race, or sex, or on
whether the applicant provides this information. The Bureau also put
forth for public comment a sample data collection form in proposed
appendix E that financial institutions would be able use to collect
ethnicity, race, and sex information.
---------------------------------------------------------------------------
\677\ While ECOA section 704B(e)(2)(G) uses ``race, sex, and
ethnicity,'' the Bureau reordered them to ``ethnicity, race, and
sex'' for purposes of the proposal, so that they would appear
alphabetically and for consistency with how they appear in
Regulation C. The Bureau is using the same approach for this final
rule.
---------------------------------------------------------------------------
The Bureau is finalizing the statutory requirement to collect
principal owners' ethnicity, race, and sex in Sec. 1002.107(a)(19).
Below, the Bureau first discusses its general approach to collecting
principal owners' ethnicity, race, and sex. Second, the Bureau
discusses finalizing its proposal to collect ethnicity and race
information using certain aggregate categories and disaggregated
subcategories. Third, the Bureau discusses its approach to requiring
the collection of sex by applicant self-identification (using only a
free-form text field for a paper or electronic form, or by self-
description for applications taken orally) and without the use of
response categories. Finally, the Bureau discusses its decision not to
require collection of principal owners' ethnicity and race via visual
observation and/or surname analysis. The Bureau has incorporated
information from proposed appendix G into the commentary to final Sec.
1002.107(a)(19) \678\ and has updated a number of cross-references.
---------------------------------------------------------------------------
\678\ In certain instances where language in proposed appendix G
and commentary to proposed Sec. 1002.107(a)(20) were substantially
similar, language in the final regulatory text or commentary has
been revised to improve clarity. In other instances, language from
proposed appendix G is imported wholesale to provide clarity and
streamline the rule.
---------------------------------------------------------------------------
Proposed Rule--Collecting Ethnicity, Race, and Sex, In General
Proposed comment 107(a)(20)-1 would have clarified how a financial
institution collects ethnicity, race, and sex information. It would
have stated that unless a financial institution is permitted to report
ethnicity, race, and sex information based on previously collected data
pursuant to proposed Sec. 1002.107(c)(2), a financial institution must
ask an applicant to report its principal owners' ethnicity, race, and
sex for each covered application and that the financial institution
must permit an applicant to refuse to answer the financial
institution's inquiry. It would have required financial institutions to
inform the applicant that it is not required to provide the
information. Proposed comment 107(a)(20)-1 would have further clarified
that the financial institution must report the applicant's responses,
its refusal to answer the inquiries, or its failure to respond to the
inquiries, and explain that in certain situations, discussed in
proposed comments 107(a)(20)-7 and -8 and in proposed appendix G, a
financial institution may also be required to report one or more
principal owners' ethnicity and race (but not sex) based on visual
observation and/or surname analysis. Proposed comment 107(a)(20)-1
would have cross-referenced proposed appendix G for additional
instructions.
Proposed comment 107(a)(20)-2 would have explained that a financial
institution must inform the applicant that the financial institution
shall not discriminate on the basis of a principal owner's ethnicity,
race, or sex or on whether the applicant provides that information. It
would have also clarified that a financial institution may combine this
non-discrimination notice with the similar non-discrimination notices
that a financial institution would have been required to provide when
requesting minority-owned business status and women-owned business
status if a financial institution had requested minority-owned business
status, women-owned business status, and/or a principal owner's
ethnicity, race, and sex in the same data collection form or at the
same time.
Proposed comment 107(a)(20)-3 would have explained how, pursuant to
proposed Sec. 1002.111(b), financial institutions must record
applicants' responses regarding a principal owner's ethnicity, race,
and sex pursuant to Sec. 1002.107(a)(20) separate from the application
and accompanying information. This proposed comment would have also
provided examples of how responses could be recorded separately from
the application and accompanying information.
Proposed comment 107(a)(20)-4 would have clarified that a financial
institution is required to maintain procedures reasonably designed to
collect applicant-provided information pursuant to proposed Sec.
1002.107(c)(1), including the ethnicity, race, and sex of an
applicant's principal owners. However, if a financial institution is
nonetheless unable to collect the principal owners' ethnicity, race, or
sex from the applicant and if the financial institution is not required
to report the principal owners' ethnicity and race based on visual
observation and/or surname, the financial institution would have been
required to report that the principal owner's ethnicity, race, or sex
(as applicable) is ``not provided by applicant.''
Proposed comment 107(a)(20)-12 would have clarified that a
financial institution is neither required nor permitted to verify the
ethnicity, race, or sex information that the applicant
[[Page 35345]]
provides for purposes of proposed Sec. 1002.107(a)(20), even if the
financial institution verifies or otherwise obtains the ethnicity,
race, or sex of the applicant's principal owners for other purposes.
The Bureau also solicited comment on whether it would be useful to
expressly codify this application of the principle in the commentary.
Additionally, the proposed comment would have explained that, if an
applicant refuses to respond to the inquiry pursuant to proposed Sec.
1002.107(a)(20) or fails to respond to this inquiry, the financial
institution reports that the applicant declined to provide the
information or did not respond to the inquiry (as applicable), unless
the financial institution is required to report ethnicity and race
based on visual observation and/or surname analysis. Finally, the
proposed comment would have explained that the financial institution
does not report ethnicity, race, or sex pursuant to proposed Sec.
1002.107(a)(20) based on information that the financial institution
collects for other purposes.
Proposed comment 107(a)(20)-5 would have explained that generally
an applicant determines its principal owners and decides whether to
provide information about principal owners. It would have further
stated that, nonetheless, a financial institution may be required to
report ethnicity and race information based on visual observation and/
or surname analysis and may need to determine if a natural person with
whom the financial institution meets in person is a principal owner. It
would have explained how a financial institution determines who is a
principal owner in the event that the financial institution may be
required to report ethnicity and race information based on visual
observation and/or surname. It would have also provided examples of how
the financial institution can make that determination and noted that
the financial institution is not required to verify any responses
regarding whether a natural person is a principal owner.
The Bureau sought comment on those proposed general aspects of
collecting and reporting principal owners' ethnicity, race, and sex,
including comments on the challenges that financial institutions may
have implementing them.
Comments Received--Collecting Ethnicity, Race, and Sex, In General
The Bureau received comments regarding the collection of ethnicity,
race, and sex for applicants' principal owners, in general, from a wide
range of commenters including lenders, trade associations, community
groups, individual commenters, a software vendor, and others. Within
these general comments, commenters addressed a number of issues
including alignment with HMDA, lack of applicant responses,
verification of applicant-provided data, privacy issues, and concerns
related to burden and cost. These issues, and others, are discussed in
turn below.\679\
---------------------------------------------------------------------------
\679\ The Bureau also received comments about specific aspects
of the Bureau's proposal for collecting and reporting principal
owners' ethnicity, race, and sex information, including collecting
ethnicity and race using aggregate categories and disaggregated
subcategories; collecting sex; and collecting ethnicity and race via
visual observation and/or surname analysis in certain circumstances.
Such comments are discussed further below in this section-by-section
analysis of Sec. 1002.107(a)(19).
---------------------------------------------------------------------------
General support and concerns. The Bureau received comments from
lenders, trade associations, community groups, and others regarding its
proposal, at a general level, for collecting information about the
ethnicity, race, and sex of principal owners.
Many commenters supported the Bureau's proposal and the creation of
a comprehensive small business lending database. These commenters said
that collecting information about the ethnicity, race, and sex of small
business applicants' principal owners will help address a lack of such
information in existing lending data; facilitate enforcement of fair
lending laws; and enable stakeholders to understand and identify needs
and opportunities, remove barriers, and advocate for women-owned,
minority-owned, and small businesses. Some commenters also emphasized
generally that the data disclosure would shed light on racial and
gender gaps and discrimination, which they noted are long-standing
issues and which have been exacerbated by the COVID-19 pandemic. One
commenter characterized the collection of this information as long
overdue.
Many commenters expressing general support for the Bureau's
proposal emphasized that the demographic data collected under the final
rule must be robust, disaggregated, detailed, and include information
on underwriting criteria and on race, gender identity, sexual
orientation, and disability status in order to enable meaningful
analysis.
Several lenders and a business advocacy group stated that the data
would help lenders improve their lending practices. One commenter that
Congress's adjustments to the SBA's Paycheck Protection Program in the
program's second round, to prioritize minority-owned and women-owned
businesses and microbusinesses and set aside funds for CDFIs, could not
have happened without access to Paycheck Protection Program lending
data, including demographic data. Another commenter stated that the
small business lending data collection is necessary to gather critical
data on lending beyond what is collected by the SBA.
Some commenters emphasized that HMDA data, which include
demographic and socioeconomic information, have provided valuable
insight on racial and income disparities in the home mortgage lending
market and have been an important tool to hold lenders accountable as
well as to determine how to meet unmet credit needs. Several commenters
also emphasized that after Congress included demographic information as
part of the HMDA data collection, the number of mortgages to people of
color and people with modest incomes increased; these commenters
anticipate a similar outcome for small business lending after data
collected under this final rule are published.
One commenter stated that the collection of demographic data for
each of an applicant's principal owners would help provide the public
with a sense of the varying percentages of ownership by women or
minorities above or below the 50 percent threshold for minority-owned
or women-owned businesses and help determine if businesses with
different minority ownership levels have distinct borrowing
experiences.
The Bureau also received comments expressing generally applicable
concerns and requests for clarification about its proposal for
collecting ethnicity, race, and sex information. Several commenters
said that the Bureau's proposal includes duplicative content in the
proposed rule text, commentary, and appendices, which they said could
complicate compliance. These commenters recommended that any mandatory
requirements be in the final regulatory text, rather than spread out
among the regulation, commentary, and appendices. Another commenter
asserted that the proposed rules for collecting demographic information
are too complex.
Another argued that a significant hurdle in implementing the
Bureau's proposal is that while ECOA requires financial institutions to
be blind to factors such as ethnicity, race, and sex in lending, they
must collect and report information on those same factors under the
Bureau's proposed rule (including by visual observation and surname
[[Page 35346]]
analysis under certain circumstances). This commenter asserted that the
Bureau's proposal is irreconcilable with ECOA and cannot be reasonably
implemented without compromising the data collected. Another commenter
predicted that requiring financial institutions to collect ethnicity,
race, or sex information would lead to possible favoritism,
discrimination, and stereotyping. (Similar concerns were raised
specifically with respect to collection of ethnicity and race
information by visual observation and/or surname analysis; these
commenters are discussed separately below.)
One commenter asked the Bureau to clarify how a financial
institution should report an applicant's principal owners' ethnicity,
race, and sex information if a representative of a small business
applicant states they need to check with the principal owners for such
information, but the application is withdrawn or declined before the
information is provided. The commenter stated that because borrowers
may apply to many lenders for a loan, reporting on withdrawn
applications would skew collected loan data. The commenter also asked
for clarification about how to report under similar circumstances,
where an application has been approved, but still no information has
been provided. This commenter suggested the Bureau provide options for
a financial institution to report that an applicant ``declined to
answer'' for applicants that specifically refused to provide responses
and ``not available'' for other circumstances, including withdrawn
applications or applicant non-responsiveness.
Another commenter suggested that the Bureau should collect
demographic data for ``applicants,'' which it characterized as the
natural persons completing the application. This commenter argued that
such information would further the fair lending purposes of section
1071, because loan applicants may be subject to different treatment
based on factors such as their ethnicity, race, or gender, citing a
study finding that prospective loan applicants were subject to
differential treatment on the basis of their race and gender in the
pre-application stage.\680\
---------------------------------------------------------------------------
\680\ Nat'l Cmty. Reinvestment Coal., Racial and Gender Mystery
Shopping for Entrepreneurial Loans: Preliminary Overview (2020),
https://ncrc.org/wp-content/uploads/2020/02/NCRC-Mytery-Shopping-Race-and-Gender-v8.pdf.
---------------------------------------------------------------------------
An industry commenter asked whether a financial institution could
collect demographic information at a greater level of specificity than
proposed by the Bureau. Another asked whether a financial institution
is permitted to reconcile discrepancies or inaccuracies in self-
reported ethnicity or race data with the use of software or other
relevant information.
Alignment with HMDA. Some industry commenters urged the Bureau to
align the collection of principal owners' ethnicity, race, and sex
information under the final rule with the collection of such
information for mortgage applicants under Regulation C, whether exactly
or to the greatest extent possible. One commenter also suggested
alignment with existing Regulation B, which also requires the
collection of certain demographic information for certain
mortgages.\681\ These commenters said that consistency between the HMDA
and section 1071 data collections would reduce confusion for financial
institutions and applicants, facilitate efficient data collection such
as by allowing data to be collected only once for applications covered
by both HMDA and section 1071, facilitate compliance, reduce burden,
and make the collected data more usable across regulations.
---------------------------------------------------------------------------
\681\ Under existing Regulation B, a creditor is required to
collect applicant ethnicity, race, sex, marital status, and age
information for an application for credit primarily for the purchase
or refinancing of a dwelling occupied or to be occupied by the
applicant as a principal residence, where the extension of credit
will be secured by the dwelling. 12 CFR 1002.13(a). Regulation B
provides that the ethnicity and race information shall be requested
either by using specified aggregate ethnicity and race categories,
or the aggregate and disaggregated ethnicity and race categories set
forth under Regulation C. Id.
---------------------------------------------------------------------------
Several commenters identified issues that could arise for
applications reportable under both section 1071 and HMDA, if the data
collection requirements under the two regulatory regimes did not match.
They said that financial institutions could potentially be required to
collect data using different forms and to have systems capable of
maintaining separate sets of data for the same transaction under the
Bureau's proposal. Some also said that applicant confusion about the
differences between the two regimes may reduce applicants' willingness
to provide the requested information. (Commenters more specific
concerns about how overlapping data collection obligations would work
are discussed in more detail below.) Some commenters generally urged
the Bureau to either align the HMDA and section 1071 data collection
requirements or to exempt loans from one regime that are reportable
under the other to avoid such issues.
Concerns related to specific transactions or institutions.\682\
Some commenters expressed support for, or concerns about, the
collection of principal owners' ethnicity, race, and sex information in
the context of specific types of transaction or institutions.
---------------------------------------------------------------------------
\682\ The Bureau received a number of comments responding to the
Bureau's proposal regarding the collection of protected demographic
information vis-[agrave]-vis certain types of institutions and
transactions, many of which are discussed in the section-by-section
analyses of Sec. 1002.104 (covered transactions and excluded
transactions), Sec. 1002.105 (covered financial institutions and
exempt institutions), and Sec. 1002.107(c) (time and manner of
collection). The Bureau also received comments on specific aspects
of the Bureau's proposal to collect principal owners' ethnicity,
race, and sex information, in the context of specific types of
institutions and transactions. See the Bureau's discussion of such
comments in the referenced parts of this preamble for more detail.
---------------------------------------------------------------------------
Some commenters raised general concerns about the proposed
collection of ethnicity, race, and sex information by small banks or
community banks. A few commenters said that requesting ethnicity, race,
and sex information has the potential to negatively impact their
relationships with their customers. One stated that such inquiries
could make customers distrustful of their banks and raise privacy
concerns, and urged the Bureau to consider the impact that the
collection of such information may have on the relationship-based
banking model of community banks.
A number of commenters, including many agricultural lenders,
expressed general support for the collection of demographic data. One
commenter stated that the proposed collection of demographic
information would help reveal and prevent unfair agricultural lending
practices. Other commenters stated support for demographic data
collection, provided that the rule's definition of small business is
tailored for the agricultural credit context. One commenter expressed
concern about the burden for collecting and reporting demographic
information for agricultural lenders and farmers.
Some commenters emphasized particular difficulties for collecting
ethnicity, race, and sex information for credit applications taken in
retail environments (also referred to as ``point of sale''
applications/transactions). These commenters noted that credit
applications taken in retail store environments differ from those
typically taken at banks because customers expect speed and efficiency
in the application process, and expressed their concern that the
Bureau's proposal would add complexity and length to application
processes, due in part to detailed questions about ethnicity, race, and
sex.
[[Page 35347]]
These commenters also expressed concerns about having retail store
associates ask for this information. Commenters said that many
retailers may use oral, interview-style, in-store application
processes, and that retail store associates do not have the training to
make such inquiries or handle customer questions or reactions. Several
commenters also stated that small business applicants may feel
uncomfortable providing ethnicity, race, and sex information in public
retail spaces. Another commenter predicted that the majority of small
business credit applications submitted at the point of sale would lack
demographic information. Some of these commenters also urged the Bureau
to exempt private label and co-branded credit applications, along with
other types of credit originated at or facilitated through retailers
such as revolving lines of credit and installment loans (e.g., point of
sale credit), from the rule's requirements in various ways--such as by
exempting all such applications, or those for lines of credit below
$50,000, from the requirement to collect demographic information.
A group of trade organizations stated that insurance premium
finance transactions should not be included within the scope of the
final rule, in part because State insurance law generally prohibits or
discourages insurance agents from collecting information about race,
religion, national origin, or ethnicity of an insured business's owners
on behalf of lenders, and insurers do not collect such information as a
result.
Several other trade associations urged the Bureau to clarify how
the rule's data collection requirements apply to indirect vehicle
finance transactions. Beyond generally urging the Bureau to exempt such
transactions from the final rule, two trade associations stated a
survey of their automobile and truck dealer members reflected concerns
about training employees to collect ethnicity, race, and sex
information, particularly with respect to implementing the Bureau's
proposed visual observation and surname data collection requirement.
Lack of applicant responses. Several commenters raised concerns
about a potential lack of applicant responses to the proposed
demographic information questions.\683\ A bank stated that it
encounters difficulties in meeting the HMDA reporting requirements
because mortgage loan applicants are reluctant to provide demographic
information and it anticipates similar reactions from small businesses.
Other commenters argued that low demographic response rates in the
Paycheck Protection Program indicates that most small business
applicants will likely decline or fail to provide demographic
information. Thus, some commenters said, records with missing
demographic data will likely need to be either excluded from fair
lending analyses or data users will have to use proxies for the missing
information, asserting that this outcome calls into question the
benefits of the data collection versus the costs. Another commenter
said that the high number of applications for small business credit
made online, and situations where the person providing information for
a given application may be one of several owners or a company officer
and not an owner themselves, may also lead to a high percentage of
applicants who do not provide responses. One commenter asserted that
small business owners may react negatively to the amount of paperwork
associated with this rule's data collection requirements and as a
result decide not to provide their principal owners' information.
Finally, a commenter suggested that the Bureau require demographic
information to be collected after a credit decision has been made,
rather than before.
---------------------------------------------------------------------------
\683\ A number of commenters also expressed concerns about data
quality in the specific context of their comments about the Bureau's
proposal to require financial institutions to collect at least one
principal owners' race and ethnicity information via visual
observation and/or surname under certain circumstances. These
comments are discussed in more detail below.
---------------------------------------------------------------------------
Verification. Several industry commenters and a women's business
advocacy group argued that financial institutions should not be
required or permitted to verify applicant-provided data about a
principal owner's ethnicity, race, or sex. One commenter suggested that
the Bureau should determine if there are ways for it to verify if
reported data are accurate and correct. (Similar comments specifically
regarding collection of information via visual observation or surname
are discussed in more detail below.)
Reduced demand for traditional credit. Several industry commenters
asserted that the collection of principal owners' protected demographic
information could potentially make borrowing from traditional lenders
less attractive for small businesses due to applicant discomfort or
objections to inquiries for such information. One predicted that
applicants may, as a result, turn to credit cards, payday loans, or
nontraditional online financing for their credit needs.
Privacy. Several industry commenters stated that small business
customers may find the collection of protected demographic information
that could become public to be an invasion of privacy. They generally
expressed concern that such information could be used to re-identify
borrowers, which could in turn harm the reputation or image of a small
business applicant. A bank said this concern is particularly salient in
small communities, and that if public information is used to determine
the identities of a bank's customers and the pricing terms offered to
them, it could result in a competitive disadvantage for the bank versus
other lenders.
Burden and costs for collecting ethnicity, race, and sex
information. Several industry commenters raised concerns about the
burden or compliance costs for financial institutions associated
collecting principal owners' ethnicity, race, and sex information under
the proposal. Other commenters raised similar concerns in the context
of specific types of transactions or institutions, or related to
specific aspects of the Bureau's proposal for collecting this
information, which are discussed in the relevant parts of this section-
by-section analysis.
One commenter expressed concern that financial institutions may
need to increase the prices and fees for credit to cover increased
compliance costs related to the collection and storage of ethnicity,
race, and sex information. Another stated that collecting principal
owners' ethnicity, race, and sex information would require online
lenders to make system changes, which it said would be different from
those needed by traditional lenders. This commenter urged the Bureau to
allow lenders to report aggregate, as opposed to application level,
data to reduce this burden. Another commenter said that because does
not currently collect ethnicity information currently and its core
processing system does not include a field for this information, it
would need to collect this data field manually.
One commenter stated that collecting information for up to four
principal owners as proposed would be burdensome for both financial
institutions and applicants. A lender said that reporting such
information for all principal owners would take a large amount of space
on its small business lending application register. That commenter also
suggested that the Bureau require demographic information for only one
principal owner instead of all principal owners, asserting that this
would not impact the quality of the data because the
[[Page 35348]]
applicant's minority-owned and women-owned business statuses would
still be collected.
In contrast, another lender did not anticipate incurring
significant costs related to the collection of ethnicity, race, and sex
information because it already gathers such information or similar
information for other small business lending programs and funding
opportunities such as the SBA's 7(a) Loan Program; the Paycheck
Protection Program; the Wells Fargo Diverse Community Capital Program;
and the CDFI Fund. The commenter stated that adjusting to section 1071
data collection requirements will primarily entail updating software,
compliance training, and updating materials. The commenter anticipated
minimal ongoing costs that will be considered normal costs of doing
business and said it does not plan on raising fees or restricting
access to credit as a result. The commenter also urged the Bureau to
coordinate with the CDFI Fund to streamline section 1071 reporting
requirements.
Direct reporting to the Bureau or third parties, or use of other
data sources. A number of industry commenters suggested that protected
demographic information should be self-reported by applicants directly
to a central database or registry, whether maintained by the Bureau or
by third parties.
Some commenters urged the Bureau to work with Secretaries of State
so that demographic data generally or information about a business's
minority-owned, women-owned, and/or LGBTQI+-owned business statuses are
voluntarily registered at the same time that a small business registers
with its State. One commenter stated that this would allow small
businesses to provide information to a trusted entity and lenders could
then verify demographic data with the relevant State--thus avoiding
delays and confusion from applicants during the loan application
process.
Other commenters suggested that the Bureau provide ways for small
businesses to report their demographic information directly to the
Bureau. Several suggested the Bureau develop a form for the collection
of ethnicity, race, and sex information that could be sent directly to
the Bureau. Others suggested that the Bureau establish a tool, portal,
or online system for applicants to input their demographic information
or to certify their desire to not provide information. One commenter
stated that the regulatory trend has shifted from requiring collection
and reporting of beneficial ownership information by financial
institutions to having small businesses report directly to the
government. Generally, these commenters said that applicants should be
provided with a unique identifier, either by the Bureau or the
financial institutions, that could be used to match applicant
demographic information with loan information. Several commenters said
that the financial institution should also be given the ability to
match its records with the central database, to enable their internal
fair lending compliance monitoring efforts. Some commenters also
suggested the Bureau coordinate with other Federal agencies, such as
the SBA, U.S. Department of the Treasury, Internal Revenue Service, or
the U.S. Census Bureau, to develop the database, gather information for
other data points, or purge records as necessary.
Some of these commenters stated that direct reporting to the Bureau
would avoid the need for financial institutions to collect ethnicity
and race information via visual observation or surname analysis. These
commenters also stated that this would resolve privacy concerns
applicants may have in providing demographic information to their
lenders. Commenters also asserted that direct reporting would inform
applicants of the Bureau's role in the data collection, promote
applicant self-reporting of demographic information, and likely
increase response rates because it would provide applicants with
assurances of confidentiality and because applicants would not be
concerned that financial institutions would improperly use the data.
Several commenters argued that direct reporting to the Bureau would
have other benefits for financial institutions, including lessening or
eliminating the risk of inappropriate use of demographic data by
financial institutions; reducing a financial institutions' compliance
costs and burden; avoiding the need for financial institutions to
establish firewalls; lowering litigation and regulatory risk; reducing
the risk of reputational harm for asking for sensitive data; and
lowering barriers to entry in financial services. Commenters also
stated that direct reporting would be more efficient for applicants
because information would be maintained in one place and could be
updated as needed, as opposed to being provided for each application.
Commenters further suggested that the Bureau would benefit from
receiving real-time data on applicant demographics, which they claimed
would simplify and enhance analysis and publication and would allow the
Bureau to directly manage the collection, storage, and standardization
of the data.
Some commenters suggested that instead of requiring financial
institutions to collect data, the Bureau should coordinate with other
government agencies, like the Internal Revenue Service and the U.S.
Census Bureau, which already collect demographic and other data on
small businesses, to avoid burden to financial institutions and which
would result in the Bureau having better data to use for analyses. One
commenter suggested that the Bureau should use the demographic analysis
approach being used by the U.S. Census Bureau and develop educational
materials for financial institutions about the methodology. Another
commenter suggested the Bureau buy information from Google or Facebook.
Applicant and financial institution education and guidance. A range
of commenters urged the Bureau to provide education and guidance about
the final rule for applicants, the public, and financial institutions.
The commenters generally stated that the Bureau should engage in an
education and/or media campaign to explain the final rule and its
purposes to develop trust with small business communities and comfort
for applicants by explaining the role of the data collection for
facilitating fair lending and to encourage small businesses to provide
their protected demographic information.
Many of these commenters also suggested that the Bureau develop
guidance and materials such as frequently asked questions and
factsheets to explain the rule and its purposes. A few commenters
suggested developing materials for applicants regarding the ethnicity,
race, and sex data collection inquiries, such as how to respond if a
principal owner is multi-ethnic or multi-racial, so applicants can
accurately respond and financial institution employees are not asked to
interpret or clarify such requirements.
Commenters also recommended developing guidance materials for
financial institutions to use in explaining the final rule, including
training resources and disclosures to explain the reasons and purpose
for the data collection. They also suggested that such materials be
translated into the top ten languages spoken in the United States
according to the U.S. Census Bureau.
Final Rule--Collecting Ethnicity, Race, and Sex, in General
For the reasons set forth herein, the Bureau is finalizing the
requirement to collect principal owners' ethnicity, race, and sex with
certain changes. Among
[[Page 35349]]
other things, the Bureau is: (1) finalizing its proposed requirement
for financial institutions to collect ethnicity and race information
using aggregate categories and disaggregated subcategories, using the
specific categories and subcategories in the proposal; (2) finalizing
the requirement for financial institutions to collect information about
a principal owner's sex, which generally will permit an applicant to
respond to an inquiry about the principal owner's ``sex/gender''
through free-form text or self-description for oral applications; and
(3) not finalizing its proposed requirement to collect and report at
least one principal owner's ethnicity and race information on the basis
of visual observation and/or surname analysis under certain
circumstances. These three specific aspects of the final rule are each
discussed in detail below.
Final Sec. 1002.107(a)(19) (proposed as Sec. 1002.107(a)(20))
requires financial institutions to collect and report information about
the ethnicity, race, and sex of small business applicants' principal
owners. In line with the proposal, final Sec. 1002.107(a)(19) provides
that when requesting such information from an applicant, the financial
institution must inform the applicant that it cannot discriminate on
the basis of a principal owner's ethnicity, race, or sex, or on the
basis of whether the applicant provides this information (non-
discrimination notice).
The final rule does not require a financial institution to report
whether the reported ethnicity, race, and sex information was based on
previously collected data (as permitted by proposed comment 107(c)(2)-
7). This information would have provided additional context for the
Bureau and others when application method was reported as being other
than in-person but ethnicity or race information were reported as
collected through visual observation or surname. Because the Bureau has
decided not to require the use of visual observation and surname
analysis in the final rule, however, the Bureau does not believe that
capturing information about data reuse is still necessary and thus has
removed that requirement from final Sec. 1002.107(a)(19) to streamline
and facilitate compliance.
The Bureau acknowledges commenters' concerns about repetition
across the rule's regulatory text, commentary, and appendices, and has
made a number of changes to reduce duplication and otherwise streamline
this aspect of the final rule to facilitate compliance. In particular,
the Bureau has removed proposed appendix G, relocating unique content
into the commentary for final Sec. 1002.107(a)(19). The Bureau has
also adjusted the commentary accompanying final Sec. 1002.107(a)(19)
to reflect changes to the regulatory text described above, as well as
the addition of LGBTQI+-owned business status where women- and
minority-owned business statuses are mentioned.
Final comment 107(a)(19)-1 generally clarifies how a financial
institution must ask an applicant for its principal owners' ethnicity,
race, and sex. The financial institution must permit an applicant to
refuse to answer the financial institution's inquiries and must inform
the applicant that it is not required to provide the information. It
also establishes how a financial institution reports the applicant's
responses to its inquiries about ethnicity, race, and sex.
Final comment 107(a)(19)-2 (incorporating instruction 3 from
proposed appendix G) explains that a financial institution must provide
an applicant with the definition of principal owner in final Sec.
1002.102(o) and that a financial institution satisfies the requirement
if it provides the definition as set forth in the sample data
collection form in final appendix E.
Final comment 107(a)(19)-3 (incorporating instruction 2 from
proposed appendix G) explains that a financial institution may combine
on the same paper or electronic data collection form the questions
about a principal owner's ethnicity, race, and sex with the number of
the applicant's principal owners pursuant to Sec. 1002.107(a)(20) and
the applicant's minority-owned, women-owned, and LGBTQI+-owned business
statuses pursuant to Sec. 1002.107(a)(18).
Final comment 107(a)(19)-4 (based on proposed comment 107(a)(20)-2)
explains that the non-discrimination notice required when a financial
institution requests a principal owner's ethnicity, race, and sex may
be combined with the non-discrimination notice that is required when
requesting information about an applicant's minority-owned, women-
owned, and LGBTQI+-owned business statuses, when such information is
collected on the same form or at the same time. The comment has been
updated to reflect the addition of LGBTQI+ business status to final
Sec. 1002.107(a)(18), and to state that a financial institution must
(as opposed to ``may'' as proposed) inform an applicant that Federal
law requires it to ask for the principal owners' ethnicity, race, and
sex/gender to help ensure that all small business applicants for credit
are treated fairly and that communities' small business credit needs
are being fulfilled, for reasons discussed further below.
Final comment 107(a)(19)-5 (based on proposed comment 107(a)(20)-3)
provides that a financial institution must maintain the record of an
applicant's responses to inquiries pursuant to Sec. 1002.107(a)(19)
separate from the application and accompanying information, and cross-
references final Sec. 1002.111(b) and comment 111(b)-1.
Final comment 107(a)(19)-6 (based on proposed comment 107(a)(20)-4)
addresses reporting when information about a principal owner's
ethnicity, race, or sex is not provided by an applicant. While a
financial institution must maintain procedures reasonably designed to
collect applicant-provided data, the comment acknowledges that there
may be circumstances under which an applicant does not provide
ethnicity, race, or sex information. The final comment has also been
updated to include explanatory examples, including examples from
proposed appendix G (instruction 13).
Final comment 107(a)(19)-7 (adapted from instruction 12 in proposed
appendix G) addresses how a financial institution reports an
applicant's response that it declines to provide information about a
principal owner's ethnicity, race, or sex.
Final comment 107(a)(19)-8 (adapted from instruction 16 in proposed
appendix G) addresses how a financial institution reports an
applicant's conflicting responses for its principal owner's ethnicity,
race, or sex information, when the applicant selects a response option
indicating it does not wish to provide the information but also selects
an answer option providing a substantive response to the question at
issue.
Final comment 107(a)(19)-9 (based on proposed comment 107(a)(20)-
12) explains that a financial institution reports principal owners'
ethnicity, race, and sex information as provided by the applicant, even
if the financial institution verifies or otherwise obtains such
information for other purposes. This comment no longer references
collection of ethnicity and race via visual observation or surname.
Final comment 107(a)(19)-10 (substantially adapted from instruction
25 of proposed appendix G and proposed comments 107(a)(20)-6.iv, -7.iv,
and -8) addresses how to report ethnicity, race, and sex information
for an applicant with fewer than four principal owners.
Final comment 107(a)(19)-11 (substantially adapted from instruction
26 of proposed appendix G) explains that a financial institution
reports one or
[[Page 35350]]
more principal owners' ethnicity, race, or sex information based on
previously collected data under Sec. 1002.107(d), the financial
institution does not need to collect any additional ethnicity, race, or
sex information for other principal owners (if any).
Final comment 107(a)(19)-12 (substantially adapted from instruction
24 of proposed appendix G) explains that a guarantor's ethnicity, race,
and sex is not collected or reported unless they are also a principal
owner of the applicant.
General support and concerns. The Bureau agrees with commenters
that the statutorily required collection of detailed ethnicity, race,
and sex information about small business applicants' principal owners
will facilitate the stated purposes of section 1071 to assist in the
enforcement of fair lending laws and enable communities, governmental
entities, and creditors to understand and identify needs and
opportunities of women-owned, minority-owned, and small
businesses.\684\ The collection of ethnicity, race, and sex information
in the HMDA context under Regulation C, for example, is essential to
the Bureau's efforts to monitor financial institutions for fair lending
compliance in the home mortgage market and to efforts by the Bureau,
policymakers, and others to identify trends, gaps, and potential
solutions for addressing any issues uncovered by the data. Recent
changes to Regulation C to collect disaggregated ethnicity and race
data have also added to the Bureau's and others' understanding of the
home mortgage marketplace.\685\ The Bureau believes that the collection
of principal owners' ethnicity, race, and sex information will
similarly provide important insights into the small business lending
market and help enable the identification of potential discriminatory
lending.
---------------------------------------------------------------------------
\684\ See ECOA section 704B(a).
\685\ In 2015, the Bureau issued a final rule (2015 HMDA Rule)
amending Regulation C to incorporate several changes made under the
Dodd-Frank Wall Street Reform and Consumer Protection Act. See 80 FR
66128 (Oct. 28, 2015). One of the changes that was implemented was
the collection of mortgage applicants' race and ethnicity
information using aggregate categories and disaggregated
subcategories. Id. This data has been used by the Bureau, for
example, to examine how home buying experiences differ among Asian
American and Pacific Islander subgroups. See CFPB, Data Point: Asian
American and Pacific Islanders in the Mortgage Market (July 2021),
https://files.consumerfinance.gov/f/documents/cfpb_aapi-mortgage-market_report_2021-07.pdf.
---------------------------------------------------------------------------
The Bureau also agrees that in combination with other collected
information such as the number of an applicant's principal owners under
final Sec. 1002.107(a)(20) and whether the applicant is a minority-
owned, women-owned, and/or LGBTQI+-owned small business under final
Sec. 1002.107(a)(18), the collection of principal owners' ethnicity,
race, and sex information will help the Bureau and others to understand
lending market dynamics at different levels of ownership by individuals
of certain ethnicities, races, and/or sexual or gender population
subgroups. Transparency will not only help facilitate fair lending
enforcement, but reduce uncertainty for financial institutions and help
them to identify areas of unmet credit demand into which they could
consider increasing product availability. In turn, small business
owners will benefit from increased credit availability. The Bureau
believes that other information about a covered application is still
important for fulfilling section 1071's statutory purposes even when
the applicant has declined to provide any protected demographic
information. Such information can still provide insight into lending to
small businesses pursuant to section 1071's business and community
development purpose. Moreover, the lack of demographic information for
a covered application itself could be important information for the
Bureau and others to assess potential reasons for and solutions to
correct such information gaps in the future.
Regarding the comment its proposed rules for collecting demographic
data are too complex, and comments that suggested streamlining these
provisions, the Bureau notes that it is not finalizing the proposed
requirement to collect ethnicity and race via visual observation or
surname data. As a result, the Bureau has removed that provision, and
related requirements, from the final rule. The Bureau has also moved
all instructions and information about collecting and reporting
ethnicity, race, and sex information to the commentary for final Sec.
1002.107(a)(19). The Bureau believes these changes streamline and
simplify the ethnicity, race, and sex data collection requirements,
which will facilitate financial institutions' compliance with the final
rule.
Regarding a commenter's assertion that this data collection
requirement conflicts with ECOA, the Bureau notes that section 1071
amends ECOA to require the collection of the race, sex, and ethnicity
of the principal owners of small businesses. Moreover, ECOA also
provides that inquiries to collect data under section 1071 are not
considered discrimination under the statute.\686\ The final rule also
includes protections against the improper use of protected demographic
information, including the firewall requirement in final Sec.
1002.108, the provision restricting re-disclosure of protected
demographic information in final Sec. 1002.110(e), and the
recordkeeping requirements in final Sec. 1002.111(b).
---------------------------------------------------------------------------
\686\ 15 U.S.C. 1691(b)(5).
---------------------------------------------------------------------------
Regarding a commenter's request for clarification as to how a
financial institution should report these data if responses were
provided by an applicant's representative before action is taken on the
application, or that an applicant declined to provide the requested
information. As discussed above, final comments 107(a)(19)-1, -6, and -
7 clarify the various reporting options for reporting data collected
pursuant to final Sec. 1002.107(a)(19): financial institutions will be
required to report an applicant's responses to the ethnicity, race, and
sex inquiries; their selection of a response that they decline to
provide information (e.g., by selecting an answer option of ``I do not
wish to provide this information'' or similar); and a response of ``not
provided by the applicant'' if an applicant does not provide any
response. The final rule also requires an applicant to report the
action taken on an application under Sec. 1002.107(a)(9), including
whether originated or if the application was withdrawn by the applicant
or is incomplete. Given these provisions, the Bureau does not believe
it is necessary to include an option for a financial institution to
indicate that the applicant or a principal owner was not available, as
suggested by the commenter.
The Bureau is not requiring the collection of demographic
information for a natural person completing an application on behalf of
a small business, as suggested by a commenter. ECOA section
704B(e)(2)(G) specifically requires financial institutions to compile
and maintain information about the ethnicity, race, and sex of ``the
principal owners of the business.'' The statute does not require
financial institutions to collect such information for any other
individuals. The Bureau acknowledges the possibility of discrimination
occurring against an applicant's non-principal owner representative,
but in light of the statutory directive to collect demographic
information about the applicant' principal owners, and the associated
complexity that adding such a requirement could involve, the Bureau
does not believe that it would be appropriate to adopt such a
requirement at this time. The Bureau may, however, revisit at a later
date whether the collection of such information would aid in fulfilling
the purposes of section
[[Page 35351]]
1071 in the future as it enhances its understanding of the small
business credit marketplace.
Regarding a commenter's inquiry as to whether a financial
institution could collect more specific demographic data than required
by the rule. Final Sec. 1002.107(a)(19) establishes that financial
institutions must inquire about applicants' principal owners'
ethnicity, race, and sex and must permit applicants to provide certain
specified responses; certain responses include the option of providing
additional information via free-form text field.
One commenter asked whether a financial institution can reconcile
discrepancies or inaccuracies in applicants' self-reported ethnicity or
race data. Final comment 107(a)(19)-1 provides that the financial
institution is not permitted to report a principal owner's ethnicity,
race, or sex on any basis other than applicant-provided data, which may
include previously provided data pursuant to final Sec. 1002.107(d).
As a result, financial institutions must report applicant responses as
provided by the applicant, even if the institution perceives possible
discrepancies or inaccuracies.
Alignment with HMDA. The Bureau generally agrees with commenters
that some degree of alignment with the HMDA data collection
requirements under Regulation C would promote consistency and may
reduce potential confusion for financial institutions, applicants, and
data users. However, the Bureau does not believe that the collection of
data as to small business owners should necessarily be the same in each
aspect as it is for home mortgage applicants. Although the collection
of ethnicity, race, and sex data in both contexts serves related fair
lending purposes, Regulation C and this final rule are authorized under
different statutes and for different markets. Further, both Regulation
C and this final rule were developed in consideration of the
information available to the Bureau at the time of each rulemaking,
including comments received in response to the Bureau's proposals and
current research and standards as to the measurement of such factors.
As demographic data collection best practices and standards evolve, the
Bureau considers such information in its decision-making. The Bureau
refers readers to the relevant parts of this section-by-section
analysis for discussion of its rationale for its decisions on the
collection of ethnicity, race, and sex.
The Bureau notes that it is exempting HMDA-reportable transactions
from the data collection requirements of this final rule due to, in
part, to commenters' concerns about potentially duplicative and/or
inconsistent requirements for reporting ethnicity, race, and sex. See
the section-by-section analysis of Sec. 1002.104(b)(2) for additional
information.
Concerns related to specific transactions or institutions. The
Bureau is not adopting special rules for the collection of protected
demographic information for particular types of transactions or
lenders. The Bureau believes it is important to collect nationwide,
comprehensive ethnicity, race, and sex data for all covered
applications to fulfill the purposes of section 1071. However, the
Bureau acknowledges commenters' concerns about the potential challenges
in collecting such information in certain situations or for certain
types of lenders and appreciates, in particular, the importance of
trust in furthering important relationships between small businesses
and their local banks. For this reason, among others, the Bureau is not
finalizing its proposal to collect ethnicity and race information via
visual observation or surname analysis, as explained further in the
relevant part of this section-by-section analysis below.
To help applicants' understanding of the section 1071 data
collection, the Bureau has made edits to the sample data collection
form in final appendix E to include sample text that explains the
purpose of the rulemaking and clarifies that the inquiries on the form
for an applicant's status as a minority-owned, women-owned, and/or
LGBTQI+-owned small business and its principal owners' ethnicity, race,
and sex information are required under Federal law. The sample form, of
course, continues to note that applicants are not required to provide
any of the requested demographic information. The Bureau also
anticipates developing materials to help small businesses understand
the rule, as described at the end of part I above.
The Bureau does not believe that agricultural credit transactions
should be viewed or treated differently from other covered transactions
under the final rule, with regard to the collection of principal
owners' ethnicity, race, or sex information. As explained in the
section-by-section analysis of Sec. 1002.104, generally there is
insufficient information available about agricultural credit markets;
nevertheless, there is evidence that these markets are affected by
historical and/or continuing discrimination. Moreover, farms are an
important means of capital formation for families and communities.
Collecting principal owners' ethnicity, race, and sex information for
agricultural credit transactions will help facilitate the Bureau's and
others' understanding of the agricultural credit sector of the small
business lending marketplace and will help to further the enforcement
of fair lending laws for that part of the market. The Bureau also
anticipates that the collection of this information may increase access
to responsible and affordable agricultural credit for a diverse cross-
section of the population, by helping creditors and others identify
needs of and opportunities for small farms, including those that are
minority-, women-, and/or LGBTQI+-owned.
Likewise, the Bureau is not adopting separate rules or exemptions
for credit applications taken at point of sale. As explained further in
the section-by-section analysis of Sec. 1002.107(c), regarding the
time and manner of collection, the Bureau generally believes that the
same rules should apply across all covered credit transactions and
covered financial institutions, and that the arguments made by point of
sale providers are not unique in nature or can be addressed through
other means. Likewise, the Bureau does not believe there should be
special considerations for the collection of ethnicity, race, and sex
information for private label credit, for which commenters raised
similar concerns.
Because the Bureau is exempting insurance premium financing
transactions from coverage under the final rule in Sec.
1002.104(b)(3), commenters' concerns summarized above about collecting
protected demographic information for such transactions are rendered
moot.
With regard to comments raising concerns about collecting
ethnicity, race, and sex information in the context of indirect auto
finance transactions, the Bureau refers readers to its discussion at
the section-by-section analysis of Sec. 1002.109(a)(3). As discussed
there, the Bureau believes that auto dealers are generally unlikely to
be collecting 1071 data on behalf of covered financial institutions
because they are often the last entity with authority to set the
material credit terms of a covered credit transaction. But even in
situations where dealers are acting as conduits and are thus collecting
information on behalf of another financial institution, comment
5(a)(2)-3 to the Board's Regulation B states that persons such as loan
brokers and correspondents do not violate ECOA or Regulation B if they
collect information that they are otherwise prohibited from collecting,
where the purpose of collecting the information is to provide it to a
creditor
[[Page 35352]]
that is subject to HMDA or another Federal or State statute or
regulation requiring data collection.\687\ The Bureau also does not
believe that any specialized knowledge is necessary to collect 1071
data if dealers do collect such data.
---------------------------------------------------------------------------
\687\ This language aligns with comment 5(a)(2)-3 in the
Bureau's Regulation B, to which the Bureau is adding a reference to
subpart B for additional clarity.
---------------------------------------------------------------------------
Lack of applicant responses. The Bureau acknowledges concerns
raised by commenters about the potential for low applicant response
rates to the required inquiries for information about their principal
owners' ethnicity, race, and sex. As discussed in the NPRM, such
concerns motivated the Bureau's proposal to require financial
institutions to collect at least one principal owner's ethnicity and
race information through visual observation and/or surname analysis
under certain circumstances. The Bureau explained that the similar data
collection requirement for the HMDA data collection has been an
important tool in supporting response rates.
As discussed in more detail regarding the Bureau's proposal that
financial institutions collect principal owners' ethnicity and race via
visual observation or surname in certain circumstances, the Bureau
believes that such a requirement could help support response rates in
the right context. However, at this time, the Bureau has elected to
address concerns about applicants' potential unwillingness to
voluntarily provide their principal owners' ethnicity, race, and sex
information by providing further clarification as to the requirement
that an institution maintain procedures to collect applicant-provided
data at a time and in a manner that are reasonably designed to obtain a
response under final Sec. 1002.107(c). For example, final Sec.
1002.107(c)(2) sets forth minimum criteria when collecting applicant-
provided data directly from the applicant that must be included within
a financial institution's procedures to ensure they are reasonably
designed to obtain a response, including seeking to collect such
information before notifying an applicant of action taken on a covered
application, ensuring that the request for applicant-provided data is
prominently displayed or presented, ensuring the collection does not
have the effect of discouraging applicants from providing a response,
and ensuring that applicants can easily respond to a request for the
data. The Bureau also anticipates developing materials to educate small
business owners about the small business lending data collection and
its purposes, which may impact their willingness to provide demographic
information. Further, as discussed in the section-by-section analysis
of final appendix E, the sample data collection form will also include
language that explains, in plain language, the purpose for the
collection of demographic information under the final rule. At this
time, the Bureau believes that these measures will improve applicant
response rates to the protected demographic information inquiries under
the final rule. However, the Bureau will continue to assess whether and
what further measures may be needed to improve response rates.
The Bureau's decision not to change the timing for collecting
protected demographic information to after a credit decision has been
made, as suggested by a commenter, is discussed in the section-by-
section analysis of Sec. 1002.107(c).
Verification. Commenters urged the Bureau to provide that financial
institutions are not permitted or required to verify the ethnicity,
race, or sex of a principal owner and to codify this requirement in the
final rule. The Bureau agrees. Final comment 107(a)(19)-9 clarifies
that a financial institution may only report an applicant's responses
as to its principal owners' ethnicity, race, and sex, even if it
verifies or otherwise obtains the information for other purposes.
Reduced demand for traditional credit. The Bureau appreciates some
commenters' concerns that inquiries about their principal owners'
ethnicity, race, and sex information might discourage small businesses
from seeking credit with traditional lenders. The Bureau anticipates
that while there may be some period of initial hesitation by small
businesses to provide such information, small businesses will become
more familiar with the requests for their demographic information over
time and such requests will be considered a normal part of the process
for seeking business credit. Further, as described at the end of part I
above, the Bureau anticipates developing and distributing materials
about the final rule directed at small businesses. The Bureau also
expects that such materials, by furthering applicant understanding of
the 1071 data collection, will ease the compliance burden for financial
institutions in implementing the final rule.
Privacy. The Bureau received comments generally expressing concerns
that small businesses' owners' demographic information could be used to
identify the businesses and their owners. As discussed in greater
detail in part VIII below, after receiving a full year of reported
data, the Bureau will assess privacy risks associated with the data and
make modification and deletion decisions to the public application-
level dataset. The Bureau takes the privacy of such information
seriously and will be making appropriate modifications and deletions to
any data before making it public, and intends to continue engage with
the public about how to mitigate privacy risk.
With respect to concerns that small business applicants may find
the collection of protected demographic information to be an invasion
of privacy, in amending ECOA to require the collection of an
applicant's principal owners' ethnicity, race, and sex information,
Congress implicitly determined that the benefits of collecting such
information outweigh any invasion of privacy concerns. Nevertheless,
the Bureau notes that it has included sample language in the sample
data collection form in appendix E explaining the purpose of the data
collection, and, as noted, it anticipates developing materials to
further help small businesses understand the purposes of the rule. In
addition, the final rule provides safeguards for applicants' protected
demographic information by requiring that such information be kept
separately from their applications and accompanying information under
Sec. 1002.111(b), through the firewall requirement in Sec. 1002.108,
and in Sec. 1002.110(e) restricting financial institutions' re-
disclosure of protected demographic data to third parties.
Burden and costs for collecting ethnicity, race, sex information.
The Bureau appreciates that financial institutions will face some
initial costs and burden in implementing the final rule, such as from
making changes to its policies, procedures, systems, training programs,
and in other areas. However, as noted by one commenter, the Bureau
believes that for many financial institutions covered by the final
rule, there will be manageable ongoing costs related to the data
collection after an initial implementation period.
The Bureau does not believe it would be appropriate to permit
financial institutions to report only aggregate data, as opposed to
application-level data, as suggested by one commenter. First, the
statute clearly contemplates the collection of individual loan-level
information. Section 1071's information gathering requirement provides
that a financial institution is required to collect and maintain
information ``in the
[[Page 35353]]
case of any application to a financial institution . . .'' (emphasis
added).\688\ Further, the statute requires the financial institution to
compile and maintain ``a record of the information provided by any loan
applicant,'' including loan identifying information such as the number
of the application and the date on which the application was
received.\689\ Given this language, the Bureau believes that Congress
intended that financial institutions compile and maintain application-
level information and submit the information--compiled in that way--to
the Bureau.
---------------------------------------------------------------------------
\688\ ECOA section 704B(b).
\689\ ECOA section 704B(e)(2).
---------------------------------------------------------------------------
Second, the Bureau believes that it is necessary to have specific
ethnicity, race, and sex data for individual principal owners to allow
assessments of whether there are trends in the data, including for
businesses with different amounts of ownership by individuals of
certain ethnicities, races, or sex, which cannot be captured through
the minority-owned, women-owned, and LGBTQI+-owned business status data
points alone. As a result, the Bureau rejects a commenter's suggestion
that the Bureau require the collection of only one principal owner's
ethnicity, race, and sex information.
Direct reporting to the Bureau or third parties, or use of other
data sources. The Bureau is not, at this time, establishing a mechanism
by which small businesses might directly submit demographic information
to the agency. The Bureau notes, in this respect, that the statute
calls for financial institutions to collect these data and report them
to the Bureau. In addition, the mechanisms described by the statute do
not envision the Bureau ever knowing the identity of any small business
submitting data, which would occur if small businesses were to file
demographic data directly with the Bureau.
However, the final rule does not foreclose industry from developing
mechanisms to make demographic data collection and submission more
effective or efficient. For example, industry might seek to foster the
development of third-party mechanisms that would let financial
institutions collect and report demographic information in tokenized
form so that they themselves do not have access to that demographic
data. To the extent that industry stakeholders are interested in the
development of such mechanisms in connection with meeting their
obligations under the final rule, the Bureau is willing to engage with
them on these issues in order to ensure that any such developments
ensure appropriate data quality and protection, do not burden or create
obligations for applicants, and otherwise accord with the rule and the
statute; to the extent necessary and appropriate, the Bureau would also
need to adjust certain regulations and technical guidance. In
considering appropriate data quality and protection, the Bureau will
want to ensure that such a third-party system does not compromise
privacy or other important protections or create opportunities for the
sale of personal data.
Some commenters suggested that, as opposed to requiring financial
institutions to collect and report demographic data, the Bureau should
instead use data, for example, that is gathered by other Federal
agencies or buy it from outside sources. However, Congress's intent
with ECOA section 704B was to require financial institutions to collect
demographic information from applicants that would then be reported to
the Bureau. Gathering such information from other sources would not be
aligned with this intent. Further, the Bureau believes that requiring
financial institutions to collect demographic information during the
application process will help to ensure comprehensive, nationwide
demographic data collection about small business lending, which will in
turn help enable the identification of potential discriminatory lending
practices and identification of the needs and opportunities of small
businesses, including women-owned, minority-owned, and LGBTQI+-owned
businesses. Data that have been collected in other contexts and for
other purposes, and analyzed pursuant to those agencies' methods for
those other purposes, would not achieve what the Bureau believes is
necessary to meet section 1071's statutory objectives. Further, some of
the approaches suggested by commenters would not be feasible, such as
buying data from sources outside of the Federal government, because
they do not identify a small business applicant's principal owners. The
Bureau also notes that it has worked with other Federal regulators so
that they can tailor data collections in this area to take advantage of
data collected under this rule, thereby reducing burden on regulated
entities.
Applicant and financial institution education and guidance. With
respect to commenters' requests that the Bureau educate and explain the
final rule and its requirements to small business applicants, the
public, and financial institutions, and to provide translations of the
sample data collection form into other languages, the Bureau refers
readers to its discussion regarding compliance and technical assistance
at the end of part I above. Likewise, the Bureau agrees with commenters
that it is important to provide a disclosure to applicants to generally
explain the rule and its purpose. Instruction 4 to proposed appendix G
would have explained that a financial institution may inform applicants
that Federal law requires it to ask for the principal owners'
ethnicity, race, and sex to help ensure that all small business
applicants for credit are treated fairly and that communities' small
business credit needs are being fulfilled. In response to comments
about the importance of helping applicants to understand the reasons
for the data collection,\690\ under the final rule financial
institutions are required to provide such information (see final
comment 107(a)(19)-4); sample language effecting this provision is
included on the sample data collection form at appendix E.
---------------------------------------------------------------------------
\690\ This was reaffirmed in user testing. See CFPB, User
testing for sample data collection form for the small business
lending final rule at app. A (Mar. 2023), https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------
Proposed Rule--Collecting Ethnicity and Race Using Aggregate Categories
and Disaggregated Subcategories
The Bureau proposed that financial institutions request principal
owners' ethnicity and race using both aggregate categories as well as
disaggregated subcategories.
With respect to ethnicity data collection, the Bureau proposed
using the same aggregate categories (i.e., Hispanic or Latino and Not
Hispanic or Latino) and disaggregated subcategories as are used in
Regulation C. With respect to race data collection, the Bureau proposed
using the same aggregate categories as are used in Regulation C (i.e.,
American Indian or Alaska Native; Asian; Black or African American;
Native Hawaiian or Other Pacific Islander; and White). The Bureau also
proposed using the same disaggregated subcategories for the Asian race
category and the Native Hawaiian or Other Pacific Islander race
category, as well as with respect to the American Indian or Alaska
Native race category, including by inviting an applicant to provide the
name of a principal or enrolled tribe. In addition, the Bureau proposed
adding disaggregated subcategories for the Black or African American
race category, which are not used when
[[Page 35354]]
collecting data pursuant to Regulation C.
The Bureau explained that OMB has issued standards for the
classification of Federal data on ethnicity and race.\691\ OMB's
government-wide standards provide a minimum standard for maintaining,
collecting, and presenting data on ethnicity and race for all Federal
reporting purposes. These standards have been developed to provide ``a
common language for uniformity and comparability in the collection and
use of data on ethnicity and race by Federal agencies.''
\692\[thinsp]The OMB standards provide the following minimum categories
for data on ethnicity and race: Two minimum ethnicity categories
(Hispanic or Latino; Not Hispanic or Latino) and five minimum race
categories (American Indian or Alaska Native; Asian; Black or African
American; Native Hawaiian or Other Pacific Islander; and White). The
aggregate categories for ethnicity and race in Regulation C, which the
Bureau proposed to use in the section 1071 final rule, conform to the
OMB standards.
---------------------------------------------------------------------------
\691\ Off. of Mgmt. & Budget, Revisions to the Standards for the
Classification of Federal Data on Race and Ethnicity, 62 FR 58782,
58782-90 (Oct. 30, 1997) (OMB Federal Data Standards on Race and
Ethnicity).
\692\ See id.
---------------------------------------------------------------------------
The Bureau also explained that in addition to the minimum data
categories for ethnicity and race, the OMB's standards provide
additional key principles. First, self-identification is the preferred
means of obtaining information about an individual's ethnicity and
race, except in instances where observer identification is more
practical.\693\ Second, the collection of greater detail is encouraged
as long as any collection that uses more detail is organized in such a
way that the additional detail can be aggregated into the minimum
aggregate categories for data on ethnicity and race. More detailed
reporting, which can be aggregated to the minimum categories, may be
used at the agencies' discretion. Lastly, Federal agencies must produce
as much detailed information on ethnicity and race as possible;
however, Federal agencies shall not present data on detailed categories
if doing so would compromise data quality or confidentiality
standards.\694\
---------------------------------------------------------------------------
\693\ See id.
\694\ See id.
---------------------------------------------------------------------------
The Bureau noted that although OMB received comments requesting the
creation of a separate Arab or Middle Eastern ethnicity category prior
to the adoption of the OMB Federal Data Standards on Race and Ethnicity
in 1997, OMB accepted the Interagency Committee's recommendation not to
include one in the 1997 minimum standards for reporting of Federal data
on race and ethnicity. OMB stated that while it was adopting the
Interagency Committee's recommendation, it believed additional research
was needed to determine the best way to improve data on this population
group.\695\
---------------------------------------------------------------------------
\695\ Id. at 58782.
---------------------------------------------------------------------------
The Bureau further explained that in 2017, OMB requested comment on
the Federal Interagency Working Group for Research on Race and
Ethnicity's (Working Group's) proposals to update the OMB Federal Data
Standards on Race and Ethnicity.\696\ The Working Group proposed adding
a Middle Eastern or North African classification to the Federal Data
Standards on Race and Ethnicity and to issue specific guidelines for
the collection of detailed data for American Indian or Alaska Native,
Asian, Black or African American, Hispanic or Latino, Native Hawaiian
or Other Pacific Islander, and White groups.\697\ The Working Group
also considered whether race and ethnicity should be collected using
separate questions versus a combined question. The OMB Federal Data
Standards on Race and Ethnicity have not been updated, however, in the
time since OMB's 2017 request for comment.
---------------------------------------------------------------------------
\696\ 82 FR 12242 (Mar. 1, 2017).
\697\ See OMB Federal Data Standards on Race and Ethnicity.
---------------------------------------------------------------------------
The Bureau stated its belief that it is also important to consider
the data standards that the U.S. Census Bureau (Census Bureau) uses in
the Decennial Census. The definition of Hispanic or Latino origin used
in the 2010 and 2020 Census questionnaire refers to a person of Cuban,
Mexican, Puerto Rican, South or Central American, or other Spanish
culture or origin regardless of race.\698\ The 2010 and 2020 Census
disaggregated the Hispanic or Latino ethnicity into four categories
(Mexican, Mexican American, or Chicano; Puerto Rican; Cuban; and
Another Hispanic, Latino or Spanish origin) and included an area where
respondents could provide (i.e., write in) a specific Hispanic, Latino,
or Spanish origin group as additional information.\699\
---------------------------------------------------------------------------
\698\ See U.S. Census Bureau, 2010 Official Questionnaire,
https://www.census.gov/history/pdf/2010questionnaire.pdf (2010
Census Official Questionnaire), and U.S. Census Bureau, 2020
Official Questionnaire, https://www2.census.gov/programs-surveys/decennial/2020/technical-documentation/questionnaires-and-instructions/questionnaires/2020-informational-questionnaire.pdf
(2020 Census Official Questionnaire).
\699\ See 2010 Census Official Questionnaire and 2020 Census
Official Questionnaire.
---------------------------------------------------------------------------
The Bureau explained that the 2010 and 2020 Census questionnaires
listed three of OMB's five aggregate race categories (American Indian
or Alaska Native; Black or African American; and White). Although the
questionnaires do not list the aggregate race categories for Asian or
for Native Hawaiian or Other Pacific Islander, they do list the related
disaggregated subcategories for the Asian race category (i.e., Asian
Indian, Chinese, Filipino, Japanese, Korean, Vietnamese, Other Asian),
and for the Native Hawaiian and Other Pacific Islander race category
(i.e., Native Hawaiian, Chamorro,\700\ Samoan, Other Pacific Islander).
These questionnaires also included three areas where respondents could
write in a specific race: a specific Other Asian race, a specific Other
Pacific Islander race, or the name of an enrolled or principal tribe in
the American Indian or Alaska Native category.\701\ Additionally, the
2020 Census allowed respondents to write in a specific origin for the
White category and for the Black or African American category. For
respondents who did not identify with any of the five minimum OMB race
categories, the Census Bureau included a sixth race category--Some
Other Race--on the 2010 and 2020 Census questionnaires. Respondents
could also select one or more race categories and write-in
options.\702\
---------------------------------------------------------------------------
\700\ The questionnaire for the 2010 Census included ``Guamanian
or Chamorro,'' but the questionnaire for the 2020 Census included
only ``Chamorro.''
\701\ See 2010 Census Official Questionnaire and 2020 Census
Official Questionnaire.
\702\ See id.
---------------------------------------------------------------------------
The Bureau noted that on February 28, 2017, the Census Bureau
released its 2015 National Content Test: Race and Ethnicity Analysis
Report. This National Content Test provided the U.S. Census Bureau with
empirical research to contribute to the planning for the content of the
2020 Census' race/ethnicity questions. The report presented findings to
the Census Bureau Director and executive staff on research conducted to
assess optimal design elements that could be used in question(s) on
race and ethnicity. It noted that Americans view ``race'' and
``ethnicity'' differently than in decades past and that a growing
number of people find the current race and ethnicity categories
confusing, or they wish to see their own specific group reflected on
the Census questionnaire. The National Content Test's research found
that there have been a growing number of people who do not identify
with any of the official OMB race categories, and that an increasing
number of respondents have been racially classified as ``Some Other
[[Page 35355]]
Race.'' This was primarily because of reporting by Hispanics who did
not identify with any of the OMB race categories, but it also noted
that segments of other populations, such as Afro-Caribbean and Middle
Eastern or North African populations, did not identify with any of the
OMB race categories.\703\ The 2015 National Content Test: Race and
Ethnicity Analysis Report concluded that optimal design elements that
may increase reporting, decrease item non-response, and improve data
accuracy and reliability include: (1) a combined race and ethnicity
question with detailed checkbox options; (2) a separate ``Middle
Eastern or North African'' response category; and (3) instructions to
``Mark all that apply'' or ``Select all that apply'' (instead of ``Mark
[X] one or more boxes'').\704\
---------------------------------------------------------------------------
\703\ U.S. Census Bureau, 2015 National Content Test: Race and
Ethnicity Analysis Report, Executive Summary, at ix (Feb. 28, 2017),
https://www2.census.gov/programs-surveys/decennial/2020/program-management/final-analysis-reports/2015nct-race-ethnicity-analysis.pdf.
\704\ Id. at 83-85.
---------------------------------------------------------------------------
The Census Bureau did not ultimately incorporate these design
elements into the questionnaire for the 2020 Decennial Census, but
instead continued to ask about ethnicity and race in two separate
questions. While the questionnaire did not provide detailed check box
options for the White race category or for the Black or African
American race category, the questionnaire did add write-in options and
noted examples. For White, it noted examples of German, Irish, English,
Italian, Lebanese, and Egyptian. For Black or African American, it
noted examples of African American, Jamaican, Haitian, Nigerian,
Ethiopian, and Somali.\705\ Notwithstanding the approach used by the
Census Bureau for the 2020 Decennial Census, the Bureau requested
comment on whether the approach and design elements set forth in the
2015 National Content Test: Race and Ethnicity Report Analysis (whether
in whole or in part) would improve data collection that otherwise
furthers section 1071's purposes, improve self-identification of race
and ethnicity by applicants and response rates, or impose burdens on
financial institutions collecting and reporting this information.
---------------------------------------------------------------------------
\705\ See 2020 Census Official Questionnaire.
---------------------------------------------------------------------------
The Bureau proposed that financial institutions must permit
applicants to provide a principal owner's ethnicity and race using the
aggregate categories used for HMDA data collection, which conform to
the OMB standards. The Bureau believed that aligning the aggregate
ethnicity and race categories for this rule's data collection with the
HMDA data collection would promote consistency and could reduce
potential confusion for applicants, financial institutions, and other
users of the data.
The Bureau also proposed that applicants must be permitted to
provide a principal owner's ethnicity and race using the disaggregated
subcategories used in HMDA data collection, which also conform to one
of the key principles in the OMB standards: encouraging the collection
of greater detail as long as any collection that uses more detail is
organized in such a way that the additional detail can be aggregated
into the minimum aggregate categories for data on ethnicity and race.
With respect to ethnicity data collection, the Bureau proposed that
applicants must be permitted to provide a principal owner's ethnicity
using the disaggregated subcategories used in HMDA data collection. For
race data collection, the Bureau proposed that applicants must be
permitted to provide a principal owner's race using the disaggregated
subcategories for the Asian race category and the Native Hawaiian or
Other Pacific Islander race category. The Bureau also proposed that
applicants must be permitted to provide a principal owner's race using
disaggregated subcategories for the Black or African American race
category, which is not currently used in HMDA data collection. Lastly,
similar to HMDA, the Bureau proposed inviting an applicant to provide
the name of a principal or enrolled tribe for each principal owner with
respect to the American Indian or Alaska Native race category.
The Bureau explained that it was proposing use of disaggregated
subcategories for this rulemaking, in part, for general consistency
with existing HMDA reporting requirements. Further, collection and
reporting using disaggregated subcategories could be beneficial when
attempting to identify potential discrimination or business and
community development needs in particular communities. While
disaggregated data may not be useful in analyzing potential
discrimination where financial institutions do not have a sufficient
number of applicants or borrowers within particular subgroups to permit
reliable assessments of whether unlawful discrimination may have
occurred, disaggregated data on ethnicity and race may help identify
potentially discriminatory lending patterns in situations in which the
numbers are sufficient to permit such fair lending assessments. The
Bureau noted that additionally, as suggested in the 2015 National
Content Test: Race and Ethnicity Report Analysis, the use of
disaggregated subcategories may increase response rates.
The Bureau acknowledged, however, that including the disaggregated
subcategories for four principal owners may make data collection more
difficult in certain situations, such as for applications taken solely
by telephone or for paper applications taken at retail locations. Given
these concerns, the Bureau sought comment on whether an accommodation
should be made for certain application scenarios, for example by
permitting financial institutions to collect ethnicity and race
information using only the aggregate categories or to permit financial
institutions to collect ethnicity, race, and sex information on only
one principal owner in those scenarios. The Bureau also noted that
FinCEN's customer due diligence rule excludes from certain of its
requirements point-of-sale transactions for the purchase of retail
goods or services up to a limit of $50,000.\706\ The Bureau did not
propose this approach given the different purposes and requirements of
the customer due diligence rule (as well as FinCEN's related customer
identification program rule) \707\ and section 1071. Nonetheless, the
Bureau sought comment on whether covered applications taken at retail
locations, such as credit cards and lines of credit with a credit limit
under a specified amount (such as $50,000), should be excepted from
some or all of the requirement to obtain principal owners' ethnicity,
race, and sex information.
---------------------------------------------------------------------------
\706\ 31 CFR 1010.230(h)(1)(i). The customer due diligence
rule's exclusion for certain point of sale transactions is based on
the ``very low risk posed by opening such accounts at [a] brick and
mortar store.'' Fin. Crimes Enf't Network, U.S. Dep't of Treas.,
Guidance: Frequently Asked Questions Regarding Customer Due
Diligence Requirements for Financial Institutions, at Q 29 (Apr. 3,
2018), https://www.fincen.gov/sites/default/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf.
\707\ FinCEN's customer identification program rule does not
contain a point of sale exclusion. While the rule permits
verification of customer identity information within a reasonable
time after an account is opened, the collection of required customer
information must occur prior to account opening. See 31 CFR
1020.220(a)(2)(i)(A) and (ii). For credit card accounts, a bank may
obtain identifying information about a customer from a third-party
source prior to extending credit to the customer. 31 CFR
1020.220(a)(2)(i)(C).
---------------------------------------------------------------------------
The Bureau also sought comment on its proposed use of the HMDA
aggregate categories, the HMDA disaggregated subcategories (including
the ability to provide additional information if an applicant indicates
that a principal owner is Other Hispanic or Latino, Other Asian, or
Other Pacific Islander), and the proposed addition of
[[Page 35356]]
disaggregated subcategories for the Black or African American category.
Additionally, the Bureau sought comment regarding whether it would be
helpful or appropriate to provide additional clarification or to pursue
a different approach regarding the ability of a principal owner to
identify as Other Hispanic or Latino, Other Asian, or Other Pacific
Islander or to provide additional information if a principal owner is
Other Hispanic or Latino, Other Asian, or Other Pacific Islander. The
Bureau also sought comment on whether any additional or different
categories or subcategories should be used for section 1071 data
collection, and whether the collection and reporting of ethnicity and
race should be combined into a single question for purposes of section
1071 data collection and reporting. The Bureau further sought comment
on whether an additional category for Middle Eastern or North African
should be added and, if so, how this category should be included and
defined. In addition, the Bureau sought comment on whether
disaggregated subcategories should be added for the aggregate White
category, and if so, what disaggregated subcategories should be added
and whether the applicant should be permitted to write in or otherwise
provide other disaggregated subcategories or additional information.
The Bureau also sought comment on whether the approach and design
elements set forth in the 2015 National Content Test: Race and
Ethnicity Report Analysis would improve data collection or otherwise
further section 1071's purposes, as well as whether it would pose any
particular burdens or challenges for financial institutions collecting
and reporting this information. Finally, the Bureau sought comment on
whether, similar to data collection pursuant to Regulation C, financial
institutions should be limited to reporting a specified number of
aggregate categories and disaggregated subcategories and, if so,
whether such a limitation should be described in the sample data
collection form.
Proposed comments 107(a)(20)-6 and -7 would have provided guidance
on collecting and reporting ethnicity and race information,
respectively. The proposed comments would have explained that
applicants must be permitted to provide a principal owner's ethnicity
or race using aggregate categories and disaggregated subcategories and
would have also listed the aggregate categories and disaggregated
subcategories that applicants must be permitted to use. The proposed
comments would have also explained that applicants must be permitted to
select one, both, or none of the aggregate categories and as many
disaggregated subcategories as the applicant chooses, even if the
applicant does not select the corresponding aggregate category. The
proposed comments would have stated that, if an applicant provides
ethnicity or race information for a principal owner, the financial
institution reports all of the aggregate categories and disaggregated
subcategories provided by the applicant, and the proposed comments
would have provided examples. The proposed comments would have stated
that a financial institution must also permit the applicant to refuse
to provide ethnicity or race information for one or more principal
owners and explain how a financial institution reports ethnicity or
race information if an applicant declines to provide the information or
fails to respond. Finally, the proposed comments would have explained
how a financial institution reports ethnicity or race information if an
applicant has fewer than four principal owners, and they would have
provided examples.
Comments Received--Collecting Ethnicity and Race Using Aggregate
Categories and Disaggregated Subcategories
The Bureau received comments from a range of commenters, including
lenders, trade associations, community groups, and a business advocacy
group, on its proposal to collect ethnicity and race using aggregate
categories and disaggregated subcategories.
Several banks and a group of trade associations opposed the
proposal to collect ethnicity and race information using disaggregated
subcategories. Specifically, these commenters asserted that the
disaggregated subcategories do not add value to fair lending reviews or
findings in the HMDA context because there is not enough disaggregated
subcategory data from which to draw fair lending conclusions, as
mortgage applicants do not often use the disaggregated subcategories.
Thus, they said, disaggregated subcategories should not be adopted for
this data collection. The group of trade associations also stated that
the Bureau's analysis of 2018 HMDA data shows that mortgage applicants
largely selected one ethnicity or race field and asserted that the
Bureau has not shown that small business credit applicants are likely
to behave differently. A small business owner also objected to the
Bureau's proposal on the grounds that applicants would not report the
ethnicity and race of their principal owners accurately and, if faced
with a long list of categories, would choose not to report. This
commenter also asserted that the Bureau's proposal does not align with
other government data collections and would hinder data analysis.
Two of those banks and the group of trade associations also
objected on the grounds that collecting disaggregated data in the HMDA
context has been burdensome and frustrating for applicants and lenders.
The trade associations also argued that including disaggregated
subcategories would impose more burden than under Regulation C because
ethnicity and race data would need to be collected for up to four
principal owners under the Bureau's proposal, whereas it would
generally be collected for only one or two applicants for the HMDA data
collection. This commenter also emphasized that for ethnicity and race
data collection under Regulation C, financial institutions are required
to read aloud all of the ethnicity and race disaggregated subcategories
when taking a mortgage application over the phone, which the commenter
asserted has been frustrating for mortgage applicants and would likely
be frustrating for small business applicants as well.
The group of trade associations and a bank further argued for use
of only the aggregate categories currently used in Regulation C and the
OMB Federal Data Standards on Race and Ethnicity, without any new
aggregate or disaggregated categories. As discussed above regarding
general comments about the Bureau's proposal for collecting ethnicity,
race, and sex, the Bureau also received some comments requesting that
demographic information collection generally (including on race and
ethnicity) for this rule should be the same, or similar to the greatest
extent possible, as for Regulation C.
In contrast, many community groups and a minority business advocacy
group, as well as some industry commenters, generally supported
collecting ethnicity and race using aggregate categories and
disaggregated subcategories as proposed by the Bureau. These commenters
stated that collecting detailed, disaggregated ethnicity and race data
on small business applicants' owners, and particularly for those of
color, will over time provide transparency as to the different
experiences of racial and ethnic subgroups in the small business
lending marketplace, further fair lending enforcement, and support the
objectives of section 1071. Several commenters emphasized that
disaggregated data will help capture
[[Page 35357]]
potential discrimination and allow for targeted support. One stated
that the proposal will add nuance to fair lending assessments and that
aggregate racial and ethnic categories mask economic disparities and
differences in social capital and experiences.
Many of these commenters highlighted that HMDA data has revealed
that racial and ethnic subgroups have different experiences in the home
buying market. These commenters argued that, similarly, disaggregated
ethnicity and race data are necessary to allow assessments in the small
business lending marketplace. Several of these commenters specifically
noted that research based on 2019 HMDA data shows that Asian American
and Pacific Islander communities and Hispanic/Latino subgroups fare
differently in the mortgage market. One commenter noted, as an example
of different experiences, that participants in its homebuying seminars
have stated that language barriers often create difficulties in the
home buying process. Other commenters noted the importance of
disaggregated data for business lending specifically, generally citing
findings in the Federal Reserve Banks' Small Business Credit Survey:
2021 Report on Employer Firms that firms owned by people of color were
less likely to receive the full of amount financing sought than white-
owned businesses.
Some commenters stated that they supported the Bureau's proposed
approach of generally aligning with HMDA's aggregate categories and
disaggregated subcategories for ethnicity and race and also adding new
disaggregated subcategories. Two commenters affirmed that the HMDA
ethnicity and race categories and subcategories are also relevant for
small business lending. A lender commented that this approach will
reveal different experiences in the small business lending market, but
also provide familiar reporting standards. Another lender stated that
aligning many of the ethnicity and race categories with those for HMDA
would promote consistency and reduce confusion. One community group
stated that based on the HMDA experience, it anticipates that
applicants will not have difficulty understanding the information being
requested regarding race as long as the sample form is clear for both
lenders and applicants to follow.
Many commenters also supported the specific ethnicity and race
aggregate categories and disaggregated subcategories proposed. Some
called out their support for particular groups of disaggregated
subcategories, for example for the Hispanic/Latino population, Asian,
and Native Hawaiian or Other Pacific Islander aggregate categories.
Some commenters noted that none of these communities are monoliths and
different subgroups have different experiences in seeking credit. One
commenter made a similar statement regarding African American and
African immigrant communities in the residential mortgage context.
A community group operating in New York City suggested adding
certain subgroups listed as examples in the Other Latino or Hispanic
disaggregated ethnicity subcategory and in the Other Asian
disaggregated race subcategory. The community group suggested adding an
ethnicity subcategory for Dominican, because in New York City
Dominicans make up a larger percentage of the population than Puerto
Ricans, one of the proposed disaggregated ethnicity subcategories. The
commenter also suggested adding Colombian, Ecuadorian, and Honduran
disaggregated ethnicity subcategories. This commenter further suggested
adding Bangladeshi and Pakistani disaggregated race subcategories,
under the Asian aggregate race category, stating that these populations
make up 6 percent and 8 percent, respectively, of the Asian population
in New York City.
Many commenters expressed specific support for the proposed
disaggregated Black or African American race subcategories. One
commenter stated that there are distinct differences in the experiences
and treatment of different subgroups and that many of these subgroups
have tight-knit communities and thus it is important that this data
collection captures such nuances, and another stated that
disaggregation generally has proven to have value in the HMDA context.
Regarding the American Indian or Alaska Native aggregate race
category, several commenters supported the Bureau's proposal to include
a write-in text field for an applicant to name a principal owner's
enrolled or principal tribe, though some also were concerned that there
would be insufficient information on indigenous small business owners
as a result of small sample sizes, which could mask the credit needs of
that community.
Some commenters supported adding an additional category for Middle
Eastern or North African in the final rule, in response to the Bureau's
request for comment. One commenter stated that individuals of Middle
Eastern or North African descent are often left with little choice but
to select White as their race, despite a long history of discrimination
in the United States, and that adding this category would meet the
spirit of section 1071. Several other commenters stated that a Middle
Eastern or North African category should be added to capture
discrimination against and barriers for applicants of Middle Eastern or
North African descent. A couple of commenters suggested that North
African and Middle Eastern could be addressed as its own category or as
disaggregated subcategories. However, a group of trade associations
argued against the proposal for a Middle Eastern or North African
category, noting that OMB never finalized its proposal to include such
a category in its Federal standards on race and ethnicity.
Regarding disaggregated ethnicity and race categories generally, a
joint letter from community groups and business advocacy groups
suggested that the Bureau provide in the final rule that the ethnicity
and race categories will be maintained and updated in alignment with
OMB's standards and that the specifications will be adjusted in filing
instructions that the Bureau issues from time to time.
Several commenters responded to the Bureau's request for comment on
whether to combine the proposed questions about ethnicity and race.
These commenters did not support combining the questions. A group trade
associations noted that while the Census Bureau's 2015 National Content
Test: Race and Ethnicity Report Analysis showed that many individuals
that select Hispanic or Latino as their ethnicity do not make any race
selections because they do not identify with the aggregate race
categories, the race and ethnicity questions were ultimately not
combined for 2020 Decennial Census. The commenter also reiterated that
the questions are separate for HMDA data collection purposes, and
stated that the same approach should be used for this rule to maintain
consistency across data collection rules and with the Census Bureau's
approach, reduce burden for financial institutions, and facilitate data
analyses.
One commenter urged the Bureau to allow applicants to provide an
additional disaggregated subcategory in addition to those specified in
the proposal beside ``other'' in a text field in the same manner that
American Indian or Alaska Natives can identify tribal affiliation. The
commenter stated this would allow applicants to write in responses such
as Nicaraguan or Hmong that may provide important additional
information for fair lending enforcement.
[[Page 35358]]
A bank asserted that for the ethnicity and race data collection
under Regulation C, when applicants select a disaggregated ethnicity or
race subcategory, the selection prevents the applications from being
associated with the corresponding aggregate category. The commenter
stated that this issue impacts how some lenders' application and
origination performance with specific communities appears and urged the
Bureau to fix the issue in the Regulation C data collection and ensure
it is not replicated for the section 1071 data collection.
Final Rule--Collecting Ethnicity and Race Using Aggregate Categories
and Disaggregated Subcategories
For the reasons set forth herein, the Bureau is finalizing its
proposal to collect information about the ethnicity and race of
principal owners using aggregate categories and disaggregated
subcategories generally as proposed. However, the Bureau has revised
the commentary related to the collection of ethnicity and race data to
reduce repetition among the appendices and the commentary and to
reflect other changes, as explained below.
The Bureau agrees with commenters that the disaggregated ethnicity
and race subcategories will provide meaningful data that will further
section 1071's purposes. Such data will be beneficial in identifying
potential discrimination or business and community development needs in
particular communities, including by providing insight into variations
in borrowing experiences by ethnicity and race across the small
business lending marketplace, even if not all applicants make ethnicity
or race disaggregated subcategory selections. For example, in the HMDA
context, the Bureau has used disaggregated race data collected under
Regulation C to find that some Asian American and Pacific Islanders
subgroups fare better than others in the mortgage market.\708\ Other
data users have been able to draw conclusions and make policy
recommendations to address differences and disparities in home lending
among subgroups in the Hispanic or Latino community using disaggregated
HMDA subcategories.\709\ The Bureau believes that disaggregated
ethnicity and race data in the section 1071 data collection will
similarly advance section 1071's purpose in enabling communities,
governmental entities, and creditors to identify business and community
development needs and opportunities of businesses with owners that are
members of ethnic and racial subgroups, regardless of whether those
businesses meet the definition of a minority-owned small business.
---------------------------------------------------------------------------
\708\ Bureau of Consumer Fin. Prot., Data Point: Asian American
and Pacific Islanders in the Mortgage Market (July 2021), https://files.consumerfinance.gov/f/documents/cfpb_aapi-mortgage-market_report_2021-07.pdf.
\709\ See Agatha So et al., Nat'l Cmty. Reinvestment Coal.,
Hispanic Mortgage Lending: 2019 HMDA Analysis (2019), https://www.ncrc.org/hispanic-mortgage-lending-2019-analysis/.
---------------------------------------------------------------------------
With respect to the fair lending enforcement purpose of section
1071, the Bureau recognizes that disaggregated data may not be useful
in analyzing potential discrimination where financial institutions do
not have a sufficient number of applicants or borrowers within
particular subgroups to permit reliable assessments of whether unlawful
discrimination may have occurred. However, the Bureau believes there
will be--as has proven to be the case in the HMDA data--situations in
which the numbers are sufficient to permit such fair lending
assessments. The Bureau also believes that the use of disaggregated
subcategories may increase ethnicity and race response rates by small
business applicants. Requiring the collection of disaggregated race and
ethnicity data also follows a key principle set forth in the OMB
Federal Data Standards on Race and Ethnicity to encourage applicants to
self-identify their principal owners' race and ethnicity, by providing
more inclusive options for applicant self-reporting.\710\
---------------------------------------------------------------------------
\710\ See 62 FR 58782, 58789 (Oct. 30, 1997).
---------------------------------------------------------------------------
The Bureau is not, at this time, adding additional disaggregated
ethnicity and race subcategories beyond those set forth in the NPRM.
While one commenter suggested adding a few disaggregated ethnicity and
race categories, such suggestions were based on the demographics of a
specific city and it is unclear whether they would provide useful data
in a nationwide data collection. The Bureau notes that if an
applicant's principal owner does not clearly identify with any of the
listed disaggregated ethnicity or race subcategories associated with a
specific aggregate ethnicity or race category, many of the aggregate
ethnicity and race categories have an associated ``Other''
disaggregated subcategory (e.g., ``Other Hispanic or Latino,'' ``Other
Asian,'' ``Other Black or African American,'' and ``Other Pacific
Islander'') that give the applicant opportunities to provide a specific
subcategory not listed or otherwise provide additional ethnicity or
race information.\711\
---------------------------------------------------------------------------
\711\ The exceptions are the ``American Indian or Alaska
Native'' aggregate race category, which provides applicants with an
opportunity to write in or provide additional information about
their principal owner's enrolled or principal tribe, the ``Not
Hispanic or Latino'' aggregate ethnicity category, and the ``White''
aggregate race category.
---------------------------------------------------------------------------
The Bureau also is not adding a separate, disaggregated subcategory
for applicants to write in ethnicity or race information, as suggested
by a commenter. The Bureau recognizes that some applicants may not
clearly identify with the Bureau's designated ethnicity and race
aggregate categories and disaggregated subcategories, despite the
``Other'' disaggregated ethnicity and race subcategories associated
with the aggregate ethnicity and race categories in the final rule. The
Bureau also notes that the 2020 Decennial Census and the Census
Bureau's American Community Survey include a separate ``Some Other
Race'' category, which provided respondents with the ability to write
in additional information.\712\ However, the Census Bureau's use of
this race category is statutorily required and the best practice for
Federal agencies is to not include a ``Some Other Race'' category
unless required by law.\713\ The Bureau believes it is important that
the race and ethnicity information be capable of being aggregated to or
associated with the five OMB aggregate categories for race and the two
aggregate categories for ethnicity in the OMB Federal Data Standards on
Race and Ethnicity to facilitate the Bureau's and others' ability to
analyze and use the collected data. As noted above, applicants will be
able to use the associated ``Other'' disaggregated subcategories
associated with many of the aggregate race and ethnicity categories to
provide their principal owners' information and, as clarified by final
comments 107(a)(19)-13 and -14, will also be able to make multiple
selections for their principal owners' race and/or ethnicity to
accurately reflect their racial and ethnic identities.
---------------------------------------------------------------------------
\712\ See 2020 Census Official Questionnaire; 2022 American
Community Survey Questionnaire.
\713\ See Chief Statistician of the U.S., Flexibilities and Best
Practices for Implementing the Office of Management and Budget's
1997 Standards for Maintaining, Collecting, And Presenting Federal
Data on Race and Ethnicity (Statistical Policy Directive No. 15),
n.32 (July 2022) (citing the Science, State, Justice, Commerce, and
Related Agencies Appropriations Act, 2006, Public Law 109-108, tit.
II, 119 Stat. 2289, 2308-09 (2005)), https://www.whitehouse.gov/wp-content/uploads/2022/07/Flexibilities-and-Best-Practices-Under-SPD-15.pdf; id. at 8-9.
---------------------------------------------------------------------------
The Bureau likewise is not combining the questions about ethnicity
and race at this point in time. Commenters generally did not support or
did not state a position on combining the ethnicity and race questions.
The Bureau notes that the 2020 Decennial
[[Page 35359]]
Census and the 2022 American Community Survey also do not combine the
questions.\714\
---------------------------------------------------------------------------
\714\ The 2020 Decennial Census and the 2022 American Community
Survey both ask separate questions for Hispanic, Latino, or Spanish
origin, and for race. See 2020 Census Official Questionnaire; U.S.
Census Bureau, 2022 American Community Survey Questionnaire, https://www2.census.gov/programs-surveys/acs/methodology/questionnaires/2022/quest22.pdf.
---------------------------------------------------------------------------
Some commenters expressed concern that the Bureau's proposal for
the American Indian or Alaska Native aggregate race category, which
does not have specifically listed disaggregated subcategories but
permits applicants to write in the name of a principal owner's enrolled
or principal tribe, would lead to small sample sizes and thus
insufficient information to make assessments about indigenous small
business owners and those communities. At this time, the Bureau is not
making any changes to its approach for the American Indian or Alaska
Native aggregate race category. The Bureau notes that the Census
Bureau's 2020 Decennial Census and 2022 American Community Survey
similarly listed American Indian or Alaska Native as an aggregate race
category, do not list specific disaggregated subcategories, and ask
respondents to ``Print [the] name of enrolled or principal tribe(s)''
along with suggested write-in options.\715\ As explained in the 2015
National Content Test: Race and Ethnicity Race Report Analysis, there
are hundreds of American Indian and Alaska Native tribes, villages, and
groups, and checkboxes for the largest groups would only represent a
small percentage of the American Indian and Alaska Native
population.\716\ Given this research, the Bureau believes that its
approach to the American Indian or Alaska Native aggregate race
category is appropriate and is thus not including a list of suggested
write-in examples at this time.
---------------------------------------------------------------------------
\715\ See 2020 Census Official Questionnaire; U.S. Census
Bureau, 2022 American Community Survey Questionnaire.
\716\ 2015 National Content Test: Race and Ethnicity Report
Analysis, at 52 (``[W]e know from Census Bureau research that there
are hundreds of very small detailed [American Indian and Alaska
Native] tribes, villages, and indigenous groups for which Census
Bureau data is collected and tabulated, and if we were to employ the
six largest American Indian groups and Alaska Native groups as
checkboxes, they would represent only about 10 percent of the entire
AIAN population.'').
---------------------------------------------------------------------------
The Bureau has also decided against specifically collecting data on
Middle Eastern or North African populations at this point in time,
whether as an aggregate ethnicity or race category, a disaggregated
ethnicity or race subcategory, or through some other inquiry, due to
uncertainty about how a Middle Eastern or North African category should
be defined. As detailed in the NPRM, the Census Bureau and OMB have
considered, over the course of years, whether to include a separate
Arab or North African, or alternatively Middle Eastern or North
African, classification in the Decennial Census and the Federal Data
Standards on Race and Ethnicity.\717\ But, despite a 2017
recommendation by a Federal interagency working group to add such a
classification to the OMB Federal Data Standards on Race and Ethnicity,
the standards have not been updated. And, although it was recommended
in the 2015 National Content Test: Race and Ethnicity Report Analysis
that a separate Middle Eastern or North African classification be
adopted for the 2020 Decennial Census, no Middle Eastern or North
African classification was included due to questions about whether the
information should be collected as an ethnicity or race category.\718\
Given the unsettled nature of how to best collect information about
Middle Eastern and North African populations, the Bureau is not
including a separate classification for Middle Eastern or North African
at this point in time. The Bureau notes, however, that OMB is currently
in the process of reviewing and revising the standards for collecting
data on race and ethnicity for the Federal government and may revise
the standards by the summer of 2024.\719\ The Bureau will be reviewing
OMB's efforts and other developments that may arise in the area of
ethnicity and race data collection and measurement.
---------------------------------------------------------------------------
\717\ 62 FR 58782 (Oct. 30, 1997); 82 FR 12242 (Mar. 1, 2017).
\718\ Hansi Lo Wang, No Middle Eastern or North African Category
on the 2020 Census, Bureau Says, Nat'l Pub. Radio (Jan. 29, 2018),
https://www.npr.org/2018/01/29/581541111/no-middle-eastern-or-north-african-category-on-2020-census-bureau-says. See also U.S. Census
Bureau, 2015 NCT, at xiii, 84-85.
The Bureau notes that after the NPRM was published, the U.S.
Department of the Treasury published an interim final rule in March
2022 related to data collection for its State Small Business Credit
Initiative (SSBCI) program, which establishes that recipients of
SSBCI funding must maintain and submit information about small
business program beneficiaries' principal owners' Middle Eastern or
North African ancestry, through a separate ancestry question. U.S.
Dep't of Treas., State Small Business Credit Initiative;
Demographics-Related Reporting Requirements, 87 FR 13628 (Mar. 10,
2022).
\719\ Off. of Mgmt. & Budget, Initial Proposals for Updating
OMB's Race and Ethnicity Statistical Standards, 88 FR 5375 (Jan. 27,
2023). Proposals and questions for which OMB is soliciting comment
include collecting race and ethnicity information using one combined
question, adding a Middle Eastern or North African minimum reporting
category, requiring the collection of detailed race and ethnicity
categories by default, and certain updates to terminology, among
others.
---------------------------------------------------------------------------
The Bureau is not committing at this time to updating the rule's
ethnicity and race aggregate categories and disaggregated subcategories
to align with future changes to OMB Federal Data Standards on Race and
Ethnicity. First, the data points the Bureau is finalizing under Sec.
1002.107(a)(18) and (19), regarding minority-owned business status and
the ethnicity and race of principal owners, are statutorily mandated.
Second, the Bureau notes that the OMB Federal Data Standards on Race
and Ethnicity establish only minimum standards for the collection of
race and ethnicity information, which the data collection under
Regulation C already expands upon.\720\ Third, it is unknown what the
changes to the Federal standards will be and whether the collection of
information based on any revised race and ethnicity aggregate
categories and/or disaggregated subcategories would further the
purposes of section 1071. The Bureau, however, will track forthcoming
developments as to the Federal government's standards for the
collection of race and ethnicity information. Regarding updates to data
point response options, see final comment 107(a)-4.
---------------------------------------------------------------------------
\720\ As explained by the Bureau in 2015, the race and ethnicity
disaggregated subcategories under Regulation C go beyond the minimum
categories set forth in the OMB Federal Data Standards on Race and
Ethnicity by adding subpopulations used in the 2000 and 2010
Decennial Census. See 80 FR 66128, 66190 (Oct. 28, 2015).
---------------------------------------------------------------------------
As supported by some commenters, the Bureau believes it is
important to collect information about principal owners that identify
with subgroups within the Black or African American community,
particularly as the Black or African American community in the United
States diversifies. The Bureau does not believe it is necessary to use
the exact same aggregate categories and disaggregated subcategories for
ethnicity and race as are used for data collection under Regulation C
(which would preclude the Black or African American race disaggregated
subcategories), as suggested by some commenters. Certainly, the
Bureau's experience with ethnicity and race data collection under HMDA
informed the Bureau's considerations for its proposals and for this
final rule. However, although the collection of ethnicity, race, and
sex data in both contexts serves related fair lending purposes,
Regulation C and this final rule are authorized under different
statutes and for different markets. The Bureau believes that the added
Black or African American race disaggregated subcategories it proposed
and is finalizing will provide additional
[[Page 35360]]
information that will further the purposes of section 1071, as
explained below.
According to a Pew Research Center report, while 4.6 million, or
one in ten, Black individuals in the United States were born in a
different country in 2019, it is projected that by 2060 the number will
increase to 9.5 million, or more than double the current level.\721\
Within this changing demographic, there are socio-economic differences
between Black immigrant-headed households and other immigrant
households in the United States, between Black immigrant-headed
households and U.S.-born Black American headed- households, and among
Black immigrant-headed households by region of origin. For example, the
report found that in 2019, poverty rates within the Black immigrant
population vary by region, with fewer than one-in-five African-born (16
percent) and Central American- or Mexican-born Black immigrants (16
percent) living below the poverty line, and 11 percent and 12 percent
of Caribbean- and South American-born Black immigrants,
respectively.\722\ The Bureau is not collecting immigrant status as
part of the section 1071 data collection. However, this research
indicates to the Bureau that there could be important distinctions
between subgroups of the Black or African American communities in the
small business lending marketplace. The Bureau believes that the
collection of information about small businesses whose principal owners
identify among the Black or African American subgroups will allow it
and others to better understand if there are distinct differences in
patterns in lending to small businesses with owners in these subgroups
and help fulfill the fair lending enforcement and business and
community development purposes of section 1071.
---------------------------------------------------------------------------
\721\ Christine Tamir & Monica Anderson, Pew Rsch. Ctr., One-in-
Ten Black People Living in the U.S. Are Immigrants, at 7 (Jan. 20,
2022), https://www.pewresearch.org/race-ethnicity/wp-content/uploads/sites/18/2022/01/RE_2022.01.20_Black-Immigrants_FINAL.pdf.
\722\ See id. at 28-31.
---------------------------------------------------------------------------
Based on its experience with Regulation C, the Bureau believes that
after some initial burden to implement the ethnicity and race reporting
requirements, there should be minimal ongoing burden for financial
institutions related to the collection and reporting of applicants'
self-provided responses regarding their principal owners' aggregate
category and disaggregated subcategory ethnicity and race selections.
However, the Bureau acknowledges the concern raised by one commenter
that, unlike in mortgage transactions where generally there are only up
to two applicants, under the Bureau's proposal, ethnicity and race
information could be collected for up to four principal owners. The
commenter generally noted that because of this potential for an
applicant to have up to four principal owners, for applications taken
over the phone, it could be frustrating for applicants and financial
institution employees and officers to read all of the ethnicity and
race aggregate categories and disaggregated subcategories out loud, as
is currently the practice under Regulation C. In consideration of this
issue, the Bureau has added a comment to provide clarification for
collecting ethnicity and race information orally, such as over the
phone. Final comment 107(a)(19)-16 generally clarifies that when
collecting ethnicity and race information orally, the financial
institution is not required to read aloud every disaggregated ethnicity
and race subcategory. Instead, a financial institution will be able to
orally present the lists of aggregate ethnicity and race categories,
followed by the disaggregated subcategories (if any) associated with
the specific aggregate ethnicity or race categories selected or
requested to be heard by the applicant. Comment 107(a)(19)-16 will also
clarify, among other things, that after the applicant has made its
selection(s) (if any), the financial institution must also ask if the
applicant wishes to hear any other lists of disaggregated
subcategories. The comment also provides that the financial institution
may not present the applicant with the option to decline to provide
ethnicity or race information without also presenting the applicant
with the specified ethnicity or race aggregate categories and
disaggregated subcategories. Comment 107(a)(19)-16 also generally
provides that if an applicant has more than one principal owner, a
financial institution will have the flexibility to ask for the
principal owners' ethnicity and race information in a way that reduces
repetition.
With regard to one commenter's request that the Bureau ensure that
an applicant's selection of a disaggregated ethnicity or race
subcategory does not prevent the application from being associated with
the corresponding aggregate ethnicity or race category, the Bureau does
not anticipate that the commenter's concern will be an issue for the
1071 data collection. The Bureau also notes that the commenter's issue
is not present for reporting under Regulation C, as stated by the
commenter. When reporting an applicant's disaggregated ethnicity or
race subcategory selections under Regulation C, the aggregate ethnicity
or race category is disclosed in the derived aggregate ethnicity or
race field in the publicly released data. To the extent the commenter
is referring to a concern about how an applicant may select a
disaggregated ethnicity or race subcategory, without also selecting the
associated aggregate category, the Bureau believes that allowing
applicants to make such a selection and requiring a financial
institution to report that selection as it was made, and recognizes
that individuals may have varying racial and ethnic identities.
To further this goal, final comment 107(a)(19)-1 states that
financial institutions report responses as provided by applicants.
Generally, this is the case even if they contain obvious discrepancies
and inaccuracies.\723\ Upon further review, however, the Bureau has
revised the commentary for final Sec. 1002.107(a)(19) to clarify that
if an applicant provides additional ethnicity or race information in a
write-in field on a paper or electronic data collection form but does
not select (e.g., by a check mark on a paper form) the corresponding
``Other'' disaggregated subcategory (e.g., ``Other Hispanic or
Latino,'' ``Other Asian,'' ``Other Black or African American,'' and
``Other Pacific Islander''), the financial institution is permitted,
but not required, to report the corresponding ``Other'' ethnicity or
race disaggregated subcategory as well. Similarly, if an applicant
provides the name of an enrolled or principal tribe but does not also
indicate that the principal owner is American Indian or Alaska Native
on a paper or electronic data collection form, the financial
institution is permitted, but not required, to report American Indian
or Alaska Native as well. This change aligns with the similar
instruction regarding such situations in Regulation C.\724\
---------------------------------------------------------------------------
\723\ The Bureau notes that comment 107(a)(19)-8 provides
clarification that in the specific situation where an applicant both
provides a substantive response to a request for a given principal
owner's ethnicity, race, or sex (by identifying the principal
owner's race, ethnicity, or sex) and also indicates that it does not
wish to provide the information (e.g., by selecting an option that
states ``I do not wish to provide this information'' or similar),
the financial institution reports the substantive response provided
by the applicant (rather than reporting that the applicant responded
that it did not wish to provide the information).
\724\ See, e.g., 12 CFR part 1002, appendix B, instruction 9.ii.
---------------------------------------------------------------------------
The Bureau has also made changes to the commentary specifically
regarding the collection of ethnicity and race information to
incorporate unique
[[Page 35361]]
content from the instructions for collecting ethnicity and race
information in proposed appendix G, which the Bureau is removing from
the final rule, as explained earlier in this section-by-section
analysis.\725\ These changes include updated numbering, added
references to the sample data collection form at final appendix E, and
further clarification regarding applicability of the instructions when
ethnicity and race information is requested on a paper or electronic
data collection form, versus orally (e.g., telephone applications). The
Bureau has also removed proposed clarification in each of the ethnicity
and race-related comments regarding ethnicity and race information that
an applicant has specifically indicated it is declining to provide,
which it did not provide, or which is not applicable, including because
the applicant has fewer than four principal owners.\726\ The Bureau has
either deleted such content where duplicative of similar content in
final comment 107(a)(19)-1 (``General'') or moved it to new, generally
applicable comments at final comments 107(a)(19)-6 (``Ethnicity, race,
or sex of principal owners not provided by applicant''), 107(a)(19)-7
(``Applicant declines to provide information about a principal owner's
ethnicity, race, or sex''), and 107(a)(19)-10 (``Reporting for fewer
than four principal owners'').
---------------------------------------------------------------------------
\725\ These comments were proposed comments 107(a)(20)-6 and
107(a)(20)-7. These proposed comments generally correspond with
final comments 107(a)(19)-13 and 107(a)(20)-14.
\726\ The clarification was originally at proposed comments
107(a)(20)-6.iv and -7.iv.
---------------------------------------------------------------------------
Proposed Rule--Collecting Sex
Proposed comment 107(a)(20)-8 would have clarified that a financial
institution is required to permit an applicant to provide a principal
owner's sex using one or more of the following categories: Male,
Female, the applicant prefers to self-describe their sex (with the
ability of the applicant to write in or otherwise provide additional
information), and also would have permitted the applicant to refuse to
provide the information. The sex categories would have also been on the
sample data collection form proposed as appendix E, in response to a
query about the principal owner's ``Sex,'' with a direction to ``Check
one or more.'' Instruction 6 of proposed appendix G would have
similarly required financial institutions to permit applicants to use
the sex categories as listed on proposed appendix E as responses for a
principal owner's sex.
In the NPRM, the Bureau stated that it was generally proposing that
financial institutions use the sex categories from Regulation C when
requesting that applicants provide the sex information of their
principal owners, but that it was also proposing the self-describe
response option. The Bureau explained that Federal, State, and local
government agencies have been moving to providing additional options
for designating sex. At the Federal level, the Bureau noted that, for
example, the Department of State had announced that it was planning to
offer the option of a new gender marker for non-binary, intersex, and
gender non-conforming persons for passports and Consular Reports of
Birth Abroad as an alternative to male or female.\727\ The Bureau also
noted that the Food and Drug Administration includes the gender options
of female, male, intersex, transgender, and ``prefer not to disclose''
on certain patient forms.\728\ The Bureau also discussed how a number
of States and the District of Columbia, as well as some local
governments, offer an alternative sex or gender designation to male and
female (e.g., ``X'') on government-issued documents and forms such as
drivers' licenses and identification cards, and in some cases birth
certificates.\729\
---------------------------------------------------------------------------
\727\ See U.S. Dep't of State, Proposing Changes to the
Department's Policies on Gender on U.S. Pass ports and Consular
Reports of Birth Abroad (June 30, 2021), https://www.state.gov/proposing-changes-to-the-departments-policies-on-gender-on-u-s-passports-and-consular-reports-of-birth- abroad/. The Department of
State subsequently made this option available in April 2022. See
U.S. Dep't of State, X Gender Marker Available on U.S. Passports
Starting April 11, 2022 (Mar. 31, 2022), https://www.state.gov/x-gender-marker-available-on-u-s-passports-starting-april-11/.
\728\ See U.S. Food & Drug Admin., MedWatch forms FDA 3500 and
3500A (Sept. 12, 2018) (approved under OMB No. 0910-0291), https://www.fda.gov/media/76299/download and https://www.fda.gov/media/69876/download.
\729\ See, e.g., Cal. S.B. 179, Gender identity: female, male or
nonbinary (Oct. 16, 2017), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB179; State of California
Dep't of Motor Vehicles, Driver's License or ID Card Updates,
https://www.dmv.ca.gov/portal/driver-licenses-identification-cards/updating-information-on-your-driver-license-or-identification-dl-id-card/ (last visited Mar. 20, 2023); Colo. Dep't of Revenue, Change
of Sex Designation, https://drive.google.com/file/d/1PeYZd7U43ar6Flg8lFAT1Etg1EPdLVUy/view; State of Connecticut Dep't
of Motor Vehicles, Gender Designation on a License or Identification
Card, https://portal.ct.gov/-/media/DMV/20/29/B-385.pdf; District of
Columbia Dep't of Motor Vehicles, Procedure For Establishing or
Changing Gender Designation on a Driver License or Identification
Card (June 13, 2017), https://dmv.dc.gov/sites/default/files/dc/sites/dmv/publication/attachments/DC%20DMV%20Form%20Gender%20Self-Designation%20English.pdf, DC Driver License or Identification Card
Application (Jan. 2019), https://dmv.dc.gov/sites/default/files/dc/sites/dmv/publication/attachments/DMV%20BOE%20Application_2-25-19.pdf; Maine Bureau of Motor Vehicles, Gender Designation Form
(Nov. 4, 2019), https://www1.maine.gov/sos/bmv/forms/GENDER%20DESIGNATION%20FORM.pdf; State of Nevada Dep't of Motor
Vehicles, Name Changes, https://dmvnv.com/namechange.htm; State of
New Jersey Dep't of Health, Off. of Vital Statistics and Registry,
Request Form and Attestation (REG-L2) to Amend Sex Designation to
Reflect Gender Identity on a Birth Certificate--Adult (Feb. 2019),
https://www.nj.gov/health/forms/reg-l2_1.pdf; 2019 N.J. Sess. Law
Serv. ch. 271; New Mexico Motor Vehicle Div., Request for Sex
Designation Change, http://realfile.tax.newmexico.gov/mvd10237.pdf;
New Mexico Dep't of Health, Request to Change Gender Designation on
a Birth Certificate (Oct. 2019), https://www.nmhealth.org/publication/view/form/5429/; Virginia Dep't of Motor Vehicles,
Driver's License and Identification Card Application (July 1, 2021),
https://www.dmv.virginia.gov/webdoc/pdf/dl1p.pdf; Washington State
Dep't of Licensing, Change of Gender Designation (Nov. 2019),
https://www.dol.wa.gov/forms/520043.pdf; N.Y. City Dep't of Homeless
Servs., Off. of Policy, Procedures and Training, Transgender, Non-
binary, and Intersex Clients (July 15, 2019), https://www1.nyc.gov/assets/dhs/downloads/pdf/dhs_policy_on_serving_transgender_non_binary_and_intersex_clients.pdf
.
---------------------------------------------------------------------------
The Bureau further explained that the Supreme Court's 2020 opinion
in Bostock v. Clayton County had concluded that sex discrimination
encompasses sexual orientation discrimination and gender identity
discrimination, and that these forms of discrimination necessarily
involve consideration of sex.\730\ The Supreme Court reached this
conclusion in the context of title VII of the Civil Rights Act of 1964,
as amended,\731\ which prohibits sex discrimination in employment.\732\
Following the issuance of the Supreme Court's opinion, the Bureau
issued an interpretive rule clarifying that ECOA's and Regulation B's
prohibition on discrimination based on sex protects against
discrimination based on sexual orientation, gender identity, actual or
perceived nonconformity with sex-based or gender-based stereotypes, and
the sex of people associated with the applicant.\733\ The Bureau noted
that other Federal agencies have similarly clarified that other
statutes that protect against discrimination based on sex protect
against discrimination based on sexual orientation and gender
identity.\734\
---------------------------------------------------------------------------
\730\ See Bostock, 140 S. Ct. 1731.
\731\ 42 U.S.C. 2000e et seq.
\732\ Bostock, 140 S. Ct. 1731.
\733\ 86 FR 14363 (Mar. 16, 2021). See also Letter from CFPB to
Serv. & Advocacy for GLBT Elders (SAGE) (Aug. 30, 2016), https://files.consumerfinance.gov/f/documents/cfpb_sage-response-letter_2021-02.pdf.
\734\ See, e.g., 86 FR 32637 (June 22, 2021) (Department of
Education interpreting title IX of the Education Amendments of
1972); 86 FR 27984 (May 25, 2021) (Department of Health and Human
Services interpreting section 1557 of the Affordable Care Act);
Memorandum from Jeanine M. Worden, Acting Assistant Secretary for
Fair Housing and Equal Opportunity, Implementation of Executive
Order 13988 on the Enforcement of the Fair Housing Act (Feb. 11,
2021), https://www.hud.gov/sites/dfiles/PA/documents/HUD_Memo_EO13988.pdf (Department of Housing and Urban Development
interpreting the Fair Housing Act).
---------------------------------------------------------------------------
[[Page 35362]]
The Bureau additionally explained that some other Federal agencies
had also begun to re-consider how they collect information on sex by
including questions about sexual orientation and gender identity as
part of questions about sex. The Bureau cited the example of the Census
Bureau's Household Pulse Survey,\735\ which asks questions about sex
assigned at birth, current gender identity, and sexual
orientation.\736\ The Bureau also noted that other Federal agencies and
initiatives have encouraged sexual orientation and gender identity data
collection in health care settings.\737\
---------------------------------------------------------------------------
\735\ U.S. Census Bureau, Phase 3.2 Household Pulse Survey
(undated), https://www2.census.gov/programs-surveys/demo/technical-documentation/hhp/Phase_3.2_Household_Pulse_Survey_FINAL_ENGLISH.pdf. As of the date
of this document, the Household Pulse Survey is in Phase 3.7, which
started on December 9, 2022. See U.S. Census Bureau, Household Pulse
Survey Phase 3.7 (Dec. 9, 2022, updated Dec. 14, 2022), https://www.census.gov/newsroom/press-releases/2022/household-pulse-phase-3-7.html. The survey questionnaire used for Phase 3.7 includes the
same three questions noted by the Bureau in the NPRM. See U.S.
Census Bureau, Phase 3.7 Household Pulse Survey (undated), https://www2.census.gov/programs-surveys/demo/technical-documentation/hhp/Phase_3-7_Household_Pulse_Survey_ENGLISH.pdf.
\736\ Specifically, the Household Pulse Survey includes the
following three questions: (1) What sex were you assigned at birth,
on your original birth certificate? (A respondent could provide a
response of male or female.); (2) Do you currently describe yourself
as male, female or transgender? (A respondent also could provide a
response of ``none of these.''); (3) Which of the following best
represents how you think of yourself? (A respondent may select from
the following responses: (a) Gay or lesbian; (b) Straight, that is
not gay or lesbian; (c) Bisexual; (d) Something else; or (e) I don't
know.
\737\ See, e.g., Off. of Disease Prevention & Health Promotion,
Healthy People (2020), https://www.healthypeople.gov/2020/topics-objectives/topic/lesbian-gay-bisexual-and-transgender-health; Off.
of the Nat'l Coordinator of Health Info. Tech., 2021
Interoperability Standards Advisory (2021), https://www.healthit.gov/isa/sites/isa/files/inline-files/2021-ISA-Reference-Edition.pdf; Ctrs. for Disease Control & Prevention,
Collecting Sexual Orientation and Gender Identity Information (Apr.
1, 2020), https://www.cdc.gov/hiv/clinicians/transforming-health/health-care-providers/collecting-sexual-orientation.html.
---------------------------------------------------------------------------
The Bureau explained that in light of feedback it received during
the SBREFA process, among other matters, the Bureau was proposing to
add the option for ``I prefer to self-describe'' (with the ability of
the applicant to write in or otherwise provide additional information)
for the principal owner's sex in addition to the options currently used
on the HMDA sample data collection form.
Proposed comment 107(a)(20)-8 would have explained that a financial
institution would have been required to permit an applicant to provide
a principal owner's sex using one or more of the following categories:
Male, Female, and/or that the principal owner prefers to self-describe
their sex. It would have further explained that, if an applicant
indicated that a principal owner preferred to self-describe their sex,
the financial institution would have been required to permit the
applicant to provide additional information about the principal owner's
sex. The financial institution would have been required to report to
the Bureau the additional information provided by the applicant as
free-form text.
Proposed comment 107(a)(20)-8 would have stated that a financial
institution would be required to permit an applicant to select as many
categories as the applicant chooses and that the financial institution
would report the category or categories selected by the applicant,
including any additional information provided by the applicant, or
would report that the applicant refused to provide the information or
failed to respond. It would have clarified that a financial institution
would not have been permitted to report sex based on visual
observation, surname, or any basis other than the applicant-provided
information. Finally, proposed comment 107(a)(20)-8 would have
explained how a financial institution would report sex if an applicant
had fewer than four principal owners, would have provided an example,
and would have directed financial institutions to proposed appendix G
for additional information on collecting and reporting a principal
owner's sex.
The Bureau sought comment on its proposed approach to requesting
information about a principal owner's sex, including the opportunity
for self-identification (by allowing the applicant to write in or
otherwise provide additional information). The Bureau also sought
comment on whether the sample data collection form should list examples
from which the applicant could choose. The Bureau also sought comment
on whether, alternatively, sex should be collected solely via the ``I
prefer to self-describe'' option (with the ability of an applicant to
write in or otherwise provide additional information). The Bureau also
sought comment on whether applicants should be restricted from
designating more than one category for a principal owner's sex.
The Bureau also sought comment on whether financial institutions
should be required to ask separate questions regarding sex, sexual
orientation, and gender identity and, if so, what categories should be
offered for use in responding to each question. The Bureau also sought
comment on whether it should adopt a data point to collect an
applicant's lesbian, gay, bisexual, transgender, or queer plus
(LGBTQ+)-owned business status, similar to the way it proposed to
collect minority-owned business status and women-owned business status
under proposed Sec. 1002.107(a)(18) and (19).\738\ The Bureau also
sought comment on whether including such questions would improve data
collection or otherwise further section 1071's purposes, as well as
whether it would pose any particular burdens or challenges for
industry.
---------------------------------------------------------------------------
\738\ For a discussion of the comments received by the Bureau
with regard to its request for comment on whether to include a data
point to collect information about applicants' LGBTQ+-owned business
status, the Bureau refers readers to the section-by-section analyses
of Sec. Sec. 1002.102(k) (definition of LGBTQI+ individual),
1002.102(l) (definition of LGBTQI+-owned business), and
1002.107(a)(18) (minority-owned, women-owned, and/or LGBTQI+-owned
business status).
---------------------------------------------------------------------------
Finally, the Bureau also requested information on Federal, State,
and local government initiatives, as well as private sector
initiatives, involving questions regarding sexual orientation and
gender identity in demographic information.
Comments Received--Collecting Sex
The Bureau received comments from community groups, banks, trade
associations, and individuals on its proposal for collecting
information about principal owners' sex. Commenters addressed both
general issues as well as specific aspects of the proposal, including
whether to collect sexual orientation and gender identity data.
General comments. A couple of commenters opposed collecting
information about principal owners' sex. An individual commenter stated
that it does not make sense to collect such information because
society's view of gender is still evolving. A lender suggested removing
the sex of principal owners (along with several other data points) to
reduce the amount of detail in the rule.
One industry commenter supported the collection of sex data as
proposed; others supported the Bureau's proposal but suggested that the
Bureau use the term ``gender'' instead of ``sex'' to be consistent with
modern usage. One suggested that the Bureau also include sex category
options for transgender and nonbinary.
Another commenter said that sharing information about principal
owners' gender identity and sexual orientation should be voluntary for
applicants,
[[Page 35363]]
noting that individuals that are a part of the lesbian, gay, bisexual,
transgender, queer, intersex, and asexual (LGBTQIA) community are
concerned about harassment and should be protected.
Collection of sexual orientation and gender identity information.
Most of the comments received by the Bureau in response to its proposal
for collecting information about a principal owner's sex were in the
context of whether the Bureau should also collect information about
principal owners' sexual orientation and gender identity.
Several banks, trade associations, and individual commenters
opposed adding inquiries about principal owners' sexual orientation and
gender identity to the final rule. A few stated that bank employees
would feel uncomfortable requesting this information; that applicants
would refuse to provide the information or would be offended by the
questions; or that separate questions for sex, sexual orientation, and
gender identity would be invasive.
A few of these commenters stated that requiring financial
institutions to ask separate questions for sex, sexual orientation, and
gender identity could potentially further segregate and stigmatize
LGBTQ individuals and their businesses, when members of that community
already face bias and discrimination. These commenters also raised
concerns about the security of the collected information, noting that
storing it with financial institutions and in a nationwide database
exposes the information to not only a number of persons with authorized
access but also potentially to hackers. These commenters stated that
although there is some protection from employment discrimination under
Federal law due to Bostock, there are States where discrimination
against LGBTQ individuals in other forms is legal and inferences about
one's sexuality could have serious negative impacts. The commenters
also expressed concern that the information could be used for other
purposes, with one commenter additionally expressing a concern that
such previously collected data could be used for unintended purposes.
Another commenter stated that the information should be requested only
if information is also provided to applicants to allow them to make
informed decisions about providing the information, which includes a
warning that discrimination based on sexual orientation may be allowed
in certain States. Some commenters also opposed collecting information
on principal owners' gender identity and sexual orientation, on the
grounds that such information is not needed by financial institutions
to make loans and it should have no bearing on an applicant's ability
to qualify for a loan.
Several other industry commenters expressed concern that adding
more inquiries to a demographic data collection form would add
complexity to the collection process and increase the burden on
financial institutions. One urged the Bureau to not include inquiries
about such personal information in the business lending process without
more stakeholder input as to the benefits and burdens of collecting the
data and before publishing such sensitive information. These commenters
also suggested that the Bureau give financial institutions the option
of collecting the information.
Some commenters suggested that the Bureau should include only
``Male'' and ``Female'' categories as responses to a request for a
principal owner's sex information. One bank opposed the inclusion of
options for gender choices and free-form text, stating that there are
many possible gender categories and including those categories or a
write-in field could dilute the data and lead to inconclusive findings.
Several lenders also specifically urged use of only ``Male'' and
``Female'' categories as answer options in the final rule, for
alignment with sex categories used to collect HMDA data, on the grounds
that it would avoid confusion among financial institutions and
applicants, promote efficient implementation and reporting, reduce
administrative complexity, and facilitate compliance. One bank
expressed concern about use of the proposed self-describe sex response
option for applications reported under both HMDA and section 1071.
In contrast, a range of commenters, including many community
groups, research and advocacy groups, community-oriented lenders, and
individual commenters, urged the Bureau to require the collection of
more detailed and accurate information about gender identity and sexual
orientation than would be collected under the Bureau's proposal. These
commenters generally stated that more detailed information is necessary
to account for small businesses owned by people with intersectional
identities and orientations, to see if they experience discrimination,
enforce fair lending laws, and to allow policymakers and the public to
have a better understanding of and address gaps and community needs.
Several commenters asserted that to the final rule should reflect that
gender is not binary and be more inclusive. Others argued that
collecting principal owners' gender identity information will enhance
the Bureau's and the public's ability to enforce ECOA for transgender
individuals and gender minorities and collecting their sexual
orientation information will likewise facilitate the same as to
lesbians, gays, bisexuals, and other sexual minorities, consistent with
the purposes of section 1071. Another commenter stated that collecting
information about gender identity and sexual orientation would reduce
the burden of implementing future legislation requiring such
collection.\739\ Another commenter said that collecting data on gender
identity and sexual orientation would allow lenders, especially CDFIs,
to be more accountable to their mission of economic justice and
financial inclusion. Some commenters urged the Bureau to follow best
practices and directed the Bureau to resources made available and
research conducted by the Williams Institute at the University of
California Los Angeles School of Law.
---------------------------------------------------------------------------
\739\ The commenter cited the LGBTQ Business Equal Credit
Enforcement and Investment Act (H.R. 1443, 117th Cong. (2021)),
which sought to amend ECOA section 704B to require the collection of
an applicant's principal owners' sexual orientation and gender
identity, in addition to information about sex.
---------------------------------------------------------------------------
A number of these commenters urged the Bureau to not conflate lines
of inquiry for gender identity and sexual orientation, with some
specifically suggesting separate sets of questions, either in addition
to or in place of, the inquiry about principal owners' sex as proposed
by the Bureau.\740\
---------------------------------------------------------------------------
\740\ For example, some commenters suggested separate categories
for gender (Cis woman, Cis man, Trans woman, Trans man, Non-binary
or gender non-conforming, and Other (with a write-in text field))
and sexual orientation (straight/heterosexual, bisexual, and queer,
and other (with a write-in text field)).
---------------------------------------------------------------------------
One commenter stated that respondents are unlikely to consider
sexual orientation and gender identity to be sensitive and would likely
provide their information, citing a study as to the collection of such
information in health centers and another relating to attitudes of
sexual minorities responding to a 2020 survey administered by the
Census Bureau. Commenters also noted that other Federal surveys ask
questions about gender identity and sexual orientation, including the
Census Bureau and the Centers for Disease Control and Prevention, and
that questions to identify transgender respondents are included on
State and investigator-led surveys. One commenter asserted that the
proposal collects less information than other Federal agencies, citing
the example of the Census Bureau.
[[Page 35364]]
Commenters also noted that the Federal government has long
considered what best practices should apply for the measurement of
sexual orientation and gender identity information, such as through the
Federal Interagency Working Group on Improving Measurement of Sexual
Orientation and Gender Identity in Federal Surveys, and by
commissioning a study looking at the measurement of sex, gender
identity, and sexual orientation through the National Academies of
Sciences, Engineering, and Medicine (the National Academies).\741\
---------------------------------------------------------------------------
\741\ Since the comment period for the NPRM closed, the National
Academies published its report on the study. See Nat'l Acad. of
Scis., Eng'g, & Med., Measuring Sex, Gender Identity, and Sexual
Orientation (2022), https://www.ncbi.nlm.nih.gov/books/NBK578625/pdf/Bookshelf_NBK578625.pdf.
---------------------------------------------------------------------------
Legal authority. Several research and advocacy organizations argued
that the Bureau has the legal authority to collect information about
the gender identity and sexual orientation of principal owners.
Generally, these commenters stated that ECOA and section 1071 provide
the Bureau with a broad grant of authority to issue regulations
requiring the collection of gender identity and sexual orientation
data. The commenters also highlighted that unlawful discrimination
based on ``sex'' under ECOA includes discrimination based on sexual
orientation and gender identity, consistent with the U.S. Supreme
Court's decision in Bostock. As a result, they said, collecting sexual
orientation and gender identity data would facilitate the purposes of
section 1071 by enhancing the agency's ability to understand small
business lending discrimination based on sexual orientation and gender
identity, enforce fair lending laws, and identify business and
community development needs and opportunities of small businesses.
However, several industry commenters argued that the collection of
sexual orientation and gender identity information is not clearly
required. One stated that there is no indication in the statute that
Congress intended the term ``sex'' as used in section 1071 to encompass
sexual orientation and/or gender identity. Another emphasized that the
statute focuses on the collection and reporting of data about the
defined term ``women-owned businesses,'' and asserted it is thus not
apparent that the section 1071 data collection is meant to include such
data. Another commenter argued that neither Congress nor the Supreme
Court in Bostock has taken specific action to change the scope of the
prohibition against sex discrimination in ECOA to include
discrimination on the bases of sexual orientation and gender identity.
Need for information on gender identity and sexual orientation.
Some community groups and research and advocacy organizations generally
stated that data are needed to understand LGBTQI+ individuals' and
business owners' experiences in accessing small business credit. Some
emphasized that available Federal small business or fair lending data
do not currently include sexual orientation and gender identity
information. One commenter noted that the Federal data that exist on
LGBTQ individuals' access to credit are generally limited to the
population of cohabitating same-sex couples because such data are often
collected through a marital status question on Census Bureau surveys.
Nevertheless, these commenters stated that available research
suggests that sexual and gender minorities encounter discrimination
when attempting to access credit. The commenters cited research, based
on the 2019 Federal Reserve Board Survey of Household Economic
Decisionmaking, finding that LGBT individuals (and particularly LGBT
persons of color and depending on gender) are more likely to have their
applications for credit rejected and that they are more likely to be
approved for less credit than they wanted.\742\ The commenters stated
that studies based on HMDA data have also found that same-sex couples
are denied home loans more often and that the loans they do receive
have higher interest rates and fees than different-sex couples of
similar financial and credit quality. Similarly, loans made in
neighborhoods with a higher density of LGBTQI+ individuals generally
have higher interest rates and fees than neighborhoods with a lower
density.\743\ One commenter stated that the analysis likely understates
these disparities due to HMDA data limitations.\744\ A research and
policy organization focusing on gender identity and sexual orientation
issues also cited reports and analyses highlighting disparities in home
ownership between LGBT adults and non-LGBT adults, same-sex couples and
different-sex couples, and among sexual minorities versus heterosexual
individuals and also suggesting that home ownership among transgender
adults is particularly low.\745\ This commenter also stated that such
research noting disparities among LGBTQI+ persons based upon race, sex,
and sexual orientation suggests that the data collected under section
1071 should allow identification of individuals who may have
intersectional identities.
---------------------------------------------------------------------------
\742\ Spencer Watson et al., Ctr. for LGBTQ Econ. Advancement &
Rsch., The Economic Well-Being of LGBT Adults in the U.S. in 2019
(2021), https://lgbtq-economics.org/wp-content/uploads/2021/06/The-Economic-Well-Being-of-LGBT-Adults-in-2019-Final-1.pdf.
\743\ See Jason Richardson & Karen Kali, Nat'l Cmty.
Reinvestment Coal., Same-Sex Couples and Mortgage Lending (June 22,
2020), https://ncrc.org/same-sex-couples-and-mortgage-lending/; Hua
Sun & Lei Gao, Lending Practices to Same-Sex Borrowers, 116 Procs.
of the Nat'l Acad. of Sci. (PNAS) PROCs. NAT'L ACAD. SCI. 9293 (Mar.
16, 2019), https://doi.org/10.1073/pnas.1903592116.
\744\ See Jason Richardson & Karen Kali, Nat'l Cmty.
Reinvestment Coal., Same-Sex Couples and Mortgage Lending (June 22,
2020), https://ncrc.org/same-sex-couples-and-mortgage-lending/.
\745\ Studies cited by the commenters include, for example: Adam
P. Romero, Shoshana K. Goldberg, & Luis A. Vasquez, Williams Inst.,
LGBT People and Housing Affordability, Discrimination, and
Homelessness (2020), https://williamsinstitute.law.ucla.edu/wp-content/uploads/LGBT-Housing-Apr-2020.pdf; Kerith Conron, Williams
Inst., Financial Services and the LGBTQ+ Community: A Review of
Discrimination in Lending and Housing, Testimony Before the
Subcommittee on Oversight and Investigations (2019), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Testimony-US-House-Financial-Services-Oct-2019.pdf; Freddie Mac, The LGBT
Community: Buying and Renting Homes (2018), http://www.freddiemac.com/fmac-resources/research/pdf/Freddie_Mac_LGBT_Survey_Results_FINAL.pdf; Kerith J. Conron,
Shoshana K. Goldberg, & Carolyn T. Halpern, Sexual Orientation and
Sex Differences in Socioeconomic Status: A Population-Based
Investigation in the National Longitudinal Study of Adolescent to
Adult Health, 72 J. Epidemiology & Cmty. Health 1016 (Nov. 2018),
https://pubmed.ncbi.nlm.nih.gov/30190439.
---------------------------------------------------------------------------
Commenters also noted that LGBTQI+ individuals and businesses are
key parts of the population and economy in this country, yet face
discrimination and disparities in a number of areas. They stated that
there are an estimated 11 million LGBT adults, which make up around 4.5
percent of the total U.S. adult population. They stated that high
numbers of LGBTQ adults have self-reported experiences with physical
and verbal abuse and violence, job loss, and workplace harassment and
discrimination. They also noted that prior to the COVID-19 pandemic,
LGBTQ individuals were more likely to report having experienced
economic hardship, from unemployment, homelessness, and in other areas.
The commenters also emphasized that studies show that during the
pandemic, LGBTQ adults, and particularly LGBTQ people of color and
gender minorities, have disproportionately experienced the negative
financial effects of the COVID-19 pandemic, including food insecurity,
job loss, and housing insecurity.\746\ One
[[Page 35365]]
commenter also highlighted that research shows that transgender
individuals are disadvantaged as compared to their cisgendered
counterparts across a number of socio-economic factors, such as
education levels and percentages living at or below the poverty level,
among others.\747\
---------------------------------------------------------------------------
\746\ See Thom File & Joey Marshall, U.S. Census Bureau,
Household Pulse Survey Shows LGBT Adults More Likely to Report
Living in Households With Food and Economic Insecurity Than Non-LGBT
Respondents (Aug. 11, 2021), https://www.census.gov/library/stories/2021/08/lgbt-community-harder-hit-by-economic-impact-of-pandemic.html; Brad Sears, Kerith J. Conron, & Andrew R. Flores,
Williams Inst., The Impact of the Fall 2020 COVID-19 Surge on LGBT
Adults in the US (Feb. 2021), https://williamsinstitute.law.ucla.edu/wp-content/uploads/COVID-LGBT-Fall-Surge-Feb-2021.pdf; Christy Mallory, Brad Sears, & Andrew R. Flores,
Williams Inst., COVID-19 and LGBT Adults Ages 45 and Older in the US
(May 2021), https://williamsinstitute.law.ucla.edu/wp-content/uploads/COVID-LGBT-45-May-2021.pdf; Kerith J. Conron & Kathryn K.
O'Neill, Williams Inst., Food Insufficiency Among Transgender Adults
During the COVID-19 Pandemic (Dec. 2021), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Trans-Food-Insufficiency-Dec-2021.pdf; Movement Advancement Project, The Delta
Variant & the Disproportionate Impacts of COVID-19 on LGBTQ
Households in the U.S., Results from an August/September 2021
National Poll (Nov. 2021), https://www.lgbtmap.org/file/2021-report-delta-impact-v2.pdf.
\747\ See Kerith J. Conron & Kathryn K. O'Neill, Williams Inst.,
Food Insufficiency Among Transgender Adults During the COVID-19
Pandemic (Dec. 2021), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Trans-Food-Insufficiency-Dec-2021.pdf.
---------------------------------------------------------------------------
One commenter cited a study estimating that about 7.7 million LGBT
adults live in States without explicit statutory protections against
discrimination on the basis of sexual orientation and gender identity
in credit.\748\ This commenter also noted research finding that while
30 States have laws analogous to ECOA, only about half explicitly
prohibit discrimination on the basis of sexual orientation or gender
identity, leaving a significant number of LGBT adults in the United
States without protection from credit discrimination under State
law.\749\ Further, this commenter stated that LGBTQ businesses may
generally have a particular need for credit, because they often lack
the family support other small business entrepreneurs may rely upon to
begin their businesses.
---------------------------------------------------------------------------
\748\ Kerith J. Conron & Shoshana K. Goldberg, Williams Inst.,
LGBT People in the US Not Protected by State Non-Discrimination
Statutes (Apr. 2020), https://williamsinstitute.law.ucla.edu/wp-content/uploads/LGBT-ND-Protections-Update-Apr-2020.pdf.
\749\ Christy Mallory, Luis A. Vasquez, & Celia Meredith,
Williams Inst., Legal Protections for LGBT People After Bostock v.
Clayton County (Aug. 2020), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Bostock-State-Laws-Jul-2020.pdf.
---------------------------------------------------------------------------
Suggestions for collecting sexual orientation and gender identity
information. A number of commenters suggested specific modifications to
the Bureau's proposal, generally by either adding response categories
to the proposed (single) inquiry about a principal owner's sex; by
recommending two separate inquiries for the identification of a
principal owner's gender (as opposed to sex) and sexual orientation; or
by suggesting separate inquiries as to each of a principal owner's sex,
gender identity, and sexual orientation.
Generally, commenters who suggested additional response categories
suggested adding such options in the context of a single inquiry for
information about a principal owner's sex. Some commenters suggesting
adding an additional category, such as ``Other,'' to allow the Bureau
to analyze whether nonbinary individuals face discrimination from
lenders and urged the Bureau to avoid a data collection that forces
applicants to provide their principal owners' information on a strict
binary sex/gender basis. Several industry commenters suggested the
Bureau remove the self-describe option with a write-in text field with
a third category, such as ``non-binary.'' These commenters expressed
concern that the write-in text field may create data integrity problems
or add complexity to reporting standards.
Other commenters suggested specific sex categories for the Bureau's
consideration. A group of trade associations suggested adding sex
categories for transgender and nonbinary. A community group suggested
adding a ``non-binary'' sex category and any others according to best
practices, in order to bring transparency as to the treatment of that
population. Another suggested adding ``Non-binary,'' ``Transgender
Male,'' ``Transgender Female,'' stating that these categories are
widely accepted by the LGBTQ community, will provide more data, and
will be more inclusive. This commenter also supported allowing
applicants to select one or more options. A CDFI lender recommended
that the Bureau include a list of examples that an applicant could
refer to when self-describing, like intersex, non-binary, or
transgender. This commenter stated that providing examples for the
self-describe option would streamline the data collection and analysis.
A bank suggested that instead of requesting information from
applicants about their principal owners' sex, that the Bureau identify
a principal owners' information based on what is listed on the
principal owner's driver's license. The bank noted that some states,
like New York, allow residents who identify as nonbinary or intersex to
use an ``X'' marker on their State driver's licenses and stated that
beneficial owners' driver's licenses must be provided as a result of
FinCEN's customer due diligence rule when an account is opened. The
bank acknowledged that different states may not allow the use of an
``X'' marker and that some principal owners may not identify with the
gender marker on their driver's license but suggested that aligning the
data collection with this supporting documentation would remove the
potential for error and regulatory scrutiny.
Some commenters urged the Bureau to revise its proposal to include
two sets of inquiries, one addressing gender identity and the other
sexual orientation, each with multiple categories from which an
applicant could select. One community group suggested two separate
inquiries are necessary, to accurately measure disparities and
discrimination. The community group suggested that for the inquiry
about gender identity, response options could include ``Male,''
``Female,'' ``Transgender,'' and ``Do not identify as female, male, or
transgender.'' For the inquiry about sexual orientation, the community
group stated response options could include ``Straight,'' ``Gay or
lesbian,'' ``Bisexual,'' and ``Transsexual, or gender non-conforming.''
This commenter also suggested the Bureau consult experts on these
issues. Some other community groups suggested that, to reflect current
language around gender-identity and expression, categories for gender
should include ``Cis woman,'' ``Cis man,'' ``Trans woman,'' ``Trans
man,'' ``Non-binary or gender non-conforming,'' and ``Other'' (with a
write-in text field). For sexual orientation, the commenters suggested
``Straight/heterosexual,'' ``Bisexual,'' ``Queer,'' and ``Other'' (with
a write-in text field). One commenter noted that the answer options for
each inquiry should include those to allow the applicant to choose not
to state its response and an ``Other'' option (with a write-in text
field).
Several research and policy organizations focusing on gender
identity and sexual orientation issues generally stated that because
sex, sexual orientation, and gender identity are related but
intellectually distinct concepts, the Bureau should collect such
information through three separate inquiries addressing each concept
instead of through one question asking about a principal owner's sex. A
community group stated that the Bureau's proposal does not sufficiently
encompass gender, gender identity, and sexual orientation to address
fair lending concerns.
[[Page 35366]]
Research and policy organizations also suggested the Bureau take an
approach similar to that used in the Census Bureau's Household Pulse
Survey, which they characterized as taking a ``two-step'' approach to
asking about a respondent's sex, with one question about the
respondent's sex assigned at birth and a second question about their
current gender. They also recommended the Household Pulse Survey
approach in asking a separate question about sexual orientation, which
the commenters noted aligns with a recommendation from a 2009 Sexual
Minority Assessment Research Team report \750\ on best practices for
asking questions about sexual orientation on surveys. One also urged
the Bureau to examine a two-step approach to sex for the final rule,
noting that it was based on research and recommended by a panel of
experts known as the Gender Identity in U.S. Surveillance group,
through the Williams Institute at the University of California Los
Angeles School of Law, as one that is likely to have high sensitivity
and specificity in distinguishing transgender and gender minority
respondents from cisgender respondents.\751\ The commenter also
recommended that the Bureau consider if any refinements are necessary
in the context of section 1071, conduct user testing, and also
coordinate in the future with other Federal agencies to improve its
measurements of principal owners' sex.
---------------------------------------------------------------------------
\750\ Sexual Minority Assessment Rsch. Team (SMART), Williams
Inst., Best Practices for Asking Questions About Sexual Orientation
on Surveys (2009), https://williamsinstitute.law.ucla.edu/wp-content/uploads/Best-Practices-SO-Surveys-Nov-2009.pdf.
\751\ The GenIUSS Grp., Williams Inst., Best Practices for
Asking Questions to Identify Transgender and Other Gender Minority
Respondents on Population-Based Surveys (Sept. 2014), https://williamsinstitute.law.ucla.edu/publications/geniuss-trans-pop-based-survey/.
---------------------------------------------------------------------------
For the question about sexual orientation, research and policy
organizations recommended using the same or similar questions as
presented in the Census Bureau's Household Pulse Survey and the 2009
Sexual Minority Assessment Research Team report. A community group also
suggested that the Bureau adopt the Census Bureau's approach with the
Household Pulse Survey, but stated that more response categories may be
necessary to better capture the LGBTQIA+ community.
Selection of multiple responses. The Bureau received several
responses to the Bureau's question about whether applicants should be
restricted from designating more than one category for a principal
owner's sex. Two commenters supported the Bureau's proposal to allow an
applicant to select multiple sex categories, stating that limiting
applicants to one answer option may be viewed as marginalizing the
principal owner's personal characteristics for individuals whose gender
is fluid. Another suggested allowing the selection of just one response
category, which it said would streamline data collection. Two research
and policy organizations suggested that the Bureau limit applicants
from selecting more than one response to the inquiry about sex assigned
at birth because medical records in the United States generally allow
only male or female sex assignments. They also suggested that the
Bureau allow just one selection in response to a question about sexual
orientation. But for gender identity, the applicant suggested allowing
applicants to select multiple response options.
Self-describe response option. Several commenters supported the
Bureau's proposed ``I prefer to self-describe'' option (with the
ability to write in or otherwise provide additional information). A
business advocacy group stated that the information collected from the
option will bring attention to inequitable lending practices based on
gender identity. As noted above, one commenter supported the proposed
answer option, but suggested that the Bureau include a list of
examples. The commenter opposed, however, the use of the option as the
only way to collect information about principal owners' sex. Another
commenter supported having the ``I prefer to self-describe'' option as
the only way used to collect sex information, stating that this
approach would promote diversity and acceptance and that the Bureau's
proposal may make applicants feel uncomfortable expressing their true
gender identity.
However, several industry and research and policy organization
commenters opposed the proposed ``I prefer to self-describe'' option.
One commenter said it would be confusing for applicants and bank
employees, and recommended having the Bureau's data collection for
principal owners' sex match that under Regulation C. Other commenters
generally cited data quality concerns related to potential write-in
field responses. Two such commenters noted that in the HMDA free-form
ethnicity and race data, they commonly see responses that would fit
into an existing category and expressed concern that similar issues
would arise under the Bureau's proposal. Two industry commenters also
noted that the write-in field could diminish the accuracy and utility
of collected data, because fewer responses would be reported for other
listed categories. One industry commenter also noted that a write-in
field may add complexity to reporting standards. Another stated that
the Bureau may encounter varying spellings and misspellings, which
would create reporting burdens and diminish the accuracy of the
information received by the Bureau.
A research and policy organization stated that because the Bureau
will not be including write-in responses in what is released to or
analyzed for the public, write-in responses allowing applicants to
self-describe their principal owners' sex, sexual orientation, or
gender identity would prevent respondents from being included in the
data for analysis. The commenter suggested that the Bureau assess the
performance of questions as to gender identity and sexual orientation
first and then make revisions as needed. The commenter also stated that
it also did not recommend including the proposed ``I prefer to self-
describe'' option as a way to capture individuals with intersex traits,
and noted that it is not generally recommended that researchers capture
information on intersex status through a question on sex.
Other research and policy organizations stated a concern that free-
form text responses would require substantial effort by the Bureau and
others to distinguish transgender individuals and gender minorities
from respondents using the ``I prefer to self-describe'' option, even
though female or male responses would have been appropriate. This
commenter noted that analysis of free-form text fields can be time-
intensive and responses challenging to categorize, leading to discarded
data, reduced sample sizes, lessened statistical power, and potentially
errors in classification. The commenter also noted that although a
write-in response for gender identity to capture the many gender
identities and communities that exist may work in some circumstances,
it does not recommend it for a data collection of the anticipated size
and complexity of the effort under section 1071. With regard to sexual
orientation, the commenter noted that most people with same-sex
attraction are likely to choose the terms gay, lesbian, or bisexual if
they are the only terms provided, and thus a self-describe option would
just reduce the number of identifiably lesbian, gay, and bisexual
principal owners in the section 1071 data collection and reduce the
usefulness of the data.
[[Page 35367]]
Intersex status. Research and policy organizations suggested that
the Bureau add a specific inquiry regarding variations of sex
characteristics in the final rule or in the future, to identify
intersex business owners and their experiences. They emphasized that
people with variations in sex characteristics may comprise as much as
1.7 percent of the population. And, although little population-based
data exists, according to the commenter, intersex people face
documented social and health disparities. This in turn, they said,
could affect their economic opportunities. Moreover, according to the
commenter, the increased visibility of intersex individuals could also
make small business owners with intersex traits more vulnerable to
discrimination. They also stated that the Department of Justice's Title
IX Legal Manual rationale--finding that title IX's prohibition on sex
discrimination includes discrimination based on sex characteristics,
including intersex traits--should also apply to ECOA. They noted that a
consensus study from the National Academies had recommended that the
Federal government develop and evaluate measures to identify intersex
populations and recommended that the Bureau review another pending
National Academies study with recommendations on this area.\752\
---------------------------------------------------------------------------
\752\ See Nat'l Acads. of Scis., Eng'g, & Med., Understanding
the Well-Being of LGBTQI+ Populations (2020), https://nap.nationalacademies.org/catalog/25877/understanding-the-well-being-of-lgbtqi-populations. The National Academies has issued the
report anticipated by the commenter. See Nat'l Acads. of Scis.,
Eng'g, & Med., Measuring Sex, Gender Identity, and Sexual
Orientation for the National Institutes of Health (2022), https://www.ncbi.nlm.nih.gov/books/NBK578625/pdf/Bookshelf_NBK578625.pdf.
---------------------------------------------------------------------------
Final Rule--Collecting Sex
For the reasons set forth herein, the Bureau has revised its
proposal regarding the collection of information about the sex of the
principal owners of a small business applicant. Under final comment
107(a)(19)-15, if collecting the information using a paper or
electronic form, the financial institution must make the request using
the term ``sex/gender'' and must permit applicants to respond by using
free-form text. If collecting the information orally, the financial
institution must inform the applicant of the opportunity to provide
each principal owner's sex/gender and record the response. As with
other protected demographic information, the applicant can refuse to
provide the requested information. Unlike the Bureau's proposal, the
final rule does not use specific sex categories, such as ``Male'' and
``Female,'' for a principal owner's sex/gender. The Bureau has made
conforming changes, removed duplicative content, and updated cross-
references, in comment 107(a)(19)-15 and other comments that relate to
collection of principal owners' sex.
As an initial matter, the Bureau believes that collecting
information about a principal owner's sex, gender identity, and sexual
orientation is within section 1071's mandate. Following the Supreme
Court's holding in Bostock, even though the term ``sex'' is not defined
in ECOA or in Regulation B, the Bureau interprets ECOA's and Regulation
B's prohibitions against discrimination on the basis of ``sex'' to
include discrimination based on sexual orientation and gender
identity.\753\ As stated by the Court, sex discrimination encompasses
sexual orientation discrimination and gender identity discrimination,
as those forms of discrimination necessarily involve consideration of
sex.\754\ Because section 1071 is an enumerated provision of ECOA and
the final rule is part of Regulation B, this interpretation as to what
is included within the scope of the term ``sex'' necessarily applies to
the collection of information about a principal owner's ``sex'' under
section 1071 as well.
---------------------------------------------------------------------------
\753\ Bostock, 140 S. Ct. 1731; 86 FR 14363 (Mar. 16, 2021).
\754\ See Bostock, 140 S. Ct. 1731.
---------------------------------------------------------------------------
The Bureau believes further that available research, including that
cited by commenters and discussed above, showing disparities in access
to credit across gender identity and sexual orientation supports the
importance of collecting gender identity and sexual orientation small
business lending data.\755\
---------------------------------------------------------------------------
\755\ See, e.g., Ctr. for LGBTQ Econ. Advancement & Rsch., The
Economic Well-Being of LGBT Adults in the U.S. in 2019 (June 2021),
https://lgbtq-economics.org/research/lgbt-adults-2019/ (LGBT adults
more likely than non-LGBT adults to report being turned down by
lenders and to be offered credit at rates higher than desired); Hua
Sun & Lei Gao, Lending practices to same-sex borrowers, Proceedings
of the Nat'l Acad. Sci. of the U.S. of Am. (May 2019), https://doi.org/10.1073/pnas.1903592116 (finding same-sex couples more
likely to be denied a mortgage than different-sex couples); J.
Shahar Dillbary & Griffin Edwards, An Empirical Analysis of Sexual
Orientation Discrimination, 86 U. Chi. L. Rev. 1 (2019), https://lawreview.uchicago.edu/publication/empirical-analysis-sexual-orientation-discrimination (finding that same-sex male home loan co-
applicants were less likely to have their loan applications accepted
compared to white, different-sex co-applicant pairs; male same-sex
pairs with Black applicants had significantly worse acceptance
outcomes).
---------------------------------------------------------------------------
There was no clear consensus among commenters as to how information
about the sex of small businesses' principal owners should be
collected. As described above, the Bureau received a diverse array of
comments recommending a range of response options to the proposed
inquiry about a principal owner's sex and suggesting questions in
addition to, or instead of, the Bureau's proposed query about a
principal owner's sex. The Bureau notes that at the Federal level,
there is wide variance in data collection approaches, question
phrasing, and answer options, and that the Federal government's
approach is in flux.\756\ For example, on January 11, 2023, shortly
before this rule was issued, OMB released new recommendations for
agencies on the best practices for the collection of sexual
orientation, gender identity, and sex characteristics data on Federal
[[Page 35368]]
statistical surveys, including strategies to preserve data privacy and
safety.\757\ The Bureau also notes the consensus study from the
National Academies cited by a commenter that indicates that the terms
used to describe individuals who identify as or exhibit attractions and
behaviors that do not align with heterosexual or traditional male-
female binary gender norms are evolving.\758\
---------------------------------------------------------------------------
\756\ See 86 FR 56356, 56482 (Oct. 8, 2021) (discussing approach
used by the Census Bureau's Household Pulse Survey, asking separate
questions for sex assigned at birth, current gender identity, and
sexual orientation); id. at 56482 n.686 (discussing other Federal
agency approaches in health care settings). See also 31 CFR
35.28(h), (i) (in annual reports by participants in the U.S.
Treasury's State Small Business Credit Initiative (SSBCI) program,
requiring information about program beneficiaries' principal owner's
gender (using categories: female; male; nonbinary; prefer to self-
describe, with an option to write in information; prefer not to
respond; or that the business did not answer) and sexual orientation
(using categories: gay or lesbian; bisexual; straight, that is, not
gay, lesbian, or bisexual; something else; prefer not to respond; or
that the business did not answer); 2020 Census Official
Questionnaire (inquiring as to each person's sex (e.g., ``What is
Person 1's sex? Mark (x) ONE box.''), with answer options: ``Male''
and ``Female'' and asking about the relationships with other
household members (e.g., ``How is this person related to Person 1?
Mark (X) ONE box.''), with answer options including, inter alia,
``opposite-sex husband/wife/spouse'', ``opposite-sex unmarried
partner, ``same-sex husband/wife/spouse'', and ``same-sex unmarried
partner''); Soc. Sec. Admin., How do I change the sex identification
on my Social Security record? (KA-01453) (last updated Oct. 25,
2022), https://faq.ssa.gov/en-us/Topic/article/KA-01453 (individuals
can provide sex identification evidence that is binary or non-
binary, but stating that SSA record systems currently require a sex
designation of female or male); U.S. Dep't of State, X Gender Marker
Available on U.S. Passports Starting April 11, 2022 (Mar. 31, 2022),
https://www.state.gov/x-gender-marker-available-on-u-s-passports-starting-april-11/; U.S. Equal Emp. Opportunity Comm'n, EEOC Adds X
Gender Marker to Voluntary Questions During Charge Intake Process
(June 27, 2022), https://www.eeoc.gov/newsroom/eeoc-adds-x-gender-marker-voluntary-questions-during-charge-intake-process; Admin. for
Children & Fams., U.S. Dep't of Health & Hum. Servs., Proposed
Information Collection Activity; Domestic Victims of Human
Trafficking Program Data (OMB #0970-0542), 87 FR 45107 (July 27,
2022) (proposing changes to collection of participant demographics
for Domestic Victims of Human Trafficking Services and Outreach
Program grant programs); Admin. for Children & Fams., U.S. Dep't of
Health & Hum. Servs., Proposed Information Collection Activity; SOAR
(Stop, Observe, Ask, Respond) to Health and Wellness Training (SOAR)
Demonstration Grant Program Data (New Collection), 87 FR 52386 (Aug.
25, 2022) (indicating that data to be collected with regard to the
SOAR program will include client sex, gender identity, sexual
orientation.)
\757\ Off. of Mgmt. & Budget, Off. of the Chief Statistician of
the U.S., Recommendations on the Best Practices for the Collection
of Sexual Orientation and Gender Identity Data on Federal
Statistical Surveys (Jan. 11, 2023), https://www.whitehouse.gov/wp-content/uploads/2023/01/SOGI-Best-Practices.pdf.
\758\ Nat'l Acads. of Scis., Eng'g, & Med., Understanding the
Well-Being of LGBTQI+ Populations 1-2. See also Nat'l Acads. of
Scis., Eng'g, & Med., Measuring Sex, Gender Identity, and Sexual
Orientation 1-4 to 1-5 (discussing terms and identities associated
with the concepts of gender, sex, and sexual orientation).
---------------------------------------------------------------------------
As a result of these factors, the Bureau believes that an approach
that allows principal owners to designate their sex/gender with the
ability to write-in or provide additional information (such as in a
free-form field on a paper or electronic form) will encourage applicant
self-identification using terminology that may change over time. To
increase applicants' autonomy to provide responses they feel best
characterize their principal owners, the final rule does not include
additional sex category responses suggested by commenters nor does it
require a financial institution to provide a list of example responses
when requesting that an applicant provide its principal owners' sex.
This approach mitigates the concern of some commenters that a list of
disaggregated categories would be difficult for some lender staff to
ask and for some applicants to be asked.
In partial response to the several commenters who urged that the
Bureau use the term ``gender'' instead of ``sex,'' the Bureau is
requiring financial institutions to use the term ``sex/gender'' when
requesting information about principal owners' sex. As explained above,
the Bureau interprets ECOA's and Regulation B's prohibitions against
discrimination on the basis of ``sex'' to also include, inter alia,
discrimination based on gender identity; this interpretation as to what
is included within the scope of the term ``sex'' necessarily also
applies to the collection of information about a principal owner's
``sex'' under section 1071.\759\ The Bureau believes that requiring
financial institutions to ask for information about ``sex/gender'' will
provide principal owners with the flexibility and autonomy to use terms
that they prefer.
---------------------------------------------------------------------------
\759\ 86 FR 14363 (Mar. 16, 2021).
---------------------------------------------------------------------------
Although some commenters requested that the Bureau require the
collection of principal owners' sexual orientation information and
intersex status in addition to the collection of information about
their gender identity, the final rule does not include these specific
inquiries. The Bureau believes that such specific inquiries about
individuals would likely be perceived as more invasive than a general
request as to ``sex/gender'' and, as explained above, the overall
LGBTQI+-ownership status of the business. Accordingly, the Bureau is
concerned that questions to this effect could impact the overall
willingness of applicants to provide demographic information, as noted
by some commenters.
Some commenters expressed concerns that collecting data via write-
in text fields may lead to data analysis issues. The Bureau anticipates
that its review of responses to the sex/gender inquiry will result in
data that could be used by the Bureau and other regulators and, once
grouped into categories, publicly released subject to any necessary
modifications or deletions for privacy purposes.
The Bureau believes that principal owners' sex/gender and
applicants' LGBTQI+-owned business status data points together strike a
balance that respects for small business owners' autonomy in self-
identification, while also providing the Bureau and the public with
information needed to further section 1071's statutory purposes.
The Bureau recognizes that the way financial institutions will
collect data about sex under the final rule differs from the collection
of information about the sex of home mortgage applicants under
Regulation C/HMDA.\760\ Although the collection of ethnicity, race, and
sex data in both contexts serves related fair lending purposes, the two
regulations have different legal authorities, cover different markets,
and were developed at different times. The Bureau has specifically
tailored the collection of sex data under this final rule implementing
section 1071 for the small business lending context, in consideration
of the comments received and of continuing developments in Federal
government's approach to collecting information about sex, gender
identity, and sexual orientation.
---------------------------------------------------------------------------
\760\ As the Bureau is exempting HMDA-reportable transactions
from the data collection requirements of the final rule, in Sec.
1002.104(b)(2), strict consistency between reporting categories is
unnecessary.
---------------------------------------------------------------------------
The Bureau has also considered commenters' statements that small
business applicants may feel uncomfortable and have privacy concerns
about providing sensitive information to lenders related to the sex of
their principal owners. As discussed in greater detail in part VIII
below, after receiving a full year of reported data, the Bureau will
assess privacy risks associated with this data and on that basis, make
appropriate pre-publication modification and deletion decisions. The
Bureau takes the privacy of such information seriously and intends to
make appropriate modifications and deletions.
Commenters also included suggestions for whether to allow
applicants to select only one or multiple response categories in
response to questions related to a principal owner's sex. As explained
above, the Bureau has decided to include only a self-describe response
option in response to the question about a principal owner's sex/gender
at this time, rendering these comments moot.
One commenter stated that providing information about a principal
owner's sexual orientation and gender identity should be optional for
the applicant. The Bureau agrees, and applicants have a right to refuse
to provide responses to questions about protected demographic
information. As explained in final comment 107(a)(19)-1, financial
institutions must permit an applicant to refuse to answer the financial
institution's inquiry and must inform the applicant that it is not
required to provide the information.
With regard to some commenters' suggestion that questions about a
principal owner's gender identity and sexual orientation should be
optional for financial institutions, the Bureau is not requiring
separate questions for sex, gender identity, and sexual orientation for
the reasons above. Thus, these commenters' suggestion is moot.
The Bureau does not believe it would be appropriate, however, to
remove the requirement to collect principal owners' sex, suggested by
some commenters. As discussed above, the collection of information
about sex is required under section 1071.
The Bureau is not requiring financial institutions to report what
sex or gender is indicated on a principal owner's State driver's
license, as requested by one commenter. As the commenter acknowledged,
State requirements differ as to what residents may select as to their
sex and/or gender on their State government-issued identification and
the available selections may not be adequate as to a principal owner's
self-
[[Page 35369]]
identified sex and/or gender. As noted above, the Bureau believes that
the collection of principal owners' sex information under this rule
should be based solely on an applicant's self-identification. However,
as the commenter also pointed out, some governmental authorities allow
individuals to indicate their sex as ``X'' in government-issued
documents. Nothing in this rule would interfere with a principal owner
choosing to designate their sex in that way in the self-describe
response option.
With regard to one commenter's statement that the Bureau should not
allow the use of previously collected information due to concern about
misuse of such data, the final rule specifies how previously collected
information may be used, as discussed further in the section-by-section
analyses of Sec. Sec. 1002.107(d) and 1002.110(e) below.
Regarding a commenter's suggestion that the Bureau should consult
further with stakeholders before finalizing any publication of
information about sexual orientation and gender identity of principal
owners, the Bureau intends to engage further with stakeholders before
publishing data, as discussed in part VIII below.
Proposed Rule--Collecting Ethnicity and Race via Visual Observation or
Surname in Certain Circumstances
The Bureau proposed that financial institutions be required to
collect and report at least one principal owner's ethnicity and race
based on visual observation and/or surname in certain circumstances.
This would have been required if the financial institution met in
person with one or more of the applicant's principal owners and the
applicant did not provide ethnicity, race, or sex information for at
least one principal owner in response to the financial institution's
inquiry pursuant to proposed Sec. 1002.107(a)(20).
The Bureau noted that demographic response rates in the SBA's
Paycheck Protection Program data are much lower when compared to
ethnicity, race, and sex response rates in HMDA data.\761\ The Bureau
reasoned that without a visual observation and/or surname collection
requirement, meaningful analysis of principal owner ethnicity and race
data could be difficult, significantly undermining section 1071's
purposes. Historically, one challenge under HMDA has been the
reluctance of some applicants to voluntarily provide requested
demographic information, such as ethnicity and race. The Bureau
explained that the requirement in Regulation C to collect race, sex,
and ethnicity on the basis of visual observation or surname is an
important tool to address that challenge, and that it believes that the
requirement has resulted in more robust response rates in the HMDA
data.
---------------------------------------------------------------------------
\761\ Small Bus. Admin., Paycheck Protection Program Weekly
Reports 2021, Version 11, at 9 (effective Apr. 5, 2021), https://www.sba.gov/sites/default/files/2021-04/PPP_Report_Public_210404-508.pdf. Paycheck Protection Program data were taken from 2021 loans
for which the collection form for principal owner demographics was
included in the application itself and, for most of that time, was
featured on the first page of the application.
---------------------------------------------------------------------------
Accordingly, the Bureau proposed that financial institutions
collect at least one principal owner's ethnicity and race (but not sex)
on the basis of visual observation and/or surname in the circumstances
described above. Under the Bureau's proposal, a financial institution
would not have been required to collect ethnicity and race via visual
observation and/or surname if the applicant provided any demographic
information regarding any principal owner. For applicants with multiple
principal owners, the financial institution may not be able to
determine whether the applicant had provided the demographic
information of the principal owner who met in person with the financial
institution or for another principal owner. The Bureau sought comment
on this proposed approach. The Bureau also sought comment on whether a
financial institution should be required to collect a principal owner's
ethnicity and/or race via visual observation and/or surname if the
applicant has only one principal owner, the applicant does not provide
all of the principal owner's requested demographic information, and the
financial institution meets in person with the principal owner. The
Bureau noted that in this situation, the financial institution would be
able to ``match'' any demographic information that the applicant
provides with the correct principal owner because there is only one
principal owner.
Proposed comment 107(a)(20)-9 would have explained that a financial
institution would be required to report ethnicity and race based on
visual observation and/or surname in certain circumstances. It would
have further explained that a financial institution would not be
required to report based on visual observation and/or surname if the
principal owner only meets in person with a third party through whom
the applicant is submitting an application to the financial
institution.
Proposed comment 107(a)(20)-10 would have clarified that a
financial institution meets with a principal owner in person if an
employee or officer of the financial institution or one of its
affiliates has a meeting or discussion with the applicant's principal
owner about an application and can visually observe the principal
owner. The proposed comment would have also provided examples of
situations where the financial institution meets in person with a
principal owner and where it does not. The Bureau requested comment on
this approach and whether there should be additional or different
examples.
Proposed comment 107(a)(20)-11 would have clarified that a
financial institution uses only aggregate categories when reporting
ethnicity and race based on visual observation and/or surname and would
have directed financial institutions to proposed appendix G for
additional information on collecting and reporting ethnicity and race
based on visual observation and/or surname. The Bureau requested
comment on whether to permit, but not require, financial institutions
to use the disaggregated subcategories as well when reporting ethnicity
and race based on visual observation and/or surname.
In addition to the specific matters identified above, the Bureau
sought comment on its proposed approach to this data point, the
proposed methods of collecting and reporting the data, and on whether
additional clarification regarding any aspect of this data point is
needed.
Comments Received--Collecting Ethnicity and Race via Visual Observation
or Surname in Certain Circumstances
General comments. The Bureau received comments from many banks,
trade associations, community groups, members of Congress, small
business owners, service providers, and others on its proposal that
financial institutions be required to collect at least one principal
owner's ethnicity and race on the basis of visual observation and/or
surname under certain circumstances. A community group, a joint letter
from community and business advocacy groups, and a CDFI lender
supported the proposed requirement, emphasizing that demographic data
collection via visual observation and surname analysis has been
required by Regulation C for many years. The community group also
commented that ethnicity and race information, including information
collected via visual observation and/or surname as proposed, will allow
data users to assess how the experiences of small businesses differ by
approximate amount of minority ownership in the
[[Page 35370]]
business, particularly when combined with information about an
applicant's number of principal owners under proposed Sec.
1002.107(a)(21).
Many commenters objected to the proposed requirement. A number of
industry commenters stated that the Bureau should require only the
reporting of applicant-provided data. A number of agricultural lenders,
a trade association, a service provider, a community group, and a
business advocacy group stated that while they support the collection
of demographic information and the need for robust data, they do not
support the proposed requirement. A few industry commenters said that
the Bureau should only require best efforts to collect demographic
information.
Use of visual observation and surname to collect sex. A number of
commenters, including banks, trade associations, community groups, and
LGBTQI+ advocacy groups, supported the Bureau's proposal to not require
the use of visual observation and/or surname to report a principal
owner's sex. Several LGBTQI+ advocacy groups commented that visual
observation of the gender expression of principal owners would
inevitably rely upon sex stereotypes and lead to inaccurate
determinations of sex, gender identity, or sexual orientation. A
community group similarly stated that it would not be possible in some
cases to use visual observation to accurately identify gender. Several
industry commenters stated that requiring financial institutions to
determine the sex of principal owners would make employees
uncomfortable and potentially offend applicants who had declined to
provide this information.
In contrast, some banks requested that the visual observation and
surname requirement for this rule be aligned with Regulation C and thus
apply to data on sex as well as for ethnicity and race. These
commenters said that alignment with Regulation C would reduce reporting
errors and financial institutions' compliance burden because financial
institutions would not need to use additional resources to understand
and implement different data collection requirements.
Data accuracy and related concerns. Many commenters, including a
range of lenders, trade associations, community groups, several members
of Congress, business advocacy groups, and others, were concerned that
the proposed requirement would yield unreliable ethnicity and race
data.
Some commenters argued that such a requirement would introduce
error, bias, and subjectivity into the data collection process, leading
to inaccurate or distorted data. Several said that such purported bias
should not be part of the underwriting process or that section 1071 was
intended to combat this type of bias. One commenter said that banks do
not consider the ethnicity, race, or gender of small business
applicants and argued that they should not be required to guess such
information. Other commenters asserted that inaccuracies in the
collected data would not support rigorous analysis, would not serve the
purposes of section 1071, and would be inconsistent with congressional
intent to collect reliable data on small business credit. Several other
commenters similarly stated that data collected via visual observation
or surname would impair analyses, conclusions, and policies based on
such data.
Several commenters asserted that data collected pursuant to the
proposed requirement would be inaccurate because the process would be
based on or encourage the use of racial stereotypes or assumptions.
Several other commenters asserted that ethnicity and race
determinations made by visual observation have been prone to error or
unreliable, with some citing materials on own-race bias, other-race
effect, and similar issues. Some commenters predicted that the proposed
requirement may cause some lenders to rely on surname alone to avoid
determining ethnicity and race based on visual observation. Others said
that the proposed requirement should not be finalized because it could
risk perpetuating discrimination and insert racial stereotyping into
application processes, posing risks to applicants and financial
institutions alike. A community group stated that the proposed data
collection method raises fair lending concerns. With respect to
reporting ethnicity and race based on surname, several commenters
asserted that surname analysis was unreliable and obsolete.
Commenters also identified specific circumstances that they said
could lead to inaccurate ethnicity and race determinations based on
visual observation and surname. Some commenters argued that the
provision does not account for situations such as adoption, surname
changes, and multi-ethnic or multi-racial identities. Other commenters
alleged that visual observation and surname analysis would likely be
inaccurate or unreliable as a result of increasing demographic
diversity. Several asserted that racial and ethnic identities are
personal, influenced by a number of different factors, and should be
confirmed only by the applicant. Another commenter likewise stated that
the Bureau should only require lenders to report based on applicant-
provided data to promote accuracy and inclusivity. Several commenters
noted that a principal owner's ethnicity and race could be reported
differently by different lenders under the proposed requirement.
Some commenters said that loan officers and bank employees lack the
expertise or training to make ethnicity and race determinations, and
that the proposed requirement would lead to guessing. Another commenter
said the proposed requirement would create training and other
employment hurdles without producing meaningful information.
Several commenters noted that the proposed requirement would result
in inaccurate data when the person filling out the application is not a
principal owner of the business, but rather an employee. Commenters
also asserted that data would be misleading when the ethnicity and race
of the principal owner meeting with the bank is not representative of
the other principal owners of the business. One commenter asserted that
the proposed requirement could subject lenders to liability because
they do not always interact with principal owners.
Some commenters opposed the proposed requirement on the grounds
that data collected using this method would be, they said, generally
unrepresentative of small business applicants. They predicted low
response rates to inquiries about ethnicity and race for this rule,
based on the experience of the Paycheck Protection Program, and argued
that ethnicity and race data would be based on visual observation and
surname analysis for a disproportionate number of applications, which
these commenters posited would result in inaccurate data. Several
commenters stated that, as a result, inaccuracies attributable to the
use of visual observation and surname analysis would be magnified,
making the data collected unrepresentative of the applicant population
and not useful for any analyses. Others commented that ethnicity and
race data reported based on visual observation or surname would be both
inaccurate and unrepresentative because of the increased use of digital
application processes with no visual component. A trade association
anticipated low applicant response rates to the demographic questions
based on its members' experience that customers express anger or are
reluctant to provide ownership information as required by FinCEN's
customer due diligence rule. This commenter expected that
[[Page 35371]]
applicants would not want to provide demographic information due to
concerns that it would be used in the credit process, despite any
assurances to the contrary on the sample data collection form.
Customer relationships. Many commenters asserted that the proposed
requirement would impair customer relationships, citing small business
lending as more relationship-dependent than other forms of credit. A
number of commenters stated that it would make bank employees and
applicants uncomfortable, with some suggesting specifically that this
could occur when in-person applicants witness employees filling out
demographic information that the applicants declined to provide. A
number of commenters likewise said it would negatively impact customer
relationships. One argued that because banks are more likely to have
ongoing interactions with a small business owner than someone seeking a
mortgage, offense taken from visual observation or surname analysis
would be more detrimental.
Several agricultural lenders expressed concern that the disclosure
on the proposed sample data collection form informing applicants about
the obligation of lenders to report ethnicity and race information
through visual observation and/or surname analysis would be negatively
received by applicants, stating that applicants might perceive the
notice as an indication that the lender intends to or must contradict
the applicant's wishes. A trade association suggested that applicants
would feel uncomfortable providing their demographic information if
they receive notice that such information would not be subject to a
firewall, which would lead to a greater use of visual observation and
surname analyses.
Right to refuse. A range of commenters opposed the proposal on the
grounds that applicants have a right to decline to provide demographic
information. One commenter said that the proposed requirement would
further damage the public's confidence in financial institutions and
heighten privacy concerns, because it would contradict an applicant's
decision to not provide the requested information. Several cited the
high percentage of Paycheck Protection Program loan applicants that did
not report demographic data as showing applicant concerns about privacy
and the importance of voluntary reporting.
Some commenters stated that the proposal is inconsistent with, or
that it inappropriately circumvents, section 1071's provision that an
applicant may refuse to provide protected demographic information and
urged the Bureau to respect that right. One commenter said that section
1071 is structured to require financial institutions to make inquiries
for their customers' information and to allow applicants to refuse to
provide such information; given this framework, the commenter
questioned whether requiring collection would be permissible under the
statute when an applicant has already refused to provide the
information. One commenter said that applicants may not understand that
if they decline to answer demographic inquiries that lenders will
determine and report their ethnicity and race anyway. Several
commenters highlighted that HMDA, in contrast to section 1071, does not
provide a comparable right of refusal.
Burden and cost. A few commenters objected to the proposed
requirement on the grounds that it would impose significant costs on
some lenders. One commenter identified costs to create and maintain
policies and procedures, apply these consistently, conduct ongoing
training, and audit compliance, while another said the proposal would
require substantial changes to its loan processes, systems, and
compliance protocols to implement. A commenter said that reliance on
proxying, inference, or visual observation would impose a number of
cost and compliance concerns. Several commenters asserted that lenders
may face substantial costs to train employees to make determinations;
one said this training could be complex for front-line employees who
are currently taught that ECOA and other laws prohibit the collection
of ethnicity and race information. A CDFI lender stated that the
proposed requirement would impose less burden on larger banks and
online lenders, either because they will have a higher number of online
loan applications or because they already report demographic
information on the basis of visual observation and surname under HMDA.
Response rates. Several commenters disputed that the higher
responses rates in HMDA data, compared with lower response rates in
Paycheck Protection Program data, could be attributed to HMDA's visual
observation and surname requirement, and also disputed that this
proposed requirement could improve response rates for financial
institutions complying with the small business lending rule. Some
suggested that the Bureau's concern with low response rates based on
the Paycheck Protection Program experience is misplaced, arguing that
those response rates were attributable to the program's emergency
nature, and the rush by all parties to submit and process applications.
Commenters also noted that Paycheck Protection Program may not inform
the likely response rates under this rule because that program covered
a wider range of businesses than the Bureau's proposal.
Purported conflicts with ECOA and Regulation B. Some commenters
raised concerns about conflicts between the proposed requirement and
subpart A of Regulation B and ECOA. One commenter stated that the
proposed requirement is prohibited by 12 CFR 202.5, which provides that
a creditor may not inquire about the race, color, religion, national
origin, or sex of an applicant or any other person in connection with a
credit transaction. Several commenters said that the proposed
requirement would require bank employees to consider factors that ECOA
prohibits creditors from considering. Commenters also generally stated
that the proposed requirement conflicts with the fair lending training
provided to bank employees and will insert race as a factor in the
credit application process.
Several commenters said that a visual observation and surname
requirement would not align with, or would violate, the statutory
firewall requirement, noting that the lenders would have to determine a
borrower's ethnicity and race but then have to ``forget'' and isolate
the information when making credit decisions. One requested that
information collected via visual observation and/or surname not be
subject to the firewall provision because of the difficulty in
maintaining the firewall requirements for data collected this way.
In-person meetings. A number of commenters raised concerns that the
proposed requirement would damage the relationships that community
banks, traditional banks, or small- to mid-sized banks have with their
customers. One asserted that in-person interactions are important for
community lenders, such as CDFI banks, to understand customers, to make
customers feel comfortable, and to identify products and services
responsive to the needs of lower income and other underserved
communities. Others emphasized that such lenders value and rely on
repeated, in-person interactions with customers, saying that the
proposed requirement would disproportionately affect them, but would
favor large banks and online lenders that did not see applicants and
thus would not have to employ the visual observation or surname
analysis. One commenter suggested that all lenders should be subject to
the
[[Page 35372]]
proposed requirement, because online lenders can still conduct surname
analyses. Another said that the proposed requirement would
disproportionately subject CDFI lenders to the risks of reporting
inaccurate data, including reputational damage, and greater operational
and compliance burden. A commenter urged that the Bureau exempt
community banks from the proposed requirement.
In contrast, some commenters suggested that the proposed
requirement would not generate much data as a result of a shift away
from in-person interactions, thus limiting or negating its value. One
such commenter predicted that much small business lending will likely
be through credit cards, which it said would not provide an opportunity
to implement the requirement, and as a result data collected via visual
observation and surname would be associated with certain loan types
that may be received by higher revenue applicants.
Some commenters suggested that lenders, their employees, and
applicants would try to avoid visual observation and surname analysis.
Several said that the proposed requirement would discourage loan
officers and applicants from meeting in person or by video call. Others
stated that some banks may shift applications online, impairing the
personal interaction some banks have with their communities. One
commenter predicted that the proposed requirement would discourage
small business applicants from seeking credit.
Another commenter argued that the proposed requirement is
unnecessary because financial institutions do not always meet with the
principal owners of a business. Several commenters said that ethnicity
and race determinations from visual observation and surname analysis
may not be representative of the applicant population, would be
inconsistent, and would not be comparable to other data.
One commenter said that the requirement would be difficult to apply
because a financial institution may not know if the principal owner's
demographic information had already been collected to assess if the
visual observation and surname requirement applies, such as in the
context of a brief interaction that is later determined to be an in-
person meeting that would trigger the proposed requirement. Others
asked for clarity on whether the proposed requirement would be
triggered if any bank employee met in person with a principal owner,
even if not involved with the credit application (for example when
signing closing documents). Another commenter stated that financial
institutions should not be required to determine if an individual is a
principal owner, a necessary condition to collect data on a principal
owner's ethnicity and race via visual observation and surname analysis,
if the small business applicant chooses not to disclose its ownership
structure.
Litigation and compliance risk. Some commenters were concerned that
the proposed requirement would subject financial institutions and their
employees to enforcement actions or litigation if they erred in
determining a principal owner's ethnicity or race. Several stated that
despite good faith efforts, such errors could subject lenders to
examiner scrutiny, litigation, negative media, and erroneous
discrimination claims by third parties, or subject them to customer
complaints. One commenter stated that regulators could use financial
institutions' best-guess, but erroneous determinations to pursue
disparate impact cases, or customers could bring discrimination cases,
if they are able to reverse engineer the inadvertently incorrect
ethnicity or race determinations made by financial institutions. A
community group suggested that financial institutions would avoid
reporting ethnicity or race at all to avoid litigation risk.
Several business advocacy groups suggested that certain lenders may
use this provision to fabricate ethnicity and race data in order to
make their lending practices appear more equitable, accessible, and
unbiased.
Implementation and other comments. A number of commenters offered
specific suggestions regarding particular aspects of the proposal,
notwithstanding other objections they may have raised regarding whether
it should be finalized at all. Several urged the Bureau to provide
guidance materials and sample disclosures, and to engage in education
efforts to encourage applicants to self-report their demographic
information, with some suggesting these options in place of the
proposed provision. Some said the Bureau should develop guidance that
lenders could use to avoid questions of interpretation and to learn
about resources they can use to make ethnicity and race determinations
on the basis of a principal owner's surname. Several suggested that the
Bureau provide a uniform surname classification standard.
One commenter requested an exemption from the proposed requirement
(and the collection of ethnicity and race generally) for retail credit,
on the grounds that many applicants will decline to provide demographic
information about their principal owners given the sensitivity of the
information. Other commenters stated that automobile and truck dealers
had expressed concerns about the proposed requirement and did not think
it would be possible to report detailed demographic information based
on visual observation. Another commenter recommended that the Bureau
exempt sole proprietors from the proposed requirement, noting that sole
proprietor transactions are unique and may not provide meaningful data
on the commercial credit market served by small, non-bank lenders.
Several commenters opposed the proposed requirement, arguing that
the use of visual observation and surname is outdated. Two commenters
stated that these methods employed in Regulation C were implemented
many years ago, and that the Bureau should follow more current
government agency practices, citing a 2021 policy memo from USDA \762\
rescinding the use of visual observation to determine ethnicity or race
for certain Federal food programs. One commenter stated that, as with
participants in the USDA programs, some small business owners may not
want their ethnicity or race determined by others, may perceive
discriminatory treatment, and may avoid applying for credit.
---------------------------------------------------------------------------
\762\ U.S. Dep't of Agric., Collection of Race and Ethnicity
Data by Visual Observation and Identification in the Child and Adult
Care Food Program and Summer Food Service Program--Policy Recission
(May 17, 2021), https://www.fns.usda.gov/cn/Race-and-Ethnicity-Data-Policy-Rescission.
---------------------------------------------------------------------------
One commenter stated that the scope of the proposed requirement was
unclear, noting that the NPRM preamble and proposed commentary provided
that a financial institution would have to identify at least one
principal owner by visual observation or surname if the applicant does
not provide the ethnicity and race of at least one principal owner,
even though institutions are obligated to collect the ethnicity, race,
and sex of each of the small business applicant's principal owners.
Several commenters requested that financial institutions should only be
required to collect aggregate ethnicity and race categories.
One commenter suggested the use of an automated proxy analysis of
surnames as an alternative to the proposed requirement. Another said
that the Bureau could determine ethnicity and race with the data
reported by lenders based on surname analysis.
Several commenters urged that, if the proposed requirement is
finalized, demographic data should note when they are collected via
visual observation or surname.
[[Page 35373]]
Final Rule--Collecting Ethnicity and Race via Visual Observation or
Surname in Certain Circumstances
The Bureau is not finalizing its proposed visual observation and/or
surname analysis requirement for the reasons set forth below. Final
Sec. 1002.107(a)(19) (proposed as Sec. 1002.107(a)(20)) no longer
includes references to the reporting of ethnicity and race based on
visual observation and surname. The Bureau is likewise not adopting
proposed comment 107(a)(20)-9, regarding reporting based on visual
observation and/or surname; proposed comment 107(a)(20)-10, regarding
meeting in person with a principal owner; and proposed comment
107(a)(20)-11, regarding the use of aggregate categories when reporting
using visual observation or surname. The Bureau has also removed other
references to the collection of ethnicity and race data via visual
observation and/or surname from other locations in the final rule.
In making this decision, the Bureau carefully considered the
numerous comments it received, the statute, the history of the use of
visual observation and surname analysis under HMDA, and the recent
history of the collection of demographic information related to the
Paycheck Protection Program. The Bureau believes, based on its
expertise and the longstanding use of visual observation and surname
analysis in HMDA, that collection of demographic information via visual
observation or surname analysis has the capacity to improve response
rates for demographic information--without particular risk to data
accuracy,\763\ introduction of bias or racial stereotyping into the
underwriting process,\764\ increased litigation/compliance risk, or
violations of existing ECOA/Regulation B,\765\ as suggested by some
commenters. The Paycheck Protection Program experience also suggests
that there may be benefits in such a requirement.
---------------------------------------------------------------------------
\763\ While some commenters suggested that data inaccuracies
from visual observation and surname analysis would have limited the
usefulness, integrity, reliability, or quality of the collected data
and conclusions or policies based upon the data, the Bureau has not
found this to be the case in HMDA and would not expect it to be so
here either. A loan officer reporting their perception of an
applicant's ethnicity and race could not do so ``incorrectly''
(other than by intentionally mis-reporting their perception); in
fact, a loan officer's perception of an applicant's protected
demographic information may be more important for fair lending
analyses than how the applicant self-identifies.
\764\ Collecting lenders' perceptions of the ethnicity and race
of applicants, whether or not such perceptions are what the
applicant would consider ``accurate,'' could have enabled an
analysis of potential bias by lenders. But the mere recordation of
those perceptions is unlikely to create bias on the basis of those
perceptions.
\765\ Inquiring about an applicant's ethnicity and race (or
collecting such information via visual observation or surname, if
the Bureau were finalizing that aspect of the proposal) will not, in
fact, violate Regulation B's prohibition on inquiring about certain
protected characteristics of an applicant in connection with a
credit transaction, nor is doing so under HMDA/Regulation C a
violation. Regulation B implements ECOA, of which section 1071 is a
part. Section 1002.5 of Regulation B, and its amendments under this
final rule, make clear that the collection of ethnicity and race
pursuant to this rule would not violate Regulation B.
---------------------------------------------------------------------------
Nonetheless, the Bureau believes that a requirement to collect
principal owners' ethnicity and race via visual observation or surname
could pose particular challenges for small business lending that are
not present in mortgage lending. For example, applicants and co-
applicants are clearly identified as such in mortgage applications--
making it obvious whose demographic information has, or has not, been
self-reported. In contrast, this final rule--as mandated by section
1071--requires a record of the applicant's responses to a request for
protected demographic information to be kept separate from the
application, and prohibits inclusion of personally identifiable
information in records compiled and maintained pursuant to this rule.
This could make tracking whose information has, or has not, been self-
reported by the applicant particularly challenging. As commenters
pointed out, a financial institution might be interacting with a
representative of a small business who is not a principal owner, or the
institution may not know--particularly early in the application
process--if a particular person is a principal owner.
In addition, the Bureau is mindful, consistent with the comments it
received, that much of the lending to small businesses in smaller
communities and in underserved and rural areas occurs through
relationship banking that involves more frequent and more personal
contact with applicants. The Bureau is also mindful of concerns raised
by lenders that rely on in-person engagement that their customer
relationships may be negatively impacted by customer discomfort with a
visual observation and surname data collection requirement,
particularly during initial implementation of this final rule. The
Bureau also acknowledges the concerns expressed by commenters that bank
employees may feel uncomfortable making ethnicity and race
determinations on the basis of visual observation or surname. On the
other hand, the Bureau acknowledges comments that the prevalence of
online lending processes and use of credit cards in small business
lending could mean few opportunities for in-person or video-enabled
meetings and thus for the collection of ethnicity and race via visual
observation or surname.
The Bureau's decision not require financial institutions to collect
principal owners' ethnicity and race information via visual observation
or surname at this time renders moot the comments about implementation
of such a requirement, as well as those suggesting alternatives to the
proposal.
The Bureau intends to actively monitor financial institutions'
response rates to inquiries regarding demographic data to ensure that
applicants are not being discouraged in any way from providing their
demographic data pursuant to this final rule and to determine whether
any future adjustments to the rule may be warranted.
107(a)(20) Number of Principal Owners
Proposed Rule
Proposed Sec. 1002.107(a)(21) would have required financial
institutions to collect and report the number of the applicant's
principal owners. Proposed comment 107(a)(21)-1 would have explained
that a financial institution would be able to collect an applicant's
number of principal owners by requesting the number of principal owners
from the applicant or by determining the number of principal owners
from information provided by the applicant or that the financial
institution otherwise obtains. If the financial institution asks the
applicant to provide the number of its principal owners, proposed
comment 107(a)(21)-1 explained that the financial institution would
have been required to provide the definition of principal owner set
forth in proposed Sec. 1002.102(o). The proposed comment also
clarified that, if permitted pursuant to proposed Sec. 1002.107(c)(2),
a financial institution could report an applicant's number of principal
owners based on previously collected data.
Proposed comment 107(a)(21)-2 would have clarified the relationship
between the proposed requirement to collect and report the number of
principal owners in proposed Sec. 1002.107(a)(21) with the proposed
requirement to report verified information in proposed Sec.
1002.107(b). The proposed comment would have stated that the financial
institution may rely on an applicant's statements in collecting and
reporting the number of the applicant's principal owners. The financial
institution would not have been required to verify the number of
[[Page 35374]]
principal owners provided by the applicant, but if the financial
institution did verify the number of principal owners, then the
financial institution would report the verified number of principal
owners.
Proposed comment 107(a)(21)-3 would have stated that pursuant to
proposed Sec. 1002.107(c)(1), a financial institution would be
required to maintain procedures reasonably designed to collect
applicant-provided information, which includes the applicant's number
of principal owners. However, the proposed comment would have explained
that if a financial institution is nonetheless unable to collect or
determine the number of principal owners of the applicant, the
financial institution would report that the number of principal owners
is ``not provided by applicant and otherwise undetermined.''
In addition to seeking comment on its proposed approach to the
collection and reporting of the number of principal owners generally,
the Bureau also sought comment on whether to instead, or additionally,
require collection and reporting of similar information about owners
(rather than principal owners). The Bureau raised, as an example,
whether financial institutions should be required to collect and report
the number of owners that an applicant has that are not natural
persons.
Comments Received
The Bureau received comments on this aspect of the proposal from a
number of lenders, trade associations, and community groups. Two
lenders and a community group supported the Bureau's proposal for
collecting and reporting the number of an applicant's principal owners.
The community group stated that the information would help determine
whether experiences in the small business lending marketplace are
different if an owner is a woman or minority, even if a small business
does not meet the criteria for a minority-owned or women-owned
business. Further, knowing the number of a business's principal owners
would help data users identify businesses with varying percentages of
ownership by women or minorities above or below the 50 percent
threshold for minority-owned or women-owned businesses. One lender
stated that the number of principal owners data point, along with
others proposed by the Bureau, would provide insight on the quality of
capital being accessed by small businesses, assist in showing how
financial institutions compare across different metrics, and help
determine if an institution is engaged in equitable lending. This
commenter also stated that in its experience, there are a number of
small business lending programs and funding opportunities that require
similar data. Thus, this commenter stated its expectation that the
reporting requirements in the Bureau's final rule would satisfy
requirements across a number of such programs and reduce administrative
burden. Specifically, the commenter noted that it had gathered similar
data on owners for Paycheck Protection Program loans it originated.
A number of lenders and trade associations opposed the Bureau's
proposal to collect information about the number of an applicant's
principal owners. Two such commenters stated that the information does
not serve the purposes of section 1071, unless it is to allow second
guessing of applicant-provided responses as to their minority-owned or
women-owned status or the Bureau intends to require the collection of
ethnicity, race, and sex data for all of an applicant's principal
owners. One bank stated that the proposed number of principal owners
data point would not offer any insight into lending patterns, as it is
not considered in the underwriting process. Another bank argued that
the data point is not necessary because there is no evidence that
lenders use an applicant's number of principal owners as a basis for
discrimination. One bank questioned the benefit of collecting such
information, stating that a business's ownership and principals may
change on a day-to-day basis. Another commenter stated that the
information collected may inadequately or erroneously describe an
applicant's ownership structure, particularly where the legal structure
of the applicant's ownership may make such determinations difficult.
Several commenters also stated that the data point is unnecessary,
because similar information is already collected in other contexts
(such as under FinCEN's customer due diligence rule) and regulators
already examine banks for fair lending compliance.
Several commenters cited costs and burden as the basis for their
objections. Two banks stated that it would be expensive to collect the
information, with one also noting that the costs would be passed down
to customers and communities. Another bank stated that because it does
not collect information about the number of an applicant's principal
owners currently, the proposed requirement would entail changes to its
operating procedures and suggested that the Bureau could obtain this
information from the Internal Revenue Service instead. With regard to
indirect vehicle financing transactions, a trade association stated
that information about the number of principal owners is not part of
the data transmitted between dealers and finance companies and is not
used for business purposes, thus technical and process changes would be
needed to collect and report the data.
A few industry commenters objected to the collection and reporting
of the number of an applicant's principal owners on the basis of
privacy, stating that the data point could be used to identify
applicants. One said that this concern was particularly relevant for
small communities with limited numbers of small businesses. Two others
urged the Bureau to not publish the data point publicly to protect
applicants' privacy.
An agricultural lender said it was unclear how financial
institutions should report the number of principal owners for family
farmers. This lender emphasized that the ownership of many family farm
businesses is complex and may involve multiple business entities for
risk management purposes, with separate entities for different farm
operations. The commenter provided as an example a situation where a
person owns only one farm parcel but works several farm parcels that
are owned by a parent through multiple business entities and trusts.
Some industry commenters objected to this proposed data point as
part of their general objection to the Bureau's data points proposed
pursuant to ECOA section 704B(e)(2)(H). These commenters generally
argued that such data points, including the number of an applicant's
principal owners, do not add value or advance the purposes of achieving
fair lending or of ECOA; are not used or collected for underwriting or
financial analysis; go beyond what other laws require financial
institutions to collect; add unnecessary complexity and detail to the
rule; and would add to the burden and costs for implementing the rule,
especially for small covered financial institutions.
Two industry commenters objected to the data point on the grounds
that in the absence of other information about an applicant's
ownership, such as the number of owners or percentages of ownership,
the information could lead to incorrect assumptions about the ownership
structure of a small business applicant. For example, the commenters
noted that if demographic data are reported for one individual, it
could lead to a conclusion that the applicant has only one principal
owner, when the applicant has several owners, but only
[[Page 35375]]
one with more than a 25 percent ownership share.
Two commenters urged the Bureau to provide a regulatory safe harbor
for reporting information about an applicant's number of principal
owners, as part of a global safe harbor for all applicant provided
data, or a safe harbor similar to that in proposed Sec. 1002.112(c).
Several community groups suggested additional data points related
to ownership. One such commenter suggested that the Bureau require
financial institutions collect and report the percentage amount of a
principal owner's ownership. This information, argued the commenter,
would enable the Bureau to refine its data and reveal specific
disparities in lending by ownership composition. Another commenter
suggested that the Bureau require financial institutions to ask
applicants for the number of individuals who own less than 25 percent
of the applicant, to provide more insight on the distribution of small
businesses and their experiences. One other commenter instead suggested
that the Bureau add additional data points to measure the percentage of
ownership by women and by people of color, to further enable
evaluations of access to credit based on the proportion of ownership
and control by such individuals.
A joint letter from community and business advocacy groups
requested that the Bureau clarify proposed comment 107(a)(21)-3, which
stated that if a financial institution is unable to collect or
``otherwise determine'' an applicant's number of principal owners, the
financial institution should report it as unknown. The community groups
asked the Bureau to clarify the meaning of the phrase ``otherwise
determine,'' and specifically whether financial institutions may limit
its investigation to documents obtained from the applicant in the
normal course of an application, or if they have an obligation to
conduct a due diligence investigation of corporate records.
Final Rule
For the reasons set forth herein, the Bureau is finalizing the
requirement for financial institutions to collect and report the number
of an applicant's principal owners, renumbered as Sec.
1002.107(a)(20), and its associated commentary. In consideration of the
comments received, the Bureau is doing so pursuant to its authority
under ECOA section 704B(g)(1) to prescribe such rules and issue such
guidance as may be necessary to carry out, enforce, and compile data
under section 1071 and under ECOA section 704B(e)(2)(H), which
authorizes the Bureau to require financial institutions to compile and
maintain ``any additional data that the Bureau determines would aid in
fulfilling the purposes of [section 1071].''
The Bureau believes that the information will provide important
context for other information collected and reported under the rule and
thus serve the purposes of section 1071. The Bureau acknowledges that,
as argued by commenters, the number of an applicant's principal owners
may not be information considered by financial institutions in the
underwriting process or, by itself, serve as the basis of
discrimination. However, as noted by other commenters, information
about the number of small businesses' principal owners will help data
users, including the Bureau, understand how small business applicants'
experiences in the lending marketplace differ on the basis of the
demographic composition of their ownership and identify business and
community development needs and opportunities. Thus, even if an
applicant is not a women-owned, minority-owned, or LGBTQI+-owned
business under Sec. 1002.107(a)(18), through the number of principal
owners data point, data users will still have some insight into what
proportion of the small business's ownership has the demographic
characteristics provided by the applicant.
The Bureau acknowledges some commenters' concerns that the number
of principal owners data point would not provide a comprehensive
picture of an applicant's ownership structure. Final Sec. 1002.102(o)
defines a principal owner as an individual who directly owns 25 percent
or more of the equity interests of a business. As a result, the
requirement to collect information about the number of an applicant's
principal owners will not account for individuals with either indirect
ownership or less than 25 percent ownership in the business. However,
the Bureau believes that this supports, rather than counsels against,
inclusion of this data point in the final rule.
The Bureau also is not adding other data points related to
ownership to the final rule. The Bureau considered the general
likelihood that an individual responding for the applicant would know
the information being requested in formulating its proposal. The Bureau
believes that applicants are likely to know the number of its principal
owners and will be willing to provide that information. Overall, the
Bureau believes that the number of principal owners data point,
particularly in combination with information about an applicant's
business statuses under Sec. 1002.107(a)(18), strikes a balance so
that the Bureau is likely to receive useful data that will allow it and
others to develop a nuanced understanding of small business lending
practices generally, even if it does not present a complete picture of
each applicant's ownership structure.
The Bureau does not believe that the fact that some applicants have
complicated ownership structures necessitates removal of this data
point from the final rule. Although some small business applicants,
such as family farmers, may have ownership structures where there are
many owners and/or where ownership is through various business
entities, the rule's definition for principal owner means that
applicants would be required to identify only individuals, and not
entities or trusts, with direct ownership in the business and would not
need to trace ownership through multiple business entities or provide
information about individuals with small equity shares in the business.
Under comment 107(a)(20)-1, this definition would be provided to an
applicant in conjunction with the request for the number of its
principal owners. The Bureau believes that the straightforward
definition in Sec. 1002.102(o) will assist applicants in providing
this information.
Further, the Bureau believes the information about the number of an
applicant's principal owners will be useful and facilitate the purposes
of section 1071, even if a specific applicant's ownership changes over
time. Under the Bureau's proposal, as with the final rule, applicants
are asked for information in relation to individual, covered
applications to allow data users, in the aggregate, to ascertain
lending patterns at the institution or community levels. The data meets
the final rule's purposes if it is accurate at the time the data are
collected. Identifying changes in ownership over time will also further
the business and community development and fair lending purposes of
section 1071.
Some commenters suggested that the number of principal owners data
point should not be required under the final rule because similar
information is collected in other contexts. However, the definition of
principal owner under Sec. 1002.102(o) has been specifically tailored
by the Bureau to meet the purposes of section 1071. Information about
differently defined owners under different regulatory regimes, reported
to other regulatory authorities, does not facilitate section 1071's
purposes of fair lending enforcement and identification of business and
community
[[Page 35376]]
development needs and opportunities, nor could such data be matched to
a particular covered application reported under section 1071.
With respect to commenters' arguments that the additional burden
and costs that would result from the number of principal owners data
point warrant its removal from the final rule, the Bureau notes first
that commenters did not identify any specific costs or burdens with
reporting the number of principal owners data point in particular, as
much as concern about the costs and burden of reporting data points
adopted pursuant to the Bureau's statutory authority in ECOA section
704B(e)(2)(H) generally. The Bureau acknowledges that financial
institutions will experience some initial expenses and burden in
implementing new regulatory data collection requirements. However, the
Bureau understands that financial institutions already collect and
maintain information about the ownership of certain businesses under
FinCEN's customer due diligence rule. The Bureau does not believe that
there will be significant costs and burden associated with collecting
and reporting information about applicants' principal owners
specifically, as opposed to generally as part of a new data collection
regime. The Bureau considers the data points it is adopting pursuant to
section 704B(e)(2)(H)--including the number of an applicant's principal
owners and the corresponding costs and burden to implement their
collection--necessary to facilitate the purposes of section 1071.
The Bureau does not believe that a specific safe harbor is
necessary for reporting the number of an applicant's principal owners,
as urged by commenters. As provided in final comment 107(a)(20)-2
(proposed as comment 107(a)(21)-2), a financial institution is entitled
to rely on the statements provided by the applicant in collecting and
reporting the information provided by the applicant. As a result, any
such good faith reporting by a financial institution of the number of
an applicant's principal owners that the financial institution has no
reason to believe is inaccurate will not be a violation of the
regulation's requirements.
In response to commenters' concerns that information about an
applicant's number of principal owners may be used to identify
applicants, the Bureau will review the data received to complete the
full privacy analysis to determine the privacy risks associated with
the publication of the application-level data as discussed in part
VIII, below. The Bureau takes the privacy of such information seriously
and will be making appropriate modifications and deletions to any data
before making it public.
With respect to commenters' request that the Bureau clarify
financial institutions' obligation to determine the number of an
applicant's principal owners, the Bureau believes that the proposed
commentary is sufficiently clear and does not need to be revised. The
Bureau's intent in proposed comment 107(a)(21)-3 that a financial
institution report that the number of principal owners is ``not
provided by the applicant and is otherwise undetermined'' was to refer
to the possibility that a financial institution may not know the number
of the applicant's principal owners if, despite maintaining reasonably
designed procedures to obtain the information, the applicant does not
provide the information and the financial institution does not
otherwise verify such information. The Bureau has also revised comment
107(b)-1 to clarify what information may be used to verify information.
Given these other statements in the commentary, the Bureau does not
believe that further clarification of financial institutions'
obligation to determine the number of an applicant's principal owners
is necessary.
As explained in the section-by-section analysis of Sec.
1002.102(o), the Bureau has changed the definition of principal owner
to use the term ``individual'' instead of ``natural person'' for
comprehensibility reasons. Accordingly, the commentary for final Sec.
1002.107(a)(20) has likewise been updated to refer to individuals and
not natural persons.
To streamline the commentary, the Bureau has revised comment
107(a)(20)-1 (proposed as 107(a)(21)-1) to remove the first sentence as
to requesting the number of an applicant's principal owners from the
applicant or determining such information from other information, as
duplicative of content in comment 107(b)-1, which applies to the number
of principal owners data point. For similar reasons, it has removed the
last sentences of comments 107(a)(20)-1 and -2, regarding the use of
previously collected data and about verification, as straightforward
applications of final Sec. 1002.107(d) and (b), respectively, that
would not provide any new content. Otherwise, the Bureau is
substantially finalizing the commentary for Sec. 1002.107(a)(20) with
changes to reflect updated numbering for the data point and also
updating and adding cross-references to other parts of the final rule.
107(b) Reliance on and Verification of Applicant-Provided Data
Proposed Rule
ECOA section 704B(e)(1) provides that ``[e]ach financial
institution shall compile and maintain, in accordance with regulations
of the Bureau, a record of the information provided by any loan
applicant pursuant to a request under [section 704B(b)].'' \766\
Section 1071 does not impose any requirement for a financial
institution to verify the information provided by an applicant.
---------------------------------------------------------------------------
\766\ ECOA section 704B(e)(1).
---------------------------------------------------------------------------
During the SBREFA process, a number of small entity representatives
urged the Bureau to require collection and reporting of a number of
data points based only on information as provided by the
applicant.\767\ No small entity representatives stated that they
thought verification should be generally required. The industry
stakeholders who commented on this issue asked that the Bureau not
require verification of applicant-provided information. The Bureau did
not receive any comments on this issue from community group
stakeholders during the SBREFA process.
---------------------------------------------------------------------------
\767\ SBREFA Panel Report at 26.
---------------------------------------------------------------------------
The Bureau proposed in Sec. 1002.107(b) that unless otherwise
provided in subpart B, the financial institution would be able to rely
on statements of the applicant when compiling data unless it verified
the information provided, in which case it would be required to collect
and report the verified information. The Bureau believed that requiring
verification of collected data would greatly increase the operational
burden of the rule. Proposed comment 107(b)-1 would have explained that
a financial institution could rely on statements made by an applicant
(whether made in writing or orally) or information provided by an
applicant when compiling and reporting applicant-provided data; the
financial institution would not be required to verify those statements.
Proposed comment 107(b)-1 would have further explained, however, that
if the financial institution did verify applicant statements for its
own business purposes, such as statements relating to gross annual
revenue or time in business, the financial institution would report the
verified information. The comment would have gone on to explain that,
depending on the circumstances and the financial institution's
procedures, certain applicant-provided data could be
[[Page 35377]]
collected without a specific request from the applicant. For example,
gross annual revenue could have been collected from tax return
documents. In addition, the proposed comment would have made clear that
applicant-provided data are the data that are or could be provided by
the applicant, including those in proposed Sec. 1002.107(a)(5) through
(7), and (13) through (21).
The Bureau sought comment on its proposed approach to verification
of the 1071 data points, including the specific guidance that would
have been presented in comment 107(b)-1. The Bureau also sought comment
on whether financial institutions should be required to indicate
whether particular data points being reported have been verified or
not.
Comments Received
The Bureau received comments on this aspect of the proposal from
numerous lenders, trade associations, community groups, and a business
advocacy group. Several lenders and trade associations supported the
proposed provision, agreeing with the Bureau that requiring
verification of collected data would greatly increase the operational
burden of the rule. These commenters did not object to reporting
verified information when a financial institution verifies applicant
statements for its own business purposes. Several of these commenters
did, however, object to the possible inclusion of a provision requiring
financial institutions to flag whether or not they had verified
reported data, a question that the NPRM had sought comment on. Although
these commenters did not discuss reasons for objecting to the
verification flag, the context suggests that they were concerned about
the operational difficulty of carrying out such a provision.
Several banks and trade associations supported the ability to rely
on unverified applicant-provided data, but objected to the requirement
to report verified information when the financial institution verifies
applicant statements for its own business purposes. Some of these
commenters pointed out that verification may happen after the initial
application, different lenders have different methods of verification,
and updating the information for reporting would be operationally
difficult. One of these commenters stated that the verification may be
carried out by different staff using different platforms, and section
1071 does not mention verification. Other commenters suggested that the
term ``verification'' was not sufficiently clear, and sometimes a
financial institution would collect documents such as tax forms that
contain information that conflicts with applicant statements, for
example a different NAICS number, even though the financial institution
is not ``verifying'' that data point. Other commenters expressed
concern about how reporting information verified later would affect use
of the ``firewall.'' A group of trade associations stated that
collecting the verified information would provide little benefit and
the already difficult implementation of the rule would be made even
more onerous by this provision. In addition, one commenter stated that
the verification provision was similar to HMDA, which they considered
to be very onerous.
A community group and a women's business advocacy group suggested
that the final rule should require additional verification. The
community group stated that verification of a few key data points that
are generally verified by lenders now, such as gross annual revenue, or
that can be easily checked, such as the NAICS code, should be required.
A business association urged the Bureau to look into ways to verify
that the correct information is offered and reports are accurate.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(b) with additional language making clear that a financial
institution may rely on information from appropriate third-party
sources as well as the applicant, and other edits for clarity. Final
Sec. 1002.107(b) provides that unless otherwise provided in subpart B,
the financial institution may rely on information from the applicant,
or appropriate third-party sources, when compiling data. Section
1002.107(b) further states that if the financial institution verifies
applicant-provided data, however, it shall report the verified
information.
The Bureau is also finalizing associated comment 107(b)-1 with
phrasing edits similar to those in the regulation text, and revised and
additional cross-references to facilitate compliance. Final comment
107(b)-1 explains that a financial institution may rely on statements
made by an applicant (whether made in writing or orally) or information
provided by an applicant when compiling and reporting applicant-
provided data; the financial institution is not required to verify
those statements or that information. Comment 107(b)-1 further
explains, however, that if the financial institution does verify
applicant statements or information for its own business purposes, such
as statements relating to gross annual revenue or time in business, the
financial institution reports the verified information. The comment
also makes clear that when collecting certain applicant-provided data,
depending on the circumstances and the financial institution's
procedures, a financial institution may collect and rely on information
from appropriate third-party sources without requesting it from the
applicant. The comment then provides further guidance on collection and
verification of applicant-provided data, including a list of applicant-
provided data points. In order to facilitate compliance, final comment
107(b)-1 also adds references to two comments that explain restrictions
regarding verification of certain data points.
The Bureau believes that requiring verification of applicant-
provided data points would greatly increase the operational burden of
the rule, and that relying on applicant-provided data, whether directly
from the applicant or through appropriate third-party sources, will
ensure sufficient accuracy to carry out the purposes of section 1071.
As explained above, section 1071 does not speak to verification; rather
it refers only to compiling and maintaining a record of certain
information provided by an applicant. However, the Bureau believes that
requiring financial institutions to collect and report (for this final
rule) information that they have already verified will only add slight
operational difficulty, and will enhance the accuracy and usefulness of
the data, thereby furthering the purposes of section 1071. The Bureau
is implementing this requirement pursuant to its authority under ECOA
section 704B(g)(1) to prescribe rules in order to carry out, enforce,
and compile data pursuant to section 1071, and as an interpretation of
the statutory phrase ``compile and maintain'' in ECOA section
704B(e)(1). In the Bureau's view, the fact that the statute does not
use the specific word ``verification'' is not relevant to this issue
because the verification that the financial institution chooses to
carry out is a standard part of compiling and maintaining the
information provided by the applicant. The Bureau also believes that
this requirement will improve the quality and usefulness of the
resulting dataset, thereby furthering the purposes of section 1071.
In regard to the possibility of the final rule requiring financial
institutions to report whether or not certain data points have been
verified, the Bureau notes that no commenters expressed support for
this idea, while several opposed it.
[[Page 35378]]
The Bureau believes that such a requirement would impose considerable
operational difficulty, and it is not clear that any uses of this
information would justify the increased burden. Consequently, the final
rule does not include this provision.
As discussed above, several commenters suggested that verification
might occur at different times on different platforms and be carried
out by different personnel. Although credit processing is complex, the
Bureau anticipates that financial institutions will report data using
the applicant's whole credit file in order to provide accurate
information, as is done with HMDA. Although implementing the final rule
so that verified information can be reported will add operational
difficulty, such difficulty should be greatly reduced once the rule is
implemented and the gathering of data is standardized within the
financial institution. In addition, the fact that different financial
institutions have different processes should not cause a problem
because each financial institution can implement the rule to coordinate
with its own processes. As explained above, the Bureau believes that
requiring reporting of the verified information when the financial
institution verifies for its own purposes will benefit data users in
carrying out the purposes of section 1071 by enhancing the quality of
the data reported.
Several commenters were concerned about how the term
``verification'' would be interpreted in relation to unused information
in the credit file that might conflict with applicant-provided data.
The Bureau interprets the word ``verification'' to mean the intentional
act of determining the accuracy of information provided, in this case
for the purpose of processing and underwriting the credit applied for,
and potentially changing that information to reflect the determination.
Loan file information that may or may not be more accurate than
applicant-provided data and is not part of a financial institution's
verification of the file's applicant-provided data or used by the
institution in processing or underwriting the loan need not be
reported. For example, a financial institution that uses a tax form to
verify gross annual revenue, but does not consider or use the NAICS
information on the tax form, may continue to rely on the applicant-
provided NAICS information. However, if a financial institution
believes the tax form information to be more accurate and chooses to
report it instead of the applicant-provided data, it may do so.
The Bureau does not believe that requiring the reporting of data
that is later verified will interfere with the final rule's firewall
provision, which exists to protect against disclosure of protected
demographic information for which verification is not allowed. For
further discussion of the firewall provision see the section-by-section
analysis of Sec. 1002.108 below.
The Bureau does not believe it would be appropriate, as suggested
by some commenters, require financial institutions to verify applicant-
provided data when they do not already do so for their own business
purposes. As stated by several commenters and explained above,
requiring verification merely for the purpose of data collection would
impose significant operational difficulty and expense on reporters.
107(c) Time and Manner of Collection
Proposed Rule
Although the definition of ``application'' triggers a financial
institution's duty to collect 1071 data, the application definition
does not necessarily govern when that data must be collected. The
language and structure of section 1071--which applies to
``applications'' from ``applicants''--indicates that the data must be
collected sometime during the application process, but does not provide
further detail.\768\
---------------------------------------------------------------------------
\768\ See, e.g., ECOA section 704B(b) (``[I]n the case of any
application to a financial institution . . . .'') and 704B(c) (``Any
applicant . . . may refuse to provide any information requested . .
. .'') (emphases added)).
---------------------------------------------------------------------------
Proposed Sec. 1002.107(c)(1) would have required a covered
financial institution to maintain procedures to collect applicant-
provided data under proposed Sec. 1002.107(a) at a time and in a
manner that is reasonably designed to obtain a response. The Bureau
believed there would be benefits to providing a flexible approach
concerning when applicant-provided data must be collected during the
application process. Given the variety of application processes in the
small business lending space, the Bureau believed that requiring data
collection to occur within a narrow window could affect data quality
and disrupt financial institution practices. On the other hand, the
Bureau believed that safeguards would be necessary to ensure that
financial institutions are not evading or delaying their obligation to
collect data in a manner that detrimentally affects response rates.
Proposed comments 107(c)(1)-1 and -2 would have clarified the
meaning of financial institution ``procedures'' and would have
emphasized a financial institution's latitude to establish procedures
concerning the time and manner that it collects applicant-provided
data, provided that those procedures are reasonably designed to collect
the applicant-provided data in proposed Sec. 1002.107(a). Proposed
comment 107(c)(1)-3 would have clarified what constitutes ``applicant-
provided data'' in proposed Sec. 1002.107(c)(1).
Proposed comment 107(c)(1)-4 would have provided additional
guidance on financial institutions' procedures that are reasonably
designed to obtain a response. Proposed comment 107(c)(1)-4 would have
provided that a financial institution shall assess on a periodic basis
whether its procedures are reasonably designed. Proposed comment
107(c)(1)-4 would have explained that one way a financial institution
may be able to assess whether its procedures are reasonably designed
would be, once 1071 data are made publicly available, to compare its
response rate with similarly situated financial institutions (for
example, those that offer similar products, use a similar lending
model, or are of a similar size).
Proposed comments 107(c)(1)-5 and -6 would have provided examples
of procedures that generally are and are not reasonably designed to
obtain a response. Proposed comment 107(c)(1)-5 would have provided
that, although a fact-based determination, a procedure reasonably
designed to obtain a response is one in which a financial institution
requests applicant-provided data at the time of a covered application;
the earlier a financial institution seeks to collect applicant-provided
information, the more likely the timing of collection is reasonably
designed to obtain an applicant response. Conversely, proposed comment
107(c)(1)-6 would have provided that, as a general matter, a procedure
is not reasonably designed to obtain a response if a financial
institution requests applicant-provided data simultaneous with or after
notifying an applicant of action taken on the covered application.
Proposed comment 107(c)(1)-6 would have provided that depending on the
particular facts, however, these procedures may be reasonably designed
to obtain a response; for example, if the financial institution has
evidence or a reason to believe that under its procedures the response
rate would be similar to or better than other alternatives.
Proposed comment 107(c)(1)-7 would have explained that a financial
institution reports updated applicant-provided data if it obtains more
current
[[Page 35379]]
data during the application process. Proposed comment 107(c)(1)-8 would
have provided guidance in the event a financial institution changes its
determination regarding an applicant's status as a small business.
The Bureau sought comment on proposed Sec. 1002.107(c)(1) and
associated commentary.
Comments Received
The Bureau received comment on proposed Sec. 1002.107(c)(1) from a
number of lenders, trade associations, and community groups. Commenters
expressed a range of views.
General comments related to proposed Sec. 1002.107(c)(1). A number
of commenters, mainly from industry, supported the flexibility provided
in proposed Sec. 1002.107(c)(1), including provisions that would have
allowed financial institutions leeway to establish data collection
procedures that best fit within their processes and business models. A
CDFI lender emphasized that lenders have varying intake processes.
Similarly, a trade association noted that while it anticipates most
CDFIs will collect 1071 data as early in the application process as
possible, including at the time an application is triggered, lenders
should have flexibility to respond to market concerns. Trade
associations representing automobile dealers urged the need for
flexibility, for example, to accommodate the different methods by which
data is collected (online and in-person) and the different parties
involved in a credit transaction. A CDFI lender argued that the
application and timeline often depends on the applicant themselves,
further supporting the need for flexibility. A number of commenters
argued for flexible collection, pointing out that small business
lending, unlike mortgage lending, does not involve highly regimented
application procedures. Trade associations representing automobile
dealers further argued that flexibility would facilitate compliance
without diminishing the information reported.
Commenters representing community banks similarly stressed the need
for flexibility. A trade association asked the Bureau to provide
community banks with flexibility in how and when to collect 1071 data
during the lending process and latitude to determine what are
reasonable collection practices. The commenter emphasized the iterative
nature of small business lending, noting that the application process
can span weeks or months to complete. The commenter urged the Bureau to
avoid designating a prescriptive point in time when sufficient data has
been gathered to trigger reporting. They further stated that community
banks are good at satisfying regulatory requirements, do not need to be
second-guessed in how or when they accomplish data collection, and that
the Bureau should not be concerned about community banks' ability to
maintain data quality and completeness. Even with the proposed
flexibility, a community bank generally opposed proposed Sec.
1002.107(c)(1), stating that the requirements are similar to HMDA,
which are very onerous and unduly burdensome on small and mid-size
institutions.
Comments related to the reasonably designed standard. As described
above, proposed comments 107(c)(1)-4 through -6 would have provided
additional guidance and examples of reasonably designed procedures. The
Bureau received numerous comments concerning proposed comments
107(c)(1)-4 through -6 from a range of stakeholders.
The Bureau received a number of comments on its general approach in
proposed comments 107(c)(1)-4 through -6 to provide examples of
procedures that are and are not reasonably designed to obtain a
response. A CDFI lender and a trade association representing CDFIs
supported the proposed commentary and the description of ``reasonably
designed'' procedures for collecting applicant-provided data. The trade
association noted that the examples were helpful to identify what
lenders should avoid and agreed that it is important to have safeguards
to ensure the data are collected in a manner reasonably designed to
obtain a response.
In contrast, other commenters argued that proposed Sec.
1002.107(c)(1) and associated commentary are ambiguous or incomplete
and urged the Bureau to provide further guidance. A trade association
representing online small business lenders expressed concern that
financial institutions would have increased compliance costs to avoid
unintentional non-compliance. For example, financial institutions may
believe they are required to compare response rates at different parts
of the loan application cycle, compare results similar to an A/B
testing scheme, or otherwise consistently seek to ascertain the best
ways to obtain 1071 applicant-provided data. The commenter suggested
the Bureau provide additional guidance so that financial institutions
can ensure they meet the reasonableness standard. Another commenter
similarly requested that the Bureau provide more guidance on the
reasonableness standard, and in particular clarify that financial
institutions have flexibility to design self-assessment methods best
suited to their products, processes, and business models.
Among the proposed examples of reasonably designed procedures, the
Bureau received the most comments related to the timing of collection.
The comments spanned a range of positions, with some commenters
advocating for a more restricted time period for collection of
applicant-provided data while other commenters sought a more flexible
approach. For example, some community groups argued that financial
institutions should be required to collect applicant-provided data at
the time of a covered application. One of these commenters said that
requiring collection at the time of application would increase the
likelihood of successfully receiving the requested information, and
that the benefits of early collection outweigh the costs. Another
commenter similarly asserted that collection at the time of a covered
application would maximize responses and urged the Bureau to make it a
requirement, rather than merely a suggestion, as set forth in the
proposal. A credit union also said that if a customer does not provide
1071 data with an application, it will be challenging for a financial
institution to accurately collect and report the required data.
In contrast, a number of industry commenters took issue with
proposed comment 107(c)(1)-6, which would have provided that collection
of applicant-provided data simultaneous with or after notifying an
applicant of action taken is generally not reasonably designed to
obtain a response. Many of these commenters argued that financial
institutions should have flexibility to collect applicant-provided data
after decisioning an application. A few commenters went further,
arguing that collection should be permitted or required to occur after
finalizing credit documents, after a credit decision is made, or during
closing. One commenter stated that although the proposed rule asserts
to provide flexibility for financial institutions, proposed comments
107(c)(1)-5.i and -6.i (identifying procedures concerning the timing of
collection of applicant-provided data that generally would and would
not be reasonably designed to obtain a response) claw back that
flexibility by expressing a clear preference that would discourage
financial institutions from collecting 1071 data at any time except
early in the application process. The commenter suggested the Bureau
instead clarify that a financial institution has flexibility to
[[Page 35380]]
sequence collection at a time it determines is reasonable for its
business and products, subject to the self-assessment process
articulated in proposed 107(c)(1)-4.
Commenters advanced several arguments for why financial
institutions should be permitted to collect applicant-provided data
after a credit decision is made on a covered application. First, a
couple of commenters stated that it would minimize friction during the
application process; they asserted that mandating 1071 data collection
while the application is pending would frustrate the application
process, create additional obstacles, and increase the likelihood of
abandoned applications. Several technology providers and a trade
association representing technology providers said that the application
process is already lengthy enough given existing legal and underwriting
requirements. The commenters further stated that the streamlined and
user-friendly application experience that technology companies have
sought to establish would be further frustrated if 1071 data is
required to be collected early in the application process. Some of the
commenters argued that sequencing of 1071 data collection involves a
tradeoff between getting small businesses to respond to 1071 data
requests and getting small businesses to apply for credit at all.
Another trade association similarly emphasized the need for
flexibility, particularly for fast-paced processes that render a
decision in minutes.
Several of the commenters argued that collection of applicant-
provided data early in the process could cause an applicant to believe
that such information would be considered as part of the credit
decision, therefore potentially discouraging an applicant from applying
for credit. A group of technology providers stated that collection of
demographic information before a credit decision is made may invite the
perception of bias in the application process, especially if an
applicant is later denied credit. The commenters cited a Federal
Reserve Banks survey, which they stated showed that minority-owned
businesses were more likely than white-owned businesses to report that
they did not apply for financing because they either believed they
would be turned down or found the application process too difficult or
confusing.\769\ The commenters argued that requiring collection of
applicant-provided data before a credit decision is made would
exacerbate identified concerns of discouragement and undermine the
purposes of section 1071. Similarly, a couple commenters expressed
concerns about discouragement if demographic information is collected
early in the application process. Two CDFI lenders stated that they had
received feedback from applicants that providing demographic data early
in the application process felt intrusive and raised concerns for the
applicant that their responses would negatively affect their
application. As a result, one said that it had moved collection of
demographic information from the loan application stage to the loan
closing stage.
---------------------------------------------------------------------------
\769\ Citing Fed. Rsrv. Bank of Atlanta et al., Small Business
Credit Survey: 2021 Report on Firms Owned by People of Color, at 25
(Apr. 15, 2021), https://www.fedsmallbusiness.org/survey/2021/2021-report-on-firms-owned-by-people-of-color.
---------------------------------------------------------------------------
A couple of commenters challenged the Bureau's assertion that
applicants will be less likely to respond to requests for the action
taken. One commenter noted that the proposed rule improperly places the
burden on the financial institution that wants to collect 1071 data
after action is taken on an application to show that response rates
would be similar to or better than alternative collection methods.
Another asserted that Paycheck Protection Program data demonstrate that
applicants are less likely to answer a question about their race on a
credit application. A trade association representing equipment and
leasing finance companies similarly asserted that post-decision
collection would improve response rates.
Commenters advanced several other arguments for why applicant-
provided collection should be permitted or required to occur after
decisioning an application. A trade association representing equipment
and leasing finance companies predicted that collecting applicant-
provided data with the credit application would lead applicants to
provide little information given the speed of the transaction, which is
often completed in minutes. The commenter also asserted that the person
initially completing the application is often not the business owner or
familiar with the owner, and so would lack the requisite knowledge to
provide certain 1071-required information. If, on the other hand, the
financial institution can follow-up electronically or through other
means with the business, the commenter asserted that the request could
be directed to the person in the best position to provide the
information. The commenter further stated that collecting 1071 data
during the application stage would be particularly problematic for
vendor finance transactions because the vendor collecting application
information has no regulatory requirement to do so, and so would
unlikely take the time to gather the required information. Another
commenter asserted that post-decision collection would also ensure that
underwriters would not have access to an applicant's responses related
to ethnicity, race, and sex. The commenter asserted that financial
institutions could ensure data is collected by making it part of the
closing procedures for approved loans and as part of remediation
efforts for non-approved loans.
In addition to seeking comment related to the timing of collection,
the Bureau sought comment on proposed Sec. 1002.107(c)(1) and
associated proposed commentary generally, including on the other
examples in proposed comments 107(c)(1)-5 and -6 of procedures that
generally would and would not be reasonably designed to obtain a
response. The Bureau further asked commenters whether it would be
useful to provide additional examples. In response, commenters raised a
number of issues related to the commentary on reasonably designed
procedures in proposed comments 107(c)(1)-4 through -6.
Several commenters weighed in on the provision in proposed comment
107(c)(1)-4 that financial institutions shall ``reassess on a periodic
basis'' whether its procedures are reasonably designed to obtain a
response. One commenter stated that it would be appropriate for
financial institutions to conduct periodic reassessments of their
collection procedures, but urged that procedures should not need to be
reexamined more frequently than once every three years. The commenter
suggested an additional safeguard would be to encourage consistent
collection across individual institutions and small business lending
sectors. Another commenter urged the Bureau to provide greater clarity
on how frequent ``periodic'' testing must occur so that financial
institutions can allocate resources accordingly, and encouraged the
Bureau to take into account different products and resources among
financial institutions. A business advocacy group urged the Bureau not
to treat an applicant's decision to not to provide 1071 data as
evidence that a lender lacks reasonably designed procedures.
A couple of commenters provided feedback on the use of response
rates. A community group and a minority
[[Page 35381]]
business advocacy group asked the Bureau to reconsider guidance in
proposed comment 107(c)(1)-4 that a financial institution may assess
the reasonableness of its procedures by, for example, comparing its
response rate with similarly situated financial institutions. The
commenters argued that peers may also not be making a reasonable effort
to collect the data, and that it would be better to have a concrete
metric, for example, based on other data collection efforts with good
response rates.
A handful of commenters asked the Bureau to take other actions
related to proposed Sec. 1002.107(c)(1), including to provide
additional clarifications and guidance. First, a trade association
asked the Bureau to clarify that lenders need only request 1071-
required data once. Next, a group of trade associations asked for
clarification on proposed comment 107(c)(1)-7, which would have
provided that a financial institution reports updated applicant-
provided data if it obtains more current data during the application
process. The commenter said that the requirement to ``update''
information is ambiguous, and inquired whether a financial institution
would be required to update information if an applicant supplies
updated data without a request from the financial institution. The
commenter also asserted that it was unclear how proposed comment
107(c)(1)-7 relates to proposed Sec. 1002.107(b) related to the
reporting of verified information where obtained. A network of
financial institutions specializing in agricultural lending stated that
certain lenders use the information included in scoring models to
determine whether the applicant business is a ``small business,'' and
so would not be able to identify applications involving a small
business for which demographic information must be collected, until
after a credit decision is made. The commenter argued that because ECOA
and the Fair Credit Reporting Act require a timely decision be made and
communicated, it would be a direct conflict of the regulations to delay
communicating a credit decision to a customer solely to acquire data
for demographic reporting purposes.
Several commenters asked the Bureau to provide additional guidance
on the manner in which applicant-provided data can be collected,
including disclosures and sample forms for collection. A CDFI lender
asked the Bureau to share best practices on disclosures or assurances a
lender can provide applicants when collecting demographic information
to allay concerns about how the data will be used. A community bank and
a community group urged the Bureau to provide a data collection form
for financial institutions to use when collecting 1071 data from
applicants. The community bank asserted that use of a data collection
form would increase borrower response rates, as demonstrated by
Paycheck Protection Program statistics. The commenter also argued that
absent a uniform CFPB-issued form, collection will be flawed and the
data useless. A community group stated that the Bureau may want to
create a sample application form with all required data elements in
order to facilitate data collection. Finally, a bank and a trade
association urged the Bureau to expressly permit covered financial
institutions to collect required data from applicants through a variety
of means, including on an application form, on supplemental documents
or forms, or on the proposed sample data collection form. The
commenters stated that certain applicant-provided data points, such as
number of workers, time in business, and NAICS code, are not on the
sample data collection form. The commenters stated that except for data
points required to be collected on the sample data collection form and
kept separate, financial institutions should be permitted to collect
the other data points through various means or forms.
Comments requesting special treatment for particular transactions
or financial institutions. Several commenters urged the Bureau exempt
particular types of transactions or lenders from coverage under the
rule, primarily due to concerns about the specific characteristics of
these application processes and the particular difficulty of collecting
demographic information in light of these characteristics.\770\ As
discussed in the NPRM, the proposed rule would not have made any
exceptions concerning the time and manner of collecting 1071 data for
point of sale transactions.\771\ In response to the Bureau's request
for comment on point of sale transactions, two trade association
commenters and a community group stated that such transactions should
be provided special treatment or exceptions. The two trade
associations, one representing industry and another representing
retailers, opposed rule coverage for private label applications,
focusing particularly on point of sale transactions. One stated that
credit applications are taken at the point of sale or at a customer
service desk using interview-style or interactive processes. The
commenters asserted that customers would feel uncomfortable answering
questions related to their race, sex, and ethnicity in such a public
place, without the necessary privacy accommodations. They also argued
that collecting applicant-provided data would significantly lengthen
the application process, frustrating retailers' focus on speed,
efficiency, and limiting time spent in the checkout line. The
commenters further asserted that requiring 1071 data collection at the
point of sale would impede the availability of commercial credit
applications in-store, both because businesses would not want to apply
for credit and because retailers would no longer offer in-store private
label credit. One also argued that point of sale transaction data would
be of reduced data quality: the data may be collected from persons who
are not the principal owners of a business and may therefor lack the
relevant knowledge, the environment is not conducive to collecting
detailed information, and the data would reflect the retailer's, rather
than a financial institution's, clientele. The commenter also said that
retail staff are unable to manage sensitive demographic information and
that retailers will not appreciate allegations of discrimination if an
application is left pending or denied. A few commenters suggested that
if the Bureau were to include private label or co-branded transactions
(which often occur as point of sale transactions) in the final rule, it
should exempt transactions under $50,000 to mitigate the impact of
inclusion and provide consistency with FinCEN's customer due diligence
rule. Similarly, a trade association stated that if point of sale
transactions are included, credit lines below $50,000 should be
excepted from the requirement to obtain demographic information.
---------------------------------------------------------------------------
\770\ See also the section-by-section analysis of Sec. 1002.104
(covered credit transactions) concerning additional comments related
to private-label credit and insurance premium finance transactions,
and the section-by-section analysis of Sec. 1002.105 (covered
financial institutions and exempt institutions) concerning indirect
lending.
\771\ 86 FR 56356, 56487-88 (Oct. 8, 2021).
---------------------------------------------------------------------------
In contrast, a community group urged the Bureau not to provide
special treatment for point of sale transactions, arguing that point of
sale transactions should follow a similar procedure as other covered
transactions. The commenter voiced agreement for the Bureau's
suggestion in the proposed rule that retail stores can use the sample
data collection form (printed or online) for point of sale
transactions.
Next, a trade association representing insurance premium finance
lenders and insurance agents and brokers similarly argued that the
Bureau's rule should not apply to insurance premium finance
[[Page 35382]]
lenders, asserting that such lenders cannot collect 1071 data until
after funding. Comments regarding insurance premium finance are
discussed in the section-by-section analysis of Sec. 1002.104(b)(3).
Finally, one trade association argued for the exemption of captive
vehicle finance lenders, based in part on concerns about the collection
of small business lending data. The commenter argued that because
indirect lenders do not interact with the applicant, they cannot gather
certain data required by section 1071, and therefore the motor vehicle
dealer would be the only party capable of requesting the applicant's
protected demographic information. However, the commenter asserted, the
dealer is outside the CFPB's authority and is currently prohibited by
ECOA from gathering this information. The commenter stated that the
proposal would put pressure on dealers to collect otherwise protected
information. The commenter further noted that the employee acquiring
the vehicle may not be familiar with the requested data, such as total
revenue or ownership structure. In addition, the commenter voiced
concerns about purportedly having to collect data at each stage of the
process, potentially by multiple covered financial institutions. The
commenter argued that requiring collection of 1071 data (such as
ethnicity, race, and sex information) at multiple points in the process
would be unnecessary, costly, and duplicative, and could expose
financial institutions to liability.
Final Rule--Overview of Final Sec. 1002.107(c)
For the reasons set forth below, the Bureau is finalizing Sec.
1002.107(c)(1) to require a covered financial institution to not
discourage an applicant from responding to requests for applicant-
provided data under final Sec. 1002.107(a) and to otherwise maintain
procedures to collect such data at a time and in a manner that are
reasonably designed to obtain a response. The Bureau is adopting new
Sec. 1002.107(c)(2) to identify certain minimum components when
collecting data directly from the applicant that must be included
within a financial institution's procedures to ensure they are
reasonably designed to obtain a response. The Bureau is also adopting
new Sec. 1002.107(c)(3) to provide the additional safeguard that a
covered financial institution must maintain procedures to identify and
respond to indicia that it may be discouraging applicants from
responding to requests for applicant-provided data, including low
response rates for applicant-provided data. Finally, new Sec.
1002.107(c)(4) provides that low response rates for applicant-provided
data may indicate that a financial institution is discouraging
applicants from responding to requests for applicant-provided data or
otherwise failing to maintain procedures to collect applicant-provided
data that are reasonably designed to obtain a response. The Bureau is
finalizing Sec. 1002.107(c) pursuant to its authority in ECOA section
704B(g)(1) to prescribe such rules and issue such guidance as may be
necessary to carry out, enforce, and compile data pursuant to section
1071. For the reasons discussed below, final Sec. 1002.107(c) is
necessary to collect 1071 data from applicants and prevent financial
institutions from discouraging or influencing an applicant's response.
Final Sec. 1002.107(c) seeks to provide a balance between
flexibility and ensuring data collection occurs without discouragement
and otherwise in a time and manner likely to generate a robust
response. On the one hand, the Bureau believes there are benefits to
preserving some flexibility concerning the time and manner in which
applicant-provided data are collected. As noted by a number of
commenters, there are benefits to providing a flexible approach given
the variety of application processes in the small business lending
space. The Bureau believes that financial institutions may need
latitude to adjust data collection practices to fit within their own
processes and business models; requiring data collection at a single
point in time, or only through a particular method, may affect data
quality and disrupt financial institutions' practices.
On the other hand, the Bureau believes that collection of
applicant-provided data is essential to fulfilling the purposes of
section 1071. The Bureau therefore believes that substantial safeguards
are necessary to ensure that financial institutions do not discourage
applicants from responding to requests for applicant-provided data or
otherwise evade or delay their obligation to collect 1071 data in a
manner that detrimentally affects response rates.
The Bureau is also implementing revisions to final Sec.
1002.107(c) to provide additional clarity to covered financial
institutions concerning the reasonably designed standard and minimum
requirements. These changes are responsive to feedback from commenters
that proposed 1002.107(c)(1) and associated commentary would have been
ambiguous and potentially inconsistent, and requesting further clarity
and guidance. The revisions to final Sec. 1002.107(c) and responses to
commenter feedback are discussed in depth below.
Final Rule--Sec. 1002.107(c)(1) in General
Final Sec. 1002.107(c)(1) requires a covered financial institution
to not discourage applicants from responding to requests for applicant-
provided data under Sec. 1002.107(a) and to otherwise maintain
procedures to collect such data at a time and in a manner that are
reasonably designed to obtain a response. As discussed above, the
Bureau believes this general standard provides flexibility to
accommodate various small business lending models while also imposing a
general duty to maintain procedures concerning the collection of
applicant-provided data that are reasonably designed to obtain a
response, including not discouraging applicant responses. In general,
reasonably designed procedures will seek to maximize collection of
applicant-provided data and minimize missing or erroneous data, and
procedures cannot be reasonably designed if they permit financial
institutions to engage in conduct that discourages applicants from
responding to requests for applicant-provided data. While the Bureau
believes that reasonably designed procedures to collect applicant-
provided data inherently must not discourage applicants from
responding, in response to comments seeking additional clarity on the
Bureau's understanding of reasonably designed procedures, the Bureau is
now clearly articulating the prohibition against discouragement.
Comments 107(c)(1)-1 and -3 are finalized with minor revisions for
clarity and consistency. Final comment 107(c)(1)-2 is revised to affirm
a financial institution's flexibility to establish procedures
concerning the time and manner that it collects applicant-provided
data, provided that its procedures otherwise meet the requirements of
final Sec. 1002.107(c).
New comment 107(c)(1)-4 (part of which was proposed as part of
comment 107(c)(1)-3) clarifies that applicant-provided data can be
obtained without a direct request to the applicant and can be based on
other information provided by the applicant or through appropriate
third-party sources.
The Bureau is revising comment 107(c)(1)-5 (proposed as comment
107(c)(1)-7) to clarify that a financial institution reports updated
data if it obtains more current data from the applicant during the
application process. In response to a commenter's
[[Page 35383]]
request for additional guidance on whether a financial institution must
update data if the applicant provides the information without a request
from the financial institution, the Bureau notes that final comment
107(c)(1)-5 requires a financial institution to report data updated by
the applicant regardless of whether the financial institution solicits
the information. The commenter also asked how proposed comment
107(c)(1)-7 differs from proposed Sec. 1002.107(b), which would have
permitted a financial institution to rely on statements of the
applicant when compiling data, unless verified information was
available. Both final comment 107(c)(1)-5 and final Sec. 1002.107(b)
require reporting of updated information where available; the former is
focused on data provided by the applicant, while the latter is focused
on data verified by the financial institution. Thus, no matter the
source, a financial institution should report updated data where
available. To the extent a financial institution receives updates from
the applicant on data the financial institution has already verified,
final comment 107(c)(1)-5 is revised to clarify that a financial
institution reports the information it believes to be more accurate, in
its discretion.
Final Rule--Sec. 1002.107(c)(2) Applicant-Provided Data Collected
Directly From the Applicant
The Bureau is adopting new Sec. 1002.107(c)(2), which provides
that for data collected directly from the applicant, procedures that
are reasonably designed to obtain a response must include four specific
components, which are further described below. The Bureau is adopting
new Sec. 1002.107(c)(2) to provide financial institutions additional
clarity on minimum criteria the Bureau believes are necessary for a
financial institution's procedures to be ``reasonably designed'' to
obtain a response. Although proposed comments 107(c)(1)-4 through -6
would have provided examples of procedures that generally were and were
not reasonably designed, as discussed above, the Bureau received
feedback that proposed Sec. 1002.107(c)(1) and associated comments
would have been ambiguous, been incomplete, or increased compliance
burdens on financial institutions seeking to avoid unintentional non-
compliance. The Bureau also believes that greater clarity will increase
compliance and help ensure financial institutions put such safeguards
into place.
New comment 107(c)(2)-1 provides general guidance on what are
reasonably designed procedures and the minimum criteria required under
final Sec. 1002.107(c)(2). Comment 107(c)(2)-1 clarifies that whether
a financial institution's procedures are reasonably designed is a fact-
based determination that may depend on a number of factors, and that
procedures that are reasonably designed to obtain a response may
therefore require additional provisions beyond the minimum criteria set
forth in Sec. 1002.107(c)(2). In general, reasonably designed
procedures will seek to maximize collection of applicant-provided data
and minimize missing or erroneous data.
The specific components that must be included within a financial
institution's procedures pursuant to final Sec. 1002.107(c)(2) are
each discussed in turn below.
Provisions primarily related to the timing of collection. The
Bureau is adopting new Sec. 1002.107(c)(2)(i), which requires covered
financial institutions to maintain procedures that provide for the
initial request for applicant-provided data to occur prior to notifying
an applicant of final action taken on a covered application. The Bureau
believes this requirement strikes the right balance between providing
financial institutions some flexibility to time the initial collection
of applicant-provided data at a point that works for their business
models, while also putting in place a guardrail to ensure that
applicant-provided data is not collected so late in the process that it
jeopardizes the likelihood of receiving a response from an applicant.
Unlike proposed Sec. 1002.107(c)(1), which did not set forth any
concrete timing deadlines for the collection of applicant-provided
data, final Sec. 1002.107(c)(2)(i) requires financial institutions to
initially seek to collect applicant-provided data, at the latest,
before notifying the applicant of final action taken on a covered
application. The Bureau is adopting this revision for several reasons,
described below.
Foremost among them, the Bureau believes that initial attempts to
collect applicant-provided data after notifying an applicant of action
taken on an application--particularly if the action taken is a denial--
are likely to result in higher rates of missing data. This view is
unchanged from the Bureau's initial position at the NPRM stage, which
similarly encouraged collection early in the process and before
notifying the applicant of action taken on the application.\772\ Not
only will late collections miss withdrawn or incomplete applications--
information about which is essential to the purposes of section 1071--
but it will also likely jeopardize the probability of responses from
declined applicants. Unlike originated applications, which have
continuous touch points between an applicant and a lender, the Bureau
believes it is highly unlikely that an applicant will continue to
engage in any information gathering process after being denied a
request for credit. Significantly, no commenter provided a viable
solution for ensuring collection of 1071 data after an application is
denied.
---------------------------------------------------------------------------
\772\ As discussed above, proposed comment 107(c)(1)-5 would
have provided that although a fact-based determination, a procedure
reasonably designed to obtain a response is one in which a financial
institution requests applicant-provided data at the time of a
covered application. Conversely, proposed comment 107(c)(1)-6 would
have provided that a procedure is generally not reasonably designed
to obtain a response if a financial institution requests applicant-
provided data simultaneous with or after notifying an applicant of
action taken on the covered application.
---------------------------------------------------------------------------
Next, final Sec. 1002.107(c)(2)(i) provides a bright line point in
the application process before which financial institutions must
initially seek to collect applicant-provided data, therefore responding
to certain commenter feedback that the proposed standard would be
ambiguous. As noted by one commenter, although the proposal asserted to
provide flexibility for financial institutions to collect applicant-
provided data at any point during the application process, so long as
the procedures are reasonably designed, the proposed commentary clawed
back that flexibility by expressing a clear preference for collection
before notifying an applicant of the outcome of its application. The
Bureau agrees this fluid framing may cause confusion, and believes
providing a defined time frame early enough in the process when
applicant-provided data must be collected will assist financial
institutions with compliance.
Finally, other changes in the final rule counsel in favor of
adopting a more concrete timing standard for the collection of
applicant-provided data. Unlike the proposal, which would have included
a requirement in certain circumstances for financial institutions to
collect information about an applicant's ethnicity and race based on
visual observation and/or surname analysis if the applicant did not
itself provide such information, as discussed in the section-by-section
analysis of Sec. 1002.107(a)(19) above, the final rule does not
include such a requirement. As
[[Page 35384]]
a result, financial institutions might be less motivated to obtain
demographic information early enough in the process, when the applicant
is still actively engaged and more likely to respond to data requests.
As described above, some commenters urged the Bureau to tighten the
timing requirement to require collection in a narrow timeframe, while
others asked the Bureau to expand the timing requirement to widely
permit collection even after notifying an applicant of action taken on
a covered application. The Bureau is not adopting either approach.
Although the Bureau agrees with commenters who argued that collection
at the time of a covered application will likely increase applicant
responses rates in most instances, given the fluid and heterogenous
nature of small business lending, the Bureau believes designating a
narrow time-frame may be overly restrictive.
On the other hand, the Bureau is also not permitting financial
institutions to attempt the initial collection of applicant-provided
data after notifying an applicant of action taken on an application.
Industry commenters' principal argument was that collection of
sensitive applicant-provided data before decisioning an application
could lead to discouragement: applicants may be concerned that the
information will be used against them in the credit decision and thus
will either not provide the information or not proceed with the credit
transaction altogether. Industry commenters also raised the concern
that financial institutions could be accused of bias if an applicant is
ultimately denied credit after providing protected demographic
information.
The Bureau does not believe that early collection will discourage
applicants from disclosing certain demographic information and does not
believe this concern expressed by commenters outweighs the benefits of
early data collection. Initially, concerns of discouragement may be
mitigated by the mandatory disclosure language set forth in final
comments 107(a)(18)-3 and 107(a)(19)-3, and included on the sample data
collection form in appendix E, which explains to applicants the reason
the information is being collected and that the information cannot be
used to discriminate against the applicant. If, however, an applicant
remains concerned about providing applicant demographic information,
the applicant can always choose to not provide any requested
information (e.g., by selecting ``I do not wish to provide this
information'' or similar for any of the demographic information
inquiries). As set forth in final comments 107(a)(18)-1 and 107(a)(19)-
1, a financial institution must permit an applicant to refuse or
decline to answer inquiries regarding the applicant's protected
demographic information and must inform the applicant that the
applicant is not required to provide the information. These protections
ensure that any applicant who does not feel comfortable providing a
response to the demographic inquiries, is not required to do so.
Similarly, the Bureau does not believe that requiring an initial
collection attempt before notifying an applicant of action taken will
result in fewer applicants voluntarily providing certain demographic
information. The Bureau notes that financial institutions regularly
collect, at the time of application, demographic information required
by Regulation C without issue. Although certain commenters cited to the
Paycheck Protection Program as evidence that the collection of
demographic information at the time of application results in low
response rates, the demographic response rates for Regulation C are
significantly higher than for the Paycheck Protection Program, with
only 14.3 and 14.7 percent of HMDA respondents not providing a response
for race and ethnicity, respectively.\773\ Thus, the lower response
rate for Paycheck Protection Program applicants is likely due to
independent factors. Moreover, to the extent that a financial
institution believes that applicants may be reluctant to provide
demographic data before an application is decisioned, new Sec.
1002.107(c)(2)(i) only requires a financial institution to make an
initial collection attempt before notifying an applicant of action
taken; nothing prevents a financial institution from making another
attempt to collect data required by this rule after the application is
decisioned.
---------------------------------------------------------------------------
\773\ See 86 FR 56356, 56483 (Oct. 8, 2021) (noting that
demographic response rates in the SBA's Paycheck Protection Program
data are ``much lower when compared to ethnicity, race, and sex
response rates in HMDA data. For instance, roughly 71 percent of
respondents in the [Paycheck Protection Program] data did not
provide a response for race, compared to only 14.7 percent in the
HMDA data. Roughly 66 percent of respondents in the [Paycheck
Protection Program] data did not provide a response for ethnicity,
compared to only 14.3 percent in the HMDA data.'') (citing Small
Bus. Admin., Paycheck Protection Program Weekly Reports 2021,
Version 11, at 9 (effective Apr. 5, 2021), https://www.sba.gov/sites/default/files/2021-04/PPP_Report_Public_210404-508.pdf.
---------------------------------------------------------------------------
Ultimately, any applicant reluctance to provide demographic (or
other applicant-provided data) pre-decision is not outweighed by the
commonsense conclusion that applicants will be unwilling and
unmotivated to provide information after being denied a request for
credit. After a denial, an applicant will have no independent reason to
continue discussions with the lender, much less respond to new requests
for information. In this respect, 1071 data collection is distinct from
current collection efforts by CDFIs that generally seek to collect
demographic information for originated loans, but not denied loans.
While CDFI commenters' practice of collecting demographic data at loan
closing may make sense for other regulatory regimes, it would not be
effective at capturing data on denied, incomplete, or withdrawn
applications.\774\ Although some commenters asserted that response
rates would be better if demographic information is collected post-
decision, significantly, none of the commenters were able to provide
persuasive evidence in support of their assertion, to rebut the belief
that applicants are unlikely to respond to information requests once
they are no longer involved in the application process, or to offer a
workable solution to ensure robust data collection post-decision. While
one commenter suggested that financial institutions could collect
applicant-provided data ``as part of remediation efforts for non-
approved loans,'' the commenter provided no specifics as to what this
would entail, or how or why it would be effective.
---------------------------------------------------------------------------
\774\ See, e.g., 12 CFR 1805.803 (identifying data collection
and reporting requirements for the CDFI program, which provides that
a financial institution recipient shall ``compile data on gender,
race, ethnicity, national original, or other information on
individuals that utilize its products and services . . . .'')
(emphasis added).
---------------------------------------------------------------------------
Next, commenters stated that permitting post-decision collection
would minimize friction in the application process. These commenters
argued that streamlining the application process is of paramount
importance to their business, and any additional delay could frustrate
the application process and lead to abandoned applications. The Bureau
agrees that new Sec. 1002.107(c)(2)(i) may require financial
institutions to take some minimal additional steps during the
information gathering stage of the application process, but believes
that these additional minimal steps are necessary to fulfill the
purposes of section 1071 and should not impact meaningfully the rate of
abandoned applications. Moreover, as discussed in the section-by-
section analysis of Sec. 1002.107(d), the Bureau has provided
flexibilities for financial institutions to reuse some applicant-
provided data under certain circumstances, which may alleviate the
[[Page 35385]]
need for repeated collections. In response to an industry commenter's
argument that applicants are unlikely to respond to 1071 data requests
given the speed of certain application processes, the Bureau notes that
the applicant is less likely to respond if the data is requested post-
decision when the applicant is no longer engaged in the process at all.
Given the relatively limited time it would take to collect 1071 data,
the Bureau also rejects commenters' assertion that requesting 1071 data
will negatively impact whether a small business applies for credit at
all. No commenter provided persuasive evidence that applicants will
avoid seeking credit because of data collection under this rule.
Commenters raised a handful of additional arguments. In response to
a commenter's argument that the person initially completing the
application may not be the business owner or have the requisite
knowledge, the Bureau notes that new comment 107(c)(2)-2.v permits a
financial institution to follow-up with additional attempts to collect
the information through different means or at another time. Moreover,
given that approximately 82 percent of small businesses are non-
employer firms,\775\ the Bureau believes in most instances the
individual completing the form will have the relevant information.
---------------------------------------------------------------------------
\775\ White Paper at 8; see also U.S. Small Bus. Admin., Off. of
Advocacy, 2022 Small Business Profile, at 2 (2022), https://cdn.advocacy.sba.gov/wp-content/uploads/2022/08/30121338/Small-Business-Economic-Profile-US.pdf (identifying 33,185,550 small
businesses, of which 27,104,006 have no employees).
---------------------------------------------------------------------------
Next, in response to a comment that post-decision collection would
ensure underwriters do not have access to protected demographic
information, the Bureau agrees, but does not believe that such
considerations trump the importance of ensuring data are collected in
the first place. Indeed, the fact that ECOA section 704B(d)(2)
contemplates that underwriters and other employees involved in making a
credit determination may have access to applicant-provided data
demonstrates that Congress envisioned that financial institutions may
collect 1071 data before decisioning an application. In any event,
concerns about access to demographic information are adequately
addressed by the firewall provision in final Sec. 1002.108, as well as
the general prohibition from discriminating on a prohibited basis in
any aspect of a credit transaction in existing ECOA and Regulation B.
Finally, one commenter indirectly took issue with the requirement
to collect applicant-provided data in advance of notifying an applicant
of action taken by noting that certain lenders would use decision
scoring models to also determine whether the applicant is a ``small
business,'' such that demographic information could only be collected
after a decision is made on the application. Initially, the Bureau
notes that nothing prevents a financial institution from inquiring
whether the applicant is a ``small business,'' and if so, seeking
applicant-provided data before decisioning the covered application.
Indeed, as discussed in final comment 107(c)(2)-2.i, the earlier in the
application process the financial institution initially seeks to
collect applicant-provided data, the more likely the timing of
collection is reasonably designed to obtain a response. The Bureau also
does not agree that delaying communicating a credit decision to an
applicant in order to acquire demographic or other applicant-provided
data would violate ECOA and the Fair Credit Reporting Act. The Bureau
does not believe there is a conflict between the laws; any delay would
be minimal, would not affect the timeframes under existing Regulation B
to provide required notices when decisioning a credit application,\776\
and could be avoided by collecting applicant-provided data in advance,
as discussed above.\777\
---------------------------------------------------------------------------
\776\ Existing Regulation B Sec. 1002.19(a)(1) requires a
creditor to notify an applicant of action taken within 30 days after
receiving a completed application.
\777\ See Epic Sys. Corp. v. Lewis, 138 S. Ct. 1612, 1624 (2018)
(``When confronted with two Acts of Congress allegedly touching on
the same topic, this Court is not at `liberty to pick and choose
among congressional enactments' and must instead strive `to give
effect to both.' '' (citation omitted)).
---------------------------------------------------------------------------
For the reasons discussed above, including that collection
occurring post-final action would undermine the purposes of section
1071, the Bureau is requiring financial institutions to maintain
procedures to collect applicant-provided data before notifying the
applicant of final action on the application.\778\ The Bureau is also
adopting new comment 107(c)(2)-2.i, which provides additional guidance
concerning when financial institutions must initially seek to collect
1071 applicant-provided data. New comment 107(c)(2)-2.i clarifies that
Sec. 1002.107(c)(2) requires that under no circumstances may the
initial request for applicant-provided data occur simultaneous with or
after notifying an applicant of final action taken on a covered
application.\779\
---------------------------------------------------------------------------
\778\ Although final Sec. 1002.107(c)(2)(i) requires collection
before notifying an applicant of final action on an application, the
Bureau anticipates that in the vast majority of cases financial
institutions will also collect applicant-provided data before
decisioning an application. The Bureau is requiring collection based
on when an applicant is notified of final action on the application,
however, given the concerns noted above (particularly related to the
applicant's willingness to stay engaged) and because a financial
institution may have an easier time controlling when an applicant is
notified, versus when an application is decisioned.
\779\ Nor may a financial institution seek to evade Sec.
1002.107(c)(2)(i) by initially seeking to collect applicant-provided
data after it has signaled to the applicant that its application has
been decisioned and the likely outcome, even if the financial
institution has not yet formally notified the applicant of action
taken on the covered application. Such conduct would not constitute
procedures reasonably designed to obtain a response, as required
pursuant to Sec. 1002.107(c)(1).
---------------------------------------------------------------------------
Although new Sec. 1002.107(c)(2)(i) requires a financial
institution to make an initial collection attempt prior to notifying an
applicant of action taken, new comment 107(c)(2)-2.v clarifies that a
financial institution has latitude to make additional requests for
applicant-provided data, including after notifying the applicant of
action taken. In response to a trade association's request that the
Bureau clarify how many times a financial institution must request 1071
data, new comment 107(c)(2)-2.v clarifies that a financial institution
is permitted, but not required, to make more than one attempt to obtain
applicant-provided data if the applicant does not respond to an initial
request. For example, a financial institution may decide to make
multiple requests if it is concerned that applicants may not be as
forthcoming early in the process, if it has multiple opportunities to
request 1071 data that work well within its business processes, or as
another method to encourage greater applicant response.
Provisions primarily related to the manner of collection. New Sec.
1002.107(c)(2)(ii) through (iv) sets forth provisions that financial
institutions must incorporate into their procedures for collecting
applicant-provided data directly from the applicant to ensure that such
procedures are reasonably designed to obtain a response and do not
discourage a response. New Sec. 1002.107(c)(2)(ii) requires financial
institutions to maintain procedures that provide the request for
applicant-provided data is prominently displayed or presented. New
comment 107(c)(2)-2.ii provides further guidance on the requirement,
clarifying that a financial institution must ensure an applicant
actually sees, hears, or is otherwise presented with the request for
applicant-provided data, and that if the request is obscured or likely
to be overlooked or missed by the applicant, it is not reasonably
designed. For example, a financial institution
[[Page 35386]]
seeking to collect 1071 data in connection with a digital application
likely does not have reasonably designed procedures if it uses a
bypassable hyperlink for 1071 data collection while other data are
requested through click-through screens.
New Sec. 1002.107(c)(2)(iii) requires that the financial
institution's procedures must not have the effect of discouraging
applicants from responding to a request for applicant-provided data.
New comment 107(c)(2)-2.iii clarifies that a covered financial
institution that collects applicant-provided data in a time or manner
that directly or indirectly discourages or obstructs an applicant from
responding or providing a particular response violates the rule. The
comment also provides further guidance on procedures that may avoid the
effect of discouraging a response. For example, comment 107(c)(2)-
2.iii.B explains a covered financial institution avoids discouraging a
response by requiring an applicant to provide a response in order to
proceed with a covered application, including, as applicable, a
response of ``I do not wish to provide this information'' or similar.
While optional, requiring an applicant to provide a response,
particularly for the collection of demographic applicant information,
may be one of the most effective methods a financial institution can
use to maximize collection of such data.
The Bureau notes that other aspects of this final rule are
similarly directed at ensuring applicants are not discouraged from
providing a response. For example, in response to a commenter's request
that the Bureau provide potential disclosure language and sample
collection forms financial institutions can use with applicants to
allay concerns about how data will be used, the Bureau notes that the
final rule provides for such required disclosure language and a sample
disclosure form. For instance, final comments 107(a)(18)-4 and
107(a)(19)-4, concerning collection of applicant demographic
information, require financial institutions to inform the applicant
both that a financial institution cannot discriminate on the basis of
the applicant's responses to data collected pursuant to Sec.
1002.107(a)(18) and (19) and that Federal law requires them to ask for
an applicant's demographic information to help ensure that all small
business applicants for credit are treated fairly and that communities'
small business credit needs are being fulfilled. The Bureau believes
such explanations, which are included in the sample data collection
form in appendix E, are important to inform applicants why the request
is being made and to assure them that financial institutions may not
use the information collected for a discriminatory purpose.\780\
---------------------------------------------------------------------------
\780\ In response to a community group's suggestion that the
Bureau create a sample form with all required data elements, the
Bureau notes that, except for collection of certain demographic
information, many financial institutions already collect some or all
of the data required by this final rule, or may opt do so in a
myriad of ways. See the section-by-section analysis of appendix E
for further discussion of why the Bureau is not adopting sample or
model forms for the collection of other types of data required by
this rule.
---------------------------------------------------------------------------
Finally, new Sec. 1002.107(c)(2)(iv) requires that the financial
institution's procedures include provisions that ensure applicants can
easily respond to a request for applicant-provided data. New comment
107(c)(2)-2.iv provides additional guidance and examples of procedures
that would and would not make it easy for an applicant to provide a
response. The comment further clarifies that a financial institution
complies with Sec. 1002.107(c)(2)(iv) if it requests the applicant to
respond to inquiries made pursuant to Sec. 1002.107(a)(18) and (19)
through a reasonable method intended to keep the applicant's responses
discrete and protected from view. For example, if an applicant is
completing a paper application form, a financial institution may
request that the applicant return a paper data collection form
requesting demographic data in a sealed envelope provided by the
financial institution.
In response to a commenter's suggestion that the Bureau permit
financial institutions to collect applicant-provided data through a
variety of means, the Bureau notes that nothing requires a financial
institution to request applicant-provided data in a single format or
manner, and indeed new comment 107(c)(2)-2.iv expressly contemplates
that a financial institution may use multiple methods to collect
applicant-provided data.
Final Rule--Sec. 1002.107(c)(3) Procedures To Monitor Compliance
The Bureau is adopting new Sec. 1002.107(c)(3) to require that a
covered financial institution maintain procedures designed to identify
and respond to indicia of potential discouragement, including low
response rates for applicant-provided data. The Bureau is adopting new
Sec. 1002.107(c)(3) in order to provide greater clarity and safeguards
on the type of infrastructure financial institutions are expected to
have in place in order to ensure compliance with final Sec.
1002.107(c)(1) and (2). Although the Bureau anticipates that the
particular components of a financial institution's procedures will vary
from institution to institution, to provide regulatory clarity, new
comment 107(c)(3)-1 provides a list of procedures the Bureau generally
expects financial institutions will maintain in order to identify and
respond to indicia of potential discouragement.\781\
---------------------------------------------------------------------------
\781\ The Bureau acknowledges that financial institutions may
not have all the necessary data to conduct a robust peer analysis of
response rates until after 1071 data collection has been in effect
for some period of time, and that the availability and robustness of
a peer analysis will also depend on the extent to which 1071 data
are made publicly available. In the meantime, the Bureau still
expects financial institutions to monitor response rates internally
and in comparison to public data, as available.
---------------------------------------------------------------------------
In response to commenters' request for additional guidance on
proposed comment 107(c)(1)-4, which would have required financial
institutions to reassess on a periodic basis, based on available data,
whether its procedures are reasonably designed to obtain a response,
the Bureau notes that new Sec. 1002.107(c)(3) and comment 107(c)(3)-1
clarify the type of monitoring expected of financial institutions. In
response to a commenter's question about whether a financial
institution is permitted or required to engage in testing beyond peer
analysis, such as A/B testing or other methods, the Bureau notes that
nothing in the final rule requires a financial institution to do so.
While a financial institution is certainly free to experiment with
different procedures to see which are most effective for its business
model, a financial institution may typically comply with final Sec.
1002.107(c) by following the minimum factors and guidelines set forth
in final Sec. 1002.107(c)(1) through (3) and associated commentary. In
response to a commenter's request for further guidance on what
constitutes ``periodic'' peer testing, the Bureau notes initially that
the term ``periodic'' does not appear in new Sec. 1002.107(c)(3) or
its associated commentary. The Bureau does anticipate, however, regular
monitoring under new Sec. 1002.107(c)(3) in order to identify and
respond to indicia of potential discouragement. There is no designated
number or time frame for how often that monitoring must occur; rather,
the precise cadence and scope will vary depending on the financial
institution's procedures for collecting applicant-provided data, its
business model, and other relevant factors.
Final Rule--Sec. 1002.107(c)(4) Low Response Rates
The Bureau is adopting new Sec. 1002.107(c)(4) to provide that a
low
[[Page 35387]]
response rate for applicant-provided data may indicate discouragement
or other failure by a covered financial institution to maintain
procedures to collect applicant-provided data that are reasonably
designed to obtain a response. Similar to proposed comment 107(c)(1)-4,
which would have provided that a financial institution may compare its
response rate to peer institutions as a method to assess whether its
procedures are reasonably designed, final Sec. 1002.107(c)(4)
identifies the importance of response rates as a method to assess
whether a financial institution has reasonably designed procedures. The
Bureau anticipates that in many instances, a low response rate may
indicate a failure to comply with final Sec. 1002.107(c)(1) and (2).
The Bureau is adopting Sec. 1002.107(c)(4) in order to provide covered
financial institutions clarity on the type of information that may be
used to assess a financial institution's procedures.
The Bureau is adopting new comment 107(c)(4)-1 to provide further
guidance on how to assess response rates. The comment clarifies that
``response rate'' generally refers to whether the financial institution
has obtained some type of response to requests for applicant-provided
data (including, as applicable, a response from the applicant of ``I do
not wish to provide this information'' or similar). However,
significant irregularities in a particular response (for example, very
high rates of ``I do not wish to provide this information'' or similar)
may also indicate that a financial institution does not have reasonably
designed procedures. In particular, significant irregularities may
indicate the financial institution is somehow steering, improperly
interfering with, or otherwise discouraging or obstructing an
applicants' preferred response. New comment 107(c)(4)-1 further
clarifies that response rates may be measured, as appropriate, as
compared to financial institutions of a similar size, type, and/or
geographic reach, or other factors, as appropriate.
In response to commenters' concern that peer comparisons may not be
an effective method to assess the reasonableness of a financial
institution's procedures if all peers are not making reasonable
efforts, the Bureau agrees that peer comparisons alone are not
determinative. Comparing a financial institution's response rates to
its peers is just one possible indicator of whether a financial
institution has procedures reasonably designed to obtain a response.
Even if a financial institution maintains a response rate commensurate
with its peers, if all peers have low response rates overall or
maintain procedures not reasonably designed to obtain a response, the
financial institution may still violate Sec. 1002.107(c). The Bureau
does not believe it would be appropriate at this time, however, to set
a specific percentage or metric for response rates, as suggested by
some commenters, as the appropriate response rate may depend on a
number of factors, differ from institution to institution, and change
over time, for example, as financial institutions refine their
collection methods.
Requests for Special Treatment for Particular Types of Transactions or
Types of Financial Institutions
The Bureau is not adopting exceptions concerning the time and
manner of collection of demographic information for particular types of
transactions or by particular financial institutions, as requested by
some commenters. For the reasons described below, the Bureau believes
the same time and manner rules should apply across all covered credit
transactions and all covered financial institutions.
Initially, the Bureau believes that point of sale transactions
should follow the same rules as all covered credit transaction types,
and thus does not believe that an exemption for such transactions, as
suggested by some commenters, would be appropriate. The Bureau
understands that many (though not all) point of sale applications,
particularly those for smaller credit amounts or to purchase particular
goods in a store, are submitted on-site at the point of sale and
decisioned in real time. Many of the commenters' arguments for
exclusion of point of sale transactions were identical to the arguments
set forth by commenters above for why financial institutions should be
permitted to collect 1071 data after decisioning an application,
including arguments based on the speed and fast-paced nature of the
application process, that applicants would be discouraged from
responding or proceeding with the transaction, and that the person
completing the application may lack the requisite knowledge. For the
same reasons discussed above, the Bureau likewise does not believe that
an exemption would be appropriate for point of sale transactions.
In response to commenters' concerns that applicants will not feel
comfortable answering questions related to their ethnicity, race, and
sex in a public place, the Bureau believes that financial institutions
can develop procedures to accommodate collection in this setting,
including by using the sample collection form developed by the Bureau
(in paper or electronic format) or creating more private locations for
the collection of data in-store. The Bureau also does not believe that
specialized knowledge is necessary to collect these data, and believes
that retailers and their employees can collect and maintain data with
the necessary precautions to safeguard applicant information, as they
do with other sensitive data provided in connection with a credit
application. As to a commenter's argument that retailers will have
limited motivation to collect small business lending data, the Bureau
notes that a financial institution that retains a third party to offer
its financial products has significant control and responsibility over
how its products are offered, including the power and responsibility to
require third-party partners to seek to collect required data and
otherwise comply with applicable law. In response to a commenter's
argument that data collected on point of sale transactions will reflect
the retailer's, rather than the financial institution's, footprint, the
Bureau notes that a financial institution chooses its retail partners.
Finally, although some commenters asserted that the collection of 1071
data will deter applicants from seeking credit or retailers from
providing in-store private label credit, they provided no evidence to
support this claim.
Several commenters requested that if the Bureau includes point of
sale or similar transactions in the final rule, the Bureau should
nonetheless exempt such transactions under $50,000 or except such
transactions from the requirement to obtain demographic data. These
commenters stated that such an exemption would be consistent with
FinCEN's customer due diligence rule, which excludes from certain of
its requirements point of sale transactions to provide credit products
solely for the purchase of retail goods/services up to a limit of
$50,000. The Bureau is not adopting such an approach here, given the
different purposes and requirements of the customer due diligence rule
and section 1071. The purpose of FinCEN's rule is to improve financial
transparency and prevent criminals and terrorists from misusing
companies to disguise their illicit activities and launder their ill-
gotten gains.\782\ The
[[Page 35388]]
customer due diligence rule's exclusion for certain point of sale
transactions is based on the ``very low risk posed by opening such
accounts at [a] brick and mortar store.'' \783\ While the customer due
diligence rule focuses on accounts (including certain originated
loans), obtaining data on denials is essential to section 1071's
purposes. Moreover, unlike FinCEN's rule, which requires covered
financial institutions to collect certain essential information,
section 1071 only requires that financial institutions seek to collect
applicants' protected demographic information, and permits applicants
to refuse to provide that information. Given these key differences, the
Bureau is not adopting an exclusion for point of sale applications
below $50,000. See also the section-by-section analysis of Sec.
1002.104, which discusses requests for minimum transaction amount
thresholds.
---------------------------------------------------------------------------
\782\ See Fin. Crimes Enf't Network, Information on Complying
with the Customer Due Diligence (CDD) Final Rule, https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule
(last visited Mar. 20, 2023).
\783\ Fin. Crimes Enf't Network, Guidance, at Q 29 (Apr. 3,
2018), https://www.fincen.gov/sites/default/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf.
---------------------------------------------------------------------------
Next, trade associations representing insurance premium finance
lenders and insurance agents and brokers similarly argued that the
Bureau's rule should not apply to insurance premium finance lenders, in
part because such lenders cannot collect 1071 data until after funding.
New Sec. 1002.104(b)(3) excludes insurance premium financing,
therefore resolving these commenters' concerns.
Finally, the Bureau does not believe it would be appropriate to
categorically exclude captive vehicle finance lenders should be
excluded from coverage. The commenter's request was primarily based on
the argument that dealers--who primarily interact with applicants--are
currently prohibited by ECOA from gathering certain protected
demographic information. As further discussed in the section-by-section
analysis of Sec. 1002.109(a)(3), Regulation B issued by the Board of
Governors of the Federal Reserve System (12 CFR part 202) and
applicable to dealers provides in comment 5(a)(2)-3 that ``[p]ersons
such as loan brokers and correspondents do not violate the ECOA or
Regulation B if they collect information that they are otherwise
prohibited from collecting, where the purpose of collecting the
information is to provide it to a creditor that is subject to [HMDA] or
another Federal or State statute or regulation requiring data
collection.'' In response to the commenter's concern that dealers may
not be familiar with all required data under section 1071, such as
gross annual revenue or ownership structure information, the Bureau
first notes that dealers are often the last entity with authority to
set the material credit terms of the covered credit transaction, and so
are generally unlikely to be collecting 1071 data on behalf of other
reporting financial institutions. Second, even in situations where the
dealer is acting as a mere conduit, and thus may be collecting
information on behalf of another financial institution, the Bureau
expects that the dealer can request 1071 data from the applicant, just
like a covered financial institution would do. Finally, the commenter's
concerns that data must be collected at each stage of the process,
potentially by multiple covered financial institutions, may be
misplaced; nothing in the proposed or final rule would require a
financial institution (or a third party collecting data on its behalf)
to collect data multiple times in connection with a single covered
application.
107(d) Previously Collected Data
Proposed Rule
Proposed Sec. 1002.107(c)(2) would have permitted, but not
required, a financial institution to reuse previously collected data to
satisfy proposed Sec. 1002.107(a)(13) through (21) if the data were
collected within the same calendar year as the current covered
application and the financial institution had no reason to believe the
data are inaccurate. The Bureau believed that, absent a reason to
suspect otherwise, recently collected 1071 data are likely to be
reliable.
Proposed comments 107(c)(2)-1 through -7 would have provided
additional guidance and examples of when certain data can be reused by
a financial institution, including what data can be reused, when
information is considered collected in the same year, when a financial
institution may have reason to believe data are inaccurate, and when a
financial institution may reuse data regarding minority-owned business
status, women-owned business status, and data on the principal owners'
ethnicity, race, and sex.
The Bureau sought comment on Sec. 1002.107(c)(2) and associated
commentary.
Comments Received
The Bureau received comment on proposed Sec. 1002.107(c)(2) from a
range of lenders, trade associations, and community groups. A few
commenters noted that it is commonplace for lenders to receive multiple
applications from a borrower. For example, a community bank stated that
it is typical for borrowers to submit numerous loan requests during the
year, and expressed concern about what it referred to as ``repetitive
completion'' of data points. A trade association similarly noted that
financial institutions often have customers with multiple facilities,
which may have been obtained all at once or over time.
Some commenters generally supported a provision that would allow
financial institution to reuse certain data for some period of time. A
community group supported allowing lenders to use previously collected
data if an application is continued at a later date. However, the
commenter urged against permitting reuse beyond a year, noting that the
characteristics of the small business may change (such as revenue
size).
In response to the Bureau's request for comment on the issue, a
number of commenters urged the Bureau to adjust the time frame for
reuse. A CDFI lender urged that, at a minimum, the Bureau update the
time frame to ``within 12 months,'' rather than the same calendar year,
noting that there is no reason to believe data are inaccurate for
applications submitted close in time, but that fall between two
calendar years. A trade association urged the Bureau to permit reuse
for ``the same or prior calendar year.'' The commenter argued that
permitting reuse of data would reduce applicant burden and that it
would be unnecessarily restrictive to require financial institutions to
collect anew previously obtained data that is still likely to be
accurate. The commenter further noted that a financial institution can
repopulate previously provided data, and the applicant can certify that
the data are still accurate or update the data. A community bank argued
that a one-year period was too short considering that its agricultural
clients often annually reapply for draw down lines of credit (used to
purchase crop inputs for the year), during which period a borrower's
small business and principal owner status are unlikely to change.
A couple of community banks and group of trade associations urged
the Bureau to permit reuse for a 24-month or two-year period. One of
the banks stated that it is common for businesses to obtain a new
product from a financial institution in the first three years, rather
than the first year alone. Another trade association argued for a
three-year reuse period. The commenter also argued that reuse should be
permitted for any data the financial institution does not normally
gather in connection with credit applications, such as data regarding
minority-owned business status, women-owned business status,
[[Page 35389]]
and data on the principal owners' ethnicity, race, and sex, as well as
gross annual revenue information if not typically collected. A
community bank argued that if there are no changes to the data, a
financial institution should be permitted to reuse data indefinitely.
Finally, a community bank asserted that prior collected data should be
reusable for the same amount of time across all data points, unless
there is a reason to believe they are inaccurate. However, the
commenter continued, reuse of gross annual revenue data should be
updated every fiscal year and gender should be updated every year given
that gender identity may change. The commenter asserted that ethnicity
and race information about the principal owner(s) should not change
absent a change in principal owner(s).
In contrast, a community groups, community-oriented lenders, and
business advocacy groups, as well as an individual commenter opposed
reuse of prior collected data in certain circumstances. The joint
letter and the minority business advocacy group specifically opposed
reuse of information about a principal owner's ethnicity, race, and sex
information if the business previously responded ``I do not wish to
provide this information.'' The commenters asserted that opinions may
shift, which may make a person more likely to provide the requested
information. The commenters further noted that it is not a big burden
on financial institutions to attempt to gather the information again
and doing so goes to the purposes of section 1071. An individual
commenter argued that the proposed reuse of previously collected data
about an applicant's sex, sexual orientation and gender identification
would have a negative impact on members of the LGBTQ community. The
commenter was concerned that information collected for one purpose
would be used for a non-intended purpose, such as to classify and
segregate LGBTQ members applying for a small business loan. The
commenter stated that by collecting data on an applicant's sex, sexual
orientation, and gender identification, LGBTQ members are at risk that
their data may be used for unintended purposes outside 1071 data
collection.
In response to the Bureau's request for comment on whether
financial institutions should be required to notify applicants that
information they provide may be reused for subsequent applications, one
community bank suggested the Bureau add a disclosure on the sample data
collection form noting that the information may be reused, and if the
information has changed, to inform the applicant's lender.
A community bank asked how the reuse provision could be implemented
in light of the proposed firewall provision. The commenter noted that
because the firewall provision prohibits review by underwriters of
demographic information, it is unclear how a financial institution can
reasonably rely on data collected in the same calendar year if that
data is inaccessible to the lender. Another commenter asked for
clarification whether data (specifically demographic data) collected in
prior years could be reused, and what to do if there are multiple
collections. Specifically, the commenter gave the example of an
applicant that provides demographic information for one application,
and then chooses not to provide demographic information for a
subsequent application, and asking which collection should be reported.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.107(d) (proposed as Sec. 1002.107(c)(2)) to permit, but not
require, a financial institution to reuse previously collected data to
satisfy Sec. 1002.107(a)(13) through (20) if (a) the data were
collected within the 36 months preceding the current covered
application (except that to satisfy Sec. 1002.107(a)(14), on gross
annual revenue, the data must be collected within the same calendar
year as the current covered application) and (b) the financial
institution has no reason to believe the data are inaccurate. As
discussed above, the majority of commenters to weigh in on this issue
supported reuse of data for some period of time, with many commenters
urging the Bureau to extend the time period for reuse from the same
calendar year to multiple years. As noted by one bank, it is common for
businesses to seek a new product within three years of a prior
origination, with fewer requests occurring within one year. Allowing
reuse will also reduce the need for applicants to repeatedly provide
the same information over a short period of time, as noted by some
commenters. The Bureau also believes permitting reuse will reduce
burden on financial institutions, particularly those with an
established relationship with a business. In addition, the Bureau
believes that permitting reuse will assist in fast-paced transactions,
such as requests for additional credit amounts on an existing account.
Based on these reasons and the feedback from commenters, the Bureau now
believes that 36 months strikes the appropriate balance of permitting
reuse for a short enough period of time that the data are likely to be
reliable, while also permitting a long enough period of reuse to avoid
a financial institution from having to make repeated information
requests to returning customers.
In response to a commenter's concern that characteristics of a
small business may change during a time period greater than a year, the
Bureau notes that any dramatic shifts will likely be known to a
financial institution considering a new covered application. In those
circumstances, the financial institution either will have already
collected updated information (in which case the updated information
would be reported pursuant to final comment 107(d)-4) or the financial
institution will have reason to believe certain data are inaccurate, in
which the case the financial institution cannot reuse that data
pursuant to final Sec. 1002.107(d)(2). Indeed, the Bureau believes
that final Sec. 1002.107(d)(2), the provision prohibiting reuse of
data if the financial institution has reason to believe the prior
collected data are inaccurate, will identify the majority of situations
where the data are no longer reliable. For example, as set forth in
final comment 107(d)-6, a financial institution may have reason to
believe data are inaccurate if it knows that the applicant has had a
change in ownership or a change in an owner's percentage of ownership.
Similarly, a financial institution may also have reason to know data
are inaccurate if the business indicates that is has opened several new
store locations recently. In that case, the financial institution may
have reason to ask for updated data on gross annual revenue, number of
workers, and potentially other data points.
Some commenters raised concerns about reuse of data regarding a
principal owner's race, sex, and ethnicity information, particularly if
the business previously responded ``I do not wish to provide this
information.'' Another commenter stated that identities, and
particularly gender identity, may shift, and so the information should
be collected at least every year. The Bureau understands that how an
applicant wishes to identify may shift over time. However, as noted
above, the Bureau believes that a 36-month period provides the right
balance of permitting reuse for a period of time to reduce repetitive
collections, but also require financial institutions collect the data
anew once a substantial amount of time has passed. Although the final
rule permits reuse of applicant demographic data pursuant to final
Sec. 1002.107(d), final comment 107(d)-9 provides that a financial
institution may not reuse data
[[Page 35390]]
to satisfy Sec. 1002.107(a)(18) and (19) unless the data were
collected in connection with a prior covered application pursuant to
subpart B. The Bureau believes that reuse of applicant demographic data
should be limited in this manner to ensure that data reported were
collected in a manner that aligns with the protections and selection
options set forth in final Sec. 1002.107(a)(18) and (19).
Although the Bureau is finalizing Sec. 1002.107(d) to permit reuse
of certain data collected within a 36-month period, the Bureau notes
that a financial institution may--at any time, even outside a three-
year period--use reasonable procedures to reaffirm data previously
collected. The Bureau understands that many financial institutions have
years of experience serving a particular small business's credit needs
and so may seek to streamline new credit requests to avoid duplicative
or unnecessary collection efforts. In this respect, it is important to
note that the final rule does not prevent a financial institution from
identifying efficient ways to gather 1071 required data, including by
leveraging prior 1071 data to streamline the collection process. For
example, even if it has been more than three years since a business
submitted an application for credit, a financial institution may
reaffirm prior collected data about whether the business is minority-
owned, women- owned, and LGBTQI+-owned, and the ethnicity, race, and
sex of the principal owners of the business by, for example, providing
the applicant with a data collection form pre-populated with its prior
responses and confirming with the applicant that the information
remains accurate or making any changes noted by the applicant. Methods
that reaffirm prior collected data may be particularly useful in
faster-paced transactions, such as requests for additional credit
amounts.
A bank asked how the reuse provision can be implemented in light of
the proposed firewall provision, noting that because the firewall
provision prohibits review by underwriters of demographic information,
it is unclear how a financial institution can reasonably rely on
previously collected data if it is inaccessible to the lender. The
Bureau does not believe that the firewall provision in final Sec.
1002.108 will conflict or render unusable the reuse provisions in final
Sec. 1002.107(d), as suggested by some commenters. Initially, the
Bureau notes that the firewall provision only applies to information
regarding whether the applicant is a minority-owned business, a women-
owned business, or an LGBTQI+-owned business under Sec.
1002.107(a)(18) and regarding the ethnicity, race, and sex of the
applicant's principal owners under Sec. 1002.107(a)(19), but not other
applicant-provided data. In any event, if an employee or officer is
typically tasked with collecting data required under Sec.
1002.107(a)(18) and (19), and is otherwise not involved in making any
determination concerning a covered application, providing that employee
with access to an applicant's prior responses to data requests under
Sec. 1002.107(a)(18) and (19) would not violate the firewall. Thus,
final comment 108(a)-1(ii)(f) provides the example that reviewing
previously collected data to determine if it can be used for a later
covered application pursuant to Sec. 1002.107(d) is not an activity
that constitutes being involved in making a determination regarding a
covered application. Finally, if a financial institution determines
that it is not feasible to limit an employee's or officer's access to
an applicant's prior responses to the financial institution's inquiries
under final Sec. 1002.107(a)(18) and (19) and provided the notice
required under final Sec. 1002.108(d) to the applicant at the time the
data were collected, the financial institution can permit that employee
or officer to reuse the collected data for a 36-month period as set
forth in final Sec. 1002.107(d).
In response to a commenter's question concerning what previously
reported data can be used, and how to resolve conflicting answers
provided at different times, the Bureau notes that final comment
107(d)-4 provides that a financial institution should use updated
information if available.
In response to its request for comment on the issue in the NPRM,
the Bureau received feedback from an industry commenter that the sample
data collection form should include a disclosure that information can
be reused for section 1071 reporting purposes, and that an applicant
should inform its lender if there have been any changes. The Bureau is
finalizing the sample data collection form without a disclosure about
potential reuse of data. Including such language could distract an
applicant from other language on the form (such as why the data is
being collected) and risks potentially confusing an applicant, who
might not understand that reuse is limited to 1071. Relatedly, the
collection form accurately identifies why the information is being
collected whether or not the data are later reused--to help ensure that
all small business applicants are treated fairly and that communities'
small business credit needs are being fulfilled.
Final comment 107(d)-1 (proposed as comment 107(c)(2)-1) is revised
to clarify that reuse of data pursuant to final Sec. 1002.107(d) is
limited to reuse for the purpose of reporting such data pursuant to
Sec. 1002.109. In response to an individual commenter's concern about
potential misuse of 1071 data, the Bureau has adopted new Sec.
1002.110(e), which prohibits a financial institution from disclosing or
providing to third parties the information it collects pursuant to
final Sec. 1002.107(18) and (19) except in limited circumstances. In
addition, financial institutions remain prohibited from using 1071
data--particularly data about whether the business is minority-owned,
women-owned, or LGBTQI+-owned, and the ethnicity, race, and sex of the
principal owners of the business--in a manner that violates ECOA,
existing Regulation B, or any other applicable law. For example,
existing Sec. 1002.4(a) prohibits a creditor from discriminating
against an applicant on a prohibited basis in any aspect of a credit
transaction. Similarly, existing Sec. 1002.6(b)(1) prohibits a
creditor from taking a prohibited basis into account in any system of
evaluating the creditworthiness of an applicant, except as expressly
provided for by ECOA or Regulation B. Thus, just because this final
rule gives a financial institution permission to collect ethnicity,
race, and sex/gender information for the limited purposes of section
1071, a financial institution still remains prohibited from considering
that data in a manner that violates ECOA, existing Regulation B, or any
other applicable law.
Final comments 107(d)-2 and -3 (proposed as comments 107(d)-2 and -
3) contain minor revisions for consistency and clarity. Final comment
107(d)-2 identifies the particular data that can be reused. The comment
also clarifies that other data required by final Sec. 1002.107(a)
cannot be reused, as those data points are specific and unique to each
covered application. Final comment 107(d)-3 clarifies instances where
data have not been ``previously collected'' and so cannot be reused
under final Sec. 1002.107(d).
The Bureau is adopting new comment 107(d)-4 to clarify that if a
financial institution obtains updated information relevant to the data
required to be collected and reported pursuant to final Sec.
1002.107(a)(13) through (20), and the applicant subsequently submits a
new covered application, the financial institution must use the updated
information in connection with the new covered application or seek to
collect the data again. Final comment
[[Page 35391]]
107(c)(2)-4 also provides an example of updated information.
Final comment 107(d)-5 (proposed as comment 107(c)(2)-4) is revised
to provide guidance on how to measure the 36-month period for potential
reuse of certain data, and provides an illustrative example.
Final comment 107(d)-6 (proposed as comment 107(c)(2)-5) contains
minor revisions for consistency and clarity, and an example of when a
financial institution has reason to believe data may be inaccurate and
so cannot be reused for a subsequent covered application.
As noted above, final Sec. 1002.107(d)(1) permits a financial
institution to reuse gross annual revenue data if collected within the
same calendar year as the current covered application. The Bureau is
adopting a narrower window for the reuse of gross annual revenue data
than other previously collected data given the language in ECOA section
704B(e)(2)(F) requiring financial institutions to compile ``gross
annual revenue of the business in the last fiscal year . . . preceding
the date of the application.'' Given that the statute identifies a
specified time frame for the collection of gross annual revenue, it
would be more consistent with the statute to permit reuse of gross
annual revenue only within the same calendar year. Moreover, given that
gross annual revenue data already looks back to the prior fiscal year,
adding an additional 36-month period could affect data quality. The
Bureau is also adopting new comment 107(d)-7 to provide guidance on
when gross annual revenue information is considered collected in the
same calendar year, and so may be reused by a financial institution in
certain circumstances. In particular, the comment discusses
applications that span more than one calendar year.
The Bureau is adopting new comment 107(d)-8 to clarify that if a
financial institution decides to reuse data about the applicant's time
in business, the financial institution must update the data to reflect
the passage of time, and provides an illustrative example.
Lastly, final comment 107(d)-9 (proposed as comments 107(c)(2)-6
and -7) is revised to provide guidance on when data regarding minority-
owned business status, women-owned business status, LGBTQI+-owned
business status, and data on the principal owners' ethnicity, race, and
sex may be reused by a financial institution in a subsequent covered
application.
Section 1002.108 Firewall
Background
ECOA section 704B(d) generally limits the access of certain
individuals at a financial institution or its affiliates to certain
information provided by an applicant pursuant to section 1071. The
Bureau calls this requirement in 704B(d) to limit access to information
a ``firewall.''
More specifically, ECOA section 704B(d)(1) states that ``[w]here
feasible,'' underwriters and other officers and employees of a
financial institution or its affiliates ``involved in making any
determination concerning an application for credit'' cannot have access
to any information provided by the applicant pursuant to a request
under 704B(b). That is, the statute limits access not only by
underwriters and persons making an underwriting decision but also by
anyone else involved in making any determination concerning an
application. However, it does not expressly define the term
``feasible'' or provide clarification regarding what it means to be
``involved in making any determination concerning an application for
credit.''
Additionally, under ECOA section 704B(d)(2), if a financial
institution determines that an underwriter, employee, or officer
involved in making a determination ``should have access'' to any
information provided by the applicant pursuant to a request under
704B(b), the financial institution must provide a notice to the
applicant of the underwriter's access to such information, along with
notice that the financial institution may not discriminate on the basis
of such information. Section 704B(d)(2) does not expressly define or
describe when an underwriter, employee, or officer ``should have
access,'' nor does it explain the relationship, if any, between when a
financial institution determines that an individual ``should have
access'' under 704B(d)(2) and whether it is ``feasible'' to implement
and maintain a firewall under 704B(d)(1).
Proposed Rule
Scope of the firewall. In the NPRM, the Bureau explained its belief
that section 1071 is ambiguous with respect to the meaning of ``any
information provided by the applicant pursuant to a request under
subsection (b).'' On the one hand, ECOA section 704B(b)(1) directs
financial institutions to inquire whether a business is ``a women-
owned, minority-owned, or small business,'' so the phrase could be
interpreted as referring only to these three data points. However,
section 704B(e) indicates that the scope of 704B(b) is much broader. It
instructs financial institutions that ``information provided by any
loan applicant pursuant to a request under subsection (b) . . . shall
be itemized in order to clearly and conspicuously disclose'' data
including the loan type and purpose, the amount of credit applied for
and approved, and gross annual revenue, among other things. In other
words, 704B(e) designates all of the information that financial
institutions are required to compile and maintain--not simply an
applicant's status as a women-owned, minority-owned, or small
business--as information provided by an applicant ``pursuant to a
request under subsection (b).''
Information deemed provided pursuant to 704B(b) is subject not only
to the firewall under 704B(d) but also to a right to refuse under
704B(c) and separate recordkeeping requirements under 704B(b)(2).
Applying these special protections to many of the data points in
704B(e), such as an applicant's gross annual revenue or the amount
applied for, would be extremely difficult to implement because this
information is critical to financial institutions' ordinary operations
in making credit decisions.
In order to resolve these ambiguities, the Bureau gave different
meanings to the phrase ``any information provided by the applicant
pursuant to a request under subsection (b)'' with respect to ECOA
section 704B(e) as opposed to 704B(b)(2), (c), and (d). With respect to
the scope of the firewall, the Bureau interpreted the phrase to refer
to the data points in proposed Sec. 1002.107(a)(18) (minority-owned
business status) and proposed Sec. 1002.107(a)(19) (women-owned
business status), as well as proposed Sec. 1002.107(a)(20) (ethnicity,
race, and sex of principal owners). None of these data points has any
bearing on the creditworthiness of the applicant. Moreover, a financial
institution generally could not inquire about this demographic
information absent section 1071's mandate to collect and report the
information, and ECOA prohibits a financial institution from
discriminating against an applicant on the basis of the information.
Thus, the Bureau believed that the best effectuation of congressional
intent was to apply section 1071's limitation on access and right to
refuse provisions to all demographic information collected pursuant to
section 1071 and not to whether an applicant is a small business or any
of the non-demographic data points proposed in Sec. 1002.107(a).
[[Page 35392]]
Accordingly, the Bureau proposed that financial institutions need
only limit access under ECOA section 704B(d) to an applicant's
responses to the financial institution's specific inquiries regarding
women-owned business status and minority-owned business status and the
ethnicity, race, and sex of principal owners, but not to an applicant's
small business status.\784\ Additionally, the proposal would have
clarified that this prohibition on allowing certain employees and
officers to access certain information does not extend to ethnicity or
race information about principal owners that the financial institution
collects via visual observation or surname. It would have also
clarified that the prohibition does not extend to an applicant's
responses to inquiries regarding demographic information made for
purposes other than data collection pursuant to section 1071 or to an
employee's or officer's knowledge due to activities unrelated to the
inquiries made to satisfy the financial institution's obligations under
section 1071 (e.g., an employee knows that the applicant is a minority-
owned business or women-owned business due to information provided to
qualify for a special purpose credit program or an officer knows a
principal owner's ethnicity, race, or sex due to participation in a
community group or association).
---------------------------------------------------------------------------
\784\ SBREFA Outline at 36-37.
---------------------------------------------------------------------------
As noted above, section 1071 prohibits access to certain
information by underwriters and other officers and employees of a
financial institution or its affiliates ``involved in making any
determination concerning an application for credit.'' Consistent with
the statute, the Bureau proposed that a financial institution need only
prohibit the access of an employee or officer to demographic
information pursuant to section 1071 if that employee or officer is
involved in making a determination concerning an applicant's covered
application. The Bureau further proposed defining the phrase ``involved
in making any determination concerning a covered application'' to mean
participating in a decision regarding the evaluation of a covered
application, including the creditworthiness of an applicant for a
covered credit transaction. The NPRM noted that this group of employees
and officers includes, but is not limited to, employees and officers
who serve as underwriters. Additionally, the NPRM would have explained
that the decision that the employee or officer makes or participates in
must be about a specific covered application. An employee or officer
would not be involved in making a determination concerning a covered
application if the employee or officer is involved in making a decision
that affects covered applications generally, the employee or officer
interacts with small businesses prior to them becoming applicants or
submitting a covered application, or the employee or officer makes or
participates in a decision after the financial institution has taken
final action on the application, such as decisions about servicing or
collecting a covered credit transaction.
Feasibility of establishing and maintaining a firewall. In the
NPRM, the Bureau also noted that ECOA section 704B(d) contains
significant ambiguities with respect to how financial institutions, in
practical terms, should determine how to implement a firewall to limit
access to certain information provided by applicants pursuant to
section 1071. Indeed, based on feedback from stakeholders during the
SBREFA process, it appeared that in many instances financial
institutions that find it not ``feasible'' to implement and maintain a
firewall will be the same institutions determining that relevant
individuals ``should have access'' to the information provided by an
applicant pursuant to 704B(b). The Bureau believed that reading these
two provisions in isolation from each other would likely result in
significant confusion and challenges, particularly for smaller
financial institutions.
Accordingly, the Bureau proposed that section 1071's firewall
requirement be implemented by reading the ``should have access''
language in ECOA section 704B(d)(2) in conjunction with the
``feasibility'' language in 704B(d)(1). As proposed, it would not be
feasible for a financial institution to implement and maintain a
firewall with respect to a given employee or officer involved in making
a determination concerning a covered application if the financial
institution determines that employee or officer should have access to
one or more of the applicant's responses to the financial institution's
inquiries under proposed Sec. 1002.107(a)(18) through (20).
Conversely, it would be feasible for a financial institution to
implement and maintain a firewall if the financial institution
determines that no employee or officer involved in making a
determination concerning a covered application should have access to
the applicant's responses to the financial institution's inquiries
under proposed Sec. 1002.107(a)(18) through (20). Thus, the Bureau
proposed that the prohibition on certain individuals accessing
information as set forth in proposed Sec. 1002.108(b) would not apply
to an employee or officer if the financial institution determines that
it is not feasible to limit that employee's or officer's access to one
or more of an applicant's responses to the financial institution's
inquiries under proposed Sec. 1002.107(a)(18) through (20), and the
financial institution provides the notice required under proposed Sec.
1002.108(d) to the applicant.
The Bureau further proposed that it is not feasible to limit access
as required pursuant to proposed Sec. 1002.108(b) if the financial
institution determines that an employee or officer involved in making
any determination concerning a covered application should have access
to one or more applicants' responses to the financial institution's
inquiries under proposed Sec. 1002.107(a)(18) through (20). The Bureau
proposed to define the phrase ``should have access'' to mean that an
employee or officer may need to collect, see, consider, refer to, or
otherwise use the information to perform that employee's or officer's
assigned job duties. As proposed, a financial institution may determine
that an employee or officer should have access for purposes of proposed
Sec. 1002.108 if that employee or officer is assigned one or more job
duties that may require the employee or officer to collect (based on
visual observation, surname, or otherwise), see, consider, refer to, or
use information otherwise subject to the prohibition in proposed Sec.
1002.108(b). The employee or officer would not have to be required to
collect, see, consider, refer to or use such information or to actually
collect, see, consider, refer to or use such information. It would be
sufficient if the employee or officer might need to do so to perform
the employee's or officer's assigned job duties. Additionally, a
financial institution may determine that all employees or officers with
the same job description or assigned duties should have access for
purposes of proposed Sec. 1002.108. However, if a financial
institution determines that one or more employees or officers involved
in making any determination concerning a covered application should
have access for purposes of proposed Sec. 1002.108, the financial
institution would have been responsible for ensuring that the employees
or officers only access and use the protected information for lawful
purposes.
Exception to establishing and maintaining a firewall. As explained
above, the Bureau proposed to implement the statutory exception to the
requirement to establish and maintain a firewall in Sec. 1002.108. The
[[Page 35393]]
exception would allow financial institutions to give certain employees
or officers access to protected demographic information if the
financial institution determines that they should have access to that
information. However, in such circumstances, the financial institution
would need to comply with the statutory requirement to provide a notice
in lieu of limiting access. Thus, the Bureau proposed that, in order to
satisfy the exception, as set forth in proposed Sec. 1002.108(c), a
financial institution would be required to provide a notice.
The Bureau proposed that the financial institution be required to
provide the notice to, at least, each applicant whose responses to the
financial institution's inquiries under proposed Sec. 1002.107(a)(18)
through (20) would be accessed by an employee or officer involved in
making a determination concerning that applicant's covered application.
As an alternative, the Bureau proposed that the financial institution
could provide the required notice to a larger group of applicants,
including all applicants, if it determines that one or more officers or
employees should have access to protected demographic information.
The Bureau further proposed that the notice provided to satisfy the
exception in proposed Sec. 1002.108(c) must inform the applicant that
one or more employees and officers involved in making determinations
concerning the applicant's covered application may have access to the
applicant's responses regarding the applicant's minority-owned business
status, its women-owned business status, and its principal owners'
ethnicity, race, and sex. The Bureau proposed language for the required
notice and stated that a financial institution would be required to use
the language set forth in proposed comment 108(d)-2 or substantially
similar language when providing the notice.
The Bureau also proposed timing requirements for providing the
notice. The Bureau proposed that, if the financial institution provides
the notice orally, it must provide the notice prior to asking the
applicant if it is a minority-owned business or women-owned business
and prior to asking for a principal owner's ethnicity, race, or sex. If
the financial institution provided the notice on the same paper or
electronic data collection form as the inquiries about minority-owned
business status, women-owned business status, and the principal owners'
ethnicity, race, or sex, the financial institution would have been
required to provide the notice at the top of the form. If the financial
institution provided the notice required by proposed Sec. 1002.108(d)
in an electronic or paper document that is separate from the data
collection form inquiring about the applicant's minority-owned business
status, its women-owned business status, and its principal owners'
ethnicity, race, and sex, the financial institution would have been
required to provide the notice at the same time as or prior to
providing the data collection form. Additionally, the NPRM would have
clarified that the notice required pursuant to proposed Sec.
1002.108(d) must be provided with the non-discrimination notices
required pursuant to proposed Sec. 1002.107(a)(18) through (20).
Requests for comment. The Bureau sought comment on its proposed
approach to the statutory firewall requirement and whether a different
approach might result in a better policy outcome. The Bureau also
sought comment on the scope of the proposed firewall requirement and
the exception to establishing and maintaining a firewall. The Bureau
specifically sought comment on whether the proposed firewall should
apply to information about principal owners' ethnicity and race that is
obtained via visual observation and/or surname analysis. Finally, the
Bureau generally requested comment on whether additional clarification
is needed regarding the firewall requirement.
Comments Received
The Bureau received comments on its proposed approach to the
firewall requirement from a wide range of commenters including lenders,
trade associations, business advocacy groups, community groups, small
business owners and other individuals, and members of Congress. A
majority of these comments addressed the feasibility of establishing
and maintaining a firewall and/or addressed the notice required to rely
on the exception. Numerous commenters sought the elimination of or
exemptions to the firewall requirement. Other commenters sought
additional guidance on some or all of the firewall provisions,
including the scope of the firewall and determining who ``should have
access'' to the protected information.
General. A community group commenter said that the proposed
firewall provisions appropriately protect applicants, and another
stated that the formulation of the proposed firewall provisions was
reasonable. A CDFI lender said that while smaller financial
institutions might not be able to establish and maintain a firewall,
the NPRM provided sufficient flexibility in its firewall provisions to
facilitate implementation. A women's business advocacy group encouraged
the Bureau to look at ways to make a more secure firewall and noted
that the feasibility standard in the proposed rule seemed to remove the
firewall's effectiveness. Another commenter cautioned that the proposed
firewall would not stop lenders from using information inappropriately
and in a manner that harms small business applicants.
In contrast, a large number of lenders, trade associations, and
individual commenters requested that the Bureau eliminate the firewall.
Some of these commenters said that the firewall should be eliminated
because it would create competitive disadvantages or overburden certain
financial institutions. Others said that it should be eliminated
because the firewall would overburden all covered financial
institutions. Many commenters said that the firewall will add
complexity, create burden and regulatory risk, and/or increase the cost
of compliance. A few commenters said that the firewall provisions could
result in financial institutions being required to purchase or create
new technology or systems. Some commenters noted that the additional
expense could result in an increased cost of credit, limited access to
credit, and/or the cessation of certain products being offered. One
commenter further stated that the costs of such a requirement would
likely decimate small businesses' access to credit because financial
institutions will either decrease or stop their small business lending.
One bank commenter asked that the Bureau create a simple way for
the commenter to certify that the firewall concept cannot work for its
entire institution without exception, equivocation, or a repetitive
review. This commenter further indicated that it would provide a short
and simple disclosure (one half of a letter size page or less) to all
of its commercial applicants to document its compliance. The commenter
said that the proposed firewall requirements gave it concern and
appeared to be a ``gotcha'' clause in the proposed rule. In particular,
they indicated it was concerned with a portion of proposed comment
108(c)-1 that would have said that a financial institution cannot
permit all employees and officers to have access simply because it has
determined that one or more employees or officers should have access.
Some commenters said that they had not been able to devise a
workable method for improving what they called
[[Page 35394]]
the firewall's ``prohibit-or-disclose regime,'' and suggested that the
Bureau needed to exercise its statutory authority to eliminate the
firewall provision. These commenters and others also noted that
eliminating the firewall requirement would align the rule implementing
section 1071 with HMDA/Regulation C, which they said has required
collection of demographic information for decades without any known
incidents, despite the absence of any firewall.
Some commenters said that the Bureau should eliminate the firewall
because it is unnecessary. A commenter also noted that the firewall
requirement presents unique compliance challenges because the
requirement is different than HMDA and will require unique systems. A
few commenters said that the firewall serves no purpose or has no
practical value. A few other commenters noted that the firewall is
impractical or serves no purpose when applications are not anonymous,
such as in smaller communities or where the employee or officer making
determinations has an existing relationship with the applicant.
A few commenters asked the Bureau to create a platform, portal, or
other system for applicants to report demographic information directly
to the Bureau so that financial institutions could avoid having to
intake such information at all.
Scope of the firewall. Comments on the scope of the proposed
firewall requirement largely requested clarification. These commenters
requested additional guidance regarding the types of employees and
officers that would be subject to the firewall with one commenter
asserting that the standard in the proposed rule was vague and
subjective. This commenter also requested additional clarity regarding
the definition of the phrase ``involved in making any determinations
concerning an application for credit.'' Some commenters requested that
specific groups of employees (such as software engineers and data
scientists, bankers and managers who provide information or counseling
on available credit products, and employees who gather information and
submit applications to unrelated financial institutions who may take
assignments of the credit contract) explicitly be excluded from the
scope of the firewall requirement. However, a trade association said it
supported the proposed definition of the phrase ``involved in making
any determination concerning a covered application.''
One commenter specifically agreed that the firewall should not
extend to an applicant's status as a small business.
Regarding application of the proposed firewall requirement to
demographic information collected via visual observation or surname,
one commenter requested guidance on how to comply with the firewall for
such information. Another commenter urged the Bureau not to include
information collected via visual observation or surname within the
scope of the firewall. In contrast, another commenter noted that if the
firewall is meant to prevent a credit decision based on protected
information, it should not matter how the demographic information is
collected.
Some commenters requested clarification or guidance regarding the
firewall's applicability to information collected pursuant to HMDA or
other laws or regulations. One commenter said that an employee or
officer should not be subject to the firewall if the employee or
officer accessed demographic information collected pursuant to section
1071 in order to satisfy HMDA or another regulatory requirement.
A commenter said that the firewall should only apply to
applications originated completely online.
Feasibility of establishing and maintaining a firewall. A
significant majority of the comments about the firewall provisions
specifically addressed the feasibility of establishing and maintaining
a firewall. Overwhelmingly, these commenters said that the firewall
would be impossible, difficult, inefficient, and/or costly to implement
for certain financial institutions.
Numerous commenters said that the firewall is not or may not be
feasible for smaller institutions, such as credit unions and other
community-based financial institutions with limited staff and
resources. Numerous commenters also said that the firewall would not be
workable with some business models, loan processes, and/or decision-
making structures. Specifically, commenters asserted that the firewall
would be impossible or impractical with high-contact and relationship-
based lending models and with lending models that rely on loan officers
to collect information from applicants. One commenter said that the
logistics of implementing a firewall would be too much for most
lenders.
While some commenters said that the firewall requirement would
unfairly burden and punish smaller financial institutions or
traditional financial institutions in favor of larger financial
institutions and online lenders, others said that the firewall may not
be feasible for larger institutions or online lenders. Specifically,
some commenters said that the firewall would not be feasible for larger
institutions because they would have to make substantial investments in
technology to implement a firewall. One commenter said that while it
was a larger financial institution, its business lending department was
small, which would make establishing and maintaining a firewall
impossible, infeasible, or burdensome.
Many commenters said that lenders would need to change their
operations, hire additional staff, reconfigure systems, and/or invest
significant sums in technology in order to establish and maintain a
firewall. Some commenters asserted that the costs of doing these things
may be prohibitive. A few commenters said that the firewall would
disrupt their process, and one commenter said that the firewall
requirement could diminish a loan officer's ability to fully engage
with their clients efficiently and timely. With regard to indirect
vehicle financing, a few commenters said that there is not currently a
mechanism to shield and transmit data for such transactions and noted
there would be a one-time cost exceeding $4 million to develop such a
mechanism.
Some commenters requested additional clarification or guidance on
the feasibility standard. A few commenters specifically requested a
clearer feasibility standard. Some recommended that the Bureau provide
clear guidance about when a firewall is or is not feasible and how a
covered financial institution may determine the feasibility of
establishing and maintaining a firewall. A few commenters said that the
Bureau should clarify the operational factors (such as existing
staffing, software capability, other existing systems and operations,
and costs of making changes) that a financial institution may consider
when determining feasibility and when an employee or officer should
have access to protected demographic information collected pursuant to
section 1071. Two of these commenters requested that the commentary
specifically state that a financial institution may determine that a
firewall is not feasible if it would need to hire additional staff in a
line of business. Another commenter said that a financial institution
should be permitted to consider department size in determining
feasibility.
Two commenters said that the Bureau should expressly state that a
financial institution has discretion to determine when a firewall is or
is not feasible. These commenters further said that a financial
institution's determination that a firewall is not feasible should be
[[Page 35395]]
left to the sole and exclusive discretion of financial institutions,
effectively creating a safe harbor for institutions' determinations of
feasibility. Another commenter said that the Bureau should also
consider adding a feasibility-related safe harbor provision in Sec.
1002.112(c) that allows for variations in determining feasibility.
Other commenters recommended that a determination of feasibility or
infeasibility should satisfy the rule if done in conformity with
written procedures. Finally, one commenter said that it did not believe
that the Bureau could create a feasibility standard that would allow a
financial institution to determine whether it is required to implement
a firewall pursuant to the rule.
Providing a notice in lieu of establishing and maintaining a
firewall. A significant number of the commenters who said that it would
not or may not be feasible to implement and maintain a firewall also
opposed providing a notice in lieu of establishing and maintaining a
firewall. Generally, commenters said that the notice may raise privacy
concerns among some applicants, create confusion, and/or create
competitive disadvantages for financial institutions that provide the
notice. Some commenters said that requiring a notice would create an
additional compliance and/or administrative burden, and one said that
the notice may slow down the loan process because financial
institutions will need to explain the required language. Several
commenters said that the notice could cause customer complaints (as
well as customer confusion) if some financial institutions are not
required to provide the notice. Several commenters said that applicants
may want to obtain loans from financial institutions that do not
provide the notice, and some said this ultimately could result in a
reduction of applicant choice, a reduction of applicant access to
credit, or increased cost of credit.
A number of commenters said that providing the applicant with
notice of the fact that their demographic data will be shared could
raise questions or suspicions of whether the data plays a role in
credit decisions or doubts about the impartiality of the credit
decision, or could cause unwarranted scrutiny from individuals
receiving the notice. Some commenters said that the notice may cause
applicants to think the financial institution is not adequately staffed
or cannot maintain the confidentiality of applicant information. One
commenter suggested that the language of the proposed notice is
inflammatory. Another commenter said that the proposed notice implied
that some financial institutions are inherently more likely to engage
in unfair lending, to the extent that a ``government warning'' is
necessary. The commenter further stated that this implication is an
unwarranted insult to the integrity and fairness of the shareholders
and management of smaller community banks, and they would most likely
prefer to withdraw from or significantly curtail small business lending
than rely on the proposed exception to the firewall requirement by
providing the notice.
Different commenters identified financial institutions that would
need to provide the notice as smaller financial institutions, mid-sized
financial institutions, community banks, credit unions, or more
traditional financial institutions (i.e., not online lenders). However,
one commenter predicted that lenders of many sizes, business models,
and regulatory levels will conclude that employees and officers
involved in making a determination concerning an application should
have access to demographic information collected under section 1071 and
provide the notice.
A number of commenters suggested that the notice could inhibit the
collection of demographic information and/or undercut section 1071's
statutory purposes because it might influence applicants not to provide
the requested information. One commenter said the notice might result
in more applicants at community banks opting not to provide their
demographic information, and in turn, more community banks having to
report ethnicity and race information based on visual observation or
surname. Another commenter said that providing the notice may affect an
applicant's willingness to provide demographic information as the
notice gives the perception that the information would likely be used
to discriminate. Likewise, some commenters said that providing the
notice to qualify for the firewall exception at the same time as the
non-discrimination notice is especially problematic and could result in
applicants declining to provide the requested information. Some
commenters said that giving the notices together could result in other
harms, such as harm to existing customer relationships. Two commenters
suggested that the notice requirement is counterproductive because
applicants may be less inclined to provide demographic information if
they are told that decision makers may access their demographic
information.
A bank said that the Bureau should eliminate the notice because
applicants will know that the person making the inquiries pursuant to
section 1071 will be making determinations regarding applications.
Another bank said that the notice is useless because no one reads
disclosures, and customers already know that lenders cannot
discriminate.
A few commenters requested specific revisions to the notice. One
commenter said that the Bureau should revise the notice to align with a
HMDA notice. Another commenter requested that the Bureau align the
notice with the disclosure used for HMDA and stated that this means
that the disclosure would be provided with requests for demographic
information on covered applications, regardless of whether the
financial institution can maintain a firewall, and would emphasize that
the information is being requested/collected for government monitoring
of lenders' fair lending performance and compliance, cannot influence
credit decisions, and is voluntary for applicants to provide. A third
commenter said that in lieu of having a firewall requirement, the
Bureau should develop a model disclosure to applicants explaining the
data gathering process, similar to the disclosure provided in the
government monitoring section of the home mortgage application.
A commenter said that the Bureau should exercise its authority to
allow institutions to provide a Bureau-developed disclosure to
applicants explaining that there may be access to the data and explain
that the institution must not discriminate based on the information.
The commenter further said that the Bureau should develop and provide
the disclosure in Spanish as well as English when it publishes the
final rule and add other translations over time.
A trade association supported the Bureau's proposal to develop
model disclosures that lenders could use when notifying applicants of
an employee's or officer's access to personal information. Another
trade association supported an exception to the firewall requirement
and a model disclosure that alerts applicants that an employee or
officer may have access to demographic information, but does not tell
applicants that such individuals will have access to such information.
Two other commenters supported allowing financial institutions to
provide a notice to applicants in lieu of restricting access to
applicants' protected demographic information if a financial
institution determines that it is not feasible to limit access to one
or more of an applicant's responses to the financial institution's
inquiries. A community group
[[Page 35396]]
commenter said that the notice is an important aspect of the proposed
rule.
Requests for exemptions from the firewall requirements. Many
commenters requested that the Bureau exempt certain financial
institutions from the firewall requirement, though not all commenters
agreed on which institutions should be exempted. One commenter
requested an exemption for financial institutions with assets of less
than $1.384 billion (the CRA small bank threshold as of January 1,
2022),\785\ and another for institutions with assets of less than $5
billion. A few commenters said that financial institutions with assets
of less than $10 billion should be exempted. Other commenters said that
``smaller'' or ``community based institutions'' or ``community banks''
or ``credit unions'' should be exempted. One commenter said that
community banks should be exempt from the notice requirement.
---------------------------------------------------------------------------
\785\ Bd. of Governors of the Fed. Rsrv. Sys. & Fed. Deposit
Ins. Corp., Agencies release annual asset-size thresholds under
Community Reinvestment Act regulations (Dec. 16, 2021), https://www.federalreserve.gov/newsevents/pressreleases/bcreg20211216a.htm;
Fed. Fin. Insts. Examination Council, Explanation of the Community
Reinvestment Act Asset-Size Threshold Change (Dec. 16, 2021),
https://www.ffiec.gov/cra/pdf/2022_Asset_Size_Threshold.pdf.
---------------------------------------------------------------------------
Other commenters said that certain institutions should be provided
an ``automatic'' exception to the firewall, such that smaller
institutions could avoid the analysis and documentation required to
show that an institution qualifies for the exception.
Several commenters said that, due in whole or in part to the
firewall requirement, certain institutions should be exempted from the
entire rule. One commenter said that banks under $1 billion should be
exempted on this basis, a few said community banks should be exempted
on this basis, and one commenter said that all but the largest lenders
or all depository lenders should be exempted.
One commenter said that as an alternative to exempting community
banks from the firewall requirement, the Bureau could require all
financial institutions to provide the notice to all applicants,
regardless of whether information is firewalled.
Final Rule
For the reasons set forth herein, the Bureau is generally
finalizing the firewall requirement with additional clarifications in
the commentary regarding the definitions of ``involved in making any
determination concerning a covered application'' and ``should have
access,'' the scope of the firewall, determining feasibility, the
nature of the exception, and applying the exception to a specific
employee or officer or group of similarly situated employees or
officers. In addition, the Bureau has eliminated the requirement to use
specific language when providing the notice required to qualify for the
exception and, instead, has provided sample language for the notice.
This sample language appears in the sample data collection form at
appendix E. The Bureau has also revised the firewall provisions to
align with other changes to the final rule, such as the inclusion of
LGBTQI+-owned business status collected pursuant to final Sec.
1002.107(a)(18) as protected demographic information subject to the
firewall and the elimination of the requirement to collect certain
information via visual observation or surname.
Final Sec. 1002.108(b) states the general prohibition on access to
applicants' protected demographic information by certain persons. The
Bureau is finalizing Sec. 1002.108(b) and comments 108(b)-1 and
108(b)-2 with changes for clarity and consistency with other portions
of the final rule. Specifically, Sec. 1002.108(b) has been revised to
include LGBTQI+-owned business status, and cross-references have been
updated to reflect changes elsewhere in the final rule. Final Sec.
1002.108(b) states that unless the exception under final Sec.
1002.108(c) applies, an employee or officer of a covered financial
institution or a covered financial institution's affiliate shall not
have access to an applicant's responses to inquiries that the financial
institution makes pursuant to this subpart regarding whether the
applicant is a minority-owned business, a women-owned business, or an
LGBTQI+-owned business under final Sec. 1002.107(a)(18), and regarding
the ethnicity, race, and sex of the applicant's principal owners under
final Sec. 1002.107(a)(19), if that employee or officer is involved in
making any determination concerning that applicant's covered
application. Comments 108(b)-1 and -2 have been re-ordered. Final
comment 108(b)-1 and final comment 108(b)-2 have been revised to
clarify the scope of the prohibition.
While many commenters said that the Bureau should eliminate the
firewall requirement, or should exempt certain covered financial
institutions or certain types of transactions from the firewall
requirement, the Bureau does not believe it is appropriate to abrogate
this statutory requirement through section 1071's general exception
authority beyond the exception provided in the statutory firewall
provision itself. Congress, which would have been aware of the HMDA
data collection regime (including its lack of a firewall) at the time
that section 1071 was enacted, specifically required that financial
institutions limit certain employees' and officers' access to
demographic information that financial institutions request from
applicants in order to comply with section 1071. While Congress allowed
an exception to the general requirement to establish and maintain a
firewall in certain circumstances (i.e., when the financial institution
determined that an employee or officer should have access to the
demographic information and a firewall would not be feasible), the
language of the statute suggests that Congress did not intend for the
Bureau to eliminate the prohibition on access more broadly.
Furthermore, Congress only authorized the Bureau to create exceptions
to the requirements in section 1071 where necessary or appropriate to
carry out section 1071's purposes. The Bureau does not believe that
eliminating the firewall is necessary or appropriate to carry out
section 1071's purposes.
Moreover, the Bureau believes that it has separately addressed many
of the concerns about the ability of smaller institutions and
institutions with limited staff to implement a firewall in other
sections of the final rule. In particular, the Bureau has increased the
origination threshold for coverage in Sec. 1002.105(b). As a result,
many smaller institutions and institutions with limited staff will not
be subject to any provisions of the final rule, including the firewall
requirement.
Because the requirement to collect certain information via visual
observation or surname is not included in final Sec. 1002.107(a)(19),
it is not necessary to address the comments about the applicability of
the firewall requirements to information collected via those methods.
The Bureau has accordingly removed references to collecting information
via visual observation or surname from final comments 108(a)-2.i and
108(b)-2.ii. Similarly, because HMDA reportable loans are excluded
transactions pursuant to final Sec. 1002.104(b)(2), it is not
necessary to address comments asking for guidance on how to apply the
firewall requirement if a loan is subject to both HMDA and this final
rule.
Regarding comments that the Bureau establish a platform or system
that applicants can use to report demographic data directly to the
Bureau, thereby eliminating the need for institutions to implement a
firewall, in line with its discussion of this issue in the section-by-
section analysis of Sec. 1002.107(a)(19), the Bureau does not
[[Page 35397]]
intend to create such a system at this time but is open to engaging
further with stakeholders on alternative approaches for how financial
institutions might collect and report protected demographic
information.
Final Sec. 1002.108(a) provides certain relevant definitions,
including the definition of the phrase ``involved in making any
determination concerning a covered application from a small business.''
Generally, the Bureau is finalizing the definition of the phrase
``involved in making any determination concerning a covered
application'' in Sec. 1002.108(a)(1) with revisions for clarity. The
Bureau also is revising comment 108(a)-1 to provide additional clarity
that the covered application must be from a small business and to
provide clarity and examples regarding which employees and officers are
subject to the prohibition set out in final Sec. 1002.108(b) and which
employees and officers are not subject to the prohibition. In response
to the comments, the Bureau has clarified that certain activities do
not constitute being involved in making a determination concerning a
covered application from a small business and that other activities do
constitute being involved in making such determinations.
While the Bureau recognizes that the ``involved in making any
determination concerning an application for credit'' standard that
Congress created in the statute is broad, the Bureau does not believe
that the standard in final Sec. 1002.108(a)(1), as further explained
in the commentary, is unduly vague or subjective, as asserted by some
commenters.
As explained in final comment 108(a)-1.i, an employee or officer is
involved in making a determination concerning a covered application
from a small business for purposes of final Sec. 1002.108 if the
employee or officer makes, or otherwise participates in, a decision
regarding the evaluation of a covered application or the
creditworthiness of a small business applicant for a covered credit
transaction. Final comment 108(a)-1.i also explains that the decision
that an employee or officer makes or participates in must be about a
specific covered application or about the creditworthiness of a
specific applicant. Thus, activities undertaken prior to the submission
of a covered application do not constitute being involved in making a
determination about a covered application. Similarly, activities
undertaken after a financial institution has taken final action on a
covered application do not constitute making a determination regarding
a covered application. Furthermore, an employee or officer is not
involved in making a determination concerning a covered application if
the employee or officer is only involved in making a decision that
affects covered applications generally. Finally, the comment clarifies
that an employee or officer may be participating in a determination
even if the employee or officer is not the ultimate or sole decision
maker and provides examples.
Additionally, in response to comments requesting further
clarification regarding the definition of the statutory phrase
``involved in making any determination concerning an application for
credit,'' the Bureau has added several examples to the list of the
types of activities in final comment 108(a)-1.ii that do not constitute
being involved in making a determination concerning a covered
application from a small business for purposes of Sec. 1002.108. The
Bureau has also added a list of examples in comment 108(a)-1.iii of the
types of activities that do constitute being involved in making a
determination concerning a covered application from a small business
for purposes of Sec. 1002.108.
Section 1002.108(c), which the Bureau is finalizing with updated
cross-references to reflect other changes in the rule, explains the
exception to the general prohibition set forth in final Sec.
1002.108(b). Final Sec. 1002.108(c) establishes an exception to the
prohibition in final Sec. 1002.108(b) and states that the prohibition
does not apply to an employee or officer if the financial institution
determines that it is not feasible to limit that employee's or
officer's access to an applicant's responses to the financial
institution's inquiries under final Sec. 1002.107(a)(18) or (19) and
the financial institution provides the notice required under final
Sec. 1002.108(d) to the applicant. It further provides that it is not
feasible to limit access as required pursuant to final Sec.
1002.108(b) if the financial institution determines that an employee or
officer involved in making any determination concerning a covered
application from a small business should have access to one or more
applicants' responses to the financial institution's inquiries under
final Sec. 1002.107(a)(18) or (19).
However, in response to comments (including comments requesting
clarification about how a financial institution should be permitted to
determine feasibility pursuant to the final rule) and to provide
additional clarity and guidance, the Bureau has divided proposed
comment 108(c)-1 into two comments and revised and supplemented both
comments. Specifically, the Bureau has added language in final comment
108(c)-1 to clarify that a financial institution is not required to
separately determine the feasibility of maintaining a firewall. A
determination that an employee or officer should have access means that
it is not feasible to maintain a firewall as to that particular
employee or officer, and the exception applies to that employee or
officer if the financial institution provides the notice required by
final Sec. 1002.108(d).
The comment also clarifies the nature of the exception (i.e., that
it applies on an individual employee or officer basis, not an
institution-wide basis). The comment states that the fact that a
financial institution has made a determination that an employee or
officer should have access does not mean that the financial institution
can permit other employees and officers who are involved in making
determinations concerning a covered application to have access to the
information collected pursuant to final Sec. 1002.107(a)(18) and (19).
A financial institution may only permit an employee or officer who is
involved in making a determination concerning a covered application to
have access to information collected pursuant to final Sec.
1002.107(a)(18) and (19) if it has determined that employee or officer
or a group of which the employee or officer is a member should have
access to the information.
The Bureau is not adopting one commenter's suggestion that the
Bureau permit a financial institution to determine that a firewall is
not feasible for a single employee and then allow all employees and
officers to have access to protected demographic information. As
explained above, the final rule clarifies that a financial institution
can permit an employee or officer who is involved in making a
determination concerning a covered applications from a small business
to access that small business's protected demographic information only
if the financial institution has determined that employee or officer
should have access (i.e., either individually or as part of a group).
This requirement is not intended to be a ``gotcha,'' as suggested by
the commenter, but rather a reasonable means of allowing a financial
institution to provide employees and officers to have access to
protected demographic information when such access may be necessary to
perform assigned job duties without allowing such information to be
widely accessible to those employees and officers who make
determinations concerning covered applications but do not need the
information to perform
[[Page 35398]]
their jobs. The sample data collection form at appendix E includes
sample language for the firewall notice, but the Bureau is not
requiring use of that specific language for the firewall notice.
Final comment 108(c)-2 addresses how a financial institution may
apply the exception to a specific employee or officer or a group of
similarly situated employees or officers. It clarifies that a financial
institution may determine that several employees and officers, all of a
group of similarly situated employees or officers, and multiple groups
of similarly situated employees or officers should have access to
information collected pursuant to Sec. 1002.107(a)(18) and (19). It
also provides examples. Final Sec. 1002.108(a)(2) defines the phrase
``should have access,'' which is used in Sec. 1002.108(c) and related
commentary. This phrase means that an employee or officer may need to
collect, see, consider, refer to, or otherwise use the information to
perform that employee's or officer's assigned job duties. However, in
response to comments, the Bureau has revised comment 108(a)-2 and added
a comment 108(a)-2.iii. The Bureau has also revised comment 108(a)-2 to
align with other changes finalized in the rule (i.e., the elimination
of requirements to collect information via visual observation or
surname and the inclusion of the LGBTQI+-business status in final Sec.
1002.107(a)(18)). These comments clarify how a financial institution
may determine who should have access.
Final comment 108(a)-2.i explains that a financial institution may
determine that an employee or officer who is involved in making a
determination concerning a covered application should have access to
protected demographic information if that employee or officer is
assigned one or more job duties that may require the employee or
officer to collect, see, consider, refer to, or use such information.
The employee or officer does not have to be required to collect, see,
consider, refer to, or use such information or to actually collect,
see, consider, refer to or use such information in order for the
financial institution to determine that the employee or officer should
have access. It is sufficient if the employee or officer might need to
do so to perform the employee's or officer's assigned job duties.
Final comment 108(a)-2.ii explains that a financial institution may
determine that all employees or officers with the same job description
or assigned duties should have access for purposes of final Sec.
1002.108. If a financial institution assigns one or more tasks that may
require access to one or more applicants' protected demographic
information to a particular job title, the financial institution may
determine that all employees and officers who share that job title
should have access for purposes of Sec. 1002.108.
Although the final rule does not provide a safe harbor for a
financial institution's determination to account for variations in
determining feasibility (i.e., determining which employees and officers
should have access) as two commenters requested, new comment 108(a)-
2.iii states that a financial institution is permitted to choose what
lawful factors it will consider when determining whether an employee or
officer should have access to protected demographic information. A
financial institution's determination that an employee or officer
should have access may take into account relevant operational factors
and lawful business practices. For example, a financial institution may
consider its size, the number of employees and officers within the
relevant line of business or at a particular branch or office location,
and/or the number of covered applications the financial institution has
received or expects to receive. Additionally, a financial institution
may consider its current or its reasonably anticipated staffing levels,
operations, systems, processes, policies, and procedures. A financial
institution is not required to hire additional staff, upgrade its
systems, change its lending or operational processes, or revise its
policies or procedures for the sole purpose of determining who should
have access.
The Bureau believes this new comment makes clear that different
financial institutions may make different determinations regarding
which employees and officers should have access and that those
different determinations are permissible. Additionally, in response to
commenters' suggestions that determinations of feasibility should
satisfy the final rule if they are made in conformity with written
procedures, the Bureau notes that a financial institution may choose to
make its determinations regarding who should have access to protected
demographic information pursuant to written procedures, but is not
required to do so in order to have a determination satisfy the final
rule. Furthermore, in light of the flexibility provided in Sec.
1002.108, and because the firewall requirement was explicitly set forth
by Congress in section 1071, the Bureau does not believe that providing
further discretion in determining feasibility or adopting a safe
harbor, as suggested by some commenters, would be appropriate.
Final Sec. 1002.108(d) explains the requirement to provide a
notice in order to qualify for the exception. The Bureau is finalizing
Sec. 1002.108(d) and comments 108(d)-1 and -3 largely as proposed, and
has revised comment 108(d)-2 regarding the content of the notice. Final
Sec. 1002.108(d) has been revised to include LGBTQI+-owned business
status, and cross-references have been updated to reflect changes
elsewhere in the final rule. Specifically, final Sec. 1002.108(d)
states that in order to satisfy the exception set forth in final Sec.
1002.108(c), a financial institution shall provide a notice to each
applicant whose responses to inquiries for protected demographic
information will be accessed, informing the applicant that one or more
employees or officers involved in making determinations concerning the
covered application may have access to the applicant's responses to the
financial institution's inquiries regarding whether the applicant is a
minority-owned business, a women-owned business, or an LGBTQI+-owned
business, and regarding the ethnicity, race, and sex of the applicant's
principal owners. The financial institution shall provide the notice
required by final Sec. 1002.108(d) when making the inquiries required
under final Sec. 1002.107(a)(18) and (19) and together with the
notices required pursuant to Sec. 1002.107(a)(18) and (19).
Final comment 108(d)-1, which includes minor revisions for clarity,
explains that if a financial institution determines that one or more
employees or officers should have access pursuant to Sec. 1002.108(c),
the financial institution must provide the required notice to, at a
minimum, the applicant or applicants whose responses will be accessed
by an employee or officer involved in making determinations concerning
the applicant's or applicants' covered applications. Alternatively, a
financial institution may also provide the required notice to
applicants whose responses will not or might not be accessed. For
example, a financial institution could provide the notice to all
applicants for covered credit transactions or all applicants for a
specific type of product.
Final comment 108(d)-3, which includes minor revisions to align
with changes made elsewhere in the final rule, explains the timing for
providing the notice. Generally, the financial institution must provide
the notice required by Sec. 1002.108(d) prior to asking the applicant
if it is a minority-owned, women-owned, or LGBTQI+-owned business and
prior to asking for a
[[Page 35399]]
principal owner's ethnicity, race, or sex. Additionally, the notice
must be provided with the non-discrimination notices required pursuant
to Sec. 1002.107(a)(18) and (19).
While many commenters said that the Bureau should eliminate the
notice requirement or should exempt certain covered financial
institutions from the notice requirement, the Bureau does not believe
it is appropriate to eliminate this statutory requirement or to except
certain financial institutions from providing the notice if they are
relying on the exception to the firewall requirement. Congress
explicitly required that a financial institution provide a notice to an
applicant if the financial institution does not limit certain
employees' and officers' access to protected demographic information.
Congress also required that applicants be permitted to refuse to
provide the requested demographic information. Thus, an applicant
should be told that certain employees and officers may have access to
the protected demographic information so that the applicant can make an
informed decision of whether to exercise the applicant's statutory
right to refuse. The Bureau does not believe it would be appropriate to
allow some or all financial institutions to forego providing applicants
with the information they may need to determine whether to exercise
this statutory right. Although some commenters said that the notice may
undercut section 1071's purposes because the notice may cause
applicants to refuse to provide the requested demographic information,
the Bureau believes that Congress was aware of this potential result
when it provided applicants with the right to receive a notice and the
right to refuse to provide the requested information.
Additionally, other commenters undercut or contradicted the
reasoning put forth by commenters opposed to providing the notice. For
example, while a group of commenters opposed providing the notice based
on the belief that it would create competitive disadvantages or burdens
only for smaller institutions, other commenters said that larger
institutions would also likely provide the notice in lieu of
establishing and maintaining a firewall.\786\ Other commenters
supported allowing financial institutions to provide a notice in lieu
of establishing and maintaining a firewall, and one commenter said that
the notice was an important aspect of the proposed rule.
---------------------------------------------------------------------------
\786\ Aside from being speculative, such a competitive effect,
if it existed, would be a direct consequence of the statutory
mandate regarding the firewall: if the financial institution
determines that an employee or officer should have access to
protected demographic information, the notice must be provided.
---------------------------------------------------------------------------
Nonetheless, in order to address commenters' concerns about the
specific content proposed for the notice, the Bureau has revised
comment 108(d)-2. That comment reiterates that the notice must inform
the applicant that one or more employees and officers involved in
making determinations concerning the applicant's covered application
may have access to the applicant's responses regarding the applicant's
minority-owned business status, women-owned business status, LGBTQI+-
owned business status, and its principal owners' ethnicity, race, and
sex. However, the comment no longer prescribes language to be used for
the notice and, instead, directs financial institutions to the sample
data collection form included in the final rule for sample language
that a financial institution may opt to use when providing the
notice.\787\ Alternatively, a financial institution may opt to use
different language as long as the notice provides an applicant with the
statutorily required information (i.e., that one or more employees and
officers involved in making determinations regarding the applicant's
covered application may have access to the applicant's responses
regarding the applicant's minority-owned business status, women-owned
business status, LGBTQI+-owned business status, and its principal
owners' ethnicity, race, and sex). Final comment 108(d)-2 also notes,
for clarity, that if a financial institution establishes and maintains
a firewall and chooses to use the sample data collection form, it may
delete the sample language for the firewall notice from the form
because employees and officers involved in making determinations
concerning applicants' covered applications will not have access to the
applicants' responses to inquiries for protected demographic
information.
---------------------------------------------------------------------------
\787\ Regarding the comment that the Bureau should develop and
provide the notice in Spanish as well as English when it publishes
the final rule and add other translations over time, the Bureau
notes that it will be translating the sample data collection form in
appendix E (including the sample language for the notice on the
form) into several languages. See also the discussion regarding
compliance and technical assistance at the end of part I above.
---------------------------------------------------------------------------
Section 1002.109 Reporting of Data to the Bureau
Final Sec. 1002.109 addresses several aspects of financial
institutions' obligations to report small business lending data to the
Bureau. First, Sec. 1002.109(a) requires data to be collected on a
calendar year basis and reported to the Bureau by June 1 of the
following year, and addresses several related issues. Second, Sec.
1002.109(b) details the information that financial institutions must
provide about themselves when reporting data to the Bureau. Finally,
Sec. 1002.109(c) addresses technical instructions for submitting data
to the Bureau.
The Bureau is finalizing Sec. 1002.109 to implement ECOA section
704B(f)(1) and pursuant to its authority under 704B(g)(1) to prescribe
such rules and issue such guidance as may be necessary to carry out,
enforce, and compile data pursuant to section 1071. The Bureau is also
finalizing Sec. 1002.109(b) pursuant to 704B(e)(2)(H), which requires
financial institutions to compile and maintain as part of their data
any additional data that the Bureau determines would aid in fulfilling
the purposes of section 1071.
Details regarding each aspect of final Sec. 1002.109, including a
discussion of what the Bureau proposed and comments received, are
provided in the section-by-section analyses that follow.
109(a) Reporting to the Bureau
109(a)(1) Annual Reporting
Proposed Rule
ECOA section 704B(f)(1) provides that ``[t]he data required to be
compiled and maintained under [section 1071] by any financial
institution shall be submitted annually to the Bureau.''
Proposed Sec. 1002.109(a)(1)(i) would have required that by June 1
following the calendar year for which data are collected and maintained
as required by proposed Sec. 1002.107, a covered financial institution
shall submit its small business lending application register in the
format prescribed by the Bureau. This approach to reporting frequency
and reporting period is consistent with the annual submission schedule
specified in the statute. The Bureau sought comment on this aspect of
the proposal, and how best to implement it in a manner that minimizes
cost and burden to small financial institutions.
Proposed Sec. 1002.109(a)(1)(ii) would have required that an
authorized representative of the covered financial institution with
knowledge of the data submitted certify to the accuracy and
completeness of data submitted pursuant to proposed Sec. 1002.109(a).
A similar provision exists in Regulation C (Sec. 1003.5(a)(i)), and
the Bureau believed it appropriate to adopt a similar requirement here
as well. Based on the Bureau's experience with HMDA and Regulation C,
the Bureau believed that
[[Page 35400]]
having a specific person responsible for certifying to the accuracy and
completeness of data is likely to lead to financial institutions
providing better quality data.
Proposed Sec. 1002.109(a)(1)(iii) would have clarified that when
the last day for submission of data prescribed under proposed Sec.
1002.109(a)(1) falls on a date that is not a business day, a submission
is considered timely if it is submitted no later than the next business
day.
The Bureau sought comment on its proposed approach to the aspects
of reporting addressed in proposed Sec. 1002.109(a), including that
the reporting frequency be annual, that the reporting period be the
calendar year, and that the submission date be June 1 of the next
calendar year. In particular, the Bureau sought comment with respect to
proposed Sec. 1002.109(a)(1)(i) on whether requiring the submission of
small business lending application registers by June 1 might give rise
to complications for any persons or entities relying on data from the
registers for other purposes, such as Federal regulators scheduling
examinations.
Comments Received
In response to proposed Sec. 1002.109(a)(1)(i), the Bureau
received comments from lenders, trade associations, community groups,
and others. Commenters discussed the reporting deadline of June 1, the
calendar year reporting period, and the annual reporting frequency.
Several commenters supported the Bureau's reporting frequency and
period, as well as the reporting deadline of June 1. One bank urged the
Bureau to permit reporting as early as March 1 for institutions who
wished to do so. A few community groups and a CDFI lender supported the
reporting frequency and period, but only supported the proposed
deadline of June 1 contingent upon the Bureau's timely publication of
the data later on in the year.
Some commenters supported the reporting frequency and period but
did not support the reporting deadline. Of this group of commenters,
one trade association urged the Bureau against aligning the section
1071 reporting deadline with the HMDA reporting deadline of March 1,
citing a strain on resources. A trade association and a bank supported
annual reporting but requested a later deadline. Finally, two trade
associations requested the Bureau to permit ongoing reporting alongside
annual reporting. Both of these commenters suggested the Bureau create
a portal or centralized system where banks could input data as it is
received. Both commenters mentioned the burden that would come along
with maintaining a database internally, as well as concerns about
system maintenance, cost, and risk. One of those trade associations
also described an alternative whereby the Bureau could provide a link
where small business loan applicants could input their own data or opt
out of sharing their data altogether.
One bank did not support any aspect of proposed Sec.
1002.109(a)(1)(i). This bank argued that adding another reporting
regime, in addition to HMDA and CRA, would add significant burden to
their staff, both at the loan origination stage and at the reporting
stage. It also argued that having a mid-year reporting deadline would
tie up critical compliance resources and would require them to spend
one quarter of the year on reporting requirements.
Two trade associations touched on quarterly reporting. The first
commented that large banks (for CRA purposes) should be required to
provide their data within 30 days of a request to do so. They argued
that if the Bureau absolves lenders of the requirement to respond to
individual requests, then data should be reported quarterly. The second
commented that the frequency of reporting that financial and regulatory
agencies expect to receive is quarterly (Call Reports). They also
stated that non-regulated lenders, CDFIs and other similar providers
should be required to report no less than semi-annually.
Many commenters did not support the June 1 reporting deadline and
the calendar year reporting period in particular. A lender and a
business advocacy group urged the Bureau to adopt a reporting deadline
of July 1 instead of June 1 to provide more time between HMDA reporting
and section 1071 reporting. The business advocacy group stated that for
institutions who report HMDA data quarterly, 60 days after quarter end,
a deadline of June 1 would leave no separation between reporting
requirements. A cross-sector group of lenders, community groups, and
small business advocates urged the Bureau to adopt a May 1 to April 30
reporting period with a reporting deadline in July, citing that
staggering reporting periods would ease regulatory burden for lenders
who also report HMDA data. A joint letter from community groups
suggested a reporting period of July 1 to June 30, citing that covered
lenders would benefit by having six months to prepare before data
collection begins.
Several banks requested the reporting deadline be no earlier than
June 30 so that there would be more time to perform data integrity
reviews for those lenders that are HMDA and/or CRA reporters. Several
commenters requested, as a general matter, that reporting-related
changes be effective January 1 rather than midyear.
Finally, several lenders urged the Bureau to coordinate section
1071 reporting with CDFI Fund reporting. They argued that CDFIs are
required to report for a three-year period through the CDFI Fund's
Transaction Level Reporting data points that are well beyond the scope
of section 1071. They also suggested that the Bureau standardize data
formats to match those used in CDFI Fund reporting, and to coordinate
across agencies in order to streamline data collection and reporting
requirements. This, they argue, would minimize the burden on CDFIs.
The Bureau did not receive any comments in response to proposed
Sec. 1002.109(a)(1)(ii) and (iii).
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.109(a)(1)(i) and (ii) as proposed, and finalizing Sec.
1002.109(a)(1)(iii) with a revision for clarity. Specifically, under
final Sec. 1002.109(a)(1)(i), on or before June 1 following the
calendar year for which data are compiled and maintained as required by
Sec. 1002.107, a covered financial institution shall submit its small
business lending application register in the format prescribed by the
Bureau. While several commenters advocated for more frequent reporting,
the Bureau believes that its approach is consistent with the annual
submission schedule specified in the statute. The Bureau is not
permitting financial institutions to submit their data on a real-time
basis or ongoing basis, as this approach could result in financial
institutions treating the Bureau as their official recordkeeper for
their data.\788\ Regarding the comments supporting a June 1 submission
date, contingent on rapid publication of data soon after, the Bureau
addresses such comments in the section-by-section analyses of Sec.
1002.110(a) and (b), and the privacy section in part VIII. While some
commenters requested that financial institutions have the ability to
submit data as early as March 1, the Bureau intends to make it possible
for financial institutions to report as early as possible before June 1
each year once the small
[[Page 35401]]
business lending data reporting platform is established.
---------------------------------------------------------------------------
\788\ With respect to comment that it should build an online
platform to receive data from applicants on a real-time basis, the
Bureau does not, at this time, intend to take this step, in line
with its analysis of demographic data submission in the section-by-
section analysis of Sec. 1002.107(a)(19).
---------------------------------------------------------------------------
While some commenters suggested alternate reporting periods, the
Bureau believes there are advantages to having data collected and
reported on a calendar year basis. Calendar year reporting may
facilitate other aspects of the rule that depend on data that is
typically recorded on a calendar year basis. For instance, other parts
of the rule look to annual data, such as Sec. 1002.105(b), which would
use a financial institution's loan volumes over the prior two calendar
years to determine whether it is a covered financial institution.
Further, the Bureau understands that financial institutions would
generally prefer to have such data collections occur on a calendar year
basis because such an approach would be generally consistent with their
operations. An annual reporting period other than the calendar year--
such as July 1 to June 30--could result in additional challenges for
financial institutions in complying with the rule, which could in turn
increase the probability of errors in collecting and reporting data to
the Bureau.\789\
---------------------------------------------------------------------------
\789\ Regarding concerns that a January 1 collection date would
be too soon after the publication of the rule, the Bureau addresses
all concerns about the amount of time lenders have to comply with
this rule in the section-by-section analysis of Sec. 1002.114(b).
---------------------------------------------------------------------------
Regarding submission date, several commenters requested alternate
deadlines such as March 1 or July 1. However, the Bureau believes that
a June 1 submission deadline gives the compliance staff of financial
institutions, especially smaller institutions, adequate time and
resources to dedicate to preparing a small business lending application
register, after meeting other reporting obligations earlier in the
year, such as under HMDA or CRA. This remains true even though the
final rule excludes all HMDA-reportable loans and even though the
Federal prudential regulators have proposed amendments to the CRA rules
that would use small business and small farm data from this rule. Many
institutions will still have March deadlines for their HMDA and CRA
reporting obligations unrelated to small business lending, and the
Bureau believes a later deadline for reporting data collected under
this final rule remains appropriate. Financial institutions with
quarterly HMDA filing deadlines generally handle a high volume of
mortgage loan originations and are more likely to have sufficient
resources to cope with a June 1 deadline for this rule (and, indeed,
any filing deadline set by the Bureau would be within 60 days of a
quarterly HMDA filing deadline).
Final Sec. 1002.109(a)(1)(ii) specifies that an authorized
representative of the covered financial institution with knowledge of
the data shall certify to the accuracy and completeness of the data
reported pursuant to Sec. 1002.109(a)(1)(i). The Bureau has modified
final Sec. 1002.109(a)(1)(iii) for clarity; it now provides that when
June 1 falls on a Saturday or Sunday, a submission shall be considered
timely if it is submitted on the next succeeding Monday.
109(a)(2) Reporting by Subsidiaries
Proposed Rule
ECOA section 704B(f)(1) states that ``any'' financial institution
obligated to report data to the Bureau must do so annually; the statute
does not expressly address financial institutions that are themselves
subsidiaries of other financial institutions.
Proposed Sec. 1002.109(a)(2) would have stated that a covered
financial institution that is a subsidiary of another covered financial
institution shall complete a separate small business lending
application register. The proposal would have provided that a
subsidiary shall submit its small business lending application
register, directly or through its parent, to the Bureau. Proposed
comment 109(a)(2)-1 would have explained that a covered financial
institution is considered a subsidiary of another covered financial
institution for purposes of reporting data pursuant to proposed Sec.
1002.109 if more than 50 percent of the ownership or control of the
first covered financial institution is held by the second covered
financial institution. This proposed provision would have mirrored one
that exists for HMDA reporting under Regulation C in Sec.
1003.5(a)(2). The Bureau believed that the proposed provision would
facilitate compliance by permitting parent financial institutions to
coordinate the reporting of all their subsidiaries' small business
lending data together.
The Bureau sought comment on this aspect of its proposal.
Additionally, the Bureau sought comment on proposed Sec.
1002.109(a)(2) in light of proposed Sec. 1002.105(b), which would have
defined a covered financial institution as a financial institution that
originated at least 25 covered credit transactions for small businesses
in each of the two preceding calendar years. The Bureau sought comment
on whether this provision may risk creating ambiguity with respect to
compliance and whether additional safeguards may be required to
dissuade financial institutions from creating subsidiaries for the sole
purpose of avoiding the collection and reporting of 1071 data. The
Bureau also sought comment on all other aspects of this proposal.
Comments Received
The Bureau received comments from a bank, a trade association, and
a community group on the proposed provision regarding reporting by
subsidiaries. The community group had no objections to the Bureau's
proposal. The bank recommended that the Bureau define subsidiary in
subpart B, stating that the term was used extensively in this proposed
provision and to dissuade financial institutions from creating
subsidiaries in order to avoid reporting data. The community group
recommended that the Bureau create safeguards against the possibility
that a lender will develop an ownership structure that will evade
reporting requirements, specifically that originations be counted at
the parent or holding company level for the purposes of determining
institutional coverage under Sec. 1002.105(b).
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.109(a)(2) and associated commentary as proposed. The Bureau
believes that this provision will help facilitate compliance through
consistency with an existing provision in a separate regulation
(Regulation C) familiar to many financial institutions and by also
permitting financial institutions to coordinate the reporting of all
their subsidiaries' small business lending data. The final rule
provides a definition of subsidiary in comment 109(a)(2)-1.
The Bureau does not believe it is necessary to add to the rule a
requirement to count originations at the parent or holding company
level for the purposes of determining whether a financial institution
has met the institutional coverage threshold. Final Sec. 1002.105(b)
defines a covered financial institution as a financial institution that
originated at least 100 covered credit transactions for small
businesses in each of the two preceding calendar years. The Bureau
believes that the process and costs of establishing a new charter to
avoid reporting data, along with other associated obligations in
forming a new legal entity, will generally dissuade lenders from
creating subsidiaries through whom to make small business loans
specifically for the purpose of avoiding coverage under this final
rule.
[[Page 35402]]
109(a)(3) Reporting Obligations Where Multiple Financial Institutions
Are Involved in a Covered Credit Transaction
Background
Section 1071's requirement to collect and report data for any
``application to a financial institution for credit'' could be read as
applying to more than one financial institution when an intermediary
provides an application to another institution that takes final action
on the application. It might also apply in cases where one application
is simultaneously sent to multiple financial institutions for review.
This broad reading may serve a useful function, such as comprehensive
reporting by all financial institutions involved in a small business
lending transaction, but could also generate duplicative compliance
costs for financial institutions and potentially detract from the
quality of reported data, increasing the risk that certain applications
are reported multiple times with potential inconsistencies.
During the SBREFA process, several small entity representatives
voiced support for aligning reporting requirements for financial
institutions that are not the lender of record with the approach taken
for HMDA reporting in the Bureau's Regulation C. Other small entity
representatives expressed concern in adopting the Bureau's approach in
Regulation C, noting the differences between small business and
residential mortgage loan products, and advocated for simpler
approaches.
SBREFA feedback from other stakeholders included support for a
HMDA-like approach when multiple lenders are involved in a transaction,
praising the Bureau's consistent approach and interest in limiting
duplicative information. However, several stakeholders advocated
against the HMDA approach, generally by proffering other ideas rather
than criticizing the rules or outcomes of the HMDA approach.
Alternative suggestions varied, but included suggesting that data
collection and reporting should be required only for the company most
closely interacting with the loan applicant; if a financial institution
receives a covered application, then the application should be subject
to reporting, regardless of outcome; the financial institution that
funded (or would have funded) the loan should be required to collect
and report; and the financial institution that conducts the
underwriting and determines whether the small business credit applicant
qualifies for credit using its underwriting criteria should be required
to report and collect.
Proposed Rule
Proposed Sec. 1002.109(a)(3) would have provided that only one
covered financial institution shall report each covered credit
transaction as an origination, and that if more than one financial
institution was involved in an origination, the financial institution
that made the final credit decision approving the application shall
report the loan as an origination, if the financial institution is a
covered financial institution.
Proposed Sec. 1002.109(a)(3) would have further provided that if
there was no origination, then any covered financial institution that
made a credit decision shall report the application. The Bureau
explained that under certain lending models, financial institutions may
not always be aware of whether another financial institution originated
a credit transaction. The Bureau believed that information on whether
there was an origination should generally be available, or that lending
models can be adjusted to provide this information at low cost.
Proposed comment 109(a)(3)-1 would have provided general guidance
on how to report originations and applications involving more than one
institution. In short, if more than one financial institution was
involved in the origination of a covered credit transaction, the
financial institution that made the final credit decision approving the
application would report the covered credit transaction as an
origination. Proposed comment 109(a)(3)-2 would have offered examples
illustrating how a financial institution should report a particular
application or originated covered credit transaction. Proposed comment
109(a)(3)-3 would have explained that if a covered financial
institution made a credit decision on a covered application through the
actions of an agent, the financial institution reports the application,
and provided an example. State law determines whether one party is the
agent of another. While these proposed comments assumed that all of the
parties are covered financial institutions, the same principles and
examples would apply if any of the parties were not a covered financial
institution.
The Bureau sought comment on this aspect of its proposal. In
particular, the Bureau sought comment with respect to proposed Sec.
1002.109(a)(3) on whether, particularly in the case of applications
that a financial institution is treating as withdrawn or denied, the
financial institution can ascertain if a covered credit transaction was
originated by another financial institution without logistical
difficulty or significant compliance cost.
Comments Received
The Bureau received comments on this aspect of the proposal from a
range of stakeholders, including lenders, trade associations, and
community groups.
Several commenters, including trade associations and a community
group, expressed general support for the Bureau's proposed approach,
stating that it would help avoid duplicative reporting, the originating
lender is best positioned to obtain the necessary information from the
borrower, and the approach will increase the accuracy of the reported
data, especially in an increasingly complex lending market. In
addition, two credit union trade associations said that the proposal
takes the correct approach for loan participation arrangements. Another
trade association said that, to ensure simplicity, the Bureau should
make the rule identical to Regulation C.
Conversely, several other industry commenters asserted that the
proposal may be too complex or not feasible. A bank requested that the
Bureau consider different reporting rules in cases where coordination
among financial institutions is not feasible. A trade association
stated that financial institutions are not aware of credit extensions
made by competitors and are prohibited from sharing nonpublic
personally identifiable information, including the existence of an
account, with other financial institutions. This commenter pointed out
that in indirect financing, the loan might be offered to multiple
parties, so several financial institutions might be in this position.
Similarly, a joint letter from several insurance premium finance
trade associations stated that insurance premium lenders generally do
not know whether an application was originated by another financial
institution, and it would be difficult, if not impossible to find out.
These commenters suggested a new exception where insurance premium
finance lenders are permitted to report data regarding any signed
premium finance agreement they receive and take action upon (without
requiring them to determine whether another lender originated the rare
premium finance loan that is not approved and funded).
A joint letter from community and business advocacy groups argued
that the proposal does not address the complexity of modern online
lending. These commenters stated that online
[[Page 35403]]
lenders often ``rent a charter'' to evade the limitations of State
lending laws, the terms of these partnerships are often unknown, but
under the proposal only one party would report the data without it
being clear which one. They further noted that the final credit
decision might be made by a digital algorithm but then approved by the
depository institution. In addition, two credit union trade
associations expressed uncertainty regarding who is responsible for
errors or noncompliance--that is, credit union service organizations or
the member credit union.
A joint letter from two motor vehicle dealer trade associations
requested clarification on the rule's application, stating their belief
that for indirect auto lending, the responsible party would typically
be the indirect lender that advances funds, not the motor vehicle
dealer. They further asserted that the dealer typically is identified
on the credit contract as the seller-creditor even though the indirect
lender as assignee-creditor performs the underwriting, funding, and
servicing functions and determines whether, and on what terms, it will
agree to take assignment of the credit contract. They argued that when
an origination occurs, the lender taking assignment of the credit
contract should be the entity responsible for compliance with section
1071, and that when an origination does not occur, then reporting
responsibility should rest with the lender that conducted underwriting
and determined that they would not take assignment of the credit
contract.
A financial services trade association characterized the
transaction differently, explaining that indirect vehicle finance
transactions involve two separate, but related transactions. The
commenter stated that a customer purchases a car from a motor vehicle
dealer and executes a retail installment sales contract that finances
the purchase price and any other products the customer elects to
purchase. The dealer is the original creditor and negotiates the
financing terms with the customer. Separately, the dealer communicates
with one or more other financial institutions to determine which one
will purchase the completed contract and at what terms. As purchaser of
the credit contract, the financial institution takes assignment of the
contract and begins servicing the contract until it is paid in full.
In addition, two trade associations pointed to Board regulations
implementing ECOA and argued that the dealer would be prohibited under
the law from asking the business owner for protected demographic
information.
Some commenters expressed uncertainty regarding the Bureau's use of
the term ``final credit decision'' in the proposal. Two commenters
asserted that it was unclear which lender makes the final credit
decision in situations where two lenders are required to make a credit
decision to approve an application. A number of certified development
companies, their trade association, and other lenders provided the
example of the SBA's 504 Development Company Loan Program, which
requires loans to be financed by both a certified development company
and a private lender, asking who reports in such cases.
Several farm credit institutions and a trade association requested
that the Bureau clarify that its rule does not apply to credit
decisions made after loan approval. The commenters explained that farm
credit institutions are required to make an independent judgment on the
creditworthiness of the borrower, even in secondary market
transactions, so it would be helpful to make clear that those judgments
are not subject to data collection and reporting obligations. In
addition, a group of trade associations requested that the rule text
should more closely match the text in proposed comment 109(a)(3)-1.ii,
saying that otherwise it could be misinterpreted to mean that as long
as one institution reports its decision, then others need not do so.
A law firm commented that the Bureau should clarify that third-
party review, even if for the purposes of telling the creditor that the
third party will only purchase the post-origination loan under certain
conditions, does not mean that the third party/potential purchaser made
the final credit decision. The commenter explained that in these types
of ``forward flow'' transactions, the third party does not originate
the credit nor does it have any particular interest in whether the
creditor approves and originates the transaction.
A group of trade associations stated that in the case of withdrawn
applications, it would be impractical and burdensome for a financial
institution to determine whether an applicant received credit
elsewhere.
Commenters offered some alternative suggestions. Two industry
commenters stated that if a loan is originated, only the creditor to
whom the obligation is initially payable should be required to collect
and report data. When there is no origination, only the institution
that initially received the application should be required to collect
and report data. These commenters asserted that this was a simpler
approach, and the originating creditor is in the best position to
collect and report all of the required data points.
A joint letter from community and business advocacy groups stated
that the Bureau should assign reporting responsibility to the financial
institution that has the predominant economic interest in and bears the
predominant risk of a loan (or that would have had such an interest had
the loan been consummated). These groups further asserted that it is
important in online lenders' ``rent a charter'' arrangements for the
Bureau to collect data on both the identity of the online lender and
the depository institution because they are both ECOA creditors, but at
a minimum the Bureau should collect data on the party that bears the
bulk of the risk.
Another commenter stated that the Bureau should consider adding a
non-unique (i.e., shared across institutions) loan identifier that
would allow matching of loans reported by multiple institutions (e.g.,
a new data point). The commenter asserted that this would allow data
users to match loans reported by multiple financial institutions and
obviate the need to have such reporting rules.
Comments addressing partial interests and participation loans are
discussed in the section-by-section analysis of Sec. 1002.104(b).
Moreover, several farm credit institutions urged the Bureau to clarify
that in the syndicated loan context, the administrative agent is the
sole lender with responsibility under the rule. Commenters explained
that syndicated loans differ from participations in that multiple
lenders enter into a contractual relationship with the borrower, but
there is typically an administrative agent, which is primarily
responsible for interacting with the applicant or borrower. A farm
credit institution noted that the proposal's ambiguity with respect to
syndicated loan reporting would create inaccuracies in reported
information.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.109(a)(3) with modifications. Final Sec. 1002.109(a)(3) states
the general rule that each covered financial institution shall report
the action that it takes on a covered application. Where it is
necessary for more than one financial institution to make a credit
decision in order to approve the covered credit transaction, however,
only the last covered financial institution with authority to set the
material terms of the covered credit transaction shall report
[[Page 35404]]
the application. In addition, financial institutions report the actions
of their agents.
Final comment 109(a)(3)-1 provides general guidance on how to
report applications involving more than one institution. Final comment
109(a)(3)-2 provides a variety of examples to illustrate which
financial institution reports a particular application when multiple
financial institutions are involved in a covered credit transaction and
how such applications are reported.
The Bureau has revised language in proposed Sec. 1002.109(a)(3)
that discussed outcomes ``if more than one financial institution was
involved in an origination'' both for clarity, and to avoid complexity,
logistical challenges, and potential data accuracy issues. Initially,
final Sec. 1002.109(a)(3) provides that each covered financial
institution shall report the action that it takes on a covered
application. Final comment 109(a)(3)-1.ii sets forth the various
actions that a financial institution may take on a covered application.
Certain of the examples in final comment Sec. 1002.109(a)(3)-2
illustrate credit transactions that involve a single financial
institution with responsibility for making a credit decision on a
covered application. Those examples make clear that where a financial
institution is only passively involved in a covered credit transaction
or is only involved after the time of origination (for example, to
purchase the loan), it has not taken action on the covered application
and so does not report. For example, the Bureau understands that a non-
originating financial institution may be ``involved'' with a covered
credit transaction after closing (for example, if it purchases the
covered credit transaction); however, such post-closing transactions
(with the exception of applications for line increases) are generally
not covered by the final rule. The Bureau further notes that whether an
entity meets the definition of ``creditor'' under ECOA and Regulation B
is not determinative of who reports under this rule.
Despite the general rule that all financial institutions shall
report action taken on a covered application, final Sec. 1002.9(a)(3)
and final comment 109(a)(3)-1.i provide that where it is necessary for
more than one financial institution to make a credit decision in order
to approve the covered credit transaction, only the last financial
institution with authority to set the material terms of the covered
credit transaction is required to report. Setting the material terms of
the covered credit transaction includes, for example, selecting among
competing offers or modifying pricing information, amount approved or
originated, or repayment duration. The fact that it is necessary for
more than one financial institution to make a credit decision in order
to approve the covered credit transaction does not mean that there was
an actual approval or origination of the covered application. Rather,
and in contrast to the passive conduit scenario described above, this
provision applies when a financial institution would not originate a
covered credit transaction unless it was approved by at least one other
financial institution prior to closing.
The changes to Sec. 1002.109(a)(3) are intended to address
commenters' concerns that the NPRM approach was too complex or
infeasible. Many of these commenters stated that it would be difficult
for a financial institution to know if a loan was originated by another
financial institution. Unlike the NPRM approach, final Sec.
1002.109(a)(3) is not limited to requiring only one financial
institution to report an origination. Final Sec. 1002.109(a)(3) states
that where it is necessary for more than one financial institution to
make a credit decision to approve the covered credit transaction, only
the last covered financial institution with authority to set the
material terms of the covered credit transaction is required to report
the application (i.e., whether or not it was originated). In making
this change, the Bureau seeks to avoid duplicative reporting in more
than just cases of originated transactions; it seeks to clarify that
only one financial institution is required to report on the
application, no matter the action taken.
While the Bureau recognizes there may be some benefit in having
multiple financial institutions reporting the same application, there
are logistical challenges and potential data accuracy issues that could
result from reporting by multiple financial institutions. For example,
the Bureau understands that in some typical indirect lending
situations, one application may be transmitted to several financial
institutions to determine interest in purchasing an originated
transaction, and requiring reporting from each of these financial
institutions (even if the small business applicant is not aware of
their involvement or the action taken by these institutions) would
significantly increase reporting volumes for these types of
transactions. Moreover, in this example, while this approach means a
lack of visibility into purchase offers and an inability to compare
them to the resulting credit contract, the Bureau believes that
reporting of such data could undermine data quality and would provide
only limited additional benefits where the purchase decisions are later
accepted, declined, or altered by a different financial institution
that ultimately presents (or does not present) a credit offer to the
applicant. Thus, the Bureau believes data quality, along with the
purposes of section 1071, will be better served if the financial
institution with the last authority for setting the material terms of
the covered transaction is the reporter.\790\
---------------------------------------------------------------------------
\790\ If the financial institution with last authority for
setting the material terms of the covered credit transaction is not
a covered financial institution, whether due to a statutory
exemption (such as the one for motor vehicle dealers in section
1029) or other reasons, then the application is not reported under
this rule.
---------------------------------------------------------------------------
Final comment 109(a)(3)-1.i emphasizes that the determinative
factor is not which financial institution actually made the last-in-
time credit decision, but rather which financial institution had last
authority for setting the material terms of the covered credit
transaction, even if it did not actually exercise this authority in a
particular case. For example, a financial institution that has the
authority to modify the total loan amount prior to origination has the
last authority for setting the terms of the covered credit transaction,
even if it makes no changes to the total loan amount. The Bureau is
adopting a categorical, rather than a case-by-case rule, to enable
financial institutions to identify a reporting party at the outset of a
transaction. The Bureau believes that this will help eliminate
uncertainty and logistical challenges concerning which institution
reports, and thus provide a more straightforward and administrable
bright line.
This approach will also address requests for clarification from
commenters. For example, one commenter suggested that the Bureau
clarify that third-party review, even if for the purposes of telling
the creditor that the third party will only purchase the post-
origination loan under certain conditions, does not mean that third
party/potential purchaser made the final credit decision. The Bureau
believes that final comment 109(a)(3)-2.vii addresses this scenario,
illustrating that where another financial institution has ultimate
authority for setting the material terms of the covered credit
transaction, the third party/potential purchaser does not report. In
finalizing this approach, the Bureau is also removing the phrase
``final credit decision'' from Sec. 1002.109(a)(3) because the phrase
appears to have caused confusion and is not necessary to convey the
Bureau's intentions regarding which financial institution is
[[Page 35405]]
required to report under various circumstances.
In addition, final comment 109(a)(3)-1.iii clarifies reporting
obligations in circumstances where it is necessary for more than one
financial institution to make a credit decision in order to approve a
single covered credit transaction and where more than one financial
institution denies the application or otherwise does not approve the
application. In this circumstance, the reporting financial institution
(the last financial institution with authority to set the material
terms of the covered credit transaction) shall have a consistent
procedure for determining how it reports inconsistent or differing data
points for purposes of subpart B, such as reporting the denial
reason(s) from the first financial institution that denied the covered
application.
The Bureau believes that the revisions to Sec. 1002.109(a)(3) and
associated commentary will help ensure clarity and consistency from the
outset regarding which entity has reporting responsibility in a variety
of fact patterns involving multiple financial institutions. In
addition, the Bureau believes that this approach advances section
1071's purposes by reducing logistical challenges and potential data
accuracy issues resulting from reporting by multiple financial
institutions on the same application.
In response to commenters who urged consistency with HMDA, the
Bureau notes that it initially sought alignment with Regulation C given
its understanding of how well the approach has worked in the
residential mortgage context and the similarities that exist with
various indirect lending scenarios in the small business lending
context. While the Bureau's approach in final Sec. 1002.109(a)(3) in
many situations is consistent with Regulation C outcomes, it deviates
in some ways because, unlike Regulation C, this final rule does not
cover purchase transactions. In addition, the Bureau believes that
commenters' concerns about alignment with HMDA are mitigated by the
Bureau's decision to exclude reporting of all HMDA-reportable
transactions, as set forth in final Sec. 1002.104(b)(2).
Unlike section 1071, HMDA expressly contemplates data collection
for loan purchases, and Regulation C thus requires financial
institutions to report purchases of covered loans.\791\ Moreover,
Regulation C commentary clarifies that if more than one institution
approved an application prior to closing or account opening and one of
those institutions purchased the loan after closing, the institution
that purchased the loan after closing reports the loan as an
origination.\792\ The preamble to the 2015 final HMDA rule explained
that requiring that only one institution report the origination of a
covered loan eliminates duplicative data.\793\ Identical language was
included in proposed comment 109(a)(3)-1.i.
---------------------------------------------------------------------------
\791\ See 12 U.S.C. 2803(a)(1) (stating that institutions
``shall compile and make available . . . the number and total dollar
amount of mortgage loans which were (A) originated (or for which the
institution received completed applications), or (B) purchased by
that institution''); Regulation C Sec. 1003.4(a) (stating that a
financial institution ``shall collect data regarding . . . covered
loans that it purchases for each calendar year'').
\792\ Regulation C comment 4(a)-2.i.
\793\ 80 FR 66128, 66173 (Oct. 28, 2015).
---------------------------------------------------------------------------
Upon further consideration, the Bureau believes that Regulation C's
approach involving a purchasing institution is incongruous with section
1071 requirements and thus the final rule adopts a different approach.
As described in the section-by-section analysis of Sec. 1002.104(b)
above, purchases of covered credit transactions are not, in themselves,
covered by the rule. Thus, the Bureau is removing language from
proposed comment 109(a)(3)-1.i that would have required reporting by a
purchasing financial institution that also approved an application
prior to closing or account opening, and is instead placing the
reporting obligation on the last covered financial institution with
authority to set the material terms of the covered credit transaction.
The Bureau believes that this approach is more broadly applicable to
the small business financing context (particularly since the Bureau is
excluding HMDA-reportable transactions) where there are some salient
differences to the mortgage lending context.
For example, while there may also be intermediaries in a mortgage
loan transaction, an intermediary typically does not have the
discretion and authority to materially deviate from the terms expected
by a secondary-market purchaser. In some small business lending
contexts, even where a subsequent bona fide purchaser and holder in due
course of a covered credit transaction has been identified, an
intermediary may have the authority to sort through different purchase
offers, select one, and present it to the applicant. Such an
intermediary may also have the authority to change material terms of
the covered credit transaction prior to closing, such as modifying the
pricing terms, loan amount, or repayment duration. As the only party to
interact with the applicant prior to closing, the intermediary can be
the party with the most fair lending risk. The Bureau believes, given
section 1071's statutory purposes, this last financial institution with
the authority to set the terms of the small business's credit
obligation should be the one to report on an application.
Indirect auto lending transactions are a common example of
situations involving multiple financial institutions. It is common for
motor vehicle dealers to assess specific credit information about the
applicant, negotiate and set credit terms (such as the duration of the
transaction), negotiate and charge for add-on products, and include
loan pricing markups. Likewise, the dealer is typically the original
creditor, executing and setting the terms of a retail installment sales
contract with the customer, and then selling it to another financial
institution. Even if the motor vehicle dealer interacts with several
financial institutions to make a credit decision and originate a credit
transaction, the dealer is typically the last entity with authority to
set the material credit terms of the covered credit transaction. Final
comments 109(a)(3)-2.vii and viii provide examples of such scenarios.
In some cases, a financial institution's purchase of the retail
installment sales contract may not even occur until well after the
contract has been signed and the vehicle has been driven off the lot.
The fact that a contract may be conditioned on a financial
institution's purchase of the contract at a later time does not alter
the analysis. In these situations, often known as ``spot delivery,''
the applicant has met the underwriting and creditworthiness conditions
used by the motor vehicle dealer and has been approved. The fact that a
motor vehicle dealer has imposed other conditions on the execution of
the contract (i.e., a financial institution purchasing the contract)
that are outside of the applicant's control does not change the
conclusion. Once the contract has been signed and the terms of credit
set, there is no credit decision on a covered application by a
subsequent purchaser.
The Bureau recognizes that its rules generally do not apply to
motor vehicle dealers, as defined in section 1029(f)(2) of the Dodd-
Frank Act, that are predominantly engaged in the sale and servicing of
motor vehicles, the leasing and servicing of motor vehicles, or
both.\794\ This provision is codified in final Sec. 1002.101(a). The
Dodd-Frank Act also specifies that in general, ``nothing
[[Page 35406]]
in this title . . . shall be construed as modifying, limiting, or
superseding the operation of any provision of Federal law, or otherwise
affecting the authority of the Board of Governors . . . with respect to
a [motor vehicle dealer that is predominantly engaged in the sale and
servicing of motor vehicles, the leasing and servicing of motor
vehicles, or both].'' \795\ Thus, consistent with this provision, if
the motor vehicle dealer is the last financial institution with
authority to set the material credit terms of the covered credit
transaction, that application will not be reported under subpart B.
---------------------------------------------------------------------------
\794\ 12 U.S.C. 5519.
\795\ 12 U.S.C. 5519(c).
---------------------------------------------------------------------------
Relatedly, several commenters asserted that motor vehicle dealers
are prohibited by the Board's Regulation B from asking for protected
demographic information in order to furnish it to another financial
institution for reporting under the Bureau's rule. As noted above, the
Bureau believes that dealers are often the last entity with authority
to set the material credit terms of the covered credit transaction, and
so are generally unlikely to be collecting 1071 data on behalf of other
reporting financial institutions. But even in situations where the
dealer is acting as a mere conduit, and thus may be collecting
information on behalf of another financial institution, comment
5(a)(2)-3 to the Board's Regulation B states that persons such as loan
brokers and correspondents do not violate ECOA or Regulation B if they
collect information that they are otherwise prohibited from collecting,
where the purpose of collecting the information is to provide it to a
creditor that is subject to HMDA or another Federal or State statute or
regulation requiring data collection.\796\
---------------------------------------------------------------------------
\796\ This language aligns with comment 5(a)(2)-3 in the
Bureau's Regulation B, to which the Bureau is adding a reference to
subpart B for additional clarity.
---------------------------------------------------------------------------
The Bureau appreciates the range of potential alternatives raised
by commenters as to the entity that should be required to report data
when a covered credit transaction involves multiple financial
institutions, but is not implementing these alternative suggestions.
For the reasons described above, the Bureau believes that the last
financial institution with the authority to set the material terms of
the covered credit transaction should be the one to report.
The Bureau believes that the final rule is also consistent with
arrangements where an online lender partners with a bank and provides
further clarity regarding who reports when multiple financial
institutions are involved.
Commenters' concerns regarding reporting of insurance premium
financing transactions are rendered moot by the Bureau's exclusion of
such transactions from coverage under the rule. See the section-by-
section analysis of Sec. 1002.104(b)(3) for additional details.
Regarding farm credit institutions' request that the Bureau clarify
that the rule does not apply to credit decisions made after loan
approval, the Bureau has made clear in final Sec. 1002.109(a)(3) and
associated commentary that only the action taken on the application is
reportable.
Regarding partial purchase interests and participation loans, as
explained in the section-by-section analysis of Sec. 1002.104(b), the
Bureau has added commentary to clarify that a partial purchase of a
loan does not, in itself, generate an obligation for a covered
financial institution to report small business lending data. The Bureau
believes that applications for covered credit transactions will
generally be reported by one covered financial institution, i.e., the
financial institution that sold portions of the loan to other
participants. The examples provided in final comments 109(a)(3)-2.ix
and .x speak to such scenarios.
The Bureau further believes that the rule is consistent with loan
syndication arrangements where multiple lenders come together to fund a
large loan for a single borrower. Syndication is distinguishable from
loan participations. In participations, the contractual relationship
runs from the borrower to the lead bank and from the lead bank to the
participants. In syndications, the borrower signs a loan agreement with
multiple creditors, each of whom has a direct contractual relationship
with the borrower. Usually, each creditor in a syndicated loan
transaction receives its own promissory note from the borrower. In
fact, the Farm Credit Administration legally distinguishes between the
Farm Credit System's loan-making authority (which includes syndication
transactions) and its participation authority.\797\ The Bureau believes
that syndication is typically used for large commercial projects and a
limited number of reportable applications are likely to involve
syndicated loans. The Bureau also understands that typical syndication
arrangements have a syndicate agent/lead bank. If the lead bank has the
last authority to set the material terms of the covered credit
transaction, it has the reporting obligation.
---------------------------------------------------------------------------
\797\ See 69 FR 8407 (Feb. 24, 2004).
---------------------------------------------------------------------------
The Bureau also believes that the rule is consistent with lending
through Certified Development Companies (CDCs) for SBA loans. CDCs are
nonprofit organizations that are certified by, but independent of, the
SBA. SBA 504 loans involve two applications--one to a CDC and one to
another participating SBA lender. Generally, the transaction begins
with the applicant submitting an application to the CDC to obtain
approval for up to 40 percent of a project's costs. Once the
application is approved by the CDC, the applicant works with another
lender--typically a bank--to apply for the other portion of the
financing. The other lender's loan typically covers 50 percent of a
project's cost and is secured by a first lien, while the CDC's loan
covers up to 40 percent of the project's cost and is secured by a
second lien. The CDC loan is backed by a 100 percent SBA-guaranteed
debenture. The bank earns interest from the debenture, which it
receives semi-annually. The borrower contributes equity of at least 10
percent, sometimes up to 20 percent, of the project cost. The CDC and
the other lender separately underwrite the loan, and the terms and
conditions on the CDC and bank loans may differ. Because both the CDC
and the other lender make their own credit decisions on separate
covered applications, they are each responsible for reporting the
application covering their portion of the financing.
109(b) Financial Institution Identifying Information
As explained in the NPRM, beginning in 1989, Regulation C required
financial institutions reporting HMDA data to use a discrete
transmittal sheet to provide information on themselves separate from
the loan/application registers used to submit HMDA data.\798\ The 2015
HMDA final rule incorporated information previously submitted on the
transmittal sheet into the regulatory reporting requirements.\799\ The
FFIEC publishes information on financial institutions that report HMDA
data in
[[Page 35407]]
the HMDA Reporter Panel, which includes the required submission
information provided by financial institutions under Sec.
1003.5(a)(3), as well as other data derived from this information.\800\
---------------------------------------------------------------------------
\798\ See 54 FR 51356, 51361 (Dec. 15, 1989) (requiring
financial institutions to use the transmittal sheet and loan/
application register in appendix A).
\799\ 80 FR 66128, 66526 (Oct. 28, 2015) (deleting appendix A
and relocating its substantive requirements to Sec. 1003.5(a)(3)).
The information now required by Regulation C includes: (i) the
financial institution's name; (ii) the calendar year the data
submission covers; (iii) the name and contact information of a
person who may be contacted with questions about the institution's
submission; (iv) its appropriate Federal agency; (v) the total
number of entries contained in the submission; (vi) its Federal
taxpayer identification number; and (vii) its Legal Entity
Identifier (LEI).
\800\ See, e.g., Fed. Fin. Insts. Examination Council, HMDA
Public Panel, https://ffiec.cfpb.gov/documentation/2017/panel-data-fields/ (last visited Mar. 20, 2023).
---------------------------------------------------------------------------
The Bureau proposed to collect similar information regarding
financial institutions that report small business lending data.
Specifically, proposed Sec. 1002.109(b) would have required that a
financial institution provide the following information about itself as
part of its submission: (1) its name; (2) its headquarters address; (3)
the name and business contact information of a person who may be
contacted with questions about the financial institution's submission;
(4) its Federal prudential regulator, if applicable; (5) its Federal
taxpayer identification number; (6) its LEI; (7) its Research,
Statistics, Supervision, and Discount identification (RSSD ID) number,
if applicable; (8) its parent institution information, if applicable
(including the name, LEI, and RSSD ID number of its immediate parent
entity and top-holding parent entity, if applicable); (9) the type of
financial institution, chosen from a list provided; and (10) whether
the financial institution is voluntarily reporting data.
The Bureau sought comment on its approach to collecting information
on financial institutions, including each of the items listed in
proposed Sec. 1002.109(b)(1) through (10) as well as whether the
Bureau should require the reporting of any other information on
financial institutions. The Bureau did not receive any comments on the
requirement to provide financial institution identifying information
generally, although comments received regarding each of the items
listed in proposed Sec. 1002.109(b)(1) through (10), are discussed in
turn below. The Bureau also received comments discussing the benefits
and privacy risks of financial institution identifying information,
which are discussed in part VIII below.
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.109(b) with modifications to move examples regarding when to
report changed financial institution identifying information to new
comment 109(b)-1 to streamline and ensure uniformity in the guidance,
with revisions to Sec. 1002.109(b)(3) to clarify which contact
person's information must be provided, and to adjust the list provided
in comment 109(b)(9)-1 based on comments received.
The Bureau believes it is appropriate to require each of these
pieces of information regarding financial institutions reporting small
business lending data. As a practical matter, the Bureau anticipates
that this information will be provided by a financial institution when
it initially sets up an account with the Bureau's small business
lending data submission platform to allow it to file data as required
by the rule. Thus, this information will exist in the Bureau's data
submission system and will be updated by the financial institution as
needed.
The Bureau believes that collecting a financial institution's name
(as well as all the other identifying information in proposed Sec.
1002.109(b)) is necessary to carry out, enforce, and compile data under
section 1071, and will aid in fulfilling the purposes of section 1071.
For both of section 1071's statutory purposes, the identity of the
financial institution taking covered applications and originating
covered credit transactions is critical as it will (1) make fair
lending enforcement possible, and (2) make analyzing business and
community development needs of small businesses more effective.
With the possible exception of the LEI (in final Sec.
1002.109(b)(6) and (8)(ii) and (v)) in certain circumstances, the
Bureau believes that financial institutions already have all the
information that is required of them under final Sec. 1002.109(b), and
that being required to provide this information to the Bureau should
not pose any particular difficulties or costs on financial
institutions.
Paragraph 109(b)(1)
Proposed Sec. 1002.109(b)(1) would have required a financial
institution to provide its name. Regulation C (Sec. 1003.5(a)(3)(i))
requires financial institutions to provide their names when filing HMDA
data, and the Bureau believed that a similar requirement would have
been appropriate here.
The Bureau detailed several practical considerations for proposing
to require a financial institution to provide its name, including
identification for examination purposes and administration of the
Bureau's website for data submissions. Additionally, the Bureau noted
that it proposed in Sec. 1002.110(c) that financial institutions'
statutory obligation to make data available to any member of the
public, upon request, pursuant to ECOA section 704B(f)(2)(B) would have
been satisfied by the institutions' directing the public to the
Bureau's website for this information. Without the financial
institution's name (and other relevant identifying information),
proposed Sec. 1002.110(c) would not have satisfied this statutory
requirement.
The Bureau received two comments on this aspect of the proposal
from community groups, both of which supported Sec. 1002.109(b)(1) as
proposed. For the reasons set forth herein, the Bureau is finalizing
Sec. 1002.109(b)(1) as proposed.
Paragraph 109(b)(2)
Proposed Sec. 1002.109(b)(2) would have required a financial
institution to provide the physical address of its headquarters
location. The headquarters address of a financial institution would
provide geographic information that would aid in fulfilling the
statutory purposes of section 1071, including, for instance, analyses
of the connection between a financial institution's location and the
business and community development needs where it operated. It would
also help identify and differentiate financial institutions,
particularly nondepository financial institutions, that have similar
names.
Having received no comments on this aspect of the proposal and for
the reasons set forth herein, the Bureau is finalizing Sec.
1002.109(b)(2) as proposed.
Paragraph 109(b)(3)
Proposed Sec. 1002.109(b)(3) would have required a financial
institution to provide the name and business contact information of a
person who may have been contacted with questions about the financial
institution's data submission. The Bureau noted that Regulation C
includes a similar requirement in Sec. 1003.5(a)(3)(iii), and the
Bureau believed it would have been appropriate to require such
information here. In general, the Bureau found, from its experience
with HMDA and Regulation C, that requiring the name and business
contact information of a person who may have been contacted with
questions generally facilitated communication in the event that follow-
up on a submission is required.
Having received no comments on this aspect of the proposal and for
the reasons set forth herein, the Bureau is generally finalizing Sec.
1002.109(b)(3) as proposed. However, the Bureau is revising final Sec.
1002.109(b)(3) to make clear that the contact reported is a person
responsible for responding to Bureau or other regulator inquiries about
the submission, rather than inquiries from the general public.
[[Page 35408]]
Paragraph 109(b)(4)
Proposed Sec. 1002.109(b)(4) would have required a financial
institution that is a depository institution to provide the name of its
Federal prudential regulator, if applicable. Proposed comment
109(b)(4)-1 would have explained how to determine which Federal
prudential regulator (i.e., the OCC, the FDIC, the Board, or the NCUA)
a financial institution should report. Proposed comment 109(b)(4)-2
would have provided guidance on when a financial institution would be
required to report a new Federal prudential regulator, for instance, in
the event of a merger or a change of charter.
The Bureau noted that Regulation C includes a similar provision in
Sec. 1003.5(a)(3)(iv), requiring financial institutions to identify
the appropriate Federal agency. In the Regulation C context, the
purpose of this requirement is to identify the agency to which a
financial institution must report its HMDA data--often the financial
institution's Federal prudential regulator for depository
institutions.\801\ For small business lending data, the Bureau believed
a requirement to report a financial institution's Federal prudential
regulator would be appropriate for different reasons. The reporting of
a financial institution's Federal prudential regulator would enable
analysts to more easily identify other information about a financial
institution that its Federal prudential regulator makes publicly
available, such as Call Report data; further, such additional data may
be used by regulators to perform analyses of the characteristics of
financial institution's data. Nondepository institutions generally do
not have Federal prudential regulators and would not have reported one
under this requirement.\802\
---------------------------------------------------------------------------
\801\ 12 U.S.C. 2803(h).
\802\ Additionally, while some nondepository institutions have
Federal regulators, those Federal regulators may not meet the
definition of Federal prudential regulator provided in comment
109(b)(4)-1 and this data point still may not be applicable. For
example, while Farm Credit System institutions are regulated and
supervised by the Farm Credit Administration, the Farm Credit
Administration is not a Federal prudential regulator as defined in
comment 109(b)(4)-1.
---------------------------------------------------------------------------
Having received no comments on this aspect of the proposal and for
the reasons set forth herein, the Bureau is finalizing Sec.
1002.109(b)(4) as proposed, but has moved the example in proposed
comment 109(b)(4)-2 to new comment 109(b)-1.
Paragraph 109(b)(5)
Proposed Sec. 1002.109(b)(5) would have required a financial
institution to provide its Federal taxpayer identification number
(TIN). Proposed comment 109(b)(5)-1 would have explained when a
financial institution should report a new Federal TIN in the event that
it obtained a new Federal TIN (for instance, because the financial
institution merged with another financial institution and adopted the
Federal TIN of the other financial institution). The Bureau noted that
Regulation C Sec. 1003.5(a)(3)(vi) requires financial institutions to
report Federal TIN with their HMDA submissions, and the Bureau believed
such a requirement would be appropriate here as well. A financial
institution's Federal TIN may be used to identify other publicly
available information on a financial institution, and combined with a
financial institution's small business lending application register to
enhance the types of analysis that can be conducted to further the two
statutory purposes of section 1071.
Having received no comments on this aspect of the proposal and for
the reasons set forth herein, the Bureau is finalizing Sec.
1002.109(b)(2) as proposed, but has moved the example in proposed
comment 109(b)(5)-1 to new comment 109(b)-1.
Paragraph 109(b)(6)
Proposed Sec. 1002.109(b)(6) would have required a financial
institution to provide its LEI. Proposed comment 109(b)(6)-1 would have
explained what an LEI is and would have made clear that financial
institutions that do not currently have an LEI must obtain one, and
that financial institutions would have an ongoing obligation to
maintain an LEI in order to satisfy proposed Sec. 1002.109(b)(6).
The Bureau explained that an LEI is a unique, 20-digit identifier
issued by an entity endorsed or otherwise governed by the Global LEI
Foundation. Regulation C requires financial institutions to obtain and
use an LEI, which facilitates the analysis of HMDA data and aids in the
recognition of patterns by more precisely identifying financial
institutions and affiliated companies.\803\ The LEI also helps
financial institutions that report HMDA data generate the universal
loan identifier used to identify application or application-level
records in Regulation C. Similarly, in the section 1071 context, a
financial institution's LEI would also likely facilitate data
analyses,\804\ by helping the Bureau and other stakeholders better
understand a financial institution's corporate structure. Proposed
Sec. 1002.107(a)(1) would have also required that financial
institutions use their LEIs in creating unique identifiers for covered
applications. The Bureau believed this, in turn, would result in more
sophisticated and useful analyses of the financial institution's data.
---------------------------------------------------------------------------
\803\ 80 FR 66128, 66248 (Oct. 28, 2015) (noting that, despite
the cost, the Bureau believed that the benefit of all HMDA reporters
using an LEI justified the associated costs by improving the ability
to identify the financial institution reporting the data and link it
to its corporate family).
\804\ Id. (``By facilitating identification, this requirement
will help data users achieve HMDA's objectives of identifying
whether financial institutions are serving the housing needs of
their communities, as well as identifying possible discriminatory
lending patterns.'').
---------------------------------------------------------------------------
The Bureau received a few comments on this aspect of the proposal.
These commenters were supportive of proposed Sec. 1002.109(b)(6),
agreeing with the Bureau's assertion that an LEI would help facilitate
analyses. One commenter stated that the Bureau needed to ensure data
users could identify parent and affiliate connections. The comments
also supported requiring financial institutions to provide LEI
information, stating that it would be consistent with HMDA, as
discussed in the proposal.
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.109(b)(6) as proposed. Regarding the comment requesting the Bureau
make identification of parent and affiliate connections easier, the
Bureau notes that it is requiring LEI information in part for this
reason, as discussed in the proposal. As explained in comment
109(b)(6)-1, financial institutions are required to report the current
LEI number, and if the financial institution does not currently possess
one, to obtain one. Financial institutions also have an ongoing
obligation to maintain their LEI number. As part of maintaining an LEI
number, a financial institution must make sure the LEI number and
associated information are current, including any relationship data.
The Bureau believes that publication of a financial institution's LEI,
as well as any parent and top parent LEIs, as applicable, will allow
data users to identify these relationship connections.
Paragraph 109(b)(7)
Proposed Sec. 1002.109(b)(7) would have required a financial
institution to report its RSSD ID number, if applicable. The Bureau
explained that an RSSD ID is a unique identifying number assigned to
institutions, including main offices and branches, by the Federal
Reserve System. All depository institutions know and regularly report
their RSSD ID numbers on FFIEC regulatory forms. The Bureau believed
that an RSSD ID would help data users link the data for
[[Page 35409]]
a particular financial institution to other regulatory data, including
the connections between a particular financial institution with other
financial institutions. The Bureau believed that this additional
information would result in more sophisticated and useful analyses of
the financial institution's small business lending data.
Proposed comment 109(b)(7)-1 would have explained what an RSSD ID
number is and how financial institutions that have one might find it.
Financial institutions that do not have RSSD IDs, typically
nondepository institutions, would not have been required to obtain
them, and would report ``not applicable'' in that field.
The Bureau received one comment from a community group supporting
this aspect of the proposal. For the reasons set forth herein, the
Bureau is finalizing Sec. 1002.109(b)(7) as proposed.
Paragraph 109(b)(8)
Proposed Sec. 1002.109(b)(8) would have required a financial
institution to provide certain information on its parent entities, if
applicable. This information would have included the name, the LEI (if
available), and the RSSD ID (if available) of the financial
institution's immediate parent entity and the financial institution's
top-holding parent entity.
Proposed comments 109(b)(8)-1 and -2 would have provided guidance
on how to identify a financial institution's immediate parent entity
and a financial institution's top-holding parent entity. Proposed
comment 109(b)(8)-3 would have explained that a financial institution
would have reported its parent entities' LEIs if they have them, but
that no parent entity would be required to obtain an LEI if it did not
already have one. Proposed comment 109(b)(8)-4 would likewise have
explained that a financial institution would report its parent
entities' RSSD ID numbers if they had them.
In the NPRM, the Bureau explained that it believed that the
collection of information on a financial institution's structure would
further both of the statutory purposes of section 1071. Data on a
financial institution's organizational structure that is self-reported
would be more accurate than would be the case if the Bureau attempted
to generate such information from publicly available sources.\805\
---------------------------------------------------------------------------
\805\ With respect to HMDA, the Bureau, on behalf of the FFIEC
and HUD, does currently attempt to generate and publish information
on filers, including parent company and top holder information
obtained from the LEI provided. See Fed. Fin. Insts. Examination
Council, Public Panel--Data Fields with Values and Definitions,
https://ffiec.cfpb.gov/documentation/2021/panel-data-fields/ (last
visited Mar. 20, 2023). But the Bureau has encountered difficulties
in using the LEI to obtain parent company and top holder
information, and thus proposed for this rulemaking to require that
it be provided directly by financial institutions.
From 1989 to 1998, Regulation C required financial institutions
to report their parent entity information on transmittal sheets. 54
FR 51356, 51361, 51368 (Dec. 15, 1989) (adding the transmittal sheet
requirement, including parent institution information, to appendix A
to Regulation C); 63 FR 52140, 52141 (Sept. 30, 1998) (stating that
the Board believed that the availability of information from the
FFIEC website makes the continuation of the requirement for parent
company information on the transmittal sheet unnecessary). In 2002,
Regulation C again required financial institutions to report parent
information on transmittal sheets on the grounds that data users
asserted the importance of having the parent institution information
associated with the HMDA data itself, rather than in a separate
database provided by the National Information Center. 67 FR 7221,
7232 (Feb. 15, 2002).
In the 2014 HMDA NPRM, the Bureau proposed to continue requiring
that financial institutions identify their parent companies. The
Bureau stated that because information about parent companies was
not yet available through the LEI, the Bureau believed it was
necessary to maintain this requirement to ensure that financial
institutions' submissions can be linked with those of their
corporate parents. 79 FR 51731, 51861 (Aug. 29, 2014). However,
required reporting of parent company information stopped under the
2015 HMDA final rule on the grounds that once the LEI is fully
implemented, parent entity information was expected to become
available. 80 FR 66128, 66248 (Oct. 28, 2015) (citing Fin. Stability
Bd., LEI Implementation Grp., Fourth Progress Notes on the Global
LEI Initiative, at 4 (Dec. 11, 2012), http://www.financialstabilityboard.org/wp-content/uploads/r_121211.pdf?page_moved=1) (noting that the LEI Implementation Group
is developing proposals for additional reference data on the direct
and ultimate parent(s) of legal entities and on relationship data
more generally).
---------------------------------------------------------------------------
The Bureau further explained that better structural information
would, for instance, improve the accuracy of peer analyses, which would
facilitate fair lending enforcement. The Bureau stated that analyzing
trends over time would be useful for identifying institutions that may
give rise to fair lending risk. Given structural changes to
institutions over time, information that enables the identification of
institutions consistently and accurately over time is important to this
trend analysis.
In addition, the Bureau believed that information on a financial
institution's structure would advance the business and community
development purpose of section 1071 by facilitating the analysis of
whether and how corporate structure impacts how a financial institution
provides access to credit to small businesses. In particular, this
structural information could be used to understand how regulation in
one part of a corporate structure impacts unregulated entities within
the same corporate group.
Proposed Sec. 1002.109(b)(8) would have resulted in more accurate
and comprehensive corporate structure information by requiring
financial institutions to provide not only the name of one parent
entity, but the immediate parent entity of the financial institution as
well as the top-holding parent of the financial institution (for some
financial institutions, this would be a bank holding company). For the
reasons set out above in the section-by-section analyses of Sec.
1002.109(b)(6) and (7), the reporting of LEI and RSSD ID of parent
entities would improve the ability of regulators and other stakeholders
to map out more precisely and fully the often-complex networks of a
financial institution's corporate structure. This more detailed and
accurate structural data, in turn, might be used to perform more
sophisticated and useful analyses of the financial institution's small
business lending data. In addition, this information would have helped
the Bureau confirm whether data were appropriately being reported by
financial institutions on behalf of their subsidiaries pursuant to
proposed Sec. 1002.109(a)(2).
With respect to proposed Sec. 1002.109(b)(8), the Bureau sought
comment on whether it should require any other parent entity
information to be provided by financial institutions reporting data.
The Bureau received comments on this aspect of the proposal from a
community group and a trade association. These commenters were
supportive of proposed Sec. 1002.109(b)(8). One commenter supported
identifying the parent and top holder parent entities under proposed
Sec. 1002.109(b)(8)(i) and (iv). Both commenters supported the
inclusion of LEI information for both the parent and top holder parent
entities under proposed Sec. 1002.109(b)(8)(ii) and (v). For the
reasons set forth herein, the Bureau is finalizing Sec. 1002.109(b)(8)
as proposed.
Paragraph 109(b)(9)
Proposed Sec. 1002.109(b)(9) would have required a financial
institution to report the type of financial institution it is,
selecting the applicable type or types of institution from a list in
proposed comment 109(b)(9)-1. The comment would also have explained
that a financial institution would select all applicable types. The
list provided in the proposed comment included: (i) bank or savings
association, (ii) minority depository institution, (iii) credit union,
(iv) nondepository institution, (v) CDFI, (vi) other nonprofit
financial institution, (vii) Farm Credit System institution, (viii)
government lender, (ix) commercial finance company, (x) equipment
finance company, (xi)
[[Page 35410]]
industrial loan company, (xii) fintech, and (xiii) other. Proposed
comment 109(b)(9)-2 would have explained that a financial institution
reports the type of financial institution as ``other'' where none of
the enumerated types of financial institution appropriately describe
the applicable type of financial institution, and the institution
reports the type of financial institution as free-form text.
The Bureau believed that information regarding the type of
financial institution reporting small business lending data would
greatly assist in the analysis conducted by the Bureau and other data
users. Information providing further details on types of financial
institutions would help advance the statutory purposes of section 1071;
fair lending analysts might use this information on the financial
institution type (for instance, depository institutions compared to
nondepository institutions) as a control variable for their analyses.
The inclusion of this information may also assist in an assessment of
the business and community development needs of an area as it may
provide analysts a means of determining what types of financial
institutions serve certain geographic areas.
In addition, the Bureau believed that this information, combined
with the parent entity information required by proposed Sec.
1002.109(b)(8), would offer more accurate and granular data on
nondepository institutions within the same corporate group as
depository institutions. The Bureau noted that, at the time of the
NPRM, the National Information Center database, which contains
information on the structure of corporate groups that contain banks and
other financial institutions, provided little information on
nondepository institutions. In connection with proposed Sec.
1002.109(b)(8), information on corporate structure that financial
institutions self-report could fill in reporting gaps, including more
specific information on financial institution types.
With respect to proposed Sec. 1002.109(b)(9), the Bureau sought
comment on whether it should consider removing, modifying, or adding
any types of financial institutions to the list in proposed comment
109(b)(9)-1, including in order to manage unique privacy interests
(such as, for example, whether a category for captive finance companies
that lend to applicants that share the same branding should be included
on the list). The Bureau also sought comment on whether it should
consider defining any of the types of financial institutions in the
proposed list, in particular whether and how to define the term
``fintech.''
The Bureau received comments on this aspect of the proposal from
several community groups and a software vendor. Generally, these
commenters were supportive of proposed Sec. 1002.109(b)(9), though
some requested certain modifications. Two commenters stated that the
use of ``fintech'' in the list of financial institution types in
proposed comment 109(b)(9)-1 was not a clear descriptor, and that
``online lender'' would be a better term. One commenter also requested
the Bureau make clear that selection of ``other'' as a type of
financial institution does not qualify the financial institution for
exemption from coverage of this rule. Additionally, the commenter
requested the Bureau make clear that selection of multiple financial
institution types from the list provided in proposed comment 109(b)(9)-
1 is permitted. Finally, a commenter requested the Bureau require
financial institutions to identify the types of products they offer, in
addition to the type of financial institution.
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.109(b)(9) with a revision in comment 109(b)(9)-1 to replace the
financial institution type ``fintech'' with ``online lender'' and to
add commentary about how the Bureau may add additional financial
institution types in the future. The Bureau agrees with commenters that
using ``online lender'' as a financial institution type will help
better identify the type of financial institution that is being
described rather than ``fintech.'' As commenters noted, ``fintech'' has
a wide variety of uses over different industries. That variety may make
it difficult to determine what ``fintech'' means as a financial
institution type and under what circumstances a financial institution
must report ``fintech'' as one of their types. Using ``online lender''
as the financial institution type helps make clear the financial
institution's business model is to conduct business primarily online.
For example, an online lender would include a platform or peer-to-peer
lender that generally only receives applications and originates loans
through a website and that does not have in-person encounters with
small businesses, such as accepting applications or having meetings
with loan officers, at a physical office. In such a case, the financial
institution would select ``online lender'' as the type of financial
institution (in addition to any other applicable financial institution
types listed in final comment 109(b)(9)-1).
For similar reasons as those discussed in the section-by-section
analysis of Sec. 1002.107(a) regarding the addition of comment 107(a)-
4, the Bureau is also adding a comment in Sec. 1002.109(b)(9) to
facilitate flexibility and account for the evolution of small business
lending market, identifying how the Bureau may add additional financial
institution types in the future. Comment 109(b)(9)-3 provides that the
Bureau may add additional types of financial institutions via the
Filing Instructions Guide and related materials. Comment 109(b)(9)-3
refers financial institutions to the Filing Instructions Guide for any
updates for each reporting year.
Regarding commenters' requests for clarity regarding selection of
multiple financial institution types, and that selecting ``other'' does
not exempt an institution from coverage under the rule, final comment
109(b)(9)-1 states a financial institution shall select all applicable
types, confirming that multiple financial institution types should be
selected if more than one type applies to the financial institution.
Additionally, the Bureau notes that final Sec. 1002.105 addresses
institutional coverage under this rule. Financial institution type is
not a determinative factor for coverage; in fact, an exempt institution
(unless voluntarily reporting data pursuant to Sec. Sec. 1002.107
through 1002.109 as discussed in comment 105(b)-6) would not be
submitting information pursuant to Sec. 1002.109 in the first
instance. Final comment 109(b)(9)-2 explains the circumstances for
which a financial institution is required, or permitted, to report
``other.''
Finally, the Bureau does not believe it is necessary to add a
requirement for financial institutions to provide their product types
as part of the financial institution identifying information, as
suggested by one commenter. Section 1002.107(a)(5), as finalized,
requires a financial institution to identify the credit type for each
application or origination reported. This information, together with
the other financial institution identifying information required
pursuant to Sec. 1002.109(b), will allow data users to identify the
product types offered by each financial institution in the dataset.
Paragraph 109(b)(10)
Proposed Sec. 1002.109(b)(10) would have required a financial
institution to indicate whether it was not a covered financial
institution under proposed Sec. 1002.105(a) and was thus voluntarily
reporting covered applications.
The Bureau believed it was important to be able to specifically
identify these
[[Page 35411]]
institutions' transactions in the dataset. If reporting were restricted
to only financial institutions required to report, the data would
accurately reflect the overall population of financial institutions
subject to the final rule. However, institutions that do not meet the
rule's loan-volume threshold in proposed Sec. 1002.105(b) could choose
to voluntarily report small business lending data pursuant to proposed
Sec. 1002.5(a)(4)(vii) through (ix). Those institutions that
voluntarily reported data might not be representative of all potential
voluntary reporters and might differ from required reporters. Without a
specific designation, it might not be possible to distinguish an
institution voluntarily reporting data after a single year of exceeding
the loan-volume threshold from an institution reporting because it had
already exceeded the loan-volume threshold in two consecutive years.
The Bureau believed that data users would benefit from being able to
use this information as a control variable, resulting in better fair
lending as well as business and community development analyses, to
account for certain differences that might exist as between required
and voluntary reporters.
The Bureau received one comment on this aspect of the proposal from
a community group. The commenter supported inclusion of Sec.
1002.109(b)(10), agreeing with the Bureau's assertion that data users
will need to identify voluntary reporters. For the reasons set forth
herein, the Bureau is finalizing Sec. 1002.109(b)(10) as proposed.
109(c) Procedures for the Submission of Data to the Bureau
Proposed Rule
Proposed Sec. 1002.109(c) and comment 109(c)-1 would have directed
financial institutions to a publicly available website containing the
Bureau's Filing Instructions Guide, which would have set out technical
instructions for the submission of data to the Bureau pursuant to
proposed Sec. 1002.109. Regulation C Sec. 1003.5(a)(5) contains a
comparable provision, which directs users to a Bureau website that sets
out instructions for the submission of HMDA data, and the Bureau
believed a similar approach would be appropriate here.
The Bureau sought comment on this aspect of the proposal, including
the provision of technical instructions for data submission via a
Bureau website and how best to implement the provisions of this section
in a manner that minimizes cost and burden particularly to small
financial institutions while implementing all statutory obligations.
The Bureau also sought comment on ways it could streamline reporting
for small financial institutions.
Comments Received
The Bureau received comments from two lenders, several trade
associations, and a community group concerning the Bureau's publication
of a Filing Instructions Guide to assist lenders in their submission of
small business lending data to the Bureau. A CDFI lender and two trade
associations supported the publication of technical instructions for
data submission in the Filing Instructions Guide, stating that it would
greatly aid in complying with the rule. One of these commenters
requested that the Bureau dedicate staff to provide answers that can be
relied on, such that community banks could not be criticized or
penalized during subsequent examinations.
A bank and several trade associations expressed concern about the
possible timing for the Bureau's publication of its Filing Instructions
Guide, noting the importance of receiving such instructions well in
advance such that lenders could comply with the rule and provide
accurate and reliable data. Two of these commenters requested that the
Bureau release the Filing Instructions Guide at least six months before
any required data collection begins.
A trade association inquired whether the Filing Instructions Guide
for this regulation would be similar to the one for HMDA and Regulation
C, and whether the Bureau would make the Filing Instructions Guide
available for comment. A joint letter from community and business
advocacy groups suggested that certain data categories for race and
ethnicity be contained in the Filing Instructions Guide, so they could
be adjusted from time to time to align any changes in the OMB's Federal
Data Standards on Race and Ethnicity, rather than being codified in the
commentary to this regulation.
Final Rule
The Bureau is finalizing Sec. 1002.109(c) as proposed. The Bureau
is developing a system to receive, process, and publish the data
collected pursuant to this final rule. In doing so, the Bureau has
benefitted from what it learned in its multiyear effort in developing
the HMDA Platform, through which entities file data as required under
HMDA and Regulation C. As it did in developing the HMDA Platform, the
Bureau's ongoing work in developing the small business lending data
submission system focuses on satisfying all legal requirements,
promoting data accuracy, and reducing burden. The Bureau is publishing,
concurrently with this final rule, a Filing Instructions Guide and
related materials for financial institutions.\806\ The Bureau does not
believe proposed comment 109(c)-1 is necessary as it is duplicative of
the regulatory text, and thus has removed it from the final rule.
---------------------------------------------------------------------------
\806\ See https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/.
---------------------------------------------------------------------------
ECOA section 704B(g)(1) authorizes the Bureau to prescribe rules
and issue such guidance as may be necessary to carry out, enforce, and
compile data pursuant to section 1071. Section 704B(g)(3) provides for
the Bureau to issue guidance to facilitate compliance with the
requirements of section 1071. Here, final Sec. 1002.109(c) is
justified under both ECOA provisions because the issuance of the means
of submitting data to the Bureau are both necessary to compile data
pursuant to section 1071 and to facilitate compliance with section
1071.
The Bureau agrees with commenters that the Filing Instructions
Guide will significantly facilitate compliance with section 1071.
Regarding the request that the Bureau provide staff to answer questions
about complying with the rule before the rule's compliance date, Bureau
staff will be available after the publication of this final rule to
provide guidance to lenders in complying with the rule. The Bureau will
make other compliance and technical resources available as well, as
described at the end of part I above.
The Bureau notes, in response to the question of whether the Filing
Instructions Guide would be similar to the one for HMDA, that many
aspects of the Filing Instructions Guide for this regulation are based
on the HMDA guide. The Bureau does not believe it is necessary to
request public comment on the Filing Instructions Guide, as it is a
technical document that reflects the regulatory requirements of Sec.
1002.107 and Sec. 1002.109(b) such that data can be submitted to the
Bureau's small business lending data submission platform. However, as
with HMDA, various iterations of the Filing Instructions Guide will be
published over time with changes based in part on feedback from
financial institutions and third-party providers. Regarding the comment
that certain data categories for race and ethnicity contained in the
Filing Instructions Guide be adjusted from time to time to align any
changes in the OMB's Federal Data Standards on
[[Page 35412]]
Race and Ethnicity, the Bureau recognizes that it may need to adjust
some data categories over time, but that the statute may not permit
exact alignment with all future developments by another agency that is
not itself implementing section 1071.
Other Reporting Issues
With respect to HMDA data, Regulation C Sec. 1003.5(a)(1)(i)
provides that a financial institution shall submit its annual loan/
application register in electronic format to the appropriate Federal
agency. Regulation C does not provide for the submission of HMDA data
by unaffiliated third parties directly on behalf of financial
institutions in the way that a parent institution may submit HMDA data
on behalf of its subsidiary under Sec. 1003.5(a)(2) and comment 5(a)-
3. The Bureau understands from financial institutions that report HMDA
data to the Bureau that most institutions use third-party software
vendors in some way to help them prepare or submit their loan/
application registers to the Bureau. The Bureau sought comment on
whether it should permit third parties (such as financial software
vendors) to submit to the Bureau a small business lending application
register on behalf of a financial institution, including whether
financial institutions should be required to designate third parties
authorized to submit registers on their behalf.
Commenters did not directly address the topic of third-party
submissions of small business lending application registers on behalf
of financial institutions. One trade association, in the context of
proposed Sec. 1002.109, noted that its members rely on third-party
vendors for many important business processes, and the contributions of
such vendors to support financial institution innovation is important.
Industry commenters, including trade associations and lenders, widely
noted their reliance on third-party vendors for many important business
processes in commenting on other sections of the proposed rule, as is
noted, for instance, in the section-by-section analysis of Sec.
1002.114(b). The commenter asked that the Bureau encourage vendors to
develop solutions to help financial institution clients comply with
section 1071.
The Bureau is finalizing Sec. 1002.109 as proposed. While there is
no explicit provision addressing financial institution use of service
providers in connection with submission of applicant registers,
informed by its HMDA experience, the Bureau is open to such submission,
so long as it complies with all applicable provisions of the final
rule, including the restrictions on disclosure of protected demographic
data contained in final Sec. 1002.110(e). In addition, the Bureau will
continue to engage with vendors and industry to assess future demand
for service provider use in this area. Regarding the comment asking the
Bureau to encourage third-party solutions to help covered financial
institutions comply with section 1071, the Bureau agrees and has
engaged in outreach to third-party vendors, as discussed in part III
above, since the issuance of the NPRM to facilitate their development
of solutions to assist financial institutions in complying with this
rule.
Section 1002.110 Publication of Data
Final Sec. 1002.110 addresses several issues surrounding
publication of small business lending data. First, final Sec.
1002.110(a) addresses annual publication of application-level data on
the Bureau's website, subject to modification and deletion decisions by
the Bureau based on consideration of privacy interests. Second, final
Sec. 1002.110(b) states that the Bureau may compile and aggregate data
submitted by financial institutions and may publish such compilations
or aggregations as the Bureau deems appropriate. Third, final Sec.
1002.110(c) requires a covered financial institution to publish on its
website a statement that its small business lending data, as modified
by the CFPB, are or will be available on the CFPB's website. Finally,
final Sec. 1002.110(d) provides when a covered financial institution
shall make the notice required by final Sec. 1002.110(c) available to
the public and how long it shall maintain the notice on its website.
The Bureau is finalizing Sec. 1002.110 to implement ECOA section
704B(f)(2)(B) and (C), which require the Bureau to adopt regulations
addressing the form and manner that data are made available to the
public, and pursuant to its authority under 704B(g)(1) to prescribe
such rules and issue such guidance as may be necessary to carry out,
enforce, and compile data pursuant to section 1071. The Bureau is also
finalizing Sec. 1002.110(b) pursuant to 704B(f)(3), which permits the
Bureau to compile and aggregate small business lending data, and to
publish such aggregate data.
110(a) Publication of Small Business Lending Application Registers and
Associated Financial Institution Information
ECOA section 704B(f)(2)(C) requires the Bureau to annually make the
small business lending data it receives from financial institutions
available to the public in such form and in such manner as the Bureau
determines by regulation.
Proposed Rule
Proposed Sec. 1002.110(a) would have provided that the Bureau
shall make available to the public generally the data reported to it by
financial institutions pursuant to proposed Sec. 1002.109, subject to
deletions or modifications made by the Bureau if the Bureau determines
that, based on the proposed balancing test, the deletion or
modification of the data would advance a privacy interest.\807\ The
Bureau proposed to make such data available on an annual basis, by
publishing it on the Bureau's website. The Bureau sought comment on its
proposed approach to implementing ECOA section 704B(f)(2)(C).
---------------------------------------------------------------------------
\807\ As discussed in part VIII below, the Bureau is not
announcing how it will consider different factors when implementing
its discretion to delete or modify application-level data before
publication. The Bureau will continue to engage with stakeholders on
publication and it intends to make final decisions only after that
continued engagement and receipt of a full year of application data.
Part VIII lays out the CFPB's preliminary views, in light of
comments received on the balancing test articulated in the NPRM, on
how to assess and protect privacy interests through modifications
and deletion.
---------------------------------------------------------------------------
Comments Received
In response to proposed Sec. 1002.110(a), the Bureau received
comments from a range of lenders, trade associations, community groups,
individual commenters, and others. Many commenters supported the
Bureau's proposal to make data available on an annual basis by
publishing it on the Bureau's website. Some noted that publication of
disaggregated data is critical to achieving the statutory purposes of
section 1071. Some commenters indicated the Bureau should make clear
that the Bureau must publish data annually, citing their concern that
any discretion in data publication could allow for inconsistent data
publication in the future. A commenter further supported publication on
the Bureau's website, stating that it preferred the Bureau as the
singular source for published data because it would ensure the data was
uniform and consistent in data and publication formats, which would
help to prevent obfuscation efforts by bad actors. The commenter noted
that, based on their historical experience with HMDA data, without
publication on the website, the public would need to request data from
each financial institution individually and the data
[[Page 35413]]
provided may not be in the same file format, may not be in an
accessible file format, and the data may have variations in formatting,
which could hide data anomalies or patterns of discrimination.
Some commenters opposed publication of disaggregated data entirely,
citing various privacy risks, or otherwise preferred the Bureau publish
small business lending data only in aggregate form.\808\ Some
commenters supported publication of disaggregated data publication, but
also supported modifications in light of privacy risk.
---------------------------------------------------------------------------
\808\ See also part VIII below.
---------------------------------------------------------------------------
Commenters also discussed timing of data publication. Some
supported annual publication, as proposed. Others requested publication
as soon as possible but did not suggest a specific schedule. Two
requested quarterly data publication, and one suggested publication
every six months. A few commenters requested the Bureau also establish
a deadline by which it would annually publish data; some did not
suggest a specific deadline while others requested a fall publication
deadline, shortly after data are submitted to the Bureau, in order to
maximize the data's currency and usefulness.
Many commenters requested the Bureau ensure that published data are
accessible to the general public. These commenters noted that the data
should be easily searchable or filterable so that anyone with an
interest in fair lending can use and understand the data. Some of these
commenters noted that data can sometimes be inaccessible if provided in
a very technical manner, such that only those with expertise in data
analysis can understand and use the data. One commenter suggested that
this concern was of particular concern for ethnicity and race data.
Additionally, a few commenters pointed to previous Bureau data releases
as examples of publication that worked well, such as the consumer
complaint database, and those that they would prefer the Bureau not
follow, including the current data tool used to publish HMDA data.
Some commenters requested the Bureau add disclaimers or
explanations to data fields when the data is published to aid in user
understanding about the data, such as data limits, caveats, or
exceptions. For example, several commenters requested the Bureau add a
disclaimer to data submitted by Farm Credit System lenders identifying
their unique statutory coverage limitations and dividend structures.
Other commenters requested a disclaimer that identifies when ethnicity,
race, and sex data was collected on the basis of visual observation
pursuant to proposed Sec. 1002.107(a)(20). One commenter requested a
publication disclaimer for amount of credit applied for and amount of
credit approved or originated, that would explain that applicant-
provided information can be arbitrary and may not match the amount of
credit approved or originated. Another commenter requested that the
Bureau include a disclaimer for private label credit because, they
said, private label credit should not be compared to other small
business credit products because it is based on the availability of the
financial institution's retail partners and those partners' geographic
locations. Conversely, one commenter requested the Bureau not add any
disclaimers to pricing data points on the grounds that they would cause
further misunderstanding of the data.
Two commenters suggested the CFPB establish an advisory group to
offer advice or it should seek public feedback on ways to improve
publication and enhance data accuracy. One commenter asked that it
establish an authorization program to certify as ``CFPB-approved''
particular data products and programs created from 1071 data. Another
commenter stated that when publishing the data, the Bureau should
ensure that the data are organized by institution and credit product
type as a default setting, rather than only by institution, to ensure
proper comparison by data users.
Final Rule
For these reasons set forth herein, the Bureau is finalizing Sec.
1002.110(a) largely as proposed. As finalized, subject to modification
or deletion decisions made by the Bureau to advance privacy interests
as discussed in part VIII below, the Bureau has committed itself in
Sec. 1002.110(a) to making application-level data available to the
public via annual publication. Because publication is subject to any
modification or deletion decisions made by the Bureau pursuant to its
privacy analysis, the Bureau concludes that Sec. 1002.110(a) itself
adequately addresses commenter concerns about privacy risks. As
discussed in part VIII, the CFPB is also of the view that application-
level data have significant disclosure benefits that will facilitate
the fair lending and business and community development purposes of
section 1071. This determination strongly supports disclosure of the
data in a disaggregated format to the extent consistent with the
privacy interests. As a result, the Bureau does not intend to publish
only aggregate data compilations pursuant to Sec. 1002.110(b).
Publication of application-level data on an annual basis is
appropriate. While a few commenters proposed shorter cycles, the Bureau
would not have new data to publish more frequently because, as
discussed in the section-by-section analysis of Sec. 1002.109(a), the
Bureau is requiring financial institutions to report annually. Further,
the Bureau concludes that until it obtains a full year of reported data
and performs a full privacy analysis, as discussed in part VIII below,
it cannot know with certainty the amount of time it will take to
analyze the privacy risks, and make modifications or deletions as
needed, particularly for the first publication of application-level
data. Accordingly, the final rule does not set a publication deadline.
Because the Bureau is still creating its data publication platform,
it takes under advisement commenter concerns about accessibility and
ease of use, and will make efforts to be responsive to those comments
as the platform and user tools are built. The Bureau is also taking
under advisement suggestions on how to organize and display data.
Similarly, the Bureau is taking under advisement requests to make
data limitations, such as related to credit or financial institution
type, clear to data users. But it does not intend to state that the
amount of credit applied for and amount of credit approved or
originated may have discrepancies because the applicant underestimated
their credit limitations. As discussed in the section-by-section
analyses of Sec. 1002.107(a)(7) and (8) above and in the NPRM, there
are several other reasons for discrepancy between the amount an
applicant applies for and the amount for which they are approved. A
disclaimer asserting the discrepancy may be attributable to applicant
overconfidence would minimize the serious risk of fair lending concerns
that these data points may otherwise identify. For similar reasons, the
Bureau does not intend to add disclaimers to pricing data.
Finally, the Bureau notes that while it does not have an advisory
group dedicated to small business lending data publication, there are
several avenues through which it expects to receive feedback from the
public on small business lending data in the future, including the
Bureau's Advisory Committees, as well as any regulatory or technical
assistance function created for data submitters. The Bureau also
intends to pursue continued public engagement, including with respect
to its intended privacy assessment and associated modification and
deletion decisions, as discussed in part VIII below. Further, the
Bureau will not
[[Page 35414]]
approve or endorse any particular entity's use of or republication of
data, although entities may use and republish the data once it is made
available in the public domain pursuant to this rule. Because the
statutory purposes and noted benefits of data publication (as discussed
herein) include providing information to the public to identify and
address fair lending issues in the small business lending market, the
Bureau encourages data users to analyze the data to address the
statutory purposes. It also encourages technologists to develop tools
to assist in this analysis.
110(b) Publication of Aggregate Data
ECOA section 704B(f)(3) provides that the Bureau may ``compile and
aggregate data collected under this section for its own use'' and
``make public such compilations of aggregate data.''
Proposed Sec. 1002.110(b) would have provided that the Bureau may
compile and aggregate data submitted by financial institutions pursuant
to proposed Sec. 1002.109, and make any compilations or aggregations
of such data publicly available as the Bureau deems appropriate. The
proposal explained that publication of certain such compilations and
aggregations would provide useful data to the public to supplement the
Bureau's publication of application-level data. In particular, the
Bureau noted the importance of providing aggregations for the
application-level data fields that may be modified or deleted before
publication to protect privacy interests.
The Bureau received comments on this aspect of the proposal from
several community groups, business advocacy groups, and a software
provider. These commenters were supportive of proposed Sec.
1002.110(b), though some requested modifications. Several commenters
requested the Bureau make specific aggregations available, based on
their experience with HMDA or for specific user purposes. Additionally,
two commenters requested that the Bureau commit to annual publication
of aggregate data.
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.110(b) as proposed. It is unnecessary for the rule to commit to
specific timing for publication of aggregate data or to identify the
specific aggregations that it will make available. ECOA section
704B(f)(3) provides the Bureau discretion to compile and aggregate data
collected, and to make those aggregations publicly available. Any
aggregations compiled using the data collected will be dependent on
multiple factors, including privacy considerations, the volume of data,
and the trends in the data received. For these reasons, the Bureau
believes it is important to preserve flexibility as to both the content
and timing of any aggregate data publications, although it anticipates
publishing aggregate data before releasing application-level data.
110(c) Statement of Financial Institution's Small Business Lending Data
Available on the Bureau's Website and 110(d) Availability of Statements
Proposed Rule
ECOA section 704B(f)(2)(B) requires that the data compiled and
maintained by financial institutions shall be ``made available to any
member of the public, upon request, in the form required under
regulations prescribed by the Bureau.''
Proposed Sec. 1002.110(c) would have required that a covered
financial institution make available to the public on its website, or
otherwise upon request, a statement that the covered financial
institution's small business lending application register, as modified
by the Bureau pursuant to proposed Sec. 1002.110(a), is or will be
available on the Bureau's website.
Proposed Sec. 1002.110(c) would have also stated that a financial
institution shall use language provided by the Bureau, or substantially
similar language, to satisfy this requirement to provide a statement.
Proposed comment 110(c)-1 would have provided model language that a
financial institution could use to comply with proposed Sec.
1002.110(c). Proposed comment 110(c)-2 would have provided guidance to
financial institutions that do not have websites.
Proposed Sec. 1002.110(d) would have provided that a covered
financial institution shall make the notice required by proposed Sec.
1002.110(c) available to the public on its website when submitting its
small business lending application register to the Bureau pursuant to
proposed Sec. 1002.109(a)(1), and shall maintain the notice for as
long as it has an obligation to retain its small business lending
application registers pursuant to proposed Sec. 1002.111(a).
The Bureau sought comment on its proposed approach to implementing
ECOA section 704B(f)(3), including how best to implement proposed Sec.
1002.110(c) and (d) in a manner that minimizes cost and burden
particularly on small financial institutions while implementing all
statutory obligations.
Comments Received
In response to proposed Sec. 1002.110(c) and (d), the Bureau
received comments from a number of lenders, trade associations, and
community groups, along with one individual commenter. A majority of
those commenters supported the proposed approach to making financial
institutions' data available to the general public on the Bureau's
website, citing reasons including reduction of compliance burden, cost,
and redundant data. However, a few commenters argued that covered
financial institutions should be required to make their data available
on their own websites. One such commenter asserted that financial
institutions (particularly large banks) should be required to make
their data available within 30 days of a request to do so, which they
stated has worked well for HMDA.\809\ This commenter also stated that
if the Bureau were to adopt proposed Sec. 1002.110(c), it should
require quarterly public data reporting. An individual commenter
suggested that without a requirement that financial institutions
release their own data, the public would have no way to confirm the
``legitimacy'' of data released by the Bureau.
---------------------------------------------------------------------------
\809\ The Bureau's approach to Sec. 1002.110(c) aligns with
Regulation C Sec. 1003.5(c)(1). However, prior to the 2015 HMDA
Amendments, covered financial institutions were required to make
their HMDA data available upon request.
---------------------------------------------------------------------------
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.110(c) with a minor modification and Sec. 1002.110(d) as
proposed, to implement ECOA section 704B(f)(2)(B). The Bureau's
revision to Sec. 1002.110(c) removes the specific URL at which the
Bureau will publish 1071 data on its website. The Bureau has made
several small revisions to the notice language set forth in comment
110(c)-1 for clarity. The Bureau is also adopting new comment 110(c)-3
to explain that the Bureau may modify the location specified in the
notice language provided in comment 110(c)-1, at which small business
lending data are available, via the Filing Instructions Guide and
related materials.
The approach set forth in final Sec. 1002.110(c) and (d) will
reduce potential burdens on financial institutions associated with
publishing modified data. It will also reduce privacy risks resulting
from errors by individual financial institutions implementing any
modifications or deletions required by the Bureau, and would be more
efficient overall. Regulation C (Sec. 1003.5(c)(1)) implements a
similar statutory requirement regarding the form of data reporting and
requires financial institutions to direct any public requests
[[Page 35415]]
for HMDA data they receive to the Bureau. A similar provision is
appropriate here to maintain continuity across reporting regimes, and
because this centralized approach will help ensure consistent
implementation of any modifications or deletions made to protect
privacy interests. Commenters' concerns regarding the timing of
financial institutions making their own data available are thus
rendered moot.
The Bureau does not believe that financial institutions should be
required to make their data available within 30 days of a request to do
so. Such requests can be fulfilled as easily by accessing small
business lending application registers on the Bureau's website, after
modifications or deletions are made to protect privacy interests. Nor
does the Bureau believe that quarterly public data reporting is
appropriate, as discussed in the section-by-section analysis of Sec.
1002.110(a) above. Further, the Bureau does not believe that a
requirement that financial institutions release their own data is
necessary to confirm the ``legitimacy'' of data released by the Bureau.
The Bureau will conduct examinations of unredacted small business
lending data, and will make application-level data (subject to privacy
modifications and deletions) available for review and analysis by
members of the public.
110(e) Further Disclosure Prohibited
ECOA section 704B(e) and (f) require financial institutions to
compile and maintain records of information provided by applicants and
to submit such data annually to the Bureau. However, the statute does
not expressly address what a financial institution may do with data
collected pursuant to section 1071 for purposes other than reporting
such data to the Bureau, nor did the proposal specify restrictions on a
financial institution's use or disclosure of data collected pursuant to
this rulemaking for purposes other than collecting, maintaining, and
reporting such data to the Bureau.
The Bureau received comments from individuals and industry that
raised concerns about potential misuse of protected demographic data
provided pursuant the small business lending rulemaking. For example,
one commenter expressed concern that LGBTQ community members are at
risk that their data may be used for unintended and harmful purposes
outside of 1071 data collection. Commenters further noted that
applicants may be hesitant to provide certain information if the data
can be inappropriately used. The Bureau also received comments from
industry commenters urging that protected demographic data be reported
directly to the Bureau, stating, in part, that such a regime would
likely increase response rates because applicants would not be
concerned that financial institutions would improperly use the data.
In order to safeguard protected demographic data against possible
misuse and encourage applicant responses, and in response to comments,
the Bureau is adding new Sec. 1002.110(e) pursuant to its authority
under ECOA section 704B(g)(1) to prescribe such rules and issue such
guidance as may be necessary to carry out, enforce, and compile data
pursuant to section 1071. New Sec. 1002.110(e) prevents misuse of
applicants' protected demographic information in two ways.
First, Sec. 1002.110(e)(1) prohibits a financial institution from
disclosing or providing to a third party the protected demographic
information it collects under subpart B except in limited
circumstances. First, a financial institution may disclose such
information to a third party to further compliance with ECOA or
Regulation B. This exception permits disclosure, for example, to a
third-party service provider that is assisting the financial
institution in auditing or submitting small business lending data to
the Bureau. This exception also permits disclosure to a third party for
uses consistent with how such protected demographic information may
currently be used under ECOA and Regulation B, such as to conduct
internal fair lending testing or to extend special purpose credit
programs. Section 1002.110(e)(1) further states that a financial
institution may disclose or provide protected demographic information
collected pursuant to this rule as required by law.
Second, Sec. 1002.110(e)(2) prohibits further redisclosure of
protected demographic information by a third party that initially
obtains such information for the purposes of furthering compliance with
the ECOA and Regulation B. In such situations, the third party is
prohibited from disclosing the protected demographic information except
to further compliance with ECOA and Regulation B or as required by law.
Section 1002.111 Recordkeeping
Final Sec. 1002.111 addresses several aspects of the recordkeeping
requirements for small business lending data. First, final Sec.
1002.111(a) requires a covered financial institution to retain evidence
of its compliance with subpart B, which includes a copy of its small
business lending application register, for at least three years after
the register is required to be submitted to the Bureau pursuant to
final Sec. 1002.109. Second, final Sec. 1002.111(b) requires a
financial institution to maintain, separately from the rest of the
application and accompanying information, an applicant's responses to
the financial institution's inquiries regarding whether an applicant
for a covered credit transaction is a minority-owned business, a women-
owned business, and/or an LGBTQI+-owned business under final Sec.
1002.107(18) and regarding the ethnicity, race, and sex of the
applicant's principal owners under final Sec. 1002.107(19). Finally,
final Sec. 1002.111(c) requires that, in compiling, maintaining, and
reporting data pursuant to final Sec. 1002.109 or Sec. 1002.111(a) or
(b), a financial institution shall not include personally identifiable
information concerning any individual who is, or is connected with, an
applicant.
The Bureau is finalizing Sec. 1002.111 to implement ECOA section
704B(f)(2)(A), which requires financial institutions to compile and
maintain data for at least three years; 704B(b)(2), which requires
financial institutions to maintain a record of the responses to the
inquiry required by 704B(b)(1), separate from the application and
accompanying information; and 704B(e)(3), which provides that in
compiling and maintaining data, a financial institution may not include
personally identifiable information concerning an individual who is, or
is connected with, an applicant. The Bureau is also finalizing Sec.
1002.111 pursuant to its authority under 704B(g)(1) to prescribe such
rules and issue such guidance as may be necessary to carry out,
enforce, and compile data pursuant to section 1071.
111(a) Record Retention
Proposed Rule
ECOA section 704B(f)(2)(A) requires that information compiled and
maintained under section 1071 be retained for not less than three years
after the date of preparation. Proposed Sec. 1002.111(a) would have
required that a financial institution retain a copy of its small
business lending application register for three years after the
register is submitted to the Bureau pursuant to proposed Sec.
1002.109. By way of comparison, under Regulation C, financial
institutions must retain the loan/application registers that they
submit to the Bureau for three years.\810\ This reflects the
requirement in HMDA itself that a loan/application register be
[[Page 35416]]
retained for three years after it is made available.\811\
---------------------------------------------------------------------------
\810\ Regulation C Sec. 1003.5(a)(1).
\811\ 12 U.S.C. 2803(j)(6).
---------------------------------------------------------------------------
Proposed comment 111(a)-1 would have provided examples of what
evidence of compliance with the proposed provision is likely to
include. Proposed comment 111(a)-2 would have required that a creditor
that is voluntarily, under proposed Sec. 1002.5(a)(4)(vii) and (viii),
collecting information pursuant to subpart B but is not required to
report that data to the Bureau, complies with proposed Sec.
1002.111(a) by retaining evidence of compliance with subpart B for at
least three years after June 1 of the year following the year that data
was collected.
The Bureau sought comment on its proposed approach to implementing
ECOA section 704B(f)(2)(A), including how best to implement proposed
Sec. 1002.111(a) in a manner that minimizes cost and burden
particularly on small financial institutions while implementing all
statutory obligations.
Comments Received
The Bureau received comments from several lenders, trade
associations, and others on this aspect of its proposal. One trade
association supported the proposed requirement that financial
institutions retain their data for at least three years after
submission to the Bureau, noting that this retention period is
congruent with the five-year period that banks must maintain data under
the Bank Secrecy Act. A CDFI lender agreed the proposal was reasonable
and stated that it did not foresee issues with compiling and
maintaining data for three years.
A trade association, a business advocacy group and a software
vendor recommended that the Bureau instead align the recordkeeping
requirement with ECOA's 25-month retention period rather than HMDA's
three-year retention period. The software vendor asserted that the
proposed provision appeared to be in conflict with ECOA's 12-month
record retention period for commercial loans under $1 million. The
trade association recommended avoiding requirements that would
necessitate the acquisition of costly record retention systems. Another
industry commenter said that the proposed provision would unnecessarily
burden community banks.
A joint letter from two trade associations recommended that the
Bureau expressly state that financial institutions without a reporting
obligation under the rule, in particular motor vehicle dealers, are not
required to comply with the other obligations in the rule, including
the recordkeeping requirements of the rule.
Final Rule
The Bureau is finalizing Sec. 1002.111(a) as proposed. The Bureau
is also finalizing the associated commentary with an adjustment as
discussed below. The Bureau is finalizing this provision to implement
section 1071's recordkeeping requirement as set forth in ECOA section
704B(f)(2)(A).
Regarding commenters' requests that the Bureau should adopt either
existing Regulation B's 25-month retention period for consumer credit
or its 12-month retention period for business credit, rather than a
three-year period, ECOA section 704B(f)(2)(A) mandates that the Bureau
adopt a three-year recordkeeping requirement for applications for small
business loans. In any case, the Bureau notes that, in contrast to
these commenters, at least one lender suggested that Sec. 1002.111(a)
was congruent with other recordkeeping requirements applicable to
certain extensions of credit.\812\ The Bureau is finalizing comment
111(a)-1 (regarding evidence of compliance) with an additional sentence
to reiterate that final Sec. 1002.111(a)'s three-year record retention
requirement applies to any records covered by Sec. 1002.111(a),
notwithstanding the more general 12-month retention period for records
related to business credit specified in existing Sec. 1002.12(b). The
Bureau is finalizing comment 111(a)-2 (regarding record retention for
creditors that voluntarily collect data under Sec. 1002.5(a)(4)(vii)
and (viii)) as proposed.
---------------------------------------------------------------------------
\812\ See, e.g., 31 CFR 1010.410(a) and 1010.430(d).
---------------------------------------------------------------------------
The Bureau acknowledges commenters' concerns that this provision
would necessitate the acquisition of costly record retention systems or
about its impact on community banks, but does not believe that further
adjustments would be appropriate. While financial institutions may
incur added expenses in complying with final Sec. 1002.111(a), the
provision does not itself suggest or mandate that lenders must acquire
new record systems; the provision simply requires that financial
institutions adjust their procedures if they do not already retain
certain records for the period specified in Sec. 1002.111(a). In any
case, as noted above, final Sec. 1002.111(a) implements the record
retention period set forth in the statute.
Regarding the comment concerning the obligations of financial
institutions that are not required to report data under the rule, the
Bureau agrees that a financial institution that is not covered by the
rule is not subject to its provisions, including the recordkeeping
provisions. However, a covered financial institution must keep records
in accordance with Sec. 1002.111(a). In order to satisfy its own
recordkeeping obligations, a covered financial institution must ensure
that it has obtained the necessary records from third parties through
which it receives applications or ensure that those third parties keep
adequate records on its behalf.
111(b) Certain Information Kept Separate From the Rest of the
Application
Proposed Rule
ECOA section 704B(b)(2) requires financial institutions to maintain
a record of the ``responses to [the] inquiry'' required by 704B(b)(1)
separate from the application and accompanying information. Consistent
with the approach the Bureau is finalizing as set forth in E.2 of the
Overview to this part V, the Bureau proposed to interpret the term
``responses to such inquiry'' in 704B(b)(2) to be the applicant's
responses to inquiries regarding protected demographic information--
that is, whether the applicant was a minority-owned business or a
women-owned business, and the ethnicity, race, and sex of the
applicant's principal owners.
Proposed Sec. 1002.111(b) would have stated that a financial
institution shall maintain, separately from the rest of the application
and accompanying information, an applicant's responses to the financial
institution's inquiries to collect data pursuant to proposed subpart B
regarding whether an applicant for a covered credit transaction is a
minority-owned business under proposed Sec. 1002.107(a)(18) or a
women-owned business under proposed Sec. 1002.107(a)(19), and
regarding the ethnicity, race, and sex of the applicant's principal
owners under proposed Sec. 1002.107(a)(20).
Proposed comment 111(b)-1 would have explained that a financial
institution may satisfy this requirement by keeping an applicant's
responses to the financial institution's request pursuant to proposed
Sec. 1002.107(a)(18) through (20) in a file or document that is
discrete or distinct from the application and its accompanying
information. For example, such information could be collected on a
piece of paper that is separate from the rest of the application form.
In order to satisfy the requirement in proposed
[[Page 35417]]
Sec. 1002.111(b), proposed comment 111(b)-1 would have clarified that
an applicant's responses to the financial institution's request
pursuant to proposed Sec. 1002.107(a)(18) through (20) need not be
maintained in a separate electronic system, nor need they be removed
from the physical files containing the application. However, the
financial institution may nonetheless need to keep this information in
a different electronic or physical file in order to satisfy the
requirements of proposed Sec. 1002.108.
The Bureau sought comment on its proposed approach to implementing
ECOA section 704B(b)(2), including how best to implement proposed Sec.
1002.111(b) in a manner that minimizes cost and burden, particularly on
small financial institutions, while implementing all statutory
obligations. The Bureau also sought comment on whether, for financial
institutions that determine that underwriters or other persons should
have access to applicants' demographic information pursuant to proposed
Sec. 1002.108(b), it should likewise waive the requirement in proposed
Sec. 1002.111(b) to keep that information separate from the
application and accompanying information.
Comments Received
A number of lenders and trade associations commented on the
proposed requirement that protected demographic information be kept
separate from application or loan files. A CDFI lender said the
proposal was reasonable and did not foresee issues with maintaining
demographic information separate from applications. A trade
association, while claiming proposed Sec. 1002.111(b) would be
difficult to comply with, acknowledged that the provision was mandated
by section 1071. Another trade association agreed with the Bureau that
ECOA section 704B(b)(2) should be interpreted as referring to
applicants' responses to the inquiries regarding minority-owned and
women-owned business status in proposed Sec. 1002.107(a)(18) and (19),
as well as the ethnicity, race, and sex of applicant's principal owners
in proposed Sec. 1002.107(a)(20). A joint letter from two trade
associations supported the limitation on accessing protected
demographic information but expressed concern about the effort and cost
it would take to segregate and limit this information and ensure the
accuracy of reports and files that must be maintained. These trade
associations suggested that all regulations and guidance related to
record retention be consistent with the FTC's newly amended Gramm-
Leach-Bliley Safeguards Rule and Privacy Rule.
A trade association and a business advocacy group requested
clarifications to improve feasibility and reduce technical challenges,
expressing concern that compliance with proposed Sec. 1002.111(b)
could require expensive technical solutions to separate protected
demographic information from applications in different electronic or
physical files. One sought clarity as to what proposed comment 111(b)-1
meant, stating that, to satisfy Sec. 1002.108, some financial
institutions may need to keep protected demographic information in a
different electronic or physical file.
Some industry commenters opposed the proposal on the grounds of
cost, complexity and practicality. A few of these commenters argued
that proposed Sec. 1002.111(b) would add unnecessary cost and
complexity to compliance and would make audits of data more difficult.
Others asserted the provision would be difficult to implement or
unworkable. One commenter stated that this requirement would impact
small lenders in particular and would increase ongoing costs.
Several industry commenters requested that the Bureau exercise
exemption authority to exempt all lenders from having to comply with
this provision on the grounds that it would make examinations and
audits more cumbersome and costly because demographic information would
need to be retrieved from separate files. Commenters also requested
that, to remain consistent with proposed Sec. 1002.108(b), the Bureau
waive this requirement for financial institutions that determine that
underwriters or other persons should have access to applicants'
demographic information. They also stated that both provisions were
operationally burdensome without any benefit, and that if a firewall
was infeasible, so was the proposed recordkeeping provision.
Several industry commenters requested that the Bureau not prohibit
the collection of demographic information on the same form as the rest
of the application, explaining that such a prohibition would disrupt
SBA's 7(a) loan process, and because section 1071 itself does not
prohibit including demographic questions on an application form;
rather, it requires ``recording'' the information separately. A bank
also that such a prohibition would disrupt loan processes and data
integrity audits. Another bank requested that the Bureau not specify
that protected demographic information be kept in a separate file,
which it said would be costly and burdensome for financial
institutions, but rather that the Bureau leave to lenders how to comply
with this provision.
A bank and a trade association asserted that proposed Sec.
1002.111(b) was not feasible or necessary, and noted that Regulation C
does not require lenders to keep demographic information separate from
mortgage loan files. They also asserted that there was no evidence of
violations of Regulation B because demographic information was not kept
separate from loan files. Another bank requested that the Bureau align
the requirements of HMDA and section 1071 by waiving Sec. 1002.111(b)
for applications reportable under both regimes.
Final Rule
The Bureau is finalizing Sec. 1002.111(b) with adjustments to
reflect updated cross-references to other portions of the final rule
and to refer to LGBTQI+-owned businesses along with women- and
minority-owned businesses, as per final Sec. 1002.107(a)(18). The
Bureau is also finalizing the comment 111(b)-1 with one adjustment as
discussed below, and the Bureau is adding a new comment 111(b)-2.
As discussed in detail above in part V.E.2, the Bureau believes the
best reading of the statutory provisions that mention the inquiry made
under ECOA section 704B(b)(1)--in 704B(b)(2) as well as in 704B(c)
regarding the right to refuse and 704B(d) regarding the firewall--is
that they refer to applicants' responses to the inquiries regarding
protected demographic information: minority-owned, women-owned, and
LGBTQI+-owned business statuses in final Sec. 1002.107(a)(18) and the
ethnicity, race, and sex of applicants' principal owners in final Sec.
1002.107(a)(19). Each of these data points require financial
institutions to request demographic information that has no bearing on
the creditworthiness of the applicant. Moreover, a financial
institution generally could not inquire about this demographic
information absent section 1071's mandate to collect and report the
information, and ECOA prohibits a creditor from discriminating against
an applicant on the basis of the information. The Bureau accordingly
believes that the best effectuation of congressional intent is to apply
section 1071's special-protection provisions to this demographic
information, regardless of whether the statutory authority to collect
it originates in 704B(b)(1) (women-owned business status and minority-
owned business status), 704B(e)(2)(G) (race, sex, and ethnicity of
principal owners), or
[[Page 35418]]
704B(e)(2)(H) (LGBTQI+-owned business status, which is additional data
that the Bureau has determined would aid in fulfilling the purposes of
section 1071). The Bureau similarly believes that Congress did not
intend these special protections to apply to any of the other
applicant-provided data points in final Sec. 1002.107(a), which the
financial institution is permitted to request whether or not it is
covered under section 1071, which are not the subject of Federal
antidiscrimination laws, and many of which financial institutions
already collect and use for underwriting purposes.
The Bureau does not believe it would be appropriate to modify the
statutory requirements implemented in final Sec. 1002.111(b) (or
elsewhere in Sec. 1002.111), as requested by some commenters, for
consistency with the FTC's newly amended Gramm-Leach-Bliley Safeguards
Rule \813\ and Privacy Rule.\814\ Commenters did not identify any
inconsistency between Sec. 1002.111 and the requirements of the Gramm-
Leach-Bliley Act.\815\ The Bureau notes that the privacy and data
security provisions of these rules apply to consumer information, and
the Gramm-Leach-Bliley Act defines consumer to mean an individual who
obtains, from a financial institution, financial products or services
which are to be used primarily for personal, family, or household
purposes. The Bureau is finalizing comment 111(b)-1 with updated cross-
references to other portions of the final rule and additional text
explaining that while Sec. 1002.111(b) does not always require that a
financial institution maintain certain information in separate physical
or digital files, a financial institution may nonetheless as a
practical matter need to keep this information in a different
electronic or physical file in order to satisfy the requirements of
Sec. 1002.108(b) to establish and maintain a firewall. Final comment
111(b)-1, as revised, is intended to clarify, and facilitate compliance
with, the statutory directive that financial institutions must keep
certain information separate from the credit application. The Bureau is
also adding comment 111(b)-2 to the final rule, which states that a
financial institution is permitted to maintain information regarding
the applicant's number of principal owners pursuant to final Sec.
1002.107(a)(20) with an applicant's responses to the financial
institution's request pursuant to Sec. 1002.107(a)(18) and (19). The
Bureau believes that as a practical matter, the demographic information
that financial institutions would have to maintain separately would
inherently and necessarily include the applicant's number of principal
owners. For example, if an applicant had three principal owners, the
separately maintained demographic information would necessarily contain
three sets of responses to questions about principal owners' race, sex
and ethnicity, even if no part of the separately maintained information
explicitly listed ``3'' as the information responsive to Sec.
1002.107(a)(20).
---------------------------------------------------------------------------
\813\ Fed. Trade Comm'n, Standards for Safeguarding Customer
Information, Final Rule, 86 FR 70272 (Dec. 9, 2021).
\814\ Fed. Trade Comm'n, Privacy of Consumer Financial
Information Rule Under the Gramm-Leach-Bliley Act, 86 FR 70020 (Dec.
9, 2021).
\815\ 15 U.S.C. 6801 through 6809.
---------------------------------------------------------------------------
Regarding comments seeking further clarification of Sec.
1002.111(b) and comment 111(b)-1, the Bureau intended in these
provisions to provide financial institutions with flexibility in
complying with Sec. 1002.111(b), which some industry commenters
favored. The Bureau believes that some commenters overstate the
complexity of Sec. 1002.111(b); several appeared to interpret this
provision as requiring financial institutions to create separate
physical or digital files in all instances. This is contrary to
proposed comment 111(b)-1, which explicitly states that the demographic
information need not be maintained in a separate electronic system, nor
removed from the physical files containing the application. The
Bureau's intent was to acknowledge that different lenders may implement
Sec. 1002.111(b) in varying ways, depending on how they choose to
comply with the firewall requirement. For instance, a lender that
complies with Sec. 1002.108(b) may determine that to keep demographic
information from underwriters and other employees, it must maintain
such information in a separate file from the application, rather than
on a separate piece of paper in the same file as the application.
However, for those financial institutions that, pursuant to Sec.
1002.108(c), determine it is not feasible to limit access to an
applicant's protected demographic information, the Bureau believes that
compliance with ECOA section 704B(b)(2), as implemented in Sec.
1002.111(b), does not necessitate maintaining such information in
separate files.
Regarding several commenters' request that the Bureau use its
exemption authority generally to exempt all lenders from having to
comply with Sec. 1002.111(b) and should, in any case, waive the
requirement for lenders where the firewall under Sec. 1002.108(b) is
infeasible, the Bureau does not believe it would be appropriate to do
so. The request for a general exemption appears to be based on the
premise that proposed Sec. 1002.111(b) would have required demographic
information be stored in separate files. As explained above, final
Sec. 1002.111(b) and final comment 111(b)-1 make clear that there is
not a mandate for all financial institutions to maintain protected
demographic information in separate files, and the commenters do not
explain why financial institutions would choose to maintain separate
files for protected demographic information when they have determined
that one or more officers or employees should have access to that
information.
Regarding the various comments opposing Sec. 1002.111(b) on the
grounds of cost, complexity, and feasibility of compliance, the Bureau
acknowledges that the provision adds effort and expense to complying
with this rule. However, the Bureau believes that comments overstate
the magnitude of the costs, complexity, and purported infeasibility of
complying with Sec. 1002.111(b). Comment 111(b)-1 provides for
flexibility in complying with Sec. 1002.111(b) in retaining records
containing demographic information required by section 1071. The
commenters addressing the cost, complexity, and feasibility did not
identify any less costly, complex, and more feasible methods of
compliance, especially for those financial institutions that found it
infeasible to maintain a firewall pursuant to Sec. 1002.108(b). In any
case, several other commenters, including a lender, agreed with the
Bureau that compliance with Sec. 1002.111(b) is feasible.
The Bureau does not believe that Sec. 1002.111(b) would be
counterproductive in the conduct of examinations or audits, as
suggested by some commenters. As with the comments concerning cost,
complexity and feasibility, these comments--assuming the necessity of
separate electronic or physical files in all cases--overstate the
complexity of Sec. 1002.111(b). As final comment 111(b)-1 establishes,
in many instances, simpler means of separating protected demographic
information from other information within an application file would
suffice, and, the Bureau believes, would not impede audits or
examinations. Further, the Bureau believes that for purposes of
complying with ECOA and subpart A of Regulation B, many financial
institutions already maintain certain documents in files separate from
the application, such as copies of drivers' licenses, that may reveal
protected demographic
[[Page 35419]]
information about business applicants' owners, such as race and sex.
The Bureau likewise disagrees with the assertion that Sec.
1002.111(b) is not necessary; this provision implements a statutory
requirement in ECOA section 704B(b)(2). In addition, in its
interpretation of 704B(b)(2), the Bureau has endeavored to minimize
cost and complexity by reading the provision narrowly. Regarding the
comment that Sec. 1002.111(b) would impact small lenders in particular
and increase ongoing costs, the Bureau does not believe the cost and
complexity of small lenders' compliance efforts will necessarily be
greater than for other institutions, as discussed in part IX below.
Regarding comments that the Bureau should not prohibit the
collection of demographic information on the same form as the rest of
the application, the Bureau disagrees. The Bureau interprets ECOA
section 704B(b)(2), which Sec. 1002.111(b) implements, to suggest that
collection of protected demographic information on separate forms may
be a practical necessity. That is, it would be difficult, if not
impossible, to determine whether a financial institution had complied
with Sec. 1002.111(b), or the firewall provision, if demographic
information is collected with the information from which it must be
kept separate. This is also illustrated in final comment 107(a)(18)-5.
The Bureau does not believe that Sec. 1002.111(b) would disrupt
the SBA's 7(a) loan process, as a commenter suggested--neither Sec.
1002.111(b) nor Sec. 1002.107(a)(18) and (19) affect how demographic
information gathered for purposes other than compliance with this final
rule are to be collected or retained.
Regarding the request that the final rule mirror HMDA's approach to
the collection of demographic information, the Bureau notes that HMDA
does not include a requirement comparable to the one in ECOA section
704B(b)(2) mandating the separation of certain information from the
application; Regulation C thus permits demographic information required
under HMDA to be retained as part of the application.\816\ Regarding
the claim that no evidence exists of fair lending violations from a
failure to separate demographic information separate mortgage files,
the Bureau reiterates that Sec. 1002.111(b) implements a statutory
requirement in ECOA. Regarding the request to exempt HMDA-reportable
loans from complying with Sec. 1002.111(b), the request is mooted by
the Bureau's adoption of new Sec. 1002.104(b)(2), which excludes HMDA-
reportable transactions from the requirements of this final rule.
---------------------------------------------------------------------------
\816\ See 80 FR 66128, 66192-93 (Oct. 28, 2015).
---------------------------------------------------------------------------
111(c) Limitation on Personally Identifiable Information Retained in
Certain Records Under This Section
Proposed Rule
ECOA section 704B(e)(3) provides that in compiling and maintaining
any record of information under section 1071, a financial institution
may not include in such record the name, specific address (other than
the census tract), telephone number, electronic mail address, or any
other personally identifiable information (PII) concerning any
individual who is, or is connected with, an applicant.
The Bureau proposed in Sec. 1002.111(c) that in compiling and
maintaining any records under proposed Sec. 1002.107 or Sec.
1002.111(b), or reporting data pursuant to proposed Sec. 1002.109, a
financial institution shall not include any name, specific address,
telephone number, email address, or any PII concerning any individual
who is, or is connected with, an applicant, other than as required
pursuant to proposed Sec. 1002.107 or Sec. 1002.111(b). The
prohibition on the inclusion of PII in ECOA section 704B(e)(3), which
covers the ``compiling and maintaining [of] any record of
information,'' implicates proposed Sec. Sec. 1002.107, 1002.109, and
1002.111, which together would address the compilation, maintenance,
and reporting of data by financial institutions.
Proposed comment 111(c)-1 would have clarified that the prohibition
in proposed Sec. 1002.111(c) applies to data compiled and maintained
pursuant to Sec. 1002.107, data in the small business lending
application register submitted by the financial institution to the
Bureau under proposed Sec. 1002.109, the version of the register that
the financial institution maintains under proposed Sec. 1002.111(a),
and the separate record of certain information created pursuant to
proposed Sec. 1002.111(b).
Proposed comment 111(c)-2 would have addressed the types of
information (including PII) that a financial institution is prohibited
from including in the data it compiles and maintains pursuant to
proposed Sec. 1002.107, in its records under proposed Sec.
1002.111(b), or in data reported to the Bureau under proposed Sec.
1002.109.
Proposed comment 111(c)-3 would have clarified that the prohibition
in proposed Sec. 1002.111(c) does not extend to the application or any
other records that the financial institution maintains. This comment
was intended to address the request by stakeholders in the SBREFA
process that the Bureau clarify that this prohibition does not extend
more broadly to a financial institution's application or loan-related
files.
Proposed comment 111(c)-4 would have clarified that the prohibition
in proposed Sec. 1002.111(c) does not bar financial institutions from
providing to the Bureau, pursuant to proposed Sec. 1002.109(b)(3), the
name and business contact information of the person who may be
contacted with questions about the financial institution's submission.
The Bureau sought comment on its proposed approach to implementing
ECOA section 704B(e)(3), including how best to implement this
requirement in a manner that minimizes cost and burden, particularly on
small financial institutions, while implementing all statutory
obligations. Regarding comments by stakeholders in the SBREFA process
that reporting small business lending data to the Bureau could give
rise to a potential conflict with the data protection and privacy laws
prohibiting the disclosure of nonpublic personal information to
unaffiliated third parties, the Bureau noted that such laws typically
provide an exemption for disclosures made pursuant to Federal and State
law.\817\
---------------------------------------------------------------------------
\817\ See, e.g., California Consumer Privacy Act, Cal. Civ. Code
1798.145(a)(1) (noting that the obligations imposed on businesses by
CCPA ``shall not restrict a business' ability to . . . comply with
federal, state, or local laws''). Some other laws on this topic may
apply only to consumers acting primarily for personal, family, or
household purposes, but they also provide an exemption for
disclosures made pursuant to Federal and State law. See Gramm-Leach-
Bliley Act section 502(e)(8), 15 U.S.C. 6802(e)(8), and Regulation P
Sec. 1016.15(a)(7)(i) (stating that the limitations on disclosing
nonpublic personal information to unaffiliated third parties do not
apply if the information is disclosed to comply with Federal, State,
or local laws, rules and other applicable legal requirements).
---------------------------------------------------------------------------
The Bureau sought comment on whether the requirements in this
proposed rule could conflict with other data privacy or data protection
laws, and whether the Bureau might need to use its preemption authority
under ECOA,\818\ Regulation B,\819\ and/or section 1041(a)(1) of the
Dodd-Frank Act to ensure that financial institutions do not violate
State law in reporting 1071 data to the Bureau. The Bureau also sought
comment on whether it should include a provision to preempt any State
data privacy or data protection laws that would prohibit the
collection, maintenance, and reporting to the Bureau of 1071 data. In
the SBREFA process before the publication of the proposed rule, some
industry
[[Page 35420]]
stakeholders expressed concern regarding a different issue related to
data privacy, specifically that reporting 1071 data to the Bureau may
cause them to violate other data privacy laws, including State data
privacy laws.
---------------------------------------------------------------------------
\818\ 15 U.S.C. 1691d(f).
\819\ Existing Sec. 1002.11.
---------------------------------------------------------------------------
Comments Received
The Bureau received comments on this aspect of the proposal from
several lenders and trade associations. A CDFI lender said the proposed
provision was reasonable and that it did not foresee an issue with
ensuring that the enumerated PII is not connected to the applicant. A
trade association stated the Bureau, in proposing this provision,
identified a consistent and correct approach to protecting PII. Another
trade association said that the Bureau should issue a provision
clarifying when PII must be excluded in the compiling and maintaining
of any record of information at the different stages in the process.
A bank opposed the proposal, observing that most small community
banks correlate documents to a specific borrower and application using
PII, and that if the rule prohibited the inclusion of such information
on the collection form, there would be no way to tie demographic
information to the specific application in order to aggregate and
accurately report the data.
A credit union trade association stated that the proposed visual
observation and surname data collection requirement for principal
owners' ethnicity and race (pursuant to proposed Sec. 1002.107(a)(20))
may expose covered financial institutions to compliance costs related
to an evolving patchwork of State personal data privacy laws, including
in California, which provides financial institutions only an
information-level exemption from its data privacy law.\820\
---------------------------------------------------------------------------
\820\ 4 Cal. Civ. Code 1798.145(c).
---------------------------------------------------------------------------
Final Rule
The Bureau is finalizing Sec. 1002.111(c) and associated
commentary with revisions for clarity. Final Sec. 1002.111(c), and the
associated commentary, is intended to implement ECOA section
704B(e)(3), which provides that in compiling and maintaining any record
of information under section 1071, a financial institution may not
include in such record the name, specific address (other than the
census tract), telephone number, electronic mail address, or any other
PII concerning any individual who is, or is connected with, an
applicant. The Bureau further clarifies in final Sec. 1002.111(c) that
it does not interpret ECOA section 704B(e)(3) as prohibiting a
financial institution from including PII in its application or other
files, but only the small business lending application register
submitted by the financial institution to the Bureau, the copy of the
submitted register that is retained for inspection, and the separately
maintained record of protected demographic information kept pursuant to
Sec. 1002.111(b).
Final Sec. 1002.111(c), along with corresponding passages in the
commentary, now states that in reporting a small business lending
application register pursuant to Sec. 1002.109, maintaining the
register pursuant to Sec. 1002.111(a), and maintaining a separate
record of information pursuant to Sec. 1002.111(b), a financial
institution shall not include any name, specific address, telephone
number, email address, or any other PII concerning any individual who
is, or is connected with, an applicant, other than as required pursuant
to Sec. 1002.107 or Sec. 1002.111(b). Final Sec. 1002.111(c) and
final comment 111(c)-2 now refer to ``any other personally identifiable
information'' for the sake of clarity and to better conform with ECOA
section 704B(e)(3). Final Sec. 1002.111(c) and associated commentary
incorporate several revisions compared to the proposal. First, to
address a potential misunderstanding regarding the first cross-
reference to Sec. 1002.107 in proposed Sec. 1002.111(c)--as some
comments reflected--as to whether a financial institution is prohibited
from maintaining PII with not only the small business lending
application register but also any other records related to the
collection and maintenance of data points specified in Sec. 1002.107,
including an application for a covered credit transaction. The Bureau
acknowledges the comment that, as drafted, the reference to ``compiling
and maintaining any records under Sec. 1002.107'' in proposed Sec.
1002.111(c) made it unclear exactly what documents, beyond the small
business lending application register and the separately maintained
demographic information of applicants, are subject to the prohibition
on the inclusion of PII.
The Bureau understands that the initial collection of records
relevant to the data points specified in Sec. 1002.107 will commence
in the normal course of business for financial institutions when they
receive a covered application from a small business. At that phase, and
during the underwriting of the application, it would be impractical to
expect that financial institutions could keep the PII of the
individuals associated with an application separate from all of the
other information in the application from which the various data points
in Sec. 1002.107(a) would be derived. The Bureau acknowledges comments
suggesting that a prohibition on including PII on forms--such as the
applicant's name--to tie an application for credit to the separately
kept demographic information would likely impede the accurate compiling
and reporting of data.
As a result, the Bureau has revised Sec. 1002.111(c) to clarify
that financial institutions are prohibited from maintaining certain
types of PII in reporting data pursuant to Sec. 1002.109, the
provision concerning the creation and maintenance of the small business
lending application register. Likewise, final comments 111(c)-1 and
111(c)-2 now refer to the reporting of data pursuant to Sec. 1002.109,
rather than the compilation and maintenance of any records pursuant to
Sec. 1002.107, to focus on PII associated with the small business
lending application register, rather than any records, even those
loosely associated with, the data points under Sec. 1002.107.
Second, the Bureau is finalizing Sec. 1002.111(c) and comment
111(c)-2 to refer explicitly to Sec. 1002.111(a) for clarity. Proposed
comment 111(c)-1 referred to Sec. 1002.111(a) in prohibiting PII in
the copy of the small business lending application register maintained
by the financial institution, but proposed Sec. 1002.111(c) and
proposed comment 111(c)-2 did not explicitly mention Sec. 1002.111(a).
Final Sec. 1002.111(c) and final comment 111(c)-2 have been modified
to remedy this omission. If financial institutions are prohibited from
including PII not only in the small business lending application
register they submit to the Bureau pursuant to Sec. 1002.109,
logically they must also be prohibited from including PII in the copy
of the register they retain pursuant to Sec. 1002.111(a). The Bureau
clarifies in final Sec. 1002.111(c) that it is the Bureau's
interpretation that ECOA section 704B(e)(3) should be read as
prohibiting lenders from including PII in the small business lending
application register submitted to the Bureau pursuant to Sec.
1002.109, and, logically, as requiring lenders to also exclude PII from
the copy of this register that a financial institution is required to
retain pursuant to Sec. 1002.111(a).
Third, the Bureau is finalizing Sec. 1002.111(c) and comment
111(c)-2 to refer explicitly to Sec. 1002.111(b) earlier in both
provisions. Section 1002.111(b) is mentioned towards the end of both
proposed Sec. 1002.111(c) and proposed comment 111(c)-2; however, in
neither provision is it abundantly clear that the
[[Page 35421]]
protected demographic information that lenders must maintain separately
from the application pursuant to Sec. 1002.111(b) must itself be free
of PII. This lack of clarity is remedied in final Sec. 1002.111(c) and
final comment 111(c)-2.
Fourth, the Bureau is finalizing Sec. 1002.111(c) and comment
111(c)-2 to clarify that financial institutions are prohibited from
including in the enumerated records certain enumerated types of PII
specified in the statute, as well as any other PII. The proposed Sec.
1002.111(c) referred simply to ``any'' PII (rather than ``any other''),
which the Bureau believes could have been misinterpreted to suggest
that the list of specific items preceding ``any'' (name, specific
address, telephone number, email address) were not themselves forms of
PII. As a result, to avoid any potential confusion, in both final Sec.
1002.111(c) and final comment 111(c)-2, the Bureau refers to ``any
other'' PII, which also better conforms with the text of ECOA section
704B(e)(3).
Finally, the Bureau is finalizing comment 111(c)-3 to specify that
the prohibition in Sec. 1002.111(c) does not extend to an application
for credit, or any other records that the financial institution
maintains that are not specifically enumerated in final Sec.
1002.111(c). Proposed comment 111(c)-3 simply noted that Sec.
1002.111(c) did not apply to an application for credit or any other
records that the financial institution maintains. The addition of the
phrase ``that are not specifically enumerated in Sec. 1002.111(c)'' is
intended to eliminate any uncertainty about the scope of application of
Sec. 1002.111(c).
Regarding the comment requesting clarification on whether the
prohibition on PII includes different stages in the process of
compiling and maintaining any record of information, the Bureau
addresses these concerns in final Sec. 1002.111(c), and comments
111(c)-1 and 111(c)-2, as revised, as well as comment 111(c)-3, which
is finalized as proposed. Final comment 111(c)-1 specifies the
categories of information that Sec. 1002.111(c) applies to, and final
comment 111(c)-3 makes clear that the prohibition on PII does not
extend to the application or other records that the financial
institution maintains beyond the small business lending application
register.
Regarding the comment that a prohibition on the inclusion of PII on
forms--such as the applicant's name--to tie an application for credit
to the separately kept demographic information would impede the
accurate aggregation and reporting of data, the Bureau believes that
for this specific purpose, other identifiers not involving PII may be
used. For instance, the unique identifier data point in Sec.
1002.107(a)(1) is specific to a particular applicant and can be used to
tie an application to the separately maintained demographic information
for that applicant. By definition and according to comment 107(a)(1)-3,
the unique loan identifier may not include PII prohibited by Sec.
1002.111(c).
The concern that the visual observation and surname provision of
the proposal would expose covered lenders to compliance costs related
to State personal data privacy laws, such as California's, is rendered
moot by the Bureau's decision not to finalize its proposal for
financial institutions to use visual observation and surname analysis
to determine principal owners' ethnicity and race in certain
circumstances.
Section 1002.112 Enforcement
Final Sec. 1002.112 addresses several issues related to the
enforcement of violations of the requirements of proposed subpart B.
First, Sec. 1002.112(a) states that a violation of section 1071 or
subpart B of Regulation B is subject to administrative sanctions and
civil liability as provided in sections 704 and 706 of ECOA. Second,
Sec. 1002.112(b) provides that a bona fide error in compiling,
maintaining, or reporting data with respect to a covered application is
an error that was unintentional and occurred despite the maintenance of
procedures reasonably adapted to avoid such an error. This provision
also addresses the maintenance of procedures reasonably adapted to
avoid such errors. Third, Sec. 1002.112(c) identifies four safe
harbors under which certain errors--namely, certain types of incorrect
entries for the census tract, NAICS code, and application date data
points, or incorrect determination of small business status, covered
credit transaction, or covered application--do not constitute
violations of ECOA or Regulation B.
The Bureau is finalizing Sec. 1002.112 to implement sections 704
and 706 of ECOA, pursuant to its authority under ECOA section
704B(g)(1) to prescribe such rules and issue such guidance as may be
necessary to carry out, enforce, and compile data pursuant to section
1071 and pursuant to its authority under 704B(g)(2) to adopt exceptions
to any requirement of section 1071 and to exempt any financial
institution or class of financial institutions from the requirements of
section 1071, as the Bureau deems necessary or appropriate to carry out
the purposes of section 1071.
112(a) Administrative Enforcement and Civil Liability
Proposed Rule
A violation of section 1071 is subject to the enforcement
provisions of ECOA, of which section 1071 is a part. ECOA contains
administrative enforcement provisions in section 704,\821\ and it
provides for civil liability in section 706.\822\ The enforcement
provisions in existing Regulation B (Sec. 1002.16(a)(1) and (2))
cross-reference and paraphrase these administrative enforcement and
civil liability provisions of ECOA. Proposed Sec. 1002.112(a) would
have provided that a violation of section 1071 or subpart B of
Regulation B is subject to administrative sanctions and civil liability
as provided in sections 704 and 706 of ECOA, where applicable. The
Bureau sought comment on its proposed approach to administrative
enforcement and civil liability.
---------------------------------------------------------------------------
\821\ 15 U.S.C. 1691c.
\822\ 15 U.S.C. 1691e.
---------------------------------------------------------------------------
Comments Received
Several lenders and several trade associations commented on the
proposed administrative and civil enforcement provisions of the rule. A
CDFI lender and two trade associations supported the proposed provision
as appropriate and in line with other regulations. Several commenters
observed that, with respect to Farm Credit lenders, the Farm Credit
Administration examines and enforces compliance with fair lending laws,
including compliance with any rule implementing section 1071. A trade
association observed that for banks with $10 billion or less in assets,
this regulation will be enforced under section 8 of the Federal Deposit
Insurance Act by the appropriate Federal banking agency.
One community group asked that the final rule provide for the
recording and enforcement of whistleblower complaints in the event that
rural farm lenders retaliate against farmers for the good faith
exercise of their rights under various Federal consumer protection
laws, as protected by ECOA and subpart A of Regulation B. The community
group had cited farm loan servicing in particular as an area where
minority famers faced the most discriminatory terms and conditions.
One bank opposed the proposed administrative enforcement and civil
liability provisions in general. A trade association requested that the
Bureau prohibit private causes of action based
[[Page 35422]]
on 1071 data, including discovery in private proceedings. The commenter
claimed that the Bureau had overemphasized the use of these data by
non-governmental entities such as researchers, economists, industry,
and community groups, and that only governmental agencies should have
the power to use such data for supervision and enforcement because only
they were capable of providing appropriate governance to covered
institutions. The same commenter opposed the Bureau's use of such data
in its own enforcement and supervision actions because the right of
applicants to refuse to provide demographic information would render
the data incomplete, unreliable, and inherently inaccurate. The
commenter also claimed that the Bureau had not explained how it would
acquire data on the broader business credit market, without which
accurate decisions on potential violations of fair lending or other
laws could not be made.
One trade association requested that the Bureau, and any regulators
responsible for implementing section 1071, train examiners well and
assign senior staff to examine CDFI banks. The commenter further
observed that the small business lending market is mostly unregulated,
and requested that the Bureau develop examination capacity to cover
currently unregulated lenders such that it should delay implementation
until it has the capacity to enforce compliance with section 1071
across all covered lenders. A women's business advocacy group indicated
support for auditing by the Bureau to ensure that financial
institutions do not alter information to manipulate the data to their
benefit. Another trade association asked what underwriting imbalance
threshold would cause the Bureau to initiate investigation and
enforcement, and how such a process would allow for the mitigation of
data anomalies and errors. Finally, one trade association supported and
deferred to the views of covered lenders, and other trade associations,
and their opinions on the proposed administrative and civil enforcement
provisions of the rule.
A trade association said that because small business loans vary
widely in design and purpose, use of the same analytical techniques and
examination approaches applicable to HMDA's enforcement may yield
erroneous results, and that the Bureau must coordinate with other FFIEC
agencies, including NCUA, to develop model examination procedures in
advance of a final rule. A bank asked that the Bureau limit the use of
data by regulators to conduct fair lending exams only, and not to
subject financial institutions to technical audit and compliance
requirements, based on its experience with HMDA.
Final Rule
The Bureau is finalizing Sec. 1002.112(a) as proposed. Final Sec.
1002.112(a) is necessary to implement the administrative and civil
enforcement provisions of ECOA. A violation of section 1071 is subject
to the enforcement provisions of ECOA, of which section 1071 is a part.
ECOA contains administrative enforcement provisions in section 704, and
it provides for civil liability in section 706. The enforcement
provisions in existing Regulation B (Sec. 1002.16(a)(1) and (2))
cross-reference and paraphrase these administrative enforcement and
civil liability provisions of ECOA. The Bureau notes that several
commenters, including trade associations to industry, agreed with the
Bureau's proposed implementation of the administrative and civil
enforcement provisions of ECOA. Regarding the comments noting the role
of other statutory regimes in the enforcement of section 1071, the
Bureau agrees and notes that the administrative enforcement provisions
of ECOA cross-reference the enforcement authority of other Federal
regulators, including the agencies mentioned by the commenters.
Regarding the request to record and enforce whistleblower
complaints against farm lenders, the Bureau notes that this would be
outside of the scope of this regulation, although the commenter
correctly notes that retaliation for the good faith exercise of rights
under various Federal consumer protection laws could violate ECOA and
subpart A of Regulation B.
Regarding the comment opposing Sec. 1002.112(a) in its entirety,
the Bureau notes that Sec. 1002.112(a) simply implements, by cross-
reference, the existing administrative enforcement and civil liability
provisions of ECOA. Regarding a commenter's request that the Bureau
prohibit private causes of action, including discovery proceedings, the
Bureau is not making such a change as Sec. 1002.112(a) implements, by
cross-reference, the existing administrative enforcement and civil
liability provisions of ECOA, of which section 1071 is a part. Further,
as specified in the preamble to the proposed rule, the Bureau expressed
its belief in response to stakeholders' comments on the SBREFA Outline
that the administrative enforcement mechanisms under ECOA would be
appropriate to address most instances of non-compliance by financial
institutions that report small business lending data to the Bureau,
based on its experience with Regulation C and HMDA.\823\ Further, other
provisions would serve to limit private liability, especially for
unintentional errors, including the bona fide error provision of Sec.
1002.112(b) and the various safe harbors in Sec. 1002.112(c).
---------------------------------------------------------------------------
\823\ 86 FR 56356, 56503 (Oct. 8, 2021).
---------------------------------------------------------------------------
The same commenter claimed that the proposal overemphasized the use
of data by non-governmental entities such as researchers, economists,
industry, and community groups, and that only government agencies
should have access to these data. However, ECOA section 704B(a)
explicitly states that one of the purposes of the statute is to enable
communities and creditors to identify business and community needs and
opportunities; researchers and economists work at community groups and
within industry to assist their analyses in identifying business and
community needs. Moreover, the Bureau does not believe the statute's
other purpose--facilitating enforcement of fair lending laws--was
intended to be limited to enforcement by only governmental entities.
Regarding the commenter's claim that only governmental agencies should
have the power to use such data for supervision and enforcement because
only they are capable of providing appropriate governance to covered
institutions, the commenter undercuts this claim by, in the same
comment letter, also opposing the Bureau's use of small business
lending data in its own enforcement and supervision actions on the
grounds that applicants' right to refuse to answer demographic
information would render the data incomplete, unreliable, and
inherently inaccurate. The Bureau recognizes that the applicant's right
to refuse pursuant to 704B(c) may result in a less complete dataset,
but compared to the status quo, this rule will result in a vastly
expanded dataset on the market for small business credit.
Regarding the varied supervision-related requests for ensuring
sufficient examiner training, assigning senior staff to CDFI banks,
training for examiners to supervise currently unregulated lenders, and
conducting audits to check for the manipulation of data, the Bureau
notes that such requests are outside of the scope of this rulemaking;
the Bureau establishes supervisory and examination procedures only
after a regulation has been finalized, and such procedures will be
consistent with the Bureau's existing policies regarding supervision
and examinations. The Bureau does not believe it would be appropriate
to state, at this time, what would cause the Bureau to initiate
investigation and enforcement, and how it would allow
[[Page 35423]]
for the mitigation of data errors. The Bureau notes, however, that
Sec. 1002.112(b) and appendix F establish thresholds for errors in the
reporting of data.
Regarding the comment concerning how the Bureau should conduct
examinations, the Bureau observes that such comments are outside of the
scope of this regulation. In any case, the Bureau agrees that the
analytical techniques and examination approaches for HMDA may differ
somewhat from the small business credit context, in part because small
business credit products differ widely in design and purpose, and the
Bureau's supervision and enforcement will reflect this. However,
because HMDA as implemented by Regulation C is a data collection regime
that shares similar structures and goals as section 1071 and this
regulation, including the manner in which HMDA data facilitates fair
lending enforcement, the Bureau believes that its experience with HMDA/
Regulation C is instructive for this rulemaking and will inform its
enforcement and supervisory work. Regarding the comment that the Bureau
must coordinate with other FFIEC agencies, including NCUA, to develop
examination procedures in advance of a final rule, the Bureau notes
that examination procedures normally follow after the publication of a
new rule. Regarding the comment that the Bureau should only use the
data it receives to conduct fair lending examinations, and not
technical compliance examinations, the Bureau does not believe that
such a limitation would be appropriate and notes that fair lending
examinations are less effective if the underlying data are not
accurate; technical compliance examinations help ensure the accuracy of
data.
112(b) Bona Fide Errors
Background
During the SBREFA process, small entity representatives and other
industry stakeholders expressed concern about private litigants suing
them for non-compliance with the rule.\824\ In addition, several small
entity representatives requested that the Bureau not assess penalties
for the first year of data collection and reporting, as it did
following the 2015 HMDA final rule; prior to the compliance date for
that rule, the Bureau issued a policy statement announcing it would not
seek penalties for errors for the first calendar year (2018) of data
collected under the amended Regulation C.\825\ Stakeholders asked the
Bureau to emulate that approach for this rulemaking. Other stakeholders
expressed concern about the potential consequences of committing what
they viewed as technical or inadvertent errors in collecting or
reporting data. One financial institution stakeholder suggested that
the rule adopt or emulate the good faith error provisions set out in
Regulation C, including Sec. 1003.6(b)(1), which provides that an
error in compiling or recording data for a covered loan or application
is not a violation of HMDA or Regulation C if the error was
unintentional and occurred despite the maintenance of procedures
reasonably adapted to avoid such an error. Stakeholders also referred
to the existing error-related exemptions in ECOA and Regulation B.\826\
ECOA's civil liability provision states that creditors will not be
liable for acts done or omitted in good faith in conformity with any
official rule, regulation, or interpretation thereof by the
Bureau.\827\
---------------------------------------------------------------------------
\824\ The small entity representative feedback discussed in this
section-by-section analysis can be found in the SBREFA Panel Report
at 34-36.
\825\ CFPB, CFPB Issues Public Statement On Home Mortgage
Disclosure Act Compliance (Dec. 21, 2017), https://www.consumerfinance.gov/about-us/newsroom/cfpb-issues-public-statement-home-mortgage-disclosure-act-compliance/ (noting that the
Bureau did not intend to require data resubmission unless data
errors were material, or assess penalties with respect to errors for
HMDA data collected in 2018 and reported in 2019).
\826\ See, e.g., Sec. 1002.16(c).
\827\ 15 U.S.C. 1691e(e).
---------------------------------------------------------------------------
Proposed Rule
Proposed Sec. 1002.112(b) would have provided that a bona fide
error in compiling, maintaining, or reporting data with respect to a
covered application is an error that was unintentional and occurred
despite the maintenance of procedures reasonably adapted to avoid such
an error. A bona fide error is not a violation of ECOA or subpart B. A
financial institution would be presumed to maintain procedures
reasonably adapted to avoid errors with respect to a given data field
if the number of errors found in a random sample of the financial
institution's submission for the data field does not equal or exceed a
threshold specified by the Bureau for this purpose in proposed appendix
H. However, an error would not be a bona fide error if either there is
a reasonable basis to believe the error was intentional or there is
other evidence that the financial institution did not maintain
procedures reasonably adapted to avoid such errors.
The Bureau believed that a similar approach to Regulation C,
modified and combined with the approach taken by Federal agencies in
HMDA examinations, would be appropriate here. Regulation C Sec.
1003.6(b)(1) provides that an error in compiling or recording data for
a covered loan or application is not a violation of HMDA or Regulation
C if the error was unintentional and occurred despite the maintenance
of procedures reasonably adapted to avoid such an error. In an
examination of a financial institution for compliance with Regulation
C, a financial institution may make a certain number of unintentional
errors in a testing sample of applications for a given data field in
the institution's loan/application register, the HMDA analog to the
small business lending application register, before it must resubmit
its loan/application register. These tolerance thresholds are based on
the number of loans or applications in a loan/application register as
set out in the HMDA tolerances table in the FFIEC's Interagency HMDA
examination procedures.\828\
---------------------------------------------------------------------------
\828\ Fed. Fin. Insts. Examination Council, Interagency
Examination Procedures: HMDA (Apr. 2019), https://files.consumerfinance.gov/f/documents/cfpb_supervision-and-examination-manual_hmda-exam-procedures_2019-04.pdf.
---------------------------------------------------------------------------
The Bureau provided a table of thresholds in proposed appendix H
and incorporated it in the bona fide error provision in proposed Sec.
1002.112(b). Under this proposed provision and the table of thresholds
in proposed appendix H, financial institutions that report a number of
errors equal to or below the applicable thresholds would have been
presumed to have in place procedures reasonably adapted to avoid
errors; those that report a number of errors above the applicable
thresholds would not be presumed to have in place procedures reasonably
adapted to avoid errors.
Proposed comment 112(b)-1 would have explained that a financial
institution is presumed to maintain procedures reasonably adapted to
avoid errors with respect to a given data field if the number of errors
found in a random sample of the financial institution's submission for
the data field does not equal or exceed a threshold specified by the
Bureau for this purpose. Proposed comment 112(b)-1 would also have
explained that the Bureau's thresholds appear in column C of the table
in proposed appendix H, and that the size of the random sample shall
depend on the size of the financial institution's small business
lending application register, as shown in column A of the table in
appendix H.
Proposed comment 112(b)-2 would have provided that, for purposes of
determining bona fide errors under Sec. 1002.112(b), the term ``data
field''
[[Page 35424]]
generally refers to individual fields, but that, with respect to
information on the ethnicity or race of an applicant or borrower, or
co-applicant or co-borrower, a data field group may consist of more
than one field. Proposed comment 112(b)-2 would have provided that if
one or more of the fields within an ethnicity or race field group have
errors, they count as one (and only one) error for that data field
group.
Proposed comment 112(b)-3 would have provided that an error that
meets the criteria for one of the four safe harbor provisions in
proposed Sec. 1002.112(c) would not be counted as an error for
purposes of determining whether a financial institution has exceeded
the error threshold for a given data field.
The Bureau sought comment on its proposed approach to bona fide
errors, including whether the tolerance levels in proposed appendix H
were appropriate.
Comments Received
The Bureau received comments on this aspect of the proposal from
lenders, trade associations, a community group, a women's business
advocacy group, and a third-party service provider. Several lenders and
trade associations expressed support for the proposed provision on bona
fide errors. One trade association also noted that the provision, with
a table of thresholds, was broadly consistent with HMDA.
A women's business advocacy group and a community group expressed
some concerns about the provision. The trade association understood
that the proposal would hold financial institutions harmless for bona
fide errors, and encouraged a limit to the number of safe harbors. The
community group expressed the concern that the tolerances must not be
overly generous because if the rule was too lax, data quality would
suffer and the statutory purposes of the rule would be imperiled.
A community group asked the Bureau to clarify that certain types of
errors might still prompt an examination or enforcement action even if
the number of errors in a sample did not exceed the threshold, citing
the example provided by the Bureau in proposed comment 112(b)-1 in
which a lender coded withdrawn applications as denials to conceal a
potential fair lending deficiency. The commenter asked that the Bureau
further spell out these examples so as not to completely overrule the
proposed table of tolerances, noting that perhaps extra scrutiny should
apply mainly to the action taken categories, revenue size, and
ethnicity, race, and sex data points and fields.
A CDFI lender observed that, as a lender focused on women and
minority[hyphen]owned small businesses, it had noticed discrepancies in
self[hyphen]reporting ethnicity and race, where a minority self-
reported as non-minority, and vice versa. The commenter said that this
could have serious consequences for non[hyphen]profit lenders focused
on minorities, and that it used software and other relevant information
to reconcile ethnicity and race information when possible. The
commenter asked if the Bureau recognized this as an issue, and if the
Bureau would have an issue with lenders correcting or overriding
inaccurate self[hyphen]reported ethnicity and racial data.
A group of trade associations asked that any errors associated with
special lending programs, such as the SBA's Paycheck Protection
Program, that would require financial institutions to quickly provide
credit to their communities and that involved changing guidance, should
not be counted toward the tolerances.
A service provider requested clarification of the ``good faith''
compliance provision of ECOA, especially what would fall outside of the
definition of ``good faith'' under ECOA's civil liability provision,
which provides that ``creditors will not be liable for acts done or
omitted in good faith in conformity with any official rule, regulation,
or interpretation thereof by the CFPB.'' The commenter also suggested
that clarity on this provision would reduce compliance friction, and
lenders would feel secure in providing information to the Bureau if
they had certainty that the data would not be used against them.
A community group suggested that an example identified in proposed
comment 112(b)-2 should constitute two errors, not one, for purposes of
the thresholds. The commenter stated that the example involved the
Bureau examining a lender's data finding an error in the ethnicity and
race fields of the applicant and co-applicant in the same data record,
and counting the two errors in the applicant and co-applicant field as
only one error.
Final Rule
The Bureau is finalizing Sec. 1002.112(b), associated commentary,
as well as appendix F (renumbered from appendix H in the proposal),
with minor revisions. The Bureau has revised comment 112(b)-2 slightly
by changing references from ``data field groups'' to ``data fields,''
because the Bureau will not use data field groups as it does in the
HMDA data collection. The Bureau has also revised an example in comment
112(b)-2 to clarify that, regarding the example provided in the
comment, one error rather than two would be reported for purposes of
the tolerance thresholds.
The Bureau believes that a similar approach to Regulation C,
modified and combined with the approach taken by Federal agencies in
HMDA examinations, is appropriate here. These tolerance thresholds are
based on the number of applications in a register. as set out in the
HMDA tolerances table.\829\ Accordingly, the Bureau believes that the
approach set out in Sec. 1002.112(b), including the accompanying
comments and appendix F, is broadly consistent with the approach it has
taken for HMDA.\830\ The Bureau also believes that this approach
addresses the concerns first expressed by stakeholders in the SBREFA
process regarding liability for some data reporting errors, especially
in the earlier years of reporting, as processes are first being
implemented. Moreover, the Bureau believes that this provision will
help to ensure the accuracy of the data submitted by requiring the
maintenance of appropriate procedures; at the same time, this provision
will prevent financial institutions from being subjected to liability
for some difficult-to-avoid errors that could drive those institutions
from the small-business lending market. Therefore, the Bureau believes
this provision is necessary to carry out, enforce, and compile data
pursuant to section 1071, as well as necessary or appropriate to
carrying out section 1071's purposes.
---------------------------------------------------------------------------
\829\ For HMDA, similar error tolerance thresholds are set forth
in the FFIEC's Interagency HMDA examination procedures, rather than
in Regulation C itself. Fed. Fin. Insts. Examination Council,
Interagency Examination Procedures: HMDA (Apr. 2019), https://files.consumerfinance.gov/f/documents/cfpb_supervision-and-examination-manual_hmda-exam-procedures_201904.pdf.
\830\ Home Mortgage Disclosure (Regulation C), 80 FR 66128,
66269 (Oct. 28, 2015).
---------------------------------------------------------------------------
The Bureau notes that while a handful of commenters expressed
concern about this provision, the vast majority approved of the
inclusion of the bona fide error provision, even if most criticized the
tolerance thresholds, as further described in the section-by-section
analysis of appendix F. The Bureau agrees with the comment that
expressed its strong support on the grounds that the bona fide error
approach was consistent with HMDA.
Regarding the concern that the bona fide error provision might make
it harder to hold lenders accountable for data errors, the Bureau
acknowledges the potential trade-offs between
[[Page 35425]]
maximizing data quality and practicability of implementation for
lenders, and believes that the tolerances in appendix F strike a
reasonable balance between these factors based on the experience of the
tolerance thresholds in HMDA. Regarding the request to clarify the
types of errors that might prompt regulatory action even if the number
of errors in a sample did not exceed the tolerance threshold, the
Bureau notes that the example of denials coded as withdrawals in
comment 112(b)-1 was merely illustrative; the bona fide error provision
is a general standard. Regarding the concerns of erroneous self-
reporting of ethnicity or race, the Bureau notes that for purposes of
reporting data under this regulation, as specified in Sec. 1002.112(b)
and comment 107(a)(19)-1, a financial institution relies on an
applicant's self-reporting of ethnicity and race.
The final rule does not include a provision that errors associated
with applications and loans associated with emergency or special
lending programs such as the Paycheck Protection Program not be counted
towards the tolerances, as requested by some commenters. The Bureau
appreciates the logistical difficulties that might have been
encountered by financial institutions in compiling accurate data
associated with the Paycheck Protection Program and the Economic Impact
Disaster Loan Program, but believes it is more appropriate to consider
guidance in the future tailored to emergency programs as they arise.
Regarding the request to clarify ``good faith'' in the ECOA
provision absolving creditors of liability for ``acts done or omitted
in good faith in conformity with any official rule, regulation, or
interpretation thereof by the CFPB,'' the Bureau notes that the
provision speaks for itself and applies generally to any ECOA
violation, not only violations of this regulation. The Bureau does not
believe it would be appropriate to state that data collected under this
rule would not be used in supervisory or enforcement actions against
covered financial institutions, given that one of the statutory
purposes of this regulation is the facilitation of fair lending
enforcement.
Regarding the comment stating that the example in comment 112(b)-2
should have constituted two errors, not one, for purposes of the
thresholds, the commenter referenced the ethnicity and race fields of
the applicant and co-applicant in the same data record, but the example
did not mention these. In any case, the example in comment 112(b)-2
expresses how the Bureau intends to treat certain types of errors
within data fields.
112(c) Safe Harbors
Proposed Rule
Proposed Sec. 1002.112(c) would have established four safe harbor
provisions, providing that certain types of errors would not constitute
violations of ECOA or Regulation B. Proposed Sec. 1002.112(c)(1) would
have provided a safe harbor for an incorrect entry for census tract
obtained by correct use of a geocoding tool provided by the FFIEC or
the Bureau. Proposed Sec. 1002.112(c)(2) would have provided a safe
harbor for an incorrect NAICS code determined by a financial
institution under certain circumstances. Proposed Sec. 1002.112(c)(3)
would have provide a safe harbor for the collection of applicants'
protected demographic information pursuant to proposed Sec.
1002.107(a)(18) through (20) after an initially erroneous determination
that an applicant is a small business. Proposed Sec. 1002.112(c)(4)
would have provided a safe harbor for the reporting of an application
date that is within three calendar days of the actual application date.
Comments Received
The Bureau received a number of comments from banks, trade
associations, banks concerning the safe harbor provision generally or
not addressing the specific safe harbors in (c)(1) to (c)(4). A women's
business advocacy group encouraged the Bureau to generally limit the
number of safe harbors. Two banks encouraged the general expansion of
safe harbors.
Several banks and trade associations requested a general safe
harbor from liability applying to data if the financial institution
reports what the applicant submitted in the application process, even
if that data are incorrect or inaccurate. One bank further asserted
that it is burdensome for a financial institution to review each data
point for accuracy, and the ability to rely on applicant provided data
would limit the corrections needed. A trade association pointed out
that under the proposal, lenders may rely on some but not all data
provided by applicants, and recommended that the Bureau permit lenders
to rely on all data, without verification, in all circumstances.
Two industry commenters suggested that the Bureau adopt a general
safe harbor for any data that is reasonably documented, and the
financial institution can demonstrate that it has policies and
procedures in place to capture the data. Another commenter recommended
a safe harbor setting a reasonableness standard for data collection
and/or relying on self-reporting, where lenders are not held liable for
the accuracy of the applicant's responses because they are in jeopardy
of violating other laws.
A number of commenters suggested more specific safe harbors. Two
suggested that the Bureau provide an express safe harbor for applicant-
provided data on the applicant's number of workers, Sec.
1002.107(a)(16), and the applicant's time in business, Sec.
1002.107(a)(17). Another suggested that the Bureau provide an express
safe harbor for gross annual revenue, Sec. 1002.107(a)(14), asserting
that ensuring precision in the data is difficult, often requiring
manual review, that the precision of the data does not affect
interpretation of data. The bank stated that, for instance, an
applicant might report an initial estimate (e.g., $900,000), but that
during underwriting, preliminary financials may show a different amount
(e.g., $915,000), and audited financials yet another (e.g., $912,000),
making it likely that the final number may not be the one reported to
the Bureau. To penalize such errors, which the commenter described as
immaterial, would, according to the commenter, burden lenders and
regulators as well. The bank suggested that the Bureau should institute
a 10 percent tolerance for errors made in reporting gross annual
revenue. A trade association suggested a safe harbor for when an
applicant misidentifies itself as a women- or minority-owned business,
which would then cause the lender to ask questions about ethnicity,
race, and sex that may be in violation of ECOA. Another trade
association asked the Bureau to consider adding a safe harbor related
to the feasibility of the firewall, allowing for variations in
determining feasibility.
Final Rule
As described in further detail below, the Bureau is finalizing four
safe harbors established in final Sec. 1002.112(c) with modifications.
In addition, the Bureau has renumbered the four subsections to be more
aligned with the order in the data points these safe harbors address.
The Bureau is finalizing these safe harbors pursuant to its
authority under ECOA and as amended by section 1071. ECOA section 703
provides the Bureau the authority to prescribe regulations to carry out
the purposes of ECOA, including such adjustments and exceptions for any
class of transactions that in the judgment of the Bureau are necessary
or proper to effectuate the purposes of ECOA, to prevent
[[Page 35426]]
circumvention or evasion thereof, or to facilitate or substantiate
compliance therewith. Section 704B(g)(1) provides that the Bureau shall
prescribe such rules as may be necessary to carry out, enforce, and
compile data pursuant to section 1071. Section 704B(g)(2) authorizes
the Bureau to adopt exceptions to any requirement of section 1071 and
to exempt any financial institution or class of financial institutions
from the requirements of section 1071, as the Bureau deems necessary or
appropriate to carry out the purposes of section 1071.
The Bureau is not further modifying the safe harbor provisions in
response to commenters' requests that the Bureau either generally limit
or expand the number of safe harbors. Regarding the request for a safe
harbor from liability when a financial institution submits applicant-
provided data, the Bureau does not believe a safe harbor is necessary
because pursuant to Sec. 1002.107(b) and comment 107(b)-1, financial
institutions are already permitted to rely upon applicant-provided data
in accord with those provisions. Regarding the comment that it is
burdensome for financial institutions to review each data point for
accuracy, the Bureau again notes that financial institutions may rely
upon applicant-provided data and need not verify such data, subject to
the requirements of Sec. 1002.107(b) and comment 107(b)-1. Regarding
the comment that the Bureau should permit lenders to report and rely
solely on applicant-provided data even when they have verified some of
that data for their own business purposes, the Bureau believes that
such a safe harbor would result in a reduction of data quality. The
Bureau believes that final Sec. 1002.107(b) and comment 107(b)-1
strikes a reasonable balance between data quality and cost and effort
incurred by lenders.
Regarding the comment that the Bureau adopt a general safe harbor
for any data that is reasonably documented by financial institutions
with policies and procedures in place, the Bureau does not believe such
a safe harbor would be consistent with the statutory purposes of
section 1071. Such a safe harbor would appear to shield a lender from
liability even if the data submitted to the Bureau were not accurate,
i.e., did not reflect the underlying documentation. Regarding the
comment requesting that the Bureau adopt a safe harbor establishing a
general reasonableness standard for errors in data reporting, the
Bureau does not believe it consistent with the statutory purposes of
section 1071 to adopt such an apparently open-ended safe harbor without
further consideration of what the limits to this provision would be.
The Bureau believes the bona fide error provision in this final rule
will serve the function requested by the commenter's suggested safe
harbor in a manner consistent with the statutory purposes of section
1071, for the reasons set out in the section-by-section analysis of
Sec. 1002.112(b).
The Bureau does not believe any of the more specific safe harbors
suggested by commenters are needed. The Bureau believes that a safe
harbor for the number of workers data point is not necessary because
final Sec. 1002.107(a)(16) does not require the reporting of a precise
numbers of workers, but rather permits the selection of ranges of
numbers. Similarly, the Bureau believes that a safe harbor for the time
in business data point is not necessary because final Sec.
1002.107(a)(17) does not require the reporting of exact years in
business for this data point unless the financial institution already
obtains that information for its own purposes.
The Bureau also does not believe that a safe harbor for gross
annual revenue is needed, as Sec. 1002.107(a)(14), and comments
107(a)(14)-1 and -2, permit financial institutions to report gross
annual revenue in the manner they collect it. The Bureau disagrees,
however, with the comment that the precision of the data would not
materially affect data analysis. The commenter offered a specific
example of discrepancies between different estimates of gross annual
revenue that were minor and might not be material; the commenter did
not suggest that in practice that the differences between self-reported
and verified measures of revenue would consistently be as small as in
the example presented. In any case, the commenter did not address
whether the time between when an application was submitted and when the
financial institution would have to submit the data related to the
application to the Bureau was insufficient to arrive at a final gross
annual revenue number. Neither does the Bureau agree with the comment
offering examples of errors in reporting gross annual revenue would not
really impact the overall integrity of the data; based on its
experience with other data reporting regimes such as HMDA, the 10
percent error range suggested by the commenter in the reporting of
gross annual revenue could be material and impact the integrity of the
data the Bureau received.
A safe harbor for when an applicant misidentifies itself as a
women-owned or minority-owned business is likewise not necessary, as
financial institutions are required to report business statuses as
provided by the applicant, without verification, pursuant to final
Sec. 1002.107(a)(18) and comment 107(a)(18)-8. Regarding the request
to add a safe harbor related to the feasibility of the firewall,
allowing for variations in determining feasibility, the Bureau notes
that its implementation of the statutory firewall provision, in Sec.
1002.108, provides financial institutions substantial leeway; as
specified in comment 108(c)-1, a financial institution is not required
to perform a separate analysis of the feasibility of maintaining a
firewall beyond determining whether an employee or officer should have
access to an applicant's protected demographic information.
112(c)(1) Incorrect Entry for Application Date
Final Sec. 1002.107(a)(2) requires financial institutions to
report application date. In the NPRM, the Bureau proposed Sec.
1002.112(c)(4), which would have provided that a financial institution
does not violate proposed subpart B if it reports on its small business
lending application register an application date that is within three
calendar days of the actual application date pursuant to proposed Sec.
1002.107(a)(2). The Bureau sought comment on its proposed approach to
this safe harbor.
The Bureau received comments on proposed application date safe
harbor from a handful of lenders and trade associations. Most of these
commenters generally supported the safe harbor, with one commenter
stating that it would reduce the compliance burden of pinpointing an
exact application date. A trade association supporting the safe harbor
further stated that the application process is fluid and that it should
be sufficient for the financial institution to reasonably document the
data point and have policies and procedures in place to capture the
data. Another trade association stated that the proposed safe harbor is
appropriate, but questioned its utility. The commenter noted that it
was unclear who or how the ``actual'' application date would be
determined and the proposed definition of a covered application was
already flexible and subjective.
Two banks urged the Bureau to change ``calendar'' days to
``business'' days in the safe harbor. These commenters stated that they
often operate their business seven days a week or may approve requests
for credit on non-business days. They argued that business days would
allow for
[[Page 35427]]
consistent application of the safe harbor regardless of the date a
business applied for credit, retaining only calendar days would mean
financial institutions would lose the flexibility afforded by a safe
harbor when it is most needed, and that failure to make the change
could preempt the ability of financial institutions to provide ``off-
hour'' services. Finally, a couple commenters urged the Bureau to
provide additional clarifications, such as examples of how to calculate
the safe harbor date range or illustrations in the commentary on how
the safe harbor would operate.
The Bureau is finalizing Sec. 1002.112(c)(1) (proposed as Sec.
1002.112(c)(4)) with modifications to provide that a financial
institution does not violate ECOA or subpart B if it reports on its
small business lending application register an application date that is
within three business days of the actual application date pursuant to
final Sec. 1002.107(a)(2). The Bureau believes this provision will
both ensure the level of accuracy needed for the resulting data to be
useful in carrying out section 1071's purposes and minimize the risk
that financial institutions will be held liable for difficult-to-avoid
errors, which might otherwise affect their participation in the small
business lending market. The Bureau therefore believes final Sec.
1002.112(c)(1) is necessary or appropriate to carry out section 1071's
purposes pursuant to ECOA section 704B(g)(1) and (2).
In response to commenters' concerns that ``calendar'' days would
disadvantage a financial institution that receives applications on non-
traditional business days, the Bureau is revising ``calendar'' days to
``business'' days. A business day means any day the financial
institution is open for business.\831\ The Bureau agrees with
commenters that the safe harbor should apply equally regardless of
which day of the week an application is received. In response to
commenters' request for illustrations as to how the safe harbor would
work, the Bureau believes the text of final Sec. 1002.112(c)(1)
provides sufficient guidance on how to calculate whether a reported
date falls within the safe harbor. For example, in accordance with
final Sec. 1002.112(c)(1), if a covered application is received by a
financial institution on Saturday, January 5, and the financial
institution is closed for business on Sunday, January 6, the safe
harbor would apply so long as the financial institution reports an
application date that falls between Wednesday, January 2 (three
business days preceding the actual date of a covered application) and
Wednesday, January 9 (three business days following the actual date of
a covered application). Sunday, January 6 does not count as one of the
three business days because it was not a business day for the financial
institution.
---------------------------------------------------------------------------
\831\ If a financial institution accepts covered applications
online at any time, but under its procedures does not actually
receive or review the application until the next business day, the
mere willingness to accept applications online does not mean the
financial institution is open for business seven days a week.
---------------------------------------------------------------------------
112(c)(2) Incorrect Entry for Census Tract
Proposed Rule
Proposed Sec. 1002.112(c)(1) would have provided that an incorrect
entry for census tract is not a violation of ECOA or this subpart if
the financial institution obtained the census tract by correctly using
a geocoding tool provided by the FFIEC or the Bureau. Regulation C
Sec. 1003.6(b)(2) contains a similar provision, and the Bureau
believed a similar approach would be appropriate here.
Proposed comment 112(c)(1)-1 would have explained that the safe
harbor provision under proposed Sec. 1002.112(c)(1) would not extend
to a financial institution's failure to provide the correct census
tract number for a covered application on its small business lending
application register, as would have been required by proposed Sec.
1002.107(a)(13), because the FFIEC or Bureau geocoding tool did not
return a census tract for the address provided by the financial
institution. In addition, proposed comment 112(c)(1)-1 would have
explained that this safe harbor provision would not extend to a census
tract error that results from a financial institution entering an
inaccurate address into the FFIEC or Bureau geocoding tool.
The Bureau sought comment on its proposed approach to this safe
harbor.
Comments Received
Several lenders and trade associations commented on the proposed
safe harbor for incorrect census tract. Some commenters supported the
safe harbor as proposed; several further requested that the safe harbor
also protect the use of reasonable processes to identify and report
census tract data where the FFIEC and Bureau tools did not return a
census tract. Two commenters requested that the Bureau create an
exclusion from census tract reporting when the applicant only provides
a P.O. Box or other mailbox that is not connected to a physical
address. Another requested, because the Bureau census tract tool is not
yet available and because the FFIEC tool does not permit batch
geocoding, that the Bureau extend the safe harbor to include
commercially available batch geocoders often found within HMDA and CRA
reporting software. One commenter supported the safe harbor but
asserted that the safe harbor's usefulness was limited because of the
difficulty in proving that a geocoding tool was used correctly. Two
commenters requested additional latitude if a census tract is reported
for a business where the business has a physical location, even if it
is not the business's main address or where loan funds are spent.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.112(c)(2) (proposed as Sec. 1002.112(c)(1)) and comment
112(c)(2)-1 (proposed as 112(c)(1)-1) as proposed. As noted above,
Regulation C Sec. 1003.6(b)(2) contains a similar provision, and the
Bureau believes a similar approach is appropriate here. Given the
number of years that financial institutions have been relying on the
FFIEC geocoding tool in the HMDA context, the Bureau believes it is
reasonable to similarly permit financial institutions to rely on
information provided by a geocoding tool offered by the FFIEC or the
Bureau, subject to the caveats in comment 112(c)(2)-1. Additionally,
the Bureau believes that this safe harbor will ultimately improve the
accuracy of the data submitted by encouraging the use of reliable FFIEC
geocoding tools, and preventing financial institutions from being
subject to liability for difficult-to-avoid errors that some commenters
said could drive those institutions to eschew these useful tools. The
Bureau thus believes this provision is necessary to carry out, enforce,
or compile data pursuant to section 1071, and necessary or appropriate
to carry out section 1071's purposes pursuant to ECOA section
704B(g)(1) and (2).
Regarding commenters' request that the safe harbor be adjusted to
protect the use of reasonable processes to identify and report census
tract data where the FFIEC and Bureau geocoding tools did not return a
census tract, or that the Bureau expand the safe harbor to include
commercially available batch geocoding tools, the Bureau does not
believe that such changes are warranted. Both Regulation C Sec.
1003.6(b)(2) and final Sec. 1002.112(c)(2) permit financial
institutions to rely on the accuracy of tools provided by the Federal
government when they are able to return a census tract. Where such
tools return no census tract at all, financial institutions must rely
on other tools,
[[Page 35428]]
such as geocoding tools provided by third parties, or must use other
means to determine census tract. The Federal government does not
review, and therefore cannot verify or take responsibility for, the
accuracy of commercially available geocoders.
Similarly, the Bureau is not adopting an exception for situations
in which the applicant only provides a P.O. Box or other mailbox that
is not connected to a physical address. The ``waterfall'' reporting
method for the census tract data point implements the statutory term
``principal place of business.'' Pursuant to final Sec. 1002.107(c), a
financial institution is required to maintain procedures reasonably
designed to collect applicant-provided data, which includes an address
or location for purposes of determining census tract. Because a P.O. or
other mailbox address is generally unrelated to the location of the
principal place of business or another location associated with the
business, the Bureau expects that in most instances (for its own
purposes or as needed to comply with other regulations) a financial
institution will attempt to collect an address more suitable for
determining the census tract. If the financial institution is unable to
do so, it may use a P.O. or other mailbox address for reporting census
tract.
Despite the assertion that this safe harbor is limited because of
the difficulty in proving that a geocoding tool was used correctly, the
Bureau does not believe that changes to the safe harbor would be
appropriate. The safe harbor, which the Bureau notes is broader than
the one in Regulation C (this safe harbor extends to the Bureau
geocoding tool; the one in Regulation C does not), is intended to be
narrowly applicable to government-provided geocoding tools. Financial
institutions have relied for years on existing geocoding tools,
including the FFIEC tool in the HMDA context. The use of the FFIEC
tool, and the manner that the Bureau has dealt with any errors derived
from the use of the tool, are well established. Thus, the Bureau does
not anticipate difficulties identifying whether an error is caused by
user error (which would not be protected by the safe harbor) or by the
geocoding tool itself (which would be protected). The Bureau does not
believe that, as requested by the same commenter, any further latitude
is required in the reporting of census tract (i.e., if the census tract
is reported for a physical location, even if it is not the business's
main address or where the proceeds of the credit applied for or
originated will be or would have been principally applied) for the
reasons set out here and in the section-by-section analysis of Sec.
1002.107(a)(13) above.
112(c)(3) Incorrect Entry for NAICS Code
Proposed Rule
The Bureau proposed to require financial institutions to collect
and report an applicant's 6-digit NAICS code in proposed Sec.
1002.107(a)(15). A financial institution would have been permitted to
rely on statements of or information provided by the applicant in
collecting and reporting the NAICS code as described in proposed
comments 107(a)(15)-3 and -4. The Bureau also proposed a safe harbor,
in Sec. 1002.112(c)(2), to address situations where a financial
institution does not rely on such information, but instead identifies
the NAICS code for an applicant itself and the identified NAICS code is
incorrect. Specifically, proposed Sec. 1002.112(c)(2) would have
provided that the incorrect entry for that institution-identified NAICS
code is not a violation of ECOA or subpart B, provided that the first
two digits of the NAICS code are correct and the financial institution
maintains procedures reasonably adapted to correctly identify the
subsequent four digits.
The Bureau sought comment on its proposed approach to this safe
harbor. The Bureau also sought comment on whether requiring a 3-digit
NAICS code with no safe harbor would be a better alternative.
Comments Received
The Bureau received a number of comments on its proposal to require
collection and reporting of a 6-digit NAICS code, as discussed in the
section-by-section analysis of Sec. 1002.107(a)(15) above. The Bureau
received comments from some lenders and trade associations specifically
regarding the related safe harbor in proposed Sec. 1002.112(c)(2).
Several industry commenters reiterated their general opposition to the
proposed NAICS code data point but asserted that they supported the
safe harbor if the Bureau were to require financial institutions to
collect and report NAICS code. A trade association stated that as long
as the data point reported is reasonably documented and the financial
institution can demonstrate it has policies and procedures in place to
capture the data, the Bureau should recognize that it is sufficient. A
bank and a trade association for online lenders stated that where an
institution in good faith reports a NAICS code, believed to be accurate
based on the attestation and information provided by the applicant, but
was provided with inaccurate information, a reporting financial
institution should not be deemed to be in noncompliance with the
regulation. A few commenters asserted that if the Bureau requires NAICS
code to be collected, then the Bureau should permit lenders to rely
upon applicant statements or codes obtained through the use of business
information products as proposed in comments 107(a)(15)-3 and -4.
A few trade associations and a business advocacy group expressed
the belief that the safe harbor was insufficient and should be broader.
In particular, these commenters asserted that the safe harbor would not
apply when the institution relied on the applicant's statement for the
NAICS code. A group of trade associations concluded that financial
institutions that want to use the safe harbor would be required to try
to determine the NAICS code themselves and said that this process would
be burdensome and fraught with the risk of inaccuracies.
Final Rule
For the reasons set forth herein, the Bureau is finalizing Sec.
1002.112(c)(3) (proposed as Sec. 1002.112(c)(2)) with certain
adjustments. As discussed in the section-by-section analysis of Sec.
1002.107(a)(15) above, the Bureau is requiring that financial
institutions collect and report a 3-digit NAICS code for the applicant.
The Bureau is revising the safe harbor to account for this modification
for the required number of digits and to clarify what information the
financial institution may rely on in reporting NAICS codes. In
addition, while the bona fide error provision in final Sec.
1002.112(b) continues to apply (provided its requirements are met), the
Bureau is deleting that language from comment 112(c)-2 for consistency
across the safe harbor provisions and because comment 112(b)-3
addresses the issue.
Specifically, final Sec. 1002.112(c)(3) makes clear that an
incorrect entry for a 3-digit NAICS code is not a violation of ECOA or
subpart B, provided that the financial institution obtained the 3-digit
NAICS code by: (i) Relying on an applicant's representations or on an
appropriate third-party source, in accordance with Sec. 1002.107(b),
regarding the NAICS code; or (ii) identifying the NAICS code itself,
provided that the financial institution maintains procedures reasonably
adapted to correctly identify a 3-digit NAICS code.
[[Page 35429]]
As discussed above, some commenters believed that the proposed safe
harbor would not apply when the institution relied on the applicant's
statement for the NAICS code, and as a result financial institutions
could be penalized for reporting erroneous NAICS codes provided by
applicants and thus may have to re-check such NAICS codes themselves in
order to qualify for the safe harbor. Given the provisions in proposed
Sec. 1002.107(a)(15) and (b) (finalized in Sec. 1002.107(b) with
additional detail) that expressly permitted a financial institution to
rely on applicant-provided information in reporting NAICS code, the
Bureau did not believe that such a safe harbor was necessary. However,
to address commenters' concerns, the Bureau is expressly including
NAICS codes provided by applicants or obtained from an appropriate
third-party source, in accordance with Sec. 1002.107(b), within the
scope of final Sec. 1002.112(c)(3).
The Bureau is adopting this safe harbor pursuant to its statutory
authority under section 704B(g)(1) and (2). The Bureau believes that
this safe harbor, as revised, is responsive to commenters' concerns
about the difficulties in correctly classifying an applicant's NAICS
code (whether because the business may change over time, codes may have
overlapping definitions, small businesses may not know their NAICS
code, or because classifications may otherwise be prone to human
error). The Bureau also believes that the safe harbor will help to
ensure the accuracy of the data submitted by requiring the maintenance
of appropriate procedures when the financial institution is determining
an applicant's NAICS code itself; at the same time, the safe harbor
prevents financial institutions from being subjected to liability for
some difficult-to-avoid errors. Therefore, the Bureau believes final
Sec. 1002.112(c)(3) is necessary or appropriate to carry out section
1071 purposes pursuant to ECOA section 704B(g)(1) and (2).
112(c)(4) Incorrect Determination of Small Business Status, Covered
Credit Transaction, or Covered Application
Proposed Rule
Proposed Sec. 1002.112(c)(3) would have provided that a financial
institution that initially determines that an applicant for a covered
credit transaction is a small business, as defined in proposed Sec.
1002.106(b), but later concludes the applicant is not a small business,
does not violate ECOA or Regulation B if it collected information
pursuant to subpart B regarding whether an applicant for a covered
credit transaction is a minority-owned business or a women-owned
business, and the ethnicity, race, and sex of the applicant's principal
owners. Proposed Sec. 1002.112(c)(3) would further have provided that
a financial institution seeking to avail itself of this safe harbor
would have to comply with the requirements of subpart B as otherwise
required pursuant to proposed Sec. Sec. 1002.107, 1002.108, and
1002.111 with respect to the collected information.
The Bureau proposed this safe harbor to address situations where a
financial institution may otherwise be uncertain about whether it ``may
obtain information required by a regulation'' under existing Sec.
1002.5(a)(2), which could deter financial institutions from complying
with the rule implementing section 1071. The Bureau believed that this
safe harbor would facilitate compliance with ECOA by eliminating a
situation in which a financial institution might be deterred from
appropriately collecting applicants' protected demographic information
due to the possibility that their understanding of an applicant's small
business status might change during the course of the application
process.
Proposed Sec. 1002.112(c)(3) would have made it clear that a
financial institution seeking to avail itself of this safe harbor must
comply with the requirements of subpart B as otherwise required
pursuant to proposed Sec. Sec. 1002.107, 1002.108, and 1002.111 with
respect to the collected information. Relatedly, proposed comment
106(b)-1 would have clarified that, in such a situation, the financial
institution does not report the application on its small business
lending application register pursuant to Sec. 1002.109.
The Bureau sought comment on its proposed approach to this safe
harbor.
Comments Received
As set out above in the section-by-section analysis of Sec.
1002.112(c), the Bureau received comments generally supporting all four
of the proposed safe harbors, including proposed Sec. 1002.112(c)(3),
as well as comments suggesting that the proposed safe harbors were too
narrow. With respect to proposed Sec. 1002.112(c)(3) specifically, a
CDFI lender and two trade associations supported this safe harbor
generally. The trade association further urged the Bureau to allow
banks to rely on applicant-provided revenue data in determining whether
to collect data pursuant to this regulation. Several other industry
commenters, apparently unaware of proposed Sec. 1002.112(c)(3),
requested that the Bureau adopt a safe harbor, in substance, identical
to proposed Sec. 1002.112(c)(3). A bank and a business advocacy group
suggested that the Bureau adopt a new safe harbor applying to an
application for a covered credit transaction where the applicant
ultimately accepts a product that is not reportable; the trade
association suggested that the collection of data for such applications
would not advance the statutory purposes of section 1071.
Final Rule
For the reasons set forth herein, the Bureau is finalizing this
safe harbor, renumbered as Sec. 1002.112(c)(4), with revisions. The
Bureau has expanded the safe harbor for the reasonable, yet erroneous,
collection of demographic data beyond an initial determination that an
applicant is a small business, to also cover an initial determination
that the application is for a covered credit transaction and that there
is a covered application.
Specifically, final Sec. 1002.112(c)(4) provides that a financial
institution that initially collects protected demographic data--
regarding whether an applicant for a covered credit transaction is a
minority-owned business, a women-owned business, or a LGBTQI+-owned
business, and the ethnicity, race, and sex of the applicant's principal
owners pursuant to final Sec. 1002.107(a)(18) and (19)--but later
concludes that it should not have collected such data does not violate
ECOA or Regulation B if the financial institution, at the time it
collected these data, had a reasonable basis for believing that the
application was a covered application from a small business for a
covered credit transaction pursuant to Sec. Sec. 1002.103, 1002.104
and 1002.106. Consistent with the proposal, final Sec. 1002.112(c)(4)
further states that a financial institution seeking to avail itself of
this safe harbor shall comply with the requirements of subpart B as
otherwise required pursuant to Sec. Sec. 1002.107, 1002.108, and
1002.111 with respect to the collected data. The Bureau is also
adopting new comment 112(c)-3 to provide an example of the kinds of
errors covered by the safe harbor in final Sec. 1002.112(c)(4).
The Bureau is adopting this safe harbor pursuant to its authority
under ECOA sections 703(a), 704B(g)(1), and 704B(g)(2). The Bureau has
determined it is appropriate to expand the safe harbor to address other
situations which could pose the same challenges to financial
institutions as the one addressed by proposed Sec. 1002.112(c)(3).
Specifically, the safe harbor as revised addresses several
determinations a
[[Page 35430]]
financial institution must make as a threshold matter in order to
collect applicants' protected demographic data pursuant to the rule:
whether an application is reportable pursuant to Sec. 1002.103, for a
covered credit transaction under Sec. 1002.104, and from a small
business applicant pursuant to Sec. 1002.106.
Comments the Bureau received on the safe harbor in proposed Sec.
1002.112(c)(3), and on the underlying substantive provisions including
proposed Sec. Sec. 1002.103, 1002.104 and 1002.106, suggested that
financial institutions need additional leeway in making threshold
determinations, particularly when those determinations are based on
applicant-provided data that may later change or otherwise turn out to
be incorrect. Under existing Sec. 1002.5(a)(2), a creditor may only
obtain otherwise protected information if ``required by a regulation,''
or some other express exception applies. Absent this expanded safe
harbor, financial institutions may be deterred from appropriately
collecting applicants' protected demographic information for fear of
running afoul of existing Sec. 1002.5(b) due to the possibility that
their understanding of an application--whether the application is for a
covered credit transaction, and is from a small business applicant--may
change during the course of the application process and so collection
of demographic data will no longer be ``required by a regulation.'' The
Bureau thus believes that the safe harbor in Sec. 1002.112(c)(3), as
revised from the proposal, will facilitate compliance with ECOA and the
rule.
The Bureau agrees, as suggested by several commenters, that the
safe harbor in proposed Sec. 1002.112(c)(3) may have been too narrow,
focused as it was on errors in determining the small business status of
an applicant. For the reasons explained herein, the Bureau believes it
is appropriate to extend the safe harbor to other threshold
determinations: whether an application is reportable at all under Sec.
1002.103 and whether the application in question is for a covered
credit transaction under Sec. 1002.104.
Regarding a commenter's request that banks should be allowed to
rely on applicant-provided revenue information in deciding to collect
demographic data, the Bureau notes that, pursuant to final Sec.
1002.107(b), financial institutions may rely on unverified applicant-
provided gross annual revenue (although if the financial institution
verifies that information, it must use the verified information
instead).
Regarding the same commenter's request to expand the safe harbor to
include any application for a covered credit transaction where the
applicant accepts an offer for a financing product that is not
reportable, the Bureau does not believe any further expansion of final
Sec. 1002.112(c)(4) is warranted. Final Sec. 1002.112(c)(4) addresses
the collection of demographic data from a small business that initially
applies for a covered credit transaction but, before final action is
taken, instead seeks a non-covered transaction, such as a lease.\832\
The safe harbor suggested by the commenter, on the other hand, would be
unnecessarily broad, reaching a covered application from a small
business that accepted a non-covered product after final action has
been taken on the covered application for a covered credit product. In
such circumstances, the initial decision of the financial institution
to collect demographic data on such applications for covered credit
transactions was not erroneous and would not have violated ECOA or
Regulation B, and thus a safe harbor is not necessary. Further, the
commenter did not explain why a safe harbor covering the situations it
described would be consistent with the statutory purposes of section
1071, which requires the collection of ``any application to a financial
institution for credit'' (emphasis added).
---------------------------------------------------------------------------
\832\ See also comment 103(a)-9, which discusses reporting where
there is a change in whether there is a covered credit transaction.
---------------------------------------------------------------------------
Section 1002.113 Severability
Proposed Sec. 1002.113 would have provided that the provisions of
subpart B are separate and severable from one another, and that if any
provision is stayed or determined to be invalid, the remaining
provisions shall continue in effect.
One trade association said that it had no comments on proposed
Sec. 1002.113.
The Bureau is finalizing Sec. 1002.113 with revisions to clarify
that applications of provisions are also severable. This is a standard
severability clause of the kind that is included in many regulations to
clearly express agency intent about the course that is preferred if
such events were to occur.
Section 1002.114 Effective Date, Compliance Date, and Special
Transitional Rules
Final Sec. 1002.114 addresses when the final rule becomes
effective and when financial institutions will be required to comply
with the rule, as well as how financial institutions can choose to
comply with the rule during this transitional period. Final Sec.
1002.114(a) states that this small business lending data collection
rule will become effective 90 days after the final rule is published in
the Federal Register. Final Sec. 1002.114(b) provides a tiered
approach to compliance dates. Specifically, the dates by which covered
financial institutions are initially required to comply with the
requirements of this rule are specified in four provisions based on the
number of covered originations. Compliance with the rule beginning
October 1, 2024 is required for financial institutions that originate
the most covered credit transactions for small businesses. However,
institutions with a moderate transaction volume have until April 1,
2025 to begin complying with the rule, and those with the lowest volume
have until January 1, 2026.
Final Sec. 1002.114(c)(1) permits covered financial institutions
to begin collecting information pursuant to final Sec. 1002.107(a)(18)
through (19) beginning 12 months prior to the compliance date. Final
Sec. 1002.114(c)(2) permits a financial institutions that do not have
ready access to sufficient information to determine their compliance
tier (or whether they are covered by the rule at all) to use reasonable
methods to estimate their volume of originations to small businesses
for this purpose.
114(a) Effective Date and 114(b) Compliance Date
Background
Section 1071 does not specify an implementation period, though
pursuant to ECOA section 704B(f)(1) financial institutions must report
data to the Bureau on an annual basis. In the SBREFA Outline, the
Bureau noted that it sought to ensure that financial institutions have
sufficient time to implement the rule, and stated that it was
considering proposing that financial institutions have approximately
two calendar years for implementation.\833\
---------------------------------------------------------------------------
\833\ SBREFA Outline at 42.
---------------------------------------------------------------------------
Small entity representative and stakeholder feedback regarding the
two-year period for implementation under consideration during the
SBREFA process was mixed.\834\ Some found the two-year period to be
adequate, some requested more time, and a few urged for less. Some
provided related feedback about adopting a grace period for data errors
in the first year(s) after the rule becomes effective. A fuller
discussion of the feedback from small entity representatives and
stakeholders on implementation period is included in
[[Page 35431]]
the NPRM and in the SBREFA Panel Report.
---------------------------------------------------------------------------
\834\ The small entity representative feedback discussed in this
section-by-section analysis can be found in the SBREFA Panel Report
at 36-37.
---------------------------------------------------------------------------
Proposed Rule
The Bureau proposed in Sec. 1002.114(a) that its small business
lending data collection rule become effective 90 days after the final
rule is published in the Federal Register. At that time, the rule would
become part of the Code of Federal Regulations; this would permit
financial institutions to avail themselves of the special transitional
rule in proposed Sec. 1002.114(c)(2), discussed below. However,
pursuant to proposed Sec. 1002.114(b), compliance with the final rule
would not have been required until approximately 18 months after the
final rule is published in the Federal Register.
The Bureau's proposed approach was a compromise between the two-
year implementation period under consideration at SBREFA that a slight
majority of stakeholders found acceptable and the shorter one-year
implementation period requested by certain stakeholders. The Bureau
believed that the statutory purposes of section 1071 are better served
by an earlier compliance date that would, in turn, result in earlier
publication of data by the Bureau. The Bureau acknowledged the
preference of various small entity representatives and other
stakeholders for a compliance period of two or more years to comply.
The Bureau noted, however, that some small entity representatives and
other industry stakeholders said that they could be ready in less than
two years. The Bureau agreed with the stakeholders that asserted that a
shorter implementation period is preferable given the length of time
that has elapsed since the passage of section 1071 of the Dodd-Frank
Act.
The Bureau believed that permitting or requiring a partial year
collection in the initial year of compliance would further the purposes
of section 1071 by expediting the collection and, potentially, the
publication of data to be used to further the fair lending and
community development purposes of the statute.
The Bureau sought comment on its proposed effective date of 90 days
following publication of an eventual final rule and its proposed
compliance date of approximately 18 months after the publication of its
final rule to implement section 1071. In particular, the Bureau sought
comment on which aspects of the Bureau's proposed rule might require
more or less time to implement, and ways in which the Bureau could
facilitate implementation for small financial institutions, especially
those that have had no experience with other Federal data reporting
regimes. The Bureau further sought comment on two alternatives: (a)
whether the Bureau should adopt a compliance date of two years after
the publication of the final rule; and (b) whether the Bureau should
adopt different compliance dates based on the size of a financial
institution (e.g., one year for large financial institutions, two years
for smaller institutions).
Comments Received
The Bureau received several comments in response to proposed Sec.
1002.114(a). A CDFI lender approved of the proposed effective date of
90 days after Federal Register publication of this rule. A joint letter
from several trade associations did not object to the 90-day effective
date. A business advocacy group requested a that there be no
retroactive application of the rule prior to the effective date. They
noted that the proposed rule would require numerous complex compliance
burdens based on the collection of new data, the establishment of new
internal processes, and the development of new systems, and urged the
Bureau to clearly explain that the final rule does not apply
retroactively, including as to draws made after the effective date on
loans made before the effective date.
The Bureau received a large number of comments in response to
proposed Sec. 1002.114(b). Several comments supported an 18-month
compliance period or requested a shorter period, but the vast majority
of comments suggested a longer compliance period, for varied reasons.
Support. One community group preferred a 1-year implementation but
was satisfied that the Bureau did not provide for a 2-year period as
requested by lenders. A trade association offered appreciation that the
proposed compliance period reflected consideration by the Bureau for
the lenders but still requested a longer compliance period than
proposed.
Requests to publish data quickly and frequently. A number of
commenters urged the Bureau to finalize the rule quickly to collect and
publish data as soon as possible. A range of commenters emphasized the
urgency of the Bureau implementing this rule carefully and quickly. Two
commenters stated that the ongoing failure to collect and publish data
harms women-owned and minority-owned small businesses and communities
because discriminatory practices are permitted to continue. One also
said that the absence of 1071 data would compromise the goals of
mission-driven lenders. A joint letter from community groups and
community oriented lenders said that swift implementation was critical
for consumers, regulators, and advocates to assess markets given the
limited data currently available.
A number of commenters asserted that the Bureau should move quickly
to implement the rule, collect and publish data given that more than 10
years have passed since the Dodd-Frank Act required the promulgation of
this rule. A minority business advocacy group requested that initial
data findings be published as soon as possible, and every six months so
that stakeholders can monitor progress and utilize data.
Less than 18 months. Several commenters asserted that an 18-month
compliance period was too long. Some commenters, including a joint
letter community groups, community oriented lenders, and business
advocacy groups, requested that the compliance date for this rule be
January 1, 2024. Another commenter argued that a one-year period better
served the statutory purposes of the rule. Several CDFI lenders stated
that mission-based lenders ready to report within 18 months should be
permitted to opt-in to report data. A community group suggested that
section 1071's statutory purposes are better served by shorter
compliance period considering Congress enacted section 1071 in the
Dodd-Frank Act in 2010.
More than 18 months. A large number of commenters, including
lenders, trade associations, and a community group, opposed the
proposed compliance date. Many of these commenters asked for a longer
compliance period without specifying how much time lenders needed. One
commenter stated that even if the final rule were shorter than the
NPRM, lenders would need more than 18 months.
Resources. Two industry commenters asserted that lenders needed
more resources for new data collection and reporting systems to comply.
A bank noted that it already faced thin margins and already had to
comply with the Financial Accounting Standards Board's Current Expected
Credit Losses rule.\835\
---------------------------------------------------------------------------
\835\ Off. of the Comptroller of the Currency, Treasury; Bd. of
Governors of the Fed. Rsrv. Sys.; and Fed. Deposit Ins. Corp.,
Regulatory Capital Rule: Revised Transition of the Current Expected
Credit Losses Methodology for Allowances, Final Rule, 85 FR 61577
(Sept. 30, 2020) (delaying for two years the requirement that
banking organizations implement the estimated impact on regulatory
capital stemming from the implementation of Accounting Standards
Update No. 2016-13, Financial Instruments--Credit Losses, Topic 326,
Measurement of Credit Losses on Financial Instruments).
---------------------------------------------------------------------------
[[Page 35432]]
Scope and complexity. Two trade associations claimed that lenders
needed more time to understand the scope of the final rule and to apply
new processes to various lines of business. One commenter noted that
the much of the data to be collected would be novel for lenders.
Previous experience. Two lenders requested additional time because
of their lack of experience with Federal data collections, such as HMDA
or CRA.
Policies and procedures. A number of commenters requested more time
to develop and/or update policies and procedures for application intake
and data collection. Several small lenders asserted that they would
have to implement new application processes and adopt new forms. One
bank noted that it would have to create formal applications and
associated procedures for agricultural or business loans.
Technology. A number of commenters identified the need to purchase
or upgrade compliance software in support of extending the compliance
period. Some banks said they needed time--for some, years--to rewrite
core processors to add data points for this rule. Several banks said
they needed to automate their small business lending processes, a
difficult task with many systems to choose from, review, develop and
implement. Several banks asked for more time to buy software from
vendors, including time to conduct due diligence, allow vendors to
develop systems, test integration with existing systems, and manage
vendors. One lender stated that 10 percent of agricultural loans are
made using a scoring system called AgScore, which must be re-engineered
to support this rule, a costly and time-consuming task.
Training. A number of banks said they needed more time to hire new
staff and/or train existing employees.
Other regulations. Commenters asserted that other comparably
complex data collection regulations provided for longer compliance
periods. A number of banks and two credit union trade associations
noted that the 2015 HMDA rule had a two-year compliance period, and by
contrast that this rule is a major regulation covering many different
products, requiring even more time for vendors to adapt. Several
commenters cited their experience with the TILA/RESPA integrated
disclosure rule, which gave two years to comply with updated
requirements, as proof that 18 months was not sufficient to comply with
this new rule.
Specific industries. Different types of lenders requested longer
compliance periods for their industries. One commenter stated that 18
months was insufficient because most mission-based lenders were small,
and that compliance would take time and resources. They also suggested
that CDFIs unable to meet the 18-month deadline should get more time to
comply. Two trade associations claimed that 18 months was insufficient
even for larger credit unions, and that most credit unions had to wait
for vendors to create compliance products. One commenter requested more
time because equipment finance companies are not accustomed to Federal
regulators. A commenter requested more time for community banks because
they would have to rely on software and vendors, not internal staff.
Other comments. One bank claimed that a short deadline would cause
unintended errors, leading to actions against the bank. Another bank
claimed that compliance costs will increase cost of small business and
agricultural lending, affecting customer profitability. A different
bank claimed that it needed more time because many borrowers may not
have or want to provide this data, and that small business owners
require education to be willing to provide data for this rule. Another
said rushed implementation would lead to unintended consequences.
Two years. Many banks, credit unions, and trade associations
requested a two-year compliance period. A joint letter from several
trade associations suggested a compliance period starting the January
1, two full years after the calendar year of the effective date. A bank
asserted that an 18-month period would make the rule an undue
regulatory burden, costly, and not commensurate to any reporting
benefit.
Scope and complexity. Several industry commenters asserted that
lenders needed two years to understand the full scope and complexity of
the rule. One argued that two years was warranted because the scope of
rule expanded after the SBREFA process, adding additional data points
pursuant to ECOA section 704B(e)(2)(H) and a visual observation and
surname requirement. The commenter also argued that car dealers face
open scope and coverage issues, specifically the involvement of dealers
exempt from Bureau rulemaking. One lender asked for more time because
the rule is a new regulatory paradigm, applying to multiple credit
products and loan systems even within one bank. Another lender
justified two years because small businesses need more time to
understand the requirements of the final rule.
Policies and procedures. Several industry commenters requested two
years to permit lenders to develop and test new policies and
procedures.
Technology. Some industry commenters requested at least two years
to comply to have enough time to deal with all of the steps related to
purchasing or upgrading compliance software, including finding and
onboarding vendors, conducting due diligence on vendors (some lenders
said they were required to vet third parties), integrating compliance
software with existing software, testing software, and reconfiguring
platforms, all before the compliance deadline. Some noted that no
vendors, at the time comments were submitted, offered compliance
software for this rule. One bank asked for more time to ensure that
their software differentiated between data reported under different
overlapping regulations, including CRA, HMDA, and FinCEN's beneficial
owner rule. Two industry commenters noted that lenders needed more time
to accommodate core providers to adjust and update their software. One
bank observed that, by way of example, its core provider only finished
software six weeks before the end of the two-year compliance period for
the beneficial owner rule.
Staff and training. Several lenders said they needed at least two
years to adjust staffing and train staff. A number of banks stated that
they would need to hire new staff. Some industry commenters stated that
lenders would need to train staff on compliance policies as well as new
software.
Two industry commenters argued that small financial institutions in
particular needed more time. One trade association said that early
stage online lenders would be burdened by the rule while seeking to
expand access to credit for small businesses. A bank asserted that
small banks needed two years because, unlike large banks, vendors and
not internal staff would develop compliance systems.
Other regulations. Several industry commenters justified a two-year
period based on the compliance periods for comparable data collection
regulations, including HMDA. One bank said that this rule was no less
complex than HMDA and that no less time should be given to comply.
Another bank observed that the 2015 HMDA rule justified a two-year
period in part on the new time-consuming and complex requirement to
collect open-end mortgage data; the bank argued that this rule was also
new and complex. Two commenters noted that lenders' experience with
HMDA showed how much time was needed to implement new systems,
policies, procedures, data privacy, data security, staff training and
compliance programs.
[[Page 35433]]
One trade association noted that this rule would be harder for
financial institutions with no experience with data reporting regimes
such as HMDA.
Other comments. A trade association argued that the proposed 18-
month period was inconsistent with the two-year period in the SBREFA
Outline of proposals under consideration.
30 months. Some industry commenters requested at least 30 months to
comply with the final rule, for several reasons.
Scope and complexity. Several banks asserted that the scope and
complexity of the rule warranted a 30-month compliance period. One bank
stated that each product had a unique application process and record
system, and different personnel. Another bank stated that the rule
would result in far-reaching, expensive changes across the bank's many
branches, including front and back-end staff. Several banks requested
more time because of the strain on dedicated resources. One bank said
it needed more time to ensure compliance as to all its products.
Processes. Several industry commenters requested 30 months to
comply to create or change processes and procedures in response to the
rule, including new collection and reporting processes.
Software. Some industry commenters requested 30 months to have time
to purchase or upgrade software. Several noted that software to comply
with this rule does not yet exist. Commenters also noted that vendor
management requires time, including conducting third-party due
diligence, integrating compliance software with existing software, and
training staff on new software. One bank said that 30 months would give
vendors time to develop and test solutions, and banks time to evaluate
these solutions. One software vendor asserted that vendors needed 30 to
36 months to work with business partners, such as form vendors, to
coordinate, make changes, and distribute work to lenders. The commenter
noted that it needed lead time to analyze, plan, design, develop, test,
document and distribute software changes to its financial institution
clients before the compliance date. A bank stated that the collection
of new data points would require extensive changes to software for
applications, loan processing, core processing, data collection and
fair lending, and that each update required testing and training.
Commenters offered specific concerns regarding small lenders and
software. One trade association noted that core providers that small
banks rely on do not now offer tools to comply with this rule. One
bank, not a HMDA filer, expressed that it was at the mercy of its core
provider regarding timing and expense. Another bank said it needed more
time because it did not have ready access to its vendors because it was
small compared to other lenders.
Several industry commenters requested 30 months to have time to
hire new staff and/or train existing staff to comply with this rule.
One bank noted that such training would involve staff from different
areas of the bank, including commercial lending, compliance,
underwriting, applications support, and business systems support. A
community bank said that it would not have a dedicated team for this
rule, but rather existing staff, including a loan operations manager,
loan audit clerk, and compliance officer, with competing concerns,
would meet monthly to work slowly through the rule. One bank noted the
particular importance of training its lending staff.
A trade association requested a 30-month period on the grounds that
a shorter period would result in flawed data the first few years, which
could negatively impact analysis. Another commenter noted that small
business lending is varied, involves more negotiation than consumer
lending, and is therefore more difficult to capture consistent data
for.
Some commenters justified a 30-month period on compliance periods
for other complex regulations. Several lenders cited their experience
with HMDA to justify a 30-month period. One noted that many HMDA
software kits barely met deadlines, and significant updates were still
needed after the deadline. Another bank, based on its experience with
the TILA/RESPA integrated disclosure rule, stated that it would take
longer than 18 months to comply with this rule.
Several lenders commented that they needed 30 months to comply
because they had no experience with other data collection regulations
such as HMDA or CRA.
Two banks expressed a concern that an 18-month period would hamper
their ability to serve customers. One also said it would be challenging
to comply with the new rule while still serving customers and
maintaining day-to-day bank operations. Another said that to ensure
data consistency, the adoption of new processes may produce less access
to credit.
Some commenters supported a 30-month period for specific small
business lenders. Some stated that 18 months was not sufficient for
small and community banks to review, develop and implement collection
systems. A number of smaller lenders and a trade association stated
that while large lenders have dedicated compliance staff, smaller banks
need more time because they rely on vendors and software. One bank
stated that regulations should target large and not small banks, that
rules often apply to lenders regardless of size, and that the Bureau
should set a longer period for all lenders for the sake of small ones.
A bank emphasized that a 30-month period would give smaller community
banks time to prepare processes that work for both the bank and its
customers.
A number of mission-based lenders stated that small CDFIs had
limited capacity and needed more time to develop compliance systems.
Several commenters stated that mission-based lenders should be able to
opt-in to comply in 18 months if they were ready to do so.
A trade association expressed concern that banks it represented
would have difficulties with the proposed 18-month period, especially
for rural lenders with no HMDA experience, which would have to create
new processes.
A software provider identified a sequence of factors justifying a
30-month period. First, this rule would require new data collection
fields to collect, store, and report data. Such changes could only
begin when this rule is finalized. After software changes are
distributed, lenders must test software, implement procedural changes,
and train employees on system updates prior to compliance date.
Further, some clients may operate on different releases of software so
multiple versions will have to be supported, requiring changes for
multiple versions. The commenter requested more time to address these
steps in an orderly fashion.
Several other comments supported a 30-month period. One bank noted
that the time is needed to resolve unanticipated implementation issues.
Another bank supported a 30-month period to match compliance
examination cycles. A third bank argued that a 30-month to three-year
period was not much more time than the proposed 18-month period, given
that the Bureau justified its proposal on the 10 years that elapsed
since the passage of the Dodd-Frank Act.
Three years. A plurality of commenters requesting a longer
compliance period than proposed suggested three years to comply,
including a wide variety of trade associations, as well as midsized and
smaller banks, credit unions, and agricultural lenders.
[[Page 35434]]
General comments. Several commenters stated that a three-year
period would permit lenders to make changes to achieve the statutory
purposes of section 1071. One lender suggested a compliance date of
January 1, 2026. A trade association asserted that the compliance
period should be three years and should start on January 1 on the
grounds that a partial year of data would not provide meaningful
benefits and would be ignored because data users would want to make
year-over-year comparisons.
Several industry commenters favoring a three-year period argued
that it was inappropriate for the Bureau to use its 10-year delay in
issuing this rule pursuant to the Dodd-Frank Act as grounds to burden
lenders with a short compliance period. Two bank trade associations
asserted that it was arbitrary and unreasonable for the Bureau to
propose an 18-month period to comply with the broader requirements of
the NPRM compared to the SBREFA outline of proposals under
consideration, which contemplated a two-year compliance period.
Sequential changes. Two trade associations noted that compliance
steps in sequence, each step dependent on the completion of prior one--
vendors create new data collection and reporting systems, lenders
develop and test procedures for these systems, staff are trained on the
systems and procedures, then further testing may identify issues that
require revisions and iterating again before the deadline. One
commenter stated that, ideally, at least six months before the
compliance date, lenders would receive software that can be tested and
validated.
Scope and complexity. Some industry commenters based a three-year
period in part on the need for time to understand and interpret this
rule. Several commenters noted that this new rule involves the
collection of new data and would be a ``sea change'' for small business
lenders, especially those with no experience with HMDA or data
reporting. A trade association stated it did not know how much more
time to request without knowing the content of the final rule. Another
trade association stated that a three-year period would give the Bureau
time to educate and support lenders as they implement this rule, based
on the experience with the Paycheck Protection Program.
Many banks and several trade associations cited the scope and
complexity of the rule to justify a three-year period, specifically,
that the rule would cover many different products with different
processes. Two commenters requested a three-year period because
compliance involves changes across many business units, systems, and
small business lending channels. A group of trade associations asserted
that the rule would require the collection of 21 data points, the
separate maintenance of demographic information, and the firewall. Two
trade associations stated that compliance with this rule would be
significant and time-consuming. One bank noted that small business
lending involved a wider variety of solutions than consumer lending.
One bank noted that the rule as proposed would have required the
reporting of 6,500 loans, 44 percent more than its 4,500 CRA-reportable
small business loans.\836\
---------------------------------------------------------------------------
\836\ This comment highlights the extent to which this final
rule will greatly improve the comprehensiveness of application-level
small business lending data available for analysis, compared to the
data available under the status quo, such as current CRA
regulations. The CFPB has worked closely with the OCC, FDIC, and
Federal Reserve Board to harmonize this rule with those agencies'
proposed CRA amendments; more comprehensive small business lending
data from this final rule can lead to better analysis of business
and community development needs in the context of the amended CRA
regulations. See, e.g., Bd. of Governors of the Fed. Rsrv. Sys.;
Fed. Deposit Ins. Corp.; and Off. of the Comptroller of the
Currency, Treasury, Community Reinvestment Act, Joint Proposed Rule,
87 FR 33884, 33941 (June 3, 2022) (``[T]he agencies propose using
section 1071 data, once available, to develop market benchmarks.'');
id. at 33998 (``In the longer term, the CRA's data collection and
reporting requirements for small business loans and small farm loans
would be eliminated and replaced by the CFPB's section 1071 data
collection and reporting requirements.'').
---------------------------------------------------------------------------
A number of industry commenters and a business advocacy group
justified a three-year period to create, update, and test non-software
processes and policies. Some commenters stated that lenders would need
new procedures or workflows for applications and data collection. One
bank stated that existing workflows would change to align with
firewall. Several commenters stated that lenders would need to overhaul
or obtain new forms and applications after the final rule. Other
commenters claimed not to use written applications for small business
and farm loans. One bank stated that it needed to develop a high-touch
data collection system because of its variety of small business lending
products. One trade association noted that lenders must wait for the
final rule to change their policies and procedures, and that
clarifications and questions regarding the rule would take months to
address, especially new proposed provisions not discussed at SBREFA.
One bank said it needed to establish controls and processes to train
staff. A trade association stated lenders needed time to assign
responsibility across departments, including compliance. Another bank
observed that it would take time to receive direction from compliance
vendors.
Software. Many comments supported a three-year compliance period
based in part on technological issues. Some industry commenters
justified a three-year period on the need to automate processes and
update small business lending applications. One bank stated that it
needed to build data collection procedures for its manual lending
processes, and that small business lending is not automated to same
extent as consumer lending. One bank stated that many lenders report
HMDA and CRA data via a manual process, and this will need to be
automated to collect the significantly expanded data under section
1071.
A number of industry commenters stated that lenders would need time
to choose, onboard and integrate new software. Several banks said no
existing software complies with this rule, and one bank stated that
many providers were waiting for this rule to be finalized and would
still take time to make a proven and accurate solution available. Some
lenders and trade associations noted that many lenders need to find and
vet vendors before buying a software system. Some industry commenters
stated that lenders do not have technology in place to collect data for
the rule. One bank offered a contrary view, reporting that its software
vendor was already working on software to comply with this rule. A
large bank stated that it would need additional time to build
compliance software itself.
One bank said that it had no relationship with vendors and no data
collection programs. A trade association stated that this rule would
require significant infrastructure investments for credit unions.
Another bank that it needed addition time to implement software before
updating its processes. A trade association stated that lenders needed
software before training staff. A group of trade associations stated
that the integration of compliance systems would be an iterative
process of testing, finding and fixing problems, and testing again, all
across multiple lines of small business lending products. Another
commenter identified a sequential process to purchasing software,
including selection, installation, training and testing.
Several commenters offered other details on why their technology
requirements justified three years to comply. One bank stated that it
needed at least 24 months to implement new software, and 12 months more
to have accurate reporting. Another bank stated that 18 months suffice
for vendors to
[[Page 35435]]
develop and install a data collection and reporting system but would
not suffice for lenders to implement the software and train staff. A
different bank stated that it searched for 1071 software for over two
years and would need 18 months to integrate the software with other
systems. Another bank said it needed more than two years to develop,
test, and implement systems of this scope. One bank stated that its
vendor would take six months to upgrade software after the final rule
is released. Yet another bank needed 18 months for software to become
available, vetted and installed, and 18 months more to train staff. A
trade association claimed that lenders needed more time because they
decide what technology to build one to two years in advance, and more
time was needed to take into account ``blackout'' periods, during which
technology builds stop eight weeks before calendar year end, which the
commenter believed could add up to four months to timeline to comply
with this rule.
A number of industry commenters stated that lenders needed time to
wait for vendors to prepare new software or update existing software,
and time to test it. Several industry commenters and a business
advocacy group also stated that lenders needed more time to onboard and
test software.
A number of lenders, particularly small and mid-sized banks,
requested more time to comply because they lacked control over the
speed and preparation of third-party software vendors. A trade
association for community banks stated that small banks depend more on
vendors to develop new systems. Several commenters stated that core
providers, particularly relied upon by community banks, need more time
to adjust to collect new data points. That is, community banks must
wait for core providers to update their systems, test updates and
resolve problems, after which compliance vendors can develop systems to
integrate with the core system. The same commenter stated that
community banks that use a platform, not a core provider, to originate
loans must ensure that, once their core provider has built the fields
for all of the data points, each is mapped individually to the small
business lending platform, requiring the creation of multiple APIs,
which would result in more costs and delays.
Smaller lenders described complications they would face in
obtaining software for this rule. One bank stated that lenders needed
time to conduct due diligence on these vendors. Another bank stated
that many financial institutions may make demands on the same vendors
at the same time, slowing implementation. A third bank stated that
covered financial institutions would compete for software
implementation dates to comply with this rule, and that the smallest
lenders will be at the greatest disadvantage for getting software in
time to comply with this rule. Another commenter stated that community
banks face higher costs to buy compliance software.
Two trade associations asserted that three years would suffice for
credit unions to work with vendors to revise systems for this rule.
Another trade association stated that credit unions required more time
than 18 months because they are at the mercy of vendors and must train
staff and update forms and processes.
A business advocacy group stated that the rule would result in
significant, time-consuming changes to reprogram software because
online lenders do not currently collect demographic information so as
to avoid accessing data that would make intentional discrimination
possible.
Staffing. A number of commenters, including a number of lenders and
trade associations, justified a three-year compliance period on the
time lenders needed to hire and/or train existing staff to collect,
verify, and report data for this rule.
Some industry commenters stated that lenders would have to hire new
staff for data collection, verification, and reporting. One bank stated
that time would be needed to determine staffing needs. Two smaller
banks stated that they would need an additional employee to collect and
verify data for this rule. A State bankers association said that
lenders needed more time because they and their small business
customers were struggling with the lasting effects of the pandemic and
labor market shortages.
Many commenters, including a number of lenders and trade
associations, justified a three-year compliance period in part on the
need to train staff, both new and existing employees, to comply with
the rule. Several banks stated that they could not start to train staff
until software and processes exists for compliance with this rule; one
bank said that 18 months was not sufficient to do this well.
Several commenters said that lenders would need to train a variety
of staff on compliance and software for this rule, including loan
officers and customer-facing staff as well as compliance, risk, legal,
and technology employees. Further, several banks and a business
advocacy group observed that lenders needed to train staff on what to
collect, including data points for this rule. A group of trade
associations noted that some lenders are not accustomed to collecting
data to the accuracy standards of the Bureau, and that staff familiar
with HMDA and CRA would require more training not to be confused with
overlaps with this rule.
Several industry commenters noted that the rule would require
greater staffing resources. One bank said it would increase staff hours
to collect and review data, which would impact operations. Another bank
stated that the biggest hurdle to compliance would be allocating
employee resources. Yet another bank noted that staff training is time
consuming. One bank noted that it needed several months to train its
3,000 employees. A credit union trade association stated that a tight
labor market, global pandemic, and economic crisis make updating
services harder.
Some commenters stated that they needed three years to comply to
communicate changes caused by the rule to consumer to minimize
disruption. Several commenters noted the need to accustom small
business applicants to the collection of ethnicity, race, and sex
information. One bank stated that borrowers may resist this type of
inquiry. Another bank said that customer education for this rule was
important, that many customers already believe that lenders ask for too
much information, and that customers may be driven from traditional
banking to less safe products as a result.
Access to credit. Several commenters supported a longer compliance
period on the grounds that financial institutions might need to pause
or stop their small business lending until they were in compliance with
this rule, hurting vulnerable small businesses that section 1071 was
intended to benefit.
Data accuracy. A number of commenters stated that hasty
implementation of the rule would result in data errors, bad data
quality and bad analysis based on that data. A group of State banking
regulators asked the Bureau to consider a longer compliance period so
that financial institutions can better prepare to compile and
accurately report data. Several banks and trade associations asserted
that rushed implementation generally would make data in the first few
years after the compliance date flawed, incomplete, or unusable,
limiting the usefulness of the data for fair lending and business and
community development purposes.
Some commenters asserted that more time to comply would make data
more accurate, or otherwise justified a three-year compliance period on
the grounds
[[Page 35436]]
of data accuracy. Several commenters stated that rushed compliance
would result in errors which, in turn, would lead to Bureau actions
against lenders as well as unnecessary public scrutiny, ultimately
harming small businesses that section 1071 was intended to help. One
bank stated that the implementation of policies and procedures,
acquisition of software, and training of employees would take more than
18 months to implement, but that three years would suffice to ensure
the collection of reliable data. Another bank stated that data will be
error[hyphen]laden in early years of collection until systems can be
refined. A different bank stated that the proposed 18-month period will
likely lead to flawed initial data reporting and flawed analyses. A
trade association asserted that a three-year period more closely
adhered to the expectation in the statute. Another trade association
stated that a compliance period of fewer than three years would risk
the viability of CDFI lending programs.
Many industry commenters requested a longer compliance period
because many lenders lacked experience with data reporting regulations,
such as HMDA or CRA. Specifically, a number of lenders and trade
associations stated that lenders not subject to HMDA reporting needed
three years to comply because they will start from scratch without
existing vendors, processes or procedures to adapt to small business
lending or train staff. A group of trade associations stated that banks
that do not report HMDA/CRA data will meet vendors for first time and
will not have experience with testing process. One bank stated that for
lenders with limited staffing resources and no existing reporting
mechanisms, 18 months to comply is unreasonable. Another bank stated
that many lenders have not had to collect this amount of data.
Other regulations. A number of commenters compared the proposed
compliance date with those of other regulations. One said that the
proposed 18-month period was short compared to those of other complex
rules. A bank said, based on past regulatory reporting rollouts, it
would take three years to comply with this rule. Another commenter
stated that historically, short implementation periods for complex
rules are not feasible.
Some commenters compared the proposed 18-month period to comply
with a new, complex rule with the more than two years that lenders had
to comply with the 2015 HMDA rule, which only modified existing
requirements. Commenters pointed out that, unlike the 2015 HMDA rule,
this rule requires the construction of new systems for a new data
collection regime rather than building on systems already in place. One
commenter encouraged the Bureau to consider a period of three years or
longer, especially to ensure that smaller lenders would have time to
comply. A large bank pointed out that, unlike HMDA, this rule covers
numerous credit products offered by lenders to small businesses,
including loans, lines of credit, and credit cards, each of which uses
a unique application process and system of record, and different
personnel.
Other lenders and trade associations expressed concern about the
proposed compliance period based on their experience with HMDA, noting
that vendors were not ready before the initial deadlines established by
the Bureau, which then had to provide leniency related to data accuracy
for HMDA data, as well as issue multiple corrections and clarifications
to HMDA rule since 2015. Several commenters noted that the 2015 HMDA
rule took several years and resulted in Congress amending HMDA in 2018.
One bank noted that, as with HMDA, lenders will spend many hours
reviewing data to avoid errors and resubmission.
Commenters also compared the proposed Sec. 1002.114(b) with
compliance periods of other Federal rulemakings. One bank said that,
based on its experience with the CRA, this rule would require more than
18 months. Several commenters stated that the experience with the TILA/
RESPA integrated disclosure rule shows that 18 months were insufficient
for major changes. One commenter requested three years to comply based
on its experience with that same rule, noting that vendors sought
clarity on that rule to make and deploy solutions, and the Bureau
answered questions until the effective date, making implementation
challenging. A trade association observed that industry had two years
to comply with the FinCEN's customer due diligence rule,\837\ which it
said was a simpler regulation.
---------------------------------------------------------------------------
\837\ FinCEN's customer due diligence rule requires financial
institutions to have procedures for each of its legal entity
customer to identify each 25 percent natural person who owns more
than 25 percent of the legal entity as well as one natural person
executive of the legal entity. Fin. Crimes Enf't Network, Customer
Due Diligence Requirements for Financial Institutions, Final Rules,
81 FR 29397 (May 11, 2016).
---------------------------------------------------------------------------
Two industry commenters took the opposite view, noting that lender
experiences with past regulations are irrelevant. A bank said that a
successful rollout would take more than 18 months even if a lender was
experienced with data collection regulations. A trade association
stated that even current HMDA reporters would find compliance with this
rule challenging because of the differences between small business and
agricultural lending and mortgage lending, specifically because small
business lending involves different loan platforms, small business
lending units do not offer a ``menu'' of standardized credit products,
and clear application procedures do not exist because small business
customers are unique.
Industry-specific rationales. A number of industry commenters
suggested rationales specific to their industries to justify a three-
year compliance period. An agricultural lender stated that many FCS
lenders, community banks, and small credit unions would incur great
expense if required to obtain new technology and train new employees
within 18 months. A trade association noted that a compliance period of
less than three years would burden CDFIs.
Some commenters, including a trade association and a number of
banks, stated that small and community banks needed three years to
comply rather than 18 months. One commenter emphasized that
stakeholders it consulted stated that an 18-month period was
inadequate, and that small lenders may take three years to comply. A
bank emphasized that while larger banks have more resources for
compliance, small banks will struggle without more time to comply and
will be disadvantaged. A trade association noted that smaller banks
that are not HMDA reporters would find a new data collection regime
challenging. A group of State banking regulators stated that small
lenders would face particular challenges early on in implementation. A
trade association and a bank noted that small banks depend on vendors
to develop systems. A bank stated that small and mid-sized lenders are
a lower priority for vendors, which would erode their participation in
small business lending. Two banks noted that small and community banks
would struggle because of shortfalls in staffing and technology.
A trade association stated that mid-sized banks were unlikely to
stand up systems in 18 months despite best efforts, based on the
experience of lenders with other data reporting regimes.
A business advocacy group stated that innovative start-ups, small
banks, and credit unions would struggle to implement the rule given the
resources at their disposal.
A group of State banking regulators requested a longer compliance
period,
[[Page 35437]]
in part, so that the Bureau could ``demonstrate'' its ability to
collect data from nondepository institutions subject to the rule.
A joint comment from two auto dealer trade associations requested a
three-year period because they said the proposed 18-month period is
untenable for dealerships in general and small dealerships in
particular, which must coordinate compliance efforts with credit
application system providers, vendors, and finance sources, after which
systems must be updated and tested, and staff must be trained.
More than three years. One commenter said that the compliance
period should be three to five years because the bank would have to
make hard decisions on staffing and its lending capacity due to the
additional reporting measures, and may exit the market. The commenter
expressed concern that a short implementation period would force the
bank to exit the small business lending market and hurt its current
customers.
Tiered compliance. Some commenters supported some kind of phased or
tiered compliance under which larger lenders would have earlier
compliance dates and smaller lenders would have later compliance dates.
Many industry commenters requested tiered compliance dates in addition
to, or as an alternative to, a longer single compliance period for all
lenders. Two commenters suggested tiered compliance starting not less
than three years after the final rule is issued because the process of
implementation would raise issues that require time and deliberate
action to frame and solve.
Industry commenters justified tiered compliance on a number of
grounds, including the scope and complexity of the rule, as well as the
need for smaller lenders to implement and test automated collecting and
reporting. One trade association observed that some lenders needed time
to test systems to ensure accurate collection and reporting, and
asserted that with an 18-month period, a bank would have just six
months to collect data to do a trial run with one year of data before
the compliance date.
Many commenters, including lenders and trade associations for State
banks and credit unions, argued for tiered compliance because of the
need to purchase or develop new software to comply with the rule.
Industry commenters also pointed to other factors requiring a longer
compliance period, include the time to find vendors, time to develop
software, time for vendors to plan and execute network changes, and
time to train and hire staff to integrate systems with software for
this rule.
Two industry commenters emphasized the dependence of smaller
lenders on third-party vendors to justify tiered compliance--that small
lenders would need time to evaluate lenders and complete due diligence,
that vendors would need time to develop new compliance software, and
that lenders would need time to integrate and test software with
existing systems.
Several trade associations emphasized that many lenders needed the
additional time that tiered compliance would provide to permit them to
hire and/or train compliance staff, and train existing lending staff,
to comply with the rule.
Two trade associations suggested that tiered compliance dates were
necessary for credit unions to educate their members and allow for the
development of member notifications.
A number of commenters justified tiered compliance based on
industry experience with complying with other regulations. Several
commenters noted lenders had more than two years to comply with the
2015 HMDA rule, which amended existing regulations, while this rule is
new and complicated. Several trade associations pointed to industry
experience with Financial Accounting Standards Board's Current Expected
Credit Loss rule as an example of rushed implementation; after
initially setting a single compliance date, regulators later staggered
implementation, requiring smaller institutions to comply later,
recognizing high one-time costs and advantages large institutions had
in negotiating with vendors.
A bank justified tiered implementation on the grounds that hasty
implementation would lead to inaccurate data in the first few years of
the rule.
Two trade associations stated that phased compliance is important
for lenders not experienced with data collection rules to give them
time to build infrastructure. One commenter noted that lenders that are
not federally insured depositories in particular need more time to
start training programs from scratch, and that it would be hard for
such lenders to find and hire enough staff with coding expertise
without regulatory data systems in place. Another commenter said that
banks that do not comply with HMDA would need more time to comply with
this rule than money-center banks that have HMDA experience.
Smaller lenders and trade associations justified longer compliance
dates for smaller lenders on various grounds. One bank stated that
smaller lenders could learn from the earlier compliance rollouts of
large banks. Others said that tiered compliance would give smaller
lenders more time to resolve unanticipated issues.
Several commenters suggested several compliance dates, tiered by
lender type. A trade association suggested that smaller lenders should
have a later compliance date to learn from largest banks, and to have
time to resolve unanticipated issues. In particular, the commenter said
that rural and underserved communities need more time than money-center
banks.
Amongst commenters that supported tiered compliance dates, there
was a variety of comments on how to determine which financial
institutions should report later. Two commenters requested tiered or
staggered compliance in any manner, whether by transaction type, lender
type, or lender size. A community bank asked that the Bureau tier
compliance dates based on asset-size or some other factor to provide a
longer compliance period for community banks. One CDFI lender requested
that the Bureau extend the compliance date to at least 30 months for
mission-based lenders.
Two trade associations and a large credit union supported tiering
based on loan volume. One of the trade associations asked for tiered
compliance with the earliest date starting three years after the final
rule is issued, on the grounds that credit unions often have little
bargaining power with vendors and are often the last to receive system
upgrades.
Several lenders suggested two compliance dates, with tiers set by
asset size. One lender suggested two tiers, giving more time to lenders
with less than $2 billion in assets because smaller institutions have
smaller compliance and information technology staffs. The lender did
not place much weight to the $2 billion threshold it proposed other
than it would match ``small lender'' definitions in other areas of
consumer financial law.
Several industry commenters suggested two compliance date tiers.
One bank suggested giving smaller lenders 24 to 36 months more than
large banks. Two banks suggested giving smaller lenders one year more
than larger banks, which they argued could reduce competition for
software installation, implementation help, and training, which in turn
could reduce costs and resource issues for small lenders. These
commenters believed that smaller lenders could learn best practices
from larger banks. A trade association said that large lenders ($10
billion or more in assets), should have
[[Page 35438]]
two years to comply, while smaller lenders should have three years. The
commenter stated this manner of tiering compliance dates would allow
the Bureau to collect a large amount of data earlier, and would also
give vendors more time to develop and integrate compliance products.
Several commenters suggested three compliance date tiers by asset
size. A trade association suggested that the Bureau adopt three
compliance tranches, giving large lenders one year to comply, medium-
sized lenders two years, and small lenders three years. The commenter
suggested the third tier should include the smallest lenders, community
banks, and lenders to small businesses that the Bureau trusts and knows
to be successful. Another bank proposed giving lenders with $5 billion
or more in assets 18 months to comply, lenders with $1 billion or more
24 months to comply, and banks with $1 billion or less 30 months to
comply. One bank suggested three tiers by size, without defining size,
and proposing that the largest lenders comply in the first year, mid-
sized lenders comply in second year, and small lenders comply in the
third year. The commenter justified the earliest compliance date for
large lenders because of the greater staff expertise, capacity and
resources that these institutions had to comply with the rule.
Several commenters opposed tiered compliance dates. The industry
commenters asserted that this rule represents a major change for small
and large lenders alike, from a ban on collecting protected demographic
information data to requiring collection of it for small business
loans. These commenters claimed that no vendors have a compliance
software ready for this rule, that all lenders need sufficient time to
understand the content of this rule, change processes, build and test
systems, train employees, and implement procedures and controls. These
commenters warned that a failure to give financial institutions of all
sizes adequate implementation time will limit access to small business
credit, which negatively impact the economy. A community group opposed
tiered compliance dates on the grounds that the proposed 18-month
period was sufficient for all institutions, and that lenders had from
the release of the NPRM in September 2021 to begin preliminary planning
to comply with this rule.
Final Rule
The Bureau is finalizing Sec. 1002.114(a) as proposed. The small
business lending data collection rule will become effective 90 days
after it is published in the Federal Register. The Bureau confirms, as
requested by a commenter, that this final rule does not apply
retroactively, including for funds drawn after the effective date where
the loan was originated before the effective date. See also final
comment 114(c)-2, which makes clear that covered applications received
prior to a financial institution's compliance date, but final action is
taken on or after that date, are not required to be reported.
The Bureau is not finalizing Sec. 1002.114(b) as proposed, which
would have required compliance with the final rule approximately 18
months after publication of the final rule in the Federal Register.
Instead, the Bureau is finalizing a tiered approach to compliance
dates. Specifically, the dates by which covered financial institutions
are initially required to comply with the requirements of this rule are
specified in four provisions:
First, under Sec. 1002.114(b)(1), a covered financial institution
that originated at least 2,500 covered credit transactions for small
businesses in each of calendar years 2022 and 2023 shall comply with
the requirements of this subpart beginning October 1, 2024. This
compliance date is 18 months after the Bureau's issuance of this final
rule.
Second, under Sec. 1002.114(b)(2), a covered financial institution
that is not subject to Sec. 1002.114(b)(1) and that originated at
least 500 covered credit transactions for small businesses in each of
calendar years 2022 and 2023 shall comply with the requirements of this
subpart beginning April 1, 2025. This compliance date is 24 months
after the Bureau's issuance of this final rule.
Third, under Sec. 1002.114(b)(3), a covered financial institution
that is not subject to Sec. 1002.114(b)(1) or (2) and that originated
at least 100 covered credit transactions for small businesses in each
of calendar years 2022 and 2023 shall comply with the requirements of
this subpart beginning January 1, 2026. This compliance date is 33
months after the Bureau's issuance of this final rule.\838\
---------------------------------------------------------------------------
\838\ The Bureau considered giving Tier 3 financial institutions
36 months to comply with the rule, as requested by many commenters.
This would have resulted in a Tier 3 compliance date of April 1,
2026. However, the Bureau believes that there is no material
difference between the 3 years (36 months) requested by certain
commenters and the 33 months provided to covered financial
institutions subject to Tier 3.
---------------------------------------------------------------------------
Finally, under Sec. 1002.114(b)(4), a financial institution that
did not originate at least 100 covered credit transactions for small
businesses in each of calendar years 2022 and 2023 but subsequently
originates at least 100 such transactions in two consecutive calendar
years shall comply with the requirements of this subpart in accordance
with Sec. 1002.105(b), but in any case no earlier than January 1,
2026. This compliance date is 33 months after the Bureau's issuance of
this final rule.
In addition, the Bureau has added a number of provisions to the
commentary accompanying Sec. 1002.114. New comment 114(b)-1 explains
that the applicable compliance date in Sec. 1002.114(b) is the date by
which a covered financial institution must begin to compile data as
specified in Sec. 1002.107, comply with the firewall requirement of
Sec. 1002.108, and begin to maintain records as specified in Sec.
1002.111. In addition, the covered financial institution must comply
with Sec. 1002.110(c) and (d) no later than June 1 of the year after
the applicable compliance date. New comment 114(b)-2 provides that when
the compliance date of October 1, 2024 specified in Sec.
1002.114(b)(1) applies to a covered financial institution, the
financial institution is required to collect data for covered
applications during the period from October 1 to December 31, 2024. The
financial institution must compile data for this period pursuant to
Sec. 1002.107, comply with the firewall requirement of Sec. 1002.108,
and maintain records as specified in Sec. 1002.111. In addition, for
data collected during this period, the covered financial institution
must comply with Sec. Sec. 1002.109 and 1002.110(c) and (d) by June 1,
2025. New comment 114(b)-3 addresses informal names for compliance date
provisions, providing for informal, simplified names to facilitate
discussion of the compliance dates specified in Sec. 1002.114(b)(1),
(2), and (3). Under this new comment 114(b)-3, Tier 1 refers to the
cohort of covered financial institutions that have a compliance date of
October 1, 2024 pursuant to Sec. 1002.114(b)(1), Tier 2 refers to the
cohort with a compliance date of April 1, 2025 pursuant to Sec.
1002.114(b)(2), and Tier 3 refers to the cohort with a compliance date
of January 1, 2026 pursuant to Sec. 1002.114(b)(3). New comments
114(b)-4(i) through (vii) provide examples of various scenarios that
illustrate how to determine which compliance date specified in Sec.
1002.114(b) applies to financial institutions.
The Bureau is adopting Sec. 1002.114(b) pursuant to its authority
under ECOA section 704B(g)(1) to prescribe such rules and issue such
guidance as may be necessary to carry out, enforce, and compile data
pursuant to section 1071.
[[Page 35439]]
The Bureau is adopting a tiered approach to compliance for a number
of reasons. The Bureau believes, all else equal, that the statutory
purposes of section 1071 are better served by an earlier compliance
date because it will result in the earlier publication of data by the
Bureau and use by the public.
Most industry commenters that addressed the issue of the compliance
date opposed Sec. 1002.114(b) as proposed, and requested more than 18
months to comply with the rule. Views varied widely on how much more
time was necessary. While commenters suggested compliance periods of 24
months, 30 months, three years, and in one case 3.5 years or more, a
plurality of industry commenters supported a single compliance date of
three years for all lenders. A sizable number of commenters also
supported tiered compliance dates based on the size of the lender, as
an alternative to single, compliance period longer than 18 months.
The Bureau gives credence to a set of three major factors
commenters cited in requesting additional time, beyond 18 months, to
comply with the rule (whether from 24 months to 3.5 years): the need to
purchase or upgrade compliance software (including time to find and
perform due diligence on vendors, purchase software, integrate
compliance software with other systems, and test all of these); the
need to create or adjust policies and procedures to comply with the
rule; the need to train and, in some cases, hire staff to use the new
software and implement the policies and procedures to collect data.
Commenters did not clearly tie these factors to precise periods of
time.
Many commenters identified the sequential and iterative nature of
these major factors. Generally, a lender must purchase and integrate
new software before developing new policies and procedures concerning
the use of the software, and the lender must have new policies in place
before hiring and training staff to implement the software and follow
the new processes. These processes are also iterative in that, in
testing software, procedures and staff training, lenders may identify
errors in software, processes, or training, and need to make
adjustments that may then require additional changes in other aspects
of the overall compliance program or system.
The Bureau believes from comments received, and consistent with
feedback received in SBREFA, that smaller financial institutions may
face particular difficulties that justify providing them additional
time to comply with the rule. Several industry commenters expressed
their concern that they were at the mercy of their software vendors and
other third-party providers and could not start compliance steps, such
as establishing new policies and training employees, in the absence of
such software. By contrast, one large bank requested more time to
comply to develop in-house compliance software.
Other commenters noted that with a shorter compliance period,
vendors may be overloaded with requests from a market of financial
institutions attempting to comply at the same time with this rule.
Several commenters cited their experience in attempting to obtain the
services of third-party vendors to comply with other rules such as the
TILA/RESPA integrated disclosure rule and the HMDA 2015 updates, and
observed that vendors tended to service larger lenders first, leaving
smaller lenders with little time to integrate software, update policies
and procedures, train and hire employees, and test all of these
systems.
Compounding these issues, many commenters--generally smaller
lenders, some of which were rural or community financial institutions--
stated that they did not have previous experience with data collection
rules, such as HMDA or CRA. The Bureau is aware that this rule may be
the first contact that many covered non-depository institutions have
with a Federal data collection regime. Further, a substantial number of
commenters noted that they used manual or analog systems and claimed
that they would have to automate their operations to comply with the
rule. The Bureau believes that the increased originations threshold
under in final Sec. 1002.105(b) may preclude many financial
institutions that expressed concern that they would have to automate
their processes from having to report data at all.
All of these factors suggest that smaller financial institutions
would face particular difficulties in complying with this rule within
18 months. The comments suggested a variety of potential consequences
stemming from insufficient time to comply. Some suggested that
financial institutions would exit the market, that they would face
greater costs to comply more quickly (for instance, a financial
institution that might be able to use existing staff over the course of
three years may need instead to hire additional staff to comply with
the rule in 18 months), and/or that they may submit inaccurate or data
of lesser quality to the Bureau than they would have if given more time
to the comply.
The Bureau does not believe that financial institutions would exit
the small business lending market because of the compliance date, but
rather believes that many smaller institutions may simply find it
challenging to comply within the 18-month compliance period. The Bureau
gives some credence to the concern that a shorter compliance period may
result in somewhat higher, though not significant, costs that in turn
may be passed on to customers. The Bureau believes that smaller
financial institutions, especially those unaccustomed to data
collection rules, may stay in the market but may be unable to comply
within 18 months for reasons at least partly out of their control. The
Bureau believes, based on comments received, that generally smaller
financial institutions are more likely to be at the mercy of vendors
that may prioritize larger customers.
While a plurality of commenters requested a single, three-year
compliance period for all lenders, the Bureau does not believe that
such a change is justified. The Bureau received comparatively few
comments from large banks regarding the sufficiency of an 18-month
compliance period. One large bank stated that it would require
additional time to develop its own compliance software. A trade
association requested three years to comply with the rule on the
grounds that larger lenders have more complex compliance systems to
establish and operate because such lenders often had different
divisions dedicated to different small business lending products. The
Bureau does not believe, given the dearth of comments on this point,
that the quality of data from large financial institutions is
compromised by an 18-month compliance period. The Bureau thus believes
that it would not be consistent with the statutory purposes of this
rule to provide large financial institutions a longer compliance
period.
As a result, the Bureau believes that tiered compliance dates
balance several factors at once; that the statutory purposes of section
1071 are best advanced by, in aggregate collecting as much data as
possible, as accurately as possible, as soon as possible; and that a
system of tiered compliance dates accomplishes this better than a
single 18-month compliance period.
In part, the Bureau believes that is accomplished by maintaining
the existing 18-month compliance period for the largest-volume
financial institutions that are likely to report the bulk of the
application-level data, and are likely to do so accurately. These
financial institutions are more likely
[[Page 35440]]
than smaller and even mid-sized institutions to have the resources and
experience to, with relative celerity, upgrade or purchase compliance
software, create pertinent policies and procedures, and train or hire
existing staff. The Bureau believes that the experience that many of
these larger-volume financial institutions have with other Federal data
collection regimes, such as HMDA or CRA, gives them the ability to
adapt to this rule within the time given to collect and submit data.
Further, by maintaining the 18-month compliance period for larger-
volume financial institutions in Tier 1, collection and reporting of
most small business lending data will begin quickly. That is, covered
financial institutions will report to the Bureau the vast majority of
small business lending applications--approximately 90 percent of the
applications covered by this rule, as detailed in part IX.D.2 Table 4--
on the timeline proposed in the NPRM.
The Bureau also believes that the statutory purposes of section
1071 are best advanced in aggregate by permitting small and mid-sized
financial institutions, by volume of originations, to have more than 18
months to comply with this rule. As discussed above, the Bureau
believes, based on the large volume of comments and the rationale
provided by them, that an 18-month compliance period increases the
likelihood that small and mid-sized financial institutions, for a
variety for reasons that are unique to them, will have difficulty
collecting and reporting data, and that the data reported would be more
likely to be inaccurate or unreliable. Further, the Bureau believes
based on the comments it has received, feedback received in SBREFA, and
its own observations about the small business lending market that the
smallest financial institutions, especially those that do not already
report data to Federal agencies, have more manual processes and
relatively few employees, which increases the likelihood that they
submit unreliable and inaccurate data to the Bureau.
The Bureau believes that tiered compliance dates will improve the
accuracy of data from smaller and mid-sized financial institutions.
Later compliance dates for smaller and mid-sized financial institutions
will mean they do not have to compete with larger financial
institutions for the time and attention of software and compliance
vendors. The Bureau understands that while the largest lenders are more
likely to rely on in-house capacity to comply with the final rule, many
other financial institutions with loan volumes likely to place them in
Tier 1 may still rely on software vendors and may compete with smaller-
volume financial institutions for the time and attention of software
vendors. With a longer timeframe to comply, smaller and mid-sized
financial institutions might also be able to avoid expedited and more
costly overtime and overflow work, and would have time to learn lessons
from the compliance experience of larger institutions.
Regarding the criteria for tiering, most commenters who addressed
the issue suggested asset size as the criteria to determine which
financial institutions should comply later. The primary virtue of that
approach is its simplicity--most depositories know their total assets.
However, many financial institutions that will be covered by this rule
are nondepository institutions that may originate a large volume of
loans but may have relatively few assets compared to depository
institutions. Conversely, some depositories with a large volume of
assets may have a low volume of small business loans. A tiering
approach based on assets may require early reporting by large
depositories with little interest in small business lending and exclude
large-volume small business lenders with comparatively few assets. The
Bureau does not believe that this approach would be as consistent with
the statutory purposes of section 1071 as a criterion for tiering
directly tied to a financial institution's relative activity in the
small business lending market. As a result, the Bureau believes that
the number of annual originations of covered credit transactions for
small businesses should be the basis for tiering compliance dates
On the number of tiers, commenters tended to favor two tiers rather
than three. The Bureau believes that the statutory purposes of the rule
are better served by three tiers. The Bureau determined from reviewing
all of the comments that there were meaningful differences in the
compliance challenges faced by smaller volume, middle-volume, and
large-volume financial institutions. The Bureau believes that three
compliance dates will help vendors better manage their capacity to
serve their customers. The Bureau also believes that three compliance
dates may also help the Bureau be more responsive to industry during
the transition period. By extending the implementation period, the
Bureau will be better able to provide more tailored attention to
smaller and mid-sized financial institutions.
General responses to comments received. The Bureau observes that
the vast majority of comments it received identified specific factors
or concerns regarding compliance with this rule that justified a longer
compliance period. Nearly all of these comments also identified
multiple factors or steps in the process of complying with this rule
that justified a compliance period longer than the one proposed in the
NPRM. As noted above, the Bureau observes that these comments, with
very few exceptions, did not quantify specific amounts of additional
time attributable to each specific factor or step in the compliance
process that were identified. For instance, a frequent industry comment
might have requested a three-year, rather than 18-month, compliance
period, citing the need to purchase and implement software, create
processes, and train staff, without attempting to attribute the
additional 18 months to each of these three steps in the compliance
process.
Requests to publish data quickly and frequently. Regarding requests
to collect and publish small business lending data as soon as possible,
the Bureau agrees that the absence of these data will continue to
hinder vital capital flow to small businesses, as small business and
community development needs cannot be effectively identified without
this data. However, the Bureau must conduct its privacy analysis, so
the publication of data will not immediately follow its collection.
Regarding the request to publish data as soon as possible, and to
publish data every six months so that stakeholders can monitor progress
and utilize data, the Bureau is not adopting a 6-month reporting
requirement because requiring financial institutions to provide
multiple data submissions a year may be administratively challenging
for both financial institutions to comply with and for the Bureau to
process. However, the Bureau may consider publishing aggregate data
more often than once a year in the future if administratively feasible.
Less than 18 months. The Bureau has considered comments asserting
that 18 months is too long a compliance period. While some financial
institutions could comply with this rule in less than 18 months, the
Bureau believes that most financial institutions appear unable to,
given the volume and intensity of comments requesting more time. The
Bureau believes a one-year compliance period would be inconsistent with
the statutory purposes of the rule because it appears that such a short
period could be costly for financial institutions and result in
inaccurate data. The Bureau agrees that mission-based lenders (or any
other lenders) ready to report within 18 months should be permitted
[[Page 35441]]
to do so, and the rule permits them to do so.
More than 18 months. Regarding the comments requesting a compliance
period of more than 18 months, the Bureau agrees in part. As discussed
above, the Bureau believes that many lower-volume financial
institutions, with either lower assets or a low volume of small
business lending and thus potentially fewer resources dedicated to that
line of business, may need additional time to comply with the rule for
the reasons provided above.
Regarding comments concerning resources, the Bureau agrees in part.
The Bureau does not believe that more time is justified solely because
the rule may cause a financial institution to expend resources to
comply with the rule. However, the Bureau agrees that smaller financial
institutions may need more time to marshal the necessary resources, as
discussed above.
The Bureau has considered comments stating that financial
institutions needed more time to understand the final rule and its
scope. While the application of this rule would be new to some lines of
business, and while some data would be novel the Bureau believes that
financial institutions have had enough time to understand the concepts
in the rule, especially for those financial institutions that have had
experience with other Federal data collection rules, such as HMDA, CRA,
or CDFI Fund. The concepts in the rule implement 2010 statutory
language, and the rule's implementation of those statutory concepts
relies on well-known concepts from existing rules, particularly the
HMDA and the CRA regulatory requirements. Nonetheless, the Bureau
acknowledges that preparing for compliance may be somewhat more
difficult for financial institutions, particularly smaller
institutions, with no previous experience with Federal data
collections. The Bureau believes that final Sec. 1002.114(b) provides
sufficient additional time for such financial institutions to come into
compliance with the final rule.
Regarding comments that financial institutions need more time to
establish policies and procedures, the Bureau does not believe this is
necessary for larger-volume lenders. The Bureau's proposed 18-month
compliance period was intended to accommodate the need of financial
institutions to develop or update policies and procedures to comply
with the rule. The Bureau believes, however, that more time may be
warranted for smaller financial institutions that do not have existing
written policies or procedures and do not currently use written
applications for small business or agricultural lending applications.
The Bureau does not have reason to believe that there are larger-volume
lenders that do not currently use forms or formal written applications.
Regarding comments requesting more time to comply because of
technological issues, the Bureau acknowledges the various steps that
may be involved in obtaining software needed to imply with this rule,
including updating core processors, automating analog systems,
conducting due diligence, choosing vendors, and testing and integrating
systems.
The Bureau agrees with commenters that smaller-volume lenders may
need more time than proposed to prepare software before the rule's
compliance date. In particular, the Bureau understands that smaller
financial institutions may need time to transition from informal
applications to automated systems. Regarding the reengineering of
agricultural credit scoring systems, the Bureau understood this issue
to apply to smaller FCS lenders and believes that the additional time
provided by the final compliance period provision would suffice for
changes to be made to AgScore and for them to adjust accordingly.
Regarding the comments that banks needed more time to hire new
staff and/or train existing employees, the Bureau notes that not enough
detail was provided by commenters that explained why this factor on its
own justified more than 18 months to comply with this rule.
Regarding the comments that the compliance periods for other
similar regulations provided more time, the Bureau acknowledges that
this rule, unlike HMDA and the TILA/RESPA integrated disclosure rule,
covers a variety of different product types, that this rule is a new
rulemaking rather than an amendment to existing regulations. The Bureau
notes from its experience that smaller financial institutions in
particular appeared to face challenges complying within the timeframe
given for the 2015 HMDA rule amending Regulation C and the TILA/RESPA
integrated disclosure rule. The Bureau agrees, from the experience of
past rulemakings, that smaller financial institutions may wait longer
than larger institutions for vendors to prioritize them.
Regarding various industry-specific rationales given for extending
the compliance period, the Bureau observes that many of the comments
advocated for types of financial institutions that tended to be
smaller, such as CDFIs, credit unions, and community banks. The Bureau
believes that final Sec. 1002.114(b) will provide most of the smaller
volume lenders the additional time they need to comply.
Regarding comments that even larger credit unions would have to
wait for vendors to create compliance products, the Bureau agrees only
in part. The Bureau believes that vendors are more likely to focus on
larger financial institutions--including larger credit unions--earlier,
but that smaller financial institutions, including credit unions, are
more likely to have to wait longer.
Regarding the comment that equipment finance companies may be less
accustomed to Federal regulators, the Bureau agrees but does not
believe that this justifies a longer compliance period specifically for
this type of lender. The Bureau believes that equipment finance
companies with larger volumes of originations are likely to have
sufficient experience and resources to prepare to come into compliance
more quickly.
Regarding the comment that a short compliance period would promote
unintentional errors, the Bureau agrees in part. The Bureau believes
that faced with limited time and resources, smaller financial
institutions are more likely to submit inaccurate data, and that this
is one of the rationales for providing lower-volume institutions
additional time to comply with the rule. Regarding the concern that
compliance costs will directly increase lending costs, the Bureau
acknowledges in its impacts analysis in part IX below that this may
take place, but that the per-loan impact of this rule will be
relatively low.
Regarding the comments that many borrowers do not possess or are
unwilling to provide data pursuant to this rule, the Bureau agrees that
educating small business applicants would improve their responses to
requests for data under this rule. Regarding the comment that rushed
implementation would lead to unintended consequences, the Bureau
observes that the notice and comment processes has identified
potentially unintended consequences of an 18-month compliance period,
and that the final tiered compliance provision is intended to address
these concerns.
Two years. Regarding the comments favoring a two-year compliance
period for financial institutions, the Bureau agrees in part. Based on
a consideration of a variety of factors, including the comments it has
received, the Bureau has determined that a two-year compliance period
is appropriate for mid-sized financial institutions. The Bureau does
not believe that two years
[[Page 35442]]
is an appropriate compliance period for all institutions. The Bureau
believes that two years more time than is needed by the largest volume
financial institutions, which have the ability to comply earlier, and
too little time for the smallest volume financial institutions, which
need closer to three years to comply with this rule.
The Bureau has considered the comment asserting that the proposed
compliance period would make the rule an undue regulatory burden,
costly, and not be commensurate to any potential reporting benefit. As
set out above, the Bureau believes that a shorter compliance period
would be challenging for many smaller and mid-sized financial
institutions, and the Bureau believes that it is more likely to obtain
more accurate data if it provides smaller volume financial institutions
more time to comply with this rule.
Scope and complexity. The Bureau has considered comments stating
that financial institutions needed a two-year compliance period to
understand the full scope and complexity of the new rule. While the
proposed rule included provisions not considered during SBREFA, such as
additional data points pursuant to ECOA section 704B9(e)(2)(H), the
Bureau does not believe that the increased complexity of the rule alone
justifies additional time. Most of the new provisions in the NPRM are
well-known outside of the context of this rule. In addition, the Bureau
has in some ways limited the scope of this rule further by, for
instance, not finalizing certain more complex provisions, such as the
proposed visual observation and surname analysis requirement. Regarding
scope and coverage issues faced by motor vehicle dealers, the Bureau
does not believe that there are open issues requiring resolution as
suggested by some commenters. The issues raised concerning the
application of Bureau regulations to indirect motor vehicle lenders are
well-established and not unique to this rulemaking. The Bureau likewise
does not believe that this rule represents an entirely new regulatory
paradigm; the many comments the Bureau received concerning the overlap
between this rule and HMDA, CRA, and CDFI Fund data collections suggest
that the concepts in this rule are already well understood by many
financial institutions and not necessarily novel or paradigm-shifting.
While the Bureau agrees that this rule is the first to attempt to
collect application-level data comprehensively from the entire small
business lending market, the Bureau does not believe that this alone is
a reason to extend the compliance period of the rule.
Policies and procedures. The Bureau has considered comments stating
that financial institutions needed two years to develop and test new
policies and procedures. However, the comments did not provide enough
detail to support extending the compliance period based on this factor
alone.
Technology. Regarding comments requesting two years to comply
because of the need to purchase or upgrade compliance software, the
Bureau agrees in part. The Bureau acknowledges the various steps
related to implementing or updating compliance software, including
finding and vetting vendors, integrating compliance software with other
systems. The Bureau acknowledges the concerns of some commenters that
vendors may not be ready with compliance software before the proposed
compliance date. The Bureau, as noted in part II above, has worked
proactively with vendors and technology departments of financial
institutions since the release of the NPRM to help them speed their
work The Bureau believes that the tiered compliance schedule will
ensure that financial institutions in need of time to buy or upgrade
software will have that time.
Staff and training. Regarding comments requesting a two-year
compliance period in order to have additional time to hire new staff
and train existing staff, the Bureau took those factors into account
when proposing an 18-month compliance date. However, the Bureau agrees
that small financial institutions may require additional time to comply
because they may not have the staff to develop compliance systems that
larger financial institutions may have. The Bureau believes that
smaller institutions may be particularly reliant upon vendors and
third-party software and, as mentioned before, may not be prioritized
by these providers.
Other regulations. Regarding the comments that a two-year period
based was justified based on the compliance periods for other similar
data collection regulations, the Bureau agrees in part for the reasons
specified above. The Bureau acknowledges that industry's experience
with the 2015 HMDA rule suggests that more time is required for smaller
financial institutions in particular, and especially those with no past
experience with a data collection regime like HMDA.
Other comments. Regarding concerns that the proposed compliance
period was inconsistent with the two-year period that the Bureau
previously considered in the SBREFA process, the Bureau now believes
that the two-year period is appropriate for financial institutions with
a moderate volume of originations.
30 months. The Bureau has considered comments requesting a single
30-month compliance period but does not believe this approach would be
appropriate, for the reasons provided below.
Scope and complexity. Regarding the comments that the scope and
complexity of the rule warrants a 30-month compliance period, the
Bureau acknowledges the breadth and complexity of this rule but does
not believe that the time needed to understand the rule in itself
justifies one additional year to comply with the rule.
Processes. The Bureau acknowledges that compliance with the rule
may itself entail complex changes to the various processes pertaining
to small business lending, including front and back-end operations, and
operations across different branches. The Bureau notes that while
industry commenters explained the complexity of changing processes and
procedures with some clarity, the Bureau anticipated these types of
changes in proposing an 18-month compliance period. In any case, these
commenters identified various changes they would have to make in
response to the rule without explaining why these changes justified
extending the proposed compliance period by 12 months.
Software. Regarding the comments requesting 30 months to comply
with the rule because of the need to purchase new software or upgrade
existing software, the Bureau agrees in part. The Bureau acknowledges
the various steps and complexities in the process to upgrade or
purchase software that commenters have identified, but the Bureau does
not believe that all financial institutions need more time to purchase
or upgrade software. The Bureau also acknowledges concerns that
compliance software for this rule did not exist when comments were
submitted in response to the NPRM. The Bureau understands from its
outreach that software providers have been developing compliance
products since the release of the NPRM, and while such products cannot
be finalized until after the final rule, the Bureau believes that such
software will be available for timely implementation by financial
institutions, especially because the Bureau is committed to providing
assistance to technology departments from financial institutions and
software providers to develop compliance solutions in time to meet the
final tiered
[[Page 35443]]
compliance dates. Regarding the comment that software providers need 30
to 36 months to work with their business partners, the Bureau believes
based on its outreach and comments received from some banks that this
work had already begun with the release of the NPRM, and that the
compliance dates provided in final Sec. 1002.114(b) should be
sufficient for software providers to work with their business partners
and financial institutions.
The Bureau acknowledges commenters' concerns about small financial
institutions and their ability to implement software before the
proposed compliance date. The Bureau believes that lower volume
lenders, especially those without previous experience with data
collection rules, are likely to be at the mercy of compliance software
providers and core providers, and are not as likely to have priority
access to new software or provider assistance in implementing it. The
Bureau does not, however, agree that these concerns justify a single
30-month compliance period. Instead, the Bureau believes that these
concerns justify tiered compliance based on the financial institution's
transaction volume.
Staffing and training. Regarding comments that a single, 30-month
compliance period is needed to accommodate the hiring of new staff and/
or training of existing staff, the Bureau agrees in part. The Bureau
acknowledges that this rule may require the hiring or training of staff
in variety of different areas and roles across financial institutions.
The Bureau emphasizes, however, the comment specific to smaller volume
lenders that a community bank would not have a dedicated implementation
team for this rule, but rather would assign responsibility for rule
implementation to existing employees across the bank in addition to
their existing tasks.
Data accuracy. The Bureau acknowledges the comments that the
proposed compliance period may result in data inaccuracies, but does
not believe that a single, 30-month compliance period would be the most
appropriate way to address these concerns. The Bureau, for the reasons
provided already, believes that smaller and even moderate volume
lenders, if subject to an 18-month compliance period data, may be at
particular greater risk of collecting and submitting inaccurate data to
the Bureau. The Bureau acknowledges the comment that small business
lending is varied, involves more negotiation than consumer lending, and
therefore makes it more difficult to capture consistent data for, but
the Bureau does not believe that this factor alone justifies extending
the compliance period. The Bureau observes that the existing
regulations that collect data on small business and small farm lending
already take into account the varied and more individually negotiated
nature of such transactions.
Other regulations. The Bureau acknowledges the comments concerns
that other comparably complex regulations identified by commenters,
such as the 2015 HMDA rule amendments and the TILA/RESPA integrated
disclosure rule, provided for compliance periods longer than the 18
months proposed by this rule. The Bureau acknowledges the comment
observing that in response to the 2015 HMDA amendments, many software
providers barely met the compliance date for that rule, and that
significant updates were still required after the deadline. The Bureau
agrees that smaller lenders may need more time to comply because of
their lack of experience with data collection regulations such as those
under HMDA or CRA. However, the Bureau does not believe that a uniform,
30-month compliance period would be the appropriate way to address all
these concerns. The Bureau believes that the specific comments it
received advocating for a 30-month compliance period for smaller volume
lenders or for those inexperienced with data collection rules support
the tiered compliance dates set forth in the final rule.
Customer relationships. Regarding the concerns that a short
compliance period would hamper the ability of their ability to serve
commercial lending customers, the Bureau agrees in part. The Bureau
believes that smaller lenders and, to a lesser extent, moderate volume
lenders may find it challenging to comply with the new rule while still
serving customers and maintaining day-to-day bank operations. The
Bureau acknowledges the concern that some commenters may adopt new
processes to ensure data quality but provide less access to credit for
applicants. The Bureau does not believe that a uniform, 30-month
compliance period would be the appropriate way to address these
concerns in a manner consistent with the statutory purposes of the
rule. Rather, the Bureau believes that the customer relationships of
smaller volume lenders are likelier to be affected by a shorter
compliance period than the customer relationships of larger lenders.
Sector specific. Regarding the comments that 18 months was not
sufficient for smaller lenders, the Bureau agrees. The Bureau believes
the differences between the compliance challenges faced by smaller and
larger lenders suffice to justify a longer compliance period for
smaller-volume lenders. The Bureau agrees with the multiple comments
stating that smaller institutions, such as community banks, CDFIs, and
rural lenders, are more limited in their capacity to expend the
additional time and resources needed to comply with this rule within 18
months, and with comments that larger lenders do not have such
limitations and often have staff dedicated to regulatory compliance.
Regarding the comment that regulations should apply only to large
banks, not smaller banks, the Bureau notes that while the Dodd-Frank
Act contains provisions specific to larger institutions, it does not
apply exclusively to larger lenders. The Bureau, however, agrees that
the compliance date provision of this rule should not apply to all
financial institutions regardless of size, given the differences in the
relative capacity to comply quickly, as the final tiered compliance
date provision recognizes.
Regarding the comments of a software provider concerning the
various steps in the process to implementing compliance software, the
Bureau appreciates the complexity of the process and the back-and-forth
between software vendors and lenders. The Bureau, however, believes
that the tiered compliance provision provides for more time for a
majority of smaller and moderate volume lenders to work through the
software implementation process. The Bureau is providing resources,
such as the Filing Instructions Guide, concurrent with the release of
this final rule to aid software vendors' and financial institutions'
development of software expeditiously.
Other comments. Regarding the comment requesting for 30 months to
address unanticipated implementation issues, the Bureau believes that
the final compliance date provision provides enough time and leeway for
lenders to address any such issues. Regarding the comment that a 30-
month compliance period would match the normal compliance examination
cycle, the Bureau disagrees as not every financial institution subject
to this rule has examinations on this schedule. Regarding the comment
that an 18-month compliance period is not justified by the length of
time that has elapsed since the passage of the Dodd-Frank Act, the
Bureau notes that in part, it agrees, providing an additional six to 18
months to most lenders.
Three years. The Bureau is not adopting a single compliance period
of three years for all covered financial
[[Page 35444]]
institutions, for the reasons below. The Bureau acknowledges that much
of the reasoning provided in support of a single, three-year compliance
period justifies the compliance period for Tier 3 financial
institutions. As noted above, the Bureau believes that there is no
material difference between 33 months and three years for purposes of
this rule and the compliance of Tier 3 institutions.
General comments. Regarding the comments that a single, three-year
period would achieve the statutory purposes of the rule, the Bureau
believes that having larger- and moderate-volume lenders begin
collecting data in 18 or 24 months, respectively, rather than 33
months, while waiting to obtain more accurate data from smallest-volume
financial institutions, is most likely to maximize the speed with which
the Bureau receives the largest possible volume of accurate data.
Because of this, the Bureau believes that the final tiered compliance
provision better accomplishes the statutory purposes of the rule.
Regarding the comment that such a three-year compliance period should
start on January 1, the Bureau believes that earlier collection of data
is consistent with the purposes of section 1071, even if it results in
the collection of a partial year of data. While less useful in a year-
over-year comparison, a partial year of data would not be ignored
entirely. Given the new data points that would be collected under the
final rule, a partial year of collection will give data users valuable
information they could not access from other sources, for the purposes
of facilitating fair lending enforcement and identifying business and
community development needs.
The Bureau has considered comments asserting that by proposing an
18-month compliance period, the Bureau has shifted the burden of
rapidly complying with the rule onto lenders. The proposed compliance
date reflected an attempt to balance competing concerns, and the final
compliance date reflects a reconsideration of how best to balance the
need to collect data quickly, and the need to collect it accurately.
Regarding the comments that it was arbitrary and unreasonable for
the Bureau to propose a broader rule with an 18-month compliance period
in the NPRM, compared to a rule of lesser scope and a two-year
compliance period in the SBREFA process, the Bureau is not finalizing a
blanket 18-month compliance period in this final rule, as explained
above. And even if the Bureau were finalizing an 18-month compliance
period as proposed, the Bureau would disagree with the commenters for a
number of reasons.
First, the Bureau does not believe that the scope of data
collection and reporting under the NPRM expanded greatly compared to
the SBREFA outline of proposals under consideration. While several data
points were proposed pursuant to ECOA section 704B9(e)(2)(H), most of
these data points (such as pricing, application method, application
recipient, reasons for denial) are data in possession of financial
institutions, as items that are part of the underwriting or lending
process. Some of the other items, such as time in business and NAICS
Code, are captured by some lenders in any case. Similarly, the NPRM
(but not the SBREFA Outline) included several provisions giving leeway
to financial institutions attempting to comply in good faith, such as
the bona fide error and safe harbor provisions.
Second, even assuming that the scope of data collection and
reporting under the NPRM were greatly expanded as compared to the
SBREFA Outline, the final rule includes a variety of provisions
intended to streamline compliance as compared to the NPRM. For
instance, the Bureau has simplified the approach to pricing, time in
business, and NAICS code (requiring the collection of just 3 digits
rather than 6), and the Bureau is no longer requiring the use of visual
observation and surname analysis. The Bureau is also providing a grace
period during which it does not intend to assess penalties, so long as
financial institutions attempts to comply with this rule in good faith
(see part VII below). The Bureau also believes that the materials it
has prepared for concurrent release with the final rule, including the
initial version of the Filing Instructions Guide, will have the effect
of facilitating compliance with the rule.
Regarding the comment that the Bureau was shifting the burden of
its delay in issuing the rule to industry, the Bureau disagrees. The
Bureau's intention in proposing an 18-month compliance period was
balancing two factors--providing sufficient time to comply while
obtaining data as soon as possible. The Bureau believes that the final
tiered compliance provision better strikes that balance by
differentiating between lenders more likely to be able to comply
earlier with accurate data, and lenders that are likely to need more
time to report accurate data.
Sequential changes. The Bureau acknowledges the comments that the
implementation of compliance systems involves numerous steps in a
specific order. However, the Bureau does not believe that this
justifies a single, three-year compliance period for all financial
institutions. The Bureau believes that it is generally correct that
compliance must proceed in a specific order, and it also believes that
larger lenders are more likely to have the capacity and resources to
work on different steps of compliance implementation in parallel rather
than purely sequentially, and thus comply in a shorter amount of time
than smaller-volume lenders with less capacity and resources.
Scope and complexity. Regarding the comments that a three-year
period is needed to carefully understand and interpret the new rule,
the Bureau agrees that this rule will be entirely new to many lenders
with no experience with other data collection rules. However, the
Bureau believes that such lenders are likelier to be smaller, lower-
volume lenders, and that the final tiered compliance regime give them
the additional time they need to understand this rule. Regarding the
comment that lenders could only understand the content of the
regulations after the issuance of the final rule, the Bureau observes
that it has endeavored to simplify this final rule compared to the
content of the NPRM. Regarding comments that a single three-year period
would give the Bureau time to educate and support lenders as they
implemented this rule, the Bureau believes that the finalized system of
tiered compliance dates provides sufficient time to educate and support
smaller, lower-volume lenders more likely to need this help.
The Bureau acknowledges that this rule would cover many different
financial products and services, often with different processes,
involving many changes across business units and systems, but the
Bureau does not believe that a single three-year compliance period for
all financial institutions is warranted on these grounds. The Bureau
acknowledges that this rule is more comprehensive than existing
collections of small business lending data, both in terms of how many
financial institutions will be required to report under the rule, and
in terms of the scope of what is required of any given financial
institutions. However, the Bureau observes that many larger volume
lenders have already complied with similar data reporting requirements
for small business lending, including CRA and the Paycheck Protection
Program, which also involved many data points and, for larger volume
lenders, compliance across different business units and systems. The
scope of this rule is somewhat more expansive than past data
collections, but, as many
[[Page 35445]]
other commenters have pointed out, the significant overlap between this
rule and the data required by other rules means that the content of
this rule is likely to be well understood by many financial
institutions.
Regarding the comments that the rule requires the collection of 21
data points, the separation of demographic information, and
consideration of the feasibility of a firewall, the Bureau notes that
these comments summarized the provisions of the rule without explaining
how compliance with these provisions would require three years rather
than 18 months. Regarding the comment that the regulatory burden of the
rule would be significant and time-consuming, the Bureau refers to the
impacts analysis in part IX. In short, such comments do not explain how
the Bureau's specific attempts to quantify costs were erroneous, and do
not address specific amounts of time that tasks would take.
Policies and processes. Regarding comments that lenders need three
years to create, update, and test non-software processes and policies,
the Bureau acknowledges that some lenders do not currently use written
applications for small business and farm loans, and would need to start
using them. The Bureau believes that these lenders are more likely to
be smaller lenders with lower volumes of originations. The Bureau also
acknowledges that lenders would not be able to change procedures,
forms, policies, and systems until the final rule is issued, and that
clarifications and questions may take some time to address. The Bureau
does not believe this justifies a single three-year compliance period
for all lenders.
Further, while stating that 18 months was insufficient, commenters
did not specify the additional amount of time needed to create new
procedures or workflows for applications, change existing workflows to
align with the firewall requirement, overhaul their forms and
applications, or to obtain new ones. The Bureau believes that the
proposed compliance date would have provided sufficient time for these
processes. The Bureau believes, however, that smaller lenders with
lower volumes of originations may need more time than other lenders to
adjust their processes and procedures to comply with the rule for the
reasons provided.
Technology. The Bureau acknowledges the many comments that it
received requesting a longer compliance period to implement software
solutions, and the various steps in that process, including
identifying, vetting, and choosing vendors, and integrating and testing
software. The Bureau acknowledges that the implementation process for
software can be iterative and sequential. The Bureau understands that
many lenders, especially smaller and community banks, that will need to
automate currently manual lending processes to collect data for this
rule. In particular, primarily lower-volume lenders, such as community
banks and rural institutions, will need additional time to automate
their processes with software to accurately collect data, including
some lenders that collect HMDA and CRA data by manual processes. The
Bureau also understands that many lenders not experienced with data
collection rules have no relationships with vendors.
While some lenders said that they could not begin to implement
software until vendors create it, the Bureau notes that one commenter
had identified a vendor already at work on compliance software for this
rule as of early 2022. Regarding the comment from a larger lender
stating that it would need additional time to build compliance software
itself, the Bureau notes that it received relatively few comments from
larger lenders.
The Bureau notes that of the comments citing software changes to
justify a three-year compliance period, only several provided any
estimates of the time needed to implement software. The few estimates
there were ranged from as few as six months from the issuance of the
final rule to upgrade software to 18 months to two years to implement
software, and further time still to train staff and test software. The
Bureau believes that these comments may overestimate the time vendors
will take to prepare compliance software. Some estimates assumed that
vendors would not start their work until after the release of the final
rule, but the Bureau understands from comments and other feedback that
some software vendors started work on compliance software for this rule
not long after the release of the NPRM. The Bureau also believes, based
on other comments received, that the longer periods suggested by
commenters are most likely to apply to smaller and mid-sized lenders,
for the reasons discussed before--that vendors are likely to prioritize
larger lenders in implementing new or upgraded software.
Regarding the comment that lenders should have software six months
before the compliance date for testing, the Bureau believes that the
tiered compliance provision would provide most lenders this extra time.
In any case, the Bureau believes that the grace period discussed in
part VII may permit lenders to continue testing after their compliance
dates, if needed. Regarding the comment that lenders need more than 18
months to comply because they make build technology decisions one to
two years in advance, the Bureau believes that the release of the NPRM
gave lenders time to plan and budget for compliance technology well in
advance of this final rule. Regarding the comment that some lenders
adopt blackout periods of eight weeks at the end of the year, which
could add four months to the time needed by lenders, the Bureau does
not believe additional changes are needed to final Sec. 1002.114(b).
The commenter did not suggest how common such blackouts were amongst
lenders, nor how an eight-week blackout period would necessitate a
four-month compliance date delay.
The Bureau acknowledges commenters' concerns that small and mid-
sized banks will likely need more time to comply because of their
greater dependence on the timing of third-party software vendors
because these comments were based on industry experience with software
vendors in the context of past rulemakings. The Bureau believes
comments that vendors may become time or resource-constrained and have
difficulties serving many lenders at once, and, given a single
compliance date, are less likely to prioritize smaller lenders. The
Bureau gives credence to comments that small lenders struggled to
implement compliance systems for the TILA/RESPA integrated disclosure
and HMDA rulemakings before their respective compliance dates because
small lenders competed with larger lenders for the limited time and
attention of vendors in advance of regulatory deadlines.
Staffing. The Bureau acknowledges the many comments that lenders
need more time to hire new staff and train existing staff to collect,
verify, and report data for this rule; that training may apply to staff
across different departments and business units within financial
institutions; and that training can be time-consuming. The Bureau
observes that comments requesting a three-year period based in part on
staffing concerns did not estimate how much of the additional time
requested was attributable to staffing issues. One exception was a
comment from a lender that said it would need several months to train
its staff of 3,000 employees; the Bureau believes that this comment
tends to support an 18-month compliance period for larger lenders.
The Bureau understands that certain staff training--on compliance
software for this rule--may occur only after software is implemented.
However, the
[[Page 35446]]
Bureau believes that other training may be conducted in parallel with
the development of software, such as the training on the content of
this rule. The Bureau agrees that lender staff with no familiarity with
data collection rules may need more time to be trained in complying
with this rule. The Bureau notes that the concern that staff already
familiar with the HMDA and CRA rules would need training to avoid
confusion with this rule is mooted by the Bureau's decision to exclude
HMDA-reportable loans from reporting under this rule, and the proposed
amendments to the CRA rules that would eliminate the existing CRA
reporting regime.
Regarding other comments, the Bureau agrees that part of the
compliance process will involve communicating operational changes
resulting from this rule to customers to minimize disruption and
increase the likelihood that they will answer inquiries related to
protected demographic information. The Bureau acknowledges that some
customers may believe that lenders already request too much data but
believes that it is speculative to say that customers may be driven to
less safe financial products to avoid providing data for this rule.
Access to credit. Regarding comments requesting a longer compliance
period because lenders might need to pause or stop their small business
lending until they were in compliance with this rule, hurting the small
businesses that section 1071 was intended to benefit, the Bureau does
not believe that a reduction in access to credit is likely for the
reasons set out in part IX.
Data accuracy. The Bureau, for the reasons stated above, agrees
that smaller and mid-sized lenders are more likely to need more time to
comply with this rule to ensure the accuracy of the data that they will
submit. The Bureau agrees with the group of State banking regulators
that the implementation timeframe should be increased for many
financial institutions to better equip them to accurately report data.
The Bureau makes particular note of comments from smaller lenders
and their representatives that lenders lacking experience with data
reporting regulations, such as HMDA or CRA, require more time to report
accurate data. Inexperienced lenders must create processes from
scratch, develop vendor relationships, and become accustomed to new
procedures, such as testing software and other systems, to ensure the
accuracy of data. The Bureau also agrees that the proposed 18-month
period is not sufficient for lenders with lower-volume small business
lending operations that may face limited staffing resources and that
have never before collected the amount of data required by this rule.
The Bureau agrees in principle that rushed implementation generally
would make data in the first few years after the compliance date
flawed, incomplete, or unusable, limiting the usefulness of the data
for section 1071's fair lending and business and community development
purposes. The Bureau believes that the tiered compliance date approach
it is taking in this final rule will not result in rushed
implementation. Rather, its final compliance provisions will provide
sufficient time for especially smaller and mid-sized lenders to
implement compliance systems and prepare to collect and report accurate
data.
Regarding the comments that data will be error[hyphen]laden in the
first few years of collection until systems, policies, and procedures
can be refined, the Bureau has accounted for this in its final rule,
with its bona fide error provision and additional safe harbors for
certain data points. As discussed in part VII, the Bureau is also
providing a grace period for lenders during which it does not intend to
assess penalties for errors, so long as lenders engaged in good faith
compliance efforts.
Regarding the assertion that a three-year compliance period more
closely adhered to the expectation in the statute, the Bureau notes
that text of the statute does not identify a specific compliance
period, much less one as specific as three years. The Bureau interprets
section 1071 as requiring a compliance period that best advances the
statutory purposes of the rule. For the reasons specified above, the
Bureau believes that its tiered compliance provision does this. In any
case, the Bureau believes that the majority of covered financial
institutions will report data with Tier 3, and thus will have 33 months
to comply with the rule from its issuance.
Other regulations. Regarding the comments that other comparably
complex regulations--such as the 2015 HMDA rule, CRA, the TILA/RESPA
integrated disclosure rule, and FinCEN's customer due diligence rule--
provided for more time to comply that the proposed 18-month compliance
period, the Bureau agrees that these other rules may be instructive as
to how much time smaller and mid-sized lenders might need to prepare to
comply with this rule. However, the Bureau does not believe that this
necessitates a single compliance period of three years.
The Bureau acknowledges the comment that, unlike the 2015 HMDA
rule, this rule does not involve building on an existing system but
rather making a new data collection system, and that smaller-volume
lenders in particular should therefore have closer to three years to
comply. The Bureau also acknowledges that this rule, unlike HMDA,
encompasses different credit products for small businesses which may
use or require different processes, systems, and personnel.
The Bureau agrees that smaller-volume lenders should have more time
because they are more likely to have to build new systems and face
challenges. The Bureau believes that larger lenders are less likely to
have to start from scratch in complying with this rule, that they are
more likely to be familiar with concepts from this rule borrowed or
analogous to provisions in other existing data collection regulations,
such as HMDA and CRA. This remains true even if larger lenders are more
likely than smaller lenders to offer different credit products for
small businesses which use different processes, systems, and personnel.
The Bureau acknowledges commenters' concerns that based on industry
experience with the 2015 HMDA rule, vendors were not likely to be ready
in time for lenders to comply with this rule. The Bureau believes that
the tiered compliance provision will give vendors time to work with
covered financial institutions on a timely basis by spreading out
software needs across three compliance dates. Vendors will be able to
focus on smaller-volume lenders in Tiers 2 and 3, avoiding the hasty
implementation or inattentive or delayed service commenters mentioned
experiencing in complying with the 2015 HMDA rule and the TILA/RESPA
integrated disclosure rule.
The Bureau acknowledges comments that the Bureau to provide
leniency regarding data accuracy for initial submissions after the 2015
HMDA rule, and that lenders spent hours reviewing data to avoid errors
and resubmissions under HMDA. The Bureau notes that the final rule
contains provisions--including the bona fide error provision and the
various safe harbors for several data points--that relieve lenders of
the need to provide perfectly accurate data, especially in early
submissions of data. As discussed in part VII below, the Bureau is also
providing a grace period for lenders during which it does not intend to
assess penalties for errors.
The Bureau appreciates the concerns that vendors may need time to
make inquiries to obtain clarity on the provisions of this final rule
after its release to deploy solutions, as they did with the TILA/RESPA
integrated disclosure rule. The Bureau intends to
[[Page 35447]]
work with vendors to answer inquiries about this rule as early as
possible. The Bureau is releasing certain compliance aids and guides
concurrently with the final rule to assist vendors in advance of the
compliance dates; with previous rules; in the past, such materials were
only made available months after the release of final rules. The Bureau
believes that the leeway the Bureau is providing, in the form of the
grace periods for all three compliance tiers, also may give vendors
more time to test, adjust and improve their systems.
Regarding the comments that experiences with past regulations are
irrelevant, the Bureau disagrees that experience with past rules will
not help lenders comply more quickly with this rule. The Bureau
believes that experienced lenders, especially larger ones, have
developed institutional knowledge and infrastructure in complying with
regulations that will enable them to adapt to more quickly to new rules
than lenders without such experience. The Bureau believes that the
experience with data collection regulations, such as HMDA and CRA, is
particularly relevant to compliance with this rule.
Industry-specific rationales. The Bureau finds compelling the
comments arguing that smaller-volume lenders--including FCS lenders,
community banks, small credit unions, CDFIs, and start-up lenders--
would face greater challenges and costs in complying with the rule
within the proposed 18-month period. The Bureau gives particular weight
to concerns of other regulators that small financial institutions may
need closer to three years to comply with the rule because they face
particular challenges in implementation.
In short, the Bureau finds the specific explanations compelling and
reasonable--larger banks, as commenters pointed out, have more
resources for compliance efforts, while smaller and even midsized banks
may have less resources to, for instance, pay for staff for overtime or
other short-term capacity to comply within 18 months. The Bureau also
believes that small and mid-sized financial institutions will be a
lower priority for vendors, based on the Bureau's outreach and comments
by smaller lenders that experienced this in complying with past Bureau
rulemakings. All of this suggests that smaller and, to a lesser extent,
mid-sized financial institutions may face a tradeoff between speedy
compliance and expending resources that larger lenders do not face.
The Bureau acknowledges the comment that mid-sized banks may face
challenges standing up systems in 18 months despite their best efforts.
The Bureau believes, however, that relative to the lenders with the
smallest volume of small business loans, middle-volume lenders tend to
have more resources and are more capable of complying somewhat more
quickly with this rule. The Bureau believes that while a 33-month
compliance period may be appropriate for smaller-volume lenders, a two-
year compliance period is appropriate for middle-volume lenders.
Regarding the comment that the Bureau should consider a longer
compliance period based on its capacity to collect data from non-
depository institutions subject to the rule, the Bureau believes the
challenge may be ensuring compliance by non-depositories that have not
previously been subject to Federal data collection regimes.
Nonetheless, the Bureau believes that larger non-depository lenders are
likelier to be able to prepare to comply with this rule more readily
while smaller volume lenders have additional time to prepare to comply.
Regarding the comments that the Bureau should provide three years
to comply because the proposed 18-month period is not tenable for motor
vehicle dealers in general and small dealerships in particular, the
Bureau observes that motor vehicle dealers are not covered financial
institutions under this rule. Moreover, as described in the section-by-
section analysis of Sec. 1002.109(a)(3), the Bureau believes that
motor vehicle dealers are often the last entity with authority to set
the material credit terms of the covered credit transaction, and so are
generally unlikely to be collecting small business lending data on
behalf of other reporting financial institutions.
More than three years. Regarding the comment that the Bureau should
adopt a compliance period of three to five years because community
banks would have to make hard decisions on staffing and lending
capacity, resulting in potential market exit, the Bureau does not
believe that such a lengthy compliance period is necessary for all
financial institutions. The Bureau is providing Tier 3 lenders--which
the Bureau believes will include many smaller community banks--33
months, or nearly three years, to prepare to comply with the final
rule. The commenter did not provide any details that would justify an
even lengthier compliance period.
Tiered compliance. Regarding the large number of comments received
from industry commenters that requested tiered compliance--often as an
alternative to a single compliance date longer than 18 months--the
Bureau agrees for the reasons set out above.
The Bureau appreciates industry comments in support of tiered
compliance periods on the grounds that such a system would give smaller
lenders would have more time to comply with the rule, including that
the scope and complexity of the rule and the need to test systems to
ensure accurate reporting would be particularly challenging to smaller
lenders.
The Bureau observes that many commenters that requested tiered
compliance periods on the grounds that smaller banks and credit unions,
especially those serving rural and underserved communities, needed more
time to comply to have time to implement new compliance software. The
Bureau acknowledges the comments identifying discrete steps in the
process of implementing software, including finding vendors, giving
vendors time to develop software, planning and executing network
changes, and training staff but notes that these steps are not unique
to smaller or mid-sized lenders. The Bureau observes that smaller-
volume lenders may find these steps more challenging for a number of
reasons already articulated above. The Bureau acknowledges that smaller
lenders may have little bargaining power with vendors and are often the
last to receive system upgrades. The Bureau believes that tiered
compliance dates are justified because hasty implementation by smaller
banks facing difficulties implementing this rule may result in
inaccurate data.
The Bureau acknowledges certain factors identified by commenters,
such as the need for lenders to hire and/or train additional compliance
staff, train existing lending staff, educate customers on the content
of the rule, are not unique to smaller lenders. However, the Bureau
believes that smaller-volume lenders, especially those without previous
experience complying with data collection rules, may face more
challenges with all of these factors than larger lenders.
The Bureau agrees with the comments that smaller financial
institutions--including CDFIs, credit unions, and lenders servicing
rural and underserved communities--should have a later compliance date
to learn from money-center banks. The Bureau agrees that tiered
compliance is important for lenders inexperienced with data collection
rules to give them time to build compliance infrastructure. The Bureau
agrees that such lenders may face more challenges than depository
institutions in complying quickly with
[[Page 35448]]
this rule, needing to create compliance training programs from scratch,
and that they may have a harder time obtaining expertise to implement
compliance software and procedures. The Bureau agrees with the comment
that banks with no HMDA compliance experience may need more time to
comply with this rule than larger banks with such experience. The
Bureau believes that the experience of larger banks with HMDA will
enable them to more quickly comprehend this rule and implement
compliance systems for this rule. This experience will also enable such
banks to train their staffs more quickly. The Bureau further agrees
that, under a tiered compliance system, smaller-volume lenders may
learn from the earlier implement of large banks, and that tiered
compliance would give smaller lenders more time to resolve
unanticipated issues.
The Bureau believes that industry experience with the staggered
effective dates in the Financial Accounting Standards Board's Current
Expected Credit Loss rule somewhat informs the final tiered compliance
provision. The Bureau believes that the approach taken by the Financial
Accounting Standards Board and other Federal regulators regarding the
Current Expected Credit Loss rule support the Bureau's approach here.
Regarding the number of compliance date tiers, the Bureau believes
that the three tiers included in this final rule are more appropriate
than two as suggested by some commenters, for the reasons already
articulated. However, commenters distinguished not just between smaller
and larger lenders; comments also identified mid-volume lenders as
facing unique issues in complying with the rule, occupying a space
between large and small lenders. Mid-volume lenders face certain
challenges complying with the rule compared to larger lenders, but have
greater resources and, often, more experience with Federal regulations
and data collections than small lenders.
Regarding the comments supporting the adoptions of three compliance
tiers, the Bureau agrees. Regarding the comment that the Bureau should
adopt three compliance tiers, giving the largest lenders one year to
comply, medium-sized lenders two years, and small lenders three years,
the Bureau agrees in part. The Bureau agrees that earlier compliance
dates are justified for large lenders because they have greater staff
expertise, as well as capacity and resources, to comply with data
collection regulations. However, the Bureau believes that a one-year
compliance period may be insufficient for many larger financial
institutions to comply with this rule.
Regarding the comment that the third compliance tier should include
trusted small business lenders, the CFPB intends to propose, in a
follow-on notice of proposed rulemaking, that lenders with strong
records under the CRA or other relevant frameworks be permitted
additional time to come into compliance with the rule. That approach is
consistent with the statutory purposes of the rule.
Regarding the request for tiered compliance starting not less than
three years after the final rule, the Bureau does not believe such an
approach would be appropriate, for the reasons specified above
concerning the request for a single three-year compliance period. The
Bureau believes that a three-year period for the earliest tier is
inconsistent with the statutory purposes of the rule because larger
volume financial institutions are capable of adequate compliance with
this rule within 18 months. Further delay for these lenders would
result in a longer period during which data are unavailable to
facilitate the enforcement of fair lending laws or to identify business
and community development needs and opportunities.
Regarding the requests that the Bureau use asset size to determine
compliance date tiers, the Bureau acknowledges that asset size can
sometimes be a proxy for determining the resources and capacity a
lender has to prepare to come into compliance with the rule. It is also
a simple metric to implement, given that there are recognized standards
for reporting assets. The Bureau agrees that institutions with less
assets often have smaller compliance and information technology staffs.
However, the Bureau notes that this rule applies to non-depository
institutions as well. Some such lenders may have high volumes of
originations but relatively low assets. As a result, the Bureau
observes that asset size may not be as reliable a proxy for the
capacity and resources a non-depository institution has to comply
quickly with the rule. The Bureau believes that volume of originations
is, in the context of small business lending, a better proxy than asset
size for determining the capacity of a lender to comply with this rule.
The Bureau also believes that tiering based on volume of originations
is proportional to the interest a lender would have in complying with
this rule, regardless of asset size.
Regarding the comments opposing tiered compliance dates, the Bureau
appreciates that this rule represents a great change for small and
large financial institutions that may proceed through similar steps to
implement the rule, including understanding the rule, changing
processes, building and testing systems, training staff, and adding
procedures and controls. The Bureau does not believe, however, that the
magnitude of challenges lenders face is the same regardless of the size
or capacity of the institution. The Bureau believes that the largest
volume lenders that will be in Tier 1 have the capacity to comply with
this rule within 18 months, especially given the leeway provided by
this rule--in the form of the bona fide error thresholds and safe
harbors--and by the grace period to report data that is sufficiently
accurate. The Bureau agrees with the comment that limiting access to
small business credit could have a negative impact on the economy, but
does not believe the final tiered compliance date provision would
``inevitably'' result in any diminishing of access to credit for small
businesses, as discussed in more detail in part IX below.
Regarding the comment opposing tiered compliance dates on the
grounds that 18 months was sufficient for all institutions, the Bureau
disagrees for the reasons specified above. While many smaller-volume
lenders may be able to comply within 18 months, the Bureau believes
that many such lenders may find it challenging to comply within 18
months. Regarding the comment that financial institutions have had
since the release of the NPRM in September 2021 to begin preliminary
planning to comply with this rule, the Bureau agrees in part. While the
final rule differs from the NPRM in several aspects, many provisions
are based on statutory requirements--such as the mandatory data points,
the firewall provision, the recordkeeping requirements, and the privacy
analysis--and would have been finalized in some manner, permitting some
planning for financial institutions concerned with preparing for
implementation well in advance of the eventual compliance date. The
Bureau does not believe, however, that the September 2021 release of
the NPRM gives smaller volume lenders the ability to comply with this
rule within 18 months of its issuance.
Regarding the comment that the proposed compliance period of 18
months would give banks just six months to collect data to do a trial
run with one year of data before compliance date, the Bureau observes
that smaller volume lenders in Tiers 2 or 3 would have more time to
test their collection systems. The Bureau also notes that pursuant to
final Sec. 1002.114(c)(1), all
[[Page 35449]]
financial institutions may start collecting data one year before their
respective compliance dates, giving especially smaller-volume lenders
more time to test their systems.
114(c) Special Transitional Rules
The Bureau is adopting two transitional rules in Sec. 1002.114(c)
to facilitate the initial compliance of financial institutions with
subpart B. Final Sec. 1002.114(c)(1) permits, but does not require,
financial institutions as described by Sec. 1002.114(b)(1) through (3)
to collect information regarding applicants' minority-owned business
status, women-owned business status, LGBTQI+-owned business status, and
the ethnicity, race, and sex of applicants' principal owners under
final Sec. 1002.107(a)(18) and (19) beginning 12 months prior to the
financial institution's applicable compliance date as set forth in
Sec. 1002.114(b)(1) through (3). A financial institution collecting
such information pursuant to Sec. 1002.114(c)(1) must do so in
accordance with the requirements set out in Sec. Sec. 1002.107(a)(18)
and (19), 1002.108, and 1002.111(b) and (c). In addition, comment
114(c)-2 clarifies that a financial institution that receives an
application prior to its compliance date under Sec. 1002.114(b), but
takes final action on the application after the compliance date, is not
required to collect data regarding that application under Sec.
1002.107 and not required to report the application pursuant to Sec.
1002.109.
Final Sec. 1002.114(c)(2) permits a financial institution that is
unable to determine the number of originations of covered credit
transactions for small businesses for calendar years 2022 and 2023,
because for some or all of this period it does not have readily
accessible the information needed to determine whether its covered
credit transactions were originated for small businesses as defined in
Sec. 1002.106(b), to use a reasonable method to estimate its
originations to small businesses for either or both of the calendar
years 2022 and 2023.
The Bureau believes that these transitional rules pursuant to its
authority under ECOA section 704B(g)(1), are necessary to carry out,
enforce, and compile data pursuant to section 1071.
114(c)(1) Collection of Certain Information Prior to a Financial
Institution's Compliance Date
Proposed Rule
Proposed Sec. 1002.114(c)(1) would have provided that a financial
institution that will be a covered financial institution as of the
compliance date in proposed Sec. 1002.114(b) is permitted, but not
required, to collect information regarding whether an applicant for a
covered credit transaction is a minority-owned business under proposed
Sec. 1002.107(a)(18), a women-owned business under proposed Sec.
1002.107(a)(19), and the ethnicity, race, and sex of the applicant's
principal owners under proposed Sec. 1002.107(a)(20) beginning 12
months prior to the compliance date. A financial institution collecting
such information pursuant to proposed Sec. 1002.114(c)(1) would have
been required to do so in accordance with the requirements set out in
proposed Sec. Sec. 1002.107(18) through (20) and 1002.108.
The Bureau sought comment on the approach in this proposal.
Comments Received
A joint letter from several trade associations supported the
proposed provision permitting early collection of data. A community
group agreed with the reasoning and approach to allowing voluntary
reporting by financial institutions, inquired whether the Bureau was
permitting voluntary reporting of date only for demographic
information, and suggested that to permit the reporting of only
demographic information would be of limited use. A business advocacy
group commended the Bureau for encouraging the reporting of data before
the start of the compliance period, and encouraged the Bureau to offer
incentives to enable collection of data as early as possible to help
enable the analysis of fair lending. Several CDFI lenders suggested
that mission-oriented lenders ready to report data in 18 months should
be able to opt in. Two banks recommended that the 12-month period of
voluntary collection in advance of the compliance date should be
extended further, noting that such a transitional period would be a
critical period for lenders to implement, test, and if necessary,
modify data collection and maintenance processes and systems before the
compliance date. One trade association requested that the Bureau
clarify that applications submitted before the compliance date, but
approved after the compliance date, not be considered covered
applications for purposes of determining coverage.
Final Rule
The Bureau is finalizing Sec. 1002.114(c)(1), maintaining the
provision in principle but making several changes. First, final Sec.
1002.114(c)(1) permits, but does not require, a financial institution
that will be a covered financial institution by the compliance dates
set out in Sec. 1002.114(b)(1) through (3) to collect protected
demographic information pursuant to Sec. 1002.107(a)(18) and (19)
beginning 12 months prior to the compliance date applicable to that
financial institution. This regulatory text has been adjusted to
account for the change from a single compliance date in proposed Sec.
1002.114(b) to the three different compliance dates in final Sec.
1002.114(b)(1) through (3). Second, final Sec. 1002.114(c)(1)
clarifies that any protected demographic information collected under
this provision must comply with the requirements of Sec.
1002.107(a)(18) and (19), and Sec. 1002.108, as proposed, and adds a
new requirement that any demographic information collected must comply
with the requirements of Sec. 1002.111(b) and (c). Third, final Sec.
1002.114(c)(1) clarifies that a financial institution that receives an
application prior to its compliance date specified in Sec.
1002.114(b), but takes financial action on or after that compliance
date, is not required to collect data regarding that application
pursuant to Sec. 1002.107 nor to report the application pursuant to
Sec. 1002.109.
The Bureau is also finalizing new comments 114(b)-1 through 4.
Comment 114(b)-1 specifies the provisions of this rule that a covered
financial institution must comply with by the compliance date that
applies to it under Sec. 1002.114(b). Comment 114(b)-2 specifies the
provisions of this rule that covered financial institutions that must
comply with the initial partial year collection pursuant to Sec.
1002.114(b)(1), from October 1, 2024 through December 31, 2024. Comment
114(b)-3 establishes informal names for compliance date provisions
(Tier 1, Tier 2 and Tier 3) to facilitate discussion of the compliance
dates specified in Sec. 1002.114(b)(1), (2), and (3). Comment 114(b)-4
illustrates the application of Sec. 1002.114(b) to determine the
compliance dates of a variety of financial institutions, based on a
variety of volumes of originations of covered credit transactions to
small businesses.
The Bureau believes that this provision will give financial
institutions time to test their procedures and systems for compiling
and maintaining this information in advance of actually being required
to collect and subsequently report it to the Bureau. Under this
provision, financial institutions will have time to adjust any
procedures or systems that may result in the inaccurate compilation or
maintenance of applicants' protected demographic information, the
collection of which is required by section 1071 but
[[Page 35450]]
otherwise generally prohibited under ECOA and Regulation B. (Financial
institutions could of course collect the other information that would
be required by this proposed rule at any time, without needing express
permission in Regulation B to do so.) The Bureau believes that this
provision will facilitate compliance and improve the quality and
accuracy of the data reported to the Bureau and therefore is necessary
to carry out, enforce, and compile data pursuant to section 1071, and
will carry out the purposes of ECOA, and is necessary or proper to
effectuate the purposes of ECOA and facilitate or substantiate
compliance therewith.
Regarding the question as to whether the proposed provision permits
voluntary reporting only of protected demographic information, the
Bureau observes that the provision actually only permits the
collection, not reporting, of demographic information. The provision is
necessary because, in its absence, ECOA and Sec. 1002.5(b) of
Regulation B would otherwise prohibit creditors from collecting such
demographic information, while creditors are not prohibited by ECOA and
Regulation B from collecting the other data points required by this
rule. Regarding the comments encouraging the Bureau to offer incentives
to collect data as early as possible to help enable the analysis of
fair lending, the Bureau notes that the provision exists only to help
financial institutions better prepare to comply with the rule. The
Bureau is not adopting any additional incentives, as suggested by
commenters, and indeed it is unclear what incentives it might offer to
further encourage early reporting.
Regarding the comment that mission-oriented lenders ready to report
data in 18 months should be able to opt in, the Bureau agrees.
Regarding the request to extend the transitional period further such
that financial institutions could collect protected demographic
information without being required to report it for a period longer
than 12 months, the Bureau acknowledges these concerns but does not
believe such a change would be appropriate. The Bureau's decision to
provide most smaller-volume financial institutions additional time by
way of tiered compliance dates, as well as a grace period during which
it does not intend to exercise its supervisory or enforcement
authorities, all give financial institutions additional time and leeway
to establish their compliance systems. Further, institutions seeking
longer periods to collect demographic information would not necessarily
have even one year of information upon which to base a determination
that they may have to begin preparing to comply with the rule,
potentially resulting in the collection (but not reporting) of
protected demographic data in a way that completely overrides the
general prohibition in existing Sec. 1002.5(b).
Regarding the request to clarify that applications submitted before
the compliance date, but approved after, not be considered covered
applications, the Bureau agrees that such clarity is useful and thus
final Sec. 1002.114(c)(1) addresses and implements this request.
114(c)(2) Determining Which Compliance Date Applies to a Financial
Institution That Does Not Collect Information Sufficient To Determine
Small Business Status
Proposed Rule
Proposed Sec. 1002.114(c)(2) would have provided that for purposes
of determining whether a financial institution is a covered financial
institution under proposed Sec. 1002.105(b) as of the compliance date
specified in proposed Sec. 1002.114(b), a financial institution would
be permitted, but not required, to use its originations of covered
credit transactions for small businesses in the second and third
preceding calendar years (rather than its originations in the two
immediately preceding calendar years).
The Bureau sought comment on the approach in this proposal.
Comments Received
A joint letter from trade associations representing the commercial
real estate industry supported the proposed provision and suggested an
edit to the regulatory text of proposed Sec. 1002.114(c)(2) specifying
that a financial institution is permitted, but not required, to use its
originations in the first two full calendar years after the effective
date of the rule, rather than its originations in the two immediately
preceding calendar years.
A joint letter from trade associations, in commenting on the
proposed compliance date, claimed that 18 months was not enough time to
determine covered financial institution status pursuant to Sec.
1002.105(b) because lenders would be required to collect gross annual
revenue data to determine the small business status of their
originations for purposes of originations thresholds, but they could
not collect such data until after the publication of the final rule.
The commenter noted that many lenders do not collect gross annual
revenue for their commercial loans (e.g., investment property loans are
underwritten based on net operating income), and that some lenders that
collected gross revenue data did not have it readily accessible. The
commenter requested a longer compliance period to give lenders time to
understand the content of the final rule before the start of a calendar
year to track originations for small businesses to avoid retroactive
application of the final rule. The commenter suggested, instead, a two-
calendar-year period to collect gross annual revenue data, followed by
the compliance date starting the third calendar year for those
financial institutions that determine they are covered. The commenter
noted that its proposed schedule was a minimum, and was predicated on
having a gap between publication of the final rule and the start of the
first calendar year during which lenders would track the small business
status of originations, and that the Bureau published technical
specifications sufficiently in advance of the third calendar year. A
trade association, also commenting on the compliance period, claimed
that two years would allow for implementation by lenders, would provide
time to track originations of covered transactions and, therefore, the
small business status of applicants, and would allow lenders to make
changes necessary to achieve the statutory purposes of the rule.
Final Rule
The Bureau is not finalizing Sec. 1002.114(c)(2) as proposed. The
Bureau is instead implementing a different provision stating that a
financial institution that is unable to determine the number of covered
credit transactions it originated for small businesses for calendar
years 2022 and 2023 for purposes of determining its compliance date
pursuant to Sec. 1002.114(b), because for some or all of this period
it does not have readily accessible the information needed to determine
whether its covered credit transactions were originated for small
businesses as defined in Sec. 1002.106, is permitted to use any
reasonable method to estimate its originations to small businesses for
either or both of the calendar years 2022 and 2023. The Bureau is also
implementing new comments 114(c)-3 through -6. Comment 114(c)-3
specifies circumstances under which a financial institution has readily
accessible the information needed to determine the small business
status of its covered credit transactions for purposes of determining
its compliance date. Final
[[Page 35451]]
comment 114(c)-4 specifies certain circumstances under which a
financial institution does not have readily accessible the information
needed to determine small business status of its covered credit
transactions for purposes of determining its compliance date. Final
comment 114(c)-5 identifies three reasonable methods that may be used
by financial institutions to estimate the number of covered credit
transactions for small businesses for purposes of determining its
compliance date. Final comment 114(c)-6 provides examples of financial
institutions applying each of the three reasonable methods identified
in comment 114(c)-5 by financial institutions, as well as financial
institutions applying reasonable methods not specified in comment
114(c)-5, to estimate the number of covered credit transactions for
purposes of determining its compliance date.
The Bureau believes that, in the context of the proposed single
compliance date, proposed Sec. 1002.114(c)(2) would have provided
greater clarity and certainty to financial institutions as to whether
or not they would be covered financial institutions. This may have been
particularly important for those financial institutions that originated
a volume of covered credit transactions close to the threshold under
proposed Sec. 1002.105(b) and a single compliance date. The Bureau
believed this provision would have been necessary to carry out,
enforce, and compile data pursuant to section 1071.
However, because of the changes to the compliance date provision in
final Sec. 1002.114(b), from a single compliance date to several tiers
of compliance dates, the Bureau believes that Sec. 1002.114(c)(2) as
originally proposed may no longer effectively serve the purposes for
which it was originally intended. The Bureau believes that because the
final rule provides for several compliance dates, the optionality
provided by proposed Sec. 1002.114(c)(2) is no longer necessary and
may even make compliance more confusing. The transition to several
compliance dates in the final rule, from a single compliance date in
the proposal, means that many lower-volume financial institutions will
have one to two years in advance of their compliance date to determine
whether they are covered financial institutions that must report data
at all. For instance, an institution with a compliance date of January
1, 2026, based on its annual originations in 2022 and 2023, may not be
a covered financial institution at all by its compliance date if it has
less than 100 annual originations in 2024 or 2025.
The Bureau received one comment directly addressing proposed Sec.
1002.114(c)(2). By contrast, the Bureau received multiple comments on
the difficulty that some financial institutions may face in determining
their coverage under this rule, and therefore their compliance date,
because they do not collect information on the gross annual revenue of
their applicants for business credit. Some industry commenters, as set
out in the section-by-section analysis of Sec. 1002.107(a)(14), noted
either that they did not collecting data on gross annual revenue of
some small business applicants, or that there would be difficulties in
collecting such data.
In response to these comments, the Bureau has revised Sec.
1002.114(c)(2) to provide greater flexibility for those financial
institutions that do not have ready access to data on gross annual
revenue to determine what compliance date will apply to them for
purposes of Sec. 1002.114(b). Because of the changes to this rule
after the proposal, the Bureau believes that this provision, as
finalized, will provide greater clarity and certainty to those
financial institutions that do not currently collect gross annual
revenue data as to which compliance date will apply to them. This will
be particularly important for those financial institutions that
originated a volume of potentially covered credit transactions close to
the threshold under Sec. 1002.105(b), and those financial institutions
that originated a volume of potentially covered credit transactions
close to the thresholds in Sec. 1002.114(b). The Bureau believes this
provision is necessary to carry out, enforce, and compile data pursuant
to section 1071.
Appendix E to Part 1002--Sample Form for Collecting Certain Applicant-
Provided Data Under Subpart B
Proposed Rule
The Bureau proposed a sample data collection form that financial
institutions could choose to use to collect minority-owned business
status, women-owned business status, and principal owners' ethnicity,
race, and sex. The proposed sample data collection form would have been
similar to the HMDA data collection form and would have included a
notice of the applicant's right to refuse to provide the information as
well as an explanation of why the financial institution is requesting
the information. The sample data collection form would have also
included the definitions of minority individual, minority-owned
business, principal owner, and women-owned business as they would have
been defined in proposed Sec. 1002.102(l), (m), (o), and (s),
respectively.
Additionally, to aid financial institutions with the collection of
the information in proposed Sec. 1002.107(a)(21), the sample data
collection form would have included a question about the applicant's
number of principal owners. The sample data collection form would have
also included language that a financial institution would have been
able to use to satisfy the notice requirement under ECOA section
704B(d)(2) if it determined that one or more employees or officers
should have access to the applicant's protected demographic information
pursuant to proposed Sec. 1002.108(b)(2).
The Bureau requested comment on the proposed sample data collection
form, including the proposed language for the notice under ECOA section
704B(d)(2). The Bureau also generally requested comment on whether to
provide additional clarification regarding any aspect of the sample
data collection form or the related notice provided pursuant to ECOA
section 704B(d)(2). In addition, the Bureau sought comment on whether
the sample data collection form should identify the Bureau to
applicants as a potential resource in connection with their applicable
legal rights or for additional information about the data collection,
including concerns regarding non-compliance. It also sought comment on
whether financial institutions need additional information on how to
adapt this form for use in digital modes of data collection, and, if
so, what specific information would be most useful. The Bureau further
requested comment on whether a sample data collection form in Spanish
or other languages would be useful to financial institutions.
Comments Received
Commenters were generally supportive of the Bureau's inclusion of a
sample data collection form in the final rule, stating that the sample
data collection form would help financial institutions meet the
demographic data collection requirements.
Several commenters had suggestions for language to add to the
proposed sample data collection form. One trade association suggested
that the data collection form disclose, as the beginning, that the
applicant is not required to respond to the questions, and second
inquire as to whether the applicant is a small business based on its
gross annual revenue and establish that the form is not required if the
applicant is not a small business. One bank commented that the form
should
[[Page 35452]]
include language, in bold, to the applicant stating that the
information provided will not be used against them and is not
derogatory.
A bank urged providing an option on the proposed form for an
applicant to indicate if the applicant's principal owner was present
when the form was completed or if the responses were provided by the
principal owner, to lessen confusion and discomfort during the
application process. The bank stated such an option would also improve
data quality where a financial institution does not meet with a
principal owner in person and thus cannot make ethnicity and race
determinations on the basis of visual observation and/or surname
analysis. A trade association suggested including options to indicate
on the form if the applicant declined to answer and that the applicant
was not available, which could be used if an applicant representative
was uncertain of an absent principal owner's ethnicity, race, and/or
sex or was unsure if the principal owner wished to provide such
information.
A community group commenter recommended that the sample data
collection form include a notice that the Americans with Disabilities
Act prohibits discrimination in lending practices on the basis of an
applicant's disability.
An individual commenter suggested that applications include an
explanation of why the Bureau is collecting protected demographic
information after a demographic information collection section, which
would allow an applicant to make an informed decision in providing
information and know who to contact in the event of discrimination.
A bank and a trade association stated that the proposed sample data
collection form is misleading because it would have indicated that the
demographic information is required and would not have stated that the
borrower has the right to refuse to provide the requested information.
In contrast, however, a CDFI lender supported the statement on the
proposed form that applicants are not required to provide the
information requested but are encouraged to do so. This commenter also
supported the notice on the sample form that while provided information
could not be used to discriminate against the applicant, some employees
may have access to the information.
Some lenders and trade associations expressed concerns about the
text on the proposed sample form that would have disclosed that, if an
applicant does not provide ethnicity, race, or sex information for at
least one principal owner and the financial institution meets with a
principal owner in person or via electronic media with an enabled video
component, the financial institution is required by Federal law to
report at least one principal owner's ethnicity and race based on
visual observation and/or surname. Some of these commenters, who also
opposed the proposed visual observation and surname data collection
requirement this language would have referenced, stated that the
proposed disclosure language may discourage an applicant from seeking
an in-person meeting with the financial institution or pressure
applicants to provide the information to avoid inaccurate guesses by
bank employees or officers. Other commenters requested that the
disclosure about the proposed visual observation and surname data
collection requirement be removed from the form, because it would
inform an applicant that the financial institution will be collecting
information about their principal owners' ethnicity and race regardless
of their choice to not provide the information. A joint letter from
several trade associations representing the commercial real estate
industry opposing the proposed visual observation and surname data
collection requirement stated that the related disclosure language on
the proposed form should be removed if the data collection requirement
is not adopted for the final rule.
Some community groups, a CDFI lender, and a joint trade association
letter recommended that the Bureau provide non-English translations of
any sample forms, including in Spanish. Two community groups suggested
that the data collection form be provided in English, Spanish, and
Mandarin Chinese. They stated that providing the forms in multiple
languages would help reduce confusion and help lenders. Other community
groups and a lender suggested that the proposed form be provided in at
least the top ten spoken languages in the United States, as determined
by the Census, so applicants can understand the data being collected
and its context. They stated that the translations are necessary to
honor the statutory intent, and that immigrants are more likely to
start businesses than non-immigrants, and research shows that many
immigrants and immigrant entrepreneurs have limited English
proficiency, which leads to difficulties in navigating the financial
marketplace.
A trade association and a bank requested flexibility to solicit
responses to the questions on the proposed sample collection form
across different circumstances, and specifically asked for
clarification that financial institutions could list the response ``I
do not wish to provide this information,'' as the first response option
and not the last, as it is listed for all the proposed questions on the
form. The commenters also asked for flexibility, when using an
electronic data collection form, to collapse subcategories of
questions, so that they appear only when an applicant clicks on a
question to facilitate readability. The commenters also asked for
clarification for applications taken orally, as to whether all
categories of responses must be read to the applicant, even if the
applicant has responded to an earlier response option. These commenters
also requested a safe harbor from liability for not using the language
of the sample data collection form when taking a covered application
orally, stating that some words on the form are long, complex, and may
be difficult for employees to pronounce. These commenters also stated
that the sample data collection form should disclose which data points
will be published to allow applicants to make informed decisions,
address privacy concerns, and improve data quality.
Some commenters had suggestions for additional forms or materials
the Bureau should issue. A trade association stated that the Bureau
should create a business-specific form to request information, which
the commenter stated should be optional for financial institutions to
use. Several commenters, including banks, community groups, and a
minority business advocacy group, asked the Bureau to create a uniform
or model data collection or application form. The commenters generally
stated that such a form would facilitate accurate data collection. One
bank asserted that the likelihood of a respondent providing information
would be higher, citing Paycheck Protection Program data that the
majority of applicants chose not to provide demographic information.
The bank stated that absent a uniform CFPB-issued form, collection and
the resulting data will be flawed. Two commenters cited the HMDA model
application forms as an example of such a uniform application, which
one said effectively explains to borrowers why data are being collected
and encourages completion of the data while also giving the borrower
some assurance that they will not be discriminated against for either
furnishing (or not) the data. A trade association and a bank urged the
Bureau to create a specific data collection form for loans covered by
HMDA and by section 1071, if HMDA-reportable loans are included in the
[[Page 35453]]
final rule, to facilitate consistent reporting. A trade association and
a business advocacy group encouraged the Bureau to evaluate the sample
data collection form and instructions on an ongoing basis for any
necessary changes.
Final Rule
Pursuant to its authority under ECOA section 704B(g)(1), the Bureau
is finalizing appendix E to help financial institutions comply with
requirements to collect applicants' protected demographic information
and to keep an applicant's responses to inquiries for such information
separately from the credit application and accompanying information.
The introductory language in the sample form includes right to refuse,
firewall, and non-discrimination notices. When lenders choose to use
the form, this language serves to facilitate compliance with ECOA
section 704B(c) and, when applicable, 704B(d)(2), as well as with
comment 107(a)(19)-4, which requires that applicants be informed that
Federal law requires it to ask for the principal owners' ethnicity,
race, and sex/gender to help ensure that all small business applicants
for credit are treated fairly and that communities' small business
credit needs are being fulfilled. Though the sample form reflects a
number of legal requirements applicable to collection, the rule does
not require use of the form itself. Rather, the sample form is intended
as a compliance resource for lenders who choose to use it.
The Bureau agrees generally with commenters that the sample data
collection form at final appendix E will help facilitate financial
institutions' efforts to comply with the data collection requirements
of the final rule, meet their statutory obligations, and that it will
streamline the data collection process. To further these goals, the
sample data collection form at final appendix E reflects edits made by
the Bureau in response to comments received and further Bureau
consideration. The final version of the form also considers feedback
from user testing, conducted to learn about small business owners'
likely experience in filling out the form and to explore design and
language options to make the form effective.\839\
---------------------------------------------------------------------------
\839\ CFPB, User testing for sample data collection form for the
small business lending final rule (Mar. 2023), https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------
The Bureau received comments suggesting that the Bureau provide
more guidance or specific text on the form about the purpose of the
data collected through the form. The Bureau agrees with commenters that
it is important to provide applicants with a general explanation of the
rule and its purpose. As discussed in the section-by-section analysis
of Sec. 1002.107(a)(19), in response to similar comments and in
consideration of feedback from the user testing, comments 107(a)(18)-4
and 107(a)(19)-4 provide that a financial institution must inform an
applicant that Federal law requires it to ask for the applicant's
principal owners' ethnicity, race, and sex to help ensure that all
small business applicants for credit are treated fairly and that
communities' small business credit needs are being fulfilled. The
Bureau has also included sample language for the statement on the
sample form at appendix E. In the Bureau's user testing, participants
also generally reflected a preference for upfront placement of language
establishing that Federal law requires the collection of the requested
information and emphasizing the purpose of collecting the information,
to ensure that small business owners are treated fairly. As revised,
the introduction on the first page of the final sample data collection
form starts with this statement and also reiterates the purpose of the
data collection in the last sentence. As discussed in the section-by-
section analysis of Sec. 1002.108, the Bureau has also revised the
firewall notice in the introduction. The Bureau has moved its placement
to the second paragraph of the introduction. In line with a suggestion
by a commenter, the Bureau has also generally revised the language of
the non-discrimination notice to emphasize that the financial
institution may not discriminate against the applicant on the basis of
its answers, by bolding and capitalizing the phrase, ``Federal law
prohibits discrimination'' in that disclosure, along with other
edits.\840\
---------------------------------------------------------------------------
\840\ Id. at app. A.
---------------------------------------------------------------------------
To accommodate the changes described above, the right to refuse
notice is now included later in the introduction. The Bureau received
comments that the proposed sample data collection form does not state
that applicants have the right to refuse to provide the information
requested--which the Bureau notes is incorrect--and a suggestion that
the form emphasize that right at the very beginning. In the user
testing, some participants also recommended greater emphasis on the
right to refuse.\841\ After consideration of all the received feedback,
the Bureau believes that the introduction of the sample data collection
form appropriately addresses an applicant's right to refuse to provide
the information requested. In particular, the preceding introductory
material in the sample data collection form, as described above, will
inform applicants about what they are refusing when exercising that
right.
---------------------------------------------------------------------------
\841\ Id.
---------------------------------------------------------------------------
The first page of the final sample form also includes a question
about the applicant's business status under final Sec.
1002.107(a)(18). Whereas the proposed sample form originally had
separate inquiries for an applicant's minority-owned business status
and women-owned business status, the final sample data collection form
combines those questions, along with the inquiry about whether the
applicant is an LGBTQI+-owned business, into one question to streamline
the questions on the data collection form.\842\ The Bureau also
received feedback during its user testing of the forms that the term
``business status'' was confusing for applicants. In consideration of
that feedback and comments received generally urging the Bureau to make
the sample data collection form clearer for applicants, the Bureau has
revised the sample question heading to read ``Business ownership
status.''
---------------------------------------------------------------------------
\842\ Two versions of a combined question were tested in the
Bureau's user testing. The version in final appendix E is the
version the Bureau believes is conceptually simpler for applicants
to understand.
---------------------------------------------------------------------------
As discussed in the section-by-section analysis of Sec.
1002.102(m), the Bureau is not adopting its proposed definition for
minority individual in the final rule, because it is incorporating the
substance of the minority individual definition in the ``minority-owned
business'' definition at final Sec. 1002.102(m). To facilitate the
readability of the combined business ownership status question on the
final sample data collection form, the Bureau is including a separate
explanation for what is meant by a minority individual, which is
similar to the approach to the minority-owned business question on the
proposed sample data collection form. A financial institution is
permitted to use the language on the sample form to satisfy the rule's
requirement to provide certain definitions when requesting an
applicant's business status.
The first page of the final sample data collection form also
includes a question about the number of the applicant's principal
owners, as did the first page of the Bureau's proposed form. The Bureau
has revised the question to include check boxes for potential responses
instead of a write-in text field as proposed, to reduce the likelihood
of
[[Page 35454]]
error by applicants in responding to the question.
Final comments 102(o)-3 and 107(a)(20)-1 clarify that a financial
institution must provide the definition of principal owner set forth in
Sec. 1002.102(o) when requesting information about the number of an
applicant's principal owners. As discussed further in the section-by-
section analyses of Sec. Sec. 1002.102(o) and 1002.107(a)(20), in
consideration of overall feedback from commenters to improve applicant
understanding of the data collection and positive feedback received in
the course of the user testing, the Bureau has revised the number of
principal owners inquiry on the final sample data collection form to
use the term ``individual'' instead of the term ``natural person'' when
providing the definition of a principal owner.
As explained in the section-by-section analysis of Sec.
1002.107(a)(19), the Bureau has elected to not adopt the proposed
requirement that a financial institution collect at least one principal
owner's ethnicity and race information through visual observation and/
or surname analysis under certain circumstances. As a result, the
Bureau has removed the proposed disclosure regarding this requirement
from the second page of the final sample data collection form,
rendering commenters' objections to the disclosure moot.
In the Bureau's user testing, some participants expressed confusion
about differences between the ethnicity and race questions on the
sample data collection form. Some users also stated it was not obvious
how many separate questions they had to answer. To ensure that the
sample data collection form is clear and easily understood, on the
second page of the form the Bureau has numbered the sample questions
about a principal owner's ethnicity, sex (as ``sex/gender''), and race
(from one to three, in that order) to make more apparent that the
questions are separate inquiries. The Bureau has also changed the
inquiries on that page to appear as questions (e.g., for ethnicity, to
ask ``Are you Hispanic or Latino?'') to make the substance of each
inquiry clearer. The Bureau has also made edits to rearrange the
questions and to the format of the ethnicity and race aggregate
categories and disaggregated subcategories on the final form, to make
clearer for the reader that the disaggregated subcategories are
associated with the aggregate categories. The Bureau has further
updated the instruction associated with each of the response options
with a write-in text field to direct the applicant to ``specify'' a
response and not ``print'' a response as proposed, to facilitate the
use of the instruction for paper, electronic, and oral applications.
The Bureau carefully considered the comment suggesting that the
sample form first note applicants' right to refuse and, second,
establish that if the applicant is not a small business it does not
need to fill out the form, by including an inquiry about the
applicant's gross annual revenue. However, in the Bureau's user
testing, participants preferred having information explaining that the
data collection was required under Federal law at the beginning of the
form and emphasized the importance of explaining the purpose of the
data collection.\843\ And, for the reasons explained above, the Bureau
believes the placement of the right to refuse in the introductory text
is appropriate.
---------------------------------------------------------------------------
\843\ CFPB, User testing for sample data collection form for the
small business lending final rule at app. A, at 6, 11-12, 14 (Mar.
2023), https://www.consumerfinance.gov/data-research/research-reports/user-testing-for-sample-data-collection-form-for-the-small-business-lending-final-rule/.
---------------------------------------------------------------------------
The Bureau also does not believe that it is necessary for the
sample form to include an inquiry establishing the applicant's small
business status. Financial institutions will be required to maintain
reasonably designed procedures to collect applicant-provided data,
pursuant to Sec. 1002.107(c). The Bureau has also included a safe
harbor under Sec. 1002.112(c) for a financial institution that
initially collects data under Sec. 1002.107(a)(18) and (19) regarding
whether an applicant for a covered credit transaction is a minority-
owned, a women-owned, and/or an LGBTQI+-owned business, and the
ethnicity, race, and sex of the applicant's principal owners, but later
concludes that it should not have collected this data, if certain
conditions are met. The Bureau believes these other regulatory
provisions will mitigate the possibility that data will be incorrectly
collected and protect financial institutions from inadvertent
collection. As a result, the Bureau does not believe that it is
necessary for the sample form to include a question to establish the
applicant's small business status.
The Bureau considered the commenter's suggestion to include a
disclosure about the American with Disabilities Act on the final sample
data collection form. The sample form has been developed by the Bureau
to address a financial institution's disclosure and data collection
obligations under section 1071 and the Bureau believes it would be
confusing for the sample form to include text as to the applicability
of other laws.
The Bureau is not adopting commenters' suggestions that the sample
data collection form include options for indicating whether an
applicant's principal owners or the applicant are not present or
available, that the data was not provided by principal owner, or that
the applicant declines to fill out the form. As discussed above, the
proposed form would have included a notice about the applicant's right
to refuse to provide the information requested. This right to refuse
notice also appears, with some edits, on the final sample data
collection form. The Bureau believes it is reasonable to assume that if
the person filling out the data collection form on behalf of an
applicant does not feel comfortable providing the information for any
reason, including because they are not the principal owner at issue or
do not believe they can provide accurate responses, that they will
exercise the right to refuse to provide the requested information.
Further, an applicant can also choose to not fill out the entirety of
the form, to not provide responses to a specific question, or to select
the ``I do not wish to provide this information'' or similar response
option available for each of the demographic questions on the sample
data collection form. As a result, the Bureau does not believe it is
necessary to include the suggested options on the sample data
collection form to address any discomfort by persons that may be
completing the data collection form, who are not principal owners, as
suggested by some commenters. Further, as explained in the section-by-
section analysis of Sec. 1002.107(a)(19), the Bureau is not finalizing
its proposal to require a financial institution to collect at least one
principal owner's ethnicity and race on the basis of visual observation
and/or surname analysis under certain circumstances. All financial
institutions will be required to report only applicant-provided
responses to the demographic questions on the final sample data
collection form. As a result, the Bureau does not believe the suggested
options are necessary to address data quality concerns relating to the
proposed visual observation and surname data collection requirement, as
suggested by one commenter.
The Bureau has considered comments suggesting that the sample data
collection form disclose what information will be published. As
discussed in greater detail in part VIII below, after receiving a full
year of reported data, the Bureau will assess privacy risks associated
with the data and make modification and deletion
[[Page 35455]]
decisions to the public, application-level dataset. As a result, the
Bureau does not have definitive information about the public,
application-level dataset available to put on the sample data
collection form. The Bureau takes the privacy of such information
seriously and, as noted, will be making appropriate modifications and
deletions to any data before making it public. However, the Bureau
intends to continue engage with the public about how to mitigate
privacy risk.
The Bureau also considered the suggestion to translate the sample
data collection form into other languages. Generally, Bureau
stakeholders have underscored the importance of language access as a
way of ensuring fair and competitive access to financial services and
products. Persons with limited English proficiency in the United States
make up a significant portion of the population. According to a report,
more than one in five immigrant entrepreneurs, or nearly 773,000
people, in the United States in 2018 had limited English
proficiency.\844\ More than 67 million people, or close to 22 percent
of the U.S. population over the age of five, speak a language other
than English at home.\845\ In 2021, over five million households
reported that all their members were of limited English speaking
ability.\846\
---------------------------------------------------------------------------
\844\ New Am. Econ. Rsch. Fund, Assessing Language Barriers for
Immigrant Entrepreneurs (Aug. 13, 2020), https://research.newamericaneconomy.org/report/covid19-immigrant-entrepreneurs-languages/ (analyzing 2018 data from the Census
Bureau's American Community Survey).
\845\ U.S. Census Bureau, American Community Survey, 2021
American Community Survey 1-Year Estimates, Table S1601: Language
Spoken at Home, https://data.census.gov/cedsci/table?q=language%20spoken%20at%20home&tid=ACSST1Y2021.S1601 (last
visited Mar. 20, 2023).
\846\ U.S. Census Bureau, American Community Survey, 2021
American Community Survey 1-Year Estimates, Table S1602: Limited
English Speaking Households, https://data.census.gov/cedsci/table?q=language%20spoken%20at%20home&tid=ACSST1Y2021.S1602 (last
visited Mar. 20, 2023). The U.S. Census defines a ``limited English
speaking household'' as one in which no member 14 years old and over
(1) speaks only English or (2) speaks a non-English language and
speaks English ``very well.'' See U.S. Census Bureau, Frequently
Asked Questions (FAQs) About Language Use, https://www.census.gov/
topics/population/language-use/about/
faqs.html#:~:text=What%20is%20a%20Limited%20English,least%20some%20di
fficulty%20with%20English (last visited Mar. 20, 2023).
---------------------------------------------------------------------------
The Bureau believes that competitive, transparent, and fair markets
are supported by providing translations of key material in the
customer's preferred language, along with the corresponding English-
language material. Accordingly, the Bureau will make available
translations of the sample data collection form, for financial
institutions that wish to use them. Use of these translations, like use
of the form itself, is not required under rule, but the Bureau is
providing them as an implementation resource for lenders.
Some commenters asked for flexibility as to the presentation of the
information, inquiries, and response options on the sample data
collection form at final appendix E. Generally, the Bureau believes
that applicants should have substantially similar experiences,
regardless of a financial institution's method of collection, when
being provided with required notices under the final rule (e.g., the
firewall notice, the non-discrimination notice, and the right to refuse
notice) and when asked for protected demographic information. The
Bureau has designed the sample data collection form at final appendix E
to assist financial institutions with their compliance obligations and
to maximize the likelihood that an applicant will provide demographic
information, after review of the comments received, user testing
feedback, and other considerations. However, the Bureau notes that the
use of the sample data collection form at final appendix E to collect
information required under the final rule is not mandatory, and
financial institutions are thus not prohibited from modifying the form,
so long as the resulting collection method complies with applicable
rule requirements.
With regard to a couple of commenters' request for clarification as
to whether a financial institution must read all of the categories of
responses if collecting over the phone or orally even if an applicant
has responded to an earlier response option, the Bureau is uncertain
whether the commenters' request is referring to the collection of a
principal owner's ethnicity and race information, which provides
aggregate categories and disaggregated subcategories as response
options. If so, the Bureau notes that it has revised the associated
commentary for Sec. 1002.107(a)(19) to provide financial institutions
with certain flexibility when inquiring about a principal owner's
ethnicity and race information. Generally, comment 107(a)(19)-16
provides that for applications taken orally through means other than by
a paper or electronic form (e.g., telephone applications), the
financial institution will not be required to read aloud every
disaggregated ethnicity and race subcategory, in the manner described
in the comment. Further, because an applicant using a paper version of
the sample data collection form will reference all available answer
options to a question at once and may review the answer options in any
order, the Bureau does not believe that the answer options for a
specified question need to be provided in a specific order for an
application taken over the phone, as long as all the answer options are
presented. However, for the requirement to collect ethnicity and race
information specifically, comment 107(a)(19)-16 clarifies that the
financial institution may not present the applicant with the option to
decline to provide the information requested without also presenting
specified aggregate categories and disaggregated subcategories for
ethnicity and race. This would apply even if the applicant informs the
financial institution, before the financial institution has asked for a
principal owner's ethnicity and race information, that it does not wish
to provide such information.
The Bureau is not including other sample, uniform, or model
applications or data collection forms in the final rule, as suggested
by some commenters. There are a variety of products that are covered
transactions under the final rule, and the Bureau understands that
covered financial institutions may need to ask for the information
(except for the protected demographic information) they are required to
report to the Bureau in different ways. The Bureau does not believe
that a sample, uniform, or model application or data collection form
would be able to account for such potential variations. Thus, any
additional forms may have limited utility and could incorrectly suggest
that financial institutions are limited in the manner in which they
collect non-demographic data under this final rule. As a result, the
Bureau is not providing such a form at this time. The Bureau may
consider issuing other guidance, tools, and compliance aids if it later
determines doing so is necessary.
The Bureau notes that there is no need for a specific data
collection form for loans that are reportable under both HMDA and
section 1071, as the Bureau has decided to exclude HMDA-reportable
loans from the data requirements of the final rule as discussed in the
section-by-section analysis of Sec. 1002.104(b)(2).
Some commenters urged the Bureau to continue to review the sample
data collection form and its instructions after these final rules are
issued. The Bureau anticipates receiving and feedback as the final
rules are implemented and, as with all the regulations it administers,
will issue guidance as necessary and consider if changes to any aspect
of the final rules are required, whether through rulemaking or
otherwise.
[[Page 35456]]
Appendix F to Part 1002--Tolerances for Bona Fide Errors in Data
Reported Under Subpart B
Proposed Rule
The Bureau proposed appendix H, which would have set out a
Threshold Table, as referred to in proposed Sec. 1002.112(b) and
proposed comment 112(b)-1. As these provisions would have explained, a
financial institution is presumed to maintain procedures reasonably
adapted to avoid errors with respect to a given data field if the
number of errors found in a random sample of a financial institution's
data submission for a given data field do not equal or exceed the
threshold in column C of the Threshold Table.
Under the Threshold Table in proposed appendix H, column A listed
the size of the financial institution's small business lending
application register in ranges of application register counts (e.g., 25
to 50, 51-100, 101-130, etc.). The applicable register count range
would have then determined both the size of the random sample, under
column B, and the applicable error threshold, under column C. The error
threshold of column C, as proposed comment 112(b)-1 would have
explained, identifies the maximum number of errors that a particular
data field in a financial institution's small business lending
application register may contain such that the financial institution is
presumed to maintain procedures reasonably adapted to avoid errors with
respect to a given data field. Column D would have been illustrative,
showing the error threshold as a percentage of the random sample size.
Proposed appendix H would also have included examples of how
financial institutions would use the Threshold Table.
The Bureau sought comment on proposed appendix H. In particular,
the Bureau sought comment on whether the register count ranges in
column A, the random sample sizes in column B, and the error thresholds
in column C were appropriate. The Bureau further sought comment on
whether a covered financial institution should be required to correct
and resubmit data for a particular data field, if the institution has
met or exceeded the thresholds provided in appendix H.
Comments Received
A number of commenters, including banks, trade associations, and a
community group addressed the proposed appendix H and its tolerance
thresholds. The community group supported the structure of the
tolerances as sensible, noting that larger lenders should face more
stringent tolerances, expressed as lower percentages, and that the
proposed thresholds were time-tested, and balanced reasonableness and
data integrity, because they were consistent with Regulation C
(implementing HMDA).
Many banks and trade associations stated that the tolerances set
out in proposed appendix H were too low and should be raised. One
commenter said that limited error tolerances would create undue
hardships for banks, and that it was imperative to work through
processes to create valid data, and that invalid data are likely to
raise false red flags that are burdensome for banks to defend. Another
commenter stated that the tolerances were too low and needed to be
raised because of the great amount of time needed to verify and re-
verify data points. A trade association advocated for higher tolerance
thresholds in recognition of the substantial implementation efforts
which will need to occur, and to provide banks a more meaningful
opportunity to effectively implement the rule.
A number of industry commenters noted that the thresholds in
proposed appendix H were based on the tolerance thresholds for
resubmitting data under Regulation C and HMDA, and asserted that these
thresholds were too low for this rule, citing the number of data points
required and the complexity of the data reporting requirements. Several
of these commenters asked that the error threshold be increased to a
``more reasonable level'' without specifying exact threshold
percentages. One commenter requesting higher tolerances noted that HMDA
reporting requirements had been in place for decades and that HMDA
reporters thus have had decades to fine tune their processes and
procedures.
A bank said that the proposed thresholds left a margin of error
that is statistically 0 percent, and claimed that by adopting error
thresholds similar to the HMDA requirements, financial institutions
would have to conduct a 100 percent audit to ensure accurate data
collection/reporting, which they said would burden lenders. Another
bank suggested that because data entry errors are inevitable the
tolerance levels should be changed to a ``reasonable'' rate, and that a
95 percent confidence level would be sufficient. A trade association
stated that the tolerance thresholds were unrealistically low, given
that small business loan data collection is entirely unprecedented and
would require new systems and processes. The commenter stated that 90
to 97.5 percent data accuracy was out of reach for most of the trade
association's lenders, particularly in the first year. The commenter
also noted that stringent data accuracy requirements under HMDA were
already costly.
A group of trade associations similarly requested that the
tolerance thresholds be increased, in recognition of the substantial
implementation efforts that financial institutions will undertake for a
new data collection and reporting regime, requiring new processes and
procedures, noting that despite all of these efforts that bona fide
errors are likely to occur, especially given the substantial number of
data points the Bureau is mandating.
A bank suggested that the tolerance thresholds did not
appropriately scale, noting that while there were seven tiers there
were only two threshold levels. The bank asked that the Bureau
implement more threshold levels and increase the thresholds, especially
for low and intermediate volume lenders. Another bank said that the
Bureau should increases the tolerance thresholds for lenders that had
between 191 to 500 applications, to at least 4 percent but preferably 5
percent. A third bank suggested expanding the threshold categories, to
include different groupings, by number of applications: 501 to 1,000;
1,001 to 10,000; 10,001 to 100,000; and more than 100,000. The bank
also suggested incremental increases in the threshold number of bona
fide errors.
Final Rule
The Bureau is finalizing appendix H, renumbered as appendix F, with
revisions that include the deletion of the first two rows of Table 1 to
appendix F. These rows, covering small business lending application
register counts of 25 to 50 applications and 51-100 applications, are
omitted to correspond with the change in the originations threshold to
determine if a financial institution is a covered financial institution
under final Sec. 1002.105(b), from 25 originations to 100
originations. While each provision looks to different metrics--
originations for Sec. 1002.105(b) and applications for appendix F--it
is not possible for a lender to have originated more than 100 covered
credit transactions for small businesses in a given year without also
having received more than 100 applications for covered credit
transactions. The Bureau believes that rows containing register counts
of less than 100 are superfluous. Table 1 of appendix F is adjusted
accordingly.
For the reasons set out in the section-by-section analysis of Sec.
1002.112(b), the Bureau is finalizing appendix F pursuant to its
authority under ECOA
[[Page 35457]]
section 704B(g)(1) to prescribe such rules and issue such guidance as
may be necessary to carry out, enforce, and compile data pursuant to
section 1071, and its authority under 704B(g)(2) to adopt exceptions to
any requirement of section 1071 and to exempt any financial institution
or class of financial institutions from the requirements section 1071
as the Bureau deems necessary or appropriate to carry out the purposes
of section 1071.
Regarding the various comments on the tolerance thresholds in
proposed appendix H, the Bureau agrees with the comment that the
structure of the tolerance thresholds was sensible, that larger lenders
should face more stringent tolerances, and that the proposed thresholds
were time-tested because of their use in examinations under Regulation
C. The Bureau has considered the various comments asserting that the
tolerances, based on the HMDA examination thresholds, are too low. The
error thresholds were, as one commenter mentioned, tested in the HMDA
context and reasonably balance the competing concerns of data quality
and practicability of implementation. Further, commenters claiming that
the thresholds were too low did not acknowledge one major difference
with the HMDA thresholds; while the HMDA thresholds determine when
lenders must resubmit their HMDA data to the Bureau, Sec. 1002.112(b),
with the thresholds in appendix F, serve to eliminate financial
institution liability under ECOA and this rule for bona fide errors
under the thresholds. The Bureau does not believe that limited
tolerances will create undue hardships, given the need to validate and
re-validate data, nor that they will raise false red flags that will be
burdensome for banks to defend. The revised compliance date provision
in Sec. 1002.114(b) will provide the majority of covered financial
institutions more time to validate their data in advance of the first
submission to the Bureau under this rule. In addition, the Bureau is
providing a grace period of one year, during which it does not intend
to assess penalties for errors in data submitted by financial
institutions that make good faith efforts to comply with rule (see part
VII below).
Regarding the comment that higher tolerance thresholds are needed
in recognition of the substantial implementation efforts which will
need to occur, the Bureau observes that it is recognizing these efforts
in other ways, including the added time to comply under revised Sec.
1002.114(b), and the grace period offered to all institutions in their
first 12 months of collecting data.
Regarding the comment that HMDA reporting requirements had been in
place for decades, and that HMDA reporters had decades to fine tune
their processes and procedures, and that the Bureau should increase the
tolerances in proposed appendix H, the Bureau acknowledges that many
HMDA reporters have had time to fine tune their processes, but also
notes that the tolerances apply nonetheless to new HMDA reporters as
well. In any case, the comment appears to support the point that the
HMDA tolerances have been time-tested and are reasonable to implement.
Regarding the comments that the proposed thresholds leave a margin
of error of 0 percent, that they would require lenders to conduct a 100
percent audit to ensure accurate data collection, and that a 95 percent
confidence level would be sufficient, the Bureau refers the commenter
to appendix F, which specifies the actual error thresholds based on the
number of transactions, ranging from 10 percent for the reporters with
the lowest volumes to 2.5 percent for those with the highest. Regarding
the comment that 90 to 97.5 percent data accuracy would be out of reach
for most of the trade association's lenders, particularly in the first
year, the Bureau notes that in addition to the error thresholds,
lenders will have the benefit of several other safe harbors, a grace
period, and additional time to comply for most lenders as specified in
Sec. 1002.114(b).
Regarding the comment that the tolerance thresholds do not scale
and that there were only two threshold levels, the Bureau notes that
proposed appendix H, finalized as appendix F, specified more than two
thresholds (five) and that final appendix F specifies four--6.4
percent, 5.4 percent, 5.1 percent, and 2.5 percent. The Bureau is not
implementing more threshold levels or to increasing the thresholds, as
requested by some commenters, as these thresholds are already
relatively high for low and intermediate volume lenders. Regarding the
comment requesting that the Bureau increases the tolerance thresholds
for the lenders that had between 191 to 500 applications to at least 4
percent but preferably 5 percent, the Bureau notes that the error
threshold for lenders in this range is already 5.1 percent. Regarding
the suggested expansion of threshold categories, to include more
groupings between 500 and 100,000, the Bureau notes that no explanation
was given about what such additional ranges would accomplish, or what
specific thresholds should be applied to these new ranges, other than
that they should increase incrementally. The Bureau is also not
adopting incremental increases in the error thresholds. Appendix F
reflects the experience of HMDA examinations, and financial
institutions with more applications are expected to have a lower
percentage of errors than those that receive fewer applications.
VI. Effective Date and Compliance Dates
The Bureau is adopting an effective date of 90 days after the
publication of this final rule in the Federal Register consistent with
section 553(d) of the Administrative Procedure Act \847\ and with
section 801(a)(3) of the Congressional Review Act.\848\
---------------------------------------------------------------------------
\847\ 5 U.S.C. 553(d).
\848\ 5 U.S.C. 801(a)(3).
---------------------------------------------------------------------------
This final rule includes the addition of a new subpart B to
Regulation B comprised of final Sec. Sec. 1002.101 through 1002.114
and related commentary, appendices E and F. This final rule also amends
certain sections of existing Regulation B, renumbered as subpart A,
specifically Sec. 1002.5(a)(4) and commentary related to Sec.
1002.5(a)(2) and (4). It also makes conforming changes in several other
provisions in existing Regulation B.
Further, for the reasons specified in the section-by-section
analysis of Sec. 1002.114(b), the Bureau is finalizing three different
compliance dates, based on the number of originations of covered credit
transactions for small businesses, rather than the single compliance
date in the NPRM, which proposed a compliance period of 18 months after
the publication of the final rule in the Federal Register. As specified
in Sec. 1002.114(b)(1), covered financial institutions in Tier 1,
which had at least 2,500 originations of covered credit transactions
for small businesses in each of calendar years 2022 and 2023, will have
a compliance date of October 1, 2024. As specified in Sec.
1002.114(b)(2), covered financial institutions in Tier 2, which had at
least 500 originations of covered credit transactions for small
businesses in each of calendar years 2022 and 2023, will have a
compliance date of April 1, 2025. As specified in Sec. 1002.114(b)(3),
covered financial institutions in Tier 3, which had at least 100
originations of covered credit transactions for small businesses in
each of calendar years 2022 and 2023, will have a compliance date of
January 1, 2026. As specified in Sec. 1002.114(b)(4), covered
financial institutions which did not have at least 100 originations of
covered credit transactions for small businesses in each of calendar
years 2022 and 2023, but subsequently
[[Page 35458]]
originates at least 100 such transactions in two consecutive calendar
years, will have a compliance date of no earlier than January 1, 2026.
VII. Grace Period Policy Statement
During the SBREFA process and in response to the NPRM, the Bureau
received numerous comments requesting a grace period in the early
period after financial institutions are required to comply with the
Bureau's final rule implementing section 1071. The Bureau agrees that
it is appropriate to provide a grace period during which it does not
intend to exercise its enforcement and supervisory authorities,
assuming good faith compliance efforts by financial institutions; for
instance, attempts to discourage applicants from providing data would
not be in good faith. This Grace Period Policy Statement explains how
the Bureau intends to implement such a grace period.
Comments Received
In the context of responding to the proposal presented during
SBREFA for a two-year implementation period, some small entity
representatives and other stakeholders suggested that the Bureau adopt
a grace period for data errors in the first year(s) after the rule goes
into effect. These comments suggested that the Bureau adopt a grace
period of some kind during which financial institutions would not be
penalized for errors when trying to comply with the Bureau's rule
implementing section 1071. This grace period would be akin to the first
year in which the 2015 revisions to Regulation C were effective, when
examinations were used to troubleshoot and perfect data reporting
rather than penalize reporters.\849\
---------------------------------------------------------------------------
\849\ CPFB, CFPB Issues Public Statement On Home Mortgage
Disclosure Act Compliance (Dec. 21, 2017), https://www.consumerfinance.gov/about-us/newsroom/cfpb-issues-public-statement-home-mortgage-disclosure-act-compliance/.
---------------------------------------------------------------------------
In response to both the proposed enforcement and the compliance
date provisions in the NPRM, the Bureau received a number of comments
requesting a grace period during which the Bureau would either not
examine financial institutions for compliance with this rule, or would
not assess penalties for violations of the rule. Several lenders
supported a grace period without specifying how long the grace period
should be. One of these commenters asked that the Bureau provide a
grace period for at least one exam cycle.
Many industry commenters requested a grace period of one year or
more from Bureau enforcement and examinations for data errors.
Commenters offered various reasons in support of this grace period.
Many lenders and trade associations stated that a one-year grace period
would be consistent with the Bureau's approach to the 2015 HMDA rule.
Some commenters with HMDA experience observed that the one-year grace
period in that context was helpful for compliance efforts. Several
other industry commenters stated that the experience with the 2015 HMDA
rule demonstrated that a grace period would improve data accuracy, as
it would allow financial institutions time to identity errors and
implement corrective action without penalty.
Several banks stated that a grace period would be critical to give
lenders an opportunity to ensure systems are working properly. One said
that a one-year grace period would foster cooperation and frank
discussions between covered financial institutions and the Bureau, and
that lenders would be more open and proactive in working with the
Bureau to ensure their compliance. Other commenters requested a grace
period on the grounds that compliance with the rule was a significant
change involving the revamping of systems, and that the grace period
would protect lenders from scrutiny for unintentional and bona fide
errors. Several stated that a grace period was necessary to provide
banks an opportunity to implement the rule effectively, perform
testing, and ensure that loan operation systems, software, and other
technologies are functioning correctly. A trade association requested
that the Bureau work with other regulators to provide a grace period so
that lenders are not penalized immediately for errors. A bank stated
that the numerous data points and the various reportable sub-parts to
those data points would inevitably lead to errors. Another industry
commenter requested a one-year grace period to permit lenders to avoid
penalties for data errors in spite of their best efforts. Two trade
associations requested a one-year grace period as necessary protections
given the need to implement substantial changes under the rule. A trade
association and a bank asserted that a one-year grace period should be
provided because honest errors are only discovered in the process of
implementation, and a grace period would permit not only the lenders
that committed these errors to learn from them, but also the industry
as a whole. Similarly, a bank stated that the grace period would help
ensure that all lenders were on the same page regarding all the
different circumstances presented by the rule. Another bank stated that
compliance with the rule would be new to all financial institutions. A
different bank stated that the grace period would ensure that the rule
would not cause undue compliance hardships on banks and would help
banks create valid data. A trade association urged that the Bureau use
enforcement actions sparingly in the 12 months following the rule's
compliance date.
A smaller number of industry commenters requested a two-year grace
period. One bank justified a two-year period because of the burden of
compiling, maintaining, and reporting data under the rule. Another bank
cited the magnitude of the rule's requirements and the tremendous
effort to implement software, create policies and procedures, and train
staff appropriately, and noted that such a grace period would allow for
data quality testing in a real-life environment and lead to
improvements in data accuracy. Several industry commenters requested
that the Bureau avoid enforcement actions related to technical
deficiencies for two years. Commenters also stated, in support of a
two-year grace period, that absent such a grace period small business
credit may be limited and the economy may be hurt; that compliance with
the rule is spread across different business units, systems, and
channels for larger lenders, and that current compliance systems are
built to avoid collecting key data required by the rule (such as
demographic information).
Some industry commenters stated that the experience with the 2015
HMDA rule showed that the Bureau should provide a two-year grace
period. Two of these commenters noted that the Bureau should follow its
approach in the 2015 HMDA rule, in which the Bureau imposed no
penalties for two years after the new HMDA data collections took
effect.\850\ These commenters also stated that with such a grace
period, lenders could self-correct issues with data accuracy without
threat of enforcement actions for the inevitable tech and other
challenges that will arise initially.
---------------------------------------------------------------------------
\850\ CFPB, Statement with respect to HMDA implementation (Dec.
21, 2017), https://files.consumerfinance.gov/f/documents/cfpb_statement-with-respect-to-hmda-implementation_122017.pdf.
---------------------------------------------------------------------------
Policy Statement
The Bureau agrees that a grace period is appropriate. The following
discussion explains how the Bureau intends to exercise its supervisory
and enforcement discretion following a
[[Page 35459]]
covered financial institution's initial compliance date.
With respect to institutions subject to the Bureau's supervisory or
enforcement jurisdiction, the Bureau intends to provide a 12-month
grace period for the initial data submission from covered financial
institutions that have compliance dates specified in Sec.
1002.114(b)(2), and (3) (i.e., Tier 2 and Tier 3 institutions), covered
financial institutions subject to Sec. 1002.114(b)(4) that must start
collecting data on January 1, 2026, and any financial institutions that
make a voluntarily submission for the first time for data collected in
2025 or 2026.
With respect to covered financial institutions subject to the
Bureau's supervisory or enforcement jurisdiction that make good faith
efforts to the comply with the rule that have a compliance date
specified in Sec. 1002.114(b)(1) (i.e., Tier 1 institution), as well
as any financial institutions that make a voluntarily submission for
the first time for data collected in 2024, the Bureau intends to
provide a grace period covering the 3 months of data collected in 2024
(from October 1, 2024 through December 31, 2024) as well as the first 9
months of data collected in 2025 (from January 1, 2025 through
September 30, 2025).
With respect to covered financial institutions subject to the
Bureau's supervisory or enforcement jurisdiction that make good faith
efforts to the comply with the rule that have a compliance date
specified in Sec. 1002.114(b)(2) (i.e., Tier 2 institution), as well
as any financial institutions that make a voluntarily submission for
the first time for data collected in 2025, the Bureau intends to
provide a 12-month grace period covering the 9 months of data collected
in 2025 (from April 1, 2025 through December 31, 2025) as well as the
data collected in the first three months of 2026 (from January 1, 2026
through March 31, 2026).
With respect to covered financial institutions subject to the
Bureau's supervisory or enforcement jurisdiction that make good faith
efforts to the comply with the rule that have a compliance date
specified in Sec. 1002.114(b)(3) (i.e., Tier 3 institution), as well
as any financial institutions that make a voluntarily submission for
the first time for data collected in 2026, the Bureau intends to
provide a grace period covering the 12 months of data collected in
calendar year 2026 (from January 1, 2026 through December 31, 2026).
The Bureau believes that a 12-month grace period will give
institutions further time to diagnose and address unintentional errors
without the prospect of penalties for inadvertent compliance issues,
and may ultimately assist other covered financial institutions,
especially those in later compliance tiers, in identifying best
practices. While the Bureau believes that financial institutions in
each reporting tier are capable of fully preparing to comply with the
rule by their respective compliance dates, the Bureau believes that the
use of its discretion providing a grace period that covers 12 months
for each tier may result in more deliberate and thoughtful compliance
with the rule, while still providing important data regarding small
business lending as soon as feasibly possible.
During the grace period, if the Bureau identifies errors in a
financial institution's initial data submissions, the Bureau does not
intend to require data resubmission unless data errors are material.
Further, the Bureau does not intend to assess penalties with respect to
errors in the initial data submissions. Any examinations of these
initial data submissions will consider the good faith efforts of the
financial institutions to comply with the data collection and reporting
requirements. The examinations will be diagnostic and will help to
identify compliance weaknesses. However, errors that are not the result
of good faith compliance efforts by financial institutions, especially
attempts to discourage the reporting of data, will remain subject to
the Bureau's full supervisory and enforcement authority, including the
assessment of penalties.
The Bureau believes that these initial data submissions will
provide financial institutions an opportunity to identify any gaps in
their implementation of this rule and make improvements in their
compliance management systems for future years.
The Bureau agrees with commenters who said that a grace period will
promote openness and frankness, and will permit the Bureau to help
financial institutions identify errors and, thereby, self-correct to
avoid such errors in the future. The Bureau can also use data collected
during the grace period to alert financial institutions of common
errors and potential best practices in data collection and submissions
under this rule.
The Bureau believes that a grace period covering institutions'
first 12 months of data submission is sufficient, especially given the
other accommodations the Bureau is making to ensure that financial
institutions are not unduly penalized for good faith errors, such as
the bona fide error provision and the various safe harbors the Bureau
has finalized in this rule, and the other provisions that the Bureau
believes are likely to lead to more accurate data, such as the tiered
compliance date structure, for the reasons specified in the section-by-
section analysis of Sec. 1002.114(b). The Bureau does not believe that
a two-year grace period is necessary to avoid impacting small
businesses' access to credit; as the impacts analysis in part X below
suggests, the Bureau does not believe that this rule will materially
impact the access small businesses have to credit.
Regarding the comment that the Bureau work with other regulators to
provide a grace period so that lenders are not penalized immediately
for errors, the Bureau notes that, unlike with HMDA, the Bureau is the
sole agency that will be in a position to examine financial
institutions' submissions for data errors in the first instance.
This is a general statement of policy under the Administrative
Procedure Act.\851\ It articulates considerations relevant to the
Bureau's exercise of its authorities. It does not impose any legal
requirements, nor does it confer rights of any kind. It also does not
impose any new or revise any existing recordkeeping, reporting, or
disclosure requirements on covered entities or members of the public
that would be collections of information requiring approval by the
Office of Management and Budget under the Paperwork Reduction Act.\852\
---------------------------------------------------------------------------
\851\ 5 U.S.C. 553(b).
\852\ 44 U.S.C. 3501 through 3521.
---------------------------------------------------------------------------
VIII. Public Disclosure of Data
A. Background
Section 1071 of the Dodd-Frank Act amended ECOA to require
financial institutions to collect and report to the Bureau data about
applications for credit for women-owned, minority-owned, and small
businesses, and for those data to be subsequently disclosed to the
public.\853\ Section 1071 further states that the Bureau may ``at its
discretion, delete or modify data collected under [section 1071] which
is or will be available to the public, if the Bureau determines that
the deletion or modification of the data would advance a privacy
interest.'' \854\ Under the final rule, financial institutions may not
compile, maintain, or submit any name, specific address, telephone
number, email address or any personally identifiable information
concerning any
[[Page 35460]]
individual who is, or is connected with, an applicant, other than as
would be required pursuant to final Sec. 1002.107. Nonetheless, as the
statute recognizes, publication of the data fields set forth in Sec.
1002.107(a) in an unedited, application-level format could potentially
affect privacy interests--for example, through the re-identification
of, and risk of harm to, small businesses and related natural persons.
---------------------------------------------------------------------------
\853\ See ECOA section 704B(e)(1) and (f)(2).
\854\ ECOA section 704B(e)(4).
---------------------------------------------------------------------------
The CFPB is not determining its final approach to protecting such
interests via pre-publication deletion and modification because it
lacks the reported data it needs to finalize its approach and it does
not see comparable datasets to use for this purpose. In light of
comments received on the NPRM's privacy analysis, this part VIII offers
a preliminary assessment of how it might appropriately assess and
advance privacy interests by means of selective deletion or
modification. The CFPB is not at this point identifying the specific
procedural vehicle for effecting its privacy assessment. With respect
to both substance and process, it will continue to engage with external
stakeholders; and it intends to invite further input on how it plans to
appropriately protect privacy in connection with publishing
application-level data.
B. Preliminary Privacy Assessment
1. Overview
Under ECOA section 704B(e)(4), Congress provided the CFPB with
broad discretion to modify or delete data prior to public disclosure to
advance privacy interests.\855\ The NPRM proposed the use a balancing
test for the exercise of this discretion. Specifically, it stated that
it would modify or, as appropriate, delete data fields from collected
application-level data where release of the unmodified data would pose
risks to the privacy interests of applicants, related natural persons,
or financial institutions that would not be justified by the benefits
of such release to the public in light of the statutory purposes of
section 1071. The Bureau explained that disclosure of an unmodified
individual data field may create a risk to privacy interests if such
disclosure either would substantially facilitate the re-identification
of an applicant or related natural person, or would disclose
information about applicants or related natural persons, or an
identified financial institution, that is not otherwise public and that
may be harmful or sensitive.
---------------------------------------------------------------------------
\855\ Id.
---------------------------------------------------------------------------
This balancing test would have required that the Bureau consider
the benefits of disclosure in light of section 1071's purposes and,
where these benefits did not justify the privacy risks the disclosure
would create, modify the public application-level dataset to
appropriately balance privacy risks and disclosure benefits. The Bureau
would have deleted a data field prior to publishing the application-
level dataset if other modifications would not appropriately balance
the privacy risks and disclosure benefits. An individual data field
would have been a candidate for modification or deletion under the
balancing test if its disclosure in unmodified form would create a risk
of re-identification or a risk of harm or sensitivity.
Section 1071 requires financial institutions to compile and
maintain data and provides that such information be made available to
the public upon request.\856\ Accordingly, section 1071 contemplates
that the public know what published application-level data are
associated with particular financial institutions. As a result, the re-
identification risk element of the balancing test analysis would not
have applied to financial institutions, although the Bureau would have
considered the risk to a financial institution that the release of 1071
data in unmodified form would inappropriately disclose commercially
sensitive information.
---------------------------------------------------------------------------
\856\ See ECOA section 704B(e), (f)(2)(B).
---------------------------------------------------------------------------
The Bureau sought comment on the design of the balancing test. It
also sought comment on whether the balancing test should apply to the
privacy interests of natural persons generally or only of those related
to applicants.
Comments Received
A wide range of commenters provided feedback on the proposed
balancing test. Many community groups, as well as a several members of
Congress, generally supported the NPRM approach. Others, including
industry and several community groups, saw it as too subjective. These
community groups stated that future Bureau leadership could choose to
restrict publication by releasing truncated or aggregated data, but not
application-level data. A lender and a trade association were concerned
that the balancing test would not sufficiently protect privacy
interests. Another commenter stated that the approach would be
ineffective if a third party had personal knowledge of an applicant or
related natural person because modifications to prevent re-
identification risk in this scenario would critically reduce data
utility. A joint letter from community and business advocacy groups
asked the Bureau to confirm that the balancing test would evolve. They
asked the Bureau to assess market developments and how well the final
rule achieved statutory purposes, and to use this information to modify
its publication approach. Industry commenters asked the CFPB to limit
or wholly abandon release of application-level data.\857\ For example,
one commenter said that the agency should use exception authority under
ECOA section 704B(g)(2) to not publish application-level data to avoid
risks and burdens to the commercial and reputational interests of
financial institutions.
---------------------------------------------------------------------------
\857\ Commenters also provided feedback on potential
modification and deletions for each of the Bureau's proposed data
points; those comments are addressed in detail for each data point
in part VIII.B.6 below.
---------------------------------------------------------------------------
Several commenters provided feedback about what benefits and risks
the balancing test should consider. A joint letter from community
groups, community-oriented lenders, and business advocacy groups, along
with a joint letter from several members of Congress, supported the
Bureau's stated intent to consider the benefits of public disclosure
and the statutory purposes of section 1071. In contrast, an industry
commenter said that the balancing test should not consider fair lending
enforcement as a relevant benefit. According to this commenter, using
the data for fair lending enforcement would subject financial
institutions to unjustified scrutiny by regulators and hinder the
development of innovative underwriting techniques.
Several commenters specifically stressed the importance of the
Bureau considering the personal privacy interests of small business
owners. More generally, a number of industry commenters, as well as
several members of Congress, supported the Bureau's considering the
privacy interests of applicants, related natural persons, and financial
institutions. Numerous commenters said that public application-level
data could pose significant privacy risks to these entities. Some noted
that publication carries risks of re-identification and the disclosure
of sensitive commercial and financial information. Industry commenters
also reported that small business customers express privacy concerns
whenever the government mandates disclosure of their business
information. Commenters cited negative reactions to Paycheck Protection
Program reporting requirements.
[[Page 35461]]
Some community groups saw the privacy risks associated with
publication as low. Several asserted that HMDA data, which contains
similar data fields, has not resulted in an increase of fraud or
identify theft against mortgage applicants. Some commenters also noted
that the interval between reporting and publication would reduce the
likelihood of misuse, as would the public availability of some of the
date from existing sources. Several community groups and a CDFI lender
urged the Bureau not to give weight to the privacy interests of
financial institutions. According to these commenters, publication
should not consider the commercial, proprietary, litigation, and
reputational interests of financial institutions. A joint letter from
community and business advocacy groups stated that because section 1071
contemplates the disclosure of financial institution identity, the
Bureau should not consider any of their privacy interests. Conversely,
some commenters raised concerns about financial institution privacy
interests. A trade association said that failing to consider such
interests would result in the disclosure of trade secrets and other
confidential information.
Some commenters suggested that the balancing test include various
presumptions for or against the publication of 1071 data. Community
groups and a CDFI lender generally agreed that the balancing test
should include a strong presumption in favor of disclosure. For
example, some commenters stated that the Bureau should only modify or
delete application-level data where its unmodified publication would
pose privacy risks that meet a particular significance threshold--for
example, where data fields would be ``highly sensitive'' or ``clear''
re-identification risk exists). Several industry commenters, on the
other hand, suggested that the balancing test incorporate a presumption
in favor of protecting privacy interests. For instance, a few
commenters suggested that the Bureau give special consideration to the
privacy interests of small financial institutions. These commenters
warned that small business customers may gravitate to larger lenders
because they believe it would be harder to identify individual
applicants or related natural persons in data reported by large
lenders.
Current Approach
In light of the comments received on the balancing test, the Bureau
is now of the preliminary view that re-identification risk to small
businesses and their owners is the core risk from which the
preponderance of cognizable privacy risks flow. In this respect, the
Bureau is focused particularly on risks to personal privacy
interests.\858\ The Bureau's preliminary assessment is that it will
consider modification and deletion techniques to reduce those risks,
while also considering the non-personal commercial privacy risks of
small businesses. Lender privacy interests would be considered only
where publication would create a compelling risk to those interests.
---------------------------------------------------------------------------
\858\ The Bureau is considering whether the risks to sole
proprietors, where the business and owner are indistinguishable for
tax or legal purposes, may also qualify as personal risks. This may
be the case where information reflects the sole proprietor's
personal information, such as creditworthiness.
---------------------------------------------------------------------------
Although some comments urged that it not publish any application-
level data, the Bureau does not intend to withhold all such data from
the public because that would critically undermine the stated purposes
of section 1071 and run contrary to the express disclosure provisions
in the statute. This drastic step is also unnecessary to adequately
mitigate relevant privacy risks.
In response to comments positing harms that could arise from a
third party having personal knowledge of an applicant or its owners,
the Bureau agrees that this scenario heightens privacy risks. The
Bureau will observe market developments to assess the likelihood and
nature of this risk as it considers the appropriate approach to
publication.
The Bureau does not intend to separately assess disclosure benefits
when making modification and deletion decisions about individual data
points. After considering commenters' feedback about the value of the
data fields, the Bureau is preliminarily of the view that all of the
data fields have significant disclosure benefits that will facilitate
fair lending enforcement as well as business and community development.
Most comments on privacy risk generally supported the Bureau's
intention to consider the privacy interests of small businesses,
related individuals, and financial institutions. While the Bureau
cannot conduct the statistical analysis necessary for a full re-
identification analysis until it receives reported data from financial
institutions, the Bureau's preliminary privacy assessment accepts that
some such data likely could re-identify applicants and their owners,
potentially disclosing sensitive information. The personal privacy
interests of small business owners, in particular, implicate compelling
risks of harms or sensitivities. As acknowledged in the NPRM, some
privacy risks are mitigated by the interval between collection and
publication, and some 1071 data are already available from other
sources. But publication of some data fields potentially poses
significant risks of harm or sensitivities to both the personal privacy
interests and non-personal commercial privacy interests of applicants
and related individuals. While public HMDA data do not result in
substantial privacy harms for mortgage applicants, that is in part
because the Bureau makes modifications and deletions before
publication, informed by a privacy risk assessment.\859\
---------------------------------------------------------------------------
\859\ See generally 82 FR 44586 (Sept. 25, 2017).
---------------------------------------------------------------------------
The Bureau does not intend to ignore the privacy interests of
financial institutions. As discussed further below, however, the
privacy risks to financial institutions raised by commenters are less
significant than those to small businesses and related individuals.
Accordingly, while the Bureau does not intend to exclude consideration
of financial institution privacy risks, it anticipates modifying or
deleting data to protect a financial institution's privacy interests
only when publication poses a compelling privacy risk. At this time,
commenters have not identified compelling privacy risks to financial
institutions.
In response to comments, the CFPB does not believe that a
presumption or threshold would provide the Bureau with a more
administrable standard. However, partly in response to comments on
these issues, the Bureau's preliminary privacy assessment is more
directly focused on the most significant privacy risks--particularly
re-identification risk--than the balancing test described in the NPRM.
2. Implementation Process
Proposed Approach
The NPRM did not include a full application of the balancing test
to most of the proposed data points. It stated that the Bureau would
analyze the re-identification risk element, in part, using a
statistical analysis. However, the absence of an existing dataset or an
alternative set of sufficiently similar data significantly impeded the
Bureau's ability to discern whether a proposed data field, individually
or in combination with other data, would substantially facilitate re-
identification of small businesses and related persons, and how
specifically to modify data to reduce that risk. Underestimating the
degree to which a 1071 data field, individually or in combination with
[[Page 35462]]
other data, facilitates re-identification risk could unnecessarily
increase privacy risks to an applicant or a related individual, while
overestimating re-identification risk could unnecessarily reduce data
utility. Accordingly, the Bureau believed that a re-identification
analysis of data other than actual reported 1071 data would not provide
an accurate basis on which the Bureau could apply the balancing test to
modify or delete data.
In light of these limitations, the Bureau considered deferring even
initial analysis until after it had obtained a full year of reported
1071 data. Doing so, however, would have reduced opportunities for
public feedback on privacy issues and their relationship to the
proposed rule. The Bureau saw substantial value in setting forth its
partial analysis under other aspects of the balancing test.
Specifically, the Bureau set forth an initial analysis of the benefits
and harms or sensitivities associated with the proposed data fields,
the capacity and motives of third parties to match proposed 1071 data
fields to other identifiable datasets, and potential modification
techniques it might consider to address privacy risks. The Bureau
responds to public feedback from commenters and updates this initial
analysis below.
In the NPRM, the Bureau indicated that a policy statement, rather
than a notice-and-comment rulemaking, would be an appropriate vehicle
for announcing its intentions with respect to data modifications and
deletions. The Bureau offered several reasons for this approach. Under
section 1071, the Bureau may delete or modify data at its discretion,
in contrast to other provisions in the statute that require legislative
rulemaking.\860\ Further, the Bureau's suggested approach with respect
to modifications and deletions would not impose compliance obligations
on financial institutions.\861\ In addition, the Bureau stated that
preserving the ability to exercise its discretion to modify or delete
data through policy statements would allow the Bureau to manage the
relationship between privacy risks and benefits of disclosure more
actively. The Bureau believed this flexibility may be especially
important in the event that the Bureau becomes aware of developments
that might contribute to privacy risks. The Bureau stated that
potential uses of the application-level data in furtherance of the
statute's purposes may also evolve, such that the benefits associated
with the disclosure of certain data may increase to an extent that
justifies providing more information to the public in less modified
form.
---------------------------------------------------------------------------
\860\ Compare ECOA section 704B(e)(4), with ECOA section
704B(f)(2).
\861\ Section 1071 requires financial institutions to compile
and maintain data and provides that such data be publicly available
upon request. See ECOA section 704B(e), (f)(2)(B). As discussed in
the section-by-section analysis of Sec. 1002.110, the Bureau is
finalizing its proposal to publish data on behalf of financial
institutions.
---------------------------------------------------------------------------
As a result, the Bureau suggested that after the first full year of
data are reported, but before it releases data to the public, it would
publish a policy statement setting forth its intentions with respect to
modifications and deletions to the public application-level data.
Before publishing that policy statement, the Bureau intended to conduct
a balancing test analysis based on feedback to the NPRM as well as a
quantitative analysis of re-identification risk using reported 1071
data. The Bureau stated that in the interests of making data available
in a timely manner, it did not intend to put its ultimate balancing
test analysis out for public comment prior to issuing the policy
statement. The Bureau sought comment on this approach.
Comments Received
A wide range of commenters provided feedback on the Bureau's
general approach to implementing the balancing test. Several community
group and industry commenters supported the Bureau's intention to defer
modification and deletion decisions until it had obtained a full year
of 1071 data. While not explicitly opposed, other community groups and
a minority business advocacy group asked the Bureau to publish data as
fast as possible to help realize the statute's purposes. Some noted
that the data remain unavailable despite Congress amending ECOA on this
point more than a decade ago. Commenters also provided feedback about
when the Bureau should begin publishing application-level data. Several
commenters stated that the Bureau should commit in the final rule to
releasing data by a date certain; some suggested January 1, 2024 as a
target.
Several industry commenters opposed deferring modification and
deletion decisions until the Bureau received a full year of 1071 data.
Some stated that if the Bureau published modification and deletion
decisions before lenders started to collect data, small business
applicants would better understand how to protect their privacy
interests. Another said that publishing a full privacy analysis before
the rule is effective is necessary for financial institutions to
evaluate privacy risks. Other commenters asserted that deferring re-
identification analysis until after data are reported is unnecessary
because it is already apparent that some proposed data fields, such as
NAICS code and census tract, create a unique set of records that can be
matched to public datasets. Several commenters offered alternative
timing for modification and deletion decisions. Some suggested that the
Bureau publish such decisions in this final rule. Another suggested
that the Bureau publish interim decisions in this final rule, which
could then be adjusted through notice-and-comment rulemaking after the
Bureau receives the first full year of data. Others asked the Bureau to
publish a full privacy analysis before the rule becomes effective. One
lender suggested that data not be published for at least a year after
the final rule is implemented to enable the Bureau to assess the
effectiveness of its privacy analysis.
The Bureau received a significant amount of feedback about its
intention of announcing modification and deletion decisions in a policy
statement without seeking additional comment. One industry commenter
supported this approach, but most industry commenters on this issue
asked the Bureau to seek additional comment on its privacy analysis and
on its modification and deletion decisions, regardless of whether the
Bureau announced publication decisions in a policy statement or through
a legislative rulemaking. Commenters stated that the opportunity to
comment would promote public confidence in the data collection process
and contribute to a more accurate dataset. A number of commenters
argued that the opportunity to comment on the full balancing test and
on modification and deletion decisions would be necessary for
stakeholders to provide meaningful feedback on privacy risk. According
to some commenters, this would be particularly important for smaller
financial institutions that were unable to provide adequate comment on
what they considered to be complex privacy issues raised in the NPRM.
Two lenders urged the Bureau to hold public meetings or hearings in
compliance with the Regulatory Flexibility Act to seek feedback from
smaller financial institutions and small businesses to, among other
things, specifically address the privacy risks associated with
reporting and publishing application-level data. A few industry
commenters stated that the opportunity to comment on the full privacy
analysis would be consistent with the Bureau's approach
[[Page 35463]]
adopted in the 2015 HMDA final rule. One commenter stated that the
Bureau's analysis of the first full year of reported data would likely
generate additional privacy issues that would warrant public input. Two
others suggested that the Bureau seek comment about how it would
release unmodified data to outside parties for research or other
purposes.
Several industry commenters, as well as a joint letter from several
members of Congress, specifically requested that the Bureau implement
its privacy assessment, and make associated modifications and
deletions, via legislative rule. Some of these commenters asserted that
this was required under administrative law. A group of trade
associations contended that section 1071 does not permit the Bureau to
use its discretion to make modification and deletion decisions outside
an Administrative Procedure Act rulemaking process. According to this
commenter, two provisions in section 1071 provide the Bureau
``discretion'': ECOA section 704B(e)(4) provides the Bureau discretion
to delete or modify public application-level data and ECOA section
704B(f)(3) provides the Bureau discretion to compile and publish
aggregate 1071 data. Noting that the Bureau proposed Sec. 1002.110(b)
to implement the latter provision in this rule, the commenter asserted
that the Bureau did not adequately explain how it was appropriate to
implement the former provision outside a rule. The commenter said that
these provisions should be implemented in a formal rulemaking. In
addition, some industry commenters stated that increasing transparency
about forthcoming publication, including potentially through a notice-
and-comment rulemaking, would protect the Bureau from litigation under
FOIA. In this respect, commenters cited litigation involving the SBA's
publication of Paycheck Protection Program data.\862\
---------------------------------------------------------------------------
\862\ See, e.g., WP Co. LLC v. U.S. Small Bus. Admin., 502 F.
Supp. 3d 1 (D.D.C. Nov. 5, 2020).
---------------------------------------------------------------------------
Citing the benefits of transparency and to facilitate information
about credit access and fair lending information, a joint letter from
community groups, community-oriented lenders, and business advocacy
groups stated that the Bureau should produce and release aggregate
analyses of 1071 data in addition to releasing application-level data.
Current Approach
For reasons discussed below, the Bureau intends to conduct a full
privacy analysis and issue modification and deletion decisions with
respect to the publication of application-level data after it obtains a
full year of reported 1071 data. However, the Bureau is not committing
at this time to issue modification and deletion decisions through a
policy statement. Instead, the Bureau will continue to consider the
specific timing and vehicle choice for issuing modification and
deletion decisions, as it remains engaged with stakeholders on privacy
and publication issues.
Publication of application-level data will substantially advance
the fair lending enforcement and business and community development
purposes of section 1071. The Bureau thus intends to conduct a full
privacy analysis and issue modification and deletion decisions as soon
as practicable. It will also continue to consider feedback obtained to
date and to engage with the public on how best to mitigate re-
identification risk and other risks to privacy interests. While the
Bureau is not determining the vehicle with which it will announce
modification and deletion decisions with respect to application-level
data, or the precise timing of such decisions, it anticipates that
those decisions will continue to be informed by public engagement.
The Bureau intends to announce modification and deletion decisions
only after obtaining a full year of application-level data. The Bureau
lacks the data needed to perform an accurate re-identification analysis
and commenters were not able to identify an alternative dataset that
could be used for this purpose. Without data for an accurate re-
identification analysis, the Bureau cannot conduct a full privacy
analysis to inform modification and deletion decisions.\863\ As
discussed further below, there are certain data fields that the Bureau
anticipates may present comparatively high risk to privacy interests,
including the combination of NAICS code and census tract. However, the
Bureau lacks data to confirm whether these data fields in fact create
unique records that can be matched to public datasets.
---------------------------------------------------------------------------
\863\ As discussed below, the Bureau is announcing more
conclusive intentions with respect to modifications or deletions for
individual contact information, unique identifier, and the use of
free-form text in responses for certain data fields.
---------------------------------------------------------------------------
The Bureau is not committing to a specific timeline for publishing
application-level data. However, a target date of January 1, 2024 for
publication, as suggested by some commenters, is not feasible because
covered financial institutions are not required to begin collecting
data under this rule until October 1, 2024 at the earliest. The Bureau
intends to treat data under this rule as confidential in accordance
with 12 CFR part 1070 until such time as it has completed its privacy
analysis and published the data, and it will work expeditiously to
those ends.
Robust feedback, including in response to the NPRM, SBREFA, and
other outreach, about the risks and benefits of 1071 data publication,
has informed the Bureau's thinking to date.\864\ The Bureau intends to
continue to seek further public engagement with respect to these
issues. It does not believe, however, that such further engagement must
be by formal comment either to ensure robust engagement or for the sake
of procedural consistency with the Bureau's approach in HMDA.\865\
---------------------------------------------------------------------------
\864\ See part III above for additional information.
\865\ Unlike for HMDA, no data yet exists that the Bureau could
use to conduct a full privacy analysis and make modification and
deletion decisions.
---------------------------------------------------------------------------
The Bureau is not establishing a separate program by which
industry, community researchers, or academics will have access to
unmodified data; the published data, subject to the modifications and
deletions made by the Bureau, will be available to all users. However,
it intends the Bureau plans to exercise its discretion to provide
access to State or Federal regulators to the extent such disclosure is
relevant to the exercise of the agency's authorities, and subject to
appropriate restrictions. The Bureau plans to provide such access to
Federal regulators that enforce ECOA.\866\
---------------------------------------------------------------------------
\866\ Other regulators with authority to enforce ECOA include
the OCC, the Board, the FDIC, the NCUA, the Surface Transportation
Board, the Civil Aeronautics Board, the Secretary of Agriculture,
the Farm Credit Administration, the SEC, the SBA, the Secretary of
Transportation, and the FTC. See 15 U.S.C. 1691c; Regulation B Sec.
1002.16(a).
---------------------------------------------------------------------------
The Administrative Procedure Act and other laws do not require the
Bureau to seek comment on the full privacy analysis or to issue
modification and deletion decisions through a legislative rule with
formal notice and comment. Section 1071 states that the Bureau may ``at
its discretion, delete or modify data collected under [section 1071]
which is or will be available to the public, if the Bureau determines
that the deletion or modification of the data would advance a privacy
interest.'' \867\ Statutorily, this provides the Bureau with
flexibility to decide how it will make modification and deletion
decisions, including the flexibility to do so without a legislative
rulemaking. Other provisions of section 1071 plainly require the Bureau
to engage in formal rulemaking, indicating that Congress did not intend
such a requirement
[[Page 35464]]
here.\868\ The Bureau does not agree that it is implementing ECOA
section 704B(e)(4) and (f)(3) inconsistently. It is codifying and
implementing these provisions in final Sec. 1002.110(a) and (b) to
preserve its discretion to make publication decisions without
legislative rulemaking. Further, the circumstances of this rulemaking
are distinguishable from the relevant facts in the PPP litigation that
commenters cited.
---------------------------------------------------------------------------
\867\ ECOA section 704B(e)(4).
\868\ See, e.g., ECOA section 704B(g).
---------------------------------------------------------------------------
At the same time, the Bureau is also not committing at this time to
issuing modification and deletion decisions through a policy statement.
As the Bureau has not yet obtained a full year of reported data to use
in completing its privacy risk assessment, it is prudent to continue
considering specific timing and vehicle choice for issuing modification
and deletion decisions. Following further public engagement, including
further opportunities for input, the Bureau will announce these
decisions at a later date. Finally, the Bureau agrees with commenters
that it should produce and release aggregate analyses of 1071 data in
addition to releasing application-level data. The Bureau anticipates
releasing select aggregated data before it publishes application-level
data.
3. Publication Benefits
Proposed Approach
In the NPRM, the Bureau sought comment on its understanding of the
benefits of public disclosure of the 1071 dataset as a whole as well as
the disclosure benefits for individual proposed data fields. The Bureau
expected that users of the data would rely on this information to help
achieve the statutory purposes of facilitating the enforcement of fair
lending laws, and enabling communities, governmental entities, and
creditors to identify business and community development needs and
opportunities of women-owned, minority-owned, and small
businesses.\869\
---------------------------------------------------------------------------
\869\ See ECOA section 704B(a).
---------------------------------------------------------------------------
Comments Received
The Bureau received robust feedback on the general benefits of
public disclosure of application-level data from lenders, trade
associations, community groups, several members of Congress, individual
commenters, and others. It received comparatively few substantive
comments on the potential disclosure benefits associated with
particular individual data fields.
Many commenters supported the publication of application-level data
and agreed that the data will facilitate enforcement of fair lending
laws. Some community groups stated that the transparency afforded by
the publication of 1071 data generally would discourage predatory and
discriminatory practices in the small business lending market. One of
these commenters noted that action taken data, particularly categorical
information such as denials, incompletes, or approved but not accepted
by the applicant, were integral to promoting the fair lending purpose
of section 1071. Other commenters said that transparency would protect
responsible lenders from unfair scrutiny. Many community groups, along
with some lenders, individual commenters, and others also stated that
1071 data would allow governmental entities and community groups to
monitor individual lenders' lending practices, identify lending
disparities on a granular level, and enforce ECOA to the benefit of
women and minority business owners. Community groups, a business
advocacy group, and a CDFI lender further stated that HMDA data
reporting has demonstrated that loan-level data enables community
organizations, economists, and governmental entities to identify
disparities between populations, which facilitates enforcement of fair
lending laws. Other commenters expressed particular support for the
publication of agricultural lending data, noting that the inclusion of
data from agricultural creditors would help address discrimination in
farm credit lending. These commenters cited a long history of
discrimination targeting socially disadvantaged farmers and producers,
including women-owned and minority-owned farms, in the farm credit
market. Other stated that the 1071 dataset would help reveal where
responsible lenders are serving small businesses fairly, aiding in the
remediation of deficiencies, or removing barriers to equitable lending.
A joint letter from community groups, community-oriented lenders, and
business advocacy groups stated that the data would reveal disparities
in access to credit in immigrant communities. Other community group
commenters, along with two minority business advocacy groups, stated
that application-level data would improve the understanding of
demographic disparities in small business lending and support efforts
to identify, address, and eliminate practices that create lending gaps
for women-owned and minority-owned small businesses.
Commenters also asserted that the publication of application-level
data would promote the business and community development purpose of
section 1071, stating that the data would provide greater understanding
of small business credit trends, such as lending dynamics or credit
request cycles for different industries, and would improve
understanding of the small business lending market more broadly. Some
commenters, including a minority business advocacy group, stated that
disclosure would help facilitate development of targeted programs to
help address inequities and foster efficiency in the small business
credit marketplace. For example, commenters said disclosure would allow
community groups and lenders to compare how lenders are meeting
community credit needs, develop score cards on local lending, identify
gaps in lending, and advocate for low-income and microbusinesses. A
CDFI lender stated that pricing information data would allow
stakeholders to assess loan affordability in underserved communities.
Citing the benefits of increased transparency, a commenter noted that
publishing small business credit transaction data would support price
discovery by allowing the comparison of credit costs between
institutions, credit types, and business types, which is critical for
market efficiency. Commenters also said that disclosure would help
community groups educate small businesses, facilitate the development
of tools to effectively identify barriers small businesses face, and
empower owners to access credit on fair terms.
In contrast, several industry commenters saw little benefit from
publication because the data would not include all factors that lenders
rely on to make credit decisions. Some said that every small business
loan is unique and without contextual information the data would not
meaningfully increase understanding about the small business lending
market. Others asserted that the data would be insufficient to conduct
fair lending analyses, suggesting that data collection and publication
are less effective mechanisms for identifying discrimination than
examinations or disparate impact analyses. According to these
commenters, HMDA data do not effectively reveal discrimination in the
mortgage industry. One of these commenters also stated that publication
would be ineffective because, as proposed, the data would not enable
identification of additional types of discrimination, such as
discouragement of particular groups of applicants. Two
[[Page 35465]]
lenders suggested that the dataset duplicate data already required
under HMDA and the CRA. A trade association suggested that data from
credit unions would not be comparable to data from other lenders
because of community-based member restrictions. A joint trade
association letter disagreed with the Bureau's proposed analysis of the
disclosure benefits of application-level data, suggesting that the
Bureau's analysis was vaguely defined and not clearly linked to the
statutory purposes of section 1071.
Current Approach
The Bureau has considered the comments above, and also relied on
the NPRM's discussion of--and requests for comment on--the potential
benefits of disclosing particular data fields. Given the comparative
lack of comments on such benefits, the Bureau concludes that the NPRM's
initial assessments of the utility of individual data fields were
generally correct.
As Congress recognized, market transparency through publication of
application-level data will serve to realize their intended purposes in
section 1071. Publishing such data will help to identify and discourage
potential fair lending violations in small business lending, while
protecting responsible lenders from unfair scrutiny. The Bureau agrees
with commenters that published data will help address discrimination in
agricultural lending. Publication of this data will also improve
understanding of small business credit needs and will provide insights
into the small business lending market, promoting the business and
community development purposes of section 1071. Increased transparency
can make it easier for small businesses to access credit efficiently,
and easier for lenders and potential lenders to identify opportunities
in the market, thereby increasing access to credit. Moreover, data
users, such as community groups, researchers, and public officials,
will be able to use the data to help determine whether certain types of
credit are disproportionately available to different communities.
Insights gained from publication will enable lenders, advocates,
investors, and the public sector to better meet the needs of small
businesses.
These benefits are material even as the dataset may not include all
factors that lenders may rely on in making credit decisions. The Bureau
notes the feedback of SBREFA commenters discussed in the NPRM and the
numerous comments from lenders, trade associations, individual
commenters, and community groups discussed above who expressed general
agreement that public data will facilitate the observation of small
business lending practices in ways that are currently not possible. For
example, data points such as pricing information and census tract will
facilitate comparison of pricing data across discrete geographic
locations allowing data users to efficiently compare credit costs
offered by financial institutions. The relative lack of substantive
comments disagreeing with the NPRM's initial assessment of the benefits
of disclosing particular data fields also speaks to the utility of the
data fields in relation to the stated statutory purposes.
Commenters did not offer substantive evidence to back claims that
data collection and publication do not help facilitate fair lending
enforcement. In addition, whether other approaches to fair lending
enforcement are more or less effective misses the point that analysis
of data collected under this rule--as is true for data collected under
HMDA--will contribute to robust and effective fair lending analysis.
Further, publication of application-level data collected under the
final rule will not inappropriately duplicate efforts under HMDA or
CRA. Final Sec. 1002.104(b)(3) excludes HMDA-reportable transactions
from coverage. Data collected under the final rule will cover more
types of transactions from more institutions than existing CRA data,
and it will include applications as well as originations. As discussed
in part II.F.2.i and elsewhere, Federal prudential regulators have
proposed to use data collected under the CFPB's final rule, once it
becomes available, for purposes of CRA small business and small farm
lending assessments, rather than drawing data from FFIEC Call
Reports.\870\
---------------------------------------------------------------------------
\870\ 87 FR 33884, 33930 (June 3, 2022).
---------------------------------------------------------------------------
The benefits from publishing application-level data are so
substantial that the Bureau is now of the view that each data field
warrants inclusion in public data, subject to completion of the
Bureau's full privacy analysis. Accordingly, the Bureau intends to
publish application-level data except to the extent that it modifies or
deletes data consistent with its privacy analysis.
4. Privacy Risk
The NPRM considered the risks to privacy that might result from
publication of application-level data reported to the Bureau. Based on
its analysis at that time, the Bureau recognized that publication of
the complete data set, without any form of modification, could pose
risks to privacy interests. As discussed in more detail below, this was
because certain data fields could create re-identification risk and
disclosure of some fields would create a risk of harm or sensitivity.
Accordingly, the Bureau intended to consider whether pre-publication
modifications or deletions would reduce these risks to privacy and
appropriately balance them with the benefits of disclosure.
The Bureau sought comment on the range of privacy concerns
discussed in the NPRM, including potential re-identification of small
businesses and financial institutions, as well as the types of harms
and sensitivities that unmodified release of data could have caused to
financial institutions and small business applicants, which are
described further below. As discussed above, informed by the comments
on the NPRM, the Bureau's preliminary assessment is that it should
adjust the balancing test articulated in the NPRM to assess, primarily,
whether data, individually or in combination with other data, create
significant re-identification risk for small businesses and their
owners. Though this approach focuses primarily on re-identification
risk, the privacy harms or sensitivities discussed below clarify the
consequences of re-identification and underscore the importance of
managing re-identification risk. Because re-identification is a
prerequisite to any potential harms or sensitivities that may result
from publishing data, the Bureau also concludes that actions taken to
prevent re-identification will mitigate those harms or sensitivities
for small business applications and their owners. In addition, the
Bureau's preliminary view is that its privacy assessment should not
consider financial institution privacy interests except where the
Bureau identifies a compelling risk to such interests.
i. Re-Identification Risk
Proposed Approach
The NPRM explained that, while information that directly identifies
natural persons, such as name, address, date of birth, or Social
Security number would not be collected, publication of application-
level data in an unmodified format potentially could be used to re-
identify small business applicants and related natural persons and
potentially harm their privacy interests. The Bureau identified two re-
identification scenarios. First, a third party may use common data
fields to match a data record to a record in another dataset that
contains the identity of the applicant or related natural person.
Second, a third party may rely on pre-existing personal
[[Page 35466]]
knowledge to recognize an applicant's record in the unmodified data.
The Bureau used the term ``adversary'' to refer to either type of third
party.\871\
---------------------------------------------------------------------------
\871\ The term does not mean that the adversary's motives are
necessarily malicious or adverse to the interests of others. See,
e.g., Nat'l Inst. of Standards & Tech., De-Identification of
Personal Information (2015), http://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf (using the term ``adversary'').
---------------------------------------------------------------------------
Re-identification based on matching. Under the first scenario, the
Bureau explained that it might be possible to match a data record to an
identified dataset, either directly or through a combination of
intermediate datasets.\872\ However, successfully re-identifying a data
record would require several steps and could present a significant
challenge. An adversary generally would have to isolate a record that
is unique or rare within the data. A record is unique or rare when the
values of the data fields associated with it are shared by zero or few
other records. The Bureau stated that it believed actual data would be
needed to perform an accurate re-identification analysis. Thus, it did
not intend to apply the balancing test until after it had analyzed re-
identification risk with a full year of reported data.
---------------------------------------------------------------------------
\872\ For these purposes, an ``identified'' dataset is one that
directly identifies a natural or non-natural person.
---------------------------------------------------------------------------
The Bureau explained that a data record having unique combinations
of values would not automatically result in re-identification; an
adversary would also have to find a record corresponding to the
applicant or related natural person in another dataset by matching
similar combinations of data fields. Once a data record had been
matched, an adversary would possess any additional fields found in the
corresponding record but not found in the data record--including,
potentially, the applicant's identity. However, even after
accomplishing such a match, an adversary might not have accurately re-
identified the true applicant to whom the data record relates. For
example, if the corresponding record was not the only record in the
other dataset to share certain data fields with the unique data record,
an adversary would have to make a probabilistic determination as to
which corresponding record belongs to the applicant.
The Bureau expected that census tract and NAICS code, if published
as proposed and without modification, could significantly contribute to
re-identification risk. Geographic and industry information are
publicly available in a variety of sources and in a form that directly
identifies businesses or in a way that could be derived with reasonable
accuracy. This information is also likely to produce unique instances
in the data, both when used separately, but particularly when combined.
Other proposed data fields could have resulted in unique combinations
(particularly when combined with census tract), but the Bureau stated
it would need actual data to analyze their contribution to uniqueness.
In this context, the Bureau indicated that particularly relevant
sources of identified data for matching purposes were UCC filings,
property records, and titles. Such filings could pose a serious re-
identification risk because of the availability of information about
the lender, the applicant, and the date of transaction. For example, an
adversary might be able to use the date and financial institution
listed in UCC filings to identify the applicants of originated loans in
the public application-level data. UCC filings also typically have the
address of the borrower. With this information, combinations of
financial institution identity, action taken date, and census tract
data might result in unique combinations that an adversary could
connect to a publicly available source of information to re-identify
the applicant.
With respect to covered loans secured by residential and commercial
property, publicly available real estate transaction records and
property tax records would be particularly relevant sources of
identified data, as the Bureau described in its proposed policy
guidance on the disclosure of loan-level HMDA data.\873\ Because some
of the data fields in such public records are also present in
application-level data, publication without any modifications would
have created a risk that these public records could be directly matched
to a data record. UCC filings also frequently include the name of the
lender, the name of the business, and the date that the filing was
submitted. Though the availability differs by State, UCC filings are
often searchable in State databases, and are frequently mined by data
brokers. UCC statements are often filed against specific collateral and
business assets generally. The NPRM accordingly indicated that such
filings could pose a serious re-identification risk.
---------------------------------------------------------------------------
\873\ See 82 FR 44586, 44593 (Sept. 25, 2017).
---------------------------------------------------------------------------
The NPRM also explained that public records in loan-level datasets
for programs like the SBA's 7(a), 8(a), 504, and Paycheck Protection
Program, as well as State-level registries of women-owned and minority-
owned businesses for contracting purposes, could contribute to re-
identification risk. These datasets include information such as loan
program guarantee information, industry information or NAICS code,
demographic information about the business owners, time in business,
and number of employees. As a result, the time in business and number
of workers data fields might significantly contribute to
reidentification risk, especially in combination with other data fields
like census tract and NAICS code. Similarly, loan-level performance
datasets made available by the Government-Sponsored Enterprises include
information such as borrower demographic information, loan program
guarantee information, pricing data, loan term, loan purpose, and the
year of action taken. Asset-backed securities datasets for securitized
mortgage and auto loans are made available by the Securities and
Exchange Commission through the Electronic Data Gathering, Analysis,
and Retrieval system. These datasets, which include information about
the lender, the date of action taken, pricing data, loan term, loan
amount applied for and approved, are available online with limited
restrictions on access. But these datasets do not include the name of
the borrower; as described above, this means that an adversary who is
able to match a record in one of these datasets to a record in the data
would need to make an additional match to an identified dataset to re-
identify an applicant. And some of these datasets contain restrictions
on use, such as a prohibition on attempting to re-identify borrowers.
Finally, the Bureau noted the existence of private datasets that might
be matched to the data. For example, data brokers collect information
about small businesses from a wide range of sources and sell it for a
variety of purposes, including marketing, identity verification, and
fraud detection.\874\ These datasets typically include data collected
from commercial, government, and other publicly available sources and
could contain data such as NAICS code, location, and estimates of gross
annual income, number of workers, and information about related natural
persons, including the ethnicity and race of principal owners.
---------------------------------------------------------------------------
\874\ See generally Fed. Trade Comm'n, Data Brokers: A Call for
Transparency and Accountability (May 2014), https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf (describing the types of products offered
and the data sources used by data brokers).
---------------------------------------------------------------------------
In addition to considering the steps an adversary would need to
take to re-identify applicants and the various data sources that may be
required to accomplish re-identification, including
[[Page 35467]]
their limitations, the Bureau considered the capacity, incentives, and
characteristics of potential adversaries, including those that might
attempt re-identification for harm. In particular, a competitor or
potential competitor might seek information about a business's
expansion strategy or financial condition, including whether it was
able to obtain credit approval. As the Bureau explained, some
adversaries could possess the resources to use private datasets in
addition to publicly available records. However, the Bureau noted the
extent to which much of the commercial benefit to be obtained by re-
identifying the data would be more readily available from private
datasets to which these potential adversaries already have access
without the need for recourse to the data. In many cases, information
from other datasets could be timelier than that found in the data.
Furthermore, some of these potential adversaries might refrain from re-
identifying the small business applicant for reputational reasons or
because they have agreed to restrictions on using data for these
purposes.
Additionally, the Bureau stated that some academics, researchers,
and journalists may be interested in re-identifying published data for
research purposes. As noted above, however, some private datasets have
contractual terms prohibiting their use for re-identification purposes
and therefore these persons might be restricted from actually using the
data to re-identify applicants. Further, some academics or journalists
may be affiliated with organizations that have reputational or
institutional interests adverse to re-identification efforts.
The Bureau considered whether parties intending to commit identity
theft or financial fraud may have the incentive and capacity to re-
identify applicants, but it assessed that the data would be of minimal
use for these purposes. In addition, such adversaries are not law
abiding and may have easier, albeit illegal, ways to secure data for
these purposes than attempting to re-identify application-level data.
Re-identification based on personal knowledge. The NPRM also noted
the potential for re-identification based on personal knowledge.
Location, as well as demographic and industry information, might well
be known to an adversary familiar with an applicant, meaning that they
might be able to re-identify an applicant without matching a record to
another dataset. The Bureau explained that the personal knowledge
possessed by such an adversary would be limited to information about a
subset of applicants and related natural persons. Thus, any such re-
identification would impact a more limited number of applicants or
natural persons than might be re-identified by adversaries possessing
sophisticated matching techniques. The Bureau explained that
uncertainty over the extent of relevant personal knowledge posed
challenges for evaluating how much individual data fields contribute to
this re-identification risk. For these reasons, the NPRM generally
focused on matching-based risk. However, the Bureau sought comment on
how to assess re-identification risk arising from personal knowledge.
Applications that do not result in originations. In its final
policy guidance on the disclosure of loan-level HMDA data, the Bureau
explained that the risk of re-identification to applicants is
significantly lower for applications that do not result in originated
loans.\875\ A lack of public information about applications
significantly reduces the likelihood that an adversary could match the
record of a HMDA loan application that was not originated to an
identified record in another dataset. In the NPRM, the Bureau stated
that it had not identified any publicly available information about
applications for business loans. However, unmodified data might still
contain data fields that facilitate the re-identification of
applicants. For example, census tract and NAICS code data could result
in unique combinations that an adversary could use to match to an
identified public record, such as a business directory.
---------------------------------------------------------------------------
\875\ See 84 FR 649, 658 (Jan. 31, 2019); see also 82 FR 44586,
44593 n.55 (Sept. 25, 2017).
---------------------------------------------------------------------------
Overlap between HMDA and 1071 data generally. The Bureau proposed
that some covered applications would also be reported under HMDA.\876\
The public loan-level HMDA dataset contains data fields in addition to,
or that overlap with, the proposed data fields, and the proposed data
would have included data fields not included in the public loan-level
HMDA dataset. The Bureau recognized that, in cases of overlap, some
data fields may have required additional analysis with respect to risks
of harm or sensitivity and re-identification posed by such overlap. The
Bureau sought comment on this issue and the implications of potential
re-identification risk and potential risk of harm or sensitivity for
applications reported under both section 1071 and HMDA.
---------------------------------------------------------------------------
\876\ See the section-by-section analysis of Sec. 1002.104 for
additional details.
---------------------------------------------------------------------------
Comments Received
The Bureau received comments from lenders, trade associations,
community groups, a business advocacy group, a software vendor, and
several individuals on re-identification risk posed by the publication
of unmodified, application-level data. Nearly all of these commenters
agreed that re-identification risk, either through matching or via
personal knowledge, should be considered by the Bureau when determining
whether to modify or delete data for publication.
Many industry commenters and a business advocacy group saw a high
risk of data being used to re-identify applicants and related natural
persons and that this would disclose harmful or sensitive private
information. Some industry and individual commenters agreed that re-
identification risk will be higher as a result of data point
combinations; several pointed to the combination of NAICS and census
tract. One commenter stated that because re-identification risk depends
on the distinctness of the data being published and on the ability to
match that data to other datasets, the Bureau should consider privacy
risk for the overall dataset rather than for each data point. Another
stated that unpredictable changes in re-identification technologies may
make data that are currently impossible to re-identify susceptible to
re-identification in the future. Commenters also stated that businesses
in rural areas face particular re-identification risk because of the
likelihood that those areas have low populations and a low number of
small businesses. Several commenters also saw re-identification risk in
rural areas as more relevant to certain products, such as agricultural
lending, that are concentrated in such areas. A group of trade
associations said that CRA data are not published at the application-
level, in part because geography can contribute to the increased risk
of re-identification.
In contrast, some commenters, primarily consisting of community
groups, asserted that re-identification risk, either through matching
or because of personal knowledge, is low. Two commenters stated that
the risk is low because much of the information that would be included
in the 1071 dataset is already publicly available, either in commercial
data sources or as a result of data breaches. Some commenters also
stated that there have been no reported incidents of HMDA data, which
is similar to 1071 data, being used to re-identify individuals. One
said that the effectiveness of modifications and
[[Page 35468]]
deletion techniques for HMDA data suggest that similar modifications
and deletions will nullify the re-identification risk for 1071 data.
The Bureau did not receive comments about its assumption that data on
applications that do not result in originations pose lower re-
identification risk than data on originated applications.
Current Approach
In the Bureau's preliminary assessment, re-identification risk of
small business applicants and their owners is the core privacy risk
associated with data publication. While the primary focus of the
Bureau's intended privacy analysis is the impact of re-identification
risk on personal privacy interests, controlling reidentification risk
will naturally mitigate other privacy risks and harms, including
commercial privacy risks for small businesses. The prevailing view of
commenters was that unmodified application-level data poses re-
identification risks that the Bureau should consider when making
modification and deletion decisions. The Bureau also agrees with
commenters that data point combinations, particularly the combination
of NAICS and census tract, pose particular re-identification risks, and
it intends to take this into account in making modifications and
deletions.
The Bureau agrees that small businesses in small or rural areas may
face heightened re-identification risk. However, overall re-
identification risk depends on multiple factors. For example, while the
overall transaction volume in a rural area may be lower than in an
urban area, concentration of certain credit products in rural areas may
change how much of an impact low transaction volume has on re-
identification risk. Thus, the Bureau does not intend to rely on a
categorical determination that geographical area types or particular
census tracts will contribute to the risk of re-identification in every
circumstance. The Bureau intends to determine whether targeted
modification of individual data fields sufficiently mitigates privacy
risks from geographical identifiers, rather than relying on wholesale
deletion of data from rural areas.
The Bureau agrees that it is difficult to predict how technology
will evolve in the future and impact re-identification risk. This is
one reason it intends to track developments in the small business
lending market, continue to engage with stakeholders, and reassess its
privacy approach as necessary. The Bureau intends to preserve
flexibility so that its privacy analysis can evolve with changes to
privacy risks.
The Bureau assesses that modification and deletion techniques can
effectively limit re-identification risk and therefore concludes that
completely withholding data--which would be contrary to section 1071's
statutory purposes and express disclosure provisions--is not necessary
to manage re-identification risk. As noted by commenters, modification
and deletion techniques have effectively reduced re-identification risk
from HMDA data, and the Bureau anticipates the same result with this
data. The existence of some data that matches with existing data sets
is not grounds to forego the full privacy analysis of collected data
that will allow it to make targeted modification and deletion decisions
to protect privacy interests.
For the reasons given above and as discussed in part VIII.B.4.ii
below, the Bureau preliminarily views re-identification risk as the
most significant privacy risk associated with publishing application-
level data--and thus the most important privacy risk to consider in
making modification and deletion decisions. Re-identification is a
prerequisite to any potential harms or sensitivities that small
business applicants or related natural persons may experience from
publishing such data. As the risk of re-identification is reduced, the
risk of harm caused by disclosing harmful or sensitive information also
will be reduced. Further, as discussed below, because almost all the
harms and sensitivities to financial institutions result from concerns
about small business applicant or related natural person re-
identification, preventing such re-identification will also prevent the
most serious harms and sensitivities for financial institutions.
ii. Risk of Harm or Sensitivity
Proposed Approach
The NPRM considered whether a re-identified application-level
record would disclose information about an applicant, related natural
person, or financial institution that is not otherwise public and may
be harmful or sensitive. Specifically, the Bureau evaluated whether
such data could be used for harmful purposes such as fraud or identity
theft or the targeted marketing of products and services that may pose
other risks. The NPRM evaluated whether the data could cause
competitive harm to small business applicants or to financial
institutions. It also evaluated whether certain data fields might be
viewed as sensitive if associated with a particular applicant, related
natural person, or financial institution. In evaluating the potential
sensitivity of a data field, the Bureau considered whether disclosure
of the data field could cause dignitary or reputational harm to small
business applicants, related natural persons, and financial
institutions.
The NPRM explained that some identifiable information about small
business lending is already publicly available. Such information is
both in public records and in private datasets with varying barriers to
access and restrictions on use. The Bureau's analysis accordingly
considered the degree to which disclosure would increase this risk
relative to the risk that already exists. In general, where a data
field was already publicly available, the NPRM saw a reduced risk of
harm or sensitivity from its further disclosure.\877\
---------------------------------------------------------------------------
\877\ However, where a data field was already publicly
available, disclosing that data field in the data may have enabled
the matching of data to other datasets that may not have been
controlled by the Bureau, which could have substantially facilitated
re-identification or the disclosure of harmful or sensitive
information.
---------------------------------------------------------------------------
The Bureau considered whether the data could be used for harmful
purposes such as fraud or identity theft or the targeted marketing of
products and services that may pose other risks. The Bureau's initial
view was that unmodified application-level data would be of minimal use
for perpetrating identity theft or financial fraud against applicants
or related natural persons. As proposed, application-level data would
not include information typically required to open new accounts in the
name of a small business's principal owner, such as Social Security
number, date of birth, place of birth, passport number, or driver's
license number. Additionally, the data would not include information
useful to perpetrate existing account fraud, such as account numbers or
passwords. The Bureau acknowledged, however, that almost any
information relating to a small business could, in theory, be used for
these purposes. For example, unmodified data could potentially be used
in a phishing attack against an applicant, or for knowledge-based
authentication. Some such data, however, may already be available from
public and private sources. The Bureau also noted, on the basis of its
expertise and analysis, that the publication of HMDA data--which
contain many data fields that are similar to data fields that would be
disclosed under the proposal--has not resulted in any measurable
increase in fraud or identity theft against mortgage applicants.
[[Page 35469]]
The Bureau also considered potential impacts on targeted marketing
of products and services. The Bureau explained that although the data
could be used to market products and services that would have been
beneficial for small businesses--perhaps increasing competition among
creditors that could help small businesses receive better terms--they
could also be used to target potentially vulnerable small businesses
with marketing for products and services that may have posed risks that
were not apparent. For example, users might perceive certain data to
reveal negative information about an applicant's financial condition or
vulnerability to scams relating to debt relief or credit repair.
Information about a loan might also be used for a practice known as
``stacking,'' in which creditors may obtain lead lists based on
publicly available information and offer follow-on loans or advances
that add to the debt burden carried by small businesses. Some creditors
might also use the data for deceptive marketing practices. However, the
Bureau noted that the utility of the data for predatory marketing
practices may be limited by delay between action taken on a loan and
data publication.
The Bureau considered whether unmodified data would result in
competitive harm to small business applicants or related natural
persons by disclosing general information about a small business's use
of credit that was not currently available to the general public. The
Bureau acknowledged that certain data points in unmodified form could
reflect negatively on the financial condition of a business or its
owners. The Bureau also considered the potential for competitive harm
to financial institutions. As discussed below with respect to the
financial institution identifying information that would be reported
pursuant to proposed Sec. 1002.109(b), the Bureau proposed to identify
the financial institution in the public application-level data.
Therefore, the data could reveal general information about a financial
institution's lending practices that is not widely available to the
general public. As the Bureau explained, data fields such as census
tract, NAICS code, credit type, and pricing could disclose information
about where a financial institution is doing business, what industries
it is doing business with, what kinds of products it is offering, and
what kinds of prices it is charging, respectively. Additionally, if a
small business applicant were re-identified, a financial institution's
competitors could identify the small businesses to which the financial
institution is offering or providing credit. A financial institution
could then potentially offer credit to a particular small business at a
lower price than they currently received. However, the Bureau did not
assess that unmodified application-level data would include key inputs
for, or be detailed enough, to substantially facilitate reverse-
engineering of proprietary lending models. For example, it would not
have included information about an applicant's credit history. The NPRM
also noted stakeholder concern that data could harm financial
institutions by increasing the amount of litigation against them. The
Bureau sought comment on this risk.
With respect to feedback that disclosing information about
applicants in rural areas could lead them to seek financing elsewhere,
the Bureau noted that would not necessarily reduce the risk that
someone in the small business's community may ultimately re-identify
them because the data would be reported with respect to the location of
the business, as discussed in the section-by-section analysis of Sec.
1002.107(a)(13).
In addition to considering whether the disclosure of a data field
could lead to financial or other more tangible harms, the Bureau also
considered whether the data might be viewed as sensitive. In assessing
whether a data field creates a risk of sensitivity, the Bureau
evaluated whether its disclosure could lead to dignitary or
reputational harm to small business applicants or related natural
persons. For example, if re-identified, the data could reveal
information that casts a negative light on a small business's financial
condition, such as the fact that a loan was denied due to a business's
credit characteristics or cashflow.
The Bureau also evaluated whether the disclosure of a data field
could cause reputational harm to financial institutions. The Bureau
discussed stakeholder concerns that the data could lead users to draw
unfounded inferences about discrimination. The Bureau noted that
several of the data fields, if disclosed in unmodified form, would help
address this concern by serving as control variables. For example, many
financial institutions consider a small business's revenue when
assessing the risk of extending credit. As a result, disclosing gross
annual revenue data would help ensure that data users who are
evaluating potential disparities in underwriting or pricing can compare
small businesses with similar revenues, thereby controlling for a
factor that might provide a reason for some disparities. The Bureau
also noted that it does not expect that data alone could generally be
used to determine whether a lender is complying with fair lending laws.
The Bureau expected that, when regulators conduct fair lending
examinations, they would analyze additional information before reaching
compliance determinations.
The Bureau also considered general expectations with respect to
what information is available to the general public. For example, the
Bureau explained that disclosing gross annual revenue in unmodified
form could disclose sensitive information because it could reflect the
financial condition of a small business or, where a small business is a
sole proprietorship, a particular individual. This type of information
is typically not available to the general public. The Bureau also
acknowledged concerns that some small businesses and their owners would
consider seeking credit sensitive, or would consider the disclosure of
a banking relationship sensitive because others may draw adverse
inferences about the small business's financial condition. These are
concerns about sensitivity that would result from the re-identification
of the applicant, rather than from the disclosure of particular data
fields. The Bureau sought to address these concerns by mitigating the
risk of re-identification.
Comments Received
The Bureau received comments in this area from a range of
commenters including lenders, trade associations, business advocacy
groups, and community groups.
Risk of identity theft or fraud. Some industry and academic
commenters stated that the data points may subject small business
applicants and related natural persons to an increased risk of fraud or
identity theft. Commenters also stated that publication may expose
financial institution employees, such as the financial institution
contact reported under Sec. 1002.109(b)(3), to fraud or identity theft
actions, such as phishing attacks. Another commenter stated that rural
applicants will be easily identifiable in data and, as a result, at
greater risk of fraud.
Risk of targeted marketing harms. A group of bank trade
associations and a business advocacy group asserted that public data
could be collected and sold to interested third parties, potentially
for targeted marketing purposes. No commenters asserted financial
institutions would experience such harms.
[[Page 35470]]
Risk of competitive harms. Several industry commenters and a
business advocacy group expressed concern that the disclosure of
application-level data would pose risks of competitive harm to small
business applicants or related natural persons. Some commenters stated
that if an applicant is re-identified, competitors will gain non-public
insights into financial information directly bearing on that small
business's long term financial health and competitive goals. Some
commenters noted that larger competitors may be more likely to gain
information about the financial health and long-term business goals of
small businesses. For example, a lender asserted that larger companies
may use the data to outbid smaller competitors. Other commenters stated
that data may reveal non-public information about a small business's
use of credit, such as financing terms, that competitors may use to
their competitive advantage.
Some industry commenters and a business advocacy group stated that
small business applicants may experience reduced availability or
increased cost if other financial institutions learn of their small
business loans or loan terms, which would reduce their ability to
obtain liquidity or increase their operating costs as compared to their
competitors. These commenters asserted that publication may impose
increased compliance costs and litigation risks on financial
institutions that are passed on to small business applicants or that
cause financial institutions to limit credit to borrowers with higher
risk profiles to prevent losses.
Many industry commenters stated that publication will present
significant risk of competitive harms to financial institutions.
Commenters asserted that application-level data may be used to identify
or reverse-engineer proprietary lending information, such as
underwriting requirements or pricing models. One commenter asserted
that if the pricing information and action taken data points could be
used to determine a lender's limits for other credit terms that are not
collected under the rule, such as the APR limit, the lender's
competitors would be able to undercut or otherwise compete with those
terms, for example by offering lower rates. This commenter stated that
while lower APRs are generally beneficial for consumers, this may come
at the cost of lower quality service. A lender suggested that data
points such as gross annual revenue and the time in business may be
used to reverse-engineer a financial institution's proprietary lending
strategy. Another commenter asserted that data points for private label
credit, such as the pricing information or census tracts, are
particularly commercially sensitive to financial institutions and there
is risk that disclosure of this information will cause competitive
harm.
Other industry commenters indicated that competitive harm
experienced by financial institutions may have broader impacts on the
small business lending market. Some commenters suggested that if public
data reveals proprietary commercial lender information, financial
institutions may be compelled to engage in anti-competitive behavior,
such as price-fixing, that restricts credit or offers less favorable
terms, because it will effectively homogenize the market and limit
their ability to compete with one another. One asserted that compliance
concerns due to publication could result in reduced product
availability by financial institutions, as they asserted was seen after
publication of HMDA and CRA data.
Some industry and academic commenters stated that competitive harm
may particularly impact smaller or rural financial institutions. They
asserted that because these lenders have fewer small business customers
than larger financial institutions, their customers are at a higher
risk of re-identification. As such, it may be easier for the larger
competitors of smaller or rural financial institutions to approach
their small business applicants to underprice the loans and offer
better terms. These commenters stated that smaller and rural financial
institutions may have less flexibility to respond to resulting
competitive harms because of their size and lower applicant volume.
Risk of reputational harms. An industry commenter and a business
advocacy group stated that small business applicants and related
natural persons will be subject to reputational risks as a result of
publication. For example, one noted that if applicants are re-
identified, small business owners may experience harm, discrimination,
or stigmatization from disclosure of certain data points, such as race,
sex, and ethnicity. Other industry commenters stated that financial
institutions may also experience reputational harms. Many commenters
stated that risks of reputational harm and frivolous litigation will
result from incorrect conclusions about the data drawn by the public or
regulators. These commenters asserted that incorrect data conclusions
could result from the unique characteristics of small business lending
generally, particular credit scenarios common within small business
lending, and the fact that the data will not reflect all factors that
went into underwriting decisions. For example, some commenters asserted
that there is particular risk of misunderstanding with Farm Credit
System credit based on how dividends are provided and the legal
limitations for such loans. These commenters explained that because
statutory provisions for Farm Credit System credit have specific
coverage criteria, data may disclose a justified, but
disproportionately high, rate of application denial. Additionally,
commenters explained that Farm Credit System institutions may appear to
charge a higher interest rate to certain borrowers but that the
interest rates are offset by dividends based on the borrower's
patronage.
A few industry commenters cited potential discrepancies between
data points and those that appear in other sources, which could
increase the risk of reputational harm and litigation for financial
institutions. These commenters said that because data requirements for
these other sources are not the same as proposed requirements, but are
labeled with the same identifier, the resulting variations could
unfairly increase scrutiny or lead to inaccurate conclusions. These
commenters were especially concerned about this risk for loans subject
to HMDA or CRA. Additionally, some industry commenters stated that
financial institutions' reputations for protecting applicants' privacy
may be impacted by data publication. Commenters noted that applicants
may have concerns about providing information and may feel that
conversations with a financial institution are less confidential
because certain information is being disclosed to the government. One
commenter mentioned that if a financial institution or the Bureau
experiences a data breach, the financial institution may not be viewed
as trustworthy by applicants.
In contrast, other commenters stated that published data will
decrease reputational and litigation risks for financial institutions.
According to one commenter, the data will provide evidence of
responsible lenders' fair lending practices, which will give them a
competitive advantage over less scrupulous financial institutions.
Additionally, a few commenters stated that reputational and litigation
harm risks from publication can be mitigated by disclaimers, as well as
by data modifications and deletions. For example, these commenters
stated that any data publication should include a statement for
agricultural lending credit types that Farm Credit System entities
[[Page 35471]]
can only lend to applicants that are eligible under the Farm Credit
Act.
Other harms or sensitivities. Commenters identified three
additional harms that were not discussed in the NPRM: physical harms,
data security, and harm to applicants' relationship with, or trust in,
financial institutions.
A software vendor and several individual commenters stated the
Bureau should consider physical harm or personal security threats that
could result from publication. For example, a few commenters stated
that if an applicant's LGBTQI+ status was revealed, the applicant may
face threats to their personal security due to discrimination.
One industry commenter stated small business applicants or related
natural persons may be exposed to data breaches because financial
institutions will store and transmit data online. Some industry and
business advocacy group commenters asserted that a data breach could
cause privacy risks for financial institutions, including reputational
harm related to litigation. The commenters said this would be true even
if the Bureau were the breached entity, and that the Bureau must take
action to protect reported data from potential breaches. Some also
requested that the Bureau detail the steps it will take to protect data
from breach or to indemnify financial institutions impacted by data
breaches arising from a breach to the Bureau. One commenter stated that
the Bureau should seek comment on its data security safeguards.
Some commenters, mainly from industry, identified potential impacts
that privacy risks may have on the relationships between small business
applicants and financial institutions. Some commenters stated that the
publication may create friction in the lending process due to negative
public sentiment. These commenters asserted that, because small
business applicants may view the data collection methods as invasive or
because financial institutions may feel obligated to reduce tailored
credit underwriting to prevent misconceptions about lending practices,
financial institutions may not be able to provide customer service at
the level currently obtained. Other commenters noted that applicants
who are concerned about the privacy or security of this data may be
hesitant to seek credit or they might seek credit from more expensive
unregulated sources.
Current Approach
As discussed below, the Bureau's preliminary view is that the risk
of harm or sensitivity to small businesses and related natural persons
is significant and should be considered in its privacy assessment. The
Bureau's current intent is to address these risks primarily by
controlling for re-identification risk. The Bureau is particularly
focused on risks to personal privacy interests. Such interests may
involve protected demographic information or information about personal
finances that could have reputational impact if disclosed; for example,
this might include the reputational impact of a credit denial arising
from a personal credit score.\878\ The Bureau also intends to consider
certain commercial risks of harms and sensitivities to small businesses
when modifying or deleting data. The Bureau does not currently intend
to consider financial institution privacy interests in its analysis
unless there is a compelling privacy risk.
---------------------------------------------------------------------------
\878\ For example, Sec. 1002.107(a)(11) requires a covered
financial institution to report the principal reason or reasons the
financial institution denied a covered application. Comment
107(a)(11)-1.ii states that a covered financial institution reports
the denial reason as ``credit characteristics of the principal
owner(s) or guarantor(s)'' if it denies the application based on an
assessment of the principal owner(s) or guarantor(s)'s ability to
meet its current or future credit obligations. Examples include
principal owner(s) or guarantor(s)'s credit score, history of charge
offs, bankruptcy or delinquency, low net worth, limited or
insufficient credit history, or history of excessive overdraft.
Thus, data about a denial reason may provide personal information
about a principal owner's personal financial health that may not
otherwise be known to the public.
---------------------------------------------------------------------------
Risk of identity theft or fraud. Based on comments received, the
Bureau views any risk of identity theft or fraud for small business
applicants or related natural persons resulting from the publication of
data to be predicated on the small business applicant or related
natural person being re-identified. As to comments that publication of
financial institution contact information will subject financial
institution employees to identity theft or fraud, such as phishing
attempts, consistent with the NPRM, the Bureau plans to exclude from
publication the name and business contact information of a person who
may be contacted with questions about the financial institution's
submission from the public application-level data.
Risk of targeted marketing harms. Targeted marketing harms likewise
presuppose that a small business applicant or related natural person is
re-identified.
Risk of competitive harms. Potential competitive harms, including
information about a small business's long term financial health and
competitive goals, are also predicated on re-identification. For
example, commenters stating that an applicant's competitors may gain
insights into its financial health, competitive strategy, and goals all
assumed that the small business applicant is first re-identified.
The Bureau does not view data publication as increasing a financial
institution's compliance costs and litigation risks, such that
increased costs and risks would result in increased fees, reduction in
credit program availability, or reduce credit availability for
applicants with weak credit profiles. Historical evidence from HMDA
suggests that such impacts will be minimal. Notwithstanding similar
contentions prior to the 2015 HMDA Final Rule, the Bureau recently
reported that, based on 2021 HMDA data, trends in mortgage origination
continued to increase since the HMDA rule became effective in
2018.\879\ Based on this experience with HMDA, the Bureau does not
anticipate that this final rule will significantly increase the cost of
credit products, reduce credit product availability, or result in
otherwise unnecessary tightening of underwriting criteria.\880\
---------------------------------------------------------------------------
\879\ The 2015 HMDA Final Rule noted that SBREFA SERs and NPRM
commenters stated that compliance costs meant that financial
institutions would increase price, reduce availability, or exit
markets. See 80 FR 66127, 66296 (Oct. 28, 2015). But the Bureau's
2021 HMDA Data Point notes that mortgage origination trends have
continued to increase since that rule became effective in 2018.
Mortgage origination volume has increased from 4.14 million in 2018
to 5.13 million in 2021. Similar increases were seen in application
volume. See CFPB, Data Point: 2021 Mortgage Market Activity and
Trends (Sept. 19, 2022), https://files.consumerfinance.gov/f/documents/cfpb_data-point-mortgage-market-activity-trends_report_2022-09.pdf.
\880\ See part IX.F.4's analysis of small business costs for
more information about the magnitude of these effects.
---------------------------------------------------------------------------
The Bureau also disagrees that publication will reveal proprietary
lending information, thereby resulting in competitive harm to financial
institutions. Unmodified application-level data will not include key
inputs for, or be detailed enough, to substantially facilitate the
reverse-engineering of proprietary lending models. For example, it will
not include applicants' credit score data. Other comments expressing
concern that the data collected would provide only an incomplete
picture of the financial institution's lending practices confirmed that
other key information about underwriting will not be collected. These
omissions should prevent competitors from reverse-engineering
proprietary lending models and make it unlikely that financial
institutions could use the data to engage in anti-competitive behavior
like price-fixing.
By the same token, there is no basis for small or rural financial
institutions
[[Page 35472]]
to be at more significant risk of this type of harm. The Bureau
acknowledges that the risk of re-identification of small business
applicants and related natural persons may be greater in smaller or
rural areas, but that does not increase the risk of proprietary lending
models being disclosed.
Risk of reputational harms. Reputational harm to small business
applicants and related natural persons is also predicated on re-
identification.
The Bureau does not agree that publication will increase a
responsible financial institution's reputational risk. While the Bureau
recognizes that financial institutions may need to defend against some
increased litigation about their small business lending practices, it
agrees with commenters that publication will help responsible financial
institutions defend against such litigation, accordingly making it less
likely to occur in the first place. The Bureau similarly agrees with
commenters that responsible financial institutions will be able to use
the data as evidence of their fair lending compliance, as well as to
prevent or counter erroneous claims that the institution is engaging in
discriminatory practices. The Bureau has not seen any significant
detrimental impact on mortgage applicants' trust in financial
institutions, and HMDA-covered mortgage originations have increased
since the Bureau's amendments to Regulation C went into effect in
2018.\881\ As in the mortgage market, requesting and publishing data
from applicants does not have enough reputational impact on financial
institutions to impair origination activity.
---------------------------------------------------------------------------
\881\ Mortgage origination trends since the HMDA rule became
effective in 2018 suggest that any distrust resulting from financial
institutions seeking HMDA data has not deterred applicants from
continuing to seek credit. See CFPB, Data Point: 2021 Mortgage
Market Activity and Trends (Sept. 19, 2022), https://files.consumerfinance.gov/f/documents/cfpb_data-point-mortgage-market-activity-trends_report_2022-09.pdf.
---------------------------------------------------------------------------
With respect to reputational risk arising from overlapping
databases, the Bureau is finalizing a coverage exception for
transactions covered by the Bureau's HMDA rule.\882\ In addition, many
datasets contain data types that already overlap with HMDA and CRA
data. There is accordingly no compelling reason to expect that
publishing application-level data will significantly increase whatever
risk already exists from HMDA coverage.
---------------------------------------------------------------------------
\882\ See Sec. 1002.104(b)(2).
---------------------------------------------------------------------------
As to comments that assert that Farm Credit System products may be
incomparable to other credit product types, thereby creating the risk
of reputational harm or frivolous litigation, the data will provide
sufficient opportunity for Farm Credit System entities to prevent and
refute any erroneous conclusions. The Bureau agrees with commenters
that this harm can be averted by distinguishing Farm Credit System
loans in the dataset. The Farm Credit System is one of the identified
types of financial institutions for the data required under Sec.
1002.109(b)(9).\883\ As a result, users can filter the data
accordingly. Farm Credit System financial institutions can also filter
to defend against any conclusions they believe are inaccurate because
of comparisons outside the Farm Credit System.
---------------------------------------------------------------------------
\883\ See comment 109(b)(9)-1.vii.
---------------------------------------------------------------------------
Other harms or sensitivities. The Bureau agrees that the privacy
assessment should take account of risks of physical harm and personal
security threats to applicants or related natural persons, as well as
the potential for data, once available, to be used by third parties to
single out or target certain applicants or related natural persons for
discriminatory treatment. Re-identification in some circumstances could
result in significant risks, including threats of physical or personal
harm and discrimination. The risks raised by commenters are supported,
for example, by Hate Crime Statistics reported by the Federal Bureau of
Investigation (FBI) through its Uniform Crime Reporting Program,\884\
and by Equal Employment Opportunity Commission data.\885\ The Bureau
believes that the risk to personal privacy interests arising from
physical harm, personal security threats, and discrimination resulting
from information about protected characteristics warrant significant
consideration when the Bureau considers modifications or deletions to
data.
---------------------------------------------------------------------------
\884\ For 2019, the FBI's Uniform Crime Reporting Program
reported that in single-bias incidents, 1,492 victims were targeted
because of their sexual orientation and 227 victims because of their
gender identity. See Fed. Bureau of Investigation, 2019 Hate Crimes
Statistics, https://ucr.fbi.gov/hate-crime/2019/topic-pages/tables/table-1.xls (last visited Mar. 20, 2023).
\885\ The Equal Employment Opportunity Commission reports that
from FY 2014 through FY 2021, approximately $43.5 million dollars of
monetary benefits were paid on LGBTQ+-based sex discrimination
charges. The amount has increased from $2.2 million to $9.2 million
over this period. It also reports that it received 13,546 LGBTQ+-
based sex discrimination charges in the same time period, with
annual charges increasing from 1,100 in FY 2014 to 1,968 in FY 2021.
https://www.eeoc.gov/data/lgbtq-based-sex-discrimination-charges
(last visited Mar. 20, 2023). See also Off. of Mgmt. & Budget, Off.
of the Chief Statistician of the U.S., Recommendations on the Best
Practices for the Collection of Sexual Orientation and Gender
Identity Data on Federal Statistical Surveys 8-9.
---------------------------------------------------------------------------
However, historical evidence indicates that data publication will
have little long-term impact to relationships between applicants and
financial institutions. The Bureau reported in 2021 that mortgage
originations subject to HMDA continued to increase despite the HMDA
rule becoming effective in 2018.\886\ Based on this and earlier
experience with HMDA, the Bureau does not agree that publication will
drive small business applicants to seek alternative financing options
to avoid disclosure. The HMDA evidence also suggests that any potential
increase in costs after this rule becomes effective will not be
prohibitive for applicants seeking financing from a regulated financial
institution and that market volume will not be substantially impacted.
---------------------------------------------------------------------------
\886\ Compare 80 FR 66127, 66296 (Oct. 28, 2015), with CFPB,
Data Point: 2021 Mortgage Market Activity and Trends (Sept. 19,
2022), https://www.consumerfinance.gov/data-research/research-reports/data-point-2021-mortgage-market-activity-trends/.
---------------------------------------------------------------------------
Finally, the Bureau takes strong measures to mitigate and address
any risks to the security of sensitive data it receives, consistent
with the guidance and standards set for Federal information security
programs. The agency is accordingly committed to protecting the privacy
and information security of the data it receives from financial
institutions under this rule. In addition, the Bureau does not agree
that a financial institution could be held legally liable for the
exposure of data due to a breach at a government agency or for
reporting data to the Bureau if the institution was legally required to
provide the data and did so in accordance with other applicable law.
Based on the record to date, the Bureau intends to consider the
risk of harms to small business applicants and related natural persons
discussed above in its privacy risk assessment. However, the risks of
harms or sensitivities to small businesses and related natural persons
discussed by commenters logically assume re-identification already
occurred. The harms and sensitivities recognized above clarify the
consequences of re-identification and underscore the importance of
managing re-identification risk. Additionally, the Bureau's preliminary
view is that privacy risks to financial institutions are less
significant compared to both personal privacy interests and non-
personal commercial privacy risks to small business applicants and
related natural persons. Many of the harms attributable to financial
institutions
[[Page 35473]]
noted by commenters are only likely if small business applicants are
re-identified, are not likely to occur based on the history of HMDA
data publication, or exist independent of the data and therefore do not
result from publication. As a result, measures that the Bureau takes to
reduce re-identification risk will also reduce the risk of harms to
financial institutions. Thus, the Bureau intends to consider modifying
or deleting data to protect a financial institution privacy interest
where data publication creates a compelling privacy risk.
5. Privacy-Informed Modification and Deletion
Proposed Approach
Generally. The NPRM stated that where disclosure of an individual
data field, alone or in combination with other fields, would pose risks
to privacy that were not justified by the benefits of disclosure to
1071's purposes, the Bureau would consider whether it could
appropriately balance the privacy risks and disclosure benefits through
modification techniques or whether the field should be deleted from the
public dataset. The Bureau stated that it also would evaluate the risks
and benefits of disclosing a data field in light of modifications or
deletions considered for other data fields. Where the Bureau determines
that modification of a data field is appropriate, the Bureau stated
that its consideration of the available forms of modification for the
1071 data would also be informed by the operational challenges
associated with various forms of modification and the need to make
application-level data available to the public in a timely manner.
In general, the Bureau stated that deleting or modifying data
because the data would disclose general information about a financial
institution's lending practices--compared with information that could
substantially facilitate, for example, the reverse-engineering of a
financial institution's proprietary lending models--would be
inconsistent with section 1071, which directly contemplates disclosure
of financial institution identity in connection with the public
application-level dataset.\887\ Each of the data fields prescribed by
the statute--with the exception of the application number--could
provide some insight into a financial institution's lending practices.
If the Bureau were to exclude data on this basis, therefore, it would
exclude virtually all of the statutorily required 1071 data points from
the public data, frustrating both of the statutory purposes of section
1071.\888\ While the Bureau acknowledged financial institutions'
concern about the litigation and reputational risks involving 1071
data, the Bureau did not believe that this concern would justify the
exclusion of data from public disclosure. One of the statutory purposes
of section 1071 is to facilitate enforcement of fair lending laws,
which authorize enforcement by parties other than the Bureau.\889\
Additionally, section 1071 contemplates that financial institutions
would make their own application-level data available to the public,
which necessarily entails their identification.\890\
---------------------------------------------------------------------------
\887\ See ECOA section 704B(f)(2)(B).
\888\ See ECOA section 704B(a).
\889\ See, e.g., ECOA section 706 (providing for civil
liability).
\890\ See ECOA section 704B(f)(2).
---------------------------------------------------------------------------
In light of the statutory purposes, the Bureau intended to modify
or delete data only as needed under the balancing test prior to public
disclosure. The NPRM discussed associated modification techniques with
respect to specific data points. Where no specific modification
technique was described with respect to a particular data point, the
Bureau stated that it had not identified an obvious modification
technique other than swapping, suppression, or deletion.
While certain information that directly identifies applicants or
related natural persons generally would not be collected under the
proposed rule, the Bureau did not accept that this would eliminate
privacy risks that would arise from publishing the data in unmodified
form. The Bureau also rejected the idea that privacy risks could be
adequately resolved through rule coverage. While some re-identification
risk could be reduced by increasing the number of applications reported
to the Bureau, the Bureau did not believe the effects of doing so are
necessarily predictable because re-identification risk depends on the
characteristics of the data. Further, the Bureau did not believe that
increasing the number of applications would have addressed risks of
harm or sensitivity to re-identified applicants or natural persons.
Aggregate data. In the NPRM, the Bureau stated that it did not
intend to address privacy risks arising from application-level data by
disclosing aggregated data in its place. As required by section 1071,
the Bureau proposed in Sec. 1002.110(a) to make available to the
public the information submitted to it by financial institutions
pursuant to proposed Sec. 1002.109, subject to deletions or
modifications made by the Bureau. The Bureau stated that, as authorized
by the statute, proposed Sec. 1002.110(b) would have stated that the
Bureau may, at its discretion, compile and aggregate information
submitted by financial institutions pursuant to proposed Sec.
1002.109, and make any compilations or aggregations of such data
publicly available as the Bureau deems appropriate. The Bureau
initially anticipated making the data collected under section 1071
available at the application level--with appropriate potential
modifications and deletions--rather than providing aggregate data with
counts and averages for each data field. The Bureau stated that it may
consider releasing aggregated data in the future, after it determined
whether narrower modifications or deletions could address privacy
risks. The Bureau had received some suggestions to consider
``differential privacy'' techniques,\891\ which are typically used in
connection with aggregate statistics to reduce the identifiability of
more granular data. The Bureau sought comment on whether differential
privacy techniques might be appropriate for application-level data.
---------------------------------------------------------------------------
\891\ Differential privacy is a statistical method designed to
protect individuals from reidentification risk. A dataset is said to
be differentially private if, by looking at the dataset, one cannot
tell whether any individual's data was included in the dataset.
---------------------------------------------------------------------------
Recoding. The NPRM identified the Bureau's intention to consider
various methods to ``recode'' the proposed data fields as necessary.
The Bureau explained that recoding techniques decrease the number of
distinct categories for a data field. In this context, recoding would
involve providing the value of a data field in a higher-level category
that increases the number of records within a given combination. Some
data fields like census tract and NAICS code have structures that
permit recoding without developing new 1071-specific recoding
categories. For instance, if the Bureau were to determine that the re-
identification risk presented by the census tract data field does not
justify the benefits of unmodified disclosure, the Bureau could instead
provide geography at the county level because census tracts are
designed to be non-overlapping subdivisions of a county.
The Bureau also stated that it intended to consider recoding via
bins or intervals of values for data fields that, in unmodified form,
would have continuous values. The Bureau stated that unmodified
continuous data fields can be highly identifying, but binning can
significantly reduce this risk. It also
[[Page 35474]]
noted the possibility of top- or bottom-coding a data field to prevent
extreme--and potentially very re-identifiable--values from being
released.
Other techniques. The Bureau stated that it might also consider
``targeted suppression,'' which makes certain values of data points
unavailable when a certain combination of values is held by too few
records. The Bureau stated that it might consider treating certain
values of data points as ``not available'' if the application is the
only small business application from a particular census tract. The
Bureau explained that targeted suppression can be applied in several
ways. One way would be to remove the value of a field that makes the
record identifiable. For example, if census tract and NAICS code
identify a record, the microdata could delete the value of the NAICS
code for any applications that are in cells deemed sensitive. A second
approach could leave the census tract and NAICS code but suppress the
values of other data points. This method would reduce the potential
harm if the record were re-identified. A third approach could be to
remove the record from the dataset entirely. The Bureau stated that, in
general, suppression is a more common approach for aggregate data than
for application-level data.
The Bureau noted that one drawback to targeted suppression is that
it complicates data analysis for end users. A data user would be
presented with millions of rows, but in certain rows and for certain
data points, values would be missing.\892\ Another identified drawback
is that suppression would need to be done so that the remaining
unmodified data do not provide a user with the ability to back out the
modified field, sometimes involving complementary suppression or
deleting values of other applications to ensure that the missing value
cannot be reengineered. The Bureau sought comment on whether targeted
suppression techniques could preserve the benefits of publishing
application-level data, and, if so, what the Bureau should consider as
the minimum cell size to implement targeted suppression.
---------------------------------------------------------------------------
\892\ Data users would need to understand the method behind the
modifications and plan analyses to account for the fact that the
suppressed data would necessarily not reflect all small business
loans in a given year.
---------------------------------------------------------------------------
The Bureau sought comment on other modification techniques, such as
``data swapping'' (sometimes called ``switching''). Data swapping
involves finding two records that are similar on several dimensions and
swapping the values for other data fields between the two records. In
effect, data swapping would require that the Bureau preserve certain
data fields while swapping others. The Bureau stated that another set
of techniques for addressing privacy risks for continuous data would
involve adding ``random noise'' to the reported values. For example,
under ``additive noise techniques,'' a random value is added to the
existing value of the data field. Under ``multiplicative noise
techniques,'' the true value is multiplied by a random value. The
Bureau sought comment on whether such techniques would preserve the
benefits of publication. The Bureau explained that a drawback to these
approaches is that data would be released with values that do not match
the true values of the underlying data.\893\ Data users would need to
take such modifications into account when performing any analyses.
---------------------------------------------------------------------------
\893\ For example, with respect to the amount applied for data
field, a recoding technique would release the values of the data
field in broad categories, for instance ``$100,000-$150,000.'' In
such case, the broader category provides less information but
reflects the true value of the underlying data. Noise addition, by
contrast, would involve the Bureau manipulating (in a standardized
and documented way) the actual values of loan amount. An
application's loan amount may be released as $85,000 in the public
dataset when the true value was $78,000.
---------------------------------------------------------------------------
Comments Received
Generally. With regard to how the Bureau stated its intention to
assess privacy risks that would inform modification and deletion
decisions, several community group commenters, a minority business
advocacy group, and several members of Congress urged the Bureau to
apply the NPRM's balancing test in favor of public disclosure and to
make available a robust dataset. According to some commenters, the fair
lending and business and community development purposes of section 1071
militate in favor of data transparency. A number of community and
business advocacy group commenters stated that if published application
level data are not robust, or if specific data points are not
disclosed, the dataset will not adequately reveal whether these
statutory purposes of section 1071 are being met. Several commenters
asserted that society's interest in tackling discrimination and closing
the racial wealth gap supported robust disclosure. A business advocacy
group stated that robust 1071 data would promote financial stability in
the economy, and cited insufficiently granular HMDA data as
contributing to the 2008 subprime financial crisis.
Some community group commenters and a software vendor urged the
Bureau not to delete or modify public application-level data because it
would undermine the statutory purposes of section 1071. The software
vendor stated that modifications or deletions may reduce the utility of
the data for no privacy benefit. Several commenters asserted that the
Bureau should only modify public 1071 data to protect the privacy
interests of small business applicants. A joint letter from community
and business advocacy groups agreed with the Bureau's statement that
litigation and reputational risks faced by financial institutions do
not justify excluding data from public disclosure.
On the other hand, several industry commenters urged the Bureau to
make modification and deletion decisions to protect the privacy of
financial institutions, applicants, and related natural persons. They
stated that protecting these privacy interests was consistent with the
statutory purposes of section 1071 because limiting disclosure would
increase credit access and lower credit costs to minority-owned and
women-owned small businesses.
Several industry, community group, and academic commenters
supported modification and deletion of application-level data, stating
that it could adequately address privacy risks posed by publication. A
trade association asserted that publishing certain data points in an
unedited, application-level format would increase the risk of applicant
re-identification. Another trade association supported the liberal use
of modification and deletion techniques to protect privacy interests of
lenders, small business applicants, and related natural persons. Some
commenters stated that the lack of reported incidents in which an
individual has been re-identified in HMDA data suggests that
modifications or deletions can reduce re-identification risks here
also.
Some commenters offered views about what data points would be
modified or deleted. Several suggested that data modifications or
deletions should be consistent with HMDA. According to these
commenters, the Bureau should ensure that any data deleted in the HMDA
dataset is also deleted in the 1071 dataset, including the unique
identifier, the application date, and the action taken date. A software
vendor stated that the Bureau should modify data points that reflect
gender identity or sexual orientation information, which could result
in persons being subject to physical harm. Several individual
commenters likewise suggested that LGBTQI+ persons face particular
privacy risks. A joint letter from community and business advocacy
[[Page 35475]]
groups stated that if the Bureau modifies 1071 data, it should do so on
a loan-by-loan basis because the modification of a particular data
field may not be necessary for all records in the dataset.
Aggregate data. The Bureau received no comments about how
differential privacy techniques may be applied to application-level
data. However, the Bureau did receive comments about aggregating 1071
data. Several industry commenters suggested that the Bureau publish
aggregate data, instead of an application-level dataset, to mitigate
privacy risks. One stated that aggregate data are sufficient to analyze
the business needs and credit access of applicants, including minority-
owned and women-owned small businesses. Another said that disclosing
aggregate data, as opposed to application-level data, would be
consistent with the practices of other agencies. Other industry
commenters stated that, while some 1071 data could be disclosed at the
application level, the Bureau should aggregate any data points that
present re-identification risk.
Recoding. Several community group commenters stated that if the
disclosure of 1071 data fields present significant privacy risks, the
Bureau should consider binning data or disclosing intervals of values.
For example, these commenters stated that when disclosing gross annual
revenue data, the Bureau could consider publishing data in $10,000
increments. One stated that binning would be appropriate as long as the
modified public 1071 dataset could satisfy the fair lending and
business and community development statutory purposes of section 1071.
Other commenters stated that the use of binning should be limited.
A community group and a software vendor stated that if the Bureau bins
data, it should ensure that the public 1071 dataset remains
sufficiently detailed to allow meaningful analysis. To demonstrate this
point, the community group asserted that the current CRA system of
combining all loans for businesses with revenue under $1 million does
not allow for analysis of small businesses within that range. The
software vendor cautioned that binning may not always be effective.
Other techniques. With respect to other modification techniques
discussed in the NPRM, a community group stated that data swapping and
targeted suppression would be appropriate as long as the modified
public 1071 dataset could satisfy the fair lending and business and
community development statutory purposes of section 1071. The Bureau
received no comments about other potential modification techniques.
Current Approach
The Bureau intends to consider modification and deletion techniques
as necessary to reduce cognizable privacy risks. The Bureau agrees with
comments that a robust public dataset will serve the statutory
objectives of section 1071.\894\ By extension, a public application-
level dataset with less detailed data or that omits certain data points
entirely would confer relatively less public benefit. These benefits
notwithstanding, in some cases modification and deletion decisions may
be appropriate to protect privacy interests. The statute empowers the
Bureau to modify or delete data, and the Bureau believes that
modifications or deletions may be appropriate in some circumstances to
reduce the cognizable privacy risks set forth above.
---------------------------------------------------------------------------
\894\ The Bureau lacks evidence to assess the comment that
published data would promote financial stability. If true, this
result would align with the Bureau's authorizing statute whose
purpose, in part, is to ``promote the financial stability of the
United States by improving accountability and transparency in the
financial system.'' Dodd-Frank Wall Street Reform and Consumer
Protection Act, Public Law 111-203, 124 Stat. 1376 (2010).
---------------------------------------------------------------------------
Modifications or deletions will not necessarily undermine the
utility of the published data or will not be futile because they will
not mitigate risks. With respect to the effectiveness of modifications
and deletion techniques, the Bureau points to the lack of reported
incidents in which an individual has been re-identified in public HMDA
data, which the Bureau modifies to reduce re-identification risk. The
Bureau concludes that targeted modification and deletion decisions can
adequately reduce privacy risks while preserving the utility of 1071
data, as is the case with HMDA data. Modifications and deletions may be
necessary, for example, in cases where unmodified application-level
data will likely lead to re-identification of small business applicants
or related natural persons. The Bureau will also consider modifications
and deletions to the public 1071 dataset when data fields, individually
or in combination with other data, pose cognizable privacy risks, as
discussed above.
After obtaining a full year of reported data and conducting a full
privacy analysis, the Bureau intends to make modification and deletion
decisions tailored for individual data points where appropriate. The
Bureau will not delete or modify data solely to align with HMDA
practice. Small business lending and mortgage lending are distinct
markets which face their own unique privacy risks, and re-
identification risk depends on the characteristics of particular data.
With respect to comments about modifying or deleting data that may
convey the gender identity or sexual orientation of applicants'
principal owners or other individuals that own or control applicants,
the Bureau views this as sensitive information that implicates
important personal privacy interests. While the Bureau is not making
modification and deletion decisions about this information prior to
conducting the full privacy analysis, it does intend to give
significant consideration to personal privacy interests. However, it
would not be feasible to make modification and deletion decisions on a
loan-by-loan basis, as one comment suggested.
Regarding feedback on specific modification techniques, the Bureau
does not intend to publish aggregate data instead of application-level
data. Aggregate datasets do not permit the detailed, application-level
analyses that best facilitate the fair lending enforcement and business
and community development purposes of section 1071. In addition, the
Bureau can adequately mitigate privacy risks through targeted
modification and deletions of individual data fields--it is not
necessary to avoid publication of all application-level data. While the
Bureau does not intend to publish aggregate data in place of an
application-level dataset, it anticipates releasing select aggregated
data before it publishes application-level data.
The Bureau sees recoding, including binning data or disclosing
intervals, as an appropriate modification technique to address privacy
risks that may be posed by public release of unmodified data. While the
Bureau is not making specific modification decisions at this time, it
intends to consider recoding data in a targeted manner that preserves
the utility of the public dataset. The Bureau also views other
modification techniques, including data swapping and targeted
suppression, as appropriate tools to address privacy risks. Finalizing
the exact tool set, however, will depend on securing a full year of
data and will be informed by continued engagement with stakeholders.
When exercising its discretion to modify or delete 1071 data, the
Bureau anticipates publishing data in a manner that reduces privacy
risks, in particular re-identification risk. If the Bureau determines
that it is necessary to modify an individual data point to address a
privacy risk, the Bureau intends to consider a range of modification
techniques, including, but not limited to, recoding, data swapping, and
[[Page 35476]]
targeted suppression. The Bureau intends to engage with stakeholders in
the future about these issues, including providing opportunities for
additional input as the Bureau considers its privacy analysis further.
6. Preliminary Privacy Assessment of Particular Data Fields
In the NPRM, the Bureau identified certain data fields that it
believed would need modification or deletion to appropriately protect
privacy interests, while taking account of disclosure benefits:
individual contact information at reporting financial institutions;
free-form text data, which occurs in a number of data fields; and the
unique identifier for each application. Beyond these specific fields,
the NPRM explained that the Bureau lacked data under section 1071 or
comparable proxies that it could use for its privacy risk assessment.
Accordingly, it did not suggest specific modifications and deletions
with respect to any other data.
In order to benefit from stakeholder engagement, however, the
Bureau did set forth some initial analysis on how it would apply the
NPRM's balancing test to the proposed data fields. With respect to each
such data field, whether individually or in combination with others,
the Bureau sought comments on: (1) whether there are additional
benefits of unmodified public disclosure in light of the purposes of
the statute; (2) whether disclosure in unmodified form would reveal
additional information that might be considered harmful or sensitive by
an applicant, related natural person, or financial institution; and (3)
whether disclosure in unmodified form would significantly contribute to
the risk that an applicant or related natural person might be re-
identified. The Bureau also sought comment on modification techniques
it could use, and whether deletion would be appropriate. Where no
specific technique was described with respect to particular data
points, the Bureau did not identify any obvious technique besides
potentially swapping, suppression, or deletion.
The Bureau received feedback on this initial analysis from a range
of commenters, including industry and community group commenters. The
Bureau has taken this feedback into consideration to refine its
analysis of the qualitative risks associated with disclosing particular
data fields in unmodified form, although, consistent with the above
analysis, the Bureau's assessment remains preliminary.\895\
---------------------------------------------------------------------------
\895\ The Bureau sought and received feedback about several data
points that it did not propose. As it is not adopting those data
points, it does not address privacy risks or modification techniques
associated with reporting them.
---------------------------------------------------------------------------
Overall, with the exceptions noted with respect to unique
identifier, free-form text, and individual contact information, for all
other finalized data points, the Bureau intends to further consider
whether modification techniques may be appropriate when it analyzes
reported data and conducts its full privacy analysis. In doing so, the
Bureau intends to take into account existing feedback, as well as
conducting ongoing engagement, about potential modifications as it
examines what modifications or deletions may be appropriate for these
fields. In addition, the Bureau is mindful of the statutory purposes of
section 1071 and will only modify or delete data to advance a privacy
interest.
i. Unique Identifier
Proposed Sec. 1002.107(a)(1) would have required financial
institutions to collect and report an alphanumeric identifier, starting
with the legal entity identifier of the financial institution, unique
within the financial institution to the specific covered application,
and which can be used to identify and retrieve the specific file or
files corresponding to the application for or extension of credit. As
discussed in the section-by-section analysis of Sec. 1002.107(a)(1),
the Bureau is finalizing this data point substantially as proposed.
In the NPRM, the Bureau stated that disclosing the unique
identifier in the 1071 data in unmodified form by itself would likely
disclose minimal, if any, information about an applicant or related
natural person that may be harmful or sensitive if such person were re-
identified, or that may be harmful or sensitive to an identified
financial institution. Section 1071 prohibits financial institutions
from including in 1071 records certain personally identifiable
information that directly identifies a natural person applicant or
someone connected with the applicant.\896\ In addition, the Bureau
proposed to prohibit financial institutions from reporting information
that would directly identify a small business. For these reasons, the
Bureau did not expect that the unique identifier would be considered
harmful or sensitive.
---------------------------------------------------------------------------
\896\ ECOA section 704B(e)(3).
---------------------------------------------------------------------------
With respect to re-identification risk, the NPRM noted that
although publicly available datasets do not presently include the
unique identifier data field, financial institution legal entity
identifiers are publicly available, and the Bureau was aware of rare
instances in which a loan number was included in UCC filings. In
addition, the Bureau noted that many jurisdictions publicly disclose
real estate transaction records in an identified form, and the Bureau
stated that many financial institutions may include loan numbers on
these publicly recorded documents.\897\
---------------------------------------------------------------------------
\897\ See 82 FR 44586, 44599 (Sept. 25, 2017); see also 84 FR
649, 660 (Jan. 31, 2019).
---------------------------------------------------------------------------
The Bureau stated that inclusion of the proposed unique identifier,
rather than application or loan numbers, would limit the possibility of
using an application or loan number to match 1071 data to those
publicly recorded documents, thus reducing risk of re-identification.
However, the Bureau acknowledged that there is a risk that, after
financial institutions begin to report data under section 1071, they
may replace the loan numbers currently assigned to small business loans
with the unique identifier and, if they do, the unique identifier could
be included on publicly recorded documents. Considering the uniqueness
of the identifiers, the Bureau reasoned that this data field on a
publicly recorded document could be used to match a 1071 record to an
identified public record directly and reliably.
In light of these potential re-identification risks, the Bureau
stated that it did not intend to publish the unique identifier data
field in unmodified form. The Bureau sought comment on whether there
are modifications to the unique identifier data field that would
appropriately balance identified privacy risks and disclosure benefits.
The Bureau stated that it was considering the feasibility of disclosing
a separate unique identifier that the Bureau could create. The Bureau
also considered deleting the data field from the public application-
level data, but sought comment on whether such deletion would create
challenges for users of the data and, if so, how the Bureau could
address those challenges other than by creating a separate unique
identifier. The Bureau sought comment on this analysis as well as its
intent not to publish the unique identifier in unmodified form.
An academic research and policy organization agreed with the
Bureau's initial analysis, noting that public HMDA data do not include
a unique identifier. Several industry commenters stated that, because
lenders are allowed to use their own internal account numbers and
therefore the unique identifier may include a loan number or account
number, the data point in combination with the financial
[[Page 35477]]
institution's name provides substantial opportunity for fraud. Because
of the privacy risks discussed above, most of these commenters
supported the Bureau's suggestion not to publish the unmodified unique
identifier field. A CDFI lender stated that the Bureau should consider
publishing a modified identifier or a separate one created by the
Bureau.
After considering these comments, the Bureau intends not to publish
the unique identifier data field in an unmodified form. Although it has
not yet conducted a full re-identification analysis for the 1071 data,
the Bureau agrees with the re-identification risks raised by
commenters. The universal loan identifier for HMDA data, which is
similar to the unique identifier, is not published because of the re-
identification risk that it poses.\898\ While HMDA publication
practices are not dispositive here, the Bureau draws upon its
experience implementing HMDA and Regulation C where appropriate, and it
does so here.
---------------------------------------------------------------------------
\898\ See 84 FR 649, 660 (Jan. 31, 2019).
---------------------------------------------------------------------------
At this time, the Bureau has not decided whether to publish public
application-level data without any unique identifier information,
disclose instead a separate unique identifier created by the Bureau for
this purpose, or employ some other modification. The Bureau will
consider what modification or deletion techniques may be appropriate
when it analyzes application-level data and conducts its full privacy
analysis.
ii. Application Date
Proposed Sec. 1002.107(a)(2) would have required financial
institutions to collect and report the date the covered application was
received by the financial institution or the date shown on a paper or
electronic application form. As discussed in the section-by-section
analysis of Sec. 1002.107(a)(2), the Bureau is finalizing this data
point with modifications such that financial institutions must collect
and report the date the covered application was received or shown on a
paper or electronic application form.
The NPRM stated that, by itself, disclosing application date in
unmodified form would likely disclose minimal, if any, information
about an applicant or related natural person that may be harmful or
sensitive if such person were re-identified, or that may be harmful or
sensitive to an identified financial institution. The Bureau noted that
an adversary such as a competitor may conceivably find it helpful to
understand when a business is seeking credit. In addition, marketers
and creditors could use this information to target products to entities
recently in the market for credit, either to deploy new funds or to
refinance out of a current loan. However, the Bureau did not believe
that disclosing the application date would otherwise disclose sensitive
information about a small business or its owner. The Bureau also
reasoned that any utility of this data field for such purposes would be
curtailed by the time to publication.
The Bureau was not able to identify publicly available datasets
that include data fields an adversary could directly match to the
application date field. However, the Bureau acknowledged that an
adversary may be able to infer a likely origination date based on
typical time lags between application, credit decision, and
origination, potentially enabling matching to other datasets that
record these later dates. The Bureau stated that, if it determined that
application date should be modified, it may consider disclosing the
application date at a higher level; for example, disclosing the month
and year but not the specific date. In light of the potential re-
identification risk arising from this data field, the Bureau sought
comment on whether there are other specific modifications it should
consider, and whether it should consider deletion outright.
Several commenters provided feedback on the Bureau's analysis. In
supporting disclosure of the application date field, a community group
stated that it would promote understanding of small business lending.
However, an academic research and policy organization asserted that
disclosure of application date would pose re-identification risk to
applicants and noted that HMDA does not disclose application date. This
commenter, along with a group of trade associations, urged the Bureau
not to publish the application date field to ensure consistency between
1071 and HMDA.
As discussed in part VIII.B.3 above, the Bureau views the
disclosure of application date as having significant benefits. This
preliminary assessment is consistent with feedback that publication of
application date would promote understanding about small business
lending. The Bureau's preliminary assessment is that the application
date field does not pose re-identification risks such that the Bureau
should modify or delete it before publication. Commenters supporting
such modification or deletion did not provide additional evidence of
re-identification risk that would alter the partial privacy analysis
described above. The Bureau also preliminarily assesses that this
unmodified data field would present limited privacy risk if re-
identification occurred.
iii. Application Method and Application Recipient
Proposed Sec. 1002.107(a)(3) would have required financial
institutions to collect and report the means by which the applicant
submitted the covered application directly or indirectly to the
financial institution. A financial institution would have reported
whether the applicant submitted the application in person, by
telephone, by mail, or online. Proposed Sec. 1002.107(a)(4) would have
required financial institutions to collect and report whether the
applicant submitted the covered application directly to the financial
institution or its affiliate, or whether the applicant submitted the
covered application directly or indirectly to the financial
institution. As discussed in the section-by-section analyses of Sec.
1002.107(a)(3) and (4), the Bureau is finalizing these data points as
proposed, with certain modifications to related commentary.
In the NPRM, the Bureau stated that disclosing application method
and whether the application was submitted directly or indirectly, in
unmodified form, would likely disclose minimal, if any, information
about an applicant or related natural person that may be harmful or
sensitive if such person were re-identified. The Bureau reasoned that
the application method is likely to be of relatively limited utility to
an adversary because it conveys little information about a natural
person or a business's financial condition. While adversaries
interested in targeted marketing could direct future marketing efforts
to a business using the same application channel, the Bureau noted that
marketing firms already possess strategic information about methods for
establishing contact. Unmodified disclosure of application method and
whether the application was submitted indirectly may reveal information
that financial institutions regard as harmful or sensitive, but the
Bureau did not believe that disclosure would permit the reverse-
engineering of a financial institution's proprietary lending models.
The Bureau was not able to identify publicly available datasets
that include data fields an adversary could directly match to the
application method or application recipient data fields. While the
Bureau's HMDA data and the Government-Sponsored Enterprises loan-level
datasets include acquisition channel information in loan-level data,
the Bureau stated that these datasets do
[[Page 35478]]
not identify applicants or related natural persons. However, the Bureau
sought comment on whether there are other identifiable application/
loan-level datasets that include this information or whether HMDA data
or the Government-Sponsored Enterprises loan-level datasets could be
matched to other identifiable datasets.
The Bureau received two comments from trade associations on this
analysis. These questioned whether publishing the application method
and application recipient fields would provide disclosure benefits
related to section 1071's statutory purposes. One stated that lenders'
methods for receiving applications are strategic business decisions and
disclosing this information will cause financial institutions to suffer
commercial harm.
As discussed above in part VIII.B.3, the Bureau views these data
fields as having significant disclosure benefits. The Bureau does not
see disclosure causing significant commercial harm to financial
institutions. Disclosure of application method and application
recipient data would not permit the reverse-engineering of proprietary
lending models. Accordingly, the Bureau preliminarily assesses that
disclosing these data fields in unmodified form would present limited
privacy risk if re-identification occurred.
iv. Credit Type
Proposed Sec. 1002.107(a)(5) would have required financial
institutions to collect and report to the Bureau certain information
about the type of credit applied for or originated. The proposal would
have required financial institutions to report three categories of
information that together constitute the type of credit. First, the
proposal would have required financial institutions to report the type
of credit product. Second, the proposal would have required financial
institutions to report the type or types of guarantees that were
obtained for an extension of credit, or that would have been obtained
if the covered credit transaction had been originated. Third, the
proposal would have required financial institutions to report the
length of the loan term, in months, if applicable. As discussed in the
section-by-section analysis of Sec. 1002.107(a)(5), the Bureau is
finalizing this data point as proposed, with revisions to the related
commentary.
The NPRM stated that data on type of credit product, type of
guarantee, and loan term could disclose information that may be harmful
or sensitive to applicants or related natural persons. It also stated
that a business's competitors could use these data fields--in
conjunction with the loan amount and pricing data fields--to draw
inferences about the business's financial condition based on whether
the business obtained credit on favorable or unfavorable terms. Type of
guarantee data could indicate heightened credit risk for the
applicant.\899\ Credit type data also could be used for targeted
marketing of products and services that may pose risks.
---------------------------------------------------------------------------
\899\ For example, the ``SBA guarantee--7(a) program'' data
field is intended for businesses that have been unsuccessfully
applying for credit or have had some other difficulty in accessing
credit.
---------------------------------------------------------------------------
The Bureau further stated that disclosure of these data fields in
unmodified form may reveal information that financial institutions
regard as harmful or sensitive, such as the types of products they
offer or the government programs in which they participate. However,
the Bureau did not expect disclosure of these data fields to permit the
reverse-engineering of proprietary lending models. Furthermore, the
Bureau stated that general information about the types of credit a
financial institution is offering is already widely available.
The Bureau was aware that certain identified datasets include
application-level information on the type of credit product, type of
guarantee, or loan term. Government lending programs, such as the SBA's
7(a) and 504 programs, publish loan-level data that indicate the term
of the loan and whether the loan is a term loan or a line of credit. In
some States, UCC filings may include some information related to the
type of collateral. In the NPRM, the Bureau stated that the existing
public availability of this information decreased the potential harm or
sensitivity of disclosing information about the type of credit product,
type of guarantee, and loan term in the 1071 data. By the same token,
however, the Bureau recognized that an adversary could use these other
datasets, combined with other fields, to match a section 1071 record to
an identified publicly available record.
If it determined that modifications were ultimately needed, the
Bureau identified a number of possible approaches. The Bureau could
disclose ``Federal guarantee'' instead of disclosing the specific
program. Similarly, the Bureau could recode loan term data into bins--
for example, using intervals of two or five years.
The Bureau received feedback from two community group commenters.
One stated that publication of credit type data would promote
understanding of small business lending. The other stated that
combining loans from different Federal government guarantee programs
into a single category for publication would not reduce the utility of
1071 data. The commenter also stated that if the Bureau recodes length
of the loan term data into bins, the Bureau should test those bins to
ensure that the recoded data are useful to users.
Based on its earlier analysis and from the comments received, the
Bureau assesses that disclosing credit type data in unmodified form may
present significant privacy risks if re-identification occurred. For
example, the Bureau believes that these data could result in non-
personal commercial privacy risks to small businesses, including
revealing sensitive financial information or facilitating problematic
targeted marketing. However, the Bureau does not identify any
compelling privacy risks to financial institutions.
v. Credit Purpose
Proposed Sec. 1002.107(a)(6) would have required financial
institutions to collect and report the purpose or purposes of the
credit applied for or originated. As discussed in the section-by-
section analysis of Sec. 1002.107(a)(6), the Bureau is finalizing this
data point with modifications.
The NPRM stated that disclosing credit purpose in unmodified form
by itself would likely disclose minimal, if any, information about an
applicant or related natural person that may be harmful or sensitive if
such person were re-identified, or that may be harmful or sensitive to
an identified financial institution. It noted that information about
credit purpose could be useful to adversaries such as a small
business's competitors, potential acquirers, or new market entrants,
since it contains information about a business's strategy and
performance, such as whether a business is expanding. Even so, this
information would generally not be detailed enough to cause competitive
harm, and its competitive value would likely be mitigated by time to
publication.
The Bureau did not identify publicly available datasets that
include data fields an adversary could directly match to the credit
purpose data fields in unmodified form in the public application-level
data with respect to an applicant or related natural person. The Bureau
stated that identified public datasets pertaining to small business
loans generally do not contain information about the purpose of the
credit. Therefore, the Bureau reasoned that an adversary would have
difficulty
[[Page 35479]]
using the credit purpose data fields to match a section 1071 record to
an identified publicly available record accurately.
The Bureau stated that disclosure of credit purpose in unmodified
form may also reveal information that financial institutions regard as
harmful or sensitive, such as information that a financial institution
offers credit that is used for certain purposes. However, the Bureau
did not identify reasons that disclosure would permit reverse-
engineering of proprietary lending models.
Several lenders and one trade association provided feedback. These
commenters generally stated that credit purpose data created privacy
risks for small business applicants. For example, one commenter stated
that if re-identification occurred, credit purpose data could reveal
confidential commercial information, such as plans for business
acquisitions or expansions. As discussed in the NPRM, the Bureau
acknowledges that credit purpose data contains information about a
business's strategy and performance. However, the Bureau does not view
this information as posing a significant risk of harm because of its
relative lack of detail and the delay between the date of action taken
on a loan and the publication of 1071 data. Commenters did not offer
evidence to the contrary. Commenters also did not offer evidence that
indicates that this data point presents significant re-identification
risks.
Accordingly, the Bureau preliminarily assesses that disclosing
credit purpose data in unmodified form would present limited privacy
risk.
vi. Amount Applied For
Proposed Sec. 1002.107(a)(7) would have required financial
institutions to collect and report to the Bureau the initial amount of
credit or the initial credit limit requested by the applicant. As
discussed in the section-by-section analysis of Sec. 1002.107(a)(7),
the Bureau is finalizing the amount applied for data point as proposed.
The NPRM stated that disclosing this data field in unmodified form
would likely disclose information about an applicant or related natural
person that may be harmful or sensitive if such person were re-
identified. Business owners might view details about the amount applied
for as sensitive, particularly where they are concerned about the risk
of being re-identified as an applicant for credit. The Bureau also
noted that were re-identification to occur, the amount applied for
could lead to targeted marketing of products or services that pose
risks because it could help lenders target small businesses that
received less credit than they requested with offers for loans at
higher rates or fees. The Bureau stated that the amount applied for is
generally not included in other publicly available data, so it would
likely not be useful to adversaries seeking to match 1071 data with
other publicly available data. However, the Bureau believed that amount
applied for would be useful to an adversary in other ways. For example,
a significant shortfall between the amount applied for and the amount
approved could be used either by an applicant's competitor or by a
consumer to infer that the business has a relatively weak financial
position. With information on whether or not a business is granted a
loan, an adversary might gain insight into the scale of a business's
objectives based on the amount applied for or approved. The Bureau also
noted that the relative scarcity of this information at present would
also increase its value to adversaries. As an additional consideration,
the Bureau saw no reason that disclosure would permit the reverse-
engineering of proprietary lending models.
The Bureau received comments from several industry commenters and a
community group. A group of trade associations stated that if a small
business applicant is re-identified, disclosing the amount applied for
could reveal information about the financial status of that small
business that could harm its prospects for credit. Several industry
commenters expressed concern that data about the amount applied for
would create privacy risks for small business applicants by revealing
confidential information, such as plans for business acquisitions or
expansions. Another commenter stated that disclosing the amount applied
for can create privacy risks for financial institutions. This commenter
noted that the amounts applicants apply for can be arbitrary and,
therefore, comparing these amounts to any amounts approved could be
misleading and not a reliable metric for whether credit demand is met.
The Bureau stated that if it determined that the amount applied for
should be modified, it may consider recoding the data into bins. For
example, the Bureau could recode the amount applied for into bins of
$25,000. In response, a community group stated that the Bureau could
recode the amount applied for into bins that use the mid-point of
$10,000 intervals. As noted by the commenter, HMDA utilizes this
technique, and, according to the commenter, it would be sufficient for
privacy purposes while producing more accurate data.
After reviewing these comments, the Bureau assesses that disclosing
this data field may create some privacy risk where small business
applicants and related natural persons face re-identification risk that
could reveal non-public commercial information, such as an application
for credit or business acquisition or expansion plans. Further, to the
extent that this data point, combined with the amount approved or
originated data point, indicates business difficulties, this could
impact the reputational interests of small businesses and their owners.
The Bureau also assesses that in some circumstances disclosing amount
applied for could disclose personal information about an applicant or
related natural person that would be harmful or sensitive if such
person were re-identified. Comments asserting privacy risks for
financial institutions, however, provided no compelling evidence of
privacy risk to alter the NPRM analysis on point.
vii. Amount Approved or Originated
Proposed Sec. 1002.107(a)(8) would have required financial
institutions to collect and report to the Bureau: (i) for an
application for a closed-end credit transaction that is approved but
not accepted, the amount approved by the financial institution; or (ii)
for a closed-end credit transaction that is originated, the amount of
credit originated; or (iii) for an application for an open-end credit
transaction that is originated or approved but not accepted, the amount
of the credit limit approved. As discussed in the section-by-section
analysis of Sec. 1002.107(8), the Bureau is finalizing the amount
approved or originated data point as proposed.
The NPRM stated that disclosing this data in unmodified form would
likely disclose information about an applicant or related natural
person that might be harmful or sensitive if such person were re-
identified, or that might be harmful or sensitive to an identified
financial institution. The Bureau stated that information about the
amount approved or originated could be useful to potential adversaries.
For example, these data fields would provide creditors some insight
into competitors' lending practices, particularly when combined with
other data points such as gross annual revenue, number of workers, time
in business, and pricing. Likewise, these data might allow creditors to
make general inferences about the relative risk appetites of their
competitors. However, the Bureau did not see any reason that disclosure
[[Page 35480]]
would permit the reverse-engineering of proprietary lending models.
The Bureau stated that it had identified publicly available
datasets that include data fields an adversary could directly match to
the amount approved or originated data fields in unmodified form.
Credit amount approved or originated is often widely available in
public datasets, such as loan-level data for the SBA 7(a) and 504
programs, as well as property records and UCC filings. The Bureau
accordingly stated that adversaries would be able to match the amount
of credit approved or originated to an existing public record. The
Bureau further stated that if it determined that the amount approved or
originated should be modified, it may consider recoding.
The Bureau received comments from several industry and community
group commenters. The community groups generally supported publishing
these data fields. Several industry commenters disagreed. Two such
commenters stated that if re-identification occurred, the amount
approved or originated could harm small business applicants by
disclosing information about business expansions or acquisitions. A
community group stated that the Bureau could recode the amount applied
for into bins that use the mid-point of $10,000 intervals. As the
commenter noted, HMDA utilizes this technique and, according to the
commenter, it would be sufficient for privacy purposes while producing
more accurate data.
After reviewing these comments, the Bureau preliminarily assesses
that disclosing amount approved or originated data in unmodified form
may present significant privacy risk if re-identification occurred. In
some circumstances disclosing amount approved or originated could
disclose personal information about an applicant or related natural
person that would be harmful or sensitive if such person were re-
identified. For example, because amount approved or originated was
found in publicly available datasets, in combination with information
about the amount applied for, this data could facilitate targeted
marketing of higher interest or predatory credit products. This
combination of data could also have reputational impacts on small
business applicants and related natural persons. The Bureau does not
see any reason, however, that this data field will create compelling
privacy risks for financial institutions.
viii. Type of Action Taken and Denial Reasons
Proposed Sec. 1002.107(a)(9) and (11) would have required
financial institutions to collect and report to the Bureau the action
taken by the financial institution on the covered application, and for
denied applications, the principal reason or reasons the financial
institution denied the covered application. As discussed in the
section-by-section analysis of Sec. 1002.107(a)(9) and (11), the
Bureau is finalizing these data points as proposed.
The NPRM stated that reasons for denial data could be harmful or
sensitive for applicants or related natural persons. However, the
Bureau did not believe disclosing the fact that credit was sought, in
and of itself, likely would be harmful or sensitive to small businesses
because credit is so widely used by small businesses. Further, the harm
or sensitivity of disclosing information that credit was originated is
mitigated by the publication of originated loan details in other
databases such as UCC filings. Additionally, the Bureau did not assess
that disclosure of action taken would permit the reverse-engineering of
proprietary lending models.
The Bureau had not identified publicly available datasets that
include data fields an adversary could directly match to these data
fields in unmodified form. At a category level, however, the Bureau
noted that these data fields could tell adversaries which records it
may be possible to match against databases that include originated
loans. The Bureau stated that most of these data fields included in
this data point are not found in publicly available records that
contain the identity of an applicant; the only data field that would be
consistently available would be for originated loans. Without such an
identified publicly available record to match with, attempting to re-
identify an applicant by matching a 1071 record using these data fields
likely would be difficult. However, the Bureau stated that adversaries
may be able to use other data fields, such as census tract, NAICS code,
and identified public information, such as business directories, to
determine the identity of an applicant or related natural person. Thus,
if applicants and related natural persons could be re-identified, an
adversary could learn information about application denials for these
businesses and use this information for a variety of purposes.
The Bureau sought comment on this analysis, specifically in light
of potential harm and sensitivity arising from the disclosure of
application denials and the reasons for denial, whether there are
specific modification techniques that should be considered, and whether
modifying these data fields by grouping or deleting these data fields
would appropriately balance the privacy risks and benefits of
disclosure, in light of the purposes of section 1071.
Community group commenters stated that the Bureau should publish
data about action taken, including whether the loan was approved or
denied or whether it was withdrawn or left incomplete. One stated their
opposition to deleting action taken categories such as ``denied,''
``incomplete,'' or ``approved but not accepted,'' stating that such
data are fundamental to the fair lending purpose of the statute.
Several stated that publishing data on denial reasons would promote
fair lending and business and community development objectives by
helping lenders and policymakers assess whether creditors are denied
credit for legitimate reasons. An industry commenter said that action
taken data may also be misleading in the context of agricultural loans
because not all creditworthy applicants are eligible for loans through
the Farm Credit System.
Other trade associations and a lender commented that disclosure of
action taken could cause commercial or competitive harms to applicants
and related natural persons. These commenters specifically noted that
data about the action taken could reveal information about a business's
financial status, or acquisition or expansion plans. Other commenters
stated that including denial reasons in 1071 data, without including
contextual information surrounding individual credit decisions, would
result in unjustified reputational or litigation harm to smaller
financial institutions, which originate a lower loan volume--possibly
resulting in more pronounced statistical aberrations that could be
erroneously interpreted as discrimination.
In response to the Bureau's request for comment about whether these
data should be modified or deleted from the public dataset, a community
group stated that the Bureau should not modify or delete these fields
because they are fundamental to the fair lending purposes of the
statute. The commenter further noted that for decades, and without
adverse consequences, HMDA has included information on whether an
application for credit was originated, approved but not accepted,
denied, withdrawn by the applicant, or incomplete. This commenter
stated that if the Bureau found it necessary to
[[Page 35481]]
modify this data field, a higher level of disclosure that included
reasons of denial by category of business and for groupings of census
tracts could achieve important fair lending and community development
objectives.
As discussed above in part VIII.B.3, the Bureau views these data
fields as having significant disclosure benefits. Commenters did not
offer compelling evidence that disclosure of action taken, in and of
itself, would reveal information about a small business applicant's
financial status or strategic plans also lacked evidentiary
support.\900\ If re-identification were to occur, however, information
about an application for credit being denied could have detrimental
impacts to applicants or related natural persons when personal credit
qualifications are used in making credit decisions, including personal
embarrassment. Likewise, re-identification could cause non-personal
commercial harm to small businesses. Accordingly, the Bureau
preliminarily assesses that disclosing these data fields in unmodified
form may present significant privacy risk if re-identification
occurred.
---------------------------------------------------------------------------
\900\ When the Bureau previously assessed whether to include
action taken and denial reasons in HMDA loan-level public data, it
concluded that modification was unnecessary 84 FR 649, 658 (Jan. 31,
2019). The Bureau articulated its decision that ``action taken and
reasons for denial'' would be disclosed without modification.
---------------------------------------------------------------------------
ix. Action Taken Date
Proposed Sec. 1002.107(a)(10) would have required financial
institutions to collect and report the date of the action taken by the
financial institution. As discussed in the section-by-section analysis
of Sec. 1002.107(10), the Bureau is finalizing this data point as
proposed.
The Bureau stated that disclosing action taken date in the 1071
data in unmodified form would likely disclose minimal, if any,
information about an applicant or related natural person that may be
harmful or sensitive if such person were re-identified, or that may be
harmful or sensitive to an identified financial institution. The NPRM
noted that publicly available datasets include data fields an adversary
could directly match to the action taken date data field in unmodified
form in the public application-level data with respect to an applicant
or related natural person. Public availability of this data depends on
the type of action taken. The approval date of originated loans is
widely available in SBA 7(a), 504, and other program loan-level records
that identify borrowers, and the date of executed agreements, which
could be closely related to the action taken date, is often available
for property records and UCC filings. For originated loans, therefore,
the action taken date would substantially facilitate matching with
publicly available datasets that identify borrowers. The Bureau also
stated that action taken date may be less useful in re-identifying
applicants of loans that were not originated because the action taken
date for such loans is rarely publicly available.
The Bureau stated that if it ultimately determined that the action
taken date should be modified for publication, it may consider
disclosing at a higher level, such as month instead of a specific date.
The Bureau sought comment on this analysis, including about whether
there are specific modifications it should consider, and whether
deletion would better balance the risks and benefits of disclosure.
In response, a group of trade associations stated that the Bureau
should not disclose the action taken date, noting that this information
is not published in HMDA data. This commenter expressed a concern that
publishing the action taken date when the same data point is deleted or
modified in HMDA public data would constitute inconsistent treatment
without adequate explanation. The Bureau disagrees that it should omit
action taken date from the public 1071 data simply to ensure
consistency between this final rule and HMDA. Commenters did not
provide additional evidence related to re-identification risk.
Commenters did not provide additional evidence related to re-
identification risk that would alter the initial assessment provided in
the NPRM. In addition, the Bureau preliminarily assesses that the
action taken date would present limited privacy risk if re-
identification occurred. This data field presents minimal, if any,
personal information about an applicant or related natural person that
would be harmful or sensitive if such person were re-identified. The
Bureau also does not believe publication of these data would result in
non-personal commercial privacy risks to small businesses being
disclosed. The Bureau also identifies no compelling privacy risks to
financial institutions.
x. Pricing Information
Proposed Sec. 1002.107(a)(12) would have required financial
institutions to collect and report to the Bureau the following
information, where applicable, regarding the pricing of a covered
credit transaction that is originated, or approved but not accepted:
(i) the interest rate; (ii) total origination charges; (iii) broker
fees; (iv) initial annual charges; (v) additional costs for merchant
cash advances or other sales-based financing; and (vi) prepayment
penalties. As discussed in the section-by-section analysis of Sec.
1002.107(a)(12), the Bureau is finalizing the pricing information data
point largely as proposed.
The NPRM stated that information about the interest rates and fees
charged in connection with credit represents basic information about
the features of a product generally and would present low risk of harm
or sensitivity. It further noted that disclosure of pricing data in
unmodified form may reveal information that some applicants or related
natural persons may regard as harmful or sensitive, such as a
reflection of their perceived credit risk. However, the Bureau also
reported that it had received feedback during the SBREFA process that
multiple factors contribute to pricing for small business credit. While
the Bureau further stated that disclosure of pricing data in unmodified
form may also reveal information that financial institutions regard as
harmful or sensitive, the NPRM did not identify evidence that
disclosure of pricing information would permit the reverse-engineering
of proprietary lending models.
The NPRM also noted that publicly available datasets include data
fields an adversary could directly match to the pricing data fields in
unmodified form. Identified data about the interest rate and fees
charged for a given loan are available from a limited number of
publicly available datasets, such as data for the SBA 7(a) and 504
programs. The Bureau further stated that, if it were to determine that
pricing data should be modified, it may consider recoding the pricing
information data fields into bins, such as interest rates bins of 0.25
percentage points or origination fee bins of $500; and it also noted
that it could consider top-coding pricing data.
The Bureau received feedback from a range of commenters. Community
groups and some others generally agreed that publishing pricing
information would serve the objectives of section 1071. These
commenters saw pricing information as necessary to monitor loan
affordability and assess lending in underserved communities. A software
vendor stated that publishing pricing information will improve
competition and pricing efficiency by allowing applicants to compare
credit costs offered by financial institutions. However, industry
commenters stated that pricing information would have limited benefits.
Two lenders stated that
[[Page 35482]]
pricing information is not meaningful because it is based on a complex
set of factors that is unique to each transaction. A trade association
stated that pricing information in small business lending would have
little benefit compared to loan pricing data in HMDA because, unlike
consumer mortgage data reported in HMDA, commercial data that would be
reported in the 1071 dataset is not standardized or uniform. Others
said that pricing information has a high risk of being misinterpreted.
Several lenders also stated that small businesses would have
privacy concerns if pricing information on their loans was made public.
Two industry commenters stated that pricing information would create
re-identification risk, particularly in smaller and rural areas.
Another stated that farm loans present risks because such credit may be
extended in small markets with few customers which could increase the
possibility of re-identification of small business applicants or
related natural persons. Several other industry commenters said that if
re-identification were to occur, the publication of pricing data
information would create competitive risks for small businesses. One
said that this risk is particularly high in smaller communities where
it is possible to use published information to reveal pricing
information about individuals. Others stated that privacy risks are
especially potent for sole proprietorships because those entities'
pricing may be largely based on owners' individual credit performance
and personal information. A group of trade associations commented that
pricing information was the most sensitive data point and it could
reveal sensitive competitive information that would place businesses at
a substantial competitive disadvantage. Regarding non-personal
commercial harms to small business applicants, some industry commenters
aid that disclosing pricing information in 1071 data would cause some
financial institutions to limit their lending to reduce reputational or
litigation risk.
Other commenters addressed the risk of harm or sensitivity to
financial institutions. Some industry commenters stated that publishing
pricing data will create competitive risks for financial institutions
by revealing pricing models for small business loans, potentially
allowing competitors to undercut pricing. Two agricultural lenders
commented that rural financial institutions in markets with few
customers face unique risks and that they may lose customers to larger
financial institutions or online lenders that have larger customer
bases and thus lower re-identification risk. Several other industry
commenters stated that publishing pricing information would carry
reputational and competitive risks for financial institutions. Some
commenters were concerned that pricing information would not capture
the full context of credit decisions, risking misconceptions about the
underlying rationale for pricing and creating illusory disparities in
credit terms. A bank trade association stated that comparing pricing
information between different types of financial institutions can be
misleading and may result in reputational harm because certain lenders
like credit unions and farm credit system lenders receive tax or
funding advantages to offer lower interest rates. Other commenters
noted the risk of reputational harm from patronage dividends in
agricultural lending not being accounted for in disclosed pricing.
Other commenters asserted that disclosure of pricing information in
1071 data could create litigation risk for financial institutions.
Several commenters said that if regulators utilize pricing information
to analyze for fair lending without taking into account all variables
that went into underwriting, incorrect analyses could result in
unwarranted allegations of discrimination. A bank said that litigation
risk based on these misconceptions may be particularly high for smaller
banks that originate fewer loans because the lower volume could result
in greater variation in pricing information.
The Bureau also sought comment on whether pricing information, if
published, should be modified, and if so, what modification or deletion
techniques would preserve the benefits of the public application-level
data. A number of lenders and trade associations stated that pricing
information should not be published at all because of privacy risks.
Other commenters suggested modifications. A trade association stated
that published pricing information should be limited to interest rates
and origination fees. This commenter also supported disclosing pricing
information in bins to protect privacy without harming data utility. In
contrast, a community group opposed recoding interest rates or
origination fees because that might mask lending disparities, thereby
hindering fair lending enforcement.
As discussed in part VIII.B.3, the Bureau views pricing information
as having significant disclosure benefits. In light of the re-
identification risks discussed above, the Bureau appreciates
commenters' concerns that if re-identification were to occur, the
disclosure of pricing information in the public application-level data
could pose significant risk to sole proprietors for whom underwriting
could be based on personal credit performance. The Bureau also
recognizes that re-identification, if it occurred, could exacerbate
privacy risks, including personal privacy risks, presented by other
data fields in the dataset. Additionally, re-identification could
create a risk of non-personal commercial harms for applicants,
particularly in small or rural communities when combined with other
data fields like census tract or NAICS code. The Bureau acknowledges
commenters' concerns about potential risk of harm or sensitivity to
financial institutions, including reputation and litigation risks
resulting from possible misinterpretations of published pricing
information. However, the Bureau does not view privacy risks to
financial institutions as compelling enough to justify exclusion of the
data field. As discussed in part VIII.B.4, by mitigating re-
identification risk, other potential risks and harms, including those
faced by financial institutions, will also be mitigated.
The Bureau preliminarily assesses that some modification techniques
may be appropriate when publishing pricing information. Potential
modifications that the Bureau could consider include binning data or
top-coding pricing data fields. However, the Bureau is mindful that
modifying pricing information too much could mask discriminatory
pricing practices, thus hindering fair lending analyses. Similarly,
such modifications could hinder identification of community development
needs and opportunities.
xi. Census Tract
Proposed Sec. 1002.107(a)(13) would have required financial
institutions to collect and report the census tract containing the
address or location where the proceeds of the credit applied for or
originated will be or would have been principally applied; or if this
information is unknown, the tract containing the address or location of
the main office or headquarters of the applicant; or if this
information is also unknown, the tract containing another address or
location associated with the applicant. In addition to reporting the
census tract, the financial institution would have been required to
indicate which one of these three types of addresses or locations the
census tract is based on. As discussed above in the section-by-section
analysis of
[[Page 35483]]
Sec. 1002.107(a)(13), the Bureau is finalizing this data point as
proposed.
The NPRM observed that the census tract itself would likely
disclose minimal, if any, information about an applicant or related
natural person that may be harmful or sensitive if such person were re-
identified, or that may be harmful or sensitive to an identified
financial institution. The Bureau acknowledged that for sole
proprietors, the main office is often a home address, but it noted that
the applicant's actual street address would not be reported to the
Bureau. The Bureau also noted that small businesses commonly make their
locations available in the normal course of business--for example, to
reach prospective customers.
The Bureau stated that if the address reflects where the proceeds
of the credit will be or would have been principally applied,
disclosing the census tract may reveal some information about an
applicant's business strategy, particularly if paired with the loan
purpose data field. For example, the Bureau stated that the data could
indicate that a small business is pursuing or was pursuing an expansion
to a particular location. However, the Bureau believed the value of
this information to a small business's competitors is likely mitigated
by the time to publication. The Bureau stated that disclosure of the
census tract in unmodified form may also reveal information that
financial institutions regard as harmful or sensitive, such as a
financial institution's trade area. However, the Bureau did not
conclude that disclosure would permit the reverse-engineering of a
financial institution's proprietary lending models.
The Bureau identified publicly available datasets that include data
fields an adversary could directly match to the census tract data field
in unmodified form in the public application-level data with respect to
an applicant or related natural person. The Bureau expected that, in
most cases, the census tract that financial institutions would report
to the Bureau would be based on the address or location of the main
office or headquarters of the applicant, either because that is where
the proceeds of the credit will be applied, or because the financial
institution does not know the location or address where the proceeds of
the credit will be applied but does know the applicant's main office or
headquarters address. The Bureau also observed that, for many small
businesses, this address or location is likely to be publicly available
from sources such as the business's website and review websites.
Information about a business's location is also likely available from
loan-level data for public loan programs as well as from private
datasets, such as from data brokers. Therefore, in many cases, the
Bureau expected that an adversary could use the census tract data
fields, combined with other fields, to match a section 1071 record to
an identified publicly available record. The Bureau also sought comment
on whether disclosing county, State, or some other geographic
identifier--rather than the census tract--would affect the benefits of
disclosure, the potential for harm or sensitivity, and the potential
for re-identification of applicants or related natural persons.
A range of commenters provided feedback on the Bureau's analysis.
Community group commenters saw the publication of this data as
important to both the fair lending and business and community
development purposes of section 1071. Some said that because there are
currently no comprehensive data on the capital access problems faced by
marginalized communities, census tract data would provide insight into
small business credit challenges at the intersection of race, sex,
ethnicity, and geography. Other community groups and a business
advocacy group expressed support for publishing census tract data,
stating that including demographic and geographic data could positively
impact the reduction of economic inequality and generally would
encourage lending to underserved markets via specific policy making.
A number of lenders, along with a trade association and a community
group, expressed concern that publication of census tract data would
pose significant re-identification risk for applicants, especially in
smaller or rural communities with low levels of lending. Other industry
commenters said that the unmodified publication of census tract data
combined with other data points, in particular NAICS code data, would
pose significant re-identification risk.
While some community groups expressly supported the unmodified
disclosure of census tract data, others suggested specific modification
techniques. One commenter suggested that the Bureau consider switching
records for similarly situated applicants between nearby census tracts
to protect the privacy of applicants in smaller geographic areas while
preserving data utility. With respect to the Bureau's suggestion to
consider disclosing a broader location category, at least one trade
association expressed support for disclosing data at the State level.
Meanwhile, a community group generally opposed disclosure limited to
the county- or State-level, arguing that it would frustrate the
purposes of section 1071. But this commenter did suggest that the
Bureau consider combining and aggregating adjacent census tracts in
rural areas with low levels of lending.
As discussed above in part VIII.B.3, the Bureau views the
disclosure of census tract as having significant benefits. Further,
disclosing census tract data on its own would present limited privacy
risk. Application-level census tract by itself would likely disclose
minimal, if any, information about an applicant or related natural
person that would be harmful or sensitive if such person were re-
identified. In addition, the Bureau does not discern evidence of
compelling privacy risks for financial institutions. However, the
Bureau appreciates the potential re-identification risks to applicants
or related natural persons posed by the combination of census tract
data and other data fields, such as NAICS code. With respect to privacy
risks raised by commenters, as discussed above, the Bureau has
identified publicly available datasets that include data fields an
adversary could directly match to certain census tract data.
Accordingly, the Bureau assesses that census tract data, combined with
other data fields such as NAICS code, could be used to match to an
identified publicly available record, particularly in rural areas,
thereby potentially re-identifying a small business applicant or its
ownership. Re-identification could in turn exacerbate privacy risks,
including harm or sensitivity risks, presented by other data fields in
the dataset.
Considering this privacy risk, the Bureau's preliminary assessment
is that some modification techniques may be appropriate. Application-
level census tract would likely disclose minimal, if any, information
about an applicant or related natural person that would be harmful or
sensitive if such person were re-identified. In addition, the Bureau
does not discern evidence of a compelling privacy risks for financial
institutions. However, the Bureau appreciates the potential re-
identification risks to applicants or related natural persons posed by
the combination of census tract data and other data fields such as
NAICS code, and recognizes that there may be significant geographic
variation in the likelihood of re-identification risk from census tract
alone. The Bureau is mindful that modifying census tract data, like
disclosing a broader location category such as county or State, while
reducing re-identification risk to applicants and related natural
persons,
[[Page 35484]]
could also reduce the utility of the 1071 dataset.
xii. Gross Annual Revenue
Proposed Sec. 1002.107(a)(14) would have required financial
institutions to collect and report to the Bureau the gross annual
revenue of the applicant for the preceding full fiscal year prior to
when the information is collected. As discussed in the section-by-
section analysis of Sec. 1002.107(a)(14), the Bureau is finalizing
this data point substantively as proposed.
The NPRM stated that disclosing gross annual revenue in unmodified
form would likely disclose information about an applicant or related
natural person that may be harmful or sensitive if such person were re-
identified. The data field could reflect the financial condition of a
small business or its ownership. The Bureau stated that competitors of
the small business, other commercial entities, creditors, researchers,
or persons with criminal intent all may have an interest in using these
data to monitor the size or performance of an applicant that may be a
rival, partner, or target of inquiry, investigation, or illegal
activity. With respect to the risk of harm or sensitivity to financial
institutions, the NPRM acknowledged that other creditors might use
gross annual revenue data to learn more about the types of small
businesses with which their competitors do business. However, the
Bureau did not identify evidence that disclosure would permit reverse-
engineering of proprietary lending models.
The Bureau also noted that publicly available datasets include data
fields an adversary could directly match to this data field in
unmodified form. This availability is not widespread. Gross annual
revenue data are available from private databases. They are also
available for New York State's women- and minority-owned business
certification program, but those data are recoded into bins. The Bureau
stated that if it determined that gross annual revenue data should be
modified, it may consider recoding this data into bins, for example in
ranges of $25,000, or top-coding the data to mask particularly high
values, thereby reducing the identifiability of application data from
small businesses with especially high gross annual revenue.
Commenters did not provide additional evidence related to re-
identification risk. However, community groups and trade associations
commented on modifying this field prior to publication. Several
community groups and a CDFI lender generally favored the Bureau
publishing unmodified gross annual revenue data to maintain its
utility. One such commenter opposed modification here, stating that
aggregation of data by revenue size would limit the usefulness of the
data to all stakeholders, including technical assistance providers who
can help small businesses apply for loans, as well as parties seeking
to identify and respond to discriminatory lending patterns. Other
community groups and a trade association expressed support for
publishing gross annual revenue data in bins to mitigate privacy risks
for applicants. These community groups stated that modified data must
still be detailed enough to permit meaningful analysis, and they
criticized the current CRA system of identifying all loans to
businesses with revenue under $1 million as not allowing for such
analysis. One commenter suggested that if the Bureau decided to modify
the gross annual revenue data field it should select the mid-point and
recode the data in bins of $10,000 increments. They also expressed
support for top-coding provided that it did not mask any significant
differences in data for larger small businesses, and suggested that the
Bureau conduct testing within the first year of data to assess whether
the modification was appropriate.
As discussed above in part VIII.B.3, the Bureau views disclosure of
gross annual revenue data as having significant disclosure benefits.
After reviewing comments, the Bureau preliminarily assesses that if re-
identification were to occur, disclosing gross annual revenue data in
unmodified form may present significant privacy risk to small business
applicants and related natural persons. The Bureau also preliminarily
assesses that modifications to this field can be made while preserving
the utility of the data for statutory purposes. The Bureau will
continue to consider feedback about potential modification techniques,
such as binning at smaller intervals and conducting testing before top-
coding.
xiii. NAICS Code
Proposed Sec. 1002.107(a)(15) would have required financial
institutions to collect and report to the Bureau a 6-digit NAICS code.
As discussed above in the section-by-section analysis of Sec.
1002.107(a)(15), the Bureau is modifying how NAICS code is reported.
Under the final rule, financial institutions must collect and report a
3-digit NAICS subsector code. Using only 3-digit NAICS subsector codes
will decrease the risk of re-identification to applicants and owners
while adhering to the purposes of section 1071.
The NPRM stated that publishing 6-digit NAICS codes in unmodified
form by itself would likely disclose minimal, if any, information about
an applicant or related natural person that may be harmful or sensitive
if such person were re-identified, or that may be harmful or sensitive
to an identified financial institution. Information about a small
business's industry is likely apparent to anyone interacting with it.
The Bureau noted that disclosure of 6-digit codes in unmodified form
may reveal information that financial institutions regard as harmful or
sensitive, such as the industries with which the financial institution
does business, but it did not discern that such disclosure would permit
reverse-engineering of proprietary lending models.
The Bureau acknowledged that 6-digit codes were likely to produce
unique instances in the data, especially if combined with unmodified
census tract data. It noted the existence of 73,057 census tracts and
1,057 6-digit NAICS codes.\901\ With over 77 million resulting
combinations, there would likely be many instances of this data forming
unique combinations. The NPRM stated that if the Bureau modified 6-
digit codes for publication, it would consider disclosing 2-, 3-, or 4-
digit codes to reduce re-identification risk while maintaining data
utility.
---------------------------------------------------------------------------
\901\ See 2010 Census Tallies; Off. of Mgmt. & Budget, North
American Industry Classification System (NAICS) Updates for 2022, 86
FR 35350, 35352 (July 2, 2021).
---------------------------------------------------------------------------
Community group commenters supported disclosing 6-digit NAICS codes
to support the fair lending purpose of the statute. Many industry
commenters expressed concern that such codes, particularly in small or
rural communities where only a limited number of businesses share
certain NAICS codes, would create significant re-identification risks.
Several commenters expressed support for modifying the 6-digit
NAICS code in the public application-level data. One commenter stated
that the NAICS code should be truncated to general categories. Several
industry commenters expressed specific support for disclosing a 2-digit
NAICS code, and another supported a 4-digit modification, stating it
would provide sufficient information while mitigating re-identification
risk.
As discussed above in part VIII.B.3, the Bureau views disclosure of
a NAICS code as having significant disclosure benefits. In addition,
the Bureau's shift to requiring collection and reporting of a 3-digit
code will significantly reduce re-identification risk while preserving
[[Page 35485]]
the utility of the dataset. This shift acknowledges privacy concerns
raised by some commenters, reducing the risk of cognizable privacy
harms.
Overall, the Bureau preliminarily assesses that published 3-digit
codes by themselves present limited privacy risk. It is unlikely that
publication of these data would disclose personal information about an
applicant or related natural person that would be harmful or sensitive
if such person were re-identified. The Bureau also does not see
evidence of non-personal commercial privacy risks to small businesses,
or of any compelling privacy risk to financial institutions. However,
the Bureau appreciates that there is a heightened risk of re-
identification when a NAICS code is combined with other data fields,
such as census tract.
xiv. Number of Workers
Proposed Sec. 1002.107(a)(16) would have required financial
institutions to collect and report to the Bureau the number of non-
owners working for the applicant. In the final rule, however, a
financial institution complies with Sec. 1002.107(a)(16) by reporting
in ranges. The Bureau is adopting this change in response to concerns
expressed by commenters about the complexity of providing an exact
number.
The NPRM stated that disclosing number of workers in unmodified
form would likely disclose minimal, if any, information about an
applicant or related natural person that would be harmful or sensitive
if such person were re-identified. Additionally, the Bureau did not see
disclosure being harmful or sensitive to financial institutions.
Financial institutions may use such data to learn more about the types
of small businesses with which their competitors do business, but the
Bureau did not see evidence that disclosure would permit reverse-
engineering of proprietary lending models.
The Bureau noted that information about the number of workers is
likely to be publicly available for many businesses. For example, State
registries of businesses may include information about a business's
number of workers, and private databases also commonly include this
information. This decreases any potential sensitivity or harm of
disclosing this data point in the application-level data, and also the
direct utility of the data to potential adversaries. However, these
data sources also mean that in some cases an adversary could use number
of workers, combined with other fields, to match an identified publicly
available record. Data on a business's number of workers could easily
produce unique combinations when combined with other data fields,
particularly for businesses with higher numbers of workers. The NPRM
further stated that the Bureau would consider modification options,
including recoding and top-coding.
Several community group commenters and a group of State banking
regulators supported unmodified disclosure of this data as important to
the fair lending purposes of section 1071. However, an industry
commenter stated that the data point was not useful for achieving any
of the statutory purposes, particularly given the difficulties in
counting seasonal and part-time employees. Several industry commenters
stated that publishing the number of workers without modification could
create privacy risks. These commenters generally asserted that the data
point should not be published because the exact number of workers could
be used to re-identify applicants and would reveal sensitive commercial
information about the applicant's competitive strategy or business
plan. Some of these commenters also expressed concern that these data
are susceptible to misinterpretation and inaccuracy, particularly for
seasonal or cyclical businesses that experience routine variations in
employee volume over the course of a calendar year. Several commenters
expressed support for modifying the public number of workers data field
by recoding the data into bins. One commenter stated that the bins
would need to be developed such that they do not obscure differences in
smaller businesses.
As discussed above in part VIII.B.3, the Bureau views disclosure of
the number of workers to have significant disclosure benefits. In
addition, the Bureau's decision to have financial institutions report
this data in ranges will reduce the risk of re-identification for
applicants or related natural persons. In turn, that lowers the risk
that applicants or related natural persons are subject to competitive
harms, such as the disclosure of their proprietary business
information. Further, although the Bureau has identified publicly
available datasets that include number of workers, these data vary over
time and are difficult to align across multiple datasets. Reporting in
ranges will also help address concerns about data inaccuracy and
variance.
The Bureau preliminarily assesses that disclosing unmodified
application-level number of workers data in ranges would present
limited privacy risk if re-identification occurred. It is unlikely that
publication of this data would disclose personal information about an
applicant or related natural person that would be harmful or sensitive
if such person were re-identified; it is also unlikely that publication
would result in non-personal commercial privacy risks to small
businesses or compelling privacy risks to financial institutions.
xv. Time in Business
Proposed Sec. 1002.107(a)(17) would have required financial
institutions to collect and report to the Bureau the time the applicant
has been in business, described in whole years, as relied on or
collected by the financial institution. As discussed in the section-by-
section analysis of Sec. 1002.107(a)(17), however, the final rule
requires a financial institution to report this data in whole years
only if it collects or otherwise obtains that information as part of
its procedures for evaluating credit applications. Otherwise, the
financial institution reports whether the applicant has been in
existence for less or more than two years. This change responds to
commenter concerns about complexity in collecting this data.
The NPRM explained that disclosing time in business in unmodified
form would likely disclose minimal, if any, information about an
applicant or related natural person that may be harmful or sensitive if
such person were re-identified, or that may be harmful or sensitive to
an identified financial institution. The Bureau did not see evidence
that disclosure would permit the reverse-engineering of proprietary
lending models. In addition, information about time in business was
likely to be publicly available for many businesses in public
registration filings and other sources, decreasing any potential harm
or sensitivity from publishing this data. The Bureau noted that these
same data sources could enable an adversary to directly match the time
in business data field in unmodified form, particularly when combined
with other fields.
The Bureau stated that if it were to modify the time in business
data field, it may consider recoding time in business into bins--for
example, using two- or five-year intervals. It would also consider top-
coding time in business at a value such as 25 years, given that larger
values are more likely to be unique. The Bureau specifically sought
comment on what intervals the Bureau should use if it were to recode
time in business into bins and what value the Bureau should use if it
were to top-code this data field.
Several community group commenters and a group of State banking
regulators supported
[[Page 35486]]
unmodified disclosure of time in business in the dataset to facilitate
the fair lending purpose of the statute. A few industry commenters
expressed concern that publication of time in business data could
create re-identification risks for small business applicants and
reputational harm for financial institutions. In particular, one
commenter agreed that time in business data could be combined with
other data points to re-identify small business applicants. With
respect to potential modification options, a trade association and a
community group expressed support for either binning or top-coding. The
community group noted, however, that a bin that ranged from two to five
years may be too long. The commenter also stated that a top-code of 25
years may be reasonable but urged the Bureau to conduct further
analysis after it received the first year's data.
As discussed in part VIII.B.3, the Bureau views disclosure of time
in business as having significant benefits. The Bureau also preliminary
assesses that the availability of this data in existing datasets
decreases potential harm or sensitivity of disclosure if re-
identification occurs, but also increases the risk of re-identification
risk. The Bureau will consider whether binning, top-coding, or other
modification techniques may be appropriate when it analyzes
application-level data and conducts its full privacy analysis.
Commenters did not explain how the disclosure of the applicant's time
in business could lead to reputational harms to financial institutions.
xvi. Business Ownership Status
Proposed Sec. 1002.107(a)(18) and (19) would have required
financial institutions to collect and report to the Bureau whether the
applicant is a minority-owned business or a women-owned business and
whether minority-owned business status or women-owned business status
is being reported based on previously collected data pursuant to
proposed Sec. 1002.107(c)(2). As discussed in the section-by-section
analysis of Sec. 1002.107(a)(18), the Bureau is finalizing these data
points with modifications. Specifically, it is finalizing proposed
Sec. 1002.107(a)(18) and (19) as final Sec. 1002.107(a)(18). In
addition to the minority-owned and women-owned business statuses, the
final rule requires financial institutions to collect and report
LGBTQI+-owned business status.
The NPRM stated that publishing demographic ownership status in
unmodified form would have likely disclosed minimal, if any,
information about an applicant or related natural person that may be
harmful or sensitive if such person were re-identified, or that may be
harmful or sensitive to an identified financial institution. While some
applicants or related natural persons may regard this information as
harmful or sensitive, the Bureau believed this information generally
would present low risk of harm or sensitivity. The Bureau also believed
that this information already may be available to the general public
and would have relatively limited utility for adversaries if an
applicant or related natural person were re-identified.
However, the Bureau noted that in many cases an adversary could
have used women-owned or minority-owned business status, in combination
with other data, to match a section 1071 record to an identified
publicly available record. The Bureau identified several sources that
could have been used for such matching. Women- and minority-ownership
is likely to be publicly available for many businesses that publicly
register or certify with the SBA or State or local authorities as
women- or minority-owned. Businesses' websites may also provide this
information, and private commercial databases also include or estimate
this information.
The Bureau did not receive any comments on this aspect of its
privacy analysis. This lack of engagement suggests that the NPRM
generally correctly assessed the privacy impacts that disclosing women-
owned and minority-owned business statuses in the data in unmodified
form would have for an applicant or related natural person if such
person were re-identified. It also suggests the Bureau generally
correctly surmised there would be minimal, if any, harms or
sensitivities to financial institutions.
However, the Bureau received comments from several industry and
individual commenters on the Bureau's request for comment in proposed
Sec. 1002.107(a)(20) about whether the Bureau should require financial
institutions to ask separate questions regarding the sex, sexual
orientation, and gender identity, of principal owners. As discussed
below in part VIII.B.6.xvii, a few commenters urged the Bureau to not
collect or publish data on sexual orientation and gender identity of
principal owners. The commenters noted the significant risk of harm to
small business applicants and related natural persons, due to the
particularly sensitive nature of this information if re-identification
occurred.
The Bureau acknowledges that an individual's LGBTQI+ status likely
is sensitive personal information that could pose personal privacy
risks as well as non-personal commercial privacy risks. If re-
identification occurred, its disclosure could pose risks to privacy
interests of small business owners. Accordingly, while the Bureau views
disclosure of business ownership status as having significant
disclosure benefits, the Bureau preliminarily assesses that disclosing
this data may present significant privacy risks if re-identification
occurred. That is particularly so as to LGBTQI+-owned business status;
in contrast, women-owned and minority-owned business status information
would present relatively limited privacy risk. The Bureau does not see
evidence that LGBTQI+-owned status poses compelling privacy risks to
financial institutions.
xvii. Number and Demographic Status of Principal Owners
Proposed Sec. 1002.107(a)(20) would have required a financial
institution to collect and report to the Bureau the ethnicity, race,
and sex of the applicant's principal owners; whether ethnicity and race
were being collected by the financial institution on the basis of
visual observation and/or surname analysis; and whether ethnicity,
race, or sex were being reported based on previously collected data
pursuant to proposed Sec. 1002.107(c)(2). Proposed Sec.
1002.107(a)(21) would have required that financial institutions collect
and report to the Bureau the number of an applicant's principal owners.
As discussed in the section-by-section analyses of Sec.
1002.107(a)(19) and (20), the Bureau is finalizing the ethnicity, race,
and sex of principal owners and number of principal owners data points
with several modifications, including renumbering the sections,
changing how financial institutions are required to inquire about the
principal owners sex, and removing the requirement that a financial
institution report whether the ethnicity and race of an applicant's
principal owners was collected on the basis of visual observation and/
or surname analysis.
The NPRM stated that, in general, disclosing the ethnicity, race,
and sex of an applicant's principal owners in unmodified form would
likely have disclosed minimal, if any, information about an applicant
or related individual that may be harmful or sensitive if such person
were re-identified, or that may be harmful or sensitive to an
identified financial institution. As noted similarly above for the data
fields on women-owned and minority-owned business statuses, while some
applicants or
[[Page 35487]]
related natural persons may regard this information as harmful or
sensitive, this information generally would present low risk of harm or
sensitivity. The Bureau also noted that this information may be already
available to the general public, and that this information would have
relatively limited utility for adversaries if an applicant or related
natural person were re-identified.
The Bureau identified publicly available datasets that include data
fields an adversary could directly match to the ethnicity, race, and
sex of the applicant's principal owner(s) data fields in unmodified
form. For example, certain State business registries, including those
required to access women-owned and minority-owned business programs,
provide this information. Other public record databases, such as the
SBA's 8(a) program and the Paycheck Protection Program, also include
ethnicity, race, and sex data alongside the borrower's name. In many
cases, therefore, the Bureau stated that an adversary could use the
ethnicity, race, and sex of the applicant's principal owners, combined
with other fields, to directly or indirectly match a section 1071
record to an identified publicly available record.
As discussed in the section-by-section analysis of Sec.
1002.107(a)(19), the Bureau proposed that financial institutions would
report sex as described in proposed comment 107(a)(20)-8, which would
have permitted an applicant to self-describe a principal owner's sex by
selecting the ``I prefer to self-describe'' response option on a paper
or electronic form or by providing additional information for an oral
application, with the financial institution reporting the response
using free-form text. In the NPRM, the Bureau stated intention to
exclude free-form text from public application-level data. However, the
Bureau sought comment on whether there were additional specific
modifications it should consider with regard to applicants who choose
to self-describe their principal owners' sex. The Bureau also sought
comment on whether, if finalized, disclosure of sex, sexual
orientation, or gender identity could cause heightened sensitivity or
risk of harm and any specific modifications the Bureau should consider
if such data points were included in the final rule.
Many community group and minority business advocacy group
commenters supported disaggregated disclosure of ethnicity, race, and
sex of principal owners, and underscored its significance in achieving
the fair lending purpose of section 1071. Some of these commenters
stated that publication of disaggregated data would facilitate
development of policy solutions for issues of financial inequality as
it relates to ethnicity, race, and sex. A few trade associations
expressed concerns about publishing information collected on the basis
of visual observation or surname.
Some industry commenters expressed concerns that ethnicity, race,
and sex data would create significant privacy risks for small business
applicants, particularly in smaller or rural communities. Other
industry and individual commenters cautioned the Bureau against
collecting and publishing the sexual orientation and gender identity of
principal owners. Specifically, these commenters noted the significant
risk of harm to small business applicants, due to the particularly
sensitive personal nature of this information if re-identification
occurred.
Some trade associations noted concerns that publishing ethnicity,
race, and sex information, particularly where collected based on visual
observation or surname, will present the risk of harm to financial
institutions. Two such commenters asserted that financial institutions
faced the potential for reputational or litigation risks if the
ethnicity, race, or sex data are published because of potential
conflicts with State or Federal privacy laws. One commenter stated that
asking for this information without proper privacy precautions may
expose the financial institution to legal risk under certain State
privacy laws, such as the California Consumer Protection Act, that
protect against disclosure of ethnicity and race information. Two
others noted that State privacy laws may conflict with the requirement
to obtain ethnicity and race data based on visual observation. These
commenters also stated that the perceived intrusiveness from the
acquisition of these data and the knowledge that it would become public
could cause competitive and reputational harm to financial institutions
as institutions that do not protect their customers' privacy. For
example, one commenter asserted that visual observation collection may
reduce trust in the financial institution and increase the applicant's
apprehension regarding their privacy. As to whether the Bureau should
publish the unmodified, applicant-level data on the number of principal
owners, several industry commenters opposed the publication of these
data, should it be finalized. The commenters stated that publication of
the number of principal owners could facilitate re-identification,
particularly in small or rural areas.
As discussed above in part VIII.B.3, the Bureau views disclosure of
these data to have significant benefits. Commenters did not provide
additional evidence related to re-identification risk that would alter
the NPRM's partial privacy analysis. The current availability of these
data in existing databases likely limits the risk of harm or
sensitivity, although it may amplify re-identification risk. Comments
that the disclosure of ethnicity, race, and sex data present a risk of
reputational or litigation harm to financial institutions because it
may be based on visual observation or surname are moot because no
visual observation requirement is in the final rule. Commenters did not
explain with sufficient detail how the final rule will increase a
financial institution's litigation risks due to conflicts with State or
Federal privacy laws. To the extent that asking for an applicant's
principal owners' ethnicity, race, or sex must be done with proper
privacy protocols in place, it seems likely that a financial
institution could comply with both this final rule and other privacy
requirements.
Accordingly, the Bureau preliminarily assesses that disclosure in
unmodified form may increase re-identification risk and presents
significant risk of harm or sensitivity if re-identification occurred.
The possibility of significant privacy risk primarily results from the
fact that sex data will be reported as free-form text, which as
discussed in part VIII.B.6.xix below, the Bureau preliminarily assesses
it will include, in some form, in the public data. The disclosure of
information about the ethnicity and race of principal owners generally
will present lesser risk. The Bureau does not discern evidence of
compelling privacy risks to financial institutions.
xviii. Financial Institution Identifying Information
Proposed Sec. 1002.109(b) would have required a financial
institution to provide the Bureau with certain information with its
submission of its small business lending application register: (1) its
name; (2) its headquarters address; (3) the name and business contact
information of a person who may be contacted with questions about the
financial institution's submission; (4) its Federal prudential
regulator, if applicable; (5) its Federal Taxpayer Identification
Number; (6) its LEI; (7) its RSSD ID, if applicable; (8) parent and
top-parent entity information, if applicable; (9) the type of
[[Page 35488]]
financial institution that it is, indicated by selecting the
appropriate type or types of institution from the list provided or
entering free-form text; \902\ and (10) whether the financial
institution is voluntarily reporting covered applications for covered
credit transactions. As discussed above in the section-by-section
analysis of Sec. 1002.109(b), the Bureau is generally finalizing this
data point as proposed, with certain modifications.
---------------------------------------------------------------------------
\902\ Part VIII.B.6.xix further discusses the disclosure of
free-form text field information.
---------------------------------------------------------------------------
Regulation C requires financial institutions to report similar
information when submitting their loan-level HMDA data. Regulation C
also requires financial institutions to report the calendar year of
submission and the total number of entries in their loan-level HMDA
data. Regulation C does not require financial institutions to submit
their headquarters address, RSSD ID, or financial institution type or
indicate whether they are reporting data voluntarily. With the
exception of contact information for a person who can be reached about
the financial institution's submission, the information financial
institutions are required to submit with their HMDA submissions under
Sec. 1003.5(a)(3) is publicly available through the FFIEC website.
Financial institution identifying information other than individual
contact information. In the NPRM, the Bureau stated its intention to
disclose the financial institution identifying information data fields
in unmodified form, other than the name and business contact
information of a person who may be contacted with questions about the
submission. The Bureau stated that disclosing financial institution
identifying information in the 1071 data in unmodified form would
likely disclose minimal, if any, information about an applicant or
related natural person that may be harmful or sensitive if such person
were re-identified. While some businesses might view their
identification as an applicant as harmful or sensitive, revealing the
name of the financial institution would not significantly increase such
risks. In addition, the Bureau reasoned that this information is
already largely available from other identified public records, such as
UCC filings. For the same reason, revealing the name of the financial
institution would not significantly increase risk of fraud or identity
theft. The Bureau stated that disclosing financial institution
identifying information in the data in unmodified form would not, by
itself, reveal information that is harmful or sensitive, given
financial institutions' commercial interests. Additionally, other
public records, such as public HMDA data, tax records, and commercial
databases disclose Federal Taxpayer Identification number, RSSD ID, and
LEI.\903\ Disclosing financial institution identifying information in
unmodified form may reveal information that financial institutions
regard as harmful or sensitive, but the Bureau did not discern evidence
that it would permit reverse-engineering of proprietary lending models.
The Bureau acknowledged, however, that this information could, in some
circumstances, lead to reputational risks and increased costs for
financial institutions, which might be passed on to their customers in
the form of increased costs or decreased access to credit.
---------------------------------------------------------------------------
\903\ The FFIEC publishes transmittal sheet information,
including LEI and Federal Taxpayer Identification number, on its
website. Fed. Fin. Insts. Examination Council, Public Transmittal
Sheet--Schema, https://ffiec.cfpb.gov/documentation/2020/public-ts-schema/ (last visited Mar. 20, 2023).
---------------------------------------------------------------------------
The NPRM noted that the Bureau had received feedback that
publishing financial institution identifying information could increase
re-identification risk of applicants and related natural persons. This
included feedback that customers of captive wholesale finance companies
with applicant bases limited to franchises or licensees of a particular
distributor or manufacturer would face unique re-identification risks
because, in many instances, these applicants may be the financial
institution's only customer in a particular State, or one of only a
very small number of customers in the State, heightening the privacy
concerns for publication of data tied to these financial institutions.
The NPRM also noted that the Bureau had identified publicly available
datasets that include data fields an adversary could directly match to
financial institution identifying information data fields in unmodified
form. Therefore, in many cases, the Bureau reasoned that an adversary
could use identifying financial institution data fields, combined with
other section 1071 data fields, to match a section 1071 record to an
identified public record.
With respect to concerns about wholesale finance companies, the
Bureau acknowledged that financial institution identifying information
in unmodified form in the public application-level data could, in
combination with other data fields like census tract, NAICS codes, and
credit type or purpose, facilitate re-identification of applicants that
have a common name, without requiring that adversaries match 1071
records to other identified datasets. Under proposed Sec. 1002.104(b),
which the Bureau has finalized, trade credit and other transactions
would be excluded from the scope of covered credit transactions. The
Bureau indicated that this might eliminate some transactions involving
such lenders. The Bureau sought comment on the circumstances under
which a transaction involving a captive wholesale finance company would
be covered by the proposal notwithstanding the exemption. To the extent
there are such transactions, the Bureau also sought comment on the
instances in which captive wholesale finance companies lend exclusively
to businesses that are publicly branded in a way that can be easily
matched to the identity of the financial institution. The Bureau sought
comment on whether a final rule could include certain categories of
financial institution types that would allow the Bureau to easily
identify such financial institutions in the unmodified 1071 dataset
without an application-level analysis. Finally, the Bureau sought
comment on whether there are particular modification techniques that
would reduce re-identification risks and risks of harm or sensitivity
for applicants and related natural persons who might be re-identified
in the public application-level data.
In the NPRM, the Bureau stated its intention to publish financial
institution identifying information, other than individual contact
information, as reported and without modification. The Bureau stated
that risks to privacy interests from the disclosure of this data in
unmodified form would be justified by the benefits of disclosure for
section 1071's purposes. While the Bureau did not conduct a uniqueness
analysis, it stated that disclosure of financial institution
identifying information would very likely substantially facilitate the
re-identification of applicants or related natural persons. If such
persons were re-identified, the Bureau stated that disclosure of other
data fields would likely create a risk of harm or sensitivity. In
addition, the Bureau stated that the disclosure of other proposed data
fields in combination with a financial institution name likely would
reveal information that may be harmful or sensitive to financial
institutions. The Bureau nonetheless stated that these risks to privacy
would be justified by the benefits of disclosure in light of section
1071's purposes.
[[Page 35489]]
The Bureau sought comment on this analysis and its stated intention
to disclose these fields without modification in the public
application-level data. The Bureau received feedback on this proposed
analysis from trade association and community group commenters. Two
community group commenters generally supported the Bureau's proposal to
disclose unmodified financial institution identifying information,
other than individual contact information. A trade association opposed
the proposal. This commenter urged the Bureau to withhold all financial
institution identifying information data fields because, whether or not
it is available elsewhere, this information would create privacy risks
for financial institutions, including risks involving identity theft
and data security. With respect to the Bureau's request for comment
about whether these proposed data fields would pose risks to captive
wholesale companies and their customers, this commenter urged the
Bureau to provide additional protections for this market segment to
mitigate re-identification risk.
The Bureau acknowledges that publication of financial institution
identifying information may reveal information that may be harmful or
sensitive to financial institutions, leading to reputational risks and
increased costs. However, feedback received by the Bureau does not
explain how these data would pose previously unconsidered identity
theft or data security risks. Separately, the Bureau acknowledges
feedback that the proposed data fields may pose special risks to
captive wholesale companies and their customers. It intends to consider
what additional modifications or deletions may be appropriate to
protect the privacy interests of these entities.
As explained in the NPRM, this data point could potentially
increase re-identification risk and commenters did not provide
additional evidence related to re-identification risk that would alter
the partial privacy analysis described above. However, the Bureau
preliminarily assesses that disclosing the financial institution
identifying information data fields in unmodified form, other than data
fields containing the information for the financial institution's point
of contact, would present limited risk of harm or sensitivity if re-
identification occurred. The Bureau believes that it is unlikely that
publication of this data would disclose personal information about an
applicant or related natural person that would be harmful or sensitive
if such person were re-identified. The Bureau does not believe this
data will result in significant non-personal commercial risks to small
businesses. The disclosure of this data field does not pose compelling
privacy risks to financial institutions. The Bureau will continue to
give consideration to the scenario involving captive wholesale
companies and their customers as it conducts its full privacy analysis.
Individual contact information. Proposed Sec. 1002.109(b)(1)(iii)
would have required financial institutions to report the name and
business contact information of a person who may be contacted with
questions about the financial institution's submission. As discussed
above in the section-by-section analysis of Sec. 1002.109(b)(1)(iii),
the Bureau is finalizing this data point largely as proposed, but with
certain modifications. In contrast to the other financial institution
identifying information described above, in the NPRM the Bureau stated
its intention to delete this data field from the publicly available
data.
The Bureau stated that disclosing individual contact information in
the data in unmodified form would likely not disclose any information
about an applicant or related natural person if such person were re-
identified. However, the Bureau stated that disclosing the name and
contact information of natural persons designated by the financial
institution would disclose information that may be harmful or sensitive
to the identified financial institutions and their employees. Financial
institutions have a legitimate interest in protecting the identities of
their employees from the public, consistent with their job functions,
and persons identified for purposes of questions about the financial
institution's submission to the Bureau might not necessarily be
responsible for engaging with the general public.
The Bureau considered whether modification other than by excluding
individual contact information would appropriately balance identified
privacy risks and disclosure benefits. Because disclosure of this data
field in unmodified form would not promote the purposes of section 1071
and would likely reveal information that would be harmful or sensitive
to a financial institution and its employees, the Bureau did not
identify any such alternative. Accordingly, the Bureau stated that
deleting individual contact information would appropriately balance the
privacy risks and disclosure benefits of this data field.
The Bureau received feedback from one trade association commenter,
which supported the Bureau's analysis. The Bureau accordingly
determines that the publication of the name and business contact
information of a person who may be contacted by the Bureau or other
regulators with questions about the financial institution's submission
has minimal, if any, disclosure benefits. Moreover, the Bureau
concludes that the publication of this information presents significant
privacy risks because it may be harmful or sensitive to identified
financial institutions and their employees. Accordingly, the Bureau is
announcing its intention not to publish the name and business contact
information of a person who may be contacted by the Bureau or other
regulators with questions about the financial institution's submission.
xix. Free-Form Text
The Bureau proposed to require financial institutions to use free-
form text to report certain data where they are reporting information
that is not included in a list provided for the data fields. Under
proposed Sec. 1002.107(a)(5), (6), (11), (12), and (20), free-form
text could be used in reporting credit type (product and guarantee
information); credit purpose; denial reasons; pricing (the interest
rate index used); and principal owners' ethnicity, race, and sex.\904\
Financial institutions also would have had flexibility in describing
certain identifying information provided under proposed Sec.
1002.109(b). Free-form text used to report principal owners' ethnicity,
race, and sex would have been completed based on information provided
by applicants; all other free-form text would have been completed by
the financial institution. As discussed above in the section-by-section
analyses for particular data points within Sec. 1002.107(a), the
Bureau is finalizing these data points with certain modifications. The
free-form text aspect of Sec. 1002.109(b) is being finalized as
proposed.
---------------------------------------------------------------------------
\904\ Proposed Sec. 1002.107(a)(20) is being finalized as Sec.
1002.107(a)(19).
---------------------------------------------------------------------------
The Bureau explained that use of free-form text would allow the
reporting of any information, including information that may be harmful
or sensitive to applicants, related natural persons, and possibly the
interests of financial institutions. The Bureau stated that such
information might also create a significant risk of re-identification
for applicants or related natural persons. Given the amount of data
expected to be reported each year, the Bureau stated that it would not
be feasible for it to
[[Page 35490]]
review free-form text before publishing the application-level data.
Under the balancing test described in the NPRM, therefore, the Bureau
initially assessed that deleting free-form text from the public
application-level data (other than with respect to the financial
institution identifying information described in part VIII.B.6.xviii
above) would appropriately balance the benefits of disclosure with the
risks to the privacy interests of applicants, related natural persons,
and financial institutions.
Several industry commenters generally supported deleting free-form
text from the public application-level data. A bank noted that public
the HMDA data do not include free-form text fields. A group of trade
associations stated that deleting this information would appropriately
balance privacy risks and disclosure benefits. In contrast, a CDFI
lender urged the Bureau to publish free-form text fields arguing that
such fields would include important information. This commenter
suggested that the Bureau could adequately mitigate the risk that the
free-form text would contain sensitive or harmful information by
including a disclaimer on the data collection form that free-form text
may be published.
The Bureau reiterates that HMDA publication practices do not
dictate decisions in this rule and that consistency between public
section 1071 data and public HMDA data may not be appropriate in every
instance. As an additional matter, the Bureau believes that a general
disclaimer that free-form text may be published would not adequately
mitigate those privacy risks. Among other considerations, because
financial institutions will supply the content of most free-form text
fields, applicants and related natural persons have no direct control
over what information appears in those fields. Therefore, a disclaimer
would provide applicants or related natural persons limited ability to
mitigate their privacy risks.
The Bureau agrees that certain free-form text fields may contain
information that has some disclosure benefits. In particular, free-form
text for the ethnicity, race, and sex data may contain information that
is important to the statutory purposes of section 1071. As discussed in
the section-by-section analysis of Sec. 1002.107(a)(19), the Bureau is
finalizing a requirement whereby applicants will indicate principal
owners' sex via a write-in option. While the Bureau cannot feasibly
review for privacy risks all free-form text fields supplied by all
financial institutions reporting data, the Bureau expects to review the
free-form text provided by applicants regarding principal owners' sex.
The Bureau anticipates that this free-form text will permit
identification of certain response categories appropriate for
publication, based on the Bureau's assessment of privacy risks.
Similarly, the Bureau may be able to review ethnicity and race free-
form text, where it is provided, to discern response categories that
may be appropriate for publication.
The Bureau recognizes, however, that free-form text fields may
present significant privacy risks if re-identification occurred. Such
privacy risks would not be mitigated in the absence of pre-publication
review. Accordingly, the Bureau is announcing its intention to delete
free-form text from the public application-level data, other than with
respect to ethnicity, race, and sex of principal owners described in
part VIII.B.6.xvii and the financial institution identifying
information described in part VIII.B.6.xviii. The Bureau will continue
to consider whether modification techniques may be appropriate for the
data fields for ethnicity, race, and sex of principal owners and
certain financial institution identifying information.
IX. Dodd-Frank Act Section 1022(b)(2) Analysis
The Bureau has considered the potential benefits, costs, and
impacts of the final rule. The Bureau requested comment on the
preliminary discussion presented below, as well as submissions of
additional data that could inform the Bureau's consideration of the
benefits, costs, and impacts of the proposed rule. In developing the
rule, the Bureau has consulted or offered to consult with the
prudential regulators (the Board of Governors of the Federal Reserve
System, the Federal Deposit Insurance Corporation, the National Credit
Union Administration, and the Office of the Comptroller of the
Currency), the Department of Agriculture, the Department of Housing and
Urban Development, the Department of Justice, the Department of the
Treasury, the Economic Development Administration, the Farm Credit
Administration, the Federal Trade Commission, the Financial Crimes
Enforcement Network, and the Small Business Administration regarding,
among other things, consistency with any prudential, market, or
systemic objectives administered by such agencies.
In the Dodd-Frank Act, which was enacted ``[t]o promote the
financial stability of the United States by improving accountability
and transparency in the financial system,'' Congress directed the
Bureau to adopt regulations governing the collection of small business
lending data. Under section 1071 of that Act, covered financial
institutions must compile, maintain, and submit certain specified data
points regarding applications for credit for women-owned, minority-
owned, and small businesses, along with ``any additional data that the
Bureau determines would aid in fulfilling the purposes of [section
1071].'' Under the final rule, covered financial institutions are
required to collect and report the following data points: (1) a unique
identifier, (2) application date, (3) application method, (4)
application recipient, (5) credit type, (6) credit purpose, (7) amount
applied for, (8) amount approved or originated, (9) action taken, (10)
action taken date, (11) denial reasons, (12) pricing information, (13)
census tract, (14) gross annual revenue, (15) NAICS code, (16) number
of workers, (17) time in business, (18) minority-owned business status,
women-owned business status, and LGBTQI+-owned business status, (19)
ethnicity, race, and sex of principal owners, and (20) the number of
principal owners.
Under the final rule, financial institutions will be required to
report data on small business credit applications under section 1071 if
they originated at least 100 covered credit transactions in each of the
two preceding calendar years. The Bureau is defining an application as
an oral or written request for a covered credit transaction that is
made in accordance with the procedures used by a financial institution
for the type of credit requested, with some exceptions. Loans, lines of
credit, credit cards, and merchant cash advances (including such credit
transactions for agricultural purposes) all fall within the
transactional scope of this final rule. The Bureau is excluding trade
credit, transactions that are reportable under the Home Mortgage
Disclosure Act of 1975 (HMDA),\905\ insurance premium financing, public
utilities credit, securities credit, and incidental credit. Factoring,
leases, and consumer-designated credit that is used for business or
agricultural purposes are also not covered credit transactions. In
addition, the Bureau has made clear that purchases of originated
covered credit transactions are not reportable. For purposes of the
final rule, a business is a small business if its gross annual revenue
for its preceding fiscal year is $5 million or less.
---------------------------------------------------------------------------
\905\ 12 U.S.C. 2801 et seq.
---------------------------------------------------------------------------
[[Page 35491]]
A. Statement of Need
Congress directed the Bureau to adopt regulations governing the
collection of small business lending data. Specifically, section 1071
of the Dodd-Frank Act amended ECOA to require financial institutions to
compile, maintain, and submit to the Bureau certain data on
applications for credit for women-owned, minority-owned, and small
businesses. Congress enacted section 1071 for the purpose of
facilitating enforcement of fair lending laws and enabling communities,
governmental entities, and creditors to identify business and community
development needs and opportunities of women-owned, minority-owned, and
small businesses. The Bureau is issuing this final rule to implement
the section 1071 mandate.
Small businesses play a key role in fostering community development
and fueling economic growth both nationally and in their local
communities.\906\ However, comprehensive data on loans to small
businesses currently are limited. The largest sources of information on
lending by depository institutions (i.e., banks, savings associations,
and credit unions) are the FFIEC and NCUA Call Reports and reporting
under the CRA. Under the FFIEC Call Report and CRA reporting
requirements, small loans to businesses of any size are used in whole
or in part as a proxy for loans to small businesses. The FFIEC Call
Report captures banks' and savings associations' total outstanding
number and amount of small loans to businesses (that is, loans
originated under $1 million to businesses of any size; small loans to
farms are those originated under $500,000) by institution.\907\ The CRA
currently requires banks and savings associations with assets over a
specified threshold ($1.384 billion as of 2022) \908\ to report data on
loans to businesses with origination amounts of $1 million or less;
reporters are asked to indicate whether the borrower's gross annual
revenue is $1 million or less, if they have that information.\909\
Under the CRA, banks and savings associations currently report
aggregate numbers and values of originations at an institution level
and at various geographic levels. The NCUA Call Report captures credit
unions' total originations, but not applications, on all loans over
$50,000 to members for commercial purposes, regardless of any indicator
about the business's size.\910\ Some federally-funded loan programs,
such as the SBA's 7(a) or 504 programs and the CDFI Fund require
reporting of loan-level data, but only for loans that received support
under those programs. Nondepository institutions do not report small
business lending applications under any of these reporting regimes.
There are no similar sources of information about lending to small
businesses by nondepository institutions.
---------------------------------------------------------------------------
\906\ See generally White Paper.
\907\ See FFIEC Call Report at Schedule RC-C Part II.
\908\ See Fed. Fin. Insts. Examination Council, Explanation of
the Community Reinvestment Act Asset-Size Threshold Change (2022),
https://www.ffiec.gov/cra/pdf/2022_Asset_Size_Threshold.pdf.
\909\ See 2015 FFIEC CRA Guide at 11, 13. Small business loans
are defined for CRA purposes as loans whose original amounts are $1
million or less and that were reported on the institution's Call
Report or Thrift Financial Report (TFR) as either ``Loans secured by
nonfarm or nonresidential real estate'' or ``Commercial and
industrial loans.'' Small farm loans are defined for CRA purposes as
loans whose origination amounts are $500,000 or less and were
reported as either ``Loans to finance agricultural production and
other loans to farmers'' or ``Loans secured by farmland.''
\910\ See Nat'l Credit Union Admin., Call Report Form 5300 (June
2020), https://www.ncua.gov/files/publications/regulations/form-5300-june-2020.pdf.
---------------------------------------------------------------------------
There are also a variety of non-governmental data sources, issued
by both private and nonprofit entities, that cover small businesses
and/or the small business financing market. These include datasets and
surveys published by commercial data and analytics firms, credit
reporting agencies, trade associations, community groups, and academic
institutions. See part II.B for additional information on these
sources. While these non-public sources of data on small businesses may
provide a useful supplement to existing Federal sources of small
business lending data, these private and nonprofit sources often do not
have lending information, may rely on unverified research based on
public internet sources, and/or narrowly limit use cases for parties
accessing data. Further, commercial datasets are generally not free to
public users and can be costly, raising equity issues for stakeholders
who cannot afford access.
Under the final rule, covered financial institutions are required
to compile, maintain, and submit data regarding the ethnicity, race,
and sex of the principal owners of the business and whether the
business is women-owned, minority-owned, or LGBTQI+-owned. No other
source of data comprehensively collects this type of protected
demographic information on small business loan applications.
Section 1071 requires financial institutions to report detailed
application-level data to the Bureau, and for the Bureau to generally
make it available to the public on an annual basis (subject to any
deletions or modifications that the Bureau determines would advance a
privacy interest). Such information will constitute a public good that
illuminates the lending activities of financial institutions and the
small business lending market in general. In particular, the public
provision of application-level data, subject to any deletions or
modifications that the Bureau determines would appropriately protect
privacy interests, will: (1) provide communities, governmental
entities, and financial institutions additional information to help
identify business and community development needs and opportunities of
small businesses and (2) allow members of the public, public officials,
and other stakeholders to better assess compliance with
antidiscrimination statutes.
First, the data made public pursuant to the final rule and the
Bureau's subsequent privacy analysis will provide information that
could help to improve credit outcomes in the small business lending
market, furthering the community development purpose of the rule. As
discussed above, market-wide data on small business credit transactions
are currently limited. Neither the public nor private sectors provide
extensive data on credit products or terms. Small business owners have
access to very little information on typical rates or products offered
by different lenders. As a result of the data that will be made public
pursuant to the final rule and subject to modification and deletion
decisions by the Bureau, community development groups and commercial
services will be able to provide better information to small
businesses. For example, a commercial provider could provide small
businesses with information on what products lenders typically offer
and at what rates. These data will allow small business owners to more
easily compare credit terms and evaluate credit alternatives; without
these data, small business owners are limited in their ability to shop
for the credit product that best suits their needs at the best price.
By engaging in more informed shopping, small business owners may
achieve better credit outcomes.
Furthermore, communities will use data to identify gaps in access
to credit and capital for small businesses. Financial institutions can
analyze data to understand small business lending market conditions and
determine how best to provide credit to borrowers. Currently, financial
institutions are not able to conduct very granular or
[[Page 35492]]
comprehensive analyses because the data on small business lending are
limited. The data made public pursuant to the final rule and subsequent
privacy analysis will allow financial institutions to better understand
the demand for small business credit products and the conditions under
which they are being supplied by other covered financial institutions.
The data will help enable institutions to identify potentially
profitable opportunities to extend credit. They will additionally allow
governmental entities to better develop targeted lending programs, loan
funds, small business incubators, and other community-driven
initiatives. Small business owners, as a result, could benefit from
increased credit availability.
Second, while data made public pursuant to the final rule and
subsequent privacy analysis may not constitute conclusive evidence of
credit discrimination on its own, the data will enable members of the
public, regulators, and other stakeholders to better identify lending
patterns consistent with noncompliance with antidiscrimination
statutes. As described above, there are currently no application-level
data comprehensive enough or that contain the demographic information
required by the final rule to enable the public to conduct these kinds
of analyses. The data made public pursuant to the final rule and
subsequent privacy analysis will be comprehensive and contain the
necessary data fields for such analysis. Users will be able to examine
whether, for example, a lender denies applications from women-owned,
minority-owned, or LGBTQI+-owned businesses at higher rates than those
that are not or whether these businesses are charged higher prices.
This kind of transparency can place appropriate pressure on covered
financial institutions to ensure that their credit lending practices
comply with relevant laws. Additionally, data collected under the final
rule will contain the data fields that allow users to conduct more
accurate fair lending analyses by comparing applications for credit
products with similar characteristics.
B. Baseline for the Consideration of Costs and Benefits
In evaluating the benefits, costs, and impacts of the final rule,
the Bureau takes as a baseline the current legal framework governing
financial markets, i.e., the current state of the world before the
Bureau's rule implementing section 1071. Under this baseline, the
Bureau assumes that institutions are complying with regulations that
they are currently subject to, including reporting data under HMDA,
CRA, and any State commercial financing disclosure laws.\911\ The
Bureau believes that such a baseline will also provide the public with
better information about the benefits and costs of this rule.
---------------------------------------------------------------------------
\911\ See, e.g., N.Y. S.898 (signed Jan. 6, 2021) (amending
S.5470-B), https://legislation.nysenate.gov/pdf/bills/2021/s898;
Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; Virginia H. 1027
(enacted Apr. 11, 2022), https://lis.virginia.gov/cgi-bin/legp604.exe?221+ful+CHAP0516; Utah S.B. 183 (enacted Mar. 24, 2022),
https://le.utah.gov/~2022/bills/static/SB0183.html.
---------------------------------------------------------------------------
The Bureau received no comments regarding its choice of baseline
for its section 1022(b)(2) analysis.
C. Basic Approach of the Bureau's Consideration of Benefits and Costs
and Data Limitations
Pursuant to section 1022(b)(2)(A) of the Dodd-Frank Act,\912\ in
prescribing a rule under the Federal consumer financial laws (which
include ECOA and title X of the Dodd-Frank Act), the Bureau is required
to consider the potential benefits and costs to ``consumers'' and
``covered persons,'' including the potential reduction of access by
consumers to consumer financial products or services resulting from
such rule, and the impact of final rules on covered persons as
described under section 1026 of the Dodd-Frank Act \913\ (i.e.,
depository institutions and credit unions with $10 billion or less in
total assets), and the impact on consumers in rural areas.
---------------------------------------------------------------------------
\912\ 12 U.S.C. 5512(b)(2)(A).
\913\ 12 U.S.C. 5516.
---------------------------------------------------------------------------
The Dodd-Frank Act defines the term ``consumer'' as an individual
or someone acting on behalf of an individual, while a ``covered
person'' is one who engages in offering or providing a ``consumer
financial product or service,'' which means a financial product or
service that is provided to consumers primarily for ``personal, family,
or household purposes.'' \914\ In the rulemaking implementing section
1071, however, the only parties directly affected by the rule are small
businesses (rather than individual consumers) and the financial
institutions from whom they seek credit (rather than covered persons).
Accordingly, a section 1022(b)(2)(A) analysis that considers only the
costs and benefits to individual consumers and to covered persons would
not meaningfully capture the costs and benefits of the rule.
---------------------------------------------------------------------------
\914\ 12 U.S.C. 5481(4) through (6).
---------------------------------------------------------------------------
Below, the Bureau conducts the statutorily required analysis with
respect to the rule's effects on consumers and covered persons.
Additionally, the Bureau is electing to conduct this same analysis with
respect to small businesses and the financial institutions required to
compile, maintain, and submit data under the final rule. This
discussion relies on data that the Bureau has obtained from industry,
other regulatory agencies, and publicly available sources. However, as
discussed further below, the data limit the Bureau's ability to
quantify the potential costs, benefits, and impacts of the final rule.
1. Analysis With Respect to Consumers and Covered Persons
The final rule implements a data collection regime in which certain
covered financial institutions must compile, maintain, and submit data
with respect to applications for credit for small businesses. The rule
will not directly impact consumers or consumers in rural areas, as
those terms are defined by the Dodd-Frank Act. However, some consumers
will be directly impacted in their separate capacity as sole owners of
small businesses covered by the rule. Some covered persons, including
some that are depository institutions or credit unions with $10 billion
or less in total assets, will be directly affected by the rule not in
their capacity as covered persons (i.e., as offerors or providers of
consumer financial products or services) but in their separate capacity
as financial institutions that offer small business credit covered by
the rule. The costs, benefits, and impact of the rule on those entities
are discussed below.
2. Costs to Covered Financial Institutions
The final rule establishes which financial institutions,
applicants, transactions, and data points are covered by its
requirements. In order to precisely quantify the costs to covered
financial institutions, the Bureau would need representative data on
the operational costs that financial institutions would incur to gather
and report 1071 data, one-time costs for financial institutions to
update or create reporting infrastructure to implement the final rule,
and information on the level of complexity of financial institutions'
business models and compliance systems. Currently, the Bureau does not
believe that data on section 1071 reporting costs with this level of
granularity are systematically available from any source. The Bureau
has made reasonable efforts to gather data on section 1071 reporting
costs.
[[Page 35493]]
Through outreach efforts with industry, community groups, and other
regulatory agencies, the Bureau has obtained some information about
potential ongoing operational and one-time compliance costs, and the
discussion below uses this information to quantify certain costs of the
final rule. Throughout the section 1022 discussion in the NPRM, the
Bureau also solicited feedback about data or methodologies that would
enable it to more precisely estimate the benefits, costs, and impacts
of the proposed rule. The Bureau has reviewed these comments and
considered the information provided by the commenters. The Bureau
believes that the discussion herein constitutes the most comprehensive
assessment to date of the costs of section 1071 reporting by financial
institutions, as well as the most accurate estimates of costs given
available information. However, the Bureau recognizes that these
estimations may not fully quantify the costs to each covered financial
institution, especially given the wide variation of section 1071
reporting costs among financial institutions.
The Bureau categorizes costs required to comply with the final rule
into ``one-time'' and ``ongoing'' costs. ``One-time'' costs refer to
expenses that the financial institution will incur initially and only
once to implement changes required in order to comply with the
requirements of this rule. ``Ongoing'' costs are expenses incurred as a
result of the ongoing reporting requirements of the rule, accrued on an
annual basis. In considering the costs and impacts of the rule, the
Bureau has engaged in a series of efforts to estimate the cost of
compliance by covered entities. The Bureau conducted a One-Time Cost
Survey, discussed in more detail in part IX.E.1 below, to learn about
the one-time implementation costs associated with implementing section
1071 and adapted ongoing cost calculations from previous rulemaking
efforts. The Bureau evaluated the one-time costs of implementing the
procedures necessary and the ongoing costs of annually reporting under
the rule in part IX.F.3 below. The discussion below provides details on
the Bureau's approach in performing these institution-level analyses.
The Bureau realizes that costs vary by institution due to many factors,
such as size, operational structure, and product complexity, and that
this variance exists on a continuum that is impossible to fully
represent. In order to conduct a cost consideration that is both
practical and meaningful in light of these challenges, the Bureau has
chosen an approach that focuses on three representative types of
financial institutions. For each type, the Bureau has produced
reasonable estimates of the costs of compliance given the limitations
of the available data. Part IX.F.3 below provides additional details on
this approach.
3. Costs to Small Businesses
The Bureau has elected to estimate the costs to small businesses in
addition to those for covered financial institutions. The Bureau
expects the direct costs of the final rule to small businesses will be
negligible. Therefore, the Bureau focuses its analysis on whether and
how the Bureau expects financial institutions to pass on the costs of
compliance with the final rule to small businesses and any possible
effects on the availability or terms of small business credit. The
Bureau relies on economic theory to understand the potential for costs
to financial institutions to be passed on to small businesses. Further,
the Bureau describes feedback received through the One-Time Cost Survey
process, the SBREFA process, and comments from the NPRM process on how
creditors might react to increased compliance costs due to the final
rule.
4. Benefits to Small Businesses and Covered Financial Institutions
Quantifying benefits to small businesses presents substantial
challenges. As discussed above, Congress enacted section 1071 for the
purpose of facilitating enforcement of fair lending laws and enabling
communities, governmental entities, and creditors to identify business
and community development needs and opportunities of women-owned,
minority-owned, and small businesses. The Bureau is unable to readily
quantify any of these benefits with precision, both because the Bureau
does not have the data to quantify all benefits and because the Bureau
is not able to assess completely how effective the implementation of
section 1071 will be in achieving those benefits. The Bureau believes
that its final rule appropriately implements the statutory mandate of
section 1071 to effectuate the section's stated purposes. As discussed
further below, as a data reporting rule, most provisions of the final
rule will benefit small businesses in indirect ways, rather than
directly. Nevertheless, the Bureau believes that the impact of enhanced
transparency will substantially benefit small businesses. For example,
the final rule will facilitate the detection (and thus remediation) of
discrimination; promote public and private investment in certain
underserved markets; and promote competitive markets. Quantifying and
monetizing these benefits would require identifying all possible uses
of data collected under this rule, establishing causal links to the
resulting public benefits, and then quantifying the magnitude of these
benefits.
Similar issues arise in attempting to quantify the benefits to
covered financial institutions. Certain benefits to covered financial
institutions are difficult to quantify. For example, the Bureau
believes that the data collected under this rule will reduce the
compliance burden of fair lending reviews for lower risk financial
institutions by reducing the ``false positive'' rates during fair
lending prioritization by regulators. That is, by providing more
comprehensive application-level data about a covered institution's
lending to small businesses, regulators will be able to better identify
fair lending risks and, as such, more efficiently prioritize their fair
lending examinations and enforcement activities. The Bureau also
believes that data made public pursuant to the final rule will allow
financial institutions to better understand the demand for small
business credit products and the conditions under which they are being
supplied by other covered financial institutions and to identify
potentially profitable opportunities to extend credit. The Bureau
believes that such benefits to financial institutions could be
substantial. However, quantifying them would require data that are
currently unavailable.
In light of these data limitations, the discussion below generally
provides a qualitative consideration of the benefits and impacts of the
final rule. General economic principles, together with the limited data
available, provide insight into these benefits and impacts. Where
possible, the Bureau makes quantitative estimates based on these
principles and the data that are available. Quantifying these benefits
is difficult because the size of each effect cannot be known in
advance. Given the number of small business credit transactions and the
size of the small business credit market, however, small changes in
behavior can have substantial aggregate effects.
5. General Comments on the Impact Analyses in the Proposed Rulemaking
Throughout the Dodd-Frank Act section 1022 discussion in the
NPRM,\915\ the Bureau solicited feedback that would enable it to
estimate the benefits, costs, and impacts of the
[[Page 35494]]
proposed regulation more precisely. The Bureau, for example, solicited
comments on its methodology for estimating one-time and ongoing costs,
the estimates of the specific costs themselves, and any information
that would help it better quantify the benefits and potential impacts
on small businesses and covered financial institutions. Many commenters
made general statements, while several provided comments specific to
certain methodologies or estimates. In this section, the Bureau
describes the comments more generally, while in subsequent sections, it
discusses comments specific to those sections.
---------------------------------------------------------------------------
\915\ See 86 FR 56356, 56540-64 (Oct. 8, 2021).
---------------------------------------------------------------------------
Commenters offered general remarks on the quality of the Bureau's
one-time and ongoing cost estimates. Several community groups described
the Bureau's estimates as ``well-considered'' or described the costs of
the proposed rule as being outweighed by the benefits. In contrast,
some industry commenters and an office of a Federal agency generally
asserted that the Bureau's cost estimates were too low. The Bureau has
reviewed its estimates and considered the information provided by the
commenters. In the sections below, the Bureau describes specific
comments related to each section of benefits, costs, and the potential
impact on small entities. The methodology described in the sections
below for the final rule is the same methodology that the Bureau used
in the NPRM unless otherwise noted.
D. Coverage of the Final Rule
1. Coverage in General
The final rule provides that financial institutions (both
depository and nondepository) that meet all the other criteria for a
``financial institution'' in Sec. 1002.105(a) would only be required
to collect and report section 1071 data if they originated at least 100
covered credit transactions in each of the two preceding calendar
years. See final Sec. 1002.105(b).
As discussed above, market-wide data on small business lending are
currently limited. The Bureau is unaware of any comprehensive data
available on small business originations for all financial
institutions, which are needed in order to precisely identify all
institutions covered by the rule. To estimate coverage of the final
rule, the Bureau uses publicly available data for financial
institutions divided into two groups: depository (i.e., banks, savings
associations, and credit unions) and nondepository institutions.
To estimate coverage of depository institutions, the Bureau relies
on NCUA Call Reports to estimate coverage for credit unions, including
for those that are not federally insured, and FFIEC Call Reports and
the CRA data to estimate coverage for banks and savings associations.
For the purposes of the analysis in this section of part IX, the Bureau
estimates the number of depository institutions that would have been
required to report small business lending data in 2019, based on the
estimated number of originations of covered products for each
institution in 2017 and 2018.\916\ The Bureau accounts for mergers and
acquisitions between 2017 and 2019 by assuming that any depository
institutions that merged in those years report as one institution.
---------------------------------------------------------------------------
\916\ The Bureau uses 2019 instead of 2020 or 2021 in order to
estimate coverage during, or based on, a year unaffected by COVID-19
pandemic conditions.
---------------------------------------------------------------------------
As discussed above, the NCUA Call Report captures the number and
dollar value of originations on all loans over $50,000 to members for
commercial purposes, regardless of any indicator about the business's
size. For the purposes of estimating the impacts of the final rule, the
Bureau uses the annual number of originated commercial loans to members
reported by credit unions as a proxy for the annual number of
originated covered credit transactions under the rule.\917\ These are
the best data available for estimating the number of credit unions that
may be covered by the final rule. However, the Bureau acknowledges that
the true number of covered credit unions may be different than what is
presented here. For example, this proxy would overestimate the number
of credit unions that will be covered if some commercial loans to
members are not covered because the member is taking out a loan for a
business considered large under the definition of a small business in
the final rule. Alternatively, this proxy would underestimate the
number of credit unions covered by the final rule if credit unions
originate a substantial number of covered credit transactions with
origination values under $50,000.
---------------------------------------------------------------------------
\917\ For this analysis, the Bureau includes all types of
commercial loans to members except construction and development
loans and loans secured by multifamily residential property. This
includes loans secured by farmland; loans secured by owner-occupied,
non-farm, non-residential property; loans secured by non-owner
occupied, non-farm, non-residential property; loans to finance
agricultural production and other loans to farmers; commercial and
industrial loans; unsecured commercial loans; and unsecured
revolving lines of credit for commercial purposes.
---------------------------------------------------------------------------
The FFIEC Call Report captures banks' and savings associations'
outstanding number and amount of small loans to businesses (i.e., loans
originated under $1 million to businesses of any size; small loans to
farms are those originated under $500,000). The CRA requires banks and
savings associations with assets over a specified threshold ($1.384
billion as of 2022) \918\ to report loans to businesses in original
amounts of $1 million or less. For the purposes of estimating the
impacts of the final rule, the Bureau follows the convention of using
small loans to businesses as a proxy for loans to small businesses and
small loans to farms as a proxy for loans to small farms. These are the
best data available for estimating the number of banks and savings
associations that may be covered by the final rule. However, the Bureau
acknowledges that the true number of covered banks and savings
associations may be different than what is presented here. For example,
this proxy would overestimate the number of banks and savings
associations covered by the rule if a significant number of small loans
to businesses and farms are to businesses or farms that are considered
large under the definition of a small business in the final rule.
Alternatively, this proxy would underestimate the number of banks and
savings associations covered by the rule if a significant number of
businesses and farms that are small under the final rule take out loans
that are larger than $1 million for businesses or $500,000 for farms.
---------------------------------------------------------------------------
\918\ See Fed. Fin. Insts. Examination Council, Explanation of
the Community Reinvestment Act Asset-Size Threshold Change (2022),
https://www.ffiec.gov/cra/pdf/2022_Asset_Size_Threshold.pdf.
---------------------------------------------------------------------------
Although banks and savings associations reporting under the CRA are
required to report the number of originations of small loans to
businesses and farms, the Bureau is not aware of any comprehensive
dataset that contains originations made by banks and savings
associations below the CRA reporting threshold. To fill this gap, the
Bureau simulated plausible values for the annual number and dollar
value of originations for each bank and savings association that falls
below the CRA reporting threshold for 2017, 2018, and 2019.\919\ The
Bureau generated simulated originations in order to account for the
uncertainty around the exact number and value of originations
[[Page 35495]]
for these banks and savings associations. To simulate these values, the
Bureau assumes that these banks have the same relationship between
outstanding and originated small loans to businesses and farms as banks
and savings associations above the CRA reporting threshold. First, the
Bureau estimated the relationship between originated and outstanding
numbers and balances of small loans to businesses and farms for CRA
reporters. Then the Bureau used this estimate, together with the
outstanding numbers and balances of small loans to businesses and farms
of non-CRA reporters, to simulate these plausible values of
originations. The Bureau has documented this methodology in more detail
in its Supplemental estimation methodology for institutional coverage
and market-level cost estimates in the small business lending rule
released concurrently with this final rule.\920\
---------------------------------------------------------------------------
\919\ Based on FFIEC Call Report data as of December 2019, of
the 5,177 banks and savings associations that existed in 2019, only
about 11 percent were required to report under CRA. That is, only
about 11 percent of banks and savings associations had assets below
$1.284 billion, the CRA reporting threshold in 2019. See Fed. Fin.
Insts. Examination Council, 2019 Reporting Criteria, https://www.ffiec.gov/cra/reporter19.htm (last visited Mar. 20, 2023).
\920\ This document is available at https://www.consumerfinance.gov/data-research/research-reports/supplemental-estimation-methodology-institutional-coverage-market-level-cost-estimates-small-business-lending-rulemaking/.
---------------------------------------------------------------------------
Based on 2019 data from FFIEC and NCUA Call Reports and the CRA
data, using the methodology described above, the Bureau estimates that
the number of depository institutions that will be required to report
under the final rule is between approximately 1,800 and 2,000, as shown
in Table 3 below. The Bureau estimates that between 1,700 and 1,900
banks and savings associations and about 100 credit unions will be
required to report under the final rule. These ranges represent 95
percent confidence intervals over the number of credit unions, banks
and savings associations that will be covered under the final rule. The
Bureau presents this range to reflect the uncertainty associated with
the estimates and notes that the uncertainty is driven by the lack of
data on originations by banks and savings associations below the CRA
reporting threshold.
Table 3--Estimated Depository Institution Coverage
[As of 2019]
------------------------------------------------------------------------
Coverage category Estimated coverage
------------------------------------------------------------------------
Institutions Subject to 1071 Reporting.. 1,800-2,000 depository
institutions (17%-19% of all
depository institutions).
Banks and Savings Associations (SAs) 1,700-1,900 banks and SAs (33%-
Subject to Reporting. 36% of all banks and SAs).
Credit Unions Subject to Reporting...... 100 credit unions (2% of all
credit unions).
Share of Total Small Business Credit by 94.2%-95.1%.
Depository Institutions (Number of
Loans Originated) Captured.
Share of Total Small Business Credit by 81.0%-83.0%.
Depository Institutions (Dollar Value
of Loans Originated) Captured.
------------------------------------------------------------------------
For nondepositories, the Bureau estimates that about 620
nondepository institutions will be covered by the final rule: about 140
nondepository CDFIs; about 70 merchant cash advance providers; about 30
online lenders; about 240 commercial finance companies; about 70
governmental lending entities; and 71 Farm Credit System members.\921\
See part II.D above for more detail on how the Bureau arrived at these
estimates.
---------------------------------------------------------------------------
\921\ The Bureau provides estimates for the majority of
nondepository institutions but knows an exact number of members of
the Farm Credit System. To estimate the number of Farm Credit System
members, the Bureau considers the Young, Beginning, and Small
Farmers Reports for all Farm Credit System members as of December
31, 2019. The reports can be found at https://reports.fca.gov/CRS/
(last visited Mar. 20, 2023). A Farm Credit System is covered if it
reported more than 100 total number of loans on its Young,
Beginning, and Small Farmers Report in 2019.
---------------------------------------------------------------------------
Comments on the estimates of coverage of the proposed rule. In the
NPRM, the Bureau sought comment on whether there are additional data
sources that could provide better estimates of coverage and on the
methods used to estimate coverage. Two trade associations commented
that the Bureau substantially underestimates the coverage of credit
unions because it does not account for small business loans under
$50,000. The Bureau acknowledges this limitation of the estimation
methodology, as discussed above, but did not receive any information
upon which to base better coverage estimates for credit unions for
purposes of the final rule.
2. Coverage Based on Tiered Compliance Dates
The final rule provides that the initial compliance date for
covered financial institutions will occur in three tiers; a covered
financial institution will determine its compliance date tier based on
the number of covered credit transactions that it originated in each of
the calendar years 2022 and 2023.\922\ In this section, the Bureau
presents estimates of the share of covered financial institutions that
will report in each tier.
---------------------------------------------------------------------------
\922\ A covered financial institution is in Tier 1, as specified
by final Sec. 1002.114(b)(1), if it has at least 2,500 originations
of covered credit transactions in each of 2022 and 2023, with a
compliance date of October 1, 2024. A covered financial institution
is in Tier 2, as specified by final Sec. 1002.114(b)(2), if it has
at least 500 originations in each of 2022 and 2023 (but isn't in
Tier 1) with a compliance date of April 1, 2025. A covered financial
institution is in Tier 3, as specified by final Sec. 1002.114(b)(3)
and (4), if it has at least 100 originations in each of 2022 and
2023 (but isn't in Tiers 1 or 2), with a compliance date of January
1, 2026. Financial institutions that do not fall into any of the
compliance tiers based on 2022 and 2023 originations, but that
originate 100 more covered credit transactions in subsequent years,
would comply beginning January 1, 2026 at the earliest.
---------------------------------------------------------------------------
The Bureau uses the estimates of originations of covered products
by depository institutions in 2017 and 2018, discussed above, to
estimate how many covered depository institutions will report in each
tier. A covered depository institution is expected to report in Tier 1
if it originated at least 2,500 covered credit transactions in each of
2017 and 2018. A covered depository institution is expected to report
in Tier 2 if it originated at least 500 covered credit transactions in
each of 2017 and 2018 and was not required to report in Tier 1. A
covered depository institution is expected to report in Tier 3 if it
originated at least 100 covered credit transactions in each of 2017 and
2018 and was not required to report in Tier 1 or Tier 2. The Bureau
also estimates the percent of covered applications from 2019 that are
received by depository institutions in each tier.
Table 4, below, presents estimates of percentages of covered banks
and credit unions that will report in each tier. The Bureau estimates
that most covered banks, savings associations, and credit unions will
not be required to report until Tier 3, as seen in the first two rows
[[Page 35496]]
of the table. However, the next two rows show that most applications to
banks and savings associations (and overall) for covered products in
the first reporting year will be received by the 5 percent to 6 percent
of covered banks and savings associations that are expected to report
in Tier 1.
Table 4--Estimated Depository Institution Coverage by Compliance Tier \923\
----------------------------------------------------------------------------------------------------------------
Coverage category Tier 1 Tier 2 Tier 3
----------------------------------------------------------------------------------------------------------------
Percent Covered Banks and SAs 5%-6% of covered banks 17%-19% of covered 75%-77% of covered
Reporting in Tier. and SAs. banks and SAs. banks and SAs.
Percent Covered Credit Unions 0% of covered credit 13% of covered credit 87% of covered credit
Reporting in Tier. unions. unions. unions.
Percent of Covered Small Business 90%-92% of covered bank 4%-5% of covered bank 4%-5% of covered bank
Credit Applications by Banks and SAs and SA applications. and SA applications. and SA applications.
Captured in Tier.
Percent of Covered Small Business 0% of covered credit 55% of covered credit 46% of covered credit
Credit Applications by Credit Unions union applications. union applications. union applications.
Captured in Tier.
----------------------------------------------------------------------------------------------------------------
As discussed above, the Bureau is unaware of any institution-level
data of originations for nondepository institutions that would allow
for precise estimates of when these institutions are expected to
report. Consistent with assumptions made below to generate market-level
estimates, the Bureau assumes that online lenders and merchant cash
advance providers each originate 2,000 covered credit transactions per
year and all other nondepository institutions originate 200 loans per
year. These assumptions imply that all online lenders and merchant cash
advance providers would be required to report in Tier 2 and all other
nondepository institutions would be required to report in Tier 3.
---------------------------------------------------------------------------
\923\ To estimate applications, the Bureau assumes that
depository institutions with that originate 1,000 or more covered
credit transactions per year receive 3 applications per origination
and depository institutions that originate fewer than 1,000 covered
credit transactions per year receive 2 applications per origination.
---------------------------------------------------------------------------
E. Methodology for Generating Cost Estimates
The Bureau used its 2015 HMDA final rule estimates as the basis for
its review of 1071 data collection and reporting tasks that would
impose one-time and ongoing costs. In developing its ongoing cost
methodology to estimate the impacts of its 2015 HMDA final rule, the
Bureau used interviews with financial institutions to understand the
processes of complying with a regulation that requires collecting and
reporting credit application data and to generate estimates of how
changes to the reporting requirements would impact the ongoing costs of
collecting and reporting mortgage application data.\924\ To analyze the
potential impacts of this final rule, the Bureau adapted its
methodology from its 2015 HMDA rulemaking activities to the small
business lending market. The methodology described below to estimate
costs of the final rule is the same as the methodology used in the NPRM
unless otherwise noted.
---------------------------------------------------------------------------
\924\ Home Mortgage Disclosure (Regulation C), 80 FR 66128,
66269 (Oct. 28, 2015).
---------------------------------------------------------------------------
The Bureau expects that the tasks required for data collection,
checking for accuracy, and reporting under the final rule will be
similar to those under the 2015 HMDA final rule. The similarities in
data collection and reporting tasks allowed the Bureau to leverage its
previous rulemaking experience in its analysis of the impacts of this
final rule. Outreach to industry, as well as feedback during the SBREFA
process and in NPRM comments, validated this approach in general. The
Bureau received no comments objecting to its use of the 2015 HMDA final
rule impacts estimates as the basis for its methodology for the final
rule implementing section 1071.
However, there are significant differences between the home
mortgage and small business lending markets. For example, small
business lending is generally less automated, and has a wider variety
of products, smaller volumes, and smaller credit amounts. The Bureau
used the SBREFA process, NPRM comments, research using publicly
available information, and the Bureau's general expertise regarding the
small business lending market to determine how these differences would
change the tasks required for data collection, checking for accuracy,
and reporting under the final rule.
During the 2015 HMDA rulemaking process, the Bureau identified
seven key aspects or dimensions of compliance costs with a data
collection and reporting rule: (1) the reporting system used; (2) the
degree of system integration; (3) the degree of system automation; (4)
the tools for geocoding; (5) the tools for performing completeness
checks; (6) the tools for performing edits; and (7) the compliance
program. The Bureau assumes that financial institutions will set up
their section 1071 reporting in a manner similar to how HMDA reporting
was implemented.\925\ As discussed in more detail below, this approach
was generally supported by the SBREFA process and NPRM commenters.
---------------------------------------------------------------------------
\925\ For example, the Bureau assumes that financial
institutions will integrate their small business data management
system with their other data systems the same way that similar
institutions integrated their HMDA management system.
---------------------------------------------------------------------------
The Bureau found during the HMDA rulemaking process that,
generally, the complexity of a financial institution's approach across
key aspects or dimensions was consistent--that is, a financial
institution generally would not use less complex approaches on some
dimensions and more complex approaches on others.\926\ This allowed the
Bureau to classify financial institutions, including depository
institutions and nondepository institutions, into three broad types
according to the overall level of complexity of their compliance
operations. Using very similar assumptions to those used in the 2015
HMDA rulemaking, the Bureau's estimation of the costs of this final
rule also assumes that complexity across key aspects or dimensions of a
financial institution's small business lending data collection and
reporting system is consistent.
---------------------------------------------------------------------------
\926\ 80 FR 66128, 66269 (Oct. 28, 2015).
---------------------------------------------------------------------------
Table 5, below, summarizes the typical approach to those seven key
aspects or dimensions of compliance costs across three representative
types of financial institutions based on level of complexity in
compliance operations. Financial institutions that are Type A have the
lowest level of complexity in
[[Page 35497]]
compliance operations, while Type B and Type C have the middle and
highest levels of complexity, respectively.
Table 5--Typical Approach to Certain Aspects/Dimensions of Compliance Costs Based on Level of Complexity for
Types of Financial Institutions
----------------------------------------------------------------------------------------------------------------
Typical approach by low Typical approach by Typical approach by
complexity financial medium complexity high complexity
Aspect/dimension of compliance costs institutions (Type A financial institutions financial institutions
FIs) (Type B FIs) (Type C FIs)
----------------------------------------------------------------------------------------------------------------
Data storage system used............. Store data in Excel.... Use LOS and SBL DMS.... Use multiple LOS, FI's
central SoR, SBL DMS.
Degree of system integration......... (None)................. Have forward Have backward and
integration (LOS to forward integration.
SBL DMS).
Degree of system automation.......... Highly manual process Use manual edit checks. Have high automation
for entering and (only verifying edits
checking data. manually).
Tools for geocoding.................. Use FFIEC tool (manual) Use batch processing... Use batch processing
with multiple sources.
Tools for completeness checks........ Conduct manual checks Use LOS, which includes Use multiple stages of
and rely on CFPB completeness checks. checks.
quality/validity
checks.
Tools for edits...................... Use CFPB edits only.... Use CFPB and customized Use CFPB and customized
edits. edits run multiple
times.
Compliance program................... Have a joint compliance Have basic internal and Have in-depth accuracy
and audit office. external accuracy and fair lending
audit. audit.
----------------------------------------------------------------------------------------------------------------
Note: LOS is ``Loan Origination System''; SoR is ``System of Record''; SBL DMS is ``Small Business Lending Data
Management System.'' \927\
During the rulemaking process for the 2015 HMDA final rule, the
Bureau found that the number of loan applications received was largely
correlated with overall complexity of financial institutions'
compliance operations.\928\ The Bureau used this observation of
financial institution practices under the previous HMDA rulemaking
work, in addition to early outreach to financial institutions and data
from Call Reports and publicly available data from the CDFI Fund, to
generate assumptions about the annual number of small business lending
applications for covered credit transactions processed by each type of
financial institution. These assumptions adapt the volume assumptions
from the mortgage lending context to address the fact that financial
institutions typically process fewer small business credit applications
than mortgage applications. The Bureau assumes that Type A FIs receive
fewer than 300 applications per year, Type B FIs receive between 300
and 2,000 applications per year, and Type C FIs receive more than 2,000
applications per year. The Bureau assumes that, for Type A and B FIs,
one out of two small business applications will result in an
origination. Thus, the Bureau assumes that Type A FIs originate fewer
than 150 covered credit transactions per year and Type B FIs originate
between 150 and 999 covered credit transactions per year. The Bureau
assumes that Type C FIs originate one out of three small business
applications and at least 1,000 covered credit transactions per
year.\929\ As described in the comment review below, these methodology
assumptions were generally supported by the SBREFA process and comments
on the NPRM.
---------------------------------------------------------------------------
\927\ The Bureau expects the development of a market for small
business data management systems, similar to HMDA management
systems, that financial institutions will license or purchase from
third parties.
\928\ 80 FR 66128, 66270 (Oct. 28, 2015).
\929\ The Bureau chose the 1:2 and 1:3 application to
origination ratios based on two sources of information. First see
Biz2Credit, Small Business Loan Approval Rates Rebounded in May
2020: Biz2Credit Small Business Lending Index (May 2020), https://cdn.biz2credit.com/appfiles/biz2credit/pdf/report-may-2020.pdf,
which shows that, in December of 2019, large banks approved small
business loans at a rate of 27.5 percent, while small banks and
credit unions had approval rates of 49.9 percent and 40.1 percent.
Additionally, the Bureau's supervisory data supports a 33 percent
approval rate as a conservative measure among these estimates for
complex financial institutions (Type C FIs).
---------------------------------------------------------------------------
The Bureau understands that costs vary by financial institution due
to many factors, such as size, operational structure, and product
complexity, and that this variance exists on a continuum that is
impossible to fully represent. Due to data limitations, the Bureau is
unable to capture many of the ways in which costs vary by institution,
and therefore uses these representative financial institutions with the
above assumptions for its analysis. In order to aggregate costs to a
market level, the Bureau must map financial institutions onto its types
using discrete volume categories.
For the hiring costs discussion in part IX.F.3.i and ongoing costs
discussion in part IX.F.3.ii below, the Bureau discusses costs in the
context of representative institutions for ease of exposition. The
Bureau assumes that a representative Type A FI receives 100 small
business credit applications per year, a representative Type B FI
receives 400 small business credit applications per year, and a
representative Type C FI receives 6,000 small business credit
applications per year. The Bureau further assumes that a representative
Type A FI originates 50 covered credit transactions per year,\930\ a
representative Type B FI originates 200 covered credit transactions per
year, and a representative Type C FI originates 2,000 covered credit
transactions per year.
---------------------------------------------------------------------------
\930\ The Bureau discusses a representative Type A FI that will
not be covered by the final rule to make the final estimates easier
to compare with those in the NPRM and to highlight what the costs of
the rule would have been for a financial institution that is not
covered by the final rule.
---------------------------------------------------------------------------
1. Methodology for Estimating One-Time Costs of Implementation of the
Final Rule
The one-time cost estimation methodology for the final rule
described in this section is the same methodology that the Bureau used
in the NPRM unless otherwise noted. The primary differences are the
addition of hiring costs, in response to comments, and changes in the
wages to reflect the most recent data.
The Bureau has identified the following nine categories of one-time
costs that will likely be incurred by financial institutions to develop
the infrastructure to collect and report data under the final rule:
1. Preparation/planning
2. Updating computer systems
3. Testing/validating systems
4. Developing forms/applications
[[Page 35498]]
5. Training staff and third parties (such as brokers)
6. Developing policies/procedures
7. Legal/compliance review
8. Post-implementation review of compliance policies and procedures
9. Hiring costs \931\
---------------------------------------------------------------------------
\931\ The Bureau added this category after the NPRM and did not
ask about it in the survey.
Pre-NPRM outreach with financial institutions has informed the
Bureau's understanding of one-time costs. Financial institutions will
likely have to spend time and resources understanding the final rule,
developing the required policies and procedures for their employees to
follow, and engaging a legal team to review their draft policies and
procedures. Additionally, financial institutions may require new
equipment, such as new computer systems that can store and check the
required data points; new or revised application forms or related
materials to collect any data required under the final rule that they
do not currently collect, including minority-owned, women-owned, and
LGBTQI+-owned business statuses and the ethnicity, race, and sex of
applicants' principal owners, and to provide any related disclosures
required by the rule. Some financial institutions mentioned that they
may store, check, and report data using third-party providers such as
Fiserv, Jack Henry, LaserPro, or Fidelity Information Systems, while
others may use more manual methods of data storage, checking, and
reporting using software applications such as Microsoft Excel.
Financial institutions will also engage in a one-time training of all
small business lending staff to ensure that employees understand the
new policies and procedures. After all new policies and procedures have
been implemented and systems/equipment deployed, financial institutions
will likely undertake a final internal review to ensure that all the
requirements of the final rule have been satisfied.
The Bureau presented one-time cost categories 1 through 8 in the
SBREFA Outline and during the SBREFA process in 2020.\932\ The small
entity representatives generally confirmed that these eight categories
listed above accurately capture the components of one-time costs. Small
entity representatives did not mention hiring costs during the SBREFA
process. The Bureau added the hiring costs category after receiving
comments in response to the NPRM.
---------------------------------------------------------------------------
\932\ SBREFA Outline at 49-52.
---------------------------------------------------------------------------
The Bureau also conducted a survey in 2020 regarding one-time
implementation costs for section 1071 compliance targeted at financial
institutions who extend small business credit.\933\ The Bureau
developed the survey instrument based on guidance from industry on the
potential types of one-time costs institutions might incur if required
to report under a rule implementing section 1071 and tested the survey
instrument on a small set of financial institutions, incorporating
their feedback prior to implementation. The Bureau worked with several
major industry trade associations to recruit their members to respond
to the survey. A total of 105 financial institutions responded to the
survey.
---------------------------------------------------------------------------
\933\ The One-Time Cost Survey was released on July 22, 2020;
the response period closed on October 16, 2020. The OMB control
number for this collection is 3170-0032.
---------------------------------------------------------------------------
Estimates from survey respondents form the basis of the Bureau's
estimates for one-time costs in assessing the impact of this final
rule. The survey was broadly designed to ask about the one-time costs
of reporting data under a regime that only included mandatory data
points, used a reporting structure similar to HMDA, used the Regulation
B definition of an ``application,'' and used the respondent's own
internal small business definition. The survey was divided into three
sections: Respondent Information, One-Time Costs, and the Cost of
Credit to Small Entities.
In the Respondent Information section, the Bureau obtained basic
information about the respondent, including information on the type of
institution, its size, and its volume of small business lending. (The
Bureau did not, however, obtain the actual name or other directly
identifying information about respondents.) The One-Time Costs section
of the survey measured the total hours, staff costs, and non-salary
expenses associated with the different tasks comprising one-time costs.
Using the reported costs of each task, the Bureau estimated the total
one-time cost for each respondent. The Cost of Credit to Small Entities
section dealt with the respondent's anticipated response to the
increased compliance costs of being covered by a rule implementing
section 1071 in order to understand the potential impacts of the rule
on its small business lending activity, including any anticipated
potential changes to underwriting standards, volume, prices, product
mix, or market participation.
To estimate one-time costs, the Bureau needs information on a
financial institution's one-time costs by category and number of
originations. Of the 105 total respondents, 49 answered these
questions. The Bureau refers to these respondents as the ``cost
estimation sample.'' Of these respondents, 42 (86 percent) self-
reported that they were a depository institution (bank, saving
association, or credit union). The remaining seven (14 percent) were
nondepository institutions. Table 6 presents the self-reported asset
size of the 42 depository institution respondents in the cost
estimation sample.\934\
---------------------------------------------------------------------------
\934\ Nondepository institutions also reported assets. The
Bureau separately reports asset category for depository institutions
because asset sizes are not as comparable between depositories and
nondepositories. The Bureau does not report asset sizes for
nondepository respondents because there were too few respondents to
report separately without risking re-identification of respondents.
Table 6--Asset Sizes of Depository Institutions in One-Time Cost
Estimation Sample
------------------------------------------------------------------------
Asset category Count Percent of sample
------------------------------------------------------------------------
Less than $250 million.............. 9 21.43
$250 million to $500 million........ 9 21.43
$500 million to $1 billion.......... 7 16.67
$1 billion to $10 billion........... 8 19.05
$10 billion to $500 billion......... 9 21.43
------------------------------------------------------------------------
For the purposes of estimating one-time costs, the Bureau
distinguishes between depository institutions and nondepository
institutions. The majority of nondepository institutions are not
currently subject to any similar data reporting requirements, with the
notable exception of nondepository CDFIs. The Bureau anticipates that
covered financial institutions that are not currently subject to data
reporting requirements will need to make more changes to their existing
business operations in order to comply with the requirements of the
final rule. This
[[Page 35499]]
expectation is confirmed by the higher estimated one-time costs for
nondepository institutions relative to depository institutions from the
survey and discussed in part IX.F.3.i.
The Bureau categorizes depository institution respondents in the
cost estimation sample into four groups according to the respondents'
self-reported total originations. The first group contains the two
depository institutions that reported fewer than 25 originations; the
Bureau assumes these institutions would not report under the final
rule. The second group contains ten depository institutions that
reported between 25 and 149 originations.\935\ The Bureau categorizes
these as Type A DIs (that is, a DI that is a Type A FI as defined
above.) The third group contains the 19 depository institutions that
reported between 150 and 999 originations. The Bureau categorizes these
as Type B DIs. The final group contains the 11 depository institutions
that reported 1,000 or more originations. The Bureau categorizes these
as Type C DIs.
---------------------------------------------------------------------------
\935\ The Bureau acknowledges that it uses information collected
from institutions that will not be covered by the final rule to
estimate the costs of implementing the rule. The Bureau uses these
observations to maintain a large enough sample size.
---------------------------------------------------------------------------
There are not enough nondepository institutions in the cost
estimation sample to separate nondepository institutions into Types A,
B, and C and obtain meaningful estimates. Instead, the Bureau is
relying on the assumption that nondepository institutions (referred to
as Non-DIs for purposes of this analysis) will incur the same one-time
costs regardless of the complexity of existing business operations,
CDFI status, or coverage by State commercial financing laws.
The Bureau estimated the one-time costs for each of the four
categories of financial institutions (Type A DI, Type B DI, Type C DI,
and Non-DI) using the following methodology.
For each of the first eight categories of one-time costs, the
Bureau asked financial institutions to estimate and report the total
number of hours that junior, mid-level, and senior staff would spend on
each task, along with any additional non-salary expenses. If a
respondent did not provide estimates for any component (i.e., staff
hours or non-salary expenses) of any category, it is not counted as
part of the cost estimation sample. If a respondent provided estimates
for some components but did not provide an estimate for a particular
component (e.g., non-salary expenses for preparation/planning) then the
Bureau assumed that the respondent estimated zero for that component.
The Bureau asked survey respondents to report the average hourly
wage for junior, mid-level, and senior/executive staff involved in the
one-time cost categories. However, for the purposes of estimating one-
time costs, the Bureau assumes a constant wage across financial
institutions for each level of staff. The Bureau has updated the wages
for the final rule from the wages used in the NPRM. For junior staff,
the Bureau uses $15.64, the 10th percentile hourly wage estimate for
``loan officers'' according to the 2021 Occupational Employment
Statistics compiled by the Bureau of Labor Statistics.\936\ For mid-
level staff, the Bureau uses $38.74, the estimated mean hourly wage
estimate for ``loan officers.'' For senior staff, the Bureau used
$66.50, the 90th percentile hourly wage estimate for ``loan officers.''
To account for non-monetary compensation, the Bureau also scaled these
hourly wages up by 43 percent.\937\ The Bureau assumes a total hourly
compensation of $22.37 for junior staff, as compared to $28.76, the
mean of the junior wages reported by respondents to the survey. The
Bureau assumes a total hourly compensation of $55.40 for mid-level
staff, as compared to $48.94, the mean of the mid-level wages reported
by respondents. The Bureau assumes a total hourly compensation of
$95.10, as compared to $90.19, the mean of the senior/executive wages
reported by respondents.
---------------------------------------------------------------------------
\936\ See U.S. Bureau of Labor Stat., U.S. Dep't of Labor,
Occupational Employment and Wage Statistics (May 2021), https://www.bls.gov/oes/current/oes132072.htm.
\937\ The June 2022 Employer Costs for Employee Compensation
from the Bureau of Labor Statistics documents that wages and
salaries are, on average, about 70 percent of employee compensation
for private industry workers. The Bureau inflates the hourly wage to
account for 100 percent of employee compensation ((100/70)-1) * 100
= 43 percent). See U.S. Bureau of Labor Stat., U.S. Dep't of Labor,
Employer Costs for Employee Compensation (June 2022), https://www.bls.gov/news.release/archives/eci_07292022.pdf.
---------------------------------------------------------------------------
For each respondent in the cost estimation sample, the Bureau
calculates the cost of each one-time cost category as the sum of the
junior wage multiplied by the reported junior hours, the mid-level wage
multiplied by the reported mid-level hours, and the senior wage
multiplied by the reported senior-level hours and the reported non-
salary expenses. The total cost of the first eight categories that the
Bureau calculates for each respondent is the sum of the costs across
all eight categories.
After calculating the total costs of the first eight categories for
each respondent, the Bureau identifies outliers within the four groups
of financial institutions (Type A DI, Type B DI, Type C DI, and Non-DI)
using the interquartile range method, a standard outlier identification
method. For each group of financial institutions, an observation is
considered an outlier if the estimated total cost is greater than 1.5
*(P75 - P25) + P75 or less than
P25-1.5 *(P75 - P25) where
P75 and P25 are the 75th and 25th percentiles,
respectively, of total costs within that group. Using this method, the
Bureau identified one outlier in each Type A DI, Type B DI, and Type C
DI group and no outliers in the Non-DI group.
In addition to the total estimated one-time costs, the Bureau is
interested in the hours, non-salary expenses, and total costs
associated with each of the different one-time cost categories. For
each group, the Bureau estimates each component of one-time costs by
taking the mean of the estimated component within the group, after
excluding outliers. For example, the estimated number of junior hours
required by Type A DIs to update computer systems is the mean number of
junior hours reported by the nine Type A DIs that were in the cost
estimation sample, excluding one outlier. The Bureau estimated the cost
associated with each category as the sum of the junior wage multiplied
by the estimated junior hours, the mid-level wage multiplied by the
estimated mid-level hours, and the senior-level wage multiplied by the
estimated senior hours, and the estimated non-salary expenses.
The Bureau did not include one-time hiring costs in the estimates
for the NPRM. In response to comments, the Bureau estimates hiring
costs for the final rule estimates. To estimate hiring costs, the
Bureau assumes that, prior to implementing the final rule, current
staff at a covered financial institution will not have extra capacity
to take on new tasks. This assumption implies that each institution
will need to hire at least one new employee. The Bureau anticipates
that institutions will rearrange tasks across new and existing
employees so that the new employees alone will not conduct all work
associated with the final rule.
The Bureau assumes that a covered financial institution will need
to hire enough full-time equivalent workers (FTEs) to cover the
estimated number of staff hours necessary to comply with the final rule
on an annual, ongoing basis. In part IX.E.2 below, the Bureau describes
how it estimates the ongoing costs to comply with the rule, including
the number of hours of staff time an institution needs per application.
The Bureau assumes that an FTE will work
[[Page 35500]]
about 2,080 hours each year (40 hours per week x 52 weeks = 2,080). The
Bureau calculates that the total number of FTEs that a covered
financial institution will need to hire as the number of hours per
application multiplied by the estimated number of applications received
per year divided by 2,080, rounded up to the next full FTE. For
example, if an institution receives 500 applications per year and
spends one hour on each application, it will need to hire one FTE ((1 *
500)/2080 = 0.24, which is round up to the next full FTE, i.e., 1). In
part IX.F.3.i, the Bureau also confirms that the estimated additional
staff can cover the estimated staff hours required for implementing
other one-time changes.
The Bureau calculates the hiring costs using the estimated cost-
per-hire of $4,425, estimated by the Society for Human Resource
Management.\938\ This estimated cost includes advertising fees,
recruiter pay and benefits, and employee referrals, among other
categories. For each covered financial institution, the estimated
hiring cost is $4,425 multiplied by the estimated new FTEs. The
estimated total one-time costs are the sum of the estimated hiring
costs and the other one-time costs for that institution discussed
above.
---------------------------------------------------------------------------
\938\ See Soc'y for Hum. Res. Mgmt., SHRM Customized Talent
Acquisition Benchmarking Report, at 11 (2017), https://www.shrm.org/ResourcesAndTools/business-solutions/Documents/Talent-Acquisition-Report-All-Industries-All-FTEs.pdf.
---------------------------------------------------------------------------
Comments on the one-time cost methodology of the proposed
rulemaking. In the NPRM, the Bureau sought comment on the methods used
for estimating one-time costs of implementation. Many industry
commenters provided information on the categories of costs that they
expect to incur to develop the infrastructure to collect and report
data under the proposed rule. In general, the costs these commenters
discussed fall in the original eight one-time cost categories listed.
Many of these commenters responded to the NPRM that they would incur
costs associated with hiring new staff. The Bureau's one-time and
ongoing cost methodologies account for the costs associated with paying
staff to implement the final rule. The Bureau agrees, however, that the
one-time cost methodology outlined in the NPRM could have more
fulsomely accounted for the initial cost of hiring new staff to perform
these tasks. As described above, the Bureau added hiring costs to one-
time cost estimates in response to these comments. Except for hiring
costs, commenters did not provide any additional one-time cost
categories.
Two trade associations asserted that the Bureau's estimates of one-
time costs are too low because the estimates are based on insufficient
data for nondepository lenders and, in particular, merchant cash
advance providers. The Bureau acknowledges that the scarcity of data
for nondepositories pose a challenge when estimating the costs,
benefits, and impacts of the final rule. This is particularly true for
nondepositories that are not currently subject to a data reporting
regime. Through outreach efforts with nondepository institutions and
trade associations, the SBREFA process, and the one-time cost survey,
the Bureau obtained information about the costs for nondepositories of
complying with the final rule. Throughout the section 1022 discussion
in the proposed rule, the Bureau also solicited feedback about data and
methodologies that would enable it to more precisely estimate the costs
of the proposed. The Bureau has reviewed these comments, considered the
information provided by the commenters, and adjusted the methodology as
described above.
2. Methodology for Estimating Ongoing Costs of Implementation of the
Final Rule
The Bureau identified 15 specific data collection and reporting
activities that would impose ongoing costs. Table 7 presents the full
list of 15 activities. Activities 1 through 3 can broadly be described
as data collection activities: these tasks are required to intake data
and transfer it to the financial institution's small business data
entry system. Activities 4 through 10 are related to reporting and
resubmission: these tasks are required to collect required data,
conduct internal checks, and report data consistent with the final
rule. Activities 11 through 13 are related to compliance and internal
audits: employee training, and internal and external auditing
procedures required to ensure data consistency and reporting in
compliance with the rule. Finally, activities 14 and 15 are related to
small business lending examinations by regulators: these tasks will be
undertaken to prepare for and assist during regulatory compliance
examinations. For the sake of this analysis, the Bureau assumes that
all covered financial institutions will be subject to regulatory
compliance examinations and thus incur costs related to activities 14
and 15.
Table 7--1071 Data Collection and Reporting Activities Imposing Ongoing
Costs
------------------------------------------------------------------------
Number Activity
------------------------------------------------------------------------
1.......................... Transcribing data.
2.......................... Resolving reportability questions.
3.......................... Transferring to Data Entry System, Loan
Origination System, or other data storage
system.
4.......................... Geocoding data.
5.......................... Standard annual edit and internal checks.
6.......................... Researching questions.
7.......................... Resolving question responses.
8.......................... Checking post-submission edits.
9.......................... Filing post-submission documents.
10......................... Small business data reporting/geocoding
software.
11......................... Training.
12......................... Internal audit.
13......................... External audit.
14......................... Exam preparation.
15......................... Exam assistance.
------------------------------------------------------------------------
Table 8 provides an example of how the Bureau calculates ongoing
compliance costs associated with each compliance task. The table shows
the calculation for each activity and notes whether the task would be a
``variable
[[Page 35501]]
cost,'' which would depend on the number of applications the
institution receives, or a ``fixed cost'' that does not depend on the
number of applications. Table 8 shows these calculations for a Type A
FI, or the institution with the least amount of complexity. Table 9
below summarizes the activities whose calculation differs by
institution complexity and shows the calculations for Type B FIs and
Type C FIs (where they differ from those for a Type A FI).
Table 8--Ongoing Compliance Cost Calculations for a Type A FI
------------------------------------------------------------------------
Number Activity Calculation Type \939\
------------------------------------------------------------------------
1.......... Transcribing data Hourly compensation x Variable.
hours per app. x
applications.
2.......... Resolving Hourly compensation x Variable.
reportability hours per app. with
questions. question x
applications with
questions.
3.......... Transfer to Data Hourly compensation x Variable.
Entry System. hours per app. x
applications.
4.......... Complete Hourly compensation x Variable.
geocoding data. hours per app. x
applications.
5.......... Standard annual Hourly compensation x Fixed.
edit and hours spent on edits
internal checks. and checks.
6.......... Researching Hourly compensation x Variable.
questions. hours per app. with
question x
applications with
questions.
7.......... Resolving Hourly compensation x Variable.
question hours per app. with
responses. question x
applications with
questions.
8.......... Checking post- Hourly compensation x Variable.
submission edits. hours checking post-
submission edits per
application.
9.......... Filing post- Hourly compensation x Fixed.
submission hours filing post-
documents. submission docs.
10......... Small business Uses free geocoding Fixed.
data reporting/ software.
geocoding
software.
11......... Training......... Hourly compensation x Fixed.
hours of training per
year x number of loan
officers.
12......... Internal audit... No internal audit Fixed.
conducted by
financial institution
staff.
13......... External audit... One external audit per Fixed.
year.
14......... Exam preparation. Hourly compensation x Fixed.
hours spent on
examination
preparation.
15......... Exam assistance.. Hourly compensation x Fixed.
hours spent on
examination
assistance.
------------------------------------------------------------------------
Many of the activities in Table 8 require time spent by loan
officers and other financial institution employees. To account for time
costs, the calculation uses the hourly compensation of a loan officer
multiplied by the amount of time required for the activity. The Bureau
uses a mean hourly wage of $38.74 for loan officers, based on data from
the Bureau of Labor Statistics.\940\ To account for non-monetary
compensation, the Bureau scales this hourly wage by 43 percent to
arrive at a total hourly compensation of $55.40 for use in these
calculations.\941\ The Bureau uses assumptions from its 2015 HMDA final
rule analysis, updated to reflect differences between mortgage lending
and small business lending, to estimate time spent on ``ongoing
tasks.'' \942\ As an example of a time calculation, the Bureau
estimates that transcribing the required data points would require
approximately 11 minutes per application for a Type A FI. The
calculation multiplied the number of minutes by the number of
applications and the hourly compensation to arrive at the total cost,
on an annual basis, of transcribing data. As another example, the
Bureau estimates that ongoing training for loan officers to comply with
a financial institution's 1071 policies and procedures would take about
two hours per loan officer per year. The cost calculation multiplies
the number of hours by the number of loan officers and by the hourly
compensation.
---------------------------------------------------------------------------
\939\ In this table, the term ``variable'' means the compliance
cost depends on the number of applications. The term ``fixed'' means
the compliance cost does not depend on the number of applications
(even if there are other factors upon which it may vary).
\940\ These data reflect the mean hourly wage for ``loan
officers'' according to the 2021 Occupational Employment Statistics
compiled by the Bureau of Labor Statistics. See U.S. Bureau of Labor
Stat., U.S. Dep't of Labor, Occupational Employment and Wages (May
2021), https://www.bls.gov/oes/current/oes132072.htm.
\941\ The June 2022 Employer Costs for Employee Compensation
from the Bureau of Labor Statistics documents that wages and
salaries are, on average, about 70 percent of employee compensation
for private industry workers. The Bureau inflates the hourly wage to
account for 100 percent of employee compensation ((100/70)-1) * 100
= 43 percent). U.S. Bureau of Labor Stat., U.S. Dep't of Labor,
Employer Costs for Employee Compensation (June 2022), https://www.bls.gov/news.release/archives/eci_07292022.pdf.
\942\ Home Mortgage Disclosure (Regulation C), 80 FR 66128 (Oct.
28, 2015). Some differences, for example, are reflected in the
number of applications, the number of data points per application,
and the number of loan officers for the representative institutions.
---------------------------------------------------------------------------
To arrive at the amount of time required per application for each
of the 15 tasks covered financial institutions would conduct to
collect, check, and report 1071 data, the Bureau begins with the
assumptions made for each task for the 35 data points under the 2015
HMDA final rule and then adjusts these required times relative to the
number of data points required under the final rule. The final rule
requires covered financial institutions to collect 20 data points for
each covered application. Several of these data points have multiple
components. For example, the credit type data point has three
subcomponents: the product type, the type of guarantee, and the term.
The data points for pricing information and the ethnicity, race, and
sex of principal owners also have multiple subcomponents.
Some activity costs in Table 8 depend on the number of
applications. It is important to differentiate between these variable
costs and fixed costs because the type of cost impacts whether and to
what extent covered institutions might be expected to pass on their
costs to small business loan applicants in the form of higher interest
rates or fees (discussed in more detail in part IX.F.4 below). Data
collection, reporting, and submission activities such as geocoding
data, standard annual edits and internal checks, researching questions,
and resolving question responses are variable costs. All other
activities are fixed cost because they do not depend on the overall
number of applications being processed. An example of a fixed cost
calculation is exam preparation, where the hourly compensation is
multiplied by the number of total hours required by loan officers to
prepare for 1071-related compliance examinations.
Table 9 shows where and how the Bureau assumes Type B FIs and Type
C FIs differ from Type A FIs in its ongoing cost methodology. Type B
FIs and Type C FIs use more automated procedures, which result in
different cost calculations. For example, for Type B FIs and Type C
FIs, transferring data to the data entry system and geocoding
applications are done automatically by business application data
management software licensed annually by the financial institution. The
relevant address is submitted for geocoding via batch processing,
rather than done manually for each application. The additional ongoing
geocoding costs reflect the time spent by loan officers on ``problem''
applications--that is, a percentage of overall applications that the
geocoding software misses--rather than time spent on all applications.
However, Type B FIs and Type C FIs have the additional ongoing cost of
a
[[Page 35502]]
subscription to a geocoding software or service as well as a data
management software that represents an annual fixed cost of reporting
1071 data. This is an additional ongoing cost that less complex Type A
FIs (that are covered financial institutions) will not incur. The
Bureau expects that Type A FIs will use free geocoding software
available from the FFIEC or the Bureau, which may include a new batch
function that could be developed by either the FFIEC or the Bureau.
Additionally, audit procedures differ between the three
representative institution types. The Bureau expects a Type A FI would
not conduct an internal audit but would pay for an annual external
audit. A Type B FI would be expected to conduct a simple internal audit
for data checks and also pay for an external audit on an annual basis.
Type C FIs would have a sophisticated internal audit process in lieu of
an external audit.
Table 9--Differences in Ongoing Cost Calculations for Type B FIs and
Type C FIs Versus Type A FIs
------------------------------------------------------------------------
Difference for a Difference for a
Number Activity Type B FI Type C FI
------------------------------------------------------------------------
3........... Transfer to Data No employee time No employee time
Entry System. cost. cost.
Automatically Automatically
transferred by transferred by
data management data management
software software
purchased/ purchased/
licensed. licensed.
4........... Complete geocoding Cost of time per Few applications
data. application that require
unable to be manual attention.
geocoded by Completed by
software. third-party
software vendor.
10.......... Small business Uses geocoding Uses geocoding
data reporting/ software and/or software and/or
geocoding data management data management
software. software that software that
requires annual requires annual
subscription. subscription.
12.......... Internal Audit.... Hourly Hourly
compensation x compensation x
hours spent on hours spent on
internal audit. internal audit.
13.......... External Audit.... Yearly fixed Only an extensive
expense on internal audit
external audit. and no expenses
on external
audits.
------------------------------------------------------------------------
Table 10 below shows major assumptions that the Bureau makes for
each activity for each type of financial institution. Table 10 provides
the total number of hours the Bureau assumes are required for each task
that requires labor.\943\ For example, the Bureau assumes that
transcribing data for 100 applications will require 19 hours of labor.
The table also shows the assumed fixed cost of software and audits, as
well as areas where the Bureau assumes there will be cost savings due
to technology. In several cases, the activity does not apply to
financial institutions of a certain type, and are therefore not
displayed.
---------------------------------------------------------------------------
\943\ Compared to the assumptions in the Bureau's proposal, this
table includes additional time assumptions due to the collection of
the business's LGBTQI+-owned status.
\944\ The representative Type A, Type B, and Type C FIs are
assumed to receive, respectively, 100, 400 and 6,000 applications.
Table 10--Major Assumptions for the Representative Type A FIs, Type B FIs, and Type C FIs \944\
----------------------------------------------------------------------------------------------------------------
Number Activity Type A FI Type B FI Type C FI
----------------------------------------------------------------------------------------------------------------
1............... Transcribing data..... 19 hours total........ 38 hours total........ 571 hours total.
2............... Resolving 11 hours total........ 23 hours total........ 34 hours total.
reportability
questions.
3............... Transfer to 1071 data 19 hours total........ N/A................... N/A.
management software.
4............... Complete geocoding 7 hours total; 10 hours total (0.5 N/A.
data. reduction in time hours per ``problem''
cost relative to HMDA loan x 5% of loans
for software with that are ``problem'').
batch processing.
5............... Standard annual edit 18 hours total; 357 hours total; 741 hours total;
and internal checks. reduction for online reduction for online reduction for online
submission platform. submission platform. submission platform.
6............... Researching questions. 6 hours total......... 11 hours total........ 17 hours total.
7............... Resolving question 1 hour total.......... 1 hour total.......... 1 hour total.
responses.
8............... Checking post- 1 hour total.......... 5 hours total......... 18 hours total.
submission edits.
9............... Filing post-submission <1 hour total......... <1 hour total......... <1 hour total.
documents.
10.............. 1071 data management N/A................... $8,000................ $13,271.
system/geocoding
software.
11.............. Training.............. 24 hours total........ 120 hours total....... 800 hours total.
12.............. Internal audit........ N/A................... 8 hours total......... 2,304 hours total.
13.............. External audit........ $3,500................ $5,000................ N/A.
14.............. Exam preparation...... <1 hour total......... 80 hours total........ 480 hours total.
15.............. Exam assistance....... 2 hours total......... 12 hours total........ 80 hours total.
----------------------------------------------------------------------------------------------------------------
Comments on the ongoing cost methodology of the proposed
rulemaking. In the NPRM, the Bureau sought comment on the Bureau's
proposed methods to estimate the ongoing costs of the small business
lending rule. Many industry commenters described categories of ongoing
costs that fell within the categories of ongoing cost activities set
forth in the NPRM. Commenters, for example, described needing to
transcribe data from the application, train employees, conduct external
audits, or prepare for exams. Given the volume of comments affirming
these existing categories, the Bureau has retained those existing
categories of ongoing cost activities.
Some commenters suggested other categories of ongoing costs not
considered by the Bureau in the NPRM. A credit union and a trade
association suggested that more time was needed per application to
explain to customers the new collection requirements; a bank said more
time was needed to explain the requirements to collect ethnicity, race,
and sex information. The Bureau believes that its one-time costs
categories of ``developing forms and applications'' and ``developing
policies and procedures'' already account for these types of costs and
any remaining ongoing cost of explaining collection requirements will
be minimal. The commenters also did not provide specific estimates for
these categories of ongoing costs.
A joint trade association letter described how the rule has the
potential to create a new ongoing cost of retaining
[[Page 35503]]
the records. These comments focused on the information technology
infrastructure associated with the retention of records. The Bureau
believes that these costs are best described as one-time costs and are
captured in the ``updating computer systems'' category of its one-time
costs estimation. The Bureau thus has not included these as additional
categories of ongoing costs.
Comments on one-time and ongoing cost estimates based on levels of
financial institution complexity. The Bureau received several comments
related to its approach to defining complexity and using complexity
categories in its one-time and ongoing cost estimation. Several smaller
banks and credit unions explained that many of their processes related
to collecting, checking, and reporting data to the Bureau under the
proposed rule would largely be manual. The Bureau believes that its
Type A institution category already takes into account the various
manual processes described by these commenters and decided against
adding additional categories of complexity.
3. Methodology for Generating Market-Level Estimates of One-Time and
Ongoing Costs
To generate market-level cost estimates, the Bureau relies on the
estimates of the volume of small business lending originations
described in part IX.D above. As with institutional coverage, the
Bureau separates market-level cost estimates into estimates for
depository institutions and for nondepository institutions. The
methodology described below for the final rule is the same methodology
that the Bureau used in the NPRM.
For depository institutions, the Bureau estimates which
institutions of those that existed at the end of 2019 would likely be
covered or not covered by the final rule. For this analysis, the Bureau
uses 2019 to represent the first year of coverage. An institution would
be required to report data on applications received in 2019 if it
originated at least 100 covered originations in each of the preceding
two years (i.e., 2017 and 2018). If two depository institutions merged
between the end of 2017 and the end of 2019, the Bureau assumes that
those institutions would report as one entity. The Bureau then
categorizes each institution as a Type A DI, Type B DI, or Type C DI
based on its originations in 2019. Depository institutions with 0 to
149 covered originations in 2019 are categorized as Type A. Depository
institutions with 150 to 999 covered originations are categorized as
Type B. Depository institutions with 1,000 or more covered originations
are categorized as Type C. For each depository institution, the Bureau
assigns the appropriate estimated one-time cost (including hiring cost
as a function of estimated applications), ongoing fixed cost, ongoing
variable cost per application, and applications per origination
estimates associated with its institution type. The estimated number of
annual applications for each institution is the estimated number of
originations multiplied by the assumed number of applications per
origination for that institution type. The annual ongoing cost for each
institution is the ongoing fixed cost plus the ongoing variable cost
per application multiplied by the estimated number of applications. The
one-time hiring cost for each institution is the estimated number of
applications multiplied by the annual staff hours per application
divided by 2,080, rounded up to the next full FTE, multiplied by the
cost-per-hire.
To generate market-level estimates, the Bureau first calculates the
estimated one-time costs, including hiring costs, and annual ongoing
costs for each depository institution covered by the rule based on the
estimated number of originations for that institution in 2019. The
Bureau then sums these costs over the covered depository institutions
to find market-level statistics of total costs. As with coverage
estimates, the Bureau presents a range for market-level estimates. The
range reflects the uncertainty associated with the estimate of costs
for banks and savings associations below the CRA reporting threshold.
The Bureau has documented how it calculates these ranges in its
Supplemental estimation methodology for institutional coverage and
market-level cost estimates in the small business lending
rulemaking.\945\
---------------------------------------------------------------------------
\945\ See https://www.consumerfinance.gov/data-research/research-reports/supplemental-estimation-methodology-institutional-coverage-market-level-cost-estimates-small-business-lending-rulemaking/.
---------------------------------------------------------------------------
The Bureau is unaware of institution-level data on originations by
nondepository institutions that are comprehensive enough to estimate
costs using the same method as that for depository institutions.
Therefore, to generate market-level estimates for nondepository
institutions, the Bureau relies on the estimates discussed above and
several key assumptions. The Bureau assumes that online lenders and
merchant cash advance providers are Type C FIs because they generally
have more automated systems and originate more loans. The Bureau
assumes that the remaining nondepository institutions are Type B FIs.
The Bureau assumes that each nondepository receives the same number of
applications as the representative institution for each type, as
described above. Hence, the Bureau assumes that online lenders and
merchant cash advance providers each receive 6,000 applications per
year and all other nondepository institutions receive 400 applications
per year. As explained above, the Bureau also assumes that all
nondepository institutions have the same one-time costs.
F. Potential Benefits and Costs to Covered Financial Institutions and
Small Businesses
The benefits of the final rule to covered financial institutions
and small businesses described in this section are largely the same as
the benefits discussed in the NPRM. The discussions have been updated
to reflect policy differences between the NPRM and final rule.
1. Benefits to Small Businesses
The final rule will benefit small businesses by collecting data
that further the two statutory purposes of section 1071. Those purposes
are to facilitate the enforcement of fair lending laws and enable
communities, governmental entities, and creditors to identify business
and community development needs and opportunities of women-owned,
minority-owned, and small businesses. Some of the benefits to small
businesses discussed below stem from the public release of the data
collected under the rule. As discussed in more detail in part VIII.B.1,
the Bureau intends to exercise its discretion under ECOA section
704B(e)(4) to delete or modify data collected under section 1071 which
are or will be available to the public where it determines that such
deletion or modification appropriately protects privacy interests. The
discussion below considers the benefits of releasing unmodified data,
but the Bureau acknowledges that the benefits derived from public
disclosure may be lower if modifications or deletions are made.
Data collected and reported under the final rule will be the
largest and most comprehensive dataset in the United States on credit
availability for small businesses. These data will provide important
insight into lending patterns in the small business lending market.
Visibility into those patterns should provide important benefits for
facilitating fair lending enforcement and enabling identification of
community development needs and opportunities.
[[Page 35504]]
The data could lead to a more efficient use of government resources
in enforcing fair lending laws through more efficient prioritization of
fair lending examinations and investigations. The public nature of the
dataset will allow for members of the public to review the dataset
(subject to modification and deletion decisions by the Bureau) for
possible violations of antidiscrimination statutes. The increased
transparency will benefit women-owned, minority-owned, and LGBTQI+-
owned small businesses directly, in the form of remediation in the
event that lenders ultimately are found to have violated fair lending
laws, and indirectly, with increased access to credit resulting from
the increased transparency as to the lending practices of financial
institutions.
Important to the fair lending benefit of the small business lending
dataset is the action taken data point. Existing datasets that collect
transaction-level data only contain data on originated small business
loans. Application-level data, including the action taken data point,
will allow users to construct approval or denial rates, for example,
for particular financial institutions. Such analyses could indicate
whether, for example, women-owned, minority-owned, or LGBTQI+-owned
small businesses are being discouraged or denied credit at higher rates
than other small businesses, which would warrant further exploration.
Also important are several data fields on the pricing of covered
credit transactions that are originated or approved but not accepted.
Data users will be able to examine, for example, whether women-owned,
minority-owned, or LGBTQI+-owned small businesses are charged higher
interest rates, or face higher origination charges or initial annual
charges than similarly situated businesses that are not women-owned,
minority-owned, or LGBTQI+-owned. The final rule also requires
information on prepayment penalties, which can be an important aspect
of the total costs of credit for small business owners.\946\ Users will
be able to examine whether women-owned, minority-owned, or LGBTQI+-
owned small businesses are more likely to face prepayment penalties on
extended credit.
---------------------------------------------------------------------------
\946\ California, for example, to include prepayment policies as
a required component of pricing disclosures in commercial financing
(see Cal. S.B. 1235 (Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235).
---------------------------------------------------------------------------
Several data points included in the final rule will contribute to
more accurate fair lending analyses by allowing users to compare credit
products with similar characteristics. For example, differences in the
risk of extending credit likely lead to differences in approval rates
and prices for covered credit transactions based on credit amount
applied for and approved, all three aspects of credit type (type of
credit product, types of guarantees, and loan term), and credit
purpose. Many creditors also consider characteristics about the small
business, such as industry, gross annual revenue, or time in business,
during their underwriting or pricing processes. Supply and demand for
small business credit also varies over time and by location, so the
inclusion of census tract, application date, and action taken date
could lead to more accurate analyses. More accurate screening for fair
lending risk will, for example, reduce the false positive rate observed
during fair lending prioritization and increase the efficiency of fair
lending reviews.
Communities may use these data to identify gaps in access to credit
for small businesses. Identifying those gaps can fuel community
development, in partnership with creditors and governmental entities
through the development of targeted lending programs, loan funds, small
business incubators, and other community-driven initiatives to support
small businesses.
Creditors will likely use the data to understand small business
lending market conditions more effectively and at a more granular level
than is possible with existing data sources, such as Call Reports, data
from public lending programs, or privately purchased data. Data
collected under the final rule, combined with the institution's
existing information on the small business lending market, can help
creditors identify potentially profitable opportunities to extend
credit. For example, creditors will be able to use census tract
information to find areas of high credit demand into which they could
consider expanding and other business opportunities for the creditor.
Governmental entities will likely use the data to develop solutions
that achieve policy objectives. For example, loan guarantees provided
by the SBA's 7(a) and 504 programs are designed to increase the
availability of business credit for businesses that otherwise have
difficulty accessing credit. Governmental entities will be able to use
the comprehensive data on applications for covered credit transactions
collected under the final rule to identify additional opportunities to
create new--or tailor existing--programs to advance their small
business lending policy objectives. Additionally, the data could help
facilitate emergency governmental interventions such as disaster
relief.
The data collected under the final rule will be the most extensive
data on credit access for women-owned, minority-owned, and LGBTQI+-
owned small businesses, and such information will help various data
users in understanding the needs and opportunities of such businesses.
For example, governmental entities often create programs, such as those
that reserve government contracts or those that provide grants, that
specifically target women-owned and minority-owned businesses.
Governmental entities could use data collected under the final rule to
alter existing programs or create new ones to meet the needs of these
business owners. Private lenders could also use the data to find
untapped markets of credit demand from women-owned, minority-owned, and
LGBTQI+-owned small businesses.
As one of the premier data sources on the small business credit
market, data collected under the final rule will also facilitate
rigorous research by academics and advocates. HMDA data, which are
similar in many ways to the data that will be collected under the final
rule, have been analyzed in many scholarly publications. The data
collected under section 1071 will provide public- and private-sector
academics and other researchers a clearer window into potential
discrimination in the small business credit market, as well as a better
understanding of small business credit market trends and dynamics. As
in the case of HMDA, data collected under the final rule will be more
broadly used to understand how business owners make borrowing
decisions, respond to higher prices, and respond to risk.\947\
---------------------------------------------------------------------------
\947\ For examples of how HMDA data has facilitated research on
the mortgage market, see, e.g., CFPB, Data Point: Asian American and
Pacific Islanders in the Mortgage Market (July 2021), https://files.consumerfinance.gov/f/documents/cfpb_aapi-mortgage-market_report_2021-07.pdf; CFPB, Manufactured Housing Finance: New
Insights from the Home Mortgage Disclosure Act Data (May 2021),
https://files.consumerfinance.gov/f/documents/cfpb_manufactured-housing-finance-new-insights-hmda_report_2021-05.pdf; Neil Bhutta &
Benjamin J. Keys, Moral Hazard during the Housing Boom: Evidence
from Private Mortgage Insurance, 35(2) Review of Fin. Studies
(2021), https://academic.oup.com/rfs/advance-article/doi/10.1093/rfs/hhab060/6279755; Sumit Agarwal et al., The Effectiveness of
Mandatory Mortgage Counseling: Can One Dissuade Borrowers from
Choosing Risky Mortgages? (Nat'l Bureau of Econ. Research, Working
Paper No. 19920, 2014), https://www.nber.org/system/files/working_papers/w19920/w19920.pdf; Alexei Alexandrov & Sergei
Koulayev, No Shopping in the U.S. Mortgage Market: Direct and
Strategic Effects of Providing Information (CFPB, Off. of Research
Working Paper No. 2017-01, 2018), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2948491.
---------------------------------------------------------------------------
[[Page 35505]]
The final rule's data points will provide the above benefits in
several ways. For example, the action taken and pricing information
data points will allow various entities to monitor the tightness of the
small business credit market and identify areas where there are high
denial rates for small business credit or where it is provided only at
high cost, especially to women-owned, minority-owned, or LGBTQI+-owned
small businesses. Conversely, the data may also be used to identify
areas of business opportunity for creditors or help assess the
characteristics of successful business lending. Data on census tract,
NAICS code, gross annual revenue, and number of workers will provide
insight into the availability of small business credit by geography,
industry, and business size. Credit type and credit purpose will
provide more information on how women-owned, minority-owned, and
LGBTQI+-owned small businesses use credit and whether their use differs
from that of other small businesses. Time in business information will
allow data users to understand the credit needs of young small
businesses, and specifically young women-owned, minority-owned, and
LGBTQI+-owned small businesses. Recent research has shown that women-
owned and minority-owned businesses face different financing challenges
early in the business lifecycle than other firms, primarily driven by
less access to external financing.\948\
---------------------------------------------------------------------------
\948\ See, e.g., JPMorgan Chase & Co. Inst., Small business
ownership and liquid wealth (Mar. 2021), https://www.jpmorganchase.com/institute/research/small-business/small-business-ownership-and-liquid-wealth-report.
---------------------------------------------------------------------------
As creditors, communities, and governmental entities use these data
to identify business opportunities, gaps in existing supports and
capital access for small businesses, and more targeted policy
interventions to support small businesses, small businesses will
benefit from increased access to credit. Small businesses will also
benefit from credit offerings more closely tailored to their needs as
the data are used by creditors and others to develop more targeted
credit products.
As described above, the Bureau believes that setting a threshold
for coverage at 100 originated loans in each of the preceding two
calendar years provides substantial coverage of the small business
credit market. While the Bureau could theoretically have collected even
more data pursuant to the final rule if it retained the 25-loan
threshold proposed in the NPRM, the Bureau is not adopting this
threshold in order to ensure that financial institutions with the
lowest volume of small business lending experience no pressure to
reduce their small business lending activity in order to avoid the
fixed costs of coming into compliance with this final rule. While some
commenters expressed concern that institutions with a low volume of
small business lending might reduce their lending in order to stay
under the threshold, the Bureau cannot quantify this risk, particularly
given the paucity of data on small business lending.
Comments on the Bureau's estimation of the benefits to small
businesses. The Bureau sought comment on its analysis of potential
benefits to small businesses as set forth in the NPRM. Many community
groups and several business owners agreed that the rule would support
fair lending. A small business, a CDFI lender, and some community
groups said collecting data will improve visibility and understanding
of small businesses, particularly those that are minority- and women-
owned. The CDFI lender and a joint letter from community groups,
community oriented lenders, and business advocacy groups stated that
the data from this rule could be used to identify which products and
business models best meet the needs of underserved entrepreneurs. One
commenter pointed to agricultural products as a particular sector that
would benefit from increased transparency afforded by the rule,
particularly regarding the status of minority- and women-owned small
businesses. Two community groups and a business advocacy group pointed
to how data collected on ethnicity and race under HMDA preceded an
increase in lending to minority borrowers, suggesting that a similar
pattern may emerge in the small business lending market after the rule
goes into effect. Similarly, a few commenters pointed to how data from
the Paycheck Protection Program and studies and surveys surrounding the
program allowed researchers, regulators, financial institutions, and
others to identify disparate lending patterns on the basis of ethnicity
and race.
An individual commenter said collecting the data will help improve
the collective understanding of small business lending and its
interaction with regulations, and noted that other countries, such as
Norway, already collect small business lending data on a Federal level.
An individual commenter and two community groups suggested that the
data could reveal patterns of disparities that are already well-known
through lived experiences within their respective communities,
particularly Black communities and farming and agricultural
communities. A joint letter from community and business advocacy groups
pointed to how disaggregation of those identified as Asian has revealed
wide variances in income and lending patterns within these diverse
communities in the mortgage lending market, suggesting similar
disaggregation of race data in the final rule would improve the
understanding of these diverse communities in the small business
lending market.
A few commenters noted potential positive spillover effects of the
rule. One community group noted positive interaction effects between
fair lending to small businesses and fair housing, as more people might
purchase housing close to where local businesses flourish. An
individual and a joint letter from community and business advocacy
groups noted that investing in small businesses, particularly in
historically underfunded neighborhoods, could provide pathways to
economic opportunities for members of marginalized groups and even
alleviate wealth gaps based on ethnicity and race. Another commenter
similarly noted that the growth of small businesses could reduce
unemployment, housing insecurity, and poverty in the surrounding
community.
Finally, a few minority small business owners predicted that they
would benefit if the rule improved fair lending. These commenters
identified the disadvantages minority-owned small businesses face when
fair lending is not enforced, including business closure. One of these
commenters, along with some community groups, pointed to studies that
suggested fair access to credit, such as loan modifications, during the
pandemic could have prevented the closure of minority-owned firms,
added millions in revenue to the U.S. economy, and created millions of
jobs.
A number of commenters described ways in which the final rule would
provide benefits consistent with the statutory purposes of section
1071, including the establishment of a comprehensive dataset of small
business lending, and the collection of detailed data points that will
allow for more accurate analyses of underwriting and pricing patterns.
These data, in turn, will permit for better understanding of the supply
and demand of credit, and financial institutions' treatment of small
business applicants and borrowers, including those that are owned by
women and minorities. Commenters corroborated other benefits identified
by the Bureau, such as positive spillover effects to fair housing and
the local
[[Page 35506]]
economy surrounding small businesses. Data from the final rule will
help researchers (including, but not limited to, those in the
government, private sector, and academia) observe and quantify these
benefits, just as researchers have used data from HMDA and the Paycheck
Protection Program to identify areas of potential fair lending risk.
On the other hand, many financial institutions and trade
associations disagreed with the Bureau's assessment of potential
benefits to small businesses. First, several commenters asserted there
would be minimal or even no benefit. One bank said there would be no
benefit at all. Two banks said there will be ``minimal'' benefit to
their clients, to their communities, and to themselves.
Second, other commenters asserted the Bureau overestimated
benefits. One bank said the usefulness of standardized data is undercut
by the fact that small business lending by small lenders is highly
specialized. Two trade associations specified this could be problematic
because standardized data ``could result in small business borrowers
appearing to be similarly situated, when, in fact, the unique
attributes of each borrower would result in different loan pricing by
the bank.''
Third, several commenters asserted any benefits would be outweighed
by costs, i.e., that there would be little benefit relative to costs.
Other comments asserted the Bureau failed to adequately consider the
potential benefits and costs to ``consumers'' and ``covered persons''
as required by section 1022(b)(2)(A) of the Dodd-Frank Act. While some
of these arguments are discussed in detail in following sections
regarding costs, we present some of the arguments here as well. Two
community banks and a trade association said costs would outweigh
benefits for community banks and small lenders in particular. Another
trade association stated data points adopted pursuant to ECOA section
704B(e)(2)(H) in particular will only provide ``minimal'' benefits
compared to the cost of collecting the data. Along a similar line of
reasoning, three trade associations said the rule would harm the
institutions that the rule is designed to benefit. Of these, two
asserted that the small, women-owned, and minority-owned businesses the
rule is designed to benefit in particular would be harmed.
As detailed above, the Bureau believes that the final rule will
have benefits consistent with its two statutory purposes. The data
collected under the final rule will be the most extensive data on
credit access for women-owned, minority-owned, and LGBTQI+-owned small
businesses, and such information will facilitate the enforcement of
fair lending laws and help identify business and community development
needs.
With respect to comments that asserted the Bureau overestimated the
benefits of the rule, the Bureau acknowledges in part IX.C the
difficulty of precisely estimating the benefits of the data collection
but also details how it estimates the benefits to small businesses
using the best information available. With respect to commenters who
described how data collected under the final rule would not have all
relevant information about a credit application, the Bureau
acknowledges this limitation in part IX.C above, but also describes, in
part IX.F, how the data will provide significant benefits consistent
with the statutory purposes of the rule despite these limitations.
With respect to comments that the costs would outweigh any benefits
or that the Bureau did not adequately fulfill the requirements of
section 1022(b)(2)(A) of the Dodd-Frank Act, in part IX.E, the Bureau
details its methodology for estimating benefits and costs and, in part
IX.F, details its estimates of benefits and costs, incorporating
feedback from comments on the proposed rule. In doing so the Bureau
fulfills its requirement to consider the potential benefits and costs
to ``consumers'' and ``covered persons'' as required by section
1022(b)(2)(A) of the Dodd-Frank Act.
2. Benefits to Covered Financial Institutions
The final rule will provide some benefits to some covered financial
institutions--i.e., the financial institutions that will be required to
collect and report 1071 data on small business applications for credit.
The first is some reduction of the compliance burden of fair lending
reviews for lower risk financial institutions, by reducing the ``false
positive'' rates during fair lending review prioritization by
regulators. Currently, financial institutions are subject to fair
lending reviews by regulators to ensure that they are complying with
ECOA in their small business lending. Data reported under the rule will
allow regulators to prioritize fair lending reviews of financial
institutions with higher risk of fair lending violations, which reduces
the burden on institutions with lower fair lending risk. Covered
financial institutions will also be able to use the data to monitor,
identify, and address their own fair lending risks and thereby reduce
the potential liability from enforcement actions and adverse exam
findings requiring remedial action.
The rule's data collection will also provide an unprecedented
window into the small business lending market, and such transparency
may benefit financial institutions. Comprehensive information on small
business credit applications and originations are currently
unavailable. The data made public pursuant to this rule will allow
financial institutions to better understand the demand for small
business credit products and the conditions under which they are being
supplied by other covered financial institutions.
Comments on the Bureau's estimation of the benefits to covered
financial institutions. The Bureau sought comment on its analysis of
potential benefits to covered financial institutions as set forth in
the NPRM. A broad range of commenters, including lenders, community
groups, small business owners, business advocacy groups, and others,
asserted that the final rule will provide an unprecedented window into
the small business lending market and thereby facilitate fair lending
enforcement.
However, several industry commenters suggested that the Bureau
overstated the benefits of the data collection to financial
institutions. To reiterate some of the comments in the previous
section, a trade association stated that they do not believe the
Bureau's rule to implement section 1071 would provide ``any significant
benefit'' to financial institutions. Two banks said there will be
``minimal'' benefit to their clients, to their communities, and to
themselves. Another trade association noted that lenders are likely
already highly aware of the market in which they lend, especially
considering that small business loans often require a relatively high
degree of customization. Several industry commenters said the
usefulness of standardized data is undercut by the fact that small
business lending by small lenders is highly specialized to accommodate
the highly individualized nature of each business.
The Bureau describes in detail above the potential benefits to
financial institutions. The Bureau acknowledges that many lenders may
have a high awareness of the local markets in which they lend but
believes that the data will still shed light on additional information
about areas where lenders do not currently operate and may also shed
light on currently underserved markets within the areas lenders
currently operate. Comprehensive, application-level data on small
business lending will provide financial
[[Page 35507]]
institutions better understand their local markets as well as
information about markets which they do not currently serve.
3. Costs to Covered Financial Institutions
i. One-Time Costs to Covered Financial Institutions
Using the methodology described in part IX.E.1 above, Table 11
shows the estimated total expected one-time costs of the final rule for
the first eight cost categories for financial institutions covered by
the final rule as well as a breakdown by the eight component categories
that comprise the one-time costs for Type A DIs, Type B DIs, Type C
DIs, and Non-DIs.\949\ The final cost category, hiring costs, is
discussed later in this section. The Bureau notes that the estimated
costs presented in Table 11 differ slightly from the estimated costs
presented in the NPRM. This difference comes only from the update in
wages between the two calculations due to a release of new data.
---------------------------------------------------------------------------
\949\ The estimated one-time costs by cost category for each FI
type is the sum of the wages multiplied by the estimated staff hours
plus the non-salary expenses. For example, the Bureau expects that
for preparation and planning for the final rule, on average, a Type
A DI will pay senior staff $95.10 x 38 hours (= $3,613.80), mid-
level staff $55.40 x 43 hours (= $2,382.20), and junior staff $22.37
x 21 hours (= $469.77). The total estimated cost is $6,465.77,
rounded to $6,500, because Type A DI is not expected to pay non-
salary expenses for preparation and planning.
---------------------------------------------------------------------------
Table 12 shows the estimated number of junior, mid-level, and
senior staff hours and non-salary expenses for each component activity
for Type A DIs. Tables 13 through 15 show the same estimates for Type B
DIs, Type C DIs and Non-DIs respectively. As discussed above, the
Bureau estimates all one-time costs to covered financial institutions
using the One-Time Cost Survey results.
Table 11--Estimated One-Time Costs by Cost Category and FI Type
----------------------------------------------------------------------------------------------------------------
Category Type A DI Type B DI Type C DI Non-DI
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................ $6,500 $7,400 $20,500 $13,900
Updating computer systems....................... 17,000 17,400 6,900 57,300
Testing/validating systems...................... 11,100 3,200 11,400 7,600
Developing forms/applications................... 4,300 3,200 4,600 4,400
Training staff and third parties................ 3,500 3,900 5,300 3,100
Developing policies/procedures.................. 4,200 2,500 3,600 4,300
Legal/compliance review......................... 7,700 3,000 7,300 3,900
Post-implementation review...................... 5,000 4,300 18,000 1,700
---------------------------------------------------------------
Total....................................... 59,400 44,800 77,800 96,400
----------------------------------------------------------------------------------------------------------------
Table 12--Estimated Staff Hours and Non-Salary Expenses by Cost Category for Type A DIs
----------------------------------------------------------------------------------------------------------------
Mid-level Non-salary
Category Senior hours hours Junior hours expenses
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................ 38 43 21 0
Updating computer systems....................... 34 52 41 $10,000
Testing/validating systems...................... 18 52 41 5,600
Developing forms/applications................... 14 34 51 0
Training staff and third parties................ 18 26 16 0
Developing policies/procedures.................. 24 30 11 0
Legal/compliance review......................... 28 26 15 3,300
Post-implementation review...................... 26 38 19 0
---------------------------------------------------------------
Total....................................... 200 301 215 18,900
----------------------------------------------------------------------------------------------------------------
Table 13--Estimated Staff Hours and Non-Salary Expenses by Cost Category for Type B DIs
----------------------------------------------------------------------------------------------------------------
Mid-level Non-salary
Category Senior hours hours Junior hours expenses
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................ 50 35 21 $200
Updating computer systems....................... 25 20 12 13,600
Testing/validating systems...................... 18 19 12 100
Developing forms/applications................... 21 14 7 200
Training staff and third parties................ 23 29 20 400
Developing policies/procedures.................. 16 13 7 100
Legal/compliance review......................... 14 16 5 700
Post-implementation review...................... 15 22 27 1,100
---------------------------------------------------------------
Total....................................... 182 168 111 16,400
----------------------------------------------------------------------------------------------------------------
Table 14--Estimated Staff Hours and Non-Salary Expenses by Cost Category for Type C DIs
----------------------------------------------------------------------------------------------------------------
Mid-level Non-salary
Category Senior hours hours Junior hours expenses
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................ 92 190 37 $500
Updating computer systems....................... 6 46 35 3,000
[[Page 35508]]
Testing/validating systems...................... 34 110 50 1,000
Developing forms/applications................... 13 46 34 100
Training staff and third parties................ 11 61 36 100
Developing policies/procedures.................. 14 30 14 300
Legal/compliance review......................... 9 56 44 2,300
Post-implementation review...................... 3 246 103 1,800
---------------------------------------------------------------
Total....................................... 182 785 353 9,100
----------------------------------------------------------------------------------------------------------------
Table 15--Estimated Staff Hours and Non-Salary Expenses by Cost Category for Non-DIs
----------------------------------------------------------------------------------------------------------------
Mid-level Non-salary
Category Senior hours hours Junior hours expenses
----------------------------------------------------------------------------------------------------------------
Preparation/planning............................ 38 47 29 $7,100
Updating computer systems....................... 27 147 39 45,700
Testing/validating systems...................... 26 24 39 2,900
Developing forms/applications................... 30 15 19 300
Training staff and third parties................ 14 18 17 400
Developing policies/procedures.................. 32 15 14 200
Legal/compliance review......................... 26 18 11 200
Post-implementation review...................... 16 2 1 100
---------------------------------------------------------------
Total....................................... 209 286 169 56,900
----------------------------------------------------------------------------------------------------------------
The Bureau estimates that updating computer systems will be the
biggest driver of one-time costs for Type A DIs, Type B DIs, and Non-
DIs. Type A DIs and Type B DIs are expected to spend similar amounts on
updating computer systems, but Type A DIs would rely somewhat more on
staff.
The Bureau expects that Non-DIs will have the highest one-time
costs and the highest costs to update computer systems. To update
computer systems, Non-DIs will rely on mid-level staff and third-party
vendors. Non-DIs will also spend relatively more on preparation and
planning than Type A DIs or Type B DIs. These estimates are consistent
with the expectation that Non-DIs will incur higher costs because they
are less likely to already report data to regulators.
The Bureau estimates that the biggest drivers of one-time costs for
Type C DIs will be preparation and planning and post-implementation
review. These depository institutions will generally rely on mid-level
staff to implement the required one-time changes and, in particular,
will rely on mid-level staff for these two key activities. The Bureau
estimates that Type C DIs will spend the most of all financial
institution types on staff hours to implement one-time changes and the
least on non-salary expenses.
The Bureau estimates that one-time costs will be higher for Type A
DIs than for Type B DIs. These two types of depository institutions
have similar estimated costs for most activities, but Type A DIs are
expected to spend more on testing/validating systems and legal/
compliance review.
In addition to these one-time costs, the Bureau estimates the one-
time hiring costs for the additional FTEs a financial institution
expects to hire based on the number of applications the institution
expects to receive each year. In the ongoing cost discussion in part
IX.F.3.ii below, the Bureau explains how it estimates the number of
staff hours per application required to comply with the final rule on
an ongoing basis. The Bureau estimates that a Type A FI requires 1.1
hours per application, a Type B FI requires 1.6 hours per application,
and a Type C FI requires 0.83 hours per application.
For the purposes of exposition, the Bureau presents the estimated
number of FTEs for representative financial institutions. For the
market-level estimates, the Bureau estimates the number of staff hours
required based on the estimated number of applications each depository
institution receives.
The representative Type A FI receives 100 applications annually,
requiring 110 hours to comply with the final rule.\950\ Under the
assumptions described in part IX.E.1 above, the representative Type A
FI will need to hire one additional FTE at a one-time cost of $4,425 to
cover the expected annual staff hours required to comply with the rule
on an ongoing basis. This additional staff will also be able to cover
the staff hours required to implement one-time changes because, on
average, a Type A DI will require 716 staff hours for one-time changes
(see Table 12). The Bureau estimates that the representative Type A DI
will incur total one-time costs of $63,825 to implement the final rule.
---------------------------------------------------------------------------
\950\ The Bureau discusses a representative Type A FI that will
not be covered by the final rule to make the final estimates easier
to compare with those in the NPRM and to highlight what the costs of
the rule would have been for a financial institution that is not
covered by the final rule.
---------------------------------------------------------------------------
The representative Type B FI receives 400 applications annually,
requiring 654 hours to comply with the final rule. This FI will need to
hire one additional FTE at a one-time cost of $4,425. This additional
staff will also be able to cover the 461 staff hours, on average,
required to implement one-time changes for a Type B DI. The Bureau
estimates that the representative Type B DI will incur total one-time
costs of $49,225 to implement the final rule.
The representative Type C FI receives 6,000 applications annually,
requiring 5,009 hours to comply with the final rule. This FI will need
to hire 3 additional FTE at a one-time cost of $13,275. This additional
staff will also be able to cover the 1,320 staff hours, on average,
required to implement one-time changes for a Type C DI. The Bureau
estimates that the representative Type C DI will incur total one-time
costs of $91,075 to implement the final rule.
[[Page 35509]]
The Bureau assumes that most nondepository institutions are
primarily Type B and Type C FIs, so the estimated staff hours to cover
ongoing tasks discussed above apply here. For one-time tasks, the
Bureau estimates that a nondepository institution will require about
664 staff hours, on average, to implement one-time changes. One
additional FTE would be sufficient to cover these hours if the
institution reallocates some tasks across staff. The Bureau estimates
that the representative Non-DI will incur total one-time costs of
$100,825 to implement the final rule.
As mentioned above, the Bureau realizes that one-time costs vary by
institution due to many factors, and that this variance exists on a
continuum that is impossible to fully represent. The Bureau focuses on
representative types of financial institutions in order to generate
practical and meaningful estimates of costs. As a result, the Bureau
expects that individual financial institutions will have slightly
different one-time costs than the average estimates presented here.
The One-Time Cost Survey instructed respondents to assume that
covered institutions would be required to report data at the
application level on small business financing that constitutes
``credit'' for purposes of ECOA for the 13 statutorily mandated data
points one time per year, and be responsible for validating the
accuracy of all data. Respondents were further instructed to use their
own institution's internal definition of small business, assume the
Regulation B definition of an application, and assume a reporting
structure similar to that under HMDA. Finally, respondents were
instructed to not include any costs associated with creating a firewall
(that is, shielding applicants' protected demographic information from
certain employees). As such, respondents estimated one-time costs
assuming that the final rule would be different in some ways from what
the Bureau described as the requirements in the survey. One small
entity representative provided feedback during the SBREFA Panel that it
was hard to estimate one-time costs in the survey without knowing all
the details of the rule. The Bureau sought comment on the one-time
costs associated with the additional data points it proposed but did
not receive any information on which to base estimates. The Bureau
expects that accounting for the additional data points would only
increase the one-time cost estimates by a small amount because most of
the one-time costs come from a financial institution moving from not
reporting 1071 data to being required to report such data.
The Bureau estimates that the overall market impact of one-time
costs for depository institutions will be between $147,000,000 and
$159,000,000.\951\ These estimates include between $47,700,000 and
$49,700,000 that depository institutions are estimated to spend on
hiring additional staff.\952\ Using a 7 percent discount rate and a
five-year amortization window, the annualized one-time costs for
depository institutions will be $35,700,000 to $38,600,000. The Bureau
estimates that the overall market impact of one-time costs for
nondepository institutions will be $59,800,000. This estimate includes
the $3,630,000 that nondepository institutions are estimated to spend
on hiring additional staff. Using a 7 percent discount rate and a five-
year amortization window, the annualized one-time costs for
nondepository institutions will be $15,500,000. As a frame of reference
for these market-level one-time cost estimates, the estimated total
non-interest expenses from the FFIEC and NCUA Call Reports for
depository institutions that the Bureau estimates would be covered
under the proposed rule was between $407 billion and $410 billion in
2019.\953\ The upper bound estimate of total one-time costs is
approximately 0.04 percent of the total annual non-interest expenses.
---------------------------------------------------------------------------
\951\ The Bureau notes that the variation in this range comes
primarily from the uncertainty in the number of originations made by
small banks and savings associations. The range does not fully
account for the uncertainty associated with estimates of the one-
time costs for each type of institution.
\952\ The Bureau notes that the estimated hiring costs for the
largest depository institutions may be an upper bound on the
eventual realized costs and may be inflating the total hiring costs
for depository institutions. The Bureau's methodology for estimating
hiring costs implies that financial institutions with the most
applications will need to hire several hundred employees to comply
with the final rule. However, the Bureau anticipates that the
largest institutions will likely save on these costs by automating
some processes instead of hiring staff.
\953\ The Bureau estimates this number by summing non-interest
expenses over DIs that it estimates will be covered by the final
rule.
---------------------------------------------------------------------------
The Bureau estimated that the overall market impact of one-time
costs from the NPRM would have been between $218,000,000 and
$229,000,000 for depository institutions and $94,400,000 for
nondepository institutions. The estimated market impacts for the final
rule are lower than the estimated impacts from the NPRM because, based
on changes made to the thresholds for the coverage of financial
institutions in the final rule, the Bureau estimates that fewer
financial institutions will be covered by the final rule. The estimates
are also different because in the estimates for the final rule, the
Bureau updated wages and included hiring costs.
Comments on the one-time cost estimates of the proposed rulemaking.
In the NPRM, the Bureau sought comment on its analysis of one-time
costs. A few industry commenters expressed the difficulty in estimating
these costs. Several other industry comments provided an overall
estimate of what they believed the overall one-time costs would be for
their institution. These estimates ranged from slightly less than to
considerably higher than the Bureau's estimates from the NPRM. For
example, a bank with about 300 small business originations per year (a
Type B DI in the Bureau's framework) estimated that the one-time
implementation costs would be about $36,000. Another bank commenter
estimated that it would cost well over $100,000 to implement changes.
A few industry commenters provided estimates of the costs
associated with the individual cost categories used by the Bureau to
estimate one-time costs. A few commenters provided estimates of the
costs associated with updating computer systems in terms of staff hours
or software (non-salary) expenses. For example, a State bankers
association conveyed an estimate by a member of $5,000 for 1071 data
submission software. A credit union commented that it anticipates
initial costs of up to $100,000 to reconfigure or replace current
reporting systems. A few other commenters provided estimates for other
categories. For example, one credit union that originates about 150
small business loans per year estimated that staff would require 200
hours of training to prepare for the rule. A bank commented that it
would require 30 to 80 hours to develop policies and procedures.
The Bureau has reviewed these estimates and considered the
information reported by the commenters, together with the existing
evidence provided in the one-time cost survey. The Bureau reiterates
that the costs of implementing the rule are all institution-specific.
As discussed above, the one-time cost estimates should be considered
the average expected costs for an institution based on the complexity
of the institution's operations. In addition, the Bureau expects that
financial institutions will use a variety of methods to prepare for the
rule. Some institutions will update systems using staff, while other
institutions will purchase updates from third-party vendors. For
example, one institution might use 50 staff hours to
[[Page 35510]]
update computer systems and another institution might pay $10,000 for
an updated system. In this case, the Bureau would estimate that, on
average, an institution would use 25 staff hours and $5,000 to update
computer systems. For another example, a group of trade associations
estimated, based on a survey of their members, that it would cost about
$40,000 on average for small institutions to update commercial loan
software. However, they also estimate that only a third of small
institutions would need to update the software. This implies that the
average cost associated with updating computer systems, including
financial institutions that spend $0, is about $13,000, much closer to
the Bureau's non-salary costs of updating computer systems for Type A
DIs of $10,000. Overall, the trade association presented estimates only
moderately higher than the Bureau's, after accounting for DIs that do
not need to update computer systems. The Bureau considers most
estimates provided by commenters as broadly consistent with the
Bureau's one-time cost estimates.
A few industry commenters asserted that the firewall would be very
costly to implement. However, the Bureau believes that, based on
comments made on the firewall provision, it would not be feasible for
many financial institutions to implement the firewall. In that case,
the financial institution would be permitted to determine that one or
more employees or officers should have access to protected demographic
information and provide a notice to applicants informing them that
employees and officers involved in making determinations regarding
their applications may have access to protected demographic
information. As a result, the Bureau has not changed its one-time cost
estimates based on the cost of implementing the firewall.
Many industry commenters specifically stated that the Bureau
underestimated one-time costs. Most of these commenters considered the
training costs as too low and a few others thought that the technology
costs were too low. Some commenters stated that staff would require
multiple follow up training sessions to prepare for implementing the
rule. However, none of the commenters provided specific information on
how much training or technology would cost. The Bureau has not changed
the training or technology cost estimates, preferring to rely on the
evidence provided through the One-Time Cost Survey.
Many industry commenters expressed concern about being unable to
implement the necessary one-time changes in the proposed 18-month
implementation time. Several commenters noted the trial and error
nature of implementing a new regulation and that this process could
take a long time. Several other industry commenters said that third-
party software providers would require significant time to develop new
technology to comply with the proposed rule and financial institutions
would still need to test the technology, conduct due diligence, and
develop policies and procedures. A few others commented that small
financial institutions, and particularly those unfamiliar with Federal
reporting regimes like HMDA, would find it more difficult to implement
one-time changes in time to comply with the proposed 18-month timeline.
On the one-time costs survey, the Bureau did not ask about the time to
make changes to prepare to comply with the eventual rule, nor did it
specify an assumed time-frame. The Bureau interprets the survey
responses as realistic estimates conditional on having enough time to
implement changes. The comments received suggest that most financial
institutions, particularly those that receive relatively fewer small
business credit applications, would not have had enough time to
implement changes in the proposed 18 months. The Bureau expects that
the adoption of tiered compliance dates in the final rule, giving most
lenders 24 or 33 months to comply with the rule, will give most
financial institutions enough time to implement one-time changes in a
manner consistent with the Bureau's estimates.
Several industry commenters asserted that the cost of complying
with the proposed rule for small entities would be relatively higher
than for larger entities. For example, a trade association commented
that smaller banks will not be able to exploit the economies of scale
necessary to mitigate costs. The Bureau has tried to account for some
of these differences by estimating the costs for the different
representative types of institutions. The Bureau in its final rule
increased the reporting activity threshold from the proposed 25 covered
originations in each of the two preceding calendar years to 100 covered
originations in each of the two preceding calendar years. The Bureau
estimates that many small financial institutions will no longer be
required to report 1071 data because of this change in the coverage of
financial institutions in the final rule.
ii. Ongoing Costs to Covered Financial Institutions
Using the methodology described in part IX.E.2 above, Table 16
shows the total expected annual ongoing costs of the final rule as well
as a breakdown by the component 15 activities that comprise the ongoing
costs for Type A FIs, Type B FIs, and Type C FIs. The bottom of the
table shows the total estimated annual section 1071 ongoing compliance
cost for each type of institution, along with the total cost per
application the financial institution processes. To produce the
estimates in Table 16, the Bureau used the calculations described in
Tables 8 and 9 above and the assumptions for each activity in Table 10.
In the following analysis, the Bureau provides examples of these cost
calculations for the largest drivers of ongoing costs.
Compared to the NPRM, these estimated ongoing costs account for
several changes. The first is a change in the assumed compensation for
an hour of employee time, which was discussed in IX.E.2. The second is
the inclusion of an additional data point, the LGBTQI+-owned indicator.
Lastly, the new estimates account for an increased estimate of ongoing
training costs in response to comments received, which is discussed in
more detail in the comment review below. Besides these changes, the
methodology for estimating ongoing costs remains the same as with
respect to the proposed rule, unless explicitly stated otherwise.
Table 16--Estimated Ongoing Costs per Compliance Task and FI Type
----------------------------------------------------------------------------------------------------------------
Number Activity Type A FI Type B FI Type C FI
----------------------------------------------------------------------------------------------------------------
1................................. Transcribing data........... 1,108 2,110 31,657
2................................. Resolving reportability 222 443 665
questions.
3................................. Transfer to 1071 data 1,108 0 0
management software.
4................................. Complete geocoding data..... 139 554 300
5................................. Standard annual edit and 510 11,126 27,972
internal checks.
6................................. Researching questions....... 275 551 826
[[Page 35511]]
7................................. Resolving question responses 0 0 0
8................................. Checking post-submission 7 26 105
edits.
9................................. Filing post-submission 14 14 14
documents.
10................................ 1071 data management 0 8,000 13,650
software/geocoding software.
11................................ Training.................... 1,336 6,681 44,542
12................................ Internal audit.............. 0 443 127,642
13................................ External audit.............. 3,500 5,000 0
14................................ Exam preparation............ 14 4,432 26,592
15................................ Exam assistance............. 116 698 4,654
-----------------------------------------------
Total.................... $8,349 $40,079 $278,618
Per application.......... $83 $100 $46
----------------------------------------------------------------------------------------------------------------
The Bureau estimates that a representative low complexity
institution (i.e., a Type A FI) would incur around $8,349 in total
annual ongoing costs, or about $83 in total cost per application
processed (assuming a representative 100 applications per year). For
financial institutions of this type, the largest driver of ongoing
costs is the fixed cost of the external audit, $3,500. Besides the
audit cost, the largest drivers of the ongoing costs are activities
that require employee time to complete. Activities like transcribing
data, transferring data to the data management software, standard edits
and internal checks, and training all require loan officer time. The
Bureau expects training (activity number 11) to cost approximately
$1,336 annually for six representative loan officers and an equivalent
number of other staff to engage in two hours of training. The Bureau
expects other time-dependent activities to cost around $1,000 each. For
example, the Bureau assumes that Type A FIs will spend around 19 hours
transferring data to 1071 data management software (activity number 3)
based on estimates of the required time to transfer data to HMDA data
management software. At the assumed hourly compensation, our estimate
is around $1,108 for the Type A FI institutions to transfer data. An
assumption of around 18 total hours to conduct standard annual editing
checks (activity number 5) with some savings assumed due to an online
submission platform that automatically checks for errors, results in an
estimated annual ongoing cost of $510.
The Bureau estimates that a representative middle complexity
institution (i.e., a Type B FI), which is somewhat automated, would
incur approximately $40,079 in additional ongoing costs per year, or
around $100 per application (assuming a representative 400 applications
per year). The largest components of this ongoing cost are the expenses
of the small business application management software and geocoding
software (activity number 10) in the form of an annual software
subscription fee, and the external audit of the data (activity number
13). Using interviews of financial institutions conducted to determine
compliance costs with HMDA, the Bureau found mid-range HMDA data
management systems to be approximately $8,000 in annual costs; the
Bureau believes that cost would be comparable in the small business
lending context and thus applies that estimate here. This analysis
assumes that the subscription purchase would be separate from HMDA
management systems, but the development of a software to jointly manage
HMDA and small business lending-related data would likely result in
cost savings for both products. The Bureau also estimates that a Type B
FI would spend around $5,000 on external audits of their small business
loan application data. The Type B FI incurs employee time-related fixed
costs conducting internal checks ($11,126), training ($6,681), and
prepping for examinations ($4,432) but saves time and expense on data
entry and geocoding by using data management software. As an example,
the Bureau expects Type B FIs to have two full-time employees spend 40
hours each to prepare for an examination (activity number 14) resulting
in a cost of $4,432, and have employees spend around 12 hours assisting
with an examination (activity number 15) costing $698 annually.
The Bureau estimates a representative high complexity institution
(i.e., a Type C FI), would incur $278,618 of annual ongoing costs, or
$46 per application (assuming a representative 6,000 applications per
year). The largest driver of costs for a Type C FI is the employee time
required to conduct an internal audit. The assumed 2,304 hours of
employee time results in nearly $127,642 of ongoing costs annually.
Exam preparation, training, and standard annual and internal checks
would be expected to cost $26,592, $44,542, and $26,592 each year,
respectively. The Bureau also assumes that a Type C institution would
need a subscription to a small business data management software near
the upper bound of the range found in interviews with financial
institutions during the 2015 HMDA rulemaking, of $13,650.
The Bureau estimates that the total annual ongoing costs for
depository institutions will be between about $297,000,000 and
$313,000,000 per year, about $190,000,000 to $199,000,000 of which will
be annual variable costs. The Bureau estimates that the total annual
ongoing costs for nondepository institutions would be about
$48,700,000, about $9,900,000 of which would be annual variable costs.
The Bureau estimated that the total annual ongoing costs from the
NPRM would have been between $310,000,000 and $330,000,000 for
depository institutions and $62,300,000 for nondepository institutions.
The estimated total ongoing costs decreased between the proposal and
the final rule because the Bureau raised the financial institution
coverage threshold from 25 to 100 covered originations in each of the
two preceding calendar years. However, the cost estimates per
institution increased because the Bureau, taking into account comments
received on the proposed rule, raised the ongoing costs per application
by changing training costs. These changes almost offset each other
because, while the final rule covers about 2,200 fewer institutions
relative to the proposal due to the change in the financial institution
coverage threshold, these institutions that are no longer covered had
the fewest number of applications, and ongoing costs are commensurate
with the number of applications.
To understand the impacts of these cost estimates on the profits of
[[Page 35512]]
depository institutions, the Bureau estimates the average total net
income across all products per small business origination for all DIs
by type.\954\ There is no comprehensive published source of data on
profits earned on small business credit transactions. The Bureau
presents estimates of total net income per origination as an indication
of a financial institution's ability to cover the additional expenses
associated with the final rule. The Bureau relies on its estimates of
originations for each depository institution, described in part IX.D.
and its Supplemental estimation methodology for institutional coverage
and market-level cost estimates in the small business lending
rulemaking. The Bureau estimates that banks and savings associations of
Type A that will be covered by the final rule have an average net
income per origination between $134,000 and $167,000. Credit unions of
Type A that will be covered by the final rule have an average net
income per origination of $144,000. Assuming two applications per
origination, a covered bank or savings association of Type A has a net
income per application of approximately $67,000 to $83,000 and a
covered credit union of the same type has a net income per application
of about $72,000. The Bureau estimates that covered banks and savings
associations of Type B have an average net income per origination
between $65,000 and $75,000 or a net income per application between
$33,000 and $38,000. The Bureau estimates that covered credit unions of
Type B have an average net income per origination of $229,000 or an
average net income per application of $115,000. The Bureau estimates
that covered banks and savings associations of Type C have a net income
per origination between $252,000 and $278,000, or, assuming three
applications per origination, a net income per application between
$84,000 and $93,000. The Bureau estimates that covered credit unions of
Type C have an average net income per origination of $8,000, and
average net income per application of about $4,000. The Bureau notes
that these estimates are slightly higher than reported in the proposal
due to the higher financial institution coverage threshold in the final
rule.
---------------------------------------------------------------------------
\954\ There are no broadly available data on profit per
application for nondepository institutions. The Bureau uses the
FFIEC Bank and NCUA Credit Union Call Report data from December 31,
2019, accessed on June 25, 2021. The Bureau uses the same internal
estimates of small business loan originations as discussed in part
VI.B above and total net income across all products. For estimates
of net income per origination and per application, the Bureau uses
only net income per origination for depository institutions with
over 25 originations in 2019.
---------------------------------------------------------------------------
With the publicly disclosed data, users would be able to assess
fair lending risks at the institution and market level, furthering
section 1071's fair lending purpose. Several commenters to the Bureau's
2017 request for information expressed concerns, however, about costs
related to these analyses.\955\ During the SBREFA process, some small
entity representatives were concerned that published 1071 data could be
used against financial institutions in class action litigation or to
harm their public reputations.\956\ Depending on the extent of publicly
disclosed data, the Bureau expects that some financial institutions
could incur ongoing costs responding to reports of disparities in their
small business lending practices. Some financial institutions could
also experience reputational risks associated with high profile reports
of existing disparities where more complete analysis of its business
practices would conclude that the disparities do not support a finding
of discrimination on a prohibited basis. In anticipation of needing to
respond to outside analysis and potential reputational risks, it is
possible that some financial institutions may choose to change their
product offerings available to small businesses, underwriting or
pricing practices, or overall participation in the small business
lending market. Several commenters expressed similar concerns that fair
lending analyses on incomplete data could lead to false positives
(i.e., determinations of fair lending violations where none have
occurred), that false positives could lead to reputational risk, and
that lenders could change their lending behavior to avoid the potential
for false positives. These costs associated with reputational risks are
difficult to quantify, and commenters on the proposed rule did not
provide any specific estimates of these costs.
---------------------------------------------------------------------------
\955\ 82 FR 22318 (May 15, 2017).
\956\ For example, one small entity representative was concerned
that published 1071 data could lead to increased litigation and thus
a higher cost of credit for small businesses. Another expressed
concern that pricing information could be misinterpreted by users of
1071 data (for example, according to the small entity
representative, higher pricing for one race might be used to infer
discrimination when the pricing was in fact unrelated to the race of
the applicant). Such a misinterpretation may cause reputational
damage and consequently decrease applications.
---------------------------------------------------------------------------
The Bureau also received feedback that financial institutions could
face potential costs with the publication of a public dataset under the
final rule either because potential clients would be concerned about
their data being collected or because of the additional competitive
pressure brought by a publicly available dataset. The costs associated
with customer privacy, reputational risk to financial institutions, and
additional competitive pressure for financial institutions are
difficult to quantify, and commenters on the proposed rule did not
provide any specific estimates of these costs.
Comments on the ongoing cost estimates of the proposed rulemaking.
Several industry commenters provided estimates of what they believed
the overall ongoing costs would be for their institution. These
estimates ranged from estimates that were quite similar to the Bureau's
estimate for institutions of similar small business credit volume to
estimates that were considerably higher than the Bureau's estimates.
For example, a group of trade associations estimated that institutions
under $500 million in assets, that on average originate 276 small
business loans annually, would incur $145 per origination in ongoing
cost. The Bureau's estimate in the proposal, for institutions of a
similar size was $178 per origination ($89 per application). At the
high end, a lender suggested over $1,000 per origination. The Bureau
has reviewed these estimates and considered the information provided by
the commenters.
The most voluminous category of comments was with respect to future
staffing needs in response to the proposed rule. While not specific to
any individual category of ongoing cost activity, a number of banks,
credit unions, and Farm Credit System lenders, and several trade
associations, described the need to hire additional staff to perform
several of the ongoing cost activities that require staff time. Many
provided estimates of the additional FTEs that the institution would
have to hire to comply with the proposed rule. These estimates ranged
from one additional FTE to up to 10 additional FTEs. A survey of
community banks by a national trade association found that 88 percent
of respondents would need to hire an additional FTE and, on average,
institutions would have to hire 2-3 FTEs. Several commenters asserted
that the hiring of additional staff alone showed that the Bureau's
ongoing cost estimates in the proposal were inadequate.
In the ongoing cost estimates of the Bureau's proposal, the Bureau
calculated the number of hours required to be spent on section 1071-
related tasks, without distinguishing between existing or newly-hired
staff. The Bureau assumes that the time spent on
[[Page 35513]]
section 1071-related tasks necessarily takes time away from otherwise
profitable activity to which the hours would be put in the rule's
absence. Since the Bureau is accounting for time spent in this way, the
Bureau believes that its estimates account for the additional staff
activity required to be spent to collect, check, and report data under
the final rule. For this reason, the Bureau did not change any staffing
time estimates, with the below exceptions.
However, hiring additional FTEs would lead some institutions to
incur one-time costs of hiring, including search and administrative
burden, that they would not have incurred in the absence of the final
rule. The Bureau categorizes this type of cost as a one-time cost,
where the institution staffs up to be able to comply with the final
rule. The Bureau is therefore incorporating the fixed cost of hiring
new staff in the manner described in part IX.E.1.
Several commenters also suggested that the specific ongoing costs
for training staff were too low in the proposal. As described in the
proposal, the Bureau received similar comments during the SBREFA
process, but wished to learn additional information through comments on
the proposed rule to better estimate the cost of training. Several
institutions provided specific annual costs of training employees or
estimates of the overall employee time. Others more generally described
the need to train more staff than just loan officers, but also
administrative and other staff.
The Bureau's ongoing costs estimates only reflected the assumed
training time required to train loan officers that directly handle the
underwriting process. Based on the comments, the estimates in this
final rule reflect a doubling of the number of assumed training hours
required on an annual basis in order to account for the additional
staff that would have to be trained on an annual basis besides simply
the loan officers.
Lastly, the Bureau received several comments specifically about the
ongoing cost of 1071 data management software. In addition to
confirming this as an appropriate category of ongoing cost activity,
several commenters provided specific estimates of the ongoing costs.
One commenter's estimate was similar to the estimates the Bureau
provided in its proposal, while others provided significantly larger
estimates. A survey by a national trade organization found ongoing
software cost estimates that were quite similar to the estimates the
Bureau provided in its proposal for institutions of Types B and C. As
an example, the survey average for institutions similar to Type B
institutions in the Bureau's proposal was around $7,000 per year, while
the Bureau's estimate in the proposal was $8,000. Taking this
information into account, the Bureau has not adjusted its ongoing cost
estimates of the annual cost of 1071 data management or geocoding
software.
4. Costs to Small Businesses
The Bureau expects that any direct costs of the final rule on small
businesses will stem from additional fields that the applicant may have
to complete on credit applications due to the final rule compared to a
financial institution's existing application process. This could
include information such as the race, ethnicity, and sex of the
principal owners or number of workers were not previously required on
business credit applications. However, the Bureau expects the cost of
completing the new section 1071 fields on applications to be
negligible. Therefore, the Bureau focuses the rest of the discussion on
the costs of small businesses to whether and how the Bureau expects
financial institutions to pass on the costs of compliance with the
final rule to small businesses and any possible effects on the
availability of small business credit.
Three types of costs (one-time, fixed ongoing, and variable
ongoing) have the potential to influence the price and availability of
credit to small businesses. In a competitive marketplace, standard
microeconomics suggests that lenders will extend loans up to the point
at which the revenue from granting an additional loan is equal to the
additional cost associated with the financial institution providing the
loan. One-time costs and fixed ongoing costs affect the overall
profitability of a lender's loan portfolio but do not affect the added
profit from extending an additional loan. Variable ongoing costs,
however, affect the profitability of each additional loan and will
influence the number of loans a lender provides. Based on the Bureau's
available evidence, it expects that the variable ongoing costs will be
passed on in full to small business credit applicants in the form of
higher prices or fees and does not expect there to be a significant
reduction in small businesses' ability to access credit.
One-time and fixed ongoing costs affect the overall profitability
of the loan portfolio and will be considered in the lender's decision
to continue supplying small business credit at their current levels.
The Bureau believes that a financial institution would find it
worthwhile to incur the one-time costs associated with complying with
the final rule if it expects to generate enough profit over multiple
years to cover those costs. Each year, a financial institution would
find it worthwhile to continue extending credit if the total expected
revenue from its chosen quantity of loans is greater than the sum of
its ongoing fixed and variable costs. As such, the Bureau believes a
financial institution would find it worthwhile to reduce their supply
of small business credit, even if it had already incurred the one-time
costs, if the total expected revenue from that year were less than the
total expected ongoing costs.\957\ As discussed in detail below, the
Bureau believes that a significant disruption in small business credit
supply is unlikely.
---------------------------------------------------------------------------
\957\ SBREFA Outline at 50-52. The small entity representative
feedback discussed herein can be found in the SBREFA Panel Report at
40.
---------------------------------------------------------------------------
In the One-Time Cost Survey, the Bureau asked respondents to rank a
list of potential actions they may take in response to the compliance
costs of implementing section 1071. Respondents ranked the following
list: ``Raise rates or fees on small business products''; ``Raise
rates/fees on other credit products''; ``Accept lower profits''; ``Exit
some geographic markets''; ``Tighten underwriting standards''; ``Offer
fewer or less complex products''; ``No longer offer small business
credit products''; or ``Other'' with two write-in options. Respondents
ranked these options from ``1'' to ``9'' indicating their most to least
likely responses, where ``1'' was the most likely.
In order to analyze these responses, the Bureau pooled data only
from respondents that answered both the ranking question and the number
of originations question. The Bureau implemented these restrictions to
the pool to eliminate responses from institutions that would not be
required to report under the final rule. Of the 105 total respondents
to the One-Time Cost Survey, 44 ranked every option and reported more
than 25 originations in the last year.\958\ The Bureau will henceforth
refer to these respondents as the ``impacts of implementation'' sample.
---------------------------------------------------------------------------
\958\ The Bureau discusses a representative Type A FI that will
not be covered by the final rule to make the final estimates easier
to compare with those in the NPRM and to highlight what the costs of
the rule would have been for a financial institution that is not
covered by the final rule. The Bureau includes survey respondents
with originations below the origination threshold to ensure a large
enough sample size for analysis.
---------------------------------------------------------------------------
Table 17 presents the potential responses to implementing section
1071 and the average ranking assigned by respondents in the impacts of
implementation sample. The responses
[[Page 35514]]
are listed in order of most to least likely on average, where a lower
average ranking number means that respondents ranked that response most
likely. These ranked responses shed light on potential disruptions to
small business credit supply as a result of the final rule's
implementation. Notably, respondents were least likely to report that
they would reduce their small business lending activity, with
respondents on average indicating that they would be more likely to
accept lower profits than to reduce their small business lending
activity.
Table 17--One-Time Cost Survey Responses to Impacts of Implementation
------------------------------------------------------------------------
Response Average ranking
------------------------------------------------------------------------
Raise rates or fees on small business products....... 1.77
Raise rates/fees on other credit products............ 2.93
Tighten underwriting standards....................... 3.73
Accept lower profits................................. 3.82
Offer fewer or less complex products................. 4.59
Exit some geographic markets......................... 5.75
No longer offer small business credit products....... 6.57
------------------------------------------------------------------------
Consistent with economic theory, respondents reported that they
would be most likely to raise rates or fees on small business products
and other credit products. The Bureau expects that the variable ongoing
costs would be passed on in full to small business credit applicants in
the form of higher prices or fees. Per application, the variable costs
are approximately $32, $26, and $7.5 for Type A FIs, Type B FIs, and
Type C FIs, respectively. Even if the variable costs were passed on in
full to small business applicants in the form of higher interest rates
or fees associated with a loan or line of credit, the Bureau expects
that this would comprise a small portion of the total cost of the
average loan to the small business applicant. Therefore, the Bureau
expects this increase in cost to have limited impact on the
availability or affordability of small business credit. The Bureau
estimates that the total market impact of these costs for small
businesses will be between $200,000,000 and $208,000,000.
The relative ranking of other survey response options provides
additional insight into the potential for small business credit supply
disruptions. In Table 17, financial institutions ranked ``tighten[ing]
credit standards,'' on average, in the middle of their potential
responses. The lowest three responses were ``offer fewer or less
complex products,'' ``exit some geographic markets,'' and ``no longer
offer small business credit products.'' For these reasons, the Bureau
believes the survey responses indicate limited likelihood of
significant small business credit supply disruptions.
The Bureau's total estimated one-time and ongoing costs are non-
negligible and could potentially affect the supply of small business
credit by financial institutions that do not regularly originate many
covered credit transactions. The Bureau's final institutional coverage
threshold of 100 covered credit transactions in two consecutive years
could prevent some low-volume financial institutions from reducing
small business lending activity in response to the compliance costs of
the final rule. For example, the Bureau estimates that a Type A DI
would incur one-time costs of $63,825 and fixed ongoing costs of
$5,195. A depository institution that originates very few covered
transactions every year may reduce its small business lending activity
if it does not expect that profits, even over several years, would
cover that one-time cost or if it does not expect annual revenues to
exceed the annual ongoing costs. However, based on the net income per
application estimates discussed above, and the responses to the One-
Time Cost Survey, the Bureau believes that institutions that are
covered under the final rule are unlikely to find either the one-time
costs of implementation or the ongoing costs of compliance a meaningful
influence in their business decision regarding small business lending
activity. It is possible that some lenders just above the coverage
threshold might reduce their small business lending to below the
threshold to avoid reporting but, even if this does occur, the Bureau
does not anticipate that this will significantly decrease aggregate
credit supply. Furthermore, the Bureau's findings from the respondents
to the One-Time Cost Survey (discussed above) additionally support the
Bureau's conclusion that the increase in compliance costs will likely
be passed through to customers in the form of higher prices or fees,
rather than a significant reduction in financial institutions'
willingness to supply small business credit.\959\
---------------------------------------------------------------------------
\959\ As stated in the SBREFA Panel Report at 40, ``[g]enerally,
[small entity representatives] did not suggest that they would leave
the small business lending market in response to increased costs
under the eventual 1071 rule.''
---------------------------------------------------------------------------
If the Bureau were to release the data in unmodified form, the
Bureau acknowledges there would be an ongoing risk of re-
identification, which may bring with it reputational risk for covered
financial institutions and more significant privacy risks for small
business applicants and related natural persons. Examples of such
scenarios and their potential risks are detailed in part VIII.B.4.ii.
See part VIII generally for more about how the Bureau's modification
and deletion decisions will mitigate these risks.
Comments on the Bureau's estimation of the costs to small
businesses. The Bureau sought comment on other potential costs to small
businesses not discussed above, and on its analysis of costs to small
businesses as described herein. Several trade associations conducted
their own surveys, which largely provided support for the Bureau's
estimations, specifically that price increases would be the most likely
response, and showed limited support for significant market exit.
A number of commenters, mainly lenders and trade associations,
described how they expected costs would be passed on to borrowers,
namely through higher interest rates or fees, though one lender said
they would not raise fees or restrict access to credit. Two trade
associations asserted the price of motor vehicles could increase
because of the rule's effect on automobile financing. Several industry
commenters who cited potential price increases also noted they might
have to reduce their overall volume of small business lending. Others
who cited potential price increases noted they might reduce the number
of product offerings, such as small dollar lending products or
insurance premium financing transactions.
Consistent with results from the Bureau's One-Time Cost Survey,
comments also provided little evidence to indicate that lenders would
exit the
[[Page 35515]]
small business credit market. While some lenders and trade associations
cited business exit as a potential consequence, only one lender stated
they themselves might consider exiting. A group of trade associations
noted that in the survey it administered to its own members, there
seemed to be little evidence that any of its own members would exit. A
few lenders and trade associations asserted that some smaller lenders
could exit the market due to increased regulatory burdens and costs. A
group of trade associations asserted lenders could even close
altogether or merge with other institutions.
One bank estimated how much of its portfolio would be affected by
compliance costs; if it were to stop offering loans of less than
$50,000 because it decided they were no longer profitable, it would
lose up to 59 percent of its agricultural and commercial customers, or
13 percent of its total lending volume. If the bank were to stop
offering loans of less than $10,000, it would lose 20 percent of its
agricultural and commercial loans, or 1 percent of its total lending
volume. The bank observed that because the percentage of customers
affected would be greater than the percentage of lending volume
affected, these estimates show that borrowers of small loan amounts
would be negatively impacted by the rule.
A few lenders noted that, other than price increases, decreased
competition from market exit could impact small businesses, namely a
lower degree of customization in loan processing and underwriting.
Several industry commenters claimed that processing times will increase
because of the collection of data fields required by the rule but not
otherwise collected in the normal course of business.
The Bureau believes that the comments generally supported the
Bureau's expectation that the most likely response to the compliance
costs of the final rule will be an increase in interest rates or fees
to pass on financial institutions' ongoing variable costs to small
business credit applicants. While the Bureau acknowledges the potential
for other effects, such as changes in product offerings, changes in
loan sizes, increased processing time, tightening of credit standards,
or a reduction in market participation by financial institutions, the
Bureau does not expect these effects to be large enough to
significantly impact the availability of small business credit.
Additionally, the Bureau expects that its increased coverage threshold
of one hundred loans for each of the two preceding years should reduce
the likelihood of reduced small business credit supply by financial
institutions who originate few loans per year.
5. Alternatives Considered
This section discusses two categories of alternatives considered:
other methods for defining a covered financial institution and limiting
the data points to those mandated by section 1071. The Bureau uses the
methodologies discussed in parts IX.D and IX.E to estimate the impacts
of these alternatives.
First, the Bureau considered multiple reporting thresholds for
purposes of defining a covered financial institution. In particular,
the Bureau considered whether to exempt financial institutions with
fewer than 25, 50, 200, or 500 originations in each of the two
preceding calendar years instead of 100 originations, as finalized in
the rule. The Bureau also considered whether to exempt depository
institutions with assets under $100 million or $200 million from
section 1071's data collection and reporting requirements.
Under a 25-origination threshold, which was proposed in the NPRM,
the Bureau estimates that about 4,000 to 4,200 depository institutions
would report, which is approximately 2,200 more depository institutions
relative to the final threshold of 100 originations. The Bureau
estimates that about 3,600 to 3,800 banks and savings associations and
about 400 credit unions would be covered under a 25-origination
threshold. The Bureau estimates that about 98 percent of small business
loans originated by depository institutions would be covered under a
25-origination threshold, an increase of about 4 percentage points
relative to the final rule. The Bureau does not have sufficient
information to precisely estimate how many more nondepository
institutions would report under this alternative threshold. The Bureau
estimates that the total one-time costs across all financial
institutions associated with a 25-origination threshold would be about
$338,000,000 to $350,000,000, an increase of about $132,000,000
relative to the 100-origination threshold. The Bureau estimates that
the total annual ongoing costs associated with the 25-origination
threshold would be about $392,000,000 to $413,000,000, an increase of
between $47,000,000 and $52,000,000 per year relative to the 100-
origination threshold.
Under a 50-origination threshold, the Bureau estimates that about
2,900 to 3,100 depository institutions would report, which is
approximately 1,100 more depository institutions relative to the final
threshold of 100 originations. The Bureau estimates that about 2,700 to
2,900 banks and savings associations and about 200 credit unions would
be covered under a 50-origination threshold. The Bureau estimates that
about 97 percent of small business loans originated by depository
institutions would be covered under a 50-origination threshold, an
increase of about 3 percentage points relative to the final rule. The
Bureau estimates that the total one-time costs across all financial
institutions associated with a 50-origination threshold would be about
$272,000,000 to $285,000,000, an increase of about $66,000,000 relative
to the 100-origination threshold. The Bureau estimates that the total
annual ongoing costs associated with this threshold would be about
$373,000,000 to $393,000,000, an increase of about $28,000,000 to
$32,000,000 per year relative to the 100-origination threshold. Again,
the Bureau does not have sufficient information to precisely estimate
how many more nondepository institutions would be required to report
under this alternative.
Under a 200-origination threshold, the Bureau estimates that about
1,000 to 1,100 depository institutions would report, which is
approximately 800 fewer depository institutions relative to the final
threshold of 100 originations. The Bureau estimates that about 900 to
1,100 banks and savings associations and fewer than 100 credit unions
would be covered under a 200-origination threshold. The Bureau
estimates that about 91 percent of small business loans originated by
depository institutions would be covered under a 200-origination
threshold, a decrease of about 3 to 4 percentage points relative to the
final rule. The Bureau estimates that the total one-time costs across
all financial institutions associated with a 200-origination threshold
would be about $159,000,000 to $167,000,000, a decrease of about
$47,000,000 to $51,000,000 relative to the 100-origination threshold.
The Bureau estimates that the total annual ongoing costs associated
with this threshold would be about $314,000,000 to $328,000,000, a
decrease of about $31,000,000 to $33,000,000 per year relative to the
100-origination threshold. The Bureau does not have sufficient
information to precisely estimate how many more nondepository
institutions would be required to report under this alternative.
Under a 500-origination threshold, the Bureau estimates that about
400 to 500 depository institutions would report, which is approximately
1,500 fewer depository institutions relative to the final threshold of
100 originations. The
[[Page 35516]]
Bureau estimates that about 400 to 500 banks and savings associations
and fewer than 20 credit unions would be covered under a 500-
origination threshold. The Bureau estimates that about 88 percent of
small business loans originated by depository institutions would be
covered under a 500-origination threshold, a decrease of about 3 to 6
percentage points relative to the final rule. The Bureau estimates that
the total one-time costs across all financial institutions associated
with a 500-origination threshold would be about $128,000,000 to
$131,000,000, a decrease of about $78,000,000 to $87,000,000 relative
to the 100-origination threshold. The Bureau estimates that the total
annual ongoing costs associated with this threshold would be about
$281,000,000 to $290,000,000, a decrease of about $64,000,000 to
$71,000,000 per year relative to the 100-origination threshold. The
Bureau does not have sufficient information to precisely estimate how
many more nondepository institutions would be required to report under
this alternative.
The Bureau's NPRM discussed the possibility of exempting depository
institutions with assets under $100 million or $200 million assets from
the final rule. For the purposes of considering these alternatives, the
Bureau estimates how institutional coverage and costs would be
different if the Bureau required a 25-origination threshold in addition
to an asset-based threshold for depository institutions. The Bureau
assumes that the alternative proposal would have been that a depository
institution would be required to report its small business lending
activity for 2019 if it had more than 25 originations in 2017 and 2018
and had assets over the asset-based threshold on December 31, 2018. The
Bureau further assumes that if two institutions merged in 2019 then the
resulting institution would be required to report if the sum of the
separate institutions' assets on December 31, 2018, exceeded the asset-
based threshold.
Under a $100 million asset-based and 25-origination threshold, the
Bureau estimates that between 3,500 and 3,600 depository institutions
would report, approximately 1,600 to 1,700 more depository institutions
relative to a 100-origination threshold with no asset-based threshold.
The Bureau estimates that about 3,100 to 3,300 banks and savings
associations and about 300 credit unions would be covered under a 25-
origination and $100 million asset-based threshold. The Bureau
estimates that about 98 percent of small business loans originated by
depository institutions would be covered under a 25-origination and
$100 million asset-based threshold, an increase of about 4 percentage
points relative to the final rule. The Bureau estimates that the total
one-time costs across all financial institutions associated with the
addition of a $100 million asset-based threshold would be about
$307,000,000 to $314,000,000, an increase of between $101,000,000 and
$104,000,000 relative to the final rule. The Bureau estimates that the
total annual ongoing costs associated with this threshold would be
about $383,000,000 to $403,000,000, an increase of about $38,000,000 to
$42,000,000 per year relative to the 100-origination threshold with no
asset-based threshold.
Under a $200 million asset-based and 25-origination threshold, the
Bureau estimates that about 2,700 depository institutions would report,
approximately between 700 and 900 fewer depository institutions
relative to a 100-origination threshold with no asset-based threshold.
The Bureau estimates that about 2,400 banks and savings associations
and about 300 credit unions would be covered under a 25-origination and
$200 million asset-based threshold. The Bureau estimates that about 96
percent of small business loans originated by depository institutions
would be covered under a 25-origination and $100 million asset-based
threshold, an increase of about 2 percentage points relative to the
final rule. The Bureau estimates that the total one-time costs across
all financial institutions associated with the addition of a $200
million asset-based threshold would be about $259,000,000 to
$264,000,000, an increase of between $46,000,000 and $53,000,000
relative to the final rule. The Bureau estimates that the total annual
ongoing costs associated with this threshold would be about
$364,000,000 to $380,000,000, an increase of about $19,000,000 per year
relative to the 100-origination threshold with no asset-based
threshold.
Second, the Bureau considered the costs and benefits for limiting
its data collection to the data points specifically enumerated in ECOA
section 704B(e)(2)(A) through (G). In addition to those data points,
the statute also requires financial institutions to collect and report
any additional data that the Bureau determines would aid in fulfilling
the purposes of section 1071. The final rule includes several
additional data points that rely solely on that latter authority in
section 704B(e)(2)(H). Specifically, the final rule requires that
financial institutions collect and report data on application method,
application recipient, denial reasons (for denied applications only),
pricing information (for applications that are originated or approved
but not accepted), NAICS code, number of workers, time in business, and
number of principal owners, all of which are adopted based on the
Bureau's authority pursuant to section 704B(e)(2)(H). The Bureau has
considered the impact of instead finalizing only the collection of
those data points enumerated in section 704B(e)(2)(A) through (G).
Requiring the collection and reporting of only the data points
enumerated in ECOA section 704B(e)(2)(A) through (G) would result in a
reduction in the fair lending benefit of the data compared to the final
rule. For example, not collecting pricing information would obscure
possible fair lending risk by covered financial institutions. Potential
discriminatory behavior is not limited to the action taken on an
application, but rather includes the terms and conditions under which
applicants can access credit. If the Bureau did not collect pricing
information, it would not be able to evaluate potential discriminatory
lending practices. As mentioned in part IX.F.1 above, several of the
data points the Bureau is finalizing under its ECOA section
704B(e)(2)(H) authority are critical to conducting more accurate and
complete fair lending analyses. A reduction in the rule's ability to
facilitate the enforcement of fair lending laws would negatively impact
small businesses and small business owners and thus run counter to that
statutory purpose of section 1071.
Limiting the rule's data collection to only the data points
required under the statute would also reduce the ability of the rule to
support the business and community development needs and opportunities
of small businesses, which is the other statutory purpose of section
1071. For example, not including pricing information would
significantly reduce the ability of communities, governmental entities,
and creditors to understand credit conditions available to small
businesses. Not including NAICS code or time in business would also
reduce the ability of governmental entities to tailor programs that can
specifically benefit young businesses or businesses in certain
industries.
Only requiring the collection and reporting of the data points
enumerated in ECOA section 704B(e)(2)(A) through (G) would have reduced
the annual ongoing cost of complying with the final rule. Under this
alternative, the estimated total annual ongoing costs for Type A FIs,
Type B FIs, and Type C FIs would be $7,644; $38,296 and $265,809,
[[Page 35517]]
respectively. Per application, the estimated ongoing cost would be $76,
$96, and $44 for Type A FIs, Type B FIs, and Type C FIs, respectively.
Under this alternative, the estimated total ongoing costs for Type A
FIs would be $705 less per year and $7 less per application than the
final rule; the estimated total ongoing costs for Type B FIs would be
$1,783 less per year and $4 less per application than the final rule;
and the estimated total ongoing costs for Type C FIs would be $12,809
per year and $2 per application than the final rule. The estimated
total annual market-level ongoing cost of reporting would be between
$326,000,000 and $340,000,000, or between about $19,000,000 to
$21,000,000 per year less than under the final rule. As discussed
above, respondents to the One-Time Cost Survey were instructed to
assume that they would only report the statutorily mandated data
fields. Hence, the Bureau can only estimate how ongoing costs would be
different under this alternative.
G. Potential Impact on Depository Institutions and Credit Unions With
$10 Billion or Less in Total Assets
As discussed above, the final rule will exclude financial
institutions with fewer than 100 originated covered credit transactions
in both of the two preceding calendar years. The Bureau believes that
the benefits of the final rule to banks, savings associations, and
credit unions with $10 billion or less in total assets will be similar
to the benefits to covered financial institutions as a whole, discussed
above. Regarding costs, other than as noted here, the Bureau also
believes that the impact of the final rule on banks, savings
associations, and credit unions with $10 billion or less in total
assets will be similar to the impact for covered financial institutions
as a whole. The primary difference in the impact on these institutions
is likely to come from differences in the level of complexity of
operations, compliance systems, and software, as well as number of
product offerings and volume of originations of these institutions, all
of which the Bureau has incorporated into the cost estimates using the
three representative financial institution types.
Based on FFIEC and NCUA Call Report data for December 2019, 10,375
of 10,525 banks, savings associations, and credit unions had $10
billion or less in total assets. The Bureau estimates that between
1,700 and 1,900 of such institutions would be subject to the final
rule. The Bureau estimates that the market-level impact of the final
rule on annual ongoing costs for banks, savings associations, and
credit unions with $10 billion or less in assets would be between
$124,000,000 and $140,000,000. Regarding one-time costs, the Bureau
estimates that the market-level impact of the final rule for banks,
savings associations, and credit unions with $10 billion or less in
assets would be between $102,000,000 and $114,000,000. Using a 7
percent discount rate and a five-year amortization window, the
estimated annualized one-time costs would be between $25,000,000 and
$28,000,000.
H. Potential Impact on Small Businesses in Rural Areas
The Bureau expects that small businesses in rural areas will
directly experience many of the benefits of the rule described above in
IX.F.1. Small businesses in rural areas will directly benefit from
facilitating the enforcement of fair lending laws and the enabling of
communities, governmental entities, and creditors to identify business
and community development needs and opportunities of women-owned,
minority-owned, and small businesses. As with all small businesses,
small businesses in rural areas may bear some indirect costs of the
rule. This would occur if financial institutions serving rural areas
are covered by the final rule and if those institutions pass on some or
all of their cost of complying with the final rule to small businesses.
The source data from CRA submissions that the Bureau uses to
estimate institutional coverage and market estimates provide
information on the county in which small business borrowers are
located. However, approximately 89 percent of all banks did not report
CRA data in 2019, and as a result the Bureau does not believe the
reported data are robust enough to estimate the locations of the small
business borrowers for the banks that do not report CRA data. The NCUA
Call Report data do not provide any information on the location of
credit union borrowers. Nonetheless, the Bureau is able to provide some
geographical estimates of institutional coverage based on depository
institution branch locations.
The Bureau used the FDIC's Summary of Deposits to identify the
location of all brick and mortar bank and savings association branches
and the NCUA Credit Union Branch Information to identify the location
of all credit union branch and corporate offices.\960\ A bank, savings
association, or credit union branch was defined as rural if it is in a
rural county, as specified by the USDA's Urban Influence Codes.\961\ A
branch is considered covered by the final rule if it belongs to a bank,
savings association, or credit union that the Bureau estimated would be
included if they exceed 100 originations in 2017 and 2018. Using the
estimation methodology discussed in part IX.D above, the Bureau
estimates that about 65 to 70 percent of rural bank and savings
association branches and about 95 percent of non-rural bank and savings
association branches would be covered under the final rule. The Bureau
estimates that about 14 percent of rural credit union branches and
about 11 percent of non-rural credit union branches would be covered
under the final rule.\962\
---------------------------------------------------------------------------
\960\ See Fed. Deposit Ins. Corp., Summary of Deposits (SOD)--
Annual Survey of Branch Office Deposits (last updated June 1, 2022),
https://www.fdic.gov/regulations/resources/call/sod.html. The NCUA
provides data on credit union branches in the quarterly Call Report
Data files. See Nat'l Credit Union Admin., Call Report Quarterly
Data, https://www.ncua.gov/analysis/credit-union-corporate-call-report-data/quarterly-data (last visited Mar. 20, 2023).
\961\ This is a similar methodology as used in the Bureau's
rural counties list. See CFPB, Rural and underserved counties list,
https://www.consumerfinance.gov/compliance/compliance-resources/mortgage-resources/rural-and-underserved-counties-list/ (last
visited Mar. 20, 2023).
\962\ The Bureau notes that most credit union branches do not
belong to covered credit unions because most credit unions did not
report any small business loans in the NCUA Call Report data. Of the
5,437 credit unions that existed in December 2019, 4,359 (or 81.5
percent) reported no small business originations in 2017 or 2018.
---------------------------------------------------------------------------
In a competitive framework in which financial institutions are
profit maximizers, financial institutions would pass on variable costs
to future small business applicants, but absorb one-time costs and
increased fixed costs in the short run.\963\ Based on previous HMDA
rulemaking efforts, the following seven operational steps affect
variable costs: transcribing data, resolving reportability questions,
transferring data to a data entry system, geocoding, researching
questions, resolving question responses, and checking post-submission
edits. Overall, the Bureau estimates that the impact of the final rule
on variable costs per application is $32 for Type A FIs, $26 for Type B
FIs, and $7.50 for Type C FIs. The Bureau believes that the covered
financial institutions that serve rural areas will attempt to pass
these variable costs on to future small business applicants.
[[Page 35518]]
Amortized over the life of the loan, this expense would represent a
negligible increase in the overall cost of a covered credit
transaction.
---------------------------------------------------------------------------
\963\ If markets are not perfectly competitive or financial
institutions are not profit maximizers, then what financial
institutions pass on may differ. For example, they may attempt to
pass on one-time costs and increases in fixed costs, or they may not
be able to pass on variable costs. Furthermore, some financial
institutions may exit the market in the long run. However, other
financial institutions may also enter the market in the long run.
---------------------------------------------------------------------------
The One-Time Cost Survey can shed light on how financial
institutions that serve rural communities will respond to the final
rule. The Bureau asked respondents to the survey to report whether
their institution primarily served rural or urban communities or an
even mix. All respondents in the impacts of implementation sample
answered this question. Of the 44 respondents in the impacts of
implementation sample, 13 primarily serve rural communities, 15
primarily serve urban communities, and 16 serve an even mix. Table 18
presents the potential responses to implementing section 1071 and the
average ranking assigned by respondents that serve rural communities,
urban communities, an even mix, and all of the respondents in the
impacts of implementation sample. The responses are listed in order of
most to least likely on average across all respondents, where a lower
average ranking number means that respondents ranked that response most
likely. Respondents that primarily serve rural communities or an even
mix rank raising rates or fees on small business or other credit
products as the most likely response. These institutions also rank
exiting some geographic markets and no longer offering small business
credit products as the least likely response to a rule implementing
section 1071.
Table 18--One-Time Cost Survey Responses to Impacts of Implementation by Type of Community Served
----------------------------------------------------------------------------------------------------------------
Rural (n = Urban (n = Even mix (n =
Response 13) 15) 16) All (n = 44)
----------------------------------------------------------------------------------------------------------------
Raise rates or fees on small business products.. 1.62 1.6 2.06 1.77
Raise rates/fees on other credit products....... 2.54 2.73 3.44 2.93
Tighten underwriting standards.................. 3.46 4.27 3.44 3.73
Accept lower profits............................ 3.77 4.2 3.5 3.82
Offer fewer or less complex products............ 4.62 4.07 5.06 4.59
Exit some geographic markets.................... 5.69 5.13 6.38 5.75
No longer offer small business credit products.. 6.62 6.13 6.94 6.57
----------------------------------------------------------------------------------------------------------------
The Bureau thus does not anticipate any material adverse effect on
credit access in the long or short term to rural small businesses.
X. Regulatory Flexibility Act Analysis
The Regulatory Flexibility Act (RFA) \964\ generally requires an
agency to conduct an initial regulatory flexibility analysis (IRFA) and
a final regulatory flexibility analysis (FRFA) of any rule subject to
notice-and-comment rulemaking requirements. These analyses must
``describe the impact of the proposed rule on small entities.'' \965\
An IRFA or FRFA is not required if the agency certifies that the rule
will not have a significant economic impact on a substantial number of
small entities.\966\ The Bureau also is subject to certain additional
procedures under the RFA involving the convening of a panel to consult
with small business representatives prior to proposing a rule for which
an IRFA is required.\967\
---------------------------------------------------------------------------
\964\ 5 U.S.C. 601 et seq.
\965\ 5 U.S.C. 603(a). For purposes of assessing the impacts of
the proposed rule on small entities, ``small entities'' is defined
in the RFA to include small businesses, small not-for-profit
organizations, and small government jurisdictions. 5 U.S.C. 601(6).
A ``small business'' is determined by application of SBA regulations
and reference to the NAICS classifications and size standards. 5
U.S.C. 601(3). A ``small organization'' is any ``not-for-profit
enterprise which is independently owned and operated and is not
dominant in its field.'' 5 U.S.C. 601(4). A ``small governmental
jurisdiction'' is the government of a city, county, town, township,
village, school district, or special district with a population of
less than 50,000. 5 U.S.C. 601(5).
\966\ 5 U.S.C. 605(b).
\967\ 5 U.S.C. 609.
---------------------------------------------------------------------------
In the proposal, the Bureau did not certify that the proposed rule
would not have a significant economic impact on a substantial number of
small entities within the meaning of the RFA. Accordingly, the Bureau
convened and chaired a Small Business Review Panel under SBREFA to
consider the impact of the proposals under consideration on small
entities that would be subject to the rule implementing section 1071
and to obtain feedback from representatives of such small entities. The
proposal preamble included detailed information on the Small Business
Review Panel. The Panel's advice and recommendations are found in the
Small Business Review Panel Final Report \968\ and were discussed in
the section-by-section analysis of the proposed rule.\969\ The proposal
also contained an IRFA pursuant to section 603 of the RFA. In this
IRFA, the Bureau solicited comment on any costs, recordkeeping
requirements, compliance requirements, or changes in operating
procedures arising from the application of the proposed rule to small
businesses; comment regarding any Federal rules that would duplicate,
overlap or conflict with the proposed rule; and comment on alternative
means of compliance for small entities. Comments addressing individual
provisions of the proposed rule are addressed in the section-by-section
analysis above. Comments addressing the impact on small entities are
discussed below. Many of these comments implicated individual
provisions of the final rule or the Bureau's Dodd-Frank Act section
1022 discussion and are also addressed in those parts.
---------------------------------------------------------------------------
\968\ CFPB, Final Report of the Small Business Review Panel on
the CFPB's Proposals Under Consideration for the Small Business
Lending Data Collection Rulemaking (Dec. 14, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-sbrefa-report.pdf.
\969\ 86 FR 56356, 56378-510 (Oct. 8, 2021).
---------------------------------------------------------------------------
Based on the comments received, and for the reasons stated below,
the Bureau believes the final rule will have a significant economic
impact on a substantial number of small entities. Accordingly, the
Bureau has prepared the following final regulatory flexibility analysis
pursuant to section 604 of the RFA.
Final Regulatory Flexibility Analysis
Under RFA section 604(a), when promulgating a final rule under 5
U.S.C. 553, after publishing a notice of proposed rulemaking, the
Bureau must prepare a FRFA. Section 603(a) of the RFA also sets forth
the required elements of the FRFA. Section 604(a)(1) requires the FRFA
to contain a statement of the need for, and objectives of, the rule.
Section 604(a)(2) requires the FRFA to contain a statement of the
significant issues raised by the public comments in response to the
initial regulatory flexibility analysis, a statement of the assessment
of the agency of such issues, and a statement of any changes made in
the proposed rule as a result of such comments. Section 604(a)(3)
requires the Bureau to respond to any comments filed by the
[[Page 35519]]
Chief Counsel for Advocacy of the SBA in response to the proposed rule
and provide a detailed statement of any change made to the proposed
rule in the final rule as a result of the comments.
The FRFA further must contain a description of and an estimate of
the number of small entities to which the rule will apply or an
explanation of why no such estimate is available.\970\ Section
603(b)(5) requires a description of the projected reporting,
recordkeeping, and other compliance requirements of the rule, including
an estimate of the classes of small entities that will be subject to
the requirement and the type of professional skills necessary for the
preparation of the report or record. In addition, the Bureau must
describe any steps it has taken to minimize the significant economic
impact on small entities consistent with the stated objectives of
applicable statutes, including a statement of the factual, policy, and
legal reasons for selecting the alternative adopted in the final rule
and why each one of the other significant alternatives to the rule
considered by the agency which affect the impact on small entities was
rejected. Finally, as amended by the Dodd-Frank Act, RFA section
604(a)(6) requires that the FRFA include a description of the steps the
agency has taken to minimize any additional cost of credit for small
entities.
---------------------------------------------------------------------------
\970\ 5 U.S.C. 603(a)(4).
---------------------------------------------------------------------------
A. Statement of the Need for, and Objectives of, the Rule
As discussed in part I above, section 1071 of the Dodd-Frank Act
amended ECOA to require that financial institutions collect and report
to the Bureau certain data regarding applications for credit for women-
owned, minority-owned, and small businesses.\971\ Section 1071's
statutory purposes are (1) to facilitate enforcement of fair lending
laws, and (2) to enable communities, governmental entities, and
creditors to identify business and community development needs and
opportunities of women-owned, minority-owned, and small businesses.
---------------------------------------------------------------------------
\971\ ECOA section 704B.
---------------------------------------------------------------------------
Section 1071 specifies a number of data points that financial
institutions are required to collect and report, and also provides
authority for the Bureau to require any additional data that the Bureau
determines would aid in fulfilling 1071's statutory purposes. Section
1071 also contains a number of other requirements, including those that
address restricting the access of underwriters and other persons to
certain data, publication of data, and the Bureau's discretion to
modify or delete data prior to publication in order to advance a
privacy interest.
As discussed throughout this document, Congress amended ECOA by
adding section 1071, which directs the Bureau to adopt regulations
governing the collection and reporting of small business lending data.
Section 1071 directs the Bureau to prescribe such rules and issue such
guidance as may be necessary to carry out, enforce, and compile data
pursuant to section 1071, and permits the Bureau to adopt exceptions to
any requirement or to exempt financial institutions from the
requirements of section 1071 as the Bureau deems necessary or
appropriate to carry out the purposes of section 1071.
In addition, as discussed in part II above, currently available
data on small business lending are fragmented, incomplete, and not
standardized, making it difficult to make meaningful comparisons across
products, financial institutions, and over time. This hinders attempts
by policymakers and other stakeholders to understand the size,
composition, and dynamics of the small business lending marketplace,
including the interaction of supply and demand, as well as potentially
problematic lending practices, gaps, or trends in funding that may be
holding back some communities.\972\
---------------------------------------------------------------------------
\972\ While Call Report and CRA data provide some indication of
the level of supply of small business credit, the lack of data on
small business credit applications makes demand for credit by small
businesses more difficult to assess, including with respect to local
markets or protected classes.
---------------------------------------------------------------------------
Data collected under the final rule will constitute the largest and
most comprehensive data in the United States on credit availability for
small businesses. The data collection will also provide an
unprecedented window into the small business lending market, and such
transparency will benefit financial institutions covered by the rule.
The public data published under the final rule will allow financial
institutions to better understand the demand for small business credit
products and the conditions under which they are being supplied by
other lenders. Lenders will likely use the data to understand small
business lending market conditions more effectively and at a more
granular level than is possible with existing data sources, such as
Call Reports, data from public lending programs, or privately purchased
data. Data collected under the final rule will enable lenders to
identify promising opportunities to extend credit to small businesses.
The final rule will also provide some reduction of the compliance
burden of fair lending reviews for lower risk financial institutions by
reducing the ``false positive'' rates during fair lending review
prioritization by regulators. Currently, financial institutions are
subject to fair lending reviews by regulators to ensure that they are
complying with ECOA in their small business lending. Data reported
under the final rule will allow regulators to prioritize fair lending
reviews of lenders with higher risk of potential fair lending
violations, which reduces the burden on institutions with lower fair
lending risk.
The final rule effectuates Congress's specific mandate to the
Bureau to adopt rules to implement section 1071. For a further
description of the reasons why agency action is being considered, see
the background discussion for the final rule in part II above.
This rulemaking has multiple objectives. The final rule is intended
to advance the two statutory purposes of section 1071, which are (1)
facilitating enforcement of fair lending laws and (2) enabling
communities, governmental entities, and creditors to identify business
and community development needs and opportunities of women-owned,
minority-owned, and small businesses. To achieve these objectives, the
rule will require covered financial institutions to collect and report
certain data on applications for covered credit transactions for small
businesses, including minority-owned, women-owned, and LGBTQI+-owned
small businesses. The data to be collected and reported will include a
number of statutorily required data fields regarding small business
applications, as well as several additional data fields that the Bureau
determined will help fulfill the purposes of section 1071. The Bureau
will make available to the public, annually on the Bureau's website,
the data submitted to it by financial institutions, subject to
deletions or modifications made by the Bureau if the Bureau determines
that such deletions or modifications would advance a privacy interest.
B. Statement of the Significant Issues Raised by the Public Comments in
Response to the Initial Regulatory Flexibility Analysis, a Statement of
the Assessment of the Agency of Such Issues, and a Statement of Any
Changes Made to the Proposed Rule in the Final Rule as a Result of Such
Comments
In accordance with section 603(a) of the RFA, the Bureau prepared
an IRFA. In the IRFA, the Bureau estimated the possible compliance cost
for small entities with respect to a pre-statute
[[Page 35520]]
baseline. Additionally, the IRFA discussed possible impacts on small
entities, such as small businesses to whom lenders provide credit.
Very few commenters specifically address the IRFA included in the
proposal. Comments made by the SBA Office of Advocacy related to the
estimates included in the IRFA are addressed below in part X.B.3. A
comprehensive discussion of comments that relate to parts of the
regulatory flexibility analysis can be found throughout part IX above.
This section addresses specific significant comments that affects the
FRFA analysis.
Commenters provided feedback on the overall magnitudes of the one-
time and ongoing cost estimates, which form a core part of the IRFA
analysis. Some industry commenters provided their own estimates of
either their institution's specific one-time or ongoing costs. With
respect to one-time costs, the Bureau has reviewed estimates and
considered the information provided by the commenters, together with
the existing evidence provided in the One-Time Cost Survey. The Bureau
considers most estimates provided by commenters as broadly consistent
with the Bureau's one-time cost estimates. With respect to ongoing
costs, industry commenters' estimates ranged from estimates that were
quite similar to the Bureau's estimate for institutions of similar
small business credit volume to estimates that were considerably higher
than the Bureau's estimates. The Bureau has reviewed these estimates
and considered the information provided by the commenters.
Many industry commenters claimed a need to hire additional staff,
both with respect to the one-time cost of implementing the rule and the
ongoing cost of reporting 1071 data annually. Many provided estimates
of the additional FTEs that the institution would have to hire to
comply with the proposed rule. These estimates ranged from one
additional FTE to up to 10 additional FTEs. A survey of community banks
by a national trade association found that 88 percent of respondents
would need to hire an additional FTE and, on average, institutions
would have to hire 2-3 FTEs. Several commenters asserted that the
hiring of additional staff alone showed that the Bureau's one-time and
ongoing cost estimates in the proposal were inadequate. In the ongoing
costs estimates of the Bureau's proposal, the Bureau calculated the
number of hours required to be spent on 1071-related tasks, without
distinguishing between existing or newly-hired staff. The Bureau
assumes that the time spent on 1071-related tasks necessarily takes
time away from otherwise profitable activity to which the hours would
be put in the rule's absence. Since the Bureau is accounting for time
spent in this way, the Bureau believes that its estimates account for
the additional staff activity required to be spent to collect, check,
and report data under the final rule. For this reason, the Bureau did
not change any staffing time estimates, with exceptions mentioned
below.
However, hiring additional FTEs would lead some institutions to
incur fixed one-time costs of hiring, including search, administrative
burden, and additional training, that they would not have incurred in
the absence of the final rule. The Bureau categorizes this type of cost
as a one-time cost, where the institution staffs up to be able to
comply with the rule. So, while the Bureau has not changed ongoing
costs estimates with respect to staff hours, it is incorporating the
fixed cost of hiring new staff in its estimation of one-time costs.
Several commenters also suggested that the specific ongoing costs
for training staff were too low in the proposal. As described in the
proposal, the Bureau received similar comments during the SBREFA
process, but wished to learn additional information through comments on
the proposed rule to better estimate the cost of training. Several
institutions provided specific annual costs of training employees or
estimates of the overall employee time expected to be required to
comply with the final rule. Others more generally described the need to
train more staff than just loan officers, but also administrative and
other staff.
The Bureau's ongoing cost estimates only reflected the assumed
training time required to train loan officers that directly handle the
underwriting process. The Bureau decided, based on the comments to the
proposed rule, to double the amount of assumed training hours required
on an annual basis to account for the additional staff that would have
to be trained on an annual basis besides simply the loan officers. The
estimates in this final rule reflect the doubling of annual training
hours.
C. Response of the Agency to Any Comments Filed by the Chief Counsel
for Advocacy of the Small Business Administration in Response to the
Proposed Rule, and a Detailed Statement of Any Change Made to the
Proposed Rule in the Final Rule as a Result of the Comments
SBA Office of Advocacy provided a formal comment letter to the
Bureau in response to the proposed rule. This letter expressed concerns
that the Bureau underestimated the costs of the proposed rule, that the
Bureau did not adequately consider the scope of coverage, and that the
Bureau additionally underestimated the effect of the proposed rule on
the cost of credit to small entities. Additionally, SBA Office of
Advocacy provided specific feedback related to certain provisions of
the proposed rule, which are addressed below.
Comments related to the Bureau's cost estimates. SBA Office of
Advocacy asserted that the Bureau's estimated costs of compliance in
the proposal were too low, arguing, specifically, that training costs
were too low and stated that the Bureau had acknowledged that small
entity representatives, during the SBREFA process, had noted that the
Bureau's training costs might be low because they did not account for
enough staff being trained. Regarding these training costs, the Bureau
notes that, as SBA Office of Advocacy observed, the proposal identified
the feedback from small entity representatives that the training costs
might be underestimated. In part VIII.F.3 of the proposal the Bureau
sought comments on the training and other estimates to inform the
ongoing cost estimation. As noted in part IX.F above, the Bureau has
increased its estimates of training costs in response to SBA Office of
Advocacy and other comments to account for additional staff that would
need to be trained on an ongoing basis.
SBA Office of Advocacy expressed concerns that the Bureau has
underestimated the one-time costs, specifically with regard to training
costs. As noted in the above methods (part IX.E) and estimations (part
IX.F) discussions, the Bureau estimated one-time costs from the
Bureau's One-Time Cost Survey, which was conducted of industry
participants potentially subject to the Bureau's rule implementing
section 1071. The Bureau's Tables 14 through 16 provide averages of
survey responses. To obtain final estimates, the Bureau combined this
information with relevant information from comments on the proposal.
The Bureau reviewed and considered comments on the cost estimates
included in its proposal.
SBA Office of Advocacy also asserted that the Bureau underestimated
the pass through of compliance costs to small businesses in the form of
rates and fees. SBA Office of Advocacy also asserted that, because
institutions could charge an application fee, the fee may be a
disincentive for small businesses to shop for a better priced loan, and
[[Page 35521]]
therefore the overall cost of credit may be higher than indicated.
Regarding these comments on the pass through of costs, the Bureau
notes in part IX.F.4 above that it expects the variable portion of
ongoing costs to be passed on to small business credit borrowers in the
form of higher interest rates and fees. It made this determination from
the results to its One-Time Cost Survey, economic theory, and comments
on the proposed rule. Additionally, lenders presently have the ability
to charge applicants application fees, something that the potential
increase in fees from compliance costs associated with this final rule
does not change.
Comments related to other aspects of the proposed rule. In the
section-by-section analysis of the final rule in part V above, the
Bureau has responded to the SBA Office of Advocacy's comments
concerning a number of topics in the proposed rule, including the
definition of financial institution, the small business definition, the
coverage of automobile dealers, the data points generally, the proposed
visual observation and surname requirement related to applicants'
demographic information, data points adopted pursuant to ECOA section
704B(e)(2)(H), and the compliance date of the rule. SBA Office of
Advocacy's comments and the Bureau's responses on these topics are
summarized below.
Scope of coverage/definition of financial institution. Initially,
SBA Office of Advocacy expressed concern about the scope of coverage,
particularly as related to who would be a covered financial institution
required to collect and report 1071 data. SBA Office of Advocacy argued
that the proposed 25-origination threshold may be too low, and that the
Bureau has not analyzed the data fully to determine whether a higher
threshold would garner an appropriate amount of information to fulfill
the purposes of section 1071. SBA Office of Advocacy further urged the
Bureau to consider additional alternative thresholds, and supplement
its analysis, including 50-, 100-, 200- and 500-origination threshold
alternatives. In the final rule, the Bureau has increased the
institutional coverage threshold from 25 to 100 originations annually
to address industry concerns regarding the impact on the smallest
financial institutions. Smaller lenders play an integral role in
lending to parts of the small business sector and the Bureau does not
want to risk disruption to this sector, which would run contrary to the
business and community development purpose of section 1071. The Bureau
also considered higher thresholds, but believes that raising the
threshold further would undermine the purposes of section 1071.
Definition of small business. Next, SBA Office of Advocacy
commended the Bureau for proposing an alternative size standard to
SBA's approach to defining a small business, noting prior feedback
concerning the need for a simpler definition that is easy for small
business applicants to understand and financial institutions to
implement. However, SBA Office of Advocacy noted concern from
stakeholders that the $5 million gross annual revenue threshold may be
too high for small financial institutions to implement and may cause
some of those entities to forgo making business loans. SBA Office of
Advocacy urged the Bureau to analyze other possible thresholds at a
lower amount that would garner sufficient data, without the risk of
smaller banks discontinuing business loans. Although the Bureau
considered different threshold amounts and different size standards, it
believes that a $5 million gross annual revenue threshold strikes the
right balance in terms of broadly covering the small business credit
market to fulfill section 1071's statutory purposes while meeting the
SBA's criteria for an alternative size standard. The final rule also
anticipates updates to this threshold every five years to account for
inflation.
Data points--collection of ethnicity and race via visual
observation or surname, and data points adopted pursuant to ECOA
section 704B(e)(2)(H). SBA Office of Advocacy raised two concerns
related to data points required to be collected under section 1071.
First, SBA Office of Advocacy argued that the requirement in the
proposed rule to collect ethnicity and race information based on visual
observation or surname should be removed. SBA Office of Advocacy
reiterated concerns expressed during the SBREFA panel about a visual
observation requirement. SBA Office of Advocacy further argued that
data collected through visual observation or surname could be corrupted
by bias or other forms of discrimination, and would therefore be in
opposition to the intent of section 1071. They further stated that even
well trained and well-motivated financial institutions could make wrong
assumptions and taint the quality of the data. After considering the
issue further as explained in the section-by-section analysis of Sec.
1002.107(a)(19) above, the final rule does not include a requirement to
collect applicant demographic information based on visual observation
or surname.
Second, SBA Office of Advocacy urged the Bureau to remove from the
rule all data points proposed pursuant to its statutory authority set
forth in ECOA section 704B(e)(2)(H), arguing that such data points are
not required by section 1071, are costly, and potentially raise privacy
concerns. SBA Office of Advocacy noted that these data points could be
reverse engineered to determine what businesses were denied credit,
particularly in small communities. They focused particularly on pricing
data, asserting that these data would be costly and could damage the
reputation of the institution by creating unjustified inferences that
pricing disparities are due to fair lending violations. The Bureau
believes that pricing and the other data points provide valuable
information that furthers the dual purposes of section 1071. The Bureau
believes that any risks to privacy interests can be addressed through
modifications or deletions to public, application-level data, as
appropriate.
Next, SBA Office of Advocacy urged the Bureau to work with small
automobile dealers to make the direct and indirect impacts of the
rulemaking as least burdensome as possible. SBA Office of Advocacy
stated that dealers may either directly issue credit or, as noted by a
trade association, in many cases, act as intermediaries between buyers
and financial institutions, and in those roles may be asked to support
financial institutions' compliance with the rule. The Bureau's rule
does not apply to motor vehicle dealers.\973\ The Bureau has also made
revisions to the rule's provisions addressing reporting obligations
when multiple financial institutions are involved in originating a
single covered credit transaction, which the Bureau believes will
provide greater clarity to motor vehicle dealers and the covered
financial institutions that work with them, as well as to other covered
financial institutions that originate covered credit transactions for
small businesses through third parties. In addition, the Bureau has
sought to reduce burden on small covered financial institutions through
many provisions in the final rule, including, for example, by issuing a
sample data collection form that institutions can use to collect
protected demographic data from applicants. Finally, SBA Office of
Advocacy encouraged the Bureau to consider an implementation period of
three years or longer for the rule, rather
[[Page 35522]]
than 18 months as proposed. SBA Office of Advocacy reiterated feedback
from a roundtable session it held that an 18-month compliance period
would not be sufficient, and it may take up to three years for small
financial institutions to comply. They noted that unlike HMDA,
financial institutions are not building off a system already in place,
and instead need to develop new systems. SBA Office of Advocacy also
reiterated feedback during the SBREFA process that supported a two- to
three-year implementation period. The Bureau is adopting a tiered
compliance date schedule because it believes that smaller and mid-sized
lenders would have particular difficulties complying within the single
18-month compliance period proposed in the NPRM. Compliance with the
rule beginning October 1, 2024 is required for financial institutions
that originate the most covered credit transactions for small
businesses. However, institutions with a moderate transaction volume
have until April 1, 2025 to begin complying with the rule, and those
with the lowest volume have until January 1, 2026.\974\ The Bureau
believes that approximately 90 percent of all covered financial
institutions that are themselves ``small'' under the SBA's size
standards will fall under the latest compliance date, giving them
nearly three years to prepare for compliance with the Bureau's final
rule.
---------------------------------------------------------------------------
\973\ The Bureau's rules, including this final rule to implement
section 1071, generally do not apply to motor vehicle dealers, as
defined in section 1029(f)(2) of the Dodd-Frank Act, that are
predominantly engaged in the sale and servicing of motor vehicles,
the leasing and servicing of motor vehicles, or both. 12 U.S.C.
5519.
\974\ The Bureau estimates that most small depository
institutions will fall into Tier 3 and will be required to begin
complying with the final rule in 2026.
---------------------------------------------------------------------------
D. Description of and an Estimate of the Number of Small Entities to
Which the Rule Will Apply
For the purposes of assessing the impacts of the final rule on
small entities, ``small entities'' is defined in the RFA to include
small businesses, small nonprofit organizations, and small government
jurisdictions.\975\ A ``small business'' is determined by application
of SBA regulations in reference to the North American Industry
Classification System (NAICS) classification and size standards.\976\
Under such standards, the Bureau identified several categories of small
entities that may be subject to the proposed provisions: depository
institutions; online lenders and merchant cash advance providers;
commercial finance companies; nondepository CDFIs; Farm Credit System
members; and governmental lending entities. The NAICS codes covered by
these categories are described below.
---------------------------------------------------------------------------
\975\ 5 U.S.C. 601(6).
\976\ The current SBA size standards are found on the SBA's
website, Small Bus. Admin., Table of size standards (Mar. 17, 2023),
https://www.sba.gov/document/support-table-size-standards.
---------------------------------------------------------------------------
The following table provides the Bureau's estimate of the number
and types of entities that may be affected by the proposed rule:
Table 19--Estimated Number of Affected Entities and Small Entities by Category
----------------------------------------------------------------------------------------------------------------
Est. total Est. number of
Small entity covered small
Category NAICS threshold financial financial
institutions institutions
----------------------------------------------------------------------------------------------------------------
Depository Institutions........... 522110, 522180, $850 million in 1,900 1,000
522130, 522210. assets.
Online Lenders and Merchant Cash 522299, 522291, $40 million (NAICS 100 90
Advance Providers. 522320, 518210. 518210); $47 million
(NAICS 522299,
522291, 522320).
Commercial Finance Companies...... 513210, 532411, $47 million (NAICS 240 216
532490, 522220, 513210, 522220,
522291. 522291); $40 million
(NAICS 532490);
$45.5 million (NAICS
532411).
Nondepository CDFIs............... 522390, 523910, $9.5 million (NAICS 139 132
813410, 522310. 813410); $15 million
(NAICS 522310); $47
million (NAICS
523910, 522390).
Farm Credit System members........ 522299............... $47 million.......... 71 31
Governmental Lending Entities..... NA................... Population below 70 0
50,000.
----------------------------------------------------------------------------------------------------------------
The following paragraphs describe the categories of entities that
the Bureau expects would be affected by the final rule.
Depository institutions (banks and credit unions): The Bureau
estimates that there are about 1,900 banks, savings associations, and
credit unions engaged in small business lending that originate enough
covered transactions to be covered by the final rule.\977\ These
companies potentially fall into four different industry categories,
including ``Commercial Banking'' (NAICS 522110), ``Savings
Institutions'' (NAICS 522120), ``Credit Unions'' (NAICS 522130), and
``Credit Card Issuing'' (NAICS 522210). All of these industries have a
size standard threshold of $850 million in assets. The Bureau estimates
that about 1,000 of these institutions are small entities according to
this threshold. See part IX.D above for more detail on how the Bureau
arrived at these estimates.
---------------------------------------------------------------------------
\977\ The Bureau notes that the category of depository
institutions also includes CDFIs that are also depository
institutions.
---------------------------------------------------------------------------
Online lenders and merchant cash advance providers: As discussed in
more detail in part II.D above, the Bureau estimates that there are
about 100 fintech lenders and merchant cash advance providers engaged
in small business lending that originate enough covered transactions to
be covered by the final rule. These companies span multiple industries,
including ``All Other Nondepository Credit Intermediation'' (NAICS
522298), ``Consumer Lending'' (NAICS 522291), ``Financial Transactions,
Processing, Reserve, and Clearinghouse Activities'' (NAICS 522320), and
``Data Processing, Housing and Related Services'' (NAICS 518210). All
of these industries have a size standard threshold of $40 million in
sales (NAICS 518210) or $47 million in sales (all other NAICS). The
Bureau assumes that about 90 percent, or 90, of these entities are
small according to these size standards.
Commercial finance companies: As discussed in more detail in part
II.D above, the Bureau estimates that there are about 240 commercial
finance companies, including captive and independent financing, engaged
in small business lending that originate enough covered credit
transactions to be covered by the final rule. These companies span
multiple industries, including ``Software Publishers'' (NAICS 513210),
``Commercial Air, Rail, and Water Transportation Equipment Rental and
Leasing'' (NAICS 532411), ``Other Commercial and Industrial Machinery
and Equipment Rental and Leasing'' (NAICS 532490), ``Sales financing''
(NAICS 522220) and ``Consumer Lending'' (NAICS 522291). These
industries have size standard thresholds of $47 million in sales (NAICS
513210, 522220, 522291), $45.5
[[Page 35523]]
million in sales (NAICS 532411), or $40 million in sales (NAICS
532490). The Bureau assumes that about 90 percent, or 216, commercial
finance companies are small according to these size standards.
Nondepository CDFIs: As discussed in more detail in part II.D
above, the Bureau estimates that there are 139 nondepository CDFIs
engaged in small business lending that originate enough covered credit
transactions to be covered by the final rule. CDFIs generally fall into
``Activities Related to Credit Intermediation (Including Loan
Brokers)'' (NAICS 522390), ``Miscellaneous Intermediation'' (NAICS
523910), ``Civic and Social Organizations'' (NAICS 813410), and
``Mortgage and Nonmortgage Loan Brokers'' (NAICS 522310). These
industries have size standard thresholds of $9.5 million in sales
(NAICS 813410), $15 million in sales (NAICS 522310), and $47 million in
sales (NAICS 522390, 523910). The Bureau assumes that about 95 percent,
or 132, nondepository CDFIs are small entities.
Farm Credit System members: The Bureau estimates that there are 71
members of the Farm Credit System (banks and associations) that are
engaged in small business lending and that originate enough covered
credit transactions to be covered by the final rule.\978\ These
institutions are in the ``International, Secondary Market, and All
Other Credit Intermediation'' (NAICS 522299) industry. The size
standard for this industry is $47 million in sales. The Bureau
estimates that 18 members of the Farm Credit System are small entities.
---------------------------------------------------------------------------
\978\ Fed. Farm Credit Banks Funding Corp., Farm Credit 2019
Annual Information Statement of the Farm Credit System, at 7 (Feb.
28, 2020), https://www.farmcreditfunding.com/ffcb_live/serve/public/pressre/finin/report.pdf?assetId=395570. The Bureau notes that Farm
Credit System banks do not report FFIEC Call Reports and are thus
not counted in the number of banks and savings associations
discussed above. To estimate the number of small Farm Credit System
members, the Bureau considered FCA Call Reports and Young,
Beginning, and Small Farmers Reports for all Farm Credit System
members as of December 31, 2019. The reports can be found at https://reports.fca.gov/CRS/. A Farm Credit System is covered if it
reported more than 100 total number of loans on its Young,
Beginning, and Small Farmers Report in 2019. A Farm Credit System
member is considered small if its net interest income plus total
non-interest income is less than $41.5 million.
---------------------------------------------------------------------------
Governmental lending entities: As discussed in more detail in part
II.D above, the Bureau estimates that there are about 70 governmental
lending entities engaged in small business lending that originate
enough covered credit transactions to be covered by the final rule.
``Small governmental jurisdictions'' are the governments of cities,
counties, towns, townships, villages, school districts, or special
districts, with a population of less than fifty thousand. The Bureau
assumes that none of the governmental lending entities covered by the
final rule are considered small.
E. Projected Reporting, Recordkeeping, and Other Compliance
Requirements of the Final Rule, Including an Estimate of the Classes of
Small Entities Which Will Be Subject to the Requirement and the Type of
Professional Skills Necessary for the Preparation of the Report or
Record
Reporting requirements. ECOA section 704B(f)(1) provides that
``[t]he data required to be compiled and maintained under [section
1071] by any financial institution shall be submitted annually to the
Bureau.'' Section 1071 requires financial institutions to collect and
report information regarding any application for ``credit'' made by
women-owned, minority-owned, and small businesses. In its rule to
implement section 1071, the Bureau is not covering the following
transactions: leases, factoring, consumer-designated credit used for
business purposes, HMDA-reportable transactions, insurance premium
financing, trade credit, public utilities credit, securities credit,
and incidental credit.
Under the final rule, financial institutions would be required to
report data on small business credit applications if they originated at
least 100 covered transactions in each of the previous two calendar
years. The Bureau is requiring that data collection occur on a
calendar-year basis and submitted to the Bureau by the following June
1. Under the final rule, covered financial institutions are required to
collect and report the following data points: (1) a unique identifier,
(2) application date, (3) application method, (4) application
recipient, (5) credit type, (6) credit purpose, (7) amount applied for,
(8) amount approved or originated, (9) action taken, (10) action taken
date, (11) denial reasons, (12) pricing information, (13) census tract,
(14) gross annual revenue, (15) NAICS code, (16) number of workers,
(17) time in business, (18) minority-owned business status, women-owned
business status, and LGBTQI+-owned business status, (19) ethnicity,
race, and sex of principal owners, and (20) the number of principal
owners. The section-by-section analyses in part V above discuss the
required data points and the scope of the final rule in greater detail.
Recordkeeping requirements. ECOA section 704B(f)(2)(A) requires
that information compiled and maintained under section 1071 be
``retained for not less than 3 years after the date of preparation.''
The Bureau is requiring that financial institutions retain 1071 data
for at least three years after it is submitted to the Bureau. In
accordance with 704B(e)(3), the Bureau is also instituting a
prohibition on including certain personally identifiable information
about any individuals associated with small business applicants in the
data that a financial institution is required to compile, maintain, and
report to the Bureau, other than information specifically required to
be collected and reported (such as the ethnicity, race, and sex of
principal owners and whether the business is women-owned, minority-
owned, or LGBTQI+-owned). Financial institutions must, unless subject
to an exception, limit the access of certain officers and employees to
applicants' responses to the inquiries regarding women-owned, minority-
owned, and LGBTQI+-owned business status, as well as the ethnicity,
race, and sex of principal owners. In addition, applicants' responses
to the inquiries regarding women-owned, minority-owned, and LGBTQI+-
owned business status, as well as the ethnicity, race, and sex of
principal owners, must be maintained separately from the application
and accompanying information.
Costs to small entities. The Bureau expects that the proposed rule
may impose one-time and ongoing costs on small-entity providers of
credit to small businesses. The Bureau has identified eight categories
of one-time costs that make up the components necessary for a financial
institution to develop the infrastructure to collect and report data
required by the rule. Those categories are preparation/planning;
updating computer systems; testing/validating systems; developing
forms/applications; training staff and third parties (such as dealers
and brokers); developing policies/procedures; legal/compliance review;
and post-implementation review of compliance policies and procedures.
The Bureau conducted a survey regarding potential one-time
implementation costs for section 1071 compliance targeted at financial
institutions who extend small business credit. The Bureau used the
results of this survey to estimate the one-time costs for financial
institutions covered by the proposed rule using the methodology
described in part VIII.E.1 above. The Bureau estimates that depository
institutions with the lowest level of complexity in compliance
[[Page 35524]]
operations (i.e., Type A DIs) would incur one-time costs of $63,825,
including expected hiring costs. The Bureau estimates that depository
institutions with a middle level of complexity in compliance operations
(i.e., Type B DIs) would incur one-time costs of $49,225, including
expected hiring costs. The Bureau estimates that depository
institutions with the highest level of complexity in compliance
operations (i.e., Type C DIs) would incur one-time costs of $91,075,
including expected hiring costs. Finally, the Bureau estimates that
Non-DIs would incur one-time costs of $105,250, including the costs of
hiring two additional staff.
The Bureau estimates that the overall market impact of one-time
costs for small depository institutions will be between $56,000,000 and
$67,000,000.\979\ The Bureau estimates that the overall market impact
of one-time costs for Non-DIs will be about $45,000,000.
---------------------------------------------------------------------------
\979\ The Bureau notes that the variation in this range comes
primarily from the uncertainty in the number of originations made by
small banks and savings associations. The range does not fully
account for the uncertainty associated with estimates of the one-
time costs for each type of institution.
---------------------------------------------------------------------------
Adapting ongoing cost methodology from previous HMDA rulemaking
efforts, the Bureau identified 15 specific data collection and
reporting activities that would impose ongoing costs to financial
institutions covered by the rule.\980\ The Bureau estimates that
representative financial institutions with the lowest level of
complexity in compliance operations (i.e., Type A FIs) would incur
around $8,349 in total annual ongoing costs, or about $83 in total cost
per application processed (assuming a representative 100 applications
per year). For financial institutions of this type, the largest drivers
of the ongoing costs are activities that require employee time to
complete. Activities like transcribing data, transferring data to the
data management software, standard edits and internal checks, and
training all require loan officer time. The Bureau estimates that
financial institutions with a middle level of complexity in compliance
operations (i.e., Type B FIs), which are somewhat automated, would
incur approximately $40,079 in additional ongoing costs per year, or
around $100 per application (assuming a representative 400 applications
per year). The largest components of this ongoing cost are the expenses
of the small business application management software and geocoding
software (in the form of an annual software subscription fee) and the
external audit of the data. The Bureau estimates that financial
institutions with the highest level of complexity in compliance
operations (i.e., Type C FIs), which are significantly automated, would
incur approximately $278,618 in additional ongoing costs per year, or
around $46 per application (assuming a representative 6,000
applications per year). The largest components of this ongoing cost are
the cost of an internal audit, transcribing data, and annual edits and
internal checks.
---------------------------------------------------------------------------
\980\ The Bureau applied the same methodology for the ongoing
costs for small entities as that found in part IX.E.2 above.
---------------------------------------------------------------------------
The Bureau estimates that the overall market impact of ongoing
costs for small entities will be between $83,000,000 and $96,000,000
per year.
Estimate of the classes of small entities that will be subject to
the requirement and the type of professional skills necessary for the
preparation of the report or record. Section 603(b)(4) of the RFA also
requires an estimate of the type of professional skills necessary for
the preparation of the reports or records. The recordkeeping and
compliance requirements of the final rule that would affect small
entities are summarized above. Based on outreach with financial
institutions, vendors, and governmental agency representatives, the
Bureau classified the operational activities that financial
institutions would likely use for section 1071 data collection and
reporting into 15 operational ``tasks'' which can be further grouped
into four ``primary tasks.'' These are:
1. Data collection: Transcribing data, resolving reportability
questions, and transferring data to a 1071 data management system.
2. Reporting and resubmission: Geocoding, standard annual edit and
internal checks, researching questions, resolving question responses,
checking post-submission edits, filing post-submission documents, and
using vendor data management software.
3. Compliance and internal audits: Training, internal audits, and
external audits.
4. Section 1071-related exams: Exam preparation and exam
assistance.
All these tasks are related to the preparation of reports or
records and most of them are performed by compliance personnel in the
compliance department of financial institutions. For some financial
institutions, however, the data intake and transcribing stage could
involve loan officers or processors whose primary function is to
evaluate or process loan applications. For example, at some financial
institutions the loan officers would take in information from the
applicant to complete the application and input that information into
the reporting system. However, the Bureau believes that such roles
generally do not require any additional professional skills related for
the recordkeeping or other compliance requirements of this final rule
that are not otherwise required during the ordinary course of business
for small entities. The Bureau also notes that small nondepository
institutions might not be subject to fair lending exams and might,
therefore, have reduced costs.
The type of professional skills required for compliance varies
depending on the particular task involved. For example, data
transcribing requires data entry skills. Transferring data to a data
entry system and using vendor data management software requires
knowledge of computer systems and the ability to use them. Researching
and resolving reportability questions requires a more complex
understanding of the regulatory requirements and the details of the
relevant line of business. Geocoding requires skills in using the
geocoding software, web systems, or, in cases where geocoding is
difficult, knowledge of the local area in which the property is
located. Standard annual editing, internal checks, and post-submission
editing require knowledge of the relevant data systems, data formats,
and section 1071 regulatory requirements in addition to skills in
quality control and assurance. Filing post-submission documents
requires skills in information creation, dissemination, and
communication. Training, internal audits, and external audits require
communications skills, educational skills, and regulatory knowledge.
Section 1071-related exam preparation and exam assistance involve
knowledge of regulatory requirements, the relevant line of business,
and the relevant data systems.
The Standard Occupational Classification code has compliance
officers listed under code 13-1041. The Bureau believes that most of
the skills required for preparation of the reports or records related
to this rule are the skills required for job functions performed in
this occupation. However, the Bureau recognizes that under this general
occupational code there is a high level of heterogeneity in the type of
skills required as well as the corresponding labor costs incurred by
the financial institutions performing these functions. During the
SBREFA process, some small entity representatives noted that, for
instance, high-level corporate officers
[[Page 35525]]
such as CEOs and senior vice presidents could be directly involved in
some regulatory tasks. The Bureau acknowledges the possibility that
certain aspects of the final rule may require some small entities to
hire additional compliance staff. The Bureau received many comments on
its proposal that asserted that industry participants would have to
hire additional employees to comply with the rule. The Bureau made
changes to its estimates of one-time costs to reflect the additional
one-time cost of hiring new staff. Compliance with the final rule may
emphasize certain skills. For example, new data points may increase
demand for skills involved in researching questions, standard annual
editing, and post-submission editing. Nevertheless, the Bureau believes
that compliance would still involve the general set of skills
identified above. The recordkeeping and reporting requirements
associated with the final rule would also involve skills for
information technology system development, integration, and
maintenance. Financial institutions required to report data under HMDA
often use data management systems called HMDA Management Systems for
existing regulatory purposes. A similar software for reporting the data
required under the final rule could be developed by the institution
internally or purchased from a third-party vendor. It is possible that
other systems used by financial institutions, such as loan origination
systems, might also need to be upgraded to capture new data fields
required to be collected and reported under the final rule. The
professional skills required for this one-time upgrade would be related
to software development, testing, system engineering, information
technology project management, budgeting and operation.
F. Description of the Steps the Agency Has Taken To Minimize the
Significant Economic Impact on Small Entities Consistent With the
Stated Objectives of Applicable Statutes, Including a Statement of the
Factual, Policy, and Legal Reasons for Selecting the Alternative
Adopted in the Final Rule and Why Each One of the Other Significant
Alternatives to the Rule Considered by the Agency Which Affect the
Impact on Small Entities Was Rejected; and for a Covered Agency, as
Defined in Section 609(d)(2), a Description of the Steps the Agency Has
Taken To Minimize Any Additional Cost of Credit for Small Entities
In drafting this final rule, the Bureau considered multiple
financial institution reporting thresholds. In particular, the Bureau
considered whether to exempt financial institutions with fewer than 25,
50, 200, or 500 originations of covered credit transactions for small
businesses in each of the two preceding calendar years, instead of 100
originations as finalized. The Bureau also considered whether to exempt
depository institutions with assets under $100 million or $200 million
from section 1071's data collection and reporting requirements. The
Bureau expects that some burden reduction will result from the higher
threshold of 100 loans.
The following table shows the estimated impact that different
reporting thresholds the Bureau considered would have had on financial
institution coverage. For the purposes of considering the asset-based
threshold alternatives, the Bureau estimates how institutional coverage
and costs would be different if the Bureau required a 25-origination
threshold in addition to an asset-based threshold for depository
institutions. For the asset-based threshold alternatives, the Bureau
assumes that the alternative proposal would have been that a depository
institution would be required to report its small business lending
activity for 2019 if it had more than 25 originations in both 2017 and
2018 and had assets over the asset-based threshold on December 31,
2018. The Bureau further assumes that if two institutions merged in
2019 then the resulting institution would be required to report if the
sum of the separate institutions' assets on December 31, 2018 exceeded
the asset-based threshold.
Table 20--Estimated Impact of Different Reporting Thresholds on the Number and Percentage of Small Depository
Institutions Covered
----------------------------------------------------------------------------------------------------------------
Number of small
Threshold considered depository institutions % of small depository
covered institutions covered
----------------------------------------------------------------------------------------------------------------
25 originations............................................... 2,900-3,000 32-33
50 originations............................................... 1,900-2,100 21-23
100 originations.............................................. 1,000-1,100 11-12
200 originations.............................................. 400-500 4-6
500 originations.............................................. 50-100 0.6-1
25 originations AND $100 million in assets.................... 2,400-2,500 26-28
25 originations AND $200 million in assets.................... 1,600-1,700 18-19
----------------------------------------------------------------------------------------------------------------
Further, the Bureau is finalizing several data points pursuant to
its authority under ECOA section 704B(e)(2)(H) that is has concluded
would help the data collection fulfill the purposes of section 1071:
application method, application recipient, pricing, number of principal
owners, NAICS code, number of workers, and time in business.
During the SBREFA process, small entity representatives provided
detailed feedback on the data points that the Bureau was considering
proposing pursuant to ECOA section 704B(e)(2)(H).\981\ One small entity
representative stated that the cost of collecting and reporting such
data points under consideration would be significant, and another
stated that the Bureau should include as few data points as possible to
avoid unnecessary costs. Another small entity representative stated
that the Bureau should finalize a rule with just the data points
enumerated in 704B(e)(2)(A) through (G) and avoid adding any additional
data points. Other small entity representatives favored or opposed the
inclusion of some or all of the individual data points under
consideration during the SBREFA process. Many industry commenters and
SBA Office of Advocacy opposed the collection of any data points
pursuant to section 704B(e)(2)(H). These commenters stated that such
data points would be burdensome to collect and report, while some,
particularly the
[[Page 35526]]
pricing data point, could be subject to misinterpretation by data
users.
---------------------------------------------------------------------------
\981\ The small entity representative feedback discussed herein
can be found in the SBREFA Panel Report at 30-32.
---------------------------------------------------------------------------
The Bureau understands that certain data points may introduce
additional burden to small entities. However, the Bureau has determined
that these data points would aid in fulfilling the statutory purposes
of section 1071--facilitating enforcement of fair lending laws and
enabling communities, governmental entities, and creditors to identify
business and community development needs and opportunities of women-
owned, minority-owned, and small businesses.
Three types of costs (one-time, fixed ongoing, and variable
ongoing) have the potential to influence the price and availability of
credit to small businesses. In a competitive marketplace, standard
microeconomics suggests that lenders will extend loans up to the point
at which the value of granting an additional loan is equal to the
additional cost associated with the financial institution providing the
loan. One-time costs and fixed ongoing costs affect the overall
profitability of a lender's loan portfolio but do not affect the
profitability of extending an additional loan. Variable ongoing costs,
however, affect the profitability of each additional loan and will
influence the number of loans a lender provides. Based on the Bureau's
available evidence, it expects that the variable ongoing costs to
comply with the proposed rule will be passed on in full to small
business credit applicants in the form of higher prices or fees to
small businesses.
In the One-Time Cost Survey, the Bureau asked respondents to rank a
list of potential actions they may take in response to the compliance
costs of implementing section 1071.\982\ Respondents ranked the
following list: ``Raise rates or fees on small business products'';
``Raise rates/fees on other credit products''; ``Accept lower
profits''; ``Exit some geographic markets''; ``Tighten underwriting
standards''; ``Offer fewer or less complex products''; ``No longer
offer small business credit products''; or ``Other'' with two write-in
options. Respondents ranked these options from ``1'' to ``9''
indicating their most to least likely responses. Respondents also had
the opportunity to write in their own responses. Consistent with
economic theory, respondents reported that they would be most likely to
raise rates or fees on small business products and other credit
products. On average, respondents reported that they would be least
likely to exit some geographic markets or cease offering small business
credit products. Accordingly, the Bureau expects the likely impact of
the rule on the cost of credit to small entities to be higher rates and
fees because financial institutions pass on the variable ongoing costs
of the required data collection. The Bureau estimates that $32, $26,
and $7.50 in variable costs would be passed through per application to
Type A, B, and C FIs, respectively. To put these values in context, the
Bureau estimates that the per application net income is in a range of
$66,000-$83,000; $33,000-$38,000; and $83,000-$92,000 for covered banks
and savings associations of Types A, B, and C, respectively.
---------------------------------------------------------------------------
\982\ See One-Time Cost Survey at 11.
---------------------------------------------------------------------------
The Bureau also carefully considered the rule's potential impact on
small entities in its decision related to transactional scope. For
example, the Bureau is not covering trade credit in its 1071 final rule
because it believes that trade credit is categorically different from
products like loans, lines of credit, credit cards, and merchant cash
advances and that there are several reasons to exclude it from
coverage. As discussed in the section-by-section analysis of Sec.
1002.104(b)(1), one such reason is that the Bureau understands that
trade credit can be offered by entities that are themselves very small
businesses; these entities, in particular, may incur large costs
relative to their size to collect and report 1071 data in an accurate
and consistent manner.\983\ The Bureau is also adding new Sec.
1002.104(b)(5) to exclude all HMDA reportable transactions (i.e.,
covered loans as defined by Regulation C, 12 CFR 1003.2(e)). The Bureau
is finalizing this exclusion of HMDA-reportable transactions in order
to alleviate concerns from a broad range of industry commenters,
including small entities, about the difficulties associated with dual
reporting, particularly in light of potential inconsistences related to
demographic data collection and recordkeeping. Moreover, the final rule
makes clear that the term covered credit transaction does not include
consumer-designated credit used for business or agricultural purposes,
because such transactions are not business credit. The Bureau believes
that this interpretation will reduce burden for financial institutions
(including smaller ones) that offer only consumer-designated credit.
---------------------------------------------------------------------------
\983\ See Leora Klapper et al., Trade Credit Contracts, 25(3)
Review of Fin. Studies 838-67 (2012), https://academic.oup.com/rfs/article/25/3/838/1616515, and Justin Murfin & Ken Njoroge, The
Implicit Costs of Trade Credit Borrowing by Large Firms, 28(1)
Review of Fin. Studies 112-45 (2015) https://academic.oup.com/rfs/article/28/1/112/1681329.
---------------------------------------------------------------------------
In response to the suggestion to exempt agricultural lending
because of the impact on small local community financial institutions,
such as credit unions, the Bureau is not defining a ``covered credit
transaction'' in a way that would exclude agricultural credit from the
final rule. As detailed in the section-by-section analysis of Sec.
1002.104(a), the Bureau believes that covering agricultural credit in
this rulemaking is important for both of section 1071's statutory
purposes. The Bureau does note, however, that it is increasing its
institutional coverage threshold, as discussed above, to minimize
compliance costs for smaller financial institutions with lower lending
volumes.
The Bureau believes that its adoption of a simplified small
business definition better meets the needs of small entities. The final
rule provides that a business is a small business if its gross annual
revenue for its preceding fiscal year is $5 million or less. As
discussed in the section-by-section analysis of Sec. 1002.106(b)(1),
the Bureau believes that this approach addresses the concerns that the
Bureau has heard (during the SBREFA process and in response to the
NPRM) with respect to determining whether applicants are small
businesses for purposes of complying with section 1071, particularly
with respect to the concerns regarding determining the applicant's
NAICS code.
XI. Paperwork Reduction Act
Under the Paperwork Reduction Act of 1995 (PRA),\984\ Federal
agencies are generally required to seek approval from the Office of
Management and Budget (OMB) for information collection requirements
prior to implementation. Under the PRA, the Bureau may not conduct nor
sponsor, and, notwithstanding any other provision of law, a person is
not required to respond to, an information collection unless the
information collection displays a valid control number assigned by OMB.
---------------------------------------------------------------------------
\984\ 44 U.S.C. 3501 et seq.
---------------------------------------------------------------------------
As part of its continuing effort to reduce paperwork and respondent
burden, the Bureau conducted a preclearance consultation program to
provide the general public and Federal agencies with an opportunity to
comment on the information collection requirements in accordance with
the PRA. This helps ensure that the public understands the Bureau's
requirements or instructions, respondents can provide the requested
data in the desired format,
[[Page 35527]]
reporting burden (time and financial resources) is minimized,
information collection instruments are clearly understood, and the
Bureau can properly assess the impact of information collection
requirements on respondents. The Bureau conducted several rounds of
message, form, and user testing that were approved under OMB control
number 3170-0022 after appropriate public notice and a 30-day comment
period.
The final rule amends 12 CFR part 1002 (Regulation B), which
implements ECOA. The Bureau's OMB control number for Regulation B is
3170-0013. This final rule will revise the information collection
requirements contained in Regulation B that OMB has approved under that
OMB control number.
Under the rule, the Bureau adds four information collection
requirements to Regulation B:
1. Compilation of reportable data (Sec. 1002.107), including a
notice requirement (in Sec. 1002.107(a)(18) and (19)).
2. Reporting data to the Bureau (Sec. 1002.109).
3. Firewall notice requirement (Sec. 1002.108(d)).
4. Recordkeeping (Sec. 1002.111).
The information collection requirements in this final rule are
mandatory. Certain data fields will be modified or deleted by the
Bureau, in its discretion, to advance a privacy interest before the
1071 data are made available to the public (as permitted by section
1071 and the Bureau's final rule). The data that are not modified or
deleted will be made available to the public. The rest of the data will
be considered confidential if the information:
Identifies any applicants or natural persons who might not
be applicants (e.g., owners of a business where a legal entity is the
applicant); or
Implicates the relevant privacy interests of applicants,
related natural persons, or financial institutions.
The collections of information contained in this rule, and
identified as such, have been submitted to OMB for review under section
3507(d) of the PRA. A complete description of the information
collection requirements (including the burden estimate methods) is
provided in the information collection request that the Bureau has
submitted to OMB under the requirements of the PRA. The information
collection request submitted to OMB requesting approval under the PRA
for the information collection requirements contained herein is
available at www.regulations.gov as well as on OMB's public-facing
docket at www.reginfo.gov.
Title of Collection: Regulation B: Equal Credit Opportunity Act.
OMB Control Number: 3170-0013.
Type of Review: Revision of a currently approved collection.
Affected Public: Private Sector; Federal and State Governments.
Estimated Number of Respondents: 2,470 (subpart B only).
Estimated Total Annual Burden Hours: 8,302,000 (subpart B only).
The Bureau will publish a separate Federal Register notice once OMB
concludes its review announcing OMB approval of the information
collections contained in this final rule.
In the NPRM, the Bureau invited comments on: (a) Whether the
collection of information is necessary for the proper performance of
the functions of the Bureau, including whether the information will
have practical utility; (b) the accuracy of the Bureau's estimate of
the burden of the collection of information, including the validity of
the methods and the assumptions used; (c) ways to enhance the quality,
utility, and clarity of the information to be collected; and (d) ways
to minimize the burden of the collection of information on respondents,
including through the use of automated collection techniques or other
forms of information technology.
No comments pertaining specifically to this section were received.
The other comments on the rule generally are summarized above.
XII. Congressional Review Act
Pursuant to the Congressional Review Act,\985\ the Bureau will
submit a report containing this rule and other required information to
the U.S. Senate, the U.S. House of Representatives, and the Comptroller
General of the United States at least 60 days prior to the rule's
published effective date. The Office of Information and Regulatory
Affairs has designated this rule as a ``major rule'' as defined by 5
U.S.C. 804(2).
---------------------------------------------------------------------------
\985\ 5 U.S.C. 801 et seq.
---------------------------------------------------------------------------
List of Subjects in 12 CFR Part 1002
Banks, banking, Civil rights, Consumer protection, Credit, Credit
unions, Marital status discrimination, National banks, Penalties.
Authority and Issuance
For the reasons set forth in the preamble, the Bureau amends
Regulation B, 12 CFR part 1002, as set forth below:
PART 1002--EQUAL CREDIT OPPORTUNITY ACT (REGULATION B)
0
1. The authority citation for part 1002 is revised to read as follows:
Authority: 12 U.S.C. 5512, 5581; 15 U.S.C. 1691b. Subpart B is
also issued under 15 U.S.C. 1691c-2.
0
2. Designate Sec. Sec. 1002.1 through 1002.16 as subpart A under the
following heading:
Subpart A--General
Sec. 1002.1 [Amended
0
3. In Sec. 1002.1 amend the second sentence of paragraph (a) by
removing the phrase ``this part applies'' and adding in its place
``this subpart applies''.
0
4. Section 1002.2 is amended by revising the introductory text to read
as follows:
Sec. 1002.2 Definitions.
For the purposes of this part, unless the context indicates
otherwise or as otherwise defined in subpart B, the following
definitions apply:
* * * * *
0
5. Section 1002.5 is amended by revising the introductory text of
paragraph (a)(4) and adding paragraphs (a)(4)(vii) through (x) to read
as follows:
Sec. 1002.5 Rules concerning requests for information.
(a) * * *
(4) Other permissible collection of information. Notwithstanding
paragraph (b) of this section, a creditor may collect information under
the following circumstances provided that the creditor collects the
information in compliance with Sec. 1002.107(a)(18) and (19) and
accompanying commentary, or appendix B to 12 CFR part 1003, as
applicable:
* * * * *
(vii) A creditor that was required to report small business lending
data pursuant to Sec. 1002.109 for any of the preceding five calendar
years but is not currently a covered financial institution under Sec.
1002.105(b) may collect information pursuant to subpart B of this part
for covered applications from small businesses as defined in Sec. Sec.
1002.103 and 1002.106(b) regarding whether an applicant is a minority-
owned business, a women-owned business, or an LGBTQI+-owned business,
and the ethnicity, race, and sex of the applicant's principal owners if
it complies with the requirements for covered financial institutions
pursuant to Sec. Sec. 1002.107(a)(18) and (19), 1002.108, 1002.111,
and 1002.112 for that
[[Page 35528]]
application. Such a creditor is permitted, but not required, to report
data to the Bureau collected pursuant to subpart B of this part if it
complies with the requirements of subpart B as otherwise required for
covered financial institutions pursuant to Sec. Sec. 1002.109 and
1002.110.
(viii) A creditor that exceeded the loan-volume threshold in the
first year of the two-year threshold period provided in Sec.
1002.105(b) may, in the second year, collect information pursuant to
subpart B of this part for covered applications from small businesses
as defined in Sec. Sec. 1002.103 and 1002.106(b) regarding whether an
applicant is a minority-owned business, a women-owned business, or an
LGBTQI+-owned business, and the ethnicity, race, and sex of the
applicant's principal owners if it complies with the requirements for
covered financial institutions pursuant to Sec. Sec. 1002.107(a)(18)
and (19), 1002.108, 1002.111, and 1002.112 for that application. Such a
creditor is permitted, but not required, to report data to the Bureau
collected pursuant to subpart B of this part if it complies with the
requirements of subpart B as otherwise required for covered financial
institutions pursuant to Sec. Sec. 1002.109 and 1002.110.
(ix) A creditor that is not currently a covered financial
institution under Sec. 1002.105(b), and is not otherwise a creditor to
which Sec. 1002.5(a)(4)(vii) or (viii) applies, may collect
information pursuant to subpart B of this part for covered applications
from small businesses as defined in Sec. Sec. 1002.103 and 1002.106(b)
regarding whether an applicant for a covered credit transaction is a
minority-owned business, a women-owned business, or an LGBTQI+-owned
business, and the ethnicity, race, and sex of the applicant's principal
owners for a transaction if it complies with the requirements for
covered financial institutions pursuant to Sec. Sec. 1002.107 through
1002.112 for that application.
(x) A creditor that is collecting information pursuant to subpart B
of this part or as described in paragraphs (a)(4)(vii) through (ix) of
this section for covered applications from small businesses as defined
in Sec. Sec. 1002.103 and 1002.106(b) regarding whether an applicant
for a covered credit transaction is a minority-owned business, a women-
owned business, or an LGBTQI+-owned business, and the ethnicity, race,
and sex of the applicant's principal owners may also collect that same
information for any co-applicants provided that it also complies with
the relevant requirements of subpart B of this part or as described in
paragraphs (a)(4)(vii) through (ix) of this section with respect to
those co-applicants.
* * * * *
0
6. Section 1002.12 is amended by revising paragraphs (b)(1)
introductory text, (b)(2) introductory text, (b)(3), (4), and (5), and
paragraph (b)(7) introductory text to read as follows:
Sec. 1002.12 Record retention.
* * * * *
(b) * * * (1) Applications. For 25 months (12 months for business
credit, except as provided in paragraph (b)(5) of this section or
otherwise provided for in subpart B of this part) after the date that a
creditor notifies an applicant of action taken on an application or of
incompleteness, the creditor shall retain in original form or a copy
thereof:
* * * * *
(2) Existing accounts. For 25 months (12 months for business
credit, except as provided in paragraph (b)(5) of this section or
otherwise provided for in subpart B of this part) after the date that a
creditor notifies an applicant of adverse action regarding an existing
account, the creditor shall retain as to that account, in original form
or a copy thereof:
* * * * *
(3) Other applications. For 25 months (12 months for business
credit, except as provided in paragraph (b)(5) of this section or
otherwise provided for in subpart B of this part) after the date that a
creditor receives an application for which the creditor is not required
to comply with the notification requirements of Sec. 1002.9, the
creditor shall retain all written or recorded information in its
possession concerning the applicant, including any notation of action
taken.
(4) Enforcement proceedings and investigations. A creditor shall
retain the information beyond 25 months (12 months for business credit,
except as provided in paragraph (b)(5) of this section or otherwise
provided for in subpart B) if the creditor has actual notice that it is
under investigation or is subject to an enforcement proceeding for an
alleged violation of the Act or this part, by the Attorney General of
the United States or by an enforcement agency charged with monitoring
that creditor's compliance with the Act and this part, or if it has
been served with notice of an action filed pursuant to section 706 of
the Act and Sec. 1002.16 of this part. The creditor shall retain the
information until final disposition of the matter, unless an earlier
time is allowed by order of the agency or court.
(5) Special rule for certain business credit applications. With
regard to a business that had gross revenues in excess of $1 million in
its preceding fiscal year, or an extension of trade credit, credit
incident to a factoring agreement, or other similar types of business
credit, the creditor shall retain records for at least 60 days, except
as otherwise provided for in subpart B, after notifying the applicant
of the action taken. If within that time period the applicant requests
in writing the reasons for adverse action or that records be retained,
the creditor shall retain records for 12 months.
* * * * *
(7) Prescreened solicitations. For 25 months after the date on
which an offer of credit is made to potential customers (12 months for
business credit, except as provided in paragraph (b)(5) of this section
or otherwise provided for in subpart B), the creditor shall retain in
original form or a copy thereof:
* * * * *
0
7. Subpart B is added to read as follows:
Subpart B--Small Business Lending Data Collection
Sec.
Sec. 1002.101 Authority, purpose, and scope.
Sec. 1002.102 Definitions.
Sec. 1002.103 Covered applications.
Sec. 1002.104 Covered credit transactions and excluded
transactions.
Sec. 1002.105 Covered financial institutions and exempt
institutions.
Sec. 1002.106 Business and small business.
Sec. 1002.107 Compilation of reportable data.
Sec. 1002.108 Firewall.
Sec. 1002.109 Reporting of data to the Bureau.
Sec. 1002.110 Publication of data and other disclosures.
Sec. 1002.111 Recordkeeping.
Sec. 1002.112 Enforcement.
Sec. 1002.113 Severability.
Sec. 1002.114 Effective date, compliance date, and special
transitional rules.
Subpart B--Small Business Lending Data Collection
Sec. 1002.101 Authority, purpose, and scope.
(a) Authority and scope. This subpart to Regulation B is issued by
the Bureau pursuant to section 704B of the Equal Credit Opportunity Act
(15 U.S.C. 1691c-2). Except as otherwise provided herein, this subpart
applies to covered financial institutions, as defined in Sec.
1002.105(b), other than a person excluded from coverage of this part by
section 1029 of the Consumer Financial Protection Act of 2010, title X
of the Dodd-Frank Wall Street Reform and Consumer Protection Act,
Public Law 111-203, 124 Stat. 1376, 2004 (2010).
(b) Purpose. This subpart implements section 704B of the Equal
Credit
[[Page 35529]]
Opportunity Act, which Congress intended:
(1) To facilitate enforcement of fair lending laws; and
(2) To enable communities, governmental entities, and creditors to
identify business and community development needs and opportunities of
women-owned, minority-owned, and small businesses.
Sec. 1002.102 Definitions.
In this subpart:
(a) Affiliate means, with respect to a financial institution, any
company that controls, is controlled by, or is under common control
with, another company, as set forth in the Bank Holding Company Act of
1956 (12 U.S.C. 1841 et seq.). With respect to a business or an
applicant, affiliate shall have the same meaning as in 13 CFR 121.103.
(b) Applicant means any person who requests or who has received an
extension of business credit from a financial institution.
(c) Business is defined in Sec. 1002.106(a).
(d) Business credit shall have the same meaning as in Sec.
1002.2(g).
(e) Closed-end credit transaction means an extension of business
credit that is not an open-end credit transaction under paragraph (n)
of this section.
(f) Covered application is defined in Sec. 1002.103.
(g) Covered credit transaction is defined in Sec. 1002.104.
(h) Covered financial institution is defined in Sec. 1002.105(b).
(i) Credit shall have the same meaning as in Sec. 1002.2(j).
(j) Financial institution is defined in Sec. 1002.105(a).
(k) LGBTQI+ individual includes an individual who identifies as
lesbian, gay, bisexual, transgender, queer, or intersex.
(l) LGBTQI+-owned business means a business for which one or more
LGBTQI+ individuals hold more than 50 percent of its ownership or
control, and for which more than 50 percent of the net profits or
losses accrue to one or more such individuals.
(m) Minority-owned business means a business for which one or more
American Indian or Alaska Native, Asian, Black or African American,
Native Hawaiian or Other Pacific Islander, or Hispanic or Latino
individuals hold more than 50 percent of its ownership or control, and
for which more than 50 percent of the net profits or losses accrue to
one or more such individuals.
(n) Open-end credit transaction means an open-end credit plan as
defined in Regulation Z, 12 CFR 1026.2(a)(20), but without regard to
whether the credit is consumer credit, as defined in Sec.
1026.2(a)(12), is extended by a creditor, as defined in Sec.
1026.2(a)(17), or is extended to a consumer, as defined in Sec.
1026.2(a)(11).
(o) Principal owner means an individual who directly owns 25
percent or more of the equity interests of a business.
(p) Small business is defined in Sec. 1002.106(b).
(q) Small business lending application register or register means
the data reported, or required to be reported, annually pursuant to
Sec. 1002.109.
(r) State shall have the same meaning as in Sec. 1002.2(aa).
(s) Women-owned business means a business for which more than 50
percent of its ownership or control is held by one or more women, and
more than 50 percent of its net profits or losses accrue to one or more
women.
Sec. 1002.103 Covered applications.
(a) Covered application. Except as provided in paragraph (b) of
this section, covered application means an oral or written request for
a covered credit transaction that is made in accordance with procedures
used by a financial institution for the type of credit requested.
(b) Circumstances that are not covered applications. A covered
application does not include:
(1) Reevaluation, extension, or renewal requests on an existing
business credit account, unless the request seeks additional credit
amounts.
(2) Inquiries and prequalification requests.
Sec. 1002.104 Covered credit transactions and excluded transactions.
(a) Covered credit transaction means an extension of business
credit that is not an excluded transaction under paragraph (b) of this
section.
(b) Excluded transactions. The requirements of this subpart do not
apply to:
(1) Trade credit. A financing arrangement wherein a business
acquires goods or services from another business without making
immediate payment in full to the business providing the goods or
services.
(2) Home Mortgage Disclosure Act (HMDA)-reportable transactions. A
covered loan, or application therefor, as defined by Regulation C, 12
CFR 1003.2(e).
(3) Insurance premium financing. A financing arrangement wherein a
business agrees to pay to a financial institution, in installments, the
principal amount advanced by the financial institution to an insurer or
insurance producer in payment of premium on the business's insurance
contract or contracts, plus charges, and, as security for repayment,
the business assigns to the financial institution certain rights,
obligations, and/or considerations (such as the unearned premiums,
accrued dividends, or loss payments) in its insurance contract or
contracts. Insurance premium financing does not include the financing
of insurance policy premiums obtained in connection with the financing
of goods and services.
(4) Public utilities credit. Public utilities credit as defined in
Sec. 1002.3(a)(1).
(5) Securities credit. Securities credit as defined in Sec.
1002.3(b)(1).
(6) Incidental credit. Incidental credit as defined in Sec.
1002.3(c)(1), but without regard to whether the credit is consumer
credit, as defined in Sec. 1002.2(h).
Sec. 1002.105 Covered financial institutions and exempt institutions.
(a) Financial institution means any partnership, company,
corporation, association (incorporated or unincorporated), trust,
estate, cooperative organization, or other entity that engages in any
financial activity.
(b) Covered financial institution means a financial institution
that originated at least 100 covered credit transactions for small
businesses in each of the two preceding calendar years.
Sec. 1002.106 Business and small business.
(a) Business has the same meaning as the term ``business concern or
concern'' in 13 CFR 121.105.
(b) Small business definition--(1) Small business has the same
meaning as the term ``small business concern'' in 15 U.S.C. 632(a), as
implemented in 13 CFR 121.101 through 121.107. Notwithstanding the size
standards set forth in 13 CFR 121.201, for purposes of this subpart, a
business is a small business if its gross annual revenue, as defined in
Sec. 1002.107(a)(14), for its preceding fiscal year is $5 million or
less.
(2) Inflation adjustment. Every 5 years after January 1, 2025, the
gross annual revenue threshold set forth in paragraph (b)(1) of this
section shall adjust based on changes to the Consumer Price Index for
All Urban Consumers (U.S. city average series for all items, not
seasonally adjusted), as published by the United States Bureau of Labor
Statistics. Any adjustment that takes effect under this paragraph shall
be rounded to the nearest multiple of $500,000. If an adjustment is to
take
[[Page 35530]]
effect, it will do so on January 1 of the following calendar year.
Sec. 1002.107 Compilation of reportable data.
(a) Data format and itemization. A covered financial institution
shall compile and maintain data regarding covered applications from
small businesses. The data shall be compiled in the manner prescribed
herein and the Filing Instructions Guide for this subpart for the
appropriate year. The data compiled shall include the items described
in paragraphs (a)(1) through (20) of this section.
(1) Unique identifier. An alphanumeric identifier, starting with
the legal entity identifier of the financial institution, unique within
the financial institution to the specific covered application, and
which can be used to identify and retrieve the specific file or files
corresponding to the application for or extension of credit.
(2) Application date. The date the covered application was received
or the date shown on a paper or electronic application form.
(3) Application method. The means by which the applicant submitted
the covered application directly or indirectly to the financial
institution.
(4) Application recipient. Whether the applicant submitted the
covered application directly to the financial institution or its
affiliate, or whether the applicant submitted the covered application
indirectly to the financial institution via a third party.
(5) Credit type. The following information regarding the type of
credit applied for or originated:
(i) Credit product. The credit product.
(ii) Guarantees. The type or types of guarantees that were obtained
for an extension of credit, or that would have been obtained if the
covered credit transaction were originated.
(iii) Loan term. The length of the loan term, in months, if
applicable.
(6) Credit purpose. The purpose or purposes of the credit applied
for or originated.
(7) Amount applied for. The initial amount of credit or the initial
credit limit requested by the applicant.
(8) Amount approved or originated. (i) For an application for a
closed-end credit transaction that is approved but not accepted, the
amount approved by the financial institution; or
(ii) For a closed-end credit transaction that is originated, the
amount of credit originated; or
(iii) For an application for an open-end credit transaction that is
originated or approved but not accepted, the amount of the credit limit
approved.
(9) Action taken. The action taken by the financial institution on
the covered application, reported as originated, approved but not
accepted, denied, withdrawn by the applicant, or incomplete.
(10) Action taken date. The date of the action taken by the
financial institution.
(11) Denial reasons. For denied applications, the principal reason
or reasons the financial institution denied the covered application.
(12) Pricing information. The following information regarding the
pricing of a covered credit transaction that is originated or approved
but not accepted, as applicable:
(i) Interest rate. (A) If the interest rate is fixed, the interest
rate that is or would be applicable to the covered credit transaction;
or
(B) If the interest rate is adjustable, the margin, index value,
initial rate period expressed in months (if applicable), and index name
that is or would be applicable to the covered credit transaction;
(ii) Total origination charges. The total amount of all charges
payable directly or indirectly by the applicant and imposed directly or
indirectly by the financial institution at or before origination as an
incident to or a condition of the extension of credit, expressed in
dollars;
(iii) Broker fees. The total amount of all charges included in
paragraph (a)(12)(ii) of this section that are fees paid by the
applicant directly to a broker or to the financial institution for
delivery to a broker, expressed in dollars;
(iv) Initial annual charges. The total amount of all non-interest
charges that are scheduled to be imposed over the first annual period
of the covered credit transaction, expressed in dollars;
(v) Additional cost for merchant cash advances or other sales-based
financing. For a merchant cash advance or other sales-based financing
transaction, the difference between the amount advanced and the amount
to be repaid, expressed in dollars; and
(vi) Prepayment penalties. (A) Notwithstanding whether such a
provision was in fact included, whether the financial institution could
have included a charge to be imposed for paying all or part of the
transaction's principal before the date on which the principal is due
under the policies and procedures applicable to the covered credit
transaction; and
(B) Notwithstanding the response to paragraph (a)(12)(vi)(A) of
this section, whether the terms of the covered credit transaction do in
fact include a charge imposed for paying all or part of the
transaction's principal before the date on which the principal is due.
(13) Census tract. The census tract in which is located:
(i) The address or location where the proceeds of the credit
applied for or originated will be or would have been principally
applied; or
(ii) If the information in paragraph (a)(13)(i) of this section is
unknown, the address or location of the main office or headquarters of
the applicant; or
(iii) If the information in both paragraphs (a)(13)(i) and (ii) of
this section is unknown, another address or location associated with
the applicant.
(iv) The financial institution shall also indicate which one of the
three types of addresses or locations listed in paragraphs (a)(13)(i),
(ii), or (iii) of this section the census tract is based on.
(14) Gross annual revenue. The applicant's gross annual revenue for
its preceding fiscal year.
(15) NAICS code. A 3-digit North American Industry Classification
System (NAICS) code for the applicant.
(16) Number of workers. The number of non-owners working for the
applicant.
(17) Time in business. The time the applicant has been in business.
(18) Minority-owned, women-owned, and LGBTQI+-owned business
statuses. Whether the applicant is a minority-owned, women-owned, and/
or LGBTQI+-owned business. When requesting minority-owned, women-owned,
and LGBTQI+-owned business statuses from an applicant, the financial
institution shall inform the applicant that the financial institution
cannot discriminate on the basis of minority-owned, women-owned, or
LGBTQI+-owned business statuses, or on whether the applicant provides
this information.
(19) Ethnicity, race, and sex of principal owners. The ethnicity,
race, and sex of the applicant's principal owners. When requesting
ethnicity, race, and sex information from an applicant, the financial
institution shall inform the applicant that the financial institution
cannot discriminate on the basis of a principal owner's ethnicity,
race, or sex, or on whether the applicant provides this information.
(20) Number of principal owners. The number of the applicant's
principal owners.
(b) Reliance on and verification of applicant-provided data. Unless
otherwise provided in this subpart, the financial institution may rely
on information from the applicant, or appropriate third-party sources,
when compiling data. If the financial institution verifies applicant-
provided data, however, it shall report the verified data.
[[Page 35531]]
(c) Time and manner of collection--(1) In general. A covered
financial institution shall not discourage an applicant from responding
to requests for applicant-provided data under paragraph (a) of this
section and shall otherwise maintain procedures to collect such data at
a time and in a manner that are reasonably designed to obtain a
response.
(2) Applicant-provided data collected directly from the applicant.
For data collected directly from the applicant, procedures that are
reasonably designed to obtain a response shall include provisions for
the following:
(i) The initial request for applicant-provided data occurs prior to
notifying an applicant of final action taken on a covered application;
(ii) The request for applicant-provided data is prominently
displayed or presented;
(iii) The collection does not have the effect of discouraging an
applicant from responding to a request for applicant-provided data; and
(iv) Applicants can easily respond to a request for applicant-
provided data.
(3) Procedures to monitor compliance. A covered financial
institution shall maintain procedures to identify and respond to
indicia of potential discouragement, including low response rates for
applicant-provided data.
(4) Low response rates. A low response rate for applicant-provided
data may indicate discouragement or other failure by a covered
financial institution to maintain procedures to collect applicant-
provided data that are reasonably designed to obtain a response.
(d) Previously collected data. A covered financial institution is
permitted, but not required, to reuse previously collected data to
satisfy paragraphs (a)(13) through (20) of this section if:
(1) To satisfy paragraphs (a)(13) and (a)(15) through (20) of this
section, the data were collected within the 36 months preceding the
current covered application, or to satisfy paragraph (a)(14) of this
section, the data were collected within the same calendar year as the
current covered application; and
(2) The financial institution has no reason to believe the data are
inaccurate.
Sec. 1002.108 Firewall.
(a) Definitions. For purposes of this section, the following terms
shall have the following meanings:
(1) Involved in making any determination concerning a covered
application from a small business means participating in a decision
regarding the evaluation of a covered application from a small business
or the creditworthiness of a small business applicant for a covered
credit transaction.
(2) Should have access means that an employee or officer may need
to collect, see, consider, refer to, or otherwise use the information
to perform that employee's or officer's assigned job duties.
(b) Prohibition on access to certain information. Unless the
exception under paragraph (c) of this section applies, an employee or
officer of a covered financial institution or a covered financial
institution's affiliate shall not have access to an applicant's
responses to inquiries that the financial institution makes pursuant to
this subpart regarding whether the applicant is a minority-owned
business, a women-owned business, or an LGBTQI+-owned business under
Sec. 1002.107(a)(18), and regarding the ethnicity, race, and sex of
the applicant's principal owners under Sec. 1002.107(a)(19), if that
employee or officer is involved in making any determination concerning
that applicant's covered application.
(c) Exception to the prohibition on access to certain information.
The prohibition in paragraph (b) of this section shall not apply to an
employee or officer if the financial institution determines that it is
not feasible to limit that employee's or officer's access to an
applicant's responses to the financial institution's inquiries under
Sec. 1002.107(a)(18) or (19) and the financial institution provides
the notice required under paragraph (d) of this section to the
applicant. It is not feasible to limit access as required pursuant to
paragraph (b) of this section if the financial institution determines
that an employee or officer involved in making any determination
concerning a covered application from a small business should have
access to one or more applicants' responses to the financial
institution's inquiries under Sec. 1002.107(a)(18) or (19).
(d) Notice. In order to satisfy the exception set forth in
paragraph (c) of this section, a financial institution shall provide a
notice to each applicant whose responses will be accessed, informing
the applicant that one or more employees or officers involved in making
determinations concerning the covered application may have access to
the applicant's responses to the financial institution's inquiries
regarding whether the applicant is a minority-owned business, a women-
owned business, or an LGBTQI+-owned business, and regarding the
ethnicity, race, and sex of the applicant's principal owners. The
financial institution shall provide the notice required by this
paragraph (d) when making the inquiries required under Sec.
1002.107(a)(18) and (19) and together with the notices required
pursuant to Sec. 1002.107(a)(18) and (19).
Sec. 1002.109 Reporting of data to the Bureau.
(a) Reporting to the Bureau--(1) Annual reporting. (i) On or before
June 1 following the calendar year for which data are compiled and
maintained as required by Sec. 1002.107, a covered financial
institution shall submit its small business lending application
register in the format prescribed by the Bureau.
(ii) An authorized representative of the covered financial
institution with knowledge of the data shall certify to the accuracy
and completeness of the data reported pursuant to this paragraph (a).
(iii) When the last day for submission of data prescribed under
paragraph (a)(1) of this section falls on a Saturday or Sunday, a
submission shall be considered timely if it is submitted on the next
succeeding Monday.
(2) Reporting by subsidiaries. A covered financial institution that
is a subsidiary of another covered financial institution shall complete
a separate small business lending application register. The subsidiary
shall submit its small business lending application register, directly
or through its parent, to the Bureau.
(3) Reporting obligations where multiple financial institutions are
involved in a covered credit transaction. Where it is necessary for
more than one financial institution to make a credit decision in order
to approve a single covered credit transaction, only the last covered
financial institution with authority to set the material terms of the
covered credit transaction is required to report the application.
Financial institutions report the actions of their agents.
(b) Financial institution identifying information. A financial
institution shall provide each of the following with its submission:
(1) Its name.
(2) Its headquarters address.
(3) The name and business contact information of a person that the
Bureau or other regulators may contact about the financial
institution's submission.
(4) Its Federal prudential regulator, if applicable.
(5) Its Federal Taxpayer Identification Number (TIN).
(6) Its Legal Entity Identifier (LEI).
(7) Its Research, Statistics, Supervision, and Discount
[[Page 35532]]
identification (RSSD ID) number, if applicable.
(8) Parent entity information, if applicable, including:
(i) The name of the immediate parent entity;
(ii) The LEI of the immediate parent entity, if available;
(iii) The RSSD ID number of the immediate parent entity, if
available;
(iv) The name of the top-holding parent entity;
(v) The LEI of the top-holding parent entity, if available; and
(vi) The RSSD ID number of the top-holding parent entity, if
available.
(9) The type of financial institution that it is, indicated by
selecting the appropriate type or types of institution from the list
provided.
(10) Whether the financial institution is voluntarily reporting
covered applications from small businesses.
(c) Procedures for the submission of data to the Bureau. The Bureau
shall make available a Filing Instructions Guide, containing technical
instructions for the submission of data to the Bureau pursuant to this
section, as well as any related materials, at https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/.
Sec. 1002.110 Publication of data and other disclosures.
(a) Publication of small business lending application registers and
associated financial institution information. The Bureau shall make
available to the public generally the data reported to it by financial
institutions pursuant to Sec. 1002.109, subject to deletions or
modifications made by the Bureau if the Bureau determines that the
deletion or modification of the data would advance a privacy interest.
The Bureau shall make such data available on an annual basis.
(b) Publication of aggregate data. The Bureau may compile and
aggregate data submitted by financial institutions pursuant to Sec.
1002.109, and make any compilations or aggregations of such data
publicly available as the Bureau deems appropriate.
(c) Statement of financial institution's small business lending
data available on the Bureau's website. A covered financial institution
shall make available to the public on its website, or otherwise upon
request, a statement that the covered financial institution's small
business lending application register, as modified by the Bureau
pursuant to Sec. 1002.110(a), is or will be available from the Bureau.
A financial institution shall use language provided by the Bureau, or
substantially similar language, to satisfy the requirement to provide a
statement pursuant to this paragraph (c).
(d) Availability of statements. A covered financial institution
shall make the notice required by paragraph (c) of this section
available to the public on its website when it submits a small business
lending application register to the Bureau pursuant to Sec.
1002.109(a)(1), and shall maintain the notice for as long as it has an
obligation to retain its small business lending application registers
pursuant to Sec. 1002.111(a).
(e) Further disclosure prohibited--(1) Disclosure by a financial
institution. A financial institution shall not disclose or provide to a
third party the information it collects pursuant to Sec.
1002.107(a)(18) and (19) except to further compliance with the Act or
this part or as required by law.
(2) Disclosure by a third party. A third party that obtains
information collected pursuant to Sec. 1002.107(a)(18) and (19) for
the purpose of furthering compliance with the Act or this part is
prohibited from any further disclosure of such information except to
further compliance with the Act or this part or as required by law.
Sec. 1002.111 Recordkeeping.
(a) Record retention. A covered financial institution shall retain
evidence of compliance with this subpart, which includes a copy of its
small business lending application register, for at least three years
after the register is required to be submitted to the Bureau pursuant
to Sec. 1002.109.
(b) Certain information kept separate from the rest of the
application. A financial institution shall maintain, separately from
the rest of the application and accompanying information, an
applicant's responses to the financial institution's inquiries pursuant
to this subpart regarding whether an applicant for a covered credit
transaction is a minority-owned business, a women-owned business, and/
or an LGBTQI+-owned business under Sec. 1002.107(a)(18), and regarding
the ethnicity, race, and sex of the applicant's principal owners under
Sec. 1002.107(a)(19).
(c) Limitation on personally identifiable information in certain
records retained under this section. In reporting a small business
lending application register pursuant to Sec. 1002.109, maintaining
the register pursuant to paragraph (a) of this section, and maintaining
a separate record of information pursuant to paragraph (b) of this
section, a financial institution shall not include any name, specific
address, telephone number, email address, or any other personally
identifiable information concerning any individual who is, or is
connected with, an applicant, other than as required pursuant to Sec.
1002.107 or paragraph (b) of this section.
Sec. 1002.112 Enforcement.
(a) Administrative enforcement and civil liability. A violation of
section 704B of the Act or this subpart is subject to administrative
sanctions and civil liability as provided in sections 704 (15 U.S.C.
1691c) and 706 (15 U.S.C. 1691e) of the Act, where applicable.
(b) Bona fide errors. A bona fide error in compiling, maintaining,
or reporting data with respect to a covered application is one that was
unintentional and occurred despite the maintenance of procedures
reasonably adapted to avoid such an error. A bona fide error is not a
violation of the Act or this subpart. A financial institution is
presumed to maintain procedures reasonably adapted to avoid such errors
with respect to a given data field if the number of errors found in a
random sample of the financial institution's submission for the data
field does not equal or exceed a threshold specified by the Bureau for
this purpose in appendix F to this part. However, an error is not a
bona fide error if either there is a reasonable basis to believe the
error was intentional or there is evidence that the financial
institution does not or has not maintained procedures reasonably
adapted to avoid such errors.
(c) Safe harbors--(1) Incorrect entry for application date. A
financial institution does not violate the Act or this subpart if it
reports on its small business lending application register an
application date that is within three business days of the actual
application date pursuant to Sec. 1002.107(a)(2).
(2) Incorrect entry for census tract. An incorrect entry for census
tract is not a violation of the Act or this subpart if the financial
institution obtained the census tract by correctly using a geocoding
tool provided by the FFIEC or the Bureau.
(3) Incorrect entry for NAICS code. An incorrect entry for a 3-
digit NAICS code is not a violation of the Act or this subpart,
provided that the financial institution obtained the 3-digit NAICS code
by:
(i) Relying on an applicant's representations or on an appropriate
third-party source, in accordance with Sec. 1002.107(b), regarding the
NAICS code; or
(ii) Identifying the NAICS code itself, provided that the financial
institution maintains procedures reasonably adapted to correctly
identify a 3-digit NAICS code.
[[Page 35533]]
(4) Incorrect determination of small business status, covered
credit transaction, or covered application. A financial institution
that initially collects data regarding whether an applicant for a
covered credit transaction is a minority-owned business, a women-owned
business, or an LGBTQI+-owned business, and the ethnicity, race, and
sex of the applicant's principal owners pursuant to Sec.
1002.107(a)(18) and (19) but later concludes that it should not have
collected such data does not violate the Act or this regulation if the
financial institution, at the time it collected this data, had a
reasonable basis for believing that the application was a covered
application for a covered credit transaction from a small business
pursuant to Sec. Sec. 1002.103, 1002.104, and 1002.106, respectively.
A financial institution seeking to avail itself of this safe harbor
shall comply with the requirements of this subpart as otherwise
required pursuant to Sec. Sec. 1002.107, 1002.108, and 1002.111 with
respect to the collected data.
Sec. 1002.113 Severability.
If any provision of this subpart, or any application of a
provision, is stayed or determined to be invalid, the remaining
provisions or applications are severable and shall continue in effect.
Sec. 1002.114 Effective date, compliance date, and special
transitional rules.
(a) Effective date. The effective date for this subpart is August
29, 2023.
(b) Compliance date. The dates by which covered financial
institutions are initially required to comply with the requirements of
this subpart are as follows:
(1) A covered financial institution that originated at least 2,500
covered credit transactions for small businesses in each of calendar
years 2022 and 2023 shall comply with the requirements of this subpart
beginning October 1, 2024.
(2) A covered financial institution that is not subject to
paragraph (b)(1) of this section and that originated at least 500
covered credit transactions for small businesses in each of calendar
years 2022 and 2023 shall comply with the requirements of this subpart
beginning April 1, 2025.
(3) A covered financial institution that is not subject to
paragraphs (b)(1) or (2) of this section and that originated at least
100 covered credit transactions for small businesses in each of
calendar years 2022 and 2023 shall comply with the requirements of this
subpart beginning January 1, 2026.
(4) A financial institution that did not originate at least 100
covered credit transactions for small businesses in each of calendar
years 2022 and 2023 but subsequently originates at least 100 such
transactions in two consecutive calendar years shall comply with the
requirements of this subpart in accordance with Sec. 1002.105(b), but
in any case no earlier than January 1, 2026.
(c) Special transitional rules--(1) Collection of certain
information prior to a financial institution's compliance date. A
financial institution as described in paragraphs (b)(1), (2), or (3) of
this section is permitted, but not required, to collect information
regarding whether an applicant for a covered credit transaction is a
minority-owned business, a women-owned business, and/or an LGBTQI+-
owned business under Sec. 1002.107(a)(18), and the ethnicity, race,
and sex of the applicant's principal owners under Sec. 1002.107(a)(19)
beginning 12 months prior to its applicable compliance date as set
forth in paragraphs (b)(1), (2), or (3) of this section. A financial
institution collecting such information pursuant to this paragraph
(c)(1) must do so in accordance with the requirements set out in
Sec. Sec. 1002.107(a)(18) and (19), 1002.108, and 1002.111(b) and (c).
(2) Determining which compliance date applies to a financial
institution that does not collect information sufficient to determine
small business status. A financial institution that is unable to
determine the number of covered credit transactions it originated for
small businesses in each of calendar years 2022 and 2023 for purposes
of determining its compliance date pursuant to paragraph (b) of this
section, because for some or all of this period it does not have
readily accessible the information needed to determine whether its
covered credit transactions were originated for small businesses as
defined in Sec. 1002.106(b), is permitted to use any reasonable method
to estimate its originations to small businesses for either or both of
the calendar years 2022 and 2023.
[[Page 35534]]
0
7. Appendices E and F are added to read as follows:
Appendix E to Part 1002--Sample Form for Collecting Certain Applicant-
Provided Data Under Subpart B
BILLING CODE 4810-AM-P
[GRAPHIC] [TIFF OMITTED] TR31MY23.211
[[Page 35535]]
[GRAPHIC] [TIFF OMITTED] TR31MY23.212
BILLING CODE 4810-AM-C
Appendix F to Part 1002--Tolerances for Bona Fide Errors in Data
Reported Under Subpart B
As set out in Sec. 1002.112(b) and in comment 112(b)-1, a
financial institution is presumed to maintain procedures reasonably
adapted to avoid errors with respect to a given data field if the
number of errors found in a random sample of a financial
institution's data submission for a given data field do not equal or
exceed the threshold in column C of the following table (Table 1,
Tolerance Thresholds for Bona Fide Errors):
[[Page 35536]]
Table 1 to Appendix F--Tolerance Thresholds for Bona Fide Errors
----------------------------------------------------------------------------------------------------------------
Random sample
Small business lending application register count size \986\ Threshold (#) Threshold (%)
(A) (B) (C) (D)
----------------------------------------------------------------------------------------------------------------
100-130........................................................ 47 3 6.4
131-190........................................................ 56 3 5.4
191-500........................................................ 59 3 5.1
501-100,000.................................................... 79 4 5.1
100,001+....................................................... 159 4 2.5
----------------------------------------------------------------------------------------------------------------
The size of the random sample, under column B, shall depend on
the size of the financial institution's small business lending
application register, as shown in column A of the Threshold Table.
---------------------------------------------------------------------------
\986\ For a financial institution with fewer than 30 entries in
its small business lending application register, the full sample
size is the financial institution's total number of entries. The
threshold number for such financial institutions remains three.
Accordingly, the threshold percentage will be higher for financial
institutions with fewer than 30 entries in their registers
---------------------------------------------------------------------------
The thresholds in column C of the Threshold Table reflect the
number of unintentional errors a financial institution may make
within a particular data field (e.g., the credit product data field
within the credit type data point or the ethnicity data field for a
particular principal owner within the ethnicity, race, and sex of
principal owners data point) in a small business lending application
register that would be deemed bona fide errors for purposes of Sec.
1002.112(b).
For instance, a financial institution that submitted a small
business lending application register containing 105 applications
would be subject to a threshold of three errors per data field. If
the financial institution had made two errors in reporting loan
amount and two errors reporting gross annual income, all of these
errors would be covered by the bona fide error provision of Sec.
1002.112(b) and would not constitute a violation of the Act or this
part. If the same financial institution had made four errors in
reporting loan amount and two errors reporting gross annual income,
the bona fide error provision of Sec. 1002.112(b) would not apply
to the four loan amount errors but would still apply to the two
gross annual income errors.
Even when the number of errors in a particular data field do not
equal or exceed the threshold in column C, if either there is a
reasonable basis to believe that errors in that field were
intentional or there is evidence that the financial institution did
not maintain procedures reasonably adapted to avoid such errors,
then the errors are not bona fide errors under Sec. 1002.112(b).
For purposes of determining bona fide errors under Sec.
1002.112(b), the term ``data field'' generally refers to individual
fields. Some data fields may allow for more than one response. For
example, with respect to information on the ethnicity or race of an
applicant's principal owners, a data field may identify more than
one race or more than one ethnicity for a given person. If one or
more of the ethnicities or races identified in a data field are
erroneous, they count as one (and only one) error for that data
field.
0
8. In Supplement I to part 1002:
0
a. Under Section 1002.5--Rules Concerning Requests for Information,
revise Paragraph 5(a)(2) and Paragraph 5(a)(4);
0
b. Under Section 1002.12--Record Retention, revise 12(b)(7)
Preapplication marketing information;
0
c. Under Section 1002.13--Information for Monitoring Purposes, revise
13(b) Obtaining of information; and
0
d. Add: Section 1002.102--Definitions; Section 1002.103--Covered
Applications; Section 1002.104--Covered Credit Transactions and
Excluded Transactions; Section 1002.105--Covered Financial Institutions
and Exempt Institutions; Section 1002.106--Business and Small Business;
Section 1002.107--Compilation of Reportable Data; Section 1002.108--
Firewall; Section 1002.109--Reporting of Data to the Bureau; Section
1002.110--Publication of Data and Other Disclosures; Section 1002.111--
Recordkeeping; Section 1002.112--Enforcement; and Section 1002.114--
Effective Date, Compliance Date, and Special Transition Rules.
The revisions and additions read as follows:
Supplement I to Part 1002--Official Interpretations
* * * * *
Section 1002.5--Rules Concerning Requests for Information
* * * * *
5(a)(2) Required Collection of Information
1. Local laws. Information that a creditor is allowed to collect
pursuant to a ``state'' statute or regulation includes information
required by a local statute, regulation, or ordinance.
2. Information required by Regulation C. Regulation C, 12 CFR part
1003, generally requires creditors covered by the Home Mortgage
Disclosure Act (HMDA) to collect and report information about the race,
ethnicity, and sex of applicants for certain dwelling-secured loans,
including some types of loans not covered by Sec. 1002.13.
3. Collecting information on behalf of creditors. Persons such as
loan brokers and correspondents do not violate the ECOA or Regulation B
if they collect information that they are otherwise prohibited from
collecting, where the purpose of collecting the information is to
provide it to a creditor that is subject to subpart B of this part, the
Home Mortgage Disclosure Act, or another Federal or State statute or
regulation requiring data collection.
4. Information required by subpart B. Subpart B of this part
generally requires creditors that are covered financial institutions as
defined in Sec. 1002.105(b) to collect and report information about
the ethnicity, race, and sex of the principal owners of applicants for
certain small business credit, as well as whether the applicant is a
minority-owned business, a women-owned business, or an LGBTQI+-owned
business, as defined in Sec. 1002.102(m), (s), and (l), respectively.
5(a)(4) Other Permissible Collection of Information
1. Other permissible collection of information. Information
regarding ethnicity, race, and sex that is not required to be collected
pursuant to Regulation C, 12 CFR part 1003, or subpart B of this part,
may nevertheless be collected under the circumstances set forth in
Sec. 1002.5(a)(4) without violating Sec. 1002.5(b). The information
collected pursuant to 12 CFR part 1003 must be retained pursuant to the
requirements of Sec. 1002.12. The information collected pursuant to
subpart B of this part must be retained pursuant to the requirements
set forth in Sec. 1002.111.
* * * * *
Section 1002.12--Record Retention
* * * * *
12(b) Preservation of Records
* * * * *
[[Page 35537]]
12(b)(7) Preapplication Marketing Information
1. Prescreened credit solicitations. The rule requires creditors to
retain copies of prescreened credit solicitations. For purposes of this
part, a prescreened solicitation is an ``offer of credit'' as described
in 15 U.S.C. 1681a(1) of the Fair Credit Reporting Act. A creditor
complies with Sec. 1002.12(b)(7) if it retains a copy of each
solicitation mailing that contains different terms, such as the amount
of credit offered, annual percentage rate, or annual fee.
2. List of criteria. A creditor must retain the list of criteria
used to select potential recipients. This includes the criteria used by
the creditor both to determine the potential recipients of the
particular solicitation and to determine who will actually be offered
credit.
3. Correspondence. A creditor may retain correspondence relating to
consumers' complaints about prescreened solicitations in any manner
that is reasonably accessible and is understandable to examiners. There
is no requirement to establish a separate database or set of files for
such correspondence, or to match consumer complaints with specific
solicitation programs.
* * * * *
Section 1002.13--Information for Monitoring Purposes
* * * * *
13(b) Obtaining of Information
1. Forms for collecting data. A creditor may collect the
information specified in Sec. 1002.13(a) either on an application form
or on a separate form referring to the application. Appendix B to this
part provides for two alternative data collection model forms for use
in complying with the requirements of Sec. 1002.13(a)(1)(i) and (ii)
to collect information concerning an applicant's ethnicity, race, and
sex. When a creditor collects ethnicity and race information pursuant
to Sec. 1002.13(a)(1)(i)(A), the applicant must be offered the option
to select more than one racial designation. When a creditor collects
ethnicity and race information pursuant to Sec. 1002.13(a)(1)(i)(B),
the applicant must be offered the option to select more than one
ethnicity designation and more than one racial designation.
2. Written applications. The regulation requires written
applications for the types of credit covered by Sec. 1002.13. A
creditor can satisfy this requirement by recording on paper or by means
of computer the information that the applicant provides orally and that
the creditor normally considers in a credit decision.
3. Telephone, mail applications. i. A creditor that accepts an
application by telephone or mail must request the monitoring
information.
ii. A creditor that accepts an application by mail need not make a
special request for the monitoring information if the applicant has
failed to provide it on the application form returned to the creditor.
iii. If it is not evident on the face of an application that it was
received by mail, telephone, or via an electronic medium, the creditor
should indicate on the form or other application record how the
application was received.
4. Video and other electronic-application processes. i. If a
creditor takes an application through an electronic medium that allows
the creditor to see the applicant, the creditor must treat the
application as taken in person. The creditor must note the monitoring
information on the basis of visual observation or surname, if the
applicant chooses not to provide the information.
ii. If an applicant applies through an electronic medium without
video capability, the creditor treats the application as if it were
received by mail.
5. Applications through loan-shopping services. When a creditor
receives an application through an unaffiliated loan-shopping service,
it does not have to request the monitoring information for purposes of
the ECOA or subpart A of this Regulation B. Creditors subject to the
Home Mortgage Disclosure Act should be aware, however, that data
collection may be called for under Regulation C (12 CFR part 1003),
which generally requires creditors to report, among other things, the
sex and race of an applicant on brokered applications or applications
received through a correspondent. Similarly, creditors that are covered
financial institutions under subpart B of this Regulation may also be
required to collect, report, and maintain certain data, as set forth in
subpart B of this Regulation.
6. Inadvertent notation. If a creditor inadvertently obtains the
monitoring information in a dwelling-related transaction not covered by
Sec. 1002.13, the creditor may process and retain the application
without violating the regulation.
* * * * *
Section 1002.102--Definitions
102(b) Applicant
1. General. In no way are the limitations to the term applicant in
Sec. 1002.102(b) of subpart B intended to repeal, abrogate, annul,
impair, change, or interfere with the scope of the term applicant in
Sec. 1002.2(e) as applicable to subpart A.
102(l) LGBTQI+-Owned Business
1. General. In order to be an LGBTQI+-owned business for purposes
of subpart B of this part, a business must satisfy both prongs of the
definition of LGBTQI+-owned business. First, one or more LGBTQI+
individuals must own or control more than 50 percent of the business.
However, it is not necessary that one or more LGBTQI+ individuals both
own and control more than 50 percent of the business. For example, a
business that is owned entirely by one or more LGBTQI+ individuals but
is not controlled by any one or more such individuals satisfies the
first prong of the definition. Similarly, a business that is controlled
by an LGBTQI+ individual satisfies this first prong of the definition,
even if none of the individuals with ownership in the business are
LGBTQI+ individuals. If a business does not satisfy this first prong of
the definition, it is not an LGBTQI+-owned business. Second, 50 percent
or more of the net profits or losses must accrue to one or more LGBTQI+
individuals. If a business does not satisfy this second prong of the
definition, it is not an LGBTQI+-owned business, regardless of whether
it satisfies the first prong of the definition.
2. Purpose of definition. The definition of LGBTQI+-owned business
is used only when an applicant determines if it is an LGBTQI+-owned
business for purposes of Sec. 1002.107(a)(18). A financial institution
shall provide an applicant with the definition of LGBTQI+-owned
business when asking the applicant to provide its LGBTQI+-owned
business status pursuant to Sec. 1002.107(a)(18). A financial
institution satisfies this requirement if it provides the definition as
set forth in the sample data collection form in appendix E. The
financial institution must provide additional clarification by
referencing the definition of LGBTQI+ individual as set forth in Sec.
1002.102(k) if asked by the applicant. The financial institution is
neither permitted nor required to make its own determination regarding
the applicant's LGBTQI+-owned business status.
3. Further clarifications of terms used in the definition of
LGBTQI+-owned
[[Page 35538]]
business. In order to assist an applicant when determining whether it
is an LGBTQI+-owned business, a financial institution may provide the
applicant with the definitions of ownership, control, and accrual of
net profits or losses and related concepts set forth in comments
102(l)-4 through -6. A financial institution may assist an applicant
when the applicant is determining its LGBTQI+-owned business status but
is not required to do so. For purposes of reporting an applicant's
status, a financial institution relies on the applicant's
determinations of its ownership, control, and accrual of net profits
and losses.
4. Ownership. For purposes of determining if a business is an
LGBTQI+-owned business, an individual owns a business if that
individual directly or indirectly, through any contract, arrangement,
understanding, relationship or otherwise, has an equity interest in the
business. Examples of ownership include being the sole proprietor of a
sole proprietorship, directly or indirectly owning or holding the stock
of a corporation or company, directly or indirectly having a
partnership interest in a business, or directly or indirectly having a
membership interest in a limited liability company. Indirect as well as
direct ownership are used when determining ownership for purposes of
Sec. Sec. 1002.102(l) and 1002.107(a)(18). Thus, where applicable,
ownership must be traced through corporate or other indirect ownership
structures. For example, assume that the applicant is company A. If
company B owns 60 percent of applicant company A and an individual owns
100 percent of company B, the individual owns 60 percent of applicant
company A. Similarly, if an individual directly owns 20 percent of
applicant company A and is an equal partner in partnership B that owns
the remaining 80 percent of applicant company A, the individual owns 60
percent of applicant company A (i.e., 20 percent due through direct
ownership and 40 percent indirectly through partnership B). A trustee
is considered the owner of the trust. Thus, if a trust owns a business
and the trust has two co-trustees, each co-trustee owns 50 percent of
the business.
5. Control. An individual controls a business if that individual
has significant responsibility to manage or direct the business. An
individual controls a business if the individual is an executive
officer or senior manager (e.g., a chief executive officer, chief
financial officer, chief operating officer, managing member, general
partner, president, vice president, or treasurer) or regularly performs
similar functions. Additionally, a business may be controlled by two or
more LGBTQI+ individuals if those individuals collectively control the
business, such as constituting a majority of the board of directors or
a majority of the partners of a partnership.
6. Accrual of net profits or losses. A business's net profits and
losses accrue to an individual if that individual receives the net
profits or losses, is legally entitled or required to receive the net
profits or losses, or is legally entitled or required to recognize the
net profits or losses for tax purposes.
102(m) Minority-Owned Business
1. General. In order to be a minority-owned business for purposes
of subpart B of this part, a business must satisfy both prongs of the
definition of minority-owned business. First, one or more American
Indian or Alaska Native, Asian, Black or African American, Native
Hawaiian or Other Pacific Islander, or Hispanic or Latino individuals
must own or control more than 50 percent of the business. However, it
is not necessary that one or more American Indian or Alaska Native,
Asian, Black or African American, Native Hawaiian or Other Pacific
Islander, or Hispanic or Latino individuals both own and control more
than 50 percent of the business. For example, a business that is owned
entirely, but is not controlled by, individuals belonging to one of
these groups satisfies the first prong of the definition. Similarly, a
business that is controlled by an American Indian or Alaska Native,
Asian, Black or African American, Native Hawaiian or Other Pacific
Islander, or Hispanic or Latino individual satisfies this first prong
of the definition, even if none of the individuals with ownership in
the business are American Indian or Alaska Native, Asian, Black or
African American, Native Hawaiian or Other Pacific Islander, or
Hispanic or Latino. If a business does not satisfy this first prong of
the definition, it is not a minority-owned business. Second, 50 percent
or more of the net profits or losses must accrue to one or more
individuals belonging to these groups. If a business does not satisfy
this second prong of the definition, it is not a minority-owned
business, regardless of whether it satisfies the first prong of the
definition.
2. Purpose of definition. The definition of minority-owned business
is used only when an applicant determines if it is a minority-owned
business for purposes of Sec. 1002.107(a)(18). A financial institution
shall provide an applicant with the definition of minority-owned
business when asking the applicant to provide its minority-owned
business status pursuant to Sec. 1002.107(a)(18), but the financial
institution is neither permitted nor required to make its own
determination regarding the applicant's minority-owned business status.
3. Further clarifications of terms used in the definition of
minority-owned business. In order to assist an applicant when
determining whether it is a minority-owned business, a financial
institution may provide the applicant with the definitions of
ownership, control, and accrual of net profits or losses and related
concepts set forth in comments 102(m)-4 through -6. A financial
institution may assist an applicant when the applicant is determining
its minority-owned business status but is not required to do so. For
purposes of reporting an applicant's status, a financial institution
relies on the applicant's determinations of its ownership, control, and
accrual of net profits and losses.
4. Ownership. For purposes of determining if a business is a
minority-owned business, an individual owns a business if that
individual directly or indirectly, through any contract, arrangement,
understanding, relationship or otherwise, has an equity interest in the
business. Examples of ownership include being the sole proprietor of a
sole proprietorship, directly or indirectly owning or holding the stock
of a corporation or company, directly or indirectly having a
partnership interest in a business, or directly or indirectly having a
membership interest in a limited liability company. Indirect as well as
direct ownership are used when determining ownership for purposes of
Sec. Sec. 1002.102(m) and 1002.107(a)(18). Thus, where applicable,
ownership must be traced through corporate or other indirect ownership
structures. For example, assume that the applicant is company A. If
company B owns 60 percent of applicant company A and an individual owns
100 percent of company B, the individual owns 60 percent of applicant
company A. Similarly, if an individual directly owns 20 percent of
applicant company A and is an equal partner in partnership B that owns
the remaining 80 percent of applicant company A, the individual owns 60
percent of applicant company A (i.e., 20 percent due through direct
ownership and 40 percent indirectly through partnership B). A trustee
is considered the owner of the trust. Thus, if a trust owns a business
and the trust
[[Page 35539]]
has two co-trustees, each co-trustee owns 50 percent of the business.
5. Control. An individual controls a business if that individual
has significant responsibility to manage or direct the business. An
individual controls a business if the individual is an executive
officer or senior manager (e.g., a chief executive officer, chief
financial officer, chief operating officer, managing member, general
partner, president, vice president, or treasurer) or regularly performs
similar functions. Additionally, a business may be controlled by two or
more American Indian or Alaska Native, Asian, Black or African
American, Native Hawaiian or Other Pacific Islander, or Hispanic or
Latino individuals if those individuals collectively control the
business, such as constituting a majority of the board of directors or
a majority of the partners of a partnership.
6. Accrual of net profits or losses. A business's net profits and
losses accrue to an individual if that individual receives the net
profits or losses, is legally entitled or required to receive the net
profits or losses, or is legally entitled or required to recognize the
net profits or losses for tax purposes.
7. Multi-racial and multi-ethnic individuals. For purposes of
subpart B of this part, an individual who is multi-racial or multi-
ethnic constitutes an individual for whom the definition of minority-
owned business may apply, depending on whether the individual meets the
other requirements of the definition. For example, an individual who is
both Asian and White is an individual for whom the definition of
minority-owned business shall apply if the individual meets the other
requirements of the definition related to ownership or control and
accrual of profits or losses.
8. Relationship to disaggregated subcategories used to determine
ethnicity and race of principal owners. The ethnicity and race
categories used in this section are aggregate ethnicity (Hispanic or
Latino) and race (American Indian or Alaska Native, Asian, Black or
African American, and Native Hawaiian or Other Pacific Islander)
categories. Those ethnicity and race categories are the same aggregate
categories used (along with Not Hispanic or Latino for ethnicity, and
White for race) to collect an applicant's principal owners' ethnicity
and race pursuant to Sec. 1002.107(a)(19).
102(o) Principal Owner
1. Individual. Only an individual can be a principal owner of a
business for purposes of subpart B of this part. Entities, such as
trusts, partnerships, limited liability companies, and corporations,
are not principal owners for this purpose. Additionally, an individual
must directly own an equity share of 25 percent or more in the business
in order to be a principal owner. Unlike the determination of ownership
for purposes of collecting and reporting minority-owned business
status, women-owned business status, and LGBTQI+-owned business status,
indirect ownership is not considered when determining if someone is a
principal owner for purposes of collecting and reporting principal
owners' ethnicity, race, and sex or the number of principal owners.
Thus, when determining who is a principal owner, ownership is not
traced through multiple corporate structures to determine if an
individual owns 25 percent or more of the equity interests. For
example, if individual A directly owns 20 percent of a business,
individual B directly owns 20 percent, and partnership C owns 60
percent, the business does not have any owners who satisfy the
definition of principal owner set forth in Sec. 1002.102(o), even if
individual A and individual B are the only partners in the partnership
C. Similarly, if individual A directly owns 30 percent of a business,
individual B directly owns 20 percent, and trust D owns 50 percent,
individual A is the only principal owner as defined in Sec.
1002.102(o), even if individual B is the sole trustee of trust D.
2. Trustee. Although a trust is not considered a principal owner of
a business for the purposes of subpart B, if the applicant for a
covered credit transaction is a trust, a trustee is considered the
owner of the trust. Thus, if a trust is an applicant for a covered
credit transaction and the trust has two co-trustees, each co-trustee
is considered to own 50 percent of the business and would each be a
principal owner as defined in Sec. 1002.102(o). In contrast, if the
trust has five co-trustees, each co-trustee is considered to own 20
percent of the business and would not meet the definition of principal
owner under Sec. 1002.102(o).
3. Purpose of definition. A financial institution shall provide an
applicant with the definition of principal owner when asking the
applicant to provide the number of its principal owners pursuant to
Sec. 1002.107(a)(20) and the ethnicity, race, and sex of its principal
owners pursuant to Sec. 1002.107(a)(19). See comments 107(a)(19)-2 and
107(a)(20)-1.
102(s) Women-Owned Business
1. General. In order to be a women-owned business for purposes of
subpart B of this part, a business must satisfy both prongs of the
definition of women-owned business. First, one or more women must own
or control more than 50 percent of the business. However, it is not
necessary that one or more women both own and control more than 50
percent of the business. For example, a business that is owned entirely
by women but is not controlled by any women satisfies the first prong
of the definition. Similarly, a business that is controlled by a woman
satisfies this first prong of the definition, even if none of the
individuals with ownership in the business are women. If a business
does not satisfy this first prong of the definition, it is not a women-
owned business. Second, 50 percent or more of the net profits or losses
must accrue to one or more women. If a business does not satisfy this
second prong of the definition, it is not a women-owned business,
regardless of whether it satisfies the first prong of the definition.
2. Purpose of definition. The definition of women-owned business is
used only when an applicant determines if it is a women-owned business
pursuant to Sec. 1002.107(a)(18). A financial institution shall
provide an applicant with the definition of women-owned business when
asking the applicant to provide its women-owned business status
pursuant to Sec. 1002.107(a)(18), but the financial institution is
neither permitted nor required to make its own determination regarding
the applicant's women-owned business status.
3. Further clarifications of terms used in the definition of women-
owned business. In order to assist an applicant when determining
whether it is a women-owned business, a financial institution may
provide the applicant with the definitions of ownership, control, and
accrual of net profits or losses and related concepts set forth in
comments 102(s)-4 through -6. A financial institution may assist an
applicant when the applicant is determining its women-owned business
status but is not required to do so. For purposes of reporting an
applicant's status, a financial institution relies on the applicant's
determinations of its ownership, control, and accrual of net profits
and losses.
4. Ownership. For purposes of determining if a business is a women-
owned business, an individual owns a business if that individual
directly or indirectly, through any contract, arrangement,
understanding, relationship or otherwise, has an equity interest in the
business. Examples of ownership include being the sole proprietor of a
sole proprietorship,
[[Page 35540]]
directly or indirectly owning or holding the stock of a corporation or
company, directly or indirectly having a partnership interest in a
business, or directly or indirectly having a membership interest in a
limited liability company. Indirect as well as direct ownership are
used when determining ownership for purposes of Sec. Sec. 1002.102(s)
and 1002.107(a)(18). Thus, where applicable, ownership must be traced
through corporate or other indirect ownership structures. For example,
assume that the applicant is company A. If company B owns 60 percent of
the applicant company A and an individual owns 100 percent of company
B, the individual owns 60 percent of the applicant company A.
Similarly, if an individual directly owns 20 percent of the applicant
company A and is an equal partner in a partnership B that owns the
remaining 80 percent of the applicant company A, the individual owns 60
percent of applicant company A (i.e., 20 percent due through direct
ownership and 40 percent indirectly through partnership B). A trustee
is considered the owner of the trust. Thus, if a trust owns a business
and the trust has two co-trustees, each co-trustee owns 50 percent of
the business.
5. Control. An individual controls a business if that individual
has significant responsibility to manage or direct the business. An
individual controls a business if the individual is an executive
officer or senior manager (e.g., a chief executive officer, chief
financial officer, chief operating officer, managing member, general
partner, president, vice president, or treasurer) or regularly performs
similar functions. Additionally, a business may be controlled by two or
more women if those women collectively control the business, such as
constituting a majority of the board of directors or a majority of the
partners of a partnership.
6. Accrual of net profits or losses. A business's net profits and
losses accrue to an individual if that individual receives the net
profits or losses, is legally entitled or required to receive the net
profits or losses, or is legally entitled or required to recognize the
net profits or losses for tax purposes.
Section 1002.103--Covered Applications
103(a) Covered Application
1. General. Subject to the requirements of subpart B of this part,
a financial institution has latitude to establish its own application
procedures, including designating the type and amount of information it
will require from applicants.
2. Procedures used. The term ``procedures'' refers to the actual
practices followed by a financial institution as well as its stated
application procedures. For example, if a financial institution's
stated policy is to require all applications to be in writing on the
financial institution's application form, but the financial institution
also makes credit decisions based on oral requests, the financial
institution's procedures are to accept both oral and written
applications.
3. Consistency with subpart A. Bureau interpretations that appear
in this supplement I in connection with Sec. Sec. 1002.2(f) and 1002.9
are generally applicable to the definition of a covered application in
Sec. 1002.103. However, the definition of a covered application in
Sec. 1002.103 does not include inquiries and prequalification
requests. The definition of a covered application also does not include
reevaluation, extension, or renewal requests on an existing business
credit account, unless the request seeks additional credit amounts. See
Sec. 1002.103(b).
4. Solicitations and firm offers of credit. For purposes of subpart
B of this part, the term covered application does not include
solicitations, firm offers of credit, or other evaluations initiated by
the financial institution because in these situations the business has
not made a request for credit. For example, if a financial institution
sends a firm offer of credit to a business for a $10,000 line of
credit, and the business does not respond, it is not a covered
application because the business never made a request for credit.
However, using the same example, if the business seeks to obtain the
credit offered, assuming the requirements of a covered application are
otherwise met, the business's request constitutes a covered application
for purposes of subpart B of this part. See also comment 103(b)-4.
5. Requests for multiple covered credit transactions at one time.
Assuming the requirements of a covered application are met, if an
applicant makes a request for two or more covered credit transactions
at the same time, the financial institution reports each request as a
separate covered application. For example, if an applicant is seeking
both a term loan and a line of credit and requests them both on the
same application form, the financial institution reports the requests
as two separate covered applications, one for a term loan and another
for a line of credit. See Sec. 1002.107(d) for the requirements for
reusing data so that a financial institution need only ask once for
certain data required under Sec. 1002.107(a). If, on the other hand,
the applicant is only requesting a single covered credit transaction,
but has not decided on which particular product, the financial
institution reports the request as a single covered application. For
example, if the applicant indicates interest in either a term loan or a
line of credit, but not both, the financial institution reports the
request as a single covered application. See comment 107(a)(5)-1 for
instructions on reporting credit product in this situation.
6. Initial request for a single covered credit transaction that
would result in the origination of multiple covered credit
transactions. Assuming the requirements of a covered application are
met, if an applicant initially makes a request for one covered credit
transaction, but over the course of the application process requests
multiple covered credit transactions, each covered credit transaction
must be reported as a separate covered application. See Sec.
1002.107(d) for the requirements for reusing data so that a financial
institution need only ask once for certain data required under Sec.
1002.107(a).
7. Requests for multiple lines of credit at one time. Assuming the
requirements of a covered application are met, if an applicant requests
multiple lines of credit on a single credit account, it is reported as
one or more covered applications based on the procedures used by the
financial institution for the type of credit account. For example, if a
financial institution treats a request for multiple lines of credit at
one time as sub-components of a single account, the financial
institution reports the request as a single covered application. If, on
the other hand, the financial institution treats each line of credit as
a separate account, then the financial institution reports each request
for a line of credit as a separate covered application, as set forth in
comment 103(a)-5.
8. Duplicate applications. If a financial institution receives two
or more duplicate covered applications (i.e., from the same applicant,
for the same credit product, for the same amount, at or around the same
time), the financial institution may treat the request as a single
covered application for purposes of subpart B, so long as for purposes
of determining whether to extend credit, it would also treat one or
more of the applications as a duplicate under its procedures.
9. Changes in whether there is a covered credit transaction. In
certain circumstances, an applicant may change the type of product
requested during the course of the application process.
[[Page 35541]]
Assuming other requirements of a covered application are met, if an
applicant initially requests a product that is not a covered credit
transaction, but prior to final action taken decides to seek instead a
product that is a covered credit transaction, the application is a
covered application and must be reported pursuant to Sec. 1002.109. In
this circumstance, the financial institution shall endeavor to compile,
maintain, and report the data required under Sec. 1002.107(a) in a
manner that is reasonable under the circumstances. If, on the other
hand, an applicant initially requests a product that is a covered
credit transaction, but prior to final action taken decides instead to
seek a product that is not a covered credit transaction, the
application is not a covered application and thus is not reported. See
also Sec. 1002.112(c)(4), which provides a safe harbor for incorrect
collection of certain data if, at the time of collection, the financial
institution had a reasonable basis for believing that the application
was a covered application. Assuming other requirements of a covered
application are met, if an applicant initially requests a product that
is a covered credit transaction, the financial institution
counteroffers with a product that is not a covered credit transaction,
and the applicant declines to proceed or fails to respond, the
application is reported as a covered application. For example, if an
applicant initially applies for a term loan, but then, after
consultation with the financial institution, decides that a lease would
better meet its needs and decides to proceed with that product, the
application is not a covered application and thus is not reported.
However, if an applicant initially applies for a term loan, the
financial institution offers to consider the applicant only for a
lease, and the applicant refuses, the transaction is a covered
application that must be reported.
10. Multiple unaffiliated co-applicants. If a covered financial
institution receives a covered application from multiple businesses
that are not affiliates, as defined by Sec. 1002.102(a), it shall
compile, maintain, and report data pursuant to Sec. Sec. 1002.107
through 1002.109 for only a single applicant that is a small business,
as defined in Sec. 1002.106(b). A covered financial institution shall
establish consistent procedures for designating a single small business
for purposes of collecting and reporting data under subpart B in
situations where there is more than one small business co-applicant,
such as reporting on the first small business listed on an application
form. For example, if three businesses jointly apply as co-applicants
for a term loan to purchase a piece of equipment, but only one of the
businesses is a small business, as defined in Sec. 1002.106(b), the
financial institution reports on the single small business. If,
however, two of the businesses are small businesses, as defined in
Sec. 1002.106(b), the financial institution must have a procedure for
designating which small business among multiple small business co-
applicants it will report information on, such as consistently
reporting on the first small business listed on an application form.
See also Sec. 1002.5(a)(4)(x), which permits a creditor to collect
certain protected information about co-applicants under certain
circumstances.
11. Refinancings and evaluation, extension, or renewal requests
that request additional credit amounts. As discussed in comments
103(b)-2 and -3, assuming other requirements of a covered application
are met, an applicant's request to refinance and an applicant's request
for additional credit amounts on an existing account both constitute
covered applications.
103(b) Circumstances That Are Not Covered Applications
1. In general. The circumstances set forth in Sec. 1002.103(b) are
not covered applications for purposes of subpart B of this part, even
if considered applications under subpart A of this part. However, in no
way are the exclusions in Sec. 1002.103(b) intended to repeal,
abrogate, annul, impair, change, or interfere with the scope of the
term application in Sec. 1002.2(f) as applicable to subpart A.
2. Reevaluation, extension, or renewal requests that do not request
additional credit amounts. An applicant's request to change one or more
terms of an existing account does not constitute a covered application,
unless the applicant is requesting additional credit amounts on the
account. For example, an applicant's request to extend the duration on
a line of credit or to remove a guarantor would not be a covered
application. However, assuming other requirements of a covered
application are met, an applicant's request to refinance would be
reportable. A refinancing occurs when an existing obligation is
satisfied and replaced by a new obligation undertaken by the same
borrower.
3. Reevaluation, extension, or renewal requests that request
additional credit amounts. A Assuming other requirements of a covered
application are met, an applicant's request for additional credit
amounts on an existing account constitutes a covered application. For
example, an applicant's request for a line increase on an existing line
of credit, made in accordance with a financial institution's procedures
for the type of credit requested, would be a covered application. As
discussed in comment 107(a)(7)-4, when reporting a covered application
that seeks additional credit amounts on an existing account, the
financial institution need only report the additional credit amount
sought, and not the entire credit amount. For example, if an applicant
currently has a line of credit account for $100,000, and seeks to
increase the line to $150,000, the financial institution reports the
amount applied for as $50,000.
4. Reviews or evaluations initiated by the financial institution.
For purposes of subpart B of this part, the term covered application
does not include evaluations or reviews of existing accounts initiated
by the financial institution because the business has not made a
request for credit. For example, if a financial institution conducts
periodic reviews of its existing lines of credit and decides to
increase the business's line by $10,000, it is not a covered
application because the business never made a request for the
additional credit amounts. However, if such an evaluation or review of
an existing account by a financial institution results in the financial
institution inviting the business to apply for additional credit
amounts on an existing account and the business does so, the business's
request constitutes a covered application for purposes of subpart B of
this part, assuming other requirements of a covered application are
met. Similarly, as noted in comment 103(a)-4, the term covered
application also does not include solicitations and firm offers of
credit.
5. Inquiries and prequalification requests. An inquiry is a request
by a prospective applicant for information about credit terms offered
by the financial institution. A prequalification request is a request
by a prospective applicant for a preliminary determination on whether
the prospective applicant would likely qualify for credit under a
financial institution's standards or for a determination on the amount
of credit for which the prospective applicant would likely qualify.
Inquiries and prequalification requests are not covered applications
under subpart B of this part, even though in certain circumstances
inquiries and prequalification requests may constitute
[[Page 35542]]
applications under subpart A. For example, while an inquiry or
prequalification request may become an ``application'' under subpart A
if the creditor evaluates information about the business, decides to
decline the request, and communicates this to the business, such
inquiries or prequalifications would not be ``covered applications''
under subpart B of this part. Whether a particular request is a covered
application, or whether instead it is an inquiry or prequalification
request that is not reportable under subpart B, may turn, for instance,
on how a financial institution structures and processes such requests:
does the financial institution require or encourage a preliminary
review in order for a business to be considered for a covered credit
transaction, or does the business voluntarily seek preliminary feedback
as a tool to explore its options before it decides whether to apply for
credit with the financial institution? The name used by the financial
institution for such a request is not determinative. For example, under
subpart B, a review is a reportable covered application if the
financial institution requires the business, before it may apply for
credit, to pass through a mandatory screening process that considers
particular information about the business and denies or turns away the
business if it is ineligible or unlikely to qualify for credit. In
contrast, a business that requests a financial institution to identify
credit products for which the business might qualify based on limited
or self-described characteristics, and without any commitment from the
financial institution to extend credit, may not have submitted a
covered application for purposes of subpart B.
Section 1002.104--Covered Credit Transactions and Excluded Transactions
104(a) Covered Credit Transaction
1. General. The term ``covered credit transaction'' includes all
business credit (including loans, lines of credit, credit cards, and
merchant cash advances) unless otherwise excluded under Sec.
1002.104(b).
104(b) Excluded Transactions
1. Factoring. The term ``covered credit transaction'' does not
cover factoring as described herein. For the purpose of this subpart,
factoring is an accounts receivable purchase transaction between
businesses that includes an agreement to purchase, transfer, or sell a
legally enforceable claim for payment for goods that the recipient has
supplied or services that the recipient has rendered but for which
payment in full has not yet been made. The name used by the financial
institution for a product is not determinative of whether or not it is
a ``covered credit transaction.'' This description of factoring is not
intended to repeal, abrogate, annul, impair, or interfere with any
existing interpretations, orders, agreements, ordinances, rules, or
regulations adopted or issued pursuant to comment 9(a)(3)-3. A
financial institution shall report an extension of business credit
incident to a factoring arrangement that is otherwise a covered credit
transaction as ``Other sales-based financing transaction'' under Sec.
1002.107(a)(5).
2. Leases. The term ``covered credit transaction'' does not cover
leases as described herein. A lease, for the purpose of this subpart,
is a transfer from one business to another of the right to possession
and use of goods for a term, and for primarily business or commercial
(including agricultural) purposes, in return for consideration. A lease
does not include a sale, including a sale on approval or a sale or
return, or a transaction resulting in the retention or creation of a
security interest. The name used by the financial institution for a
product is not determinative of whether or not it is a ``covered credit
transaction.''
3. Consumer-designated credit. The term ``covered credit
transaction'' does not include consumer-designated credit that is used
for business or agricultural purposes. A transaction qualifies as
consumer-designated credit if the financial institution offers or
extends the credit primarily for personal, family, or household
purposes. For example, an open-end credit account used for both
personal and business/agricultural purposes is not business credit for
the purpose of subpart B of this part unless the financial institution
designated or intended for the primary purpose of the account to be
business/agricultural-related.
4. Credit transaction purchases, purchases of an interest in a pool
of credit transactions, and purchases of a partial interest in a credit
transaction. The term ``covered credit transaction'' does not cover the
purchase of an originated credit transaction, the purchase of an
interest in a pool of credit transactions, or the purchase of a partial
interest in a credit transaction such as through a loan participation
agreement. Such purchases do not, in themselves, constitute an
application for credit. See also comment 109(a)(3)-2.i.
104(b)(1) Trade Credit
1. General. Trade credit, as defined in Sec. 1002.104(b)(1), is
excluded from the definition of a covered credit transaction. An
example of trade credit involves a supplier that finances the sale of
equipment, supplies, or inventory. However, an extension of business
credit by a financial institution other than the supplier for the
financing of such items is not trade credit. Also, credit extended by a
business providing goods or services to another business is not trade
credit for the purposes of this subpart where the supplying business
intends to sell or transfer its rights as a creditor to a third party.
2. Trade credit under subpart A. The definition of trade credit
under comment 9(a)(3)-2 applies to relevant provisions under subpart A,
and Sec. 1002.104(b)(1) is not intended to repeal, abrogate, annul,
impair, or interfere with any existing interpretations, orders,
agreements, ordinances, rules, or regulations adopted or issued
pursuant to comment 9(a)(3)-2.
Section 1002.105--Covered Financial Institutions and Exempt
Institutions
105(a) Financial Institution
1. Examples. Section 1002.105(a) defines a financial institution as
any partnership, company, corporation, association (incorporated or
unincorporated), trust, estate, cooperative organization, or other
entity that engages in any financial activity. This definition
includes, but is not limited to, banks, savings associations, credit
unions, online lenders, platform lenders, community development
financial institutions, Farm Credit System lenders, lenders involved in
equipment and vehicle financing (captive financing companies and
independent financing companies), commercial finance companies,
organizations exempt from taxation pursuant to 26 U.S.C. 501(c), and
governments or governmental subdivisions or agencies.
2. Motor vehicle dealers. Pursuant to Sec. 1002.101(a), subpart B
of this part excludes from coverage persons defined by section 1029 of
the Consumer Financial Protection Act of 2010, title X of the Dodd-
Frank Wall Street Reform and Consumer Protection Act, Public Law 111-
203, 124 Stat. 1376, 2004 (2010).
105(b) Covered Financial Institution
1. Preceding calendar year. The definition of covered financial
institution refers to preceding calendar years. For example, in 2029,
the two preceding calendar years are 2027 and 2028. Accordingly, in
2029, Financial Institution A does not meet the loan-
[[Page 35543]]
volume threshold in Sec. 1002.105(b) if did not originate at least 100
covered credit transactions for small businesses both during 2027 and
during 2028.
2. Origination threshold. A financial institution qualifies as a
covered financial institution based on total covered credit
transactions originated for small businesses, rather than covered
applications received from small businesses. For example, if in both
2024 and 2025, Financial Institution B received 105 covered
applications from small businesses and originated 95 covered credit
transactions for small businesses, then for 2026, Financial Institution
B is not a covered financial institution.
3. Counting originations when multiple financial institutions are
involved in originating a covered credit transaction. For the purpose
of counting originations to determine whether a financial institution
is a covered financial institution under Sec. 1002.105(b), in a
situation where multiple financial institutions are involved in
originating a single covered credit transaction, only the last
financial institution with authority to set the material terms of the
covered credit transaction is required to count the origination.
4. Counting originations after adjustments to the gross annual
revenue threshold due to inflation. Pursuant to Sec. 1002.106(b)(2),
every five years, the gross annual revenue threshold used to define a
small business in Sec. 1002.106(b)(1) shall be adjusted, if necessary,
to account for inflation. The first time such an adjustment could occur
is in 2030, with an effective date of January 1, 2031. A financial
institution seeking to determine whether it is a covered financial
institution applies the gross annual revenue threshold that is in
effect for each year it is evaluating. For example, a financial
institution seeking to determine whether it is a covered financial
institution in 2032 counts its originations of covered credit
transactions for small businesses in calendar years 2030 and 2031. The
financial institution applies the initial $5 million threshold to
evaluate whether its originations were to small businesses in 2030. In
this example, if the small business threshold were increased to $5.5
million effective January 1, 2031, the financial institution applies
the $5.5 million threshold to count its originations for small
businesses in 2031.
5. Reevaluation, extension, or renewal requests, as well as credit
line increases and other requests for additional credit amounts. While
requests for additional credit amounts on an existing account can
constitute a ``covered application'' pursuant to Sec. 1002.103(b)(1),
such requests are not counted as originations for the purpose of
determining whether a financial institution is a covered financial
institution pursuant to Sec. 1002.105(b). In addition, transactions
that extend, renew, or otherwise amend a transaction are not counted as
originations. For example, if a financial institution originates 50
term loans and 30 lines of credit for small businesses in each of the
preceding two calendar years, along with 25 line increases for small
businesses in each of those years, the financial institution is not a
covered financial institution because it has not originated at least
100 covered credit transactions in each of the two preceding calendar
years.
6. Annual consideration. Whether a financial institution is a
covered financial institution for a particular year depends on its
small business lending activity in the preceding two calendar years.
Therefore, whether a financial institution is a covered financial
institution is an annual consideration for each year that data may be
compiled and maintained for purposes of subpart B of this part. A
financial institution may be a covered financial institution for a
given year of data collection (and the obligations arising from
qualifying as a covered financial institution shall continue into
subsequent years, pursuant to Sec. Sec. 1002.110 and 1002.111), but
the same financial institution may not be a covered financial
institution for the following year of data collection. For example,
Financial Institution C originated 105 covered transactions for small
businesses in both 2024 and 2025. In 2026, Financial Institution C is a
covered financial institution and therefore is obligated to compile and
maintain applicable 2026 small business lending data under Sec.
1002.107(a). During 2026, Financial Institution C originates 95 covered
transactions for small businesses. In 2027, Financial Institution C is
not a covered financial institution with respect to 2027 small business
lending data, and is not obligated to compile and maintain 2027 data
under Sec. 1002.107(a) (although Financial Institution C may volunteer
to collect and maintain 2027 data pursuant to Sec. 1002.5(a)(4)(vii)
and as explained in comment 105(b)-10). Pursuant to Sec. 1002.109(a),
Financial Institution C shall submit its small business lending
application register for 2026 data in the format prescribed by the
Bureau by June 1, 2027 because Financial Institution C is a covered
financial institution with respect to 2026 data, and the data
submission deadline of June 1, 2027 applies to 2026 data.
7. Merger or acquisition--coverage of surviving or newly formed
institution. After a merger or acquisition, the surviving or newly
formed financial institution is a covered financial institution under
Sec. 1002.105(b) if it, considering the combined lending activity of
the surviving or newly formed institution and the merged or acquired
financial institutions (or acquired branches or locations), satisfies
the criteria included in Sec. 1002.105(b). For example, Financial
Institutions A and B merge. The surviving or newly formed financial
institution meets the threshold in Sec. 1002.105(b) if the combined
previous components of the surviving or newly formed financial
institution (A plus B) would have originated at least 100 covered
credit transactions for small businesses for each of the two preceding
calendar years. Similarly, if the combined previous components and the
surviving or newly formed financial institution would have reported at
least 100 covered transactions for small businesses for the year
previous to the merger as well as 100 covered transactions for small
businesses for the year of the merger, the threshold described in Sec.
1002.105(b) would be met and the surviving or newly formed financial
institution would be a covered institution under Sec. 1002.105(b) for
the year following the merger. Comment 105(b)-8 discusses a financial
institution's responsibilities with respect to compiling and
maintaining (and subsequently reporting) data during the calendar year
of a merger.
8. Merger or acquisition--coverage specific to the calendar year of
the merger or acquisition. The scenarios described below illustrate a
financial institution's responsibilities specifically for data from the
calendar year of a merger or acquisition. For purposes of these
illustrations, an ``institution that is not covered'' means either an
institution that is not a financial institution, as defined in Sec.
1002.105(a), or a financial institution that is not a covered financial
institution, as defined in Sec. 1002.105(b).
i. Two institutions that are not covered financial institutions
merge. The surviving or newly formed institution meets all of the
requirements necessary to be a covered financial institution. No data
are required to be compiled, maintained, or reported for the calendar
year of the merger (even though the merger creates an institution that
meets all of the requirements necessary to be a covered financial
institution).
[[Page 35544]]
ii. A covered financial institution and an institution that is not
covered merge. The covered financial institution is the surviving
institution, or a new covered financial institution is formed. For the
calendar year of the merger, data are required to be compiled,
maintained, and reported for covered applications from the covered
financial institution and is optional for covered applications from the
financial institution that was previously not covered.
iii. A covered financial institution and an institution that is not
covered merge. The institution that is not covered is the surviving
institution and remains not covered after the merger, or a new
institution that is not covered is formed. For the calendar year of the
merger, data are required to be compiled and maintained (and
subsequently reported) for covered applications from the previously
covered financial institution that took place prior to the merger.
After the merger date, compiling, maintaining, and reporting data is
optional for applications from the institution that was previously
covered for the remainder of the calendar year of the merger.
iv. Two covered financial institutions merge. The surviving or
newly formed financial institution is a covered financial institution.
Data are required to be compiled and maintained (and subsequently
reported) for the entire calendar year of the merger. The surviving or
newly formed financial institution files either a consolidated
submission or separate submissions for that calendar year.
9. Foreign applicability. As discussed in comment 1(a)-2,
Regulation B (including subpart B) generally does not apply to lending
activities that occur outside the United States.
10. Voluntary collection and reporting. Section 1002.5(a)(4)(vii)
through (x) permits a creditor that is not a covered financial
institution under Sec. 1002.105(b) to voluntarily collect and report
information regarding covered applications from small businesses in
certain circumstances. If a creditor is voluntarily collecting
information for covered applications regarding whether the applicant is
a minority-owned business, a women-owned business, and/or an LGBTQI+-
owned business under Sec. 1002.107(a)(18), and regarding the
ethnicity, race, and sex of the applicant's principal owners under
Sec. 1002.107(a)(19), it shall do so in compliance with Sec. Sec.
1002.107, 1002.108, 1002.111, 1002.112 as though it were a covered
financial institution. If a creditor is reporting those covered
applications from small businesses to the Bureau, it shall do so in
compliance with Sec. Sec. 1002.109 and 1002.110 as though it were a
covered financial institution.
Section 1002.106--Business and Small Business
106(b) Small Business Definition
106(b)(1) Small Business
1. Change in determination of small business status--business is
ultimately not a small business. If a financial institution initially
determines an applicant is a small business as defined in Sec.
1002.106 based on available information and collects data required by
Sec. 1002.107(a)(18) and (19) but later concludes that the applicant
is not a small business, the financial institution does not violate the
Act or this regulation if it meets the requirements of Sec.
1002.112(c)(4). The financial institution shall not report the
application on its small business lending application register pursuant
to Sec. 1002.109.
2. Change in determination of small business status--business is
ultimately a small business. Consistent with comment 107(a)(14)-1, a
financial institution need not independently verify gross annual
revenue. If a financial institution initially determines that the
applicant is not a small business as defined in Sec. 1002.106(b), but
later concludes the applicant is a small business prior to taking final
action on the application, the financial institution must report the
covered application pursuant to Sec. 1002.109. In this situation, the
financial institution shall endeavor to compile, maintain, and report
the data required under Sec. 1002.107(a) in a manner that is
reasonable under the circumstances. For example, if the applicant
initially provides a gross annual revenue of $5.5 million (that is,
above the threshold for a small business as initially defined in Sec.
1002.106(b)(1)), but during the course of underwriting the financial
institution discovers the applicant's gross annual revenue was in fact
$4.75 million (meaning that the applicant is within the definition of a
small business under Sec. 1002.106(b)), the financial institution is
required to report the covered application pursuant to Sec. 1002.109.
In this situation, the financial institution shall take reasonable
steps upon discovery to compile, maintain, and report the data
necessary under Sec. 1002.107(a) to comply with subpart B of this part
for that covered application. Thus, in this example, even if the
financial institution's procedure is typically to request applicant-
provided data together with the application form, in this circumstance,
the financial institution shall seek to collect the data during the
application process necessary to comply with subpart B in a manner that
is reasonable under the circumstances.
3. Applicant's representations regarding gross annual revenue;
inclusion of affiliate revenue; updated or verified information. A
financial institution is permitted to rely on an applicant's
representations regarding gross annual revenue (which may or may not
include any affiliate's revenue) for purposes of determining small
business status under Sec. 1002.106(b). However, if the applicant
provides updated gross annual revenue information or the financial
institution verifies the gross annual revenue information (see comment
107(b)-1), the financial institution must use the updated or verified
information in determining small business status.
4. Multiple unaffiliated co-applicants--size determination. The
financial institution shall not aggregate unaffiliated co-applicants'
gross annual revenues for purposes of determining small business status
under Sec. 1002.106(b). If a covered financial institution receives a
covered application from multiple businesses who are not affiliates, as
defined by Sec. 1002.102(a), where at least one business is a small
business under Sec. 1002.106(b), the financial institution shall
compile, maintain, and report data pursuant to Sec. Sec. 1002.107
through 1002.109 regarding the covered application for only a single
applicant that is a small business. See comment 103(a)-10 for
additional details.
106(b)(2) Inflation Adjustment
1. Inflation adjustment methodology. The small business gross
annual revenue threshold set forth in Sec. 1002.106(b)(1) will be
adjusted upward or downward to reflect changes, if any, in the Consumer
Price Index for All Urban Consumers (U.S. city average series for all
items, not seasonally adjusted), as published by the United States
Bureau of Labor Statistics (``CPI-U''). The base for computing each
adjustment is the January 2025 CPI-U; this base value shall be compared
to the CPI-U value in January 2030 and every five years thereafter. For
example, after the January 2030 CPI-U is made available, the adjustment
is calculated by determining the percentage change in the CPI-U between
January 2025 and January 2030, applying this change to the $5 million
gross annual revenue threshold, and rounding to the nearest $500,000.
If, as a result of this rounding, there is no change in the gross
annual revenue threshold, there will be no adjustment. For example, if
in January
[[Page 35545]]
2030 the adjusted value were $4.9 million (reflecting a $100,000
decrease from January 2025 CPI-U), then the threshold would not adjust
because $4.9 million would be rounded up to $5 million. If on the other
hand, the adjusted value were $5.7 million, then the threshold would
adjust to $5.5 million. Where the adjusted value is a multiple of
$250,000 (e.g., $5,250,000), then the threshold adjusts upward (in this
example, to $5,500,000).
2. Substitute for CPI-U. If publication of the CPI-U ceases, or if
the CPI-U otherwise becomes unavailable or is altered in such a way as
to be unusable, then the Bureau shall substitute another reliable cost
of living indicator from the United States Government for the purpose
of calculating adjustments pursuant to Sec. 1002.106(b)(2).
Section 1002.107--Compilation of Reportable Data
107(a) Data Format and Itemization
1. General. Section 1002.107(a) describes a covered financial
institution's obligation to compile and maintain data regarding the
covered applications it receives from small businesses.
i. A covered financial institution reports these data even if the
credit originated pursuant to the reported application was subsequently
sold by the institution.
ii. A covered financial institution annually reports data for
covered applications for which final action was taken in the previous
calendar year.
iii. A covered financial institution reports data for a covered
application on its small business lending application register for the
calendar year during which final action was taken on the application,
even if the institution received the application in a previous calendar
year.
2. Free-form text fields. A covered financial institution may use
technology such as autocorrect and predictive text when requesting
applicant-provided data under subpart B of this part that the financial
institution reports via free-form text fields, provided that such
technology does not restrict the applicant's ability to write in its
own response instead of using text suggested by the technology.
3. Filing Instructions Guide. Additional details and procedures for
compiling data pursuant to Sec. 1002.107 are included in the Filing
Instructions Guide, which is available at https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/.
4. Additional data point response options. The Bureau may add
additional response options to the lists of responses contained in the
commentary that follows for certain of the data points set forth in
Sec. 1002.107(a), via the Filing Instructions Guide. Refer to the
Filing Instructions Guide for any updates for each reporting year.
107(a)(1) Unique Identifier
1. Unique within the financial institution. A financial institution
complies with Sec. 1002.107(a)(1) by compiling and reporting an
alphanumeric application or loan identifier unique within the financial
institution to the specific application. The identifier must not exceed
45 characters, and must begin with the financial institution's Legal
Entity Identifier (LEI), as defined in comment 109(b)(6)-1. Separate
applications for the same applicant must have separate identifiers. The
identifier may only include standard numerical and/or upper-case
alphabetical characters and cannot include dashes, other special
characters, or characters with diacritics. The financial institution
may assign the unique identifier at any time prior to reporting the
application. Refinancings or applications for refinancing must be
assigned a different identifier than the transaction that is being
refinanced. A financial institution with multiple branches must ensure
that its branches do not use the same identifiers to refer to multiple
applications.
2. Does not include directly identifying information. The unique
identifier must not include any directly identifying information, such
as a whole or partial Social Security number or employer identification
number, about the applicant or persons (natural or legal) associated
with the applicant. See also Sec. 1002.111(c) and related commentary.
107(a)(2) Application Date
1. Consistency. Section 1002.107(a)(2) requires that, in reporting
the date of covered application, a financial institution shall report
the date the covered application was received or the date shown on a
paper or electronic application form. Although a financial institution
need not choose the same approach for its entire small business lending
application register, it should generally be consistent in its approach
by, for example, establishing procedures for how to report this date
within particular scenarios, products, or divisions. If the financial
institution chooses to report the date shown on an application form and
the institution retains multiple versions of the application form, the
institution reports the date shown on the first application form
satisfying the definition of covered application pursuant to Sec.
1002.103.
2. Application received. For an application submitted directly to
the financial institution or its affiliate (as described in Sec.
1002.107(a)(4)), the financial institution shall report the date it
received the covered application, as defined under Sec. 1002.103, or
the date shown on a paper or electronic application form. For an
application initially submitted to a third party, see comment
107(a)(2)-3.
3. Indirect applications. For an application that was not submitted
directly to the financial institution or its affiliate (as described in
Sec. 1002.107(a)(4)), the financial institution shall report the date
the application was received by the party that initially received the
application, the date the application was received by the financial
institution, or the date shown on the application form. Although a
financial institution need not choose the same approach for its entire
small business lending application register, it should generally be
consistent in its approach by, for example, establishing procedures for
how to report this date within particular scenarios, products, or
divisions.
4. Safe harbor. Pursuant to Sec. 1002.112(c)(1), a financial
institution that reports on its small business lending application
register an application date that is within three business days of the
actual application date pursuant to Sec. 1002.107(a)(2) does not
violate the Act or subpart B of this part. For purposes of this
paragraph, a business day means any day the financial institution is
open for business.
107(a)(3) Application Method
1. General. A financial institution complies with Sec.
1002.107(a)(3) by reporting the means by which the applicant submitted
the application from one of the following options: in-person,
telephone, online, or mail. If the financial institution retains
multiple versions of the application form, the institution reports the
means by which the first application form satisfying the definition of
covered application pursuant to Sec. 1002.103 was submitted.
i. In-person. A financial institution reports the application
method as ``in-person'' if the applicant submitted the application to
the financial institution, or to another party acting on the financial
institution's behalf, in person. The in-person application method
applies, for example, to applications submitted at a branch office
(including applications hand delivered by the applicant), at the
applicant's place of
[[Page 35546]]
business, or via electronic media with a video component).
ii. Telephone. A financial institution reports the application
method as ``telephone'' if the applicant submitted the application to
the financial institution, or another party acting on the financial
institution's behalf, by telephone call or via audio-based electronic
media without a video component.
iii. Online. A financial institution reports the application method
as ``online'' if the applicant submitted the application to the
financial institution, or another party acting on the financial
institution's behalf, through a website, mobile application (app), fax
transmission, electronic mail, text message, or some other form of
text-based electronic communication.
iv. Mail. A financial institution reports the application method as
``mail'' if the applicant submitted the application to the financial
institution, or another party acting on the financial institution's
behalf, via United States mail, courier or overnight service, or an
overnight drop box.
107(a)(4) Application Recipient
1. Agents. When a financial institution is reporting actions taken
by its agent consistent with comment 109(a)(3)-3, the agent is
considered the financial institution for the purposes of Sec.
1002.107(a)(4). For example, assume that an applicant submitted an
application to Financial Institution B, and Financial Institution B
made the credit decision acting as Financial Institution A's agent
under State law. Financial Institution A reports the application and
indicates that the application was submitted directly to Financial
Institution A.
107(a)(5) Credit Type
1. Reporting credit product--in general. A financial institution
complies with Sec. 1002.107(a)(5)(i) by selecting the credit product
applied for or originated, from the list below. If the credit product
applied for or originated is not included on this list, the financial
institution selects ``other,'' and reports the credit product via free-
form text field. If an applicant requested more than one credit product
at the same time, the financial institution reports each credit product
requested as a separate application. However, if the applicant only
requested a single covered credit transaction, but had not decided on
which particular product, the financial institution complies with Sec.
1002.107(a)(5)(i) by reporting the credit product originated (if
originated), or the credit product denied (if denied), or the credit
product of greater interest to the applicant, if readily determinable.
If the credit product of greater interest to the applicant is not
readily determinable, the financial institution complies with Sec.
1002.107(a)(5)(i) by reporting one of the credit products requested as
part of the request for a single covered credit transaction, in its
discretion. See comment 103(a)-5 for instructions on reporting requests
for multiple covered credit transactions at one time.
i. Term loan--unsecured.
ii. Term loan--secured.
iii. Line of credit--unsecured.
iv. Line of credit--secured.
v. Credit card account, not private-label.
vi. Private-label credit card account.
vii. Merchant cash advance.
viii. Other sales-based financing transaction.
ix. Other.
x. Not provided by applicant and otherwise undetermined.
2. Credit card account, not private-label. A financial institution
complies with Sec. 1002.107(a)(5)(i) by reporting the credit product
as a ``credit card account, not private-label'' when the product is a
business-purpose open-end credit account that is not private label and
that may be accessed from time to time by a card, plate, or other
single credit device to obtain credit, except that accounts or lines of
credit secured by real property and overdraft lines of credit accessed
by debit cards are not credit card accounts. The term credit card
account does not include debit card accounts or closed-end credit that
may be accessed by a card, plate, or single credit device. The term
credit card account does include charge card accounts that are
generally paid in full each billing period, as well as hybrid prepaid-
credit cards. A financial institution reports multiple credit card
account, not private-label applications requested at one time using the
guidance in comment 103(a)-7.
3. Private-label credit card account. A financial institution
complies with Sec. 1002.107(a)(5)(i) by reporting the credit product
as a ``private-label credit card account'' when the product is a
business-purpose open-end private-label credit account that otherwise
meets the description of a credit card account in comment 107(a)(5)-2.
A private-label credit card account is a credit card account that can
only be used to acquire goods or services provided by one business (for
example, a specific merchant, retailer, independent dealer, or
manufacturer) or a small group of related businesses. A co-branded or
other card that can also be used for purchases at unrelated businesses
is not a private-label credit card. A financial institution reports
multiple private-label credit card account applications requested at
one time in the same manner as credit card account, not private-label
applications, using the guidance in comment 103(a)-7.
4. Credit product not provided by the applicant and otherwise
undetermined. Pursuant to Sec. 1002.107(c), a financial institution is
required to maintain procedures reasonably designed to collect
applicant-provided data, which includes credit product. However, if a
financial institution is nonetheless unable to collect or otherwise
determine credit product information because the applicant does not
indicate what credit product it seeks and the application is denied,
withdrawn, or closed for incompleteness before a credit product is
identified, the financial institution reports that the credit product
is ``not provided by applicant and otherwise undetermined.''
5. Reporting credit product involving counteroffers. If a financial
institution presents a counteroffer for a different credit product than
the product the applicant had initially requested, and the applicant
does not agree to proceed with the counteroffer, the financial
institution reports the application for the original credit product as
denied pursuant to Sec. 1002.107(a)(9). If the applicant agrees to
proceed with consideration of the financial institution's counteroffer,
the financial institution reports the disposition of the application
based on the credit product that was offered and does not report the
original credit product applied for. See comment 107(a)(9)-2.
6. Other sales-based financing transaction. For an extension of
business credit incident to a factoring arrangement that is otherwise a
covered credit transaction, a financial institution selects ``other
sales-based financing transaction'' as the credit product. See comment
104(b)-1.
7. Guarantees. A financial institution complies with Sec.
1002.107(a)(5)(ii) by selecting the type or types of guarantees that
were obtained for an originated covered credit transaction, or that
would have been obtained if the covered credit transaction was
originated, from the list below. The financial institution selects, if
applicable, up to a maximum of five guarantees for a single
application. If the type of guarantee does not appear on the list, the
financial institution selects ``other'' and reports the type of
guarantee via free-form text field. If no guarantee is obtained or
would have been obtained if the covered credit transaction was
originated, the
[[Page 35547]]
financial institution selects ``no guarantee.'' If an application is
denied, withdrawn, or closed for incompleteness before any guarantee
has been identified, the financial institution selects ``no
guarantee.'' The financial institution chooses State government
guarantee or local government guarantee, as applicable, based on the
entity directly administering the program, not the source of funding.
i. Personal guarantee--owner(s).
ii. Personal guarantee--non-owner(s).
iii. SBA guarantee--7(a) program.
iv. SBA guarantee--504 program.
v. SBA guarantee--other.
vi. USDA guarantee.
vii. FHA insurance.
viii. Bureau of Indian Affairs guarantee.
ix. Other Federal guarantee.
x. State government guarantee.
xi. Local government guarantee.
xii. Other.
xiii. No guarantee.
8. Loan term. A financial institution complies with Sec.
1002.107(a)(5)(iii) by reporting the number of months in the loan term
for the covered credit transaction. The loan term is the number of
months after which the legal obligation will mature or terminate,
measured from the date of origination. For transactions involving real
property, the financial institution may instead measure the loan term
from the date of the first payment period and disregard the time that
elapses, if any, between the settlement of the transaction and the
first payment period. For example, if a loan closes on April 12, but
the first payment is not due until June 1 and includes the interest
accrued in May (but not April), the financial institution may choose
not to include the month of April in the loan term. In addition, the
financial institution may round the loan term to the nearest full month
or may count only full months and ignore partial months, as it so
chooses. If a credit product, such as a credit card, does not have a
loan term, the financial institution reports that the loan term is
``not applicable.'' The financial institution also reports that the
loan term is ``not applicable'' if the credit product is reported as
``not provided by applicant and otherwise undetermined.'' For a credit
product that generally has a loan term, the financial institution
reports ``not provided by applicant and otherwise undetermined'' if the
application is denied, withdrawn, or determined to be incomplete before
a loan term has been identified. For merchant cash advances and other
sales-based financing transactions, the financial institution complies
with Sec. 1002.107(a)(5)(iii) by reporting the loan term, if any, that
the financial institution estimated or specified in processing,
underwriting or providing disclosures for the application or
transaction. If more than one such loan term is estimated or specified,
the financial institution reports the one it considers to be most
accurate, in its discretion. For merchant cash advances and other
sales-based financing transactions that do not have a loan term, the
financial institution reports ``not provided by applicant and otherwise
undetermined.''
107(a)(6) Credit Purpose
1. General. A financial institution complies with Sec.
1002.107(a)(6) by selecting the purpose or purposes of the covered
credit transaction applied for or originated from the list below.
i. Purchase, construction/improvement, or refinance of non-owner-
occupied real property.
ii. Purchase, construction/improvement, or refinance of owner-
occupied real property.
iii. Purchase, refinance, or rehabilitation/repair of motor
vehicle(s) (including light and heavy trucks).
iv. Purchase, refinance, or rehabilitation/repair of equipment.
v. Working capital (includes inventory or floor planning).
vi. Business start-up.
vii. Business expansion.
viii. Business acquisition.
ix. Refinance existing debt (other than refinancings listed above).
x. Line increase.
xi. Overdraft.
xii. Other.
xiii. Not provided by applicant and otherwise undetermined.
xiv. Not applicable.
2. More than one purpose. If the applicant indicates or the
financial institution is otherwise aware of more than one purpose for
the credit applied for or originated, the financial institution reports
those purposes, up to a maximum of three, using the list provided, in
any order it chooses. For example, if an applicant refinances a
commercial building it owns and uses the funds to purchase a motor
vehicle and expand the business it runs in a part of that building, the
financial institution reports that the three purposes of the credit are
purchase, construction/improvement, or refinance of owner-occupied real
property; purchase, refinance, or rehabilitation/repair of motor
vehicle(s) (including light and heavy trucks); and business expansion.
If an application has more than three purposes, the financial
institution reports any three of those purposes. In the example above,
if the funds were also used to purchase equipment, the financial
institution would select only three of the relevant purposes to report.
3. ``Other'' credit purpose. If a purpose of an application does
not appear on the list of purposes provided, the financial institution
reports ``other'' as the credit purpose and reports the credit purpose
via free-form text field. If the application has more than one
``other'' purpose, the financial institution chooses the most
significant ``other'' purpose, in its discretion, and reports that
``other'' purpose. The financial institution reports a maximum of three
credit purposes, including any ``other'' purpose.
4. Credit purpose not provided by applicant and otherwise
undetermined. Pursuant to Sec. 1002.107(c), a financial institution
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes credit purpose. However, if a financial
institution is nonetheless unable to collect or determine credit
purpose information, the financial institution reports that the credit
purpose is ``not provided by applicant and otherwise undetermined.''
5. Not applicable. If the application is for a credit product that
generally has indeterminate or numerous potential purposes, such as a
credit card, the financial institution may report credit purpose as
``not applicable.''
6. Collecting credit purpose. Pursuant to Sec. 1002.107(c), a
financial institution shall maintain procedures reasonably designed to
collect applicant-provided data, including credit purpose. The
financial institution is permitted, but not required, to present the
list of credit purposes provided in comment 107(a)(6)-1 to the
applicant. The financial institution is also permitted to ask about
purposes not included on the list provided in comment 107(a)(6)-1. If
the applicant chooses a purpose or purposes not included on the
provided list, the financial institution follows the instructions in
comment 107(a)(6)-3 regarding reporting of ``other'' as the credit
purpose. If an applicant chooses a purpose or purposes that are similar
to purposes on the list provided, but uses different language, the
financial institution reports the purpose or purposes from the list
provided.
7. Owner-occupied real property. Real property is owner-occupied if
any physical portion of the property is used by the owner for any
activity, including storage.
8. Overdraft. When overdraft is provided as an aspect of the
covered credit transaction applied for or
[[Page 35548]]
originated, the financial institution reports ``Overdraft'' as a
purpose of the credit. The financial institution reports credit type
pursuant to Sec. 1002.107(a)(5)(i) as appropriate for the underlying
covered credit transaction, such as ``Line of credit--unsecured.''
Providing occasional overdraft services as part of a deposit account
offering would not be reported for the purpose of subpart B.
107(a)(7) Amount Applied For
1. Initial amount requested. A financial institution complies with
Sec. 1002.107(a)(7) by reporting the initial amount of credit or the
initial credit limit requested by the applicant. The financial
institution is not required to report credit amounts or limits
discussed before an application is made, but must capture the initial
amount requested at the application stage. If the applicant requests an
amount as a range of numbers, the financial institution reports the
midpoint of that range.
2. No amount requested. If the applicant does not request a
specific amount at the application stage, but the financial institution
underwrites the application for a specific amount, the financial
institution complies with Sec. 1002.107(a)(7) by reporting the amount
considered for underwriting as the amount applied for. If the
particular type of credit product applied for does not involve a
specific amount requested, the financial institution reports that the
requirement is ``not applicable.''
3. Firm offers. When an applicant responds to a ``firm offer'' that
specifies an amount or limit, which may occur in conjunction with a
pre-approved credit solicitation, the financial institution reports the
amount of the firm offer as the amount applied for, unless the
applicant requests a different amount. If the firm offer does not
specify an amount or limit and the applicant does not request a
specific amount, the amount applied for is the amount underwritten by
the financial institution. If the firm offer specifies an amount or
limit as a range and the applicant does not request a specific amount,
the amount applied for is the amount underwritten by the financial
institution.
4. Additional amounts on an existing account. When reporting a
covered application that seeks additional credit amounts on an existing
account, the financial institution reports only the additional credit
amount sought, and not any previous amounts extended. See comment
103(b)-3.
5. Initial amount otherwise undetermined. Pursuant to Sec.
1002.107(c), a financial institution shall maintain procedures
reasonably designed to collect applicant-provided data, which includes
the credit amount initially requested by the applicant (other than for
products that do not involve a specific amount requested). However, if
a financial institution is nonetheless unable to collect or otherwise
determine the amount initially requested, the financial institution
reports that the amount applied for is ``not provided by applicant and
otherwise undetermined.'' But see comment 107(a)(7)-2 for how to report
the credit amount initially requested by the applicant for particular
types of credit products that do not involve a specific amount
requested.
107(a)(8) Amount Approved or Originated
1. General. A financial institution complies with Sec.
1002.107(a)(8) by reporting the amount approved or originated for
credit that is originated or approved but not accepted. For
applications that the financial institution, pursuant to Sec.
1002.107(a)(9), reports as denied, withdrawn by the applicant, or
incomplete, the financial institution reports that the amount approved
or originated is ``not applicable.''
2. Multiple approval amounts. A financial institution may sometimes
approve an applicant for more than one credit amount, allowing the
applicant to choose which amount the applicant prefers for the
extension or line of credit. When multiple approval amounts are offered
for a closed-end credit transaction for which the action taken is
approved but not accepted, and the applicant does not accept the
approved offer of credit in any amount, the financial institution
reports the highest amount approved. If the applicant accepts the offer
of closed-end credit, the financial institution reports the amount
originated. When multiple approval amounts are offered for an open-end
credit transaction for which the action taken is approved but not
accepted, and the applicant does not accept the approved offer of
credit in any amount, the financial institution reports the highest
amount approved. If the applicant accepts the offer of open-end credit,
the financial institution reports the actual credit limit established.
3. Amount approved or originated--closed-end credit transaction.
For an originated closed-end credit transaction, the financial
institution reports the principal amount to be repaid. This amount will
generally be disclosed on the legal obligation.
4. Amount approved or originated--refinancing. For a refinancing,
the financial institution reports the amount of credit approved or
originated under the terms of the new debt obligation.
5. Amount approved or originated--counteroffer. If an applicant
agrees to proceed with consideration of a counteroffer for an amount or
limit different from the amount for which the applicant applied, and
the covered credit transaction is approved and originated, the
financial institution reports the amount granted. If an applicant does
not agree to proceed with consideration of a counteroffer or fails to
respond, the institution reports the application as denied and reports
``not applicable'' for the amount approved or originated. See comment
107(a)(9)-2.
6. Amount approved or originated--existing accounts. For additional
credit amounts that were approved for or originated on an existing
account, the financial institution reports only the additional credit
amount approved or originated, and not any previous amounts extended.
107(a)(9) Action Taken
1. General. A financial institution complies with Sec.
1002.107(a)(9) by selecting the action taken by the financial
institution on the application from the following list: originated,
approved but not accepted, denied, withdrawn by the applicant, or
incomplete. A financial institution identifies the applicable action
taken code based on final action taken on the covered application.
i. Originated. A financial institution reports that the application
was originated if the financial institution made a credit decision
approving the application and that credit decision resulted in an
extension of credit.
ii. Approved but not accepted. A financial institution reports that
the application was approved but not accepted if the financial
institution made a credit decision approving the application, but the
applicant or the party that initially received the application failed
to respond to the financial institution's approval within the specified
time, or the covered credit transaction was not otherwise consummated
or the account was not otherwise opened.
iii. Denied. A financial institution reports that the application
was denied if it made a credit decision denying the application before
an applicant withdrew the application, before the application was
closed for incompleteness, or before the application was denied on the
basis of incompleteness.
[[Page 35549]]
iv. Withdrawn by the applicant. A financial institution reports
that the application was withdrawn if the application was expressly
withdrawn by the applicant before the financial institution made a
credit decision approving or denying the application, before the
application was closed for incompleteness, or before the application
was denied on the basis of incompleteness.
v. Incomplete. A financial institution reports that the application
was incomplete if the financial institution took adverse action on the
basis of incompleteness under Sec. 1002.9(a)(1)(ii) and (c)(1)(i) or
provided a written notice of incompleteness under Sec.
1002.9(c)(1)(ii) and (2), and the applicant did not respond to the
request for additional information within the period of time specified
in the notice.
2. Treatment of counteroffers. If a financial institution makes a
counteroffer to grant credit on terms other than those originally
requested by the applicant (for example, for a shorter loan maturity,
with a different interest rate, or in a different amount) and the
applicant declines the counteroffer or fails to respond, the
institution reports the action taken as a denial on the original terms
requested by the applicant. If the applicant agrees to proceed with
consideration of the financial institution's counteroffer, the
financial institution reports the action taken as the disposition of
the application based on the terms of the counteroffer. For example,
assume an applicant applies for a term loan and the financial
institution makes a counteroffer to proceed with consideration of a
line of credit. If the applicant declines to be considered for a line
of credit, the financial institution reports the application as a
denied request for a term loan. If, on the other hand, the applicant
agrees to be considered for a line of credit, then the financial
institution reports the action taken as the disposition of the
application for the line of credit. For instance, using the same
example, if the financial institution makes a credit decision approving
the line of credit, but the applicant fails to respond to the financial
institution's approval within the specified time by accepting the
credit offer, the financial institution reports the application on the
line of credit as approved but not accepted.
3. Treatment of rescinded transactions. If a borrower successfully
rescinds a transaction after closing but before a financial institution
is required to submit its small business lending application register
containing the information for the application under Sec. 1002.109,
the institution reports the application as approved but not accepted.
4. Treatment of pending applications. A financial institution does
not report any application still pending at the end of the calendar
year; it reports such applications on its small business lending
application register for the year in which final action is taken.
5. Treatment of conditional approvals. If a financial institution
issues an approval that is subject to the applicant meeting certain
conditions prior to closing, the financial institution reports the
action taken as provided below dependent on whether the conditions are
solely customary commitment or closing conditions or if the conditions
include any underwriting or creditworthiness conditions. Customary
commitment or closing conditions may include, for example, a clear-
title requirement, proof of insurance policies, or a subordination
agreement from another lienholder. Underwriting or creditworthiness
conditions may include, for example, conditions that constitute a
counteroffer (such as a demand for a higher down-payment), satisfactory
loan-to-value ratios, or verification or confirmation, in whatever form
the institution requires, that the applicant meets underwriting
conditions concerning applicant creditworthiness, including
documentation or verification of revenue, income or assets.
i. Conditional approval--denial. If the approval is conditioned on
satisfying underwriting or creditworthiness conditions, those
conditions are not met, and the financial institution takes adverse
action on some basis other than incompleteness, the financial
institution reports the action taken as denied.
ii. Conditional approval--incompleteness. If the approval is
conditioned on satisfying underwriting or creditworthiness conditions
that the financial institution needs to make the credit decision, and
the financial institution takes adverse action on the basis of
incompleteness under Sec. 1002.9(a)(1)(ii) and (c)(1)(i), or has sent
a written notice of incompleteness under Sec. 1002.9(c)(1)(ii) and
(2), and the applicant did not respond within the period of time
specified in the notice, the financial institution reports the action
taken as incomplete.
iii. Conditional approval--approved but not accepted. If the
approval is conditioned on satisfying conditions that are solely
customary commitment or closing conditions and the conditions are not
met, the financial institution reports the action taken as approved but
not accepted. If all the conditions (underwriting, creditworthiness, or
customary commitment or closing conditions) are satisfied and the
financial institution agrees to extend credit but the covered credit
transaction is not originated (for example, because the applicant
withdraws), the financial institution reports the action taken as
approved but not accepted.
iv. Conditional approval--withdrawn by the applicant. If the
applicant expressly withdraws before satisfying all underwriting or
creditworthiness conditions and before the institution denies the
application or before the institution closes the file for
incompleteness, the financial institution reports the action taken as
withdrawn.
107(a)(10) Action Taken Date
1. Reporting action taken date for denied applications. For
applications that are denied, a financial institution reports either
the date the application was denied or the date the denial notice was
sent to the applicant.
2. Reporting action taken date for applications withdrawn by
applicant. For applications that are withdrawn by the applicant, the
financial institution reports the date the express withdrawal was
received, or the date shown on the notification form in the case of a
written withdrawal.
3. Reporting action taken date for applications that are approved
but not accepted. For applications approved by a financial institution
but not accepted by the applicant, the financial institution reports
any reasonable date, such as the approval date, the deadline for
accepting the offer, or the date the file was closed. A financial
institution should generally be consistent in its approach to reporting
by, for example, establishing procedures for how to report this date
for particular scenarios, products, or divisions.
4. Reporting action taken date for originated applications. For
applications that result in an extension of credit, a financial
institution generally reports the closing or account opening date. If
the disbursement of funds takes place on a date later than the closing
or account opening date, the institution may, alternatively, use the
date of initial disbursement. A financial institution should generally
be consistent in its approach to reporting by, for example,
establishing procedures for how to report this date for particular
scenarios, products, or divisions.
5. Reporting action taken date for incomplete applications. For
applications closed for incompleteness or denied for incompleteness,
the financial institution reports either the date the action was taken
or the date the
[[Page 35550]]
denial or incompleteness notice was sent to the applicant.
107(a)(11) Denial Reasons
1. Reason for denial--in general. A financial institution complies
with Sec. 1002.107(a)(11) by reporting the principal reason or reasons
it denied the application, indicating up to four reasons. The financial
institution reports only the principal reason or reasons it denied the
application. For example, if a financial institution denies an
application due to insufficient cashflow, unacceptable collateral, and
unverifiable business information, the financial institution is
required to report these three reasons. The reasons reported must
accurately describe the principal reason or reasons the financial
institution denied the application. A financial institution reports
denial reasons by selecting its principal reason or reasons for denying
the application from the following list:
i. Credit characteristics of the business. A financial institution
reports the denial reason as ``credit characteristics of the business''
if it denies the application based on an assessment of the business's
ability to meet its current or future credit obligations. Examples
include business credit score, history of business bankruptcy or
delinquency, and/or a high number of recent business credit inquiries.
ii. Credit characteristics of the principal owner(s) or
guarantor(s). A financial institution reports the denial reason as
``credit characteristics of the principal owner(s) or guarantor(s)'' if
it denies the application based on an assessment of the principal
owner(s) or guarantor(s)'s ability to meet its current or future credit
obligations. Examples include principal owner(s) or guarantor(s)'s
credit score, history of charge offs, bankruptcy or delinquency, low
net worth, limited or insufficient credit history, or history of
excessive overdraft.
iii. Use of credit proceeds. A financial institution reports the
denial reason as ``use of credit proceeds'' if it denies an application
because, as a matter of policy or practice, it places limits on lending
to certain kinds of businesses, products, or activities it has
identified as high risk.
iv. Cashflow. A financial institution reports the denial reason as
``cashflow'' when it denies an application due to insufficient or
inconsistent cashflow.
v. Collateral. A financial institution reports the denial reason as
``collateral'' when it denies an application due to collateral that it
deems insufficient or otherwise unacceptable.
vi. Time in business. A financial institution reports the denial
reason as ``time in business'' when it denies an application due to
insufficient time or experience in a line of business.
vii. Government loan program criteria. Certain loan programs are
backed by government agencies that have specific eligibility
requirements. When those requirements are not met by an applicant, and
the financial institution denies the application, the financial
institution reports the denial reason as ``government loan program
criteria.'' For example, if an applicant cannot meet a government-
guaranteed loan program's requirement to provide a guarantor or proof
of insurance, the financial institution reports the reason for the
denial as ``government loan program criteria.''
viii. Aggregate exposure. Aggregate exposure is a measure of the
total exposure or level of indebtedness of the business and its
principal owner(s) associated with an application. A financial
institution reports the denial reason as ``aggregate exposure'' where
the total debt associated with the application is deemed high or
exceeds certain debt thresholds set by the financial institution. For
example, if an application for unsecured credit exceeds the maximum
amount a financial institution is permitted to approve per applicant,
as stated in its credit guidelines, and the financial institution
denies the application for this reason, the financial institution
reports the reason for denial as ``aggregate exposure.''
ix. Unverifiable information. A financial institution reports the
denial reason as ``unverifiable information'' when it is unable to
verify information provided as part of the application, and denies the
application for that reason. The unverifiable information must be
necessary for the financial institution to make a credit decision based
on its procedures for the type of credit requested. Examples include
unverifiable assets or collateral, unavailable business credit report,
and unverifiable business ownership composition.
x. Other. A financial institution reports the denial reason as
``other'' where none of the enumerated denial reasons adequately
describe the principal reason or reasons it denied the application, and
the institution reports the denial reason or reasons via free-form text
field.
2. Reason for denial--not applicable. A financial institution
complies with Sec. 1002.107(a)(11) by reporting that the requirement
is not applicable if the action taken on the application, pursuant to
Sec. 1002.107(a)(9), is not a denial. For example, if the application
resulted in an originated covered credit transaction, or the
application was approved but not accepted, the financial institution
complies with Sec. 1002.107(a)(11) by reporting not applicable.
107(a)(12) Pricing Information
1. General. For applications that a financial institution, pursuant
to Sec. 1002.107(a)(9), reports as denied, withdrawn by the applicant,
or incomplete, the financial institution reports that pricing
information is ``not applicable.''
107(a)(12)(i) Interest Rate
1. General. A financial institution complies with Sec.
1002.107(a)(12)(i) by reporting the interest rate applicable to the
amount of credit approved or originated as reported pursuant to Sec.
1002.107(a)(8).
2. Interest rate--initial period. If a covered credit transaction
includes an initial period with an introductory interest rate of 12
months or less, after which the interest rate adjusts upwards or shifts
from a fixed to variable rate, a financial institution complies with
Sec. 1002.107(a)(12)(i) by reporting information about the interest
rate applicable after the initial period. If a covered transaction
includes an initial period with an interest rate of more than 12 months
after which the interest rate resets, a financial institution complies
with Sec. 1002.107(a)(12)(i) by reporting information about the
interest rate applicable prior to the reset period. For example, if a
financial institution originates a covered credit transaction with a
fixed, initial interest rate of 0 percent for six months following
origination, after which the interest rate will adjust according to a
Prime index rate plus a 3 percent margin, the financial institution
reports the 3 percent margin, Prime as the name of the index used to
adjust the interest rate, the number 6 for the length of the initial
period, and ``not applicable'' for the index value. As another example,
in a 10/1 adjustable-rate mortgage transaction, where the first 10
years of the repayment period has a fixed rate of 3 percent and after
year 10 the interest rate will adjust according to a Prime index rate
plus a 3 percent margin, a financial institution complies with Sec.
1002.107(a)(12)(i) by reporting the fixed rate of 3 percent, the number
120 for the initial period, and ``not applicable'' in the fields for
the index, margin, and index value.
3. Multiple interest rates. If a covered credit transaction
includes multiple
[[Page 35551]]
interest rates applicable to different credit features, a financial
institution complies with Sec. 1002.107(a)(12)(i) by reporting the
interest rate applicable to the amount of credit approved or originated
reported pursuant to Sec. 1002.107(a)(8). For example, if a financial
institution originates a credit card with different interest rates for
purchases, balance transfers, cash advances, and overdraft advances,
the financial institution reports the interest rate applicable for
purchases.
4. Index names. A financial institution complies with Sec.
1002.107(a)(12)(i) by selecting the index used from the following list:
Wall Street Journal Prime, 6-month CD rate, 1-year T-Bill, 3-year T-
Bill, 5-year T-Note, 12-month average of 10-year T-Bill, Cost of Funds
Index (COFI)-National, Cost of Funds Index (COFI)-11th District,
Constant Maturity Treasury (CMT). If the index used is internal to the
financial institution, the financial institution reports ``internal
index'' via the list of indices provided. If the index used does not
appear on the list of indices provided (and is not internal to the
financial institution), the financial institution reports ``other'' and
reports the name of the index via free-form text field.
5. Index value. For covered transactions with an adjustable
interest rate, a financial institution complies with Sec.
1002.107(a)(12)(i)(B) by reporting the index value used to set the rate
that is or would be applicable to the covered transaction.
107(a)(12)(ii) Total Origination Charges
1. Charges in comparable cash transactions. Charges imposed
uniformly in cash and credit transactions are not reportable under
Sec. 1002.107(a)(12)(ii). In determining whether an item is part of
the total origination charges, a financial institution should compare
the covered credit transaction in question with a similar cash
transaction. A financial institution financing the sale of property or
services may compare charges with those payable in a similar cash
transaction by the seller of the property or service.
2. Charges by third parties. A financial institution includes fees
and amounts charged by someone other than the financial institution in
the total charges reported if the financial institution:
i. Requires the use of a third party as a condition of or an
incident to the extension of credit, even if the applicant can choose
the third party; or
ii. Retains a portion of the third-party charge, to the extent of
the portion retained.
3. Special rule; broker fees. A financial institution complies with
Sec. 1002.107(a)(12)(ii) by including fees charged by a broker
(including fees paid by the applicant directly to the broker or to the
financial institution for delivery to the broker) in the total
origination charges reported even if the financial institution does not
require the applicant to use a broker and even if the financial
institution does not retain any portion of the charge. For more
information on broker fees, see commentary for Sec.
1002.107(a)(12)(iii).
4. Bundled services. Total origination charges include all charges
imposed directly or indirectly by the financial institution at or
before origination as an incident to or a condition of the extension of
credit. Accordingly, a financial institution complies with Sec.
1002.107(a)(12)(ii) by including charges for other products or services
paid at or before origination in the total origination charges reported
if the financial institution requires the purchase of such other
product or service as a condition of or an incident to the extension of
credit.
5. Origination charges--examples. Examples of origination charges
may include application fees, credit report fees, points, appraisal
fees, and other similar charges.
6. Net lender credit. If a financial institution provides a credit
to an applicant that is greater than the total origination charges the
applicant would have paid, the financial institution complies with
Sec. 1002.107(a)(12)(ii) by reporting the net lender credit as a
negative amount. For example, if a covered transaction has $500
provided to the applicant at origination to offset closing costs, and
the financial institution does not charge any origination charges, the
financial institution complies with Sec. 1002.107(a)(12)(ii) by
reporting negative $500 as the total origination charges.
107(a)(12)(iii) Broker Fees
1. Amount. A financial institution complies with Sec.
1002.107(a)(12)(iii) by including the fees reported in Sec.
1002.107(a)(12)(ii) that are fees paid by the applicant directly to the
broker or to the financial institution for delivery to the broker. For
example, a covered transaction has $3,000 of total origination charges.
Of that $3,000, $250 are fees paid by the applicant directly to a
broker and an additional $300 are fees paid to the financial
institution for delivery to the broker. The financial institution
complies with Sec. 1002.107(a)(12)(iii) by reporting $550 in the
broker fees reported.
2. Fees paid directly to a broker by an applicant. A financial
institution complies with Sec. 1002.107(a)(12)(iii) by relying on the
best information readily available to the financial institution at the
time final action is taken. Information readily available could
include, for example, information provided by an applicant or broker
that the financial institution reasonably believes regarding the amount
of fees paid by the applicant directly to the broker.
107(a)(12)(iv) Initial Annual Charges
1. Charges during the initial annual period. The total initial
annual charges include all charges scheduled to be imposed during the
initial annual period following origination. For example, if a
financial institution originates a covered credit transaction with a
$50 monthly fee and a $100 annual fee, the financial institution
complies with Sec. 1002.107(a)(12)(iv) by reporting $700 in the
initial annual charges reported. If there will be a charge in the
initial annual period following origination but the amount of that
charge is uncertain at the time of origination, a financial institution
complies with Sec. 1002.107(a)(12)(iv) by not reporting that charge as
scheduled to be imposed during the initial annual period following
origination.
2. Interest excluded. A financial institution complies with Sec.
1002.107(a)(12)(iv) by excluding any interest expense from the initial
annual charges reported.
3. Avoidable charges. A financial institution complies with Sec.
1002.107(a)(12)(iv) by only including scheduled charges and excluding
any charges for events that are avoidable by the applicant from the
initial annual charges reported. Examples of avoidable charges include
charges for late payment, for exceeding a credit limit, for delinquency
or default, or for paying items that overdraw an account.
4. Initial annual charges--examples. Examples of charges scheduled
to be imposed during the initial annual period may include monthly
fees, annual fees, and other similar charges.
5. Scheduled charges with variable amounts. A financial institution
complies with Sec. 1002.107(a)(12)(iv) by reporting as the default the
highest amount for a charge scheduled to be imposed. For example, if a
covered credit transaction has a $75 monthly fee, but the fee is
reduced to $0 if the applicant maintains an account at the financial
institution originating the
[[Page 35552]]
covered credit transaction, the financial institution complies with
Sec. 1002.107(a)(12)(iv) by reporting $900 ($75 x 12) in the initial
annual charges reported.
6. Transactions with a term of less than one year. For a
transaction with a term of less than one year, a financial institution
complies with Sec. 1002.107(a)(12)(iv) by reporting all charges
scheduled to be imposed during the term of the transaction.
107(a)(12)(v) Additional Cost for Merchant Cash Advances or Other
Sales-Based Financing
1. Merchant cash advances. Section 1002.107(a)(12)(v) requires a
financial institution to report the difference between the amount
advanced and the amount to be repaid for a merchant cash advance or
other sales-based financing transaction. Thus, in a merchant cash
advance, a financial institution reports the difference between the
amount advanced and the amount to be repaid, using the amounts
(expressed in dollars) provided in the contract between the financial
institution and the applicant.
107(a)(12)(vi) Prepayment Penalties
1. Policies and procedures applicable to the covered credit
transaction. The policies and procedures applicable to the covered
credit transaction include the practices that the financial institution
follows when evaluating applications for the specific credit type and
credit purpose requested. For example, assume that a financial
institution's written procedures permit it to include prepayment
penalties in the loan agreement for its term loans secured by non-owner
occupied commercial real estate. For such transactions, the financial
institution includes prepayment penalties in some loan agreements but
not others. For an application for, or origination of, a term loan
secured by non-owner occupied commercial real estate, the financial
institution reports under Sec. 1002.107(a)(12)(vi)(A) that a
prepayment penalty could have been included under the policies and
procedures applicable to the transaction, regardless of whether the
term loan secured by non-owner occupied commercial real estate actually
includes a prepayment penalty.
2. Balloon finance charges. A financial institution complies with
Sec. 1002.107(a)(12)(vi) by reporting as a prepayment penalty any
balloon finance charge that may be imposed for paying all or part of
the transaction's principal before the date on which the principal is
due. For example, under the terms of a transaction, the amount of funds
advanced is $12,000, the amount to be repaid is $24,000 (which includes
$12,000 in principal and $12,000 in interest and fees), the length of
the transaction is 12 months, and the applicant must repay $2,000 per
month. The terms of the transaction state that if the applicant prepays
the principal before the 12-month period is over, the applicant is
responsible for paying the difference between $24,000 and the amount
the applicant has already repaid prior to initiating prepayment. The
difference between the $24,000 to be repaid and what the applicant has
already repaid prior to initiating prepayment is a balloon finance
charge and should be reported as a prepayment penalty.
107(a)(13) Census Tract
1. General. A financial institution complies with Sec.
1002.107(a)(13) by reporting a census tract number as defined by the
U.S. Census Bureau, which includes State and county numerical codes. A
financial institution complies with Sec. 1002.107(a)(13) if it uses
the boundaries and codes in effect on January 1 of the calendar year
covered by the small business lending application register that it is
reporting. The financial institution reports census tract based on the
following:
i. Proceeds address. A financial institution complies with Sec.
1002.107(a)(13) by reporting a census tract based on the address or
location where the proceeds of the credit applied for or originated
will be or would have been principally applied, if known. For example,
a financial institution would report a census tract based on the
address or location of the site where the proceeds of a construction
loan will be applied.
ii. Main office or headquarters address. If the address or location
where the proceeds of the credit applied for or originated will be or
would have been principally applied is unknown, a financial institution
complies with Sec. 1002.107(a)(13) by reporting a census tract number
based on the address or location of the main office or headquarters of
the applicant, if known. For example, the address or location of the
main office or headquarters of the applicant may be the home address of
a sole proprietor or the office address of a sole proprietor or other
applicant.
iii. Another address or location. If neither the address or
location where the proceeds of the credit applied for or originated
will be or would have been principally applied nor the address or
location of the main office or headquarters of the applicant are known,
a financial institution complies with Sec. 1002.107(a)(13) by
reporting a census tract number based on another address or location
associated with the applicant.
iv. Type of address used. In addition to reporting the census
tract, pursuant to Sec. 1002.107(a)(13)(iv) a financial institution
must report which one of the three types of addresses or locations
listed in Sec. 1002.107(a)(13)(i) through (iii) and described in
comments 107(a)(13)-1.i through iii that the census tract is determined
from.
2. Financial institution discretion. A financial institution
complies with Sec. 1002.107(a)(13) by identifying the appropriate
address or location and the type of that address or location in good
faith, using appropriate information from the applicant's credit file
or otherwise known by the financial institution. A financial
institution is not required to make inquiries beyond its standard
procedures as to the nature of the addresses or locations it collects.
3. Address or location not provided by applicant and otherwise
undetermined. Pursuant to Sec. 1002.107(c), a financial institution
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes at least one address or location for an
applicant for census tract reporting. However, if a financial
institution is nonetheless unable to collect or otherwise determine any
address or location for an application, the financial institution
reports that the census tract information is ``not provided by
applicant and otherwise undetermined.''
4. Safe harbor. As described in Sec. 1002.112(c)(2) and comment
112(c)-1, a financial institution that obtains an incorrect census
tract by correctly using a geocoding tool provided by the FFIEC or the
Bureau does not violate the Act or subpart B of this part.
107(a)(14) Gross Annual Revenue
1. Collecting gross annual revenue. A financial institution reports
the applicant's gross annual revenue, expressed in dollars, for its
fiscal year preceding when the information was collected. A financial
institution may rely on the applicant's statements or on information
provided by the applicant in collecting and reporting gross annual
revenue, even if the applicant's statement or information is based on
estimation or extrapolation. However, pursuant to Sec. 1002.107(b), if
the financial institution verifies the gross annual revenue provided by
the applicant, it must report the verified information. Also, pursuant
to comment 107(c)(1)-5, a financial institution reports updated gross
annual revenue
[[Page 35553]]
data if it obtains more current data from the applicant during the
application process. If a financial institution has already verified
gross annual revenue data and then the applicant updates it, the
financial institution reports the information it believes to be more
accurate, in its discretion. The financial institution may use the
following language to ask about gross annual revenue and may rely on
the applicant's answer (unless subsequently verified or updated):
What was the gross annual revenue of the business applying for
credit in its last full fiscal year? Gross annual revenue is the amount
of money the business earned before subtracting taxes and other
expenses. You may provide gross annual revenue calculated using any
reasonable method.
2. Gross annual revenue not provided by applicant and otherwise
undetermined. Pursuant to Sec. 1002.107(c), a financial institution
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes the gross annual revenue of the
applicant. However, if a financial institution is nonetheless unable to
collect or determine the gross annual revenue of the applicant, the
financial institution reports that the gross annual revenue is ``not
provided by applicant and otherwise undetermined.''
3. Affiliate revenue. A financial institution is permitted, but not
required, to report the gross annual revenue for the applicant that
includes the revenue of affiliates as well. Likewise, as explained in
comment 106(b)(1)-3, in determining whether the applicant is a small
business under Sec. 1002.106(b), a financial institution may rely on
an applicant's representations regarding gross annual revenue, which
may or may not include affiliates' revenue.
4. Gross annual revenue for a startup business. In a typical
startup business situation where the applicant has no gross annual
revenue for its fiscal year preceding when the information is
collected, the financial institution reports that the applicant's gross
annual revenue in the preceding fiscal year is ``zero.'' The financial
institution shall not report pro forma projected revenue figures
because these figures do not reflect actual gross revenue.
107(a)(15) NAICS Code
1. General. NAICS stands for North American Industry Classification
System. The Office of Management and Budget has charged the Economic
Classification Policy Committee with the maintenance and review of
NAICS. A financial institution complies with Sec. 1002.107(a)(15) if
it uses the 3-digit NAICS subsector codes in effect on January 1 of the
calendar year covered by the small business lending application
register that it is reporting.
2. NAICS not provided by applicant and otherwise undetermined.
Pursuant to Sec. 1002.107(c), a financial institution shall maintain
procedures reasonably designed to collect applicant-provided data,
which includes NAICS code. However, if a financial institution is
nonetheless unable to collect or otherwise determine a NAICS code for
the applicant, the financial institution reports that the NAICS code is
``not provided by applicant and otherwise undetermined.''
3. Safe harbor. As described in Sec. 1002.112(c)(3) and comment
112(c)-2, a financial institution that obtains an incorrect NAICS code
does not violate the Act or subpart B of this part if it either relies
on an applicant's representations or on an appropriate third-party
source, in accordance with Sec. 1002.107(b), regarding the NAICS code,
or identifies the NAICS code itself, provided that the financial
institution maintains procedures reasonably adapted to correctly
identify a 3-digit NAICS code.
107(a)(16) Number of Workers
1. General. A financial institution complies with Sec.
1002.107(a)(16) by reporting the number of people who work for the
applicant, using the ranges prescribed in the Filing Instructions
Guide.
2. Collecting number of workers. A financial institution may
collect number of workers from an applicant using the ranges for
reporting as specified by the Bureau (see comment 107(a)(16)-1) or as a
numerical value. When asking for the number of workers from an
applicant, a financial institution shall explain that full-time, part-
time and seasonal employees, as well as contractors who work primarily
for the applicant, would be counted as workers, but principal owners of
the applicant would not. If asked, the financial institution shall
explain that volunteers are not counted as workers, and workers for
affiliates of the applicant are counted if the financial institution
were also collecting the affiliates' gross annual revenue. The
financial institution may use the following language to ask about the
number of workers and may rely on the applicant's answer (unless
subsequently verified or updated):
Counting full-time, part-time and seasonal workers, as well as
contractors who work primarily for the business applying for credit,
but not counting principal owners of the business, how many people work
for the business applying for credit?
3. Number of workers not provided by applicant and otherwise
undetermined. Pursuant to Sec. 1002.107(c), a financial institution
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes the number of workers of the applicant.
However, if a financial institution is nonetheless unable to collect or
determine the number of workers of the applicant, the financial
institution reports that the number of workers is ``not provided by
applicant and otherwise undetermined.''
107(a)(17) Time in Business
1. Collecting time in business. A financial institution complies
with Sec. 1002.107(a)(17) by reporting the time the applicant has been
in business.
i. If a financial institution collects or otherwise obtains the
number of years an applicant has been in business as part of its
procedures for evaluating an application for credit, it reports the
time in business in whole years, rounded down to the nearest whole
year.
ii. If a financial institution does not collect time in business as
described in comment 107(a)(17)-1.i, but as part of its procedures
determines whether or not the applicant's time in business is less than
two years, it reports the applicant's time in business as either less
than two years or two or more years in business.
iii. If a financial institution does not collect time in business
as part of its procedures for evaluating an application for credit as
described in comments 107(a)(17)-1.i or .ii, the financial institution
complies with Sec. 1002.107(a)(17) by asking the applicant whether it
has been in existence for less than two years or two or more years and
reporting the information provided by the applicant accordingly.
2. Time in business collected as part of the financial
institution's procedures for evaluating an application for credit. A
financial institution that collects or obtains an applicant's time in
business as part of its procedures for evaluating an application for
credit is not required to collect or obtain time in business pursuant
to any particular definition of time in business for this purpose. For
example, if the financial institution collects the number of years the
applicant has existed (such as by asking the applicant when its
business was started, or by obtaining the applicant's date of
incorporation from a Secretary of State or other State or Federal
agency that registers or licenses businesses) as
[[Page 35554]]
the time in business, the financial institution reports that
information accordingly pursuant to comment 107(a)(17)-1.i. Similarly,
if the financial institution collects the number of years of experience
the applicant's owners have in the current line of business, the
financial institution reports that information accordingly pursuant to
comment 107(a)(17)-1.i. If, however, the financial institution collects
both the number of years the applicant has existed as well as some
other measure of time in business (such as the number of years of
experience the applicant's owners have in the current line of
business), the financial institution reports the number of years the
applicant has existed as the time in business pursuant to comment
107(a)(17)-1.i.
3. Time in business not provided by applicant and otherwise
undetermined. Pursuant to Sec. 1002.107(c), a financial institution
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes the applicant's time in business.
However, if a financial institution is nonetheless unable to collect or
determine the applicant's time in business, the financial institution
reports that the time in business is ``not provided by applicant and
otherwise undetermined.''
107(a)(18) Minority-Owned, Women-Owned, and LGBTQI+-Owned Business
Statuses
1. General. A financial institution must ask an applicant whether
it is a minority-owned, women-owned, and/or LGBTQI+-owned business. The
financial institution must permit an applicant to refuse (i.e.,
decline) to answer the financial institution's inquiry regarding
business status and must inform the applicant that the applicant is not
required to provide the information. See the sample data collection
form in appendix E to this part for sample language for providing this
notice to applicants. The financial institution must report the
applicant's substantive response regarding each business status, that
the applicant declined to answer the inquiry (that is, selected an
answer option of ``I do not wish to provide this information'' or
similar), or its failure to respond to the inquiry (that is, ``not
provided by applicant''), as applicable.
2. Definitions. When inquiring about minority-owned, women-owned,
and LGBTQI+-owned business statuses (regardless of whether the request
is made on a paper form, electronically, or orally), the financial
institution also must provide the applicant with definitions of the
terms ``minority-owned business,'' ``women-owned business,'' and
``LGBTQI+-owned business'' as set forth in Sec. 1002.102 (m), (s) and
(l), respectively. The financial institution satisfies this requirement
if it provides the definitions as set forth in the sample data
collection form in appendix E.
3. Combining questions. A financial institution may combine on the
same paper or electronic data collection form the questions regarding
minority-owned, women-owned, and LGBTQI+-owned business status pursuant
to Sec. 1002.107(a)(18) with principal owners' ethnicity, race, and
sex pursuant to Sec. 1002.107(a)(19) and the applicant's number of
principal owners pursuant to Sec. 1002.107(a)(20). See the sample data
collection form in appendix E.
4. Notices. When requesting minority-owned, women-owned, and
LGBTQI+-owned business statuses from an applicant, a financial
institution must inform the applicant that the financial institution
cannot discriminate on the basis of the applicant's minority-owned,
women-owned, or LGBTQI+-owned business statuses, or on whether the
applicant provides its minority-owned, women-owned, or LGBTQI+-owned
business statuses. A financial institution must also inform the
applicant that Federal law requires it to ask for an applicant's
minority-owned, women-owned, and LGBTQI+-owned business statuses to
help ensure that all small business applicants for credit are treated
fairly and that communities' small business credit needs are being
fulfilled. A financial institution may combine these notices regarding
minority-owned, women-owned, and LGBTQI+-owned business statuses with
the notices that a financial institution is required to provide when
requesting principal owners' ethnicity, race, and sex if a financial
institution requests information pursuant to Sec. 1002.107(a)(18) and
(19) in the same data collection form or at the same time. See the
sample data collection form in appendix E for sample language that a
financial institution may use for these notices.
5. Maintaining the record of an applicant's response regarding
minority-owned, women-owned, and LGBTQI+-owned business statuses
separate from the application. A financial institution must maintain
the record of an applicant's responses to the financial institution's
inquiry pursuant to Sec. 1002.107(a)(18) separate from the application
and accompanying information. See Sec. 1002.111(b) and comment 111(b)-
1. If the financial institution provides a paper or electronic data
collection form, the data collection form must not be part of the
application form or any other document that the financial institution
uses to provide or collect any information other than minority-owned
business status, women-owned business status, LGBTQI+-owned business
status, principal owners' ethnicity, race, and sex, and the number of
the applicant's principal owners. See the sample data collection form
in appendix E. For example, if the financial institution sends the data
collection form via email, the data collection form should be a
separate attachment to the email or accessed through a separate link in
the email. If the financial institution uses a web-based data
collection form, the form should be on its own page.
6. Minority-owned, women-owned, and/or LGBTQI+-owned business
statuses not provided by applicant. Pursuant to Sec. 1002.107(c), a
financial institution shall maintain procedures reasonably designed to
collect applicant-provided data, which includes the applicant's
minority-owned, women-owned, and LGBTQI+-owned business statuses.
However, if a financial institution does not receive a response to the
financial institution's inquiry pursuant to Sec. 1002.107(a)(18), the
financial institution reports that the applicant's business statuses
were ``not provided by applicant.''
7. Applicant declines to provide information about minority-owned,
women-owned, and/or LGBTQI+-owned business statuses. A financial
institution reports that the applicant responded that it did not wish
to provide the information about an applicant's minority-owned, women-
owned, and LGBTQI+-owned business statuses, if the applicant declines
to provide the information by selecting such a response option on a
paper or electronic form (e.g., by selecting an answer option of ``I do
not wish to provide this information'' or similar). The financial
institution also reports an applicant's refusal to provide such
information in this way, if the applicant orally declines to provide
such information for a covered application taken by telephone or
another medium that does not involve providing any paper or electronic
documents.
8. Conflicting responses provided by applicants. If the applicant
both provides a substantive response to the financial institution's
inquiry regarding business status (that is, indicates that it is a
minority-owned, women-owned, and/or LGBTQI+-owned business, or checks
``none apply'' or similar) and also checks the box indicating ``I do
not wish to provide this information'' or
[[Page 35555]]
similar, the financial institution reports the substantive response(s)
provided by the applicant (rather than reporting that the applicant
declined to provide the information).
9. No verification of business statuses. Notwithstanding Sec.
1002.107(b), a financial institution must report the applicant's
substantive response(s), that the applicant declined to answer the
inquiry (that is, selected an answer option of ``I do not wish to
provide this information'' or similar), or the applicant's failure to
respond to the inquiry (that is, that the information was ``not
provided by applicant'') pursuant to Sec. 1002.107(a)(18), even if the
financial institution verifies or otherwise obtains an applicant's
minority-owned, women-owned, and/or LGBTQI+-owned business statuses for
other purposes. For example, if a financial institution uses a paper
data collection form to ask an applicant if it is a minority-owned
business, a women-owned business, and/or an LGBTQI+-owned business and
the applicant does not indicate that it is a minority-owned business,
the financial institution must not report that the applicant is a
minority-owned business, even if the applicant indicates that it is a
minority-owned business for other purposes, such as for a special
purpose credit program or a Small Business Administration program.
107(a)(19) Ethnicity, Race, and Sex of Principal Owners
1. General. A financial institution must ask an applicant to
provide its principal owners' ethnicity, race, and sex. The financial
institution must permit an applicant to refuse (i.e., decline) to
answer the financial institution's inquiry and must inform the
applicant that it is not required to provide the information. See the
sample data collection form in appendix E to this part for sample
language for providing this notice to applicants. The financial
institution must report the applicant's substantive responses regarding
principal owners' ethnicity, race, and sex, that the applicant declined
to answer an inquiry (that is, selected an answer option of ``I do not
wish to provide this information'' or similar), or its failure to
respond to an inquiry (that is, ``not provided by applicant''), as
applicable. The financial institution must report an applicant's
responses about its principal owners' ethnicity, race, and sex,
regardless of whether an applicant declines or fails to answer an
inquiry about the number of its principal owners under Sec.
1002.107(a)(20). If an applicant provides some, but not all, of the
requested information about the ethnicity, race, and sex of a principal
owner, the financial institution reports the information that was
provided by the applicant and reports that the applicant declined to
provide or did not provide (as applicable) the remainder of the
information. See comments 107(a)(19)-6 and -7.
2. Definition of principal owner. When requesting a principal
owner's ethnicity, race, and sex, the financial institution must also
provide the applicant with the definition of the term ``principal
owner'' as set forth in Sec. 1002.102(o). The financial institution
satisfies this requirement if it provides the definition of principal
owner as set forth in the sample data collection form in appendix E.
3. Combining questions. A financial institution may combine on the
same paper or electronic data collection form the questions regarding
the principal owners' ethnicity, race, and sex pursuant to Sec.
1002.107(a)(19) with the applicant's number of principal owners
pursuant to Sec. 1002.107(a)(20) and the applicant's minority-owned,
women-owned, and LGBTQI+-owned business statuses pursuant to Sec.
1002.107(a)(18). See the sample data collection form in appendix E.
4. Notices. When requesting a principal owner's ethnicity, race,
and sex from an applicant, a financial institution must inform the
applicant that the financial institution cannot discriminate on the
basis of a principal owner's ethnicity, race, or sex/gender, or on
whether the applicant provides the information. A financial institution
must also inform the applicant that Federal law requires it to ask for
the principal owners' ethnicity, race, and sex/gender to help ensure
that all small business applicants for credit are treated fairly and
that communities' small business credit needs are being fulfilled. A
financial institution may combine these notices with the similar
notices that a financial institution is required to provide when
requesting minority-owned business status, women-owned business status,
and LGBTQI+-owned business status, if a financial institution requests
information pursuant to Sec. 1002.107(a)(18) and (19) in the same data
collection form or at the same time. See the sample data collection
form in appendix E for sample language that a financial institution may
use for these notices.
5. Maintaining the record of an applicant's responses regarding
principal owners' ethnicity, race, and sex separate from the
application. A financial institution must maintain the record of an
applicant's response to the financial institution's inquiries pursuant
to Sec. 1002.107(a)(19) separate from the application and accompanying
information. See Sec. 1002.111(b) and comment 111(b)-1. If the
financial institution provides a paper or electronic data collection
form, the data collection form must not be part of the application form
or any other document that the financial institution uses to provide or
collect any information other than minority-owned business status,
women-owned business status, LGBTQI+-owned business status, principal
owners' ethnicity, race, and sex, and the number of the applicant's
principal owners. See the sample data collection form in appendix E for
sample language. For example, if the financial institution sends the
data collection form via email, the data collection form should be a
separate attachment to the email or accessed through a separate link in
the email. If the financial institution uses a web-based data
collection form, the form should be on its own page.
6. Ethnicity, race, or sex of principal owners not provided by
applicant. Pursuant to Sec. 1002.107(c), a financial institution shall
maintain procedures reasonably designed to collect applicant-provided
data, which includes the ethnicity, race, and sex of an applicant's
principal owners. However, if an applicant does not provide the
information, such as in response to a request for a principal owner's
ethnicity, race, or sex on a paper or electronic data collection form,
the financial institution reports the ethnicity, race, or sex (as
applicable) as ``not provided by applicant'' for that principal owner.
For example, if the financial institution provides a paper data
collection form to an applicant with two principal owners, and asks the
applicant to complete and return the form but the applicant does not do
so, the financial institution reports that the two principal owners'
ethnicity, race, and sex were ``not provided by applicant.'' Similarly,
if the financial institution provides an electronic data collection
form, the applicant indicates that it has two principal owners, the
applicant provides ethnicity, race, and sex for the first principal
owner, and the applicant does not make any selections for the second
principal owner's ethnicity, race, and sex, the financial institution
reports the ethnicity, race, and sex that the applicant provided for
the first principal owner and reports that each of the ethnicity, race,
and sex for the second principal owner was ``not provided by
applicant.'' Additionally, if the financial institution provides an
[[Page 35556]]
electronic or paper data collection form, the applicant indicates that
it has one principal owner, provides the principal owner's ethnicity
and sex information, but does not provide information about the
principal owner's race and also does not select a response of ``I do
not wish to provide this information'' with regard to race, the
financial institution reports the ethnicity and sex provided by the
applicant and reports that the race of the principal owner was ``not
provided by applicant.''
7. Applicant declines to provide information about a principal
owner's ethnicity, race, or sex. A financial institution reports that
the applicant responded that it did not wish to provide the information
about a principal owner's ethnicity, race, or sex (as applicable), if
the applicant declines to provide the information by selecting such a
response option on a paper or electronic form (e.g., by selecting an
answer option of ``I do not wish to provide this information'' or
similar). The financial institution also reports an applicant's refusal
to provide such information in this way, if the applicant orally
declines to provide such information for a covered application taken by
telephone or another medium that does not involve providing any paper
or electronic documents.
8. Conflicting responses provided by applicant. If the applicant
both provides a substantive response to a request for a principal
owner's ethnicity, race, or sex (that is, identifies a principal
owner's race, ethnicity, or sex) and also checks the box indicating ``I
do not wish to provide this information'' or similar, the financial
institution reports the information on ethnicity, race, or sex that was
provided by the applicant (rather than reporting that the applicant
declined provide the information). For example, if an applicant is
completing a paper data collection form and writes in a response that a
principal owner's sex is female and also indicates on the form that the
applicant does not wish to provide information regarding that principal
owner's sex, the financial institution reports the principal owner's
sex as female.
9. No verification of ethnicity, race, and sex of principal owners.
Notwithstanding Sec. 1002.107(b), a financial institution must report
the applicant's substantive responses as to its principal owners'
ethnicity, race, and sex (that is, the applicant's identification of
its principal owners' race, ethnicity, and sex), that the applicant
declined to answer the inquiry (that is, selected an answer option of
``I do not wish to provide this information'' or similar), or the
applicant's failure to respond to the inquiry (that is, the information
was ``not provided by applicant'') pursuant to Sec. 1002.107(a)(19),
even if the financial institution verifies or otherwise obtains the
ethnicity, race, or sex of the applicant's principal owners for other
purposes.
10. Reporting for fewer than four principal owners. If an applicant
has fewer than four principal owners, the financial institution reports
ethnicity, race, and sex information for the number of principal owners
that the applicant has and reports the ethnicity, race, and sex fields
for additional principal owners as ``not applicable.'' For example, if
an applicant has only one principal owner, the financial institution
reports ethnicity, race, and sex information for the first principal
owner and reports as ``not applicable'' the ethnicity, race, and sex
data fields for principal owners two through four.
11. Previously collected ethnicity, race, and sex information. If a
financial institution reports one or more principal owners' ethnicity,
race, or sex information based on previously collected data under Sec.
1002.107(d), the financial institution does not need to collect any
additional ethnicity, race, or sex information for other principal
owners (if any). See also comment 107(d)-9.
12. Guarantors. A financial institution does not collect or report
a guarantor's ethnicity, race, and sex unless the guarantor is also a
principal owner of the applicant, as defined in Sec. 1002.102(o).
13. Ethnicity. i. Aggregate categories. A financial institution
must permit an applicant to provide each principal owner's ethnicity
for purposes of Sec. 1002.107(a)(19) using one or more of the
following aggregate categories:
A. Hispanic or Latino.
B. Not Hispanic or Latino.
ii. Disaggregated subcategories. A financial institution must
permit an applicant to provide each principal owner's ethnicity for
purposes of Sec. 1002.107(a)(19) using one or more of the following
disaggregated subcategories, regardless of whether the applicant has
indicated that the relevant principal owner is Hispanic or Latino and
regardless of whether the applicant selects any aggregate categories:
Cuban; Mexican; Puerto Rican; or Other Hispanic or Latino. If an
applicant indicates that a principal owner is Other Hispanic or Latino,
the financial institution must permit the applicant to provide
additional information regarding the principal owner's ethnicity, by
using free-form text on a paper or electronic data collection form or
using language that informs the applicant of the opportunity to self-
identify when taking the application by means other than a paper or
electronic data collection form, such as by telephone. The financial
institution must permit the applicant to provide additional information
indicating, for example, that the principal owner is Argentinean,
Colombian, Dominican, Nicaraguan, Salvadoran, or Spaniard. See the
sample data collection form in appendix E for sample language. If an
applicant chooses to provide additional information regarding a
principal owner's ethnicity, such as by indicating that a principal
owner is Argentinean orally or in writing on a paper or electronic
form, a financial institution must report that additional information
via free-form text. If the applicant provides such additional
information but does not also indicate that the principal owner is
Other Hispanic or Latino (e.g., by selecting Other Hispanic or Latino
on a paper or electronic form), a financial institution is permitted,
but not required, to report Other Hispanic or Latino as well.
iii. Selecting multiple categories. The financial institution must
permit the applicant to select one, both, or none of the aggregate
categories and as many disaggregated subcategories as the applicant
chooses. A financial institution must permit an applicant to select a
disaggregated subcategory even if the applicant does not select the
corresponding aggregate category. For example, an applicant must be
permitted to select the Mexican disaggregated subcategory for a
principal owner without being required to select the Hispanic or Latino
aggregate category. If an applicant provides ethnicity information for
a principal owner, the financial institution reports all of the
aggregate categories and disaggregated subcategories provided by the
applicant. For example, if an applicant selects both aggregate
categories and four disaggregated subcategories for a principal owner,
the financial institution reports the two aggregate categories that the
applicant selected and all four of the disaggregated subcategories that
the applicant selected. Additionally, if an applicant selects only the
Mexican disaggregated subcategory for a principal owner and no
aggregate categories, the financial institution reports Mexican for the
ethnicity of the applicant's principal owner but does not also report
Hispanic or Latino. Further, if the applicant selects an aggregate
category (e.g., Not Hispanic or Latino) and a disaggregated
[[Page 35557]]
subcategory that does not correspond to the aggregate category (e.g.,
Puerto Rican), the financial institution reports the information as
provided by the applicant (e.g., Not Hispanic or Latino, and Puerto
Rican).
14. Race. i. Aggregate categories. A financial institution must
permit an applicant to provide each principal owner's race for purposes
of Sec. 1002.107(a)(19) using one or more of the following aggregate
categories:
A. American Indian or Alaska Native.
B. Asian.
C. Black or African American.
D. Native Hawaiian or Other Pacific Islander.
E. White.
ii. Disaggregated subcategories. The financial institution must
permit an applicant to provide a principal owner's race for purposes of
Sec. 1002.107(a)(19) using one or more of the disaggregated
subcategories as listed in this comment 107(a)(19)-14.ii, regardless of
whether the applicant has selected the corresponding aggregate
category.
A. The Asian aggregate category includes the following
disaggregated subcategories: Asian Indian; Chinese; Filipino; Japanese;
Korean; Vietnamese; and Other Asian. An applicant must also be
permitted to provide the principal owner's race using one or more of
these disaggregated subcategories regardless of whether the applicant
indicates that the principal owner is Asian and regardless of whether
the applicant selects any aggregate categories. Additionally, if an
applicant indicates that a principal owner is Other Asian, the
financial institution must permit the applicant to provide additional
information about the principal owner's race, by using free-form text
on a paper or electronic data collection form or using language that
informs the applicant of the opportunity to self-identify when taking
the application by means other than a paper or electronic data
collection form, such as by telephone. The financial institution must
permit the applicant to provide additional information indicating, for
example, that the principal owner is Cambodian, Hmong, Laotian,
Pakistani, or Thai. See the sample data collection form in appendix E
for sample language.
B. The Black or African American aggregate category includes the
following disaggregated subcategories: African American; Ethiopian;
Haitian; Jamaican; Nigerian; Somali; or Other Black or African
American. An applicant must also be permitted to provide the principal
owner's race using one or more of these disaggregated subcategories
regardless of whether the applicant indicates that the principal owner
is Black or African American and regardless of whether the applicant
selects any aggregate categories. Additionally, if an applicant
indicates that a principal owner is Other Black or African American,
the financial institution must permit the applicant to provide
additional information about the principal owner's race, by using free-
form text on a paper or electronic data collection form or using
language that informs the applicant of the opportunity to self-identify
when taking the application by means other than a paper or electronic
data collection form, such as by telephone. The financial institution
must permit the applicant to provide additional information indicating,
for example, that the principal owner is Barbadian, Ghanaian, or South
African. See the sample data collection form in appendix E for sample
language.
C. The Native Hawaiian or Other Pacific Islander aggregate category
includes the following disaggregated subcategories: Guamanian or
Chamorro; Native Hawaiian; Samoan; and Other Pacific Islander. An
applicant must also be permitted to provide the principal owner's race
using one or more of these disaggregated subcategories regardless of
whether the applicant indicates that the principal owner is Native
Hawaiian or Other Pacific Islander and regardless of whether the
applicant selects any aggregate categories. Additionally, if an
applicant indicates that a principal owner is Other Pacific Islander,
the financial institution must permit the applicant to provide
additional information about the principal owner's race, by using free-
form text on a paper or electronic data collection form or using
language that informs the applicant of the opportunity to self-identify
when taking the application by means other than a paper or electronic
data collection form, such as by telephone. The financial institution
must permit the applicant to provide additional information indicating,
for example, that the principal owner is Fijian or Tongan. See the
sample data collection form in appendix E for sample language.
D. If an applicant chooses to provide additional information
regarding a principal owner's race, such as indicating that a principal
owner is Cambodian, Barbadian, or Fijian orally or in writing on a
paper or electronic form, a financial institution must report that
additional information via free-form text in the appropriate data
reporting field. If the applicant provides such additional information
but does not also indicate that the principal owner is Other Asian,
Other Black or African American, or Other Pacific Islander, as
applicable (e.g., by selecting Other Asian on a paper or electronic
form), a financial institution is permitted, but not required, to
report the corresponding ``Other'' race disaggregated subcategory
(i.e., Other Asian, Other Black or African American, or Other Pacific
Islander).
E. In addition to permitting an applicant to indicate that a
principal owner is American Indian or Alaska Native, a financial
institution must permit an applicant to provide the name of an enrolled
or principal tribe, by using free-form text on a paper or electronic
data collection form or using language that informs the applicant of
the opportunity to self-identify when taking the application by means
other than a paper or electronic data collection form, such as by
telephone. If an applicant chooses to provide the name of an enrolled
or principal tribe, a financial institution must report that
information via free-form text in the appropriate data reporting field.
If the applicant provides the name of an enrolled or principal tribe
but does not also indicate that the principal owner is American Indian
or Alaska Native (e.g., by selecting American Indian or Alaska Native
on a paper or electronic form), a financial institution is permitted,
but not required, to report American Indian or Alaska Native as well.
iii. Selecting multiple categories. The financial institution must
permit the applicant to select as many aggregate categories and
disaggregated subcategories as the applicant chooses. A financial
institution must permit an applicant to select one or more
disaggregated subcategories even if the applicant does not select an
aggregate category. For example, an applicant must be permitted to
select the Chinese disaggregated subcategory for a principal owner
without being required to select the Asian aggregate category. If an
applicant provides race information for a principal owner, the
financial institution reports all of the aggregate categories and
disaggregated subcategories provided by the applicant. For example, if
an applicant selects two aggregate categories and five disaggregated
subcategories for a principal owner, the financial institution reports
the two aggregate categories that the applicant selected and the five
disaggregated subcategories that the applicant selected. Additionally,
if an applicant selects only the Chinese disaggregated subcategory for
a principal owner, the financial institution reports Chinese for the
race of the principal owner but does
[[Page 35558]]
not also report that the principal owner is Asian. Similarly, if the
applicant selects an aggregate category (e.g., Asian) and a
disaggregated subcategory that does not correspond to the aggregate
category (e.g., Native Hawaiian), the financial institution reports the
information as provided by the applicant (e.g., Asian and Native
Hawaiian).
15. Sex. Generally, a financial institution must permit an
applicant to provide each principal owner's sex for purposes of Sec.
1002.107(a)(19). When requesting information about a principal owner's
sex, a financial institution shall use the term ``sex/gender.'' If the
financial institution uses a paper or electronic data collection form
to collect the information, the financial institution must allow the
applicant to provide each principal owner's sex/gender using free-form
text. When a financial institution collects the information orally,
such as by telephone, the financial institution must inform the
applicant of the opportunity to provide each principal owner's sex/
gender and record the applicant's response. A financial institution
reports the substantive information provided by the applicant (reported
via free-form text in the appropriate data reporting field), or reports
that the applicant declined to provide the information.
16. Ethnicity and race information requested orally. As described
in comments 107(a)(19)-13 and -14, when collecting principal owners'
ethnicity and race pursuant to Sec. 1002.107(a)(19), a financial
institution must present the applicant with the specified aggregate
categories and disaggregated subcategories. When collecting ethnicity
and race information orally, such as by telephone, a financial
institution may not present the applicant with the option to decline to
provide the information without also presenting the applicant with the
specified aggregate categories and disaggregated subcategories.
i. Ethnicity and race categories. Notwithstanding comments
107(a)(19)-13 and -14, a financial institution is not required to read
aloud every disaggregated subcategory when collecting ethnicity and
race information orally, such as by telephone. Rather, the financial
institution must orally present the lists of aggregate ethnicity and
race categories, followed by the disaggregated subcategories (if any)
associated with the aggregate categories selected by the applicant or
which the applicant requests to be presented. After the applicant makes
any disaggregated category selections associated with the aggregate
ethnicity or race category, the financial institution must also ask if
the applicant wishes to hear the lists of disaggregated subcategories
for any aggregate categories not selected by the applicant. The
financial institution must record any aggregate categories selected by
the applicant, as well as any disaggregated subcategories regardless of
whether such subcategories were selected based on the disaggregated
subcategories read by the financial institution or were otherwise
provided by the applicant.
ii. More than one principal owner. If an applicant has more than
one principal owner, the financial institution is permitted to ask
about ethnicity and race in a manner that reduces repetition when
collecting ethnicity and race information orally, such as by telephone.
For example, if an applicant has two principal owners, the financial
institution may ask for both principal owners' ethnicity at the same
time, rather than asking about ethnicity, race, and sex for the first
principal owner followed by ethnicity, race, and sex for the second
principal owner.
107(a)(20) Number of Principal Owners
1. General. If the financial institution asks the applicant to
provide the number of its principal owners pursuant to Sec.
1002.107(a)(20), a financial institution must provide the definition of
principal owner set forth in Sec. 1002.102(o). The financial
institution satisfies this requirement if it provides the definition of
principal owner as set forth in the sample data collection form in
appendix E.
2. Number of principal owners provided by applicant; verification
of number of principal owners. The financial institution may rely on
statements or information provided by the applicant in collecting and
reporting the number of the applicant's principal owners. However,
pursuant to Sec. 1002.107(b), if the financial institution verifies
the number of principal owners provided by the applicant, it must
report the verified information.
3. Number of principal owners not provided by applicant and
otherwise undetermined. Pursuant to Sec. 1002.107(c), a financial
institution shall maintain procedures reasonably designed to collect
applicant-provided data, which includes the number of principal owners
of the applicant. However, if a financial institution is nonetheless
unable to collect or otherwise determine the applicant's number of
principal owners, the financial institution reports that the number of
principal owners is ``not provided by applicant and otherwise
undetermined.''
107(b) Reliance on and Verification of Applicant-Provided Data
1. Reliance on information provided by an applicant or appropriate
third-party sources. A financial institution may rely on statements
made by an applicant (whether made in writing or orally) or information
provided by an applicant when compiling and reporting data pursuant to
subpart B of this part for applicant-provided data; the financial
institution is not required to verify those statements or that
information. However, if the financial institution does verify
applicant statements or information for its own business purposes, such
as statements relating to gross annual revenue or time in business, the
financial institution reports the verified information. Depending on
the circumstances and the financial institution's procedures, certain
applicant-provided data can be collected from appropriate third-party
sources without a specific request from the applicant, and such
information may also be relied on. For example, gross annual revenue or
NAICS code may be collected from tax return documents; a financial
institution may also collect an applicant's NAICS code using third-
party sources such as business information products. Applicant-provided
data are the data that are or could be provided by the applicant,
including Sec. 1002.107(a)(5) through (7) and (13) through (20). See
comment 107(c)(1)-3. In regard to restrictions on verification of
minority-owned, women-owned, and LGBTQI+-owned business statuses, and
principal owners' ethnicity, race, and sex, see comments 107(a)(18)-9
and 107(a)(19)-9.
107(c) Time and Manner of Collection
107(c)(1) In General
1. Procedures. The term ``procedures'' refers to the actual
practices followed by a financial institution as well as its stated
procedures. For example, if a financial institution's stated procedure
is to collect applicant-provided data on or with a paper application
form, but employees encourage applicants to skip the page that asks
whether the applicant is a minority-owned business, a women-owned
business, or an LGBTQI+-owned business under Sec. 1002.107(a)(18), the
financial institution's procedures are not reasonably designed to
obtain a response.
2. Latitude to design procedures. A financial institution has
flexibility to establish procedures concerning the
[[Page 35559]]
timing and manner in which it collects applicant-provided data that
work best for its particular lending model and product offerings,
provided those procedures are reasonably designed to collect the
applicant-provided data in Sec. 1002.107(a), as required pursuant to
Sec. 1002.107(c)(1), and where applicable comply with the minimum
requirements set forth in Sec. 1002.107(c)(2).
3. Applicant-provided data. Applicant-provided data are the data
that are or could be provided by the applicant, including Sec.
1002.107(a)(5) (credit type), Sec. 1002.107(a)(6) (credit purpose),
Sec. 1002.107(a)(7) (amount applied for), Sec. 1002.107(a)(13)
(address or location for purposes of determining census tract), Sec.
1002.107(a)(14) (gross annual revenue), Sec. 1002.107(a)(15) (NAICS
code, or information about the business such that the financial
institution can determine the applicant's NAICS code), Sec.
1002.107(a)(16) (number of workers), Sec. 1002.107(a)(17) (time in
business), Sec. 1002.107(a)(18) (minority-owned business status,
women-owned business status, and LGBTQI+-owned business status), Sec.
1002.107(a)(19) (ethnicity, race, and sex of the applicant's principal
owners), and Sec. 1002.107(a)(20) (number of principal owners).
Applicant-provided data do not include data that are generated or
supplied only by the financial institution, including Sec.
1002.107(a)(1) (unique identifier), Sec. 1002.107(a)(2) (application
date), Sec. 1002.107(a)(3) (application method), Sec. 1002.107(a)(4)
(application recipient), Sec. 1002.107(a)(8) (amount approved or
originated), Sec. 1002.107(a)(9) (action taken), Sec. 1002.107(a)(10)
(action taken date), Sec. 1002.107(a)(11) (denial reasons), Sec.
1002.107(a)(12) (pricing information), and Sec. 1002.107(a)(13)
(census tract, based on address or location provided by the applicant).
4. Collecting applicant-provided data without a direct request to
the applicant. Depending on the circumstances and the financial
institution's procedures, certain applicant-provided data can be
collected without a direct request to the applicant. For example,
credit type may be collected based on the type of product chosen by the
applicant. Similarly, a financial institution may rely on appropriate
third-party sources to collect certain applicant-provided data. See
Sec. 1002.107(b) concerning the use of third-party sources.
5. Data updated by the applicant. A financial institution reports
updated data if it obtains more current data from the applicant during
the application process. For example, if an applicant states its gross
annual revenue for the preceding fiscal year was $3 million, but then
the applicant notifies the financial institution that its revenue in
the preceding fiscal year was actually $3.2 million, the financial
institution reports gross annual revenue of $3.2 million. For reporting
verified applicant-provided data, see Sec. 1002.107(b) and comment
107(b)-1. If a financial institution has already verified data and then
the applicant updates it, the financial institution reports the
information it believes to be more accurate, in its discretion. If a
financial institution receives updates from the applicant after the
application process has closed (for example, after closing or account
opening), the financial institution may, at its discretion, update the
data at any time prior to reporting the covered application to the
Bureau.
107(c)(2) Applicant-Provided Data Collected Directly From the Applicant
1. In general. Whether a financial institution's procedures are
reasonably designed to collect applicant-provided data is a fact-based
determination and may depend on the financial institution's particular
lending model, product offerings, and other circumstances; procedures
that are reasonably designed to obtain a response may therefore require
additional provisions beyond the minimum criteria set forth in Sec.
1002.107(c)(2). In general, reasonably designed procedures will seek to
maximize collection of applicant-provided data and minimize missing or
erroneous data. While the requirements of Sec. 1002.107(c)(2) do not
apply to applicant-provided data that a financial institution obtains
without a direct request to the applicant, as explained in comment
107(c)(1)-4, in such instances, a covered financial institution must
still comply with Sec. 1002.107(c)(1).
2. Specific components. i. Timing of initial collection attempt.
While a financial institution has some flexibility concerning when
applicant-provided data is are collected, under no circumstances may
the initial request for applicant-provided data occur simultaneous with
or after notifying an applicant of final action taken on a covered
application. Generally, the earlier in the application process the
financial institution initially seeks to collect applicant-provided
data, the more likely the timing of collection is reasonably designed
to obtain a response.
ii. The request for applicant-provided data is prominently
displayed or presented. Pursuant to Sec. 1002.107(c)(2)(ii), a
financial institution must ensure an applicant actually sees, hears, or
is otherwise presented with the request for applicant-provided data. If
an applicant is likely to overlook or miss a request for applicant-
provided data, the financial institution does not have reasonably
designed procedures. Similarly, a financial institution also does not
have reasonably designed procedures if it obscures, prevents, or
inhibits an applicant from accessing or reviewing a request for
applicant-provided data.
iii. The collection does not have the effect of discouraging an
applicant from responding to a request for applicant-provided data. A.
A covered financial institution avoids discouraging a response by, for
example, communicating to the applicant that the collection of
applicant-provided data is worthy of the applicant's attention or is as
important as information collected in connection with the financial
institution's creditworthiness determination. In contrast, a covered
financial institution that collects applicant-provided data in a time
or manner that directly or indirectly discourages or obstructs an
applicant from responding or providing a particular response violates
Sec. 1002.107(c)(2)(iii). For example, a financial institution may not
discourage a response to inquiries regarding the demographic data
pursuant to Sec. 1002.107(a)(18) and (19) by communicating to the
applicant that the request is unimportant, encouraging the applicant to
bypass the form altogether, or attempting to influence or alter the
applicant's preferred response.
B. A covered financial institution also avoids discouraging a
response by requiring an applicant to provide a response to one or more
requests for applicant-provided data in order to proceed with a covered
application, including, as applicable, a response of ``I do not wish to
provide this information'' or similar. (As described in comments
107(a)(18)-1 and 107(a)(19)-1, a financial institution must permit an
applicant to decline to provide the demographic data required by Sec.
1002.107(a)(18) and (19), which can be satisfied by providing a
response option of ``I do not wish to provide this information'' or
similar.) For example, in an electronic application, a financial
institution may require the applicant to either make a substantive
selection about a principal owner's ethnicity, race, or sex, select an
option of ``I do not wish to provide this information'' or similar, or
indicate there are no principal owners before allowing the applicant to
proceed to the next page of requested information.
[[Page 35560]]
iv. The applicant can easily provide a response. Pursuant to Sec.
1002.107(c)(2)(iv), a financial institution must structure the request
for information in a manner that makes it easy for the applicant to
provide a response. For example, a financial institution requests
applicant-provided data in the same format as other information
required for the covered application, provides applicants multiple
methods to provide or return applicant-provided data (for example, on a
written form, through a web portal, or through other means), or
provides the applicant some other type of straightforward and seamless
method to provide a response. Conversely, a financial institution must
avoid imposing unnecessary burden on an applicant to provide the
information requested or requiring the applicant to take steps that are
inconsistent with the rest of its application process. For example, a
financial institution does not have reasonably designed procedures if
it collects application information related to its own creditworthiness
determination in electronic form, but mails a paper form to the
applicant initially seeking the data required under Sec. 1002.107(a)
that the financial institution does not otherwise need for its
creditworthiness determination and requiring the applicant to mail it
back. On the other hand, a financial institution complies with Sec.
1002.107(c)(2)(iv) if, at its discretion, it requests the applicant to
respond to inquiries made pursuant to Sec. 1002.107(a)(18) and (19)
through a reasonable method intended to keep the applicant's responses
discrete and protected from view.
v. Multiple requests for applicant-provided data. A financial
institution is permitted, but not required, to make more than one
attempt to obtain applicant-provided data if the applicant does not
respond to an initial request. For example, if an applicant initially
does not respond when asked early in the application process (before
notifying the applicant of final action taken on the application,
pursuant to Sec. 1002.107(c)(2)(i)) to inquiries made pursuant to
Sec. 1002.107(a)(18) and (19), a financial institution may request
this information again, for example, during a subsequent in-person
meeting with the applicant or after notifying the applicant of final
action taken on the covered application.
107(c)(3) Procedures To Monitor Compliance
1. Procedures to identify and respond to indicia of potential
discouragement, including low response rates. Section 1002.107(c)(3)
requires a covered financial institution to maintain procedures
designed to identify and respond to indicia of potential
discouragement, including low response rates for applicant-provided
data. In general, these include monitoring for low response rates
(i.e., the percentage of covered applications for which the financial
institution has obtained some type of response to requests for
applicant-provided data, including, as applicable, an applicant
response of ``I do not wish to provide this information'' or similar);
monitoring for significant irregularities in any particular response
that may indicate steering, improper interference, or other potential
discouragement or obstruction of applicants' preferred responses;
monitoring response rates and responses by division, location, loan
officer, or other factors to ensure that no discouragement or improper
conduct is occurring in some parts of a financial institution, even if
the financial institution maintains adequate response rates and
responses overall; providing adequate training to loan officers and
other persons involved in collecting applicant-provided data; promptly
investigating any indicia of potential discouragement; and taking
prompt remedial action if discouragement or other improper conduct is
identified.
107(c)(4) Low Response Rates
1. In general. A low response rate for applicant-provided data may
indicate that the financial institution has engaged in discouragement
or otherwise failed to maintain reasonably designed procedures.
Response rate generally refers to whether the financial institution has
obtained some type of response to requests for applicant-provided data
(including, as applicable, an applicant response of ``I do not wish to
provide this information'' or similar). A response rate may be
measured, as appropriate, as compared to financial institutions of a
similar size, type, and/or geographic reach, or other factors, as
appropriate. Similarly, significant irregularities in a particular
response (for example, very high rates of an applicant response of ``I
do not wish to provide this information'' or similar) may also indicate
that a financial institution does not have reasonably designed
procedures, for example, because of steering, improper interference, or
other potential discouragement or obstruction of applicants' preferred
responses. Response rates may be relevant across all applicant-provided
data, though are particularly relevant for the collection of the
demographic data pursuant to Sec. 1002.107(a)(18) and (19) given the
heightened sensitivity of these inquiries and the importance of those
data to the purposes of subpart B.
107(d) Previously Collected Data
1. In general. A financial institution may, for the purpose of
reporting such data pursuant to Sec. 1002.109, reuse certain
previously collected data if the requirements of Sec. 1002.107(d) are
met. In that circumstance, a financial institution need not seek to
collect the data anew in connection with a subsequent covered
application to satisfy the requirements of this subpart. For example,
if an applicant applies for and is granted a term loan, and then
subsequently applies for a credit card in the same calendar year, the
financial institution need not request again the data specified in
Sec. 1002.107(d). Similarly, if an applicant applies for more than one
covered credit transaction at one time, a financial institution need
only ask once for the data specified in Sec. 1002.107(d).
2. Data that can be reused. Subject to the requirements of Sec.
1002.107(d), a financial institution may reuse the following data:
Sec. 1002.107(a)(13) (address or location for purposes of determining
census tract), Sec. 1002.107(a)(14) (gross annual revenue) (subject to
comment 107(d)-7), Sec. 1002.107(a)(15) (NAICS code), Sec.
1002.107(a)(16) (number of workers), Sec. 1002.107(a)(17) (time in
business) (subject to comment 107(d)-8), Sec. 1002.107(a)(18)
(minority-owned business status, women-owned business status, and
LGBTQI+-owned business status) (subject to comment 107(d)-9), Sec.
1002.107(a)(19) (ethnicity, race, and sex of applicant's principal
owners) (subject to comment 107(d)-9), and Sec. 1002.107(a)(20)
(number of principal owners). A financial institution is not, however,
permitted to reuse other data, such as Sec. 1002.107(a)(6) (credit
purpose).
3. Previously reported data without a substantive response. Data
have not been ``previously collected'' within the meaning of Sec.
1002.107(d) if the applicant did not provide a substantive response to
the financial institution's request for that data and the financial
institution was not otherwise able to obtain the requested data (for
example, from the applicant's credit report, or tax returns).
4. Updated data. If, after the application process has closed on a
prior covered application, a financial institution obtains updated
information relevant to the data required to be collected and reported
pursuant to Sec. 1002.107(a)(13) through (20), and the
[[Page 35561]]
applicant subsequently submits a new covered application, the financial
institution must use the updated information in connection with the new
covered application (if the requirements of Sec. 1002.107(d) are
otherwise met) or seek to collect the data again. For example, if a
business notifies a financial institution of a change of address of its
sole business location, and subsequently submits a covered application
within the time period specified in Sec. 1002.107(d)(1) for reusing
previously collected data, the financial institution must report census
tract based on the updated information. In that circumstance, the
financial institution may still reuse other previously collected data
to satisfy Sec. 1002.107(a)(14) through (20) if the requirements of
Sec. 1002.107(d) are met.
5. Collection within the preceding 36 months. Pursuant to Sec.
1002.107(d)(1), data can be reused to satisfy Sec. 1002.107(a)(13) and
(15) through (20) if they are collected within the preceding 36 months.
A financial institution may measure the 36-month period from the date
of final action taken (Sec. 1002.107(a)(9)) on a prior application to
the application date (Sec. 1002.107(a)(2)) on a subsequent
application. For example, if a financial institution takes final action
on an application on February 1, 2025, it may reuse certain previously
collected data pursuant to Sec. 1002.107(d)(1) for subsequent covered
applications dated or received by the financial institution through
January 31, 2028.
6. Reason to believe data are inaccurate. Whether a financial
institution has reason to believe data are inaccurate pursuant to Sec.
1002.107(d)(2) depends on the particular facts and circumstances. For
example, a financial institution may have reason to believe data on the
applicant's minority-owned business status, women-owned business
status, and LGBTQI+-owned business status may be inaccurate if it knows
that the applicant has had a change in ownership or a change in an
owner's percentage of ownership.
7. Collection of gross annual revenue in the same calendar year.
Pursuant to Sec. 1002.107(d)(1), gross annual revenue information can
be reused to satisfy Sec. 1002.107(a)(14) provided it is collected in
the same calendar year as the current covered application, as measured
from the application date. For example, if an application is received
and gross annual revenue is collected in connection with a covered
application in one calendar year, but then final action was taken on
the application in the following calendar year, the data may only be
reused for the calendar year in which it was collected and not the
calendar year in which final action was taken on the application.
However, if an application is received and gross annual revenue is
collected in connection with a covered application in one calendar
year, a financial institution may reuse that data pursuant to Sec.
1002.107(d) in a subsequent application initiated in the same calendar
year, even if final action was taken on the subsequent application in
the following calendar year.
8. Time in business. A financial institution that decides to reuse
previously collected data to satisfy Sec. 1002.107(a)(17) (time in
business) must update the data to reflect the passage of time since the
data were collected. If a financial institution only knows that the
applicant had been in business less than two years at the time the data
was initially collected, as described in comment 107(a)(17)-1.ii or
iii, it updates the data based on the assumption that the applicant had
been in business for 12 months at the time of the prior collection. For
example:
i. If a financial institution previously collected data on a prior
covered application that the applicant has been in business for four
years, and then seeks to reuse that data for a subsequent covered
application submitted one year later, it must update the data to
reflect that the applicant has been in business for five years.
ii. If a financial institution previously collected data on a prior
covered application that the applicant had been in business less than
two years (and was not aware of the business's actual length of time in
business at the time), and then seeks to reuse that data for a
subsequent covered application submitted 18 months later, the financial
institution reports time in business on the subsequent covered
application as over two years in business.
9. Minority-owned business status, women-owned business status,
LGBTQI+-owned business status, and principal owners' ethnicity, race,
and sex. A financial institution may not reuse data to satisfy Sec.
1002.107(a)(18) and (19) unless the data were collected in connection
with a prior covered application pursuant to this subpart B. If the
financial institution previously asked the applicant to provide its
minority-owned business status, women-owned business status, and
LGBTQI+-owned business status, and principal owners' ethnicity, race,
and sex for purposes of Sec. 1002.107(a)(18) and (19), and the
applicant declined to provide the information (such as by selecting ``I
do not wish to provide this information'' or similar on a data
collection form or by telling the financial institution that it did not
wish to provide the information), the financial institution may use
that response when reporting data for a subsequent application pursuant
to Sec. 1002.107(d). However, if the applicant failed to respond (such
as by leaving the response to the question blank or by failing to
return a data collection form), the financial institution must inquire
about the applicant's minority-owned business status, women-owned
business status, LGBTQI+-owned business status, and principal owners'
ethnicity, race, or sex, as applicable, in connection with a subsequent
application because the data were not previously obtained. See also
comment 107(a)(19)-11 concerning previously collected ethnicity, race,
and sex information.
Section 1002.108--Firewall
108(a) Definitions
1. Involved in making any determination concerning a covered
application from a small business. i. General. An employee or officer
is involved in making a determination concerning a covered application
from a small business for purposes of Sec. 1002.108 if the employee or
officer makes, or otherwise participates in, a decision regarding the
evaluation of a covered application from a small business or the
creditworthiness of a small business applicant for a covered credit
transaction. This includes, but is not limited to, employees and
officers serving as underwriters. The decision that an employee or
officer makes or participates in must be about a specific covered
application or about the creditworthiness of a specific applicant. An
employee or officer is not involved in making a determination
concerning a covered application if the employee or officer is only
involved in making a decision that affects covered applications
generally, or if the employee or officer only interacts with small
businesses prior to them becoming applicants or submitting an
application. An employee or officer may be participating in a
determination concerning a covered application even if the employee or
officer is not the ultimate decision maker or the sole decision maker.
For example, an employee participates in a determination concerning a
covered application if the employee recommends that another employee or
officer approve or deny the application. Similarly, an employee or
officer participates in a determination concerning a covered
application if the employee or officer is part of a larger group, such
as a committee, that makes
[[Page 35562]]
a determination concerning a covered application. For example, an
employee participates in a decision if the employee is a member of a
committee that approves the terms offered to an applicant for a covered
application. This is true even if the employee does not support the
committee's ultimate decision regarding the terms offered. Conversely,
an employee or officer does not participate in a determination
concerning a covered application if the employee or officer only
performs ministerial functions for the committee, such as recording the
minutes, or if the committee does not make a determination concerning a
specific covered application.
ii. Examples of activities that do not constitute being involved in
making a determination concerning a covered application from a small
business. The following are examples of activities that do not
constitute being involved in making a determination concerning a
covered application:
A. Developing policies and procedures, designing or programming
computer or other systems, or conducting marketing.
B. Discussing credit products, loan terms, or loan requirements
with a small business before it submits a covered application.
C. Making or participating in a decision after the financial
institution has taken final action on the covered application, such as
a decision about servicing or collecting a covered credit transaction.
D. Using a check box form to confirm whether an applicant has
submitted all necessary documents or handling a minor or clerical
matter during the application process, such as suggesting or selecting
a time for an appointment with an applicant.
E. Gathering information (including information collected pursuant
to Sec. 1002.107(a)(18) or (19)) and forwarding the information or a
covered application to other individuals or entities.
F. Reviewing previously collected data to determine if it can be
reused for a later covered application pursuant to Sec. 1002.107(d).
iii. Examples of activities that constitute being involved in
making a determination concerning a covered application from a small
business. The following are examples of activities (done individually
or as part of a group) that constitute being involved in making a
determination concerning a covered application:
A. Making or participating in a decision to approve or deny a
specific covered application. This includes, but is not limited to,
making or participating in a decision that an applicant does not
satisfy one or more of the requirements for the covered credit
transaction for which it has applied.
B. Making or participating in a decision regarding the reason(s)
for denial of a covered application.
C. Making or participating in a decision that a guarantor or
collateral is required in order to approve a specific covered
application.
D. Making or participating in a decision regarding the credit
amount or credit limit that will be approved for a specific covered
application.
E. Making or participating in a decision to set one or more of the
other terms that will be offered for a specific covered credit
transaction. This includes, but is not limited to, making or
participating in a decision regarding the interest rate, the loan term,
or the payment schedule that will be offered for a specific covered
credit transaction.
F. Making or participating in a decision regarding a counteroffer
made to a specific applicant, including a decision regarding the terms
of such a counteroffer.
G. Recommending that another decision maker approve or deny a
specific covered application, provide a specific reason for denying a
covered application, require a guarantor or collateral in order to
approve a covered application, approve a credit amount or credit limit
for a covered credit transaction, set one or more other terms for a
covered credit transaction, make a counteroffer regarding a covered
application, or set a specific term for such a counteroffer.
2. Should have access. i. General. A financial institution may
determine that an employee or officer who is involved in making a
determination concerning a covered application from a small business
should have access to information otherwise subject to the prohibition
in Sec. 1002.108(b) if that employee or officer is assigned one or
more job duties that may require the employee or officer to collect,
see, consider, refer to, or otherwise use information subject to the
prohibition in Sec. 1002.108(b). If the employee or officer might need
to collect, see, consider, refer to, or use such information to perform
the employee's or officer's assigned job duties, the financial
institution may determine that the employee or officer should have
access. For example, if a loan officer is involved in making a
determination concerning a covered application and that loan officer's
job description or the financial institution's policies and procedures
state that the loan officer may need to collect information pursuant to
Sec. 1002.107(a)(18) or (19), the financial institution may determine
that the loan officer should have access.
ii. When a group of employees or officers should have access. A
financial institution may determine that all employees or officers with
the same job description or assigned duties should have access for
purposes of Sec. 1002.108. For example, if a job description, a
policy, a procedure, or another document states that a loan officer may
have to collect or explain any part of a data collection form that
includes the inquiries described in Sec. 1002.107(a)(18) and (19), the
financial institution may determine that all employees and officers who
have been assigned the position of loan officer should have access for
purposes of Sec. 1002.108.
iii. Making a determination regarding who should have access. A
financial institution is permitted to choose what lawful factors it
will consider when determining whether an employee or officer should
have access. A financial institution's determination that an employee
or officer should have access may take into account relevant
operational factors and lawful business practices. For example, a
financial institution may consider its size, the number of employees
and officers within the relevant line of business or at a particular
branch or office location, and/or the number of covered applications
the financial institution has received or expects to receive.
Additionally, a financial institution may consider its current or its
reasonably anticipated staffing levels, operations, systems, processes,
policies, and procedures. A financial institution is not required to
hire additional staff, upgrade its systems, change its lending or
operational processes, or revise its policies or procedures for the
sole purpose of limiting who should have access.
108(b) Prohibition on Access to Certain Information
1. Scope of persons subject to the prohibition. The prohibition in
Sec. 1002.108(b) applies to an employee or officer of a covered
financial institution or its affiliate if the employee or officer is
involved in making any determination concerning a covered application
from a small business. For example, if a financial institution is
affiliated with company B and an employee of company B is involved in
making a determination concerning a covered application on behalf of
the financial institution, then the financial institution must comply
with Sec. 1002.108 with regard to company B's employee.
[[Page 35563]]
Section 1002.108 does not require a financial institution to limit the
access of employees and officers of third parties who are not
affiliates of the financial institution.
2. Scope of information that cannot be accessed when the
prohibition applies to an employee or officer. i. Information that
cannot be accessed when the prohibition applies. If a particular
employee or officer is involved in making a determination concerning a
covered application from a small business, the prohibition in Sec.
1002.108(b) only limits that employee's or officer's access to that
small business applicant's responses to the inquiries that the covered
financial institution makes to satisfy Sec. 1002.107(a)(18) and (19).
For example, if a financial institution uses a paper data collection
form to request information pursuant to Sec. 1002.107(a)(18) and (19),
an employee or officer that is subject to the prohibition is not
permitted access to the paper data collection form that contains the
applicant's responses to the inquiries made pursuant to pursuant to
Sec. 1002.107(a)(18) and (19), or to any other record that identifies
how the particular applicant responded to those inquires. Similarly, if
a financial institution makes the inquiries required pursuant to Sec.
1002.107(a)(18) and (19) during a telephone call, the prohibition
applies to the applicant's responses to those inquiries provided during
that telephone call and to any record that identifies how the
particular applicant responded to those inquiries.
ii. Information that can be accessed when the prohibition applies.
If a particular employee or officer is involved in making a
determination concerning a covered application, the prohibition in
Sec. 1002.108(b) does not limit that employee's or officer's access to
an applicant's responses to inquiries regarding whether the applicant
is a minority-owned, women-owned, or LGBTQI+-owned business, or
principal owners' ethnicity, race, or sex, made for purposes other than
compliance with Sec. 1002.107(a)(18) or (19). Thus, for example, an
employee or officer who is subject to the prohibition in Sec.
1002.108(b) may have access to information regarding whether an
applicant is eligible for a Small Business Administration program for
women-owned businesses without regard to whether the exception in Sec.
1002.108(c) is satisfied. Additionally, an employee or officer who
knows that an applicant is a minority-owned business, women-owned
business, or LGBTQI+-owned business, or who knows the ethnicity, race,
or sex of any of the applicant's principal owners due to activities
unrelated to the inquiries made to satisfy the financial institution's
obligations under Sec. 1002.107(a)(18) and (19) is not prohibited from
making a determination concerning the applicant's covered application.
Thus, an employee or officer who knows, for example, that an applicant
is a minority-owned business due to a social relationship or another
professional relationship with the applicant or any of its principal
owners may make determinations concerning the applicant's covered
application. Furthermore, an employee or officer that is involved in
making a determination concerning a covered application may see,
consider, refer to, or use data collected to satisfy aspects of Sec.
1002.107 other than Sec. 1002.107(a)(18) or (19), such as gross annual
revenue, number of workers, and time in business.
108(c) Exception to the Prohibition on Access to Certain Information
1. General. A financial institution is not required to limit the
access of an employee or officer who is involved in making
determinations concerning a covered application from a small business
if the financial institution determines that the particular employee or
officer should have access to the information collected pursuant to
Sec. 1002.107(a)(18) or (19), and the financial institution provides
the notice required by Sec. 1002.108(d). A financial institution is
not required to perform a separate analysis of the feasibility of
maintaining a firewall. A determination that an employee or officer
should have access means that it is not feasible to maintain a firewall
as to that particular employee or officer, and the exception applies to
that employee or officer if the financial institution provides the
notice required by Sec. 1002.108(d). However, the fact that a
financial institution has made a determination that an employee or
officer should have access does not mean that the financial institution
can permit other employees and officers who are involved in making
determinations concerning a covered application to have access to the
information collected pursuant to Sec. 1002.107(a)(18) and (19). A
financial institution may only permit an employee or officer who is
involved in making a determination concerning a covered application to
have access to information collected pursuant to Sec. 1002.107(a)(18)
and (19) if it has determined that employee or officer or a group of
which the employee or officer is a member should have access to the
information.
2. Applying the exception to a specific employee or officer or
group of similarly situated employees or officers. The exception
applies to an employee or officer if the financial institution
determines that the employee or officer should have access to the
information collected pursuant to Sec. 1002.107(a)(18) or (19), and
the financial institution provides the notice required by Sec.
1002.108(d). A financial institution can also determine that several
employees and officers should have access, that all of a group of
similarly situated employees or officers should have access, and that
multiple groups of similarly situated employees or officers should have
access to information collected pursuant to Sec. 1002.107(a)(18) or
(19). See also comment 108(a)-2. For example, a financial institution
could determine that all its small business loan officers, small
business loan processors, compliance officers, and legal officers
should have access. If the financial institution provides the notice
required in Sec. 1002.108(d), the financial institution may permit all
of its small business loan officers, small business loan processors,
compliance officers, and legal officers to have access. However, the
financial institution cannot permit other employees and officers to
have access simply because it has determined that the small business
loan officers, loan processors, compliance officers, and legal officers
should have access. For example, in this case, the financial
institution may not permit its underwriters or chief executive officer
to have access to the information collected from the applicant pursuant
to Sec. 1002.107(a)(18) or (19) if they are involved in making any
determination concerning a covered application, unless the financial
institution also determines that they should have access. This would be
true even if the chief executive officer or underwriter had some of the
same assigned duties as a loan officer, such as being a member of a
credit committee, but has not been assigned the task(s) that may
require access to one or more applicants' responses to the financial
institution's inquiries under Sec. 1002.107(a)(18) or (19). If the
financial institution separately determines that underwriters and the
chief executive officer should have access, then the underwriters and
chief executive officer may also have access.
108(d) Notice
1. General. If a financial institution determines that one or more
employees or officers should have access pursuant to Sec. 1002.108(c),
the financial institution must provide the required notice to, at
[[Page 35564]]
a minimum, the applicant or applicants whose responses will be accessed
by an employee or officer involved in making determinations concerning
the applicant's or applicants' covered applications. Alternatively, a
financial institution may also provide the required notice to
applicants whose responses will not or might not be accessed. For
example, a financial institution could provide the notice to all
applicants for covered credit transactions or all applicants for a
specific type of product.
2. Content of the required notice. The notice must inform the
applicant that one or more employees and officers involved in making
determinations concerning the applicant's covered application may have
access to the applicant's responses regarding the applicant's minority-
owned business status, women-owned business status, LGBTQI+-owned
business status, and its principal owners' ethnicity, race, and sex.
See the sample data collection form in appendix E to this part for
sample language for providing this notice to applicants. If a financial
institution establishes and maintains a firewall and chooses to use the
sample data collection form, the financial institution can delete this
sample language from the form.
3. Timing for providing the notice. If the financial institution is
providing the notice orally, it must provide the notice required by
Sec. 1002.108(d) prior to asking the applicant if it is a minority-
owned business, women-owned business, or LGBTQI+-owned business and
prior to asking for a principal owner's ethnicity, race, or sex. If the
notice is provided on the same paper or electronic data collection form
as the inquiries about minority-owned business status, women-owned
business status, LGBTQI+-owned business status and the principal
owners' ethnicity, race, or sex, the notice must appear before the
inquiries. If the notice is provided in an electronic or paper document
that is separate from the data collection form, the notice must be
provided at the same time as the data collection form or prior to
providing the data collection form. Additionally, the notice must be
provided with the non-discrimination notices required pursuant to Sec.
1002.107(a)(18) and (19). See appendix E for sample language.
Section 1002.109--Reporting of Data to the Bureau
109(a) Reporting to the Bureau
109(a)(2) Reporting by Subsidiaries
1. Subsidiaries. A covered financial institution is considered a
subsidiary of another covered financial institution for purposes of
reporting data pursuant to Sec. 1002.109 if more than 50 percent of
the ownership or control of the first covered financial institution is
held by the second covered financial institution.
109(a)(3) Reporting Obligations Where Multiple Financial Institutions
Are Involved in a Covered Credit Transaction
1. General. The following clarifies how to report applications
involving more than one financial institution. The discussion below
assumes that all parties involved with the covered credit transaction
are covered financial institutions. However, the same principles apply
if any party is not a covered financial institution.
i. A financial institution shall report the action that it takes on
a covered application, whether or not the covered credit transaction
closed in the financial institution's name and even if the financial
institution used underwriting criteria supplied by another financial
institution. However, where it is necessary for more than one financial
institution to make a credit decision in order to approve a single
covered credit transaction, only the last financial institution with
authority to set the material terms of the covered credit transaction
is required to report. Setting the material terms of the covered credit
transaction include, for example, selecting among competing offers, or
modifying pricing information, amount approved or originated, or
repayment duration. In this situation, the determinative factor is not
which financial institution actually made the last credit decision
prior to closing, but rather which financial institution last had the
authority for setting the material terms of the covered credit
transaction prior to closing. Whether a financial institution has taken
action for purposes of Sec. 1002.109(a)(3) and comment 109(a)(3)-1 is
not relevant to, and is not intended to repeal, abrogate, annul,
impair, or interfere with, section 701(d) (15 U.S.C. 1691(d)) of the
Act, Sec. 1002.9, or any other provision within subpart A of this
Regulation.
ii. A financial institution takes action on a covered application
for purposes of Sec. 1002.109(a)(3) if it denies the application,
originates the application, approves the application but the applicant
did not accept the transaction, or closes the file or denies for
incompleteness. The financial institution must also report the
application if it was withdrawn. For reporting purposes, it is not
relevant whether the financial institution receives the application
directly from the applicant or indirectly through another party, such
as a broker, or (except as otherwise provided in comment 109(a)(3)-1.i)
whether another financial institution also reviews and reports an
action taken on a covered application involving the same credit
transaction.
iii. Where it is necessary for more than one financial institution
to make a credit decision in order to approve a single covered credit
transaction and where more than one financial institution denies the
application or otherwise does not approve the application, the
reporting financial institution (the last financial institution with
authority to set the material terms of the covered credit transaction)
shall have a consistent procedure for determining how it reports
inconsistent or differing data points for purposes of subpart B. For
example, Financial Institution A is the reporting entity because it has
the last authority to set the material credit terms. Financial
Institution A sends the application to Financial Institution B and
Financial Institution C for review, but both Financial Institution B
and Financial Institution C deny the application, with different denial
reasons. Based on these denials, Financial Institution A follows suit
and denies the application. Financial Institution A must have a
consistent procedure for what denial reason(s) to report, such as
reporting the denial reason(s) from the first financial institution
that denied the covered application.
2. Examples. The following scenarios illustrate how a financial
institution reports a particular covered application. The illustrations
assume that all parties involved with the covered credit transaction
are covered financial institutions. However, the same principles apply
if any party is not a covered financial institution. Examples i through
iv involve a single financial institution with responsibility for
making a credit decision without the involvement of an intermediary.
Example v describes a financial institution intermediary with only
passive involvement in the covered credit transaction. Example vi
describes a transaction where multiple financial institutions
independently decision and take action on a covered application.
Examples vii and viii describe situations where more than one financial
institution must make a credit decision in order to approve the covered
credit transaction. Examples ix and x describe situations involving
pooled and participation interests.
i. Financial Institution A received a covered application from an
applicant
[[Page 35565]]
and approved the application before closing the covered credit
transaction in its name. Financial Institution A was not acting as
Financial Institution B's agent. Financial Institution B later
purchased the covered credit transaction from Financial Institution A.
Financial Institution A was not acting as Financial Institution B's
agent. Financial Institution A reports the application. Financial
Institution B has no reporting obligation for this transaction.
ii. Financial Institution A received a covered application from an
applicant. If approved, the covered credit transaction would have
closed in Financial Institution B's name. Financial Institution A
denied the application without sending it to Financial Institution B
for approval. Financial Institution A was not acting as Financial
Institution B's agent. Since Financial Institution A took action on the
application, Financial Institution A reports the application as denied.
Financial Institution B does not report the application.
iii. Financial Institution A reviewed a covered application and
made a credit decision to approve it using the underwriting criteria
provided by a Financial Institution B. Financial Institution B did not
review the application and did not make a credit decision prior to
closing. Financial Institution A was not acting as Financial
Institution B's agent. Financial Institution A reports the application.
Financial Institution B has no reporting obligation for this
application.
iv. Financial Institution A reviewed and made the credit decision
on a covered application based on the criteria of a third-party insurer
or guarantor (for example, a government or private insurer or
guarantor). Financial Institution A reports the action taken on the
application.
v. Financial Institution A received a covered application from an
applicant and forwarded that application to Financial Institution B.
Financial Institution B reviewed the application and made a credit
decision approving the application prior to closing. The covered credit
transaction closed in Financial Institution A's name. Financial
Institution B purchased the covered credit transaction from Financial
Institution A after closing. Financial Institution B was not acting as
Financial Institution A's agent. Since Financial Institution B made the
credit decision prior to closing, and Financial Institution A's
approval was not necessary for the credit transaction, Financial
Institution B reports the origination. Financial Institution A does not
report the application. Assume the same facts, except that Financial
Institution B reviewed the application before the covered credit
transaction would have closed, but Financial Institution B denied the
application. Financial Institution B reports the application as denied.
Financial Institution A does not report the application because it did
not take an action on the application. If, under the same facts, the
application was withdrawn before Financial Institution B made a credit
decision, Financial Institution B would report the application as
withdrawn and Financial Institution A would not report the application
for the same reason.
vi. Financial Institution A received a covered application and
forwarded it to Financial Institutions B and C. Financial Institution A
made a credit decision, acting as Financial Institution D's agent, and
approved the application. Financial Institutions B and C are not
working together with Financial Institutions A or D, or with each
other, and are solely responsible for setting the terms of their own
credit transactions. Financial Institution B made a credit decision
approving the application, and Financial Institution C made a credit
decision denying the application. The applicant did not accept the
covered credit transaction from Financial Institution D. Financial
Institution D reports the application as approved but not accepted.
Financial Institution A does not report the application, because it was
acting as Financial Institution D's agent. The applicant accepted the
offer of credit from Financial Institution B, and credit was extended.
Financial Institution B reports the application as originated.
Financial Institution C reports the application as denied.
vii. Financial Institution A received a covered application and
made a credit decision to approve it using the underwriting criteria
provided by Financial Institution B. Financial Institution A was not
acting as Financial Institution B's agent. Financial Institution A
forwarded the application to Financial Institution B. Financial
Institution B reviewed the application and made a credit decision
approving the application prior to closing. Financial Institution A
makes a credit decision on the application and modifies the credit
terms (the interest rate and repayment term) offered by Financial
Institution B. The covered credit transaction reflecting the modified
terms closes in Financial Institution A's name. Financial Institution B
purchases the covered credit transaction from Financial Institution A
after closing. As the last financial institution with the authority for
setting the material terms of the covered credit transaction, Financial
Institution A reports the application as originated. Financial
Institution B does not report the origination because it was not the
last financial institution with the authority to set the material terms
on the application. If, under the same facts, Financial Institution A
did not modify the credit terms offered by Financial Institution B,
Financial Institution A still reports the application as originated
because it was still the last financial institution with the authority
for setting the material terms, even if it chose not to so do in a
particular instance. Financial Institution B does not report the
origination.
viii. Financial Institution A received a covered application and
forwarded it to Financial Institutions B, C, and D. Financial
Institution A was not acting as anyone's agent. Financial Institution B
and C reviewed the application and made a credit decision approving the
application and Financial Institution D reviewed the application and
made a credit decision denying the application. Prior to closing,
Financial Institution A makes a credit decision on the application by
deciding to offer to the applicant the credit terms offered by
Financial Institution B and does not convey to the applicant the credit
terms offered by Financial Institution C. The applicant does not accept
the covered credit transaction. As the last financial institution with
the authority for setting the material terms of the covered credit
transaction, Financial Institution A reports the application as
approved but not accepted. Financial Institutions B, C, and D do not
report the application because they were not the last financial
institution with the authority for setting the material terms of the
covered credit transaction. Assume the same facts, except the applicant
accepts the terms of the covered credit transaction from Financial
Institution B as offered by Financial Institution A. The covered credit
transaction closes in Financial Institution A's name. Financial
Institution B purchases the transaction after closing. Here, Financial
Institution A reports the application as originated. Financial
Institutions B, C, and D do not report the application because they
were not the last financial institution responsible for setting the
material terms of the covered credit transaction.
ix. Financial Institution A receives a covered application and
approves it, and then Financial Institution A elects to organize a loan
participation agreement where Financial Institutions B and C agree to
purchase a partial interest in the covered credit
[[Page 35566]]
transaction. Financial Institution A reports the application. Financial
Institutions B and C have no reporting obligation for this application.
x. Financial Institution A purchases an interest in a pool of
covered credit transactions, such as credit-backed securities or real
estate investment conduits. Financial Institution A does not report
this purchase.
3. Agents. If a covered financial institution takes action on a
covered application through its agent, the financial institution
reports the application. For example, acting as Financial Institution
A's agent, Financial Institution B approved an application prior to
closing and a covered credit transaction was originated. Financial
Institution A reports the covered credit transaction as an origination.
State law determines whether one party is the agent of another.
109(b) Financial Institution Identifying Information
1. Changes to financial institution identifying information. If a
financial institution's information required pursuant to Sec.
1002.109(b) changes, the financial institution shall provide the new
information with the data submission for the collection year of the
change. For example, assume two financial institutions that previously
reported data under subpart B of this part merge and the surviving
institution retained its Legal Entity Identifier but obtained a new TIN
in February 2026. The surviving institution must report the new TIN
with its data submission for its 2026 data (which is due by June 1,
2027) pursuant to Sec. 1002.109(b)(5). Likewise, if that financial
institution's Federal prudential regulator changes in February 2026 as
a result of the merger, it must identify its new Federal prudential
regulator in its annual submission for its 2026 data.
Paragraph 109(b)(4)
1. Federal prudential regulator. For purposes of Sec.
1002.109(b)(4), Federal prudential regulator means, if applicable, the
Federal prudential regulator for a financial institution that is a
depository institution as determined pursuant to section 3q of the
Federal Deposit Insurance Act (12 U.S.C. 1813(q)), including the Office
of the Comptroller of the Currency, the Federal Deposit Insurance
Corporation, or the Board of Governors of the Federal Reserve System;
or the National Credit Union Administration Board for financial
institutions that are Federal credit unions.
Paragraph 109(b)(6)
1. Legal Entity Identifier (LEI). A Legal Entity Identifier is a
utility endorsed by the LEI Regulatory oversight committee, or a
utility endorsed or otherwise governed by the Global LEI Foundation
(GLEIF) (or any successor of the GLEIF) after the GLEIF assumes
operational governance of the global LEI system. A financial
institution complies with Sec. 1002.109(b)(6) by reporting its current
LEI number. A financial institution that does not currently possess an
LEI number must obtain an LEI number, and has an ongoing obligation to
maintain the LEI number. The GLEIF website provides a list of LEI
issuing organizations. A financial institution may obtain an LEI, for
purposes of complying with Sec. 1002.109(b)(6), from any one of the
issuing organizations listed on the GLEIF website.
Paragraph 109(b)(7)
1. RSSD ID number. The RSSD ID is a unique identifying number
assigned to institutions, including main offices and branches, by the
Board of Governors of the Federal Reserve System. A financial
institution's RSSD ID may be found on the website of the National
Information Center, which provides comprehensive financial and
structure information on banks and other institutions for which the
Federal Reserve Board has a supervisory, regulatory, or research
interest including both domestic and foreign banking organizations that
operate in the United States. If a financial institution does not have
an RSSD ID, it reports that this information is not applicable.
Paragraph 109(b)(8)
1. Immediate parent entity. An entity is the immediate parent of a
financial institution for purposes of Sec. 1002.109(b)(8)(i) through
(iii) if it is a separate entity that directly owns more than 50
percent of the financial institution.
2. Top-holding parent entity. An entity is the top-holding parent
of a financial institution for purposes of Sec. 1002.109(b)(8)(iv)
through (vi) if it ultimately owns more than 50 percent of the
financial institution, and the entity itself is not controlled by any
other entity. If the immediate parent entity and the top-holding parent
entity are the same, the financial institution reports that Sec.
1002.109(b)(8)(iv) through (vi) are not applicable.
3. LEI. For purposes of Sec. 1002.109(b)(8)(ii) and (v), a
financial institution shall report the LEI of a parent entity if the
parent entity has an LEI number. If a financial institution's parent
entity does not have an LEI, the financial institution reports that
this information is not applicable.
4. RSSD ID numbers. For purposes of Sec. 1002.109(b)(8)(iii) and
Sec. 1002.109(b)(8)(vi), a financial institution shall report the RSSD
ID number of a parent entity if the entity has an RSSD ID number. If a
financial institution's parent entity does not have an RSSD ID, the
financial institution reports that this information is not applicable.
Paragraph 109(b)(9)
1. Type of financial institution. A financial institution complies
with Sec. 1002.109(b)(9) by selecting the applicable type or types of
financial institution from the list below. A financial institution
shall select all applicable types.
i. Bank or savings association.
ii. Minority depository institution.
iii. Credit union.
iv. Nondepository institution.
v. Community development financial institution (CDFI).
vi. Other nonprofit financial institution.
vii. Farm Credit System institution.
viii. Government lender.
ix. Commercial finance company.
x. Equipment finance company.
xi. Industrial loan company.
xii. Online lender.
xiii. Other.
2. Use of ``other'' for type of financial institution. A financial
institution reports type of financial institution as ``other'' where
none of the enumerated types of financial institution appropriately
describe the applicable type of financial institution, and the
institution reports the type of financial institution via free-form
text field. A financial institution that selects at least one type from
the list is permitted, but not required, to also report ``other'' (with
appropriate free-form text) if there is an additional aspect of its
business that is not one of the enumerated types set out in comment
109(b)(9)-1.
3. Additional types of financial institution. The Bureau may add
additional types of financial institutions via the Filing Instructions
Guide and related materials. Refer to the Filing Instructions Guide for
any updates for each reporting year.
Paragraph 109(b)(10)
1. Financial institutions that voluntarily report covered
applications under subpart B of this part. A financial institution that
is not a covered financial institution pursuant to Sec. 1002.105(b)
but that elects to voluntarily compile, maintain, and
[[Page 35567]]
report data under Sec. Sec. 1002.107 through 1002.109 (see comment
105(b)-10) complies with Sec. 1002.109(b)(10) by selecting ``voluntary
reporter.''
Section 1002.110--Publication of Data and Other Disclosures
110(c) Statement of Financial Institution's Small Business Lending Data
Available on the Bureau's Website
1. Statement. A financial institution shall provide the statement
required by Sec. 1002.110(c) using the following, or substantially
similar, language:
Small Business Lending Data Notice
Data about our small business lending are available online for
review at the Consumer Financial Protection Bureau's (CFPB's) website
at https://www.consumerfinance.gov/data-research/small-business-lending/. The data show the geographic distribution of our small
business lending applications; information about our loan approvals and
denials; and demographic information about the principal owners of our
small business applicants. The CFPB may delete or modify portions of
our data prior to posting it if doing so would advance a privacy
interest. Small business lending data for many other financial
institutions are also available at this website.
2. Website. A financial institution without a website complies with
Sec. 1002.110(c) by making a written statement using the language in
comment 110(c)-1, or substantially similar language, available upon
request.
3. Revised location for publicly available data. The Bureau may
modify the location specified in comment 110(c)-1 at which small
business lending data are available via the Filing Instructions Guide
and related materials. Refer to the Filing Instructions Guide for any
updates for each reporting year.
Section 1002.111--Recordkeeping
111(a) Record Retention
1. Evidence of compliance. Section 1002.111(a) requires a financial
institution to retain evidence of compliance with subpart B of this
part for at least three years after its small business lending
application register is required to be submitted to the Bureau pursuant
to Sec. 1002.109. In addition to the financial institution's small
business lending application register, such evidence of compliance is
likely to include, but is not limited to, the applications for credit
from which information in the register is drawn, as well as the files
or documents that, under Sec. 1002.111(b), are kept separate from the
applications for credit. This three-year record retention requirement
applies to any records covered by Sec. 1002.111(a), notwithstanding
the more general 12-month retention period for records related to
business credit specified in Sec. 1002.12(b).
2. Record retention for creditors under Sec. 1002.5(a)(4)(vii) and
(viii). A creditor that is voluntarily, under Sec. 1002.5(a)(4)(vii)
and (viii), collecting information pursuant to subpart B of this part
complies with Sec. 1002.111(a) by retaining evidence of compliance
with subpart B for at least three years after June 1 of the year
following the year that data was collected.
111(b) Certain Information Kept Separate From the Rest of the
Application
1. Separate from the application. A financial institution may
satisfy the requirement in Sec. 1002.111(b) by keeping an applicant's
responses to the financial institution's request pursuant to Sec.
1002.107(a)(18) and (19) in a file or document that is discrete or
distinct from the application and its accompanying information. For
example, such information could be collected on a piece of paper that
is separate from the rest of the application form. In order to satisfy
the requirement in Sec. 1002.111(b), an applicant's responses to the
financial institution's request pursuant to Sec. 1002.107(a)(18) and
(19) need not be maintained in a separate electronic system, nor need
they be removed from the physical files containing the application so
long as there is some separation between the demographic information
and the rest of the application and its accompanying information.
However, the financial institution may nonetheless need to keep this
information in a different electronic or physical file in order to
satisfy the prohibition in Sec. 1002.108(b).
2. Number of principal owners. A financial institution is permitted
to maintain information regarding the applicant's number of principal
owners pursuant to Sec. 1002.107(a)(20) with an applicant's responses
to the financial institution's request pursuant to Sec.
1002.107(a)(18) and (19).
111(c) Limitation on Personally Identifiable Information in Certain
Records Retained Under This Section
1. Small business lending application register. The prohibition in
Sec. 1002.111(c) applies to data in the small business lending
application register submitted by the financial institution to the
Bureau under Sec. 1002.109, the version of the register that the
financial institution maintains under Sec. 1002.111(a), and the
separate record of certain information created pursuant to Sec.
1002.111(b).
2. Examples. Section 1002.111(c) prohibits a financial institution
from including any name, specific address (other than the census tract
required under Sec. 1002.107(a)(13)), telephone number, or email
address of any individual who is, or is connected with, an applicant in
the small business lending application register it reports pursuant to
Sec. 1002.109, in the copy of the register the financial institution
retains under Sec. 1002.111(a), and in the records of certain
information it must retain separately from the application pursuant to
Sec. 1002.111(b). It likewise prohibits a financial institution from
including any other personally identifiable information concerning any
individual who is, or is connected with, an applicant, except as
required pursuant to Sec. 1002.107 or Sec. 1002.111(b). Examples of
such personally identifiable information that a financial institution
may not include in its small business lending application register
include, but are not limited to, the following: date of birth, Social
Security number, official government-issued driver's license or
identification number, alien registration number, government passport
number, or employer or taxpayer identification number.
3. Other records. The prohibition in Sec. 1002.111(c) does not
extend to an application for credit, or any other records that the
financial institution maintains that are not specifically enumerated in
Sec. 1002.111(c).
4. Name and business contact information for submission. The
prohibition in Sec. 1002.111(c) does not bar financial institutions
from providing to the Bureau, pursuant to Sec. 1002.109(b)(3), the
name and business contact information of the person who may be
contacted by the Bureau or other regulators with questions about the
financial institution's submission under Sec. 1002.109.
Section 1002.112--Enforcement
112(b) Bona Fide Errors
1. Tolerances for bona fide errors. Section 1002.112(b) provides
that a financial institution is presumed to maintain procedures
reasonably adapted to avoid errors with respect to a given data field
if the number of errors found in a random sample of the financial
institution's data submission for the data field does not equal or
exceed a threshold specified by the Bureau for this purpose. The
Bureau's thresholds
[[Page 35568]]
appear in column C of the table in appendix F. The size of the random
sample, set out in column B, shall depend on the size of the financial
institution's small business lending application register, as shown in
column A of the table in appendix F. A financial institution has not
maintained procedures reasonably adapted to avoid errors if either
there is a reasonable basis to believe the error was intentional or
there is evidence that the financial institution has not maintained
procedures reasonably adapted to avoid errors.
2. Tolerances and data fields. For purposes of determining whether
an error is bona fide under Sec. 1002.112(b), the term ``data field''
generally refers to individual fields. All required data fields, and
valid response options for those fields, are set forth in the Bureau's
Filing Instructions Guide, available at https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/. Some data fields may allow for more than one
response. For example, with respect to information on the ethnicity and
race of an applicant's principal owner, a data field may identify more
than one race or ethnicity. If there are one or more errors within an
ethnicity data field, or within a race data field, for a particular
principal owner, they would count as one (and only one) error for that
data field. For instance, in the ethnicity data field, if an applicant
indicates that one of its principal owners is Cuban, but the financial
institution reports that the principal owner is Mexican and Puerto
Rican, the financial institution has made one error in the ethnicity
data field for that principal owner. For purposes of the error
threshold table in appendix F, the financial institution is deemed to
have made one error, not two.
3. Tolerances and safe harbors. An error that meets the criteria
for one of the four safe harbor provisions in Sec. 1002.112(c) is not
counted as an error for purposes of determining whether a financial
institution has exceeded the relevant error threshold in appendix F for
a given data field.
112(c) Safe Harbors
1. Information from a Federal agency--census tract. Section
1002.112(c)(2) provides that an incorrect entry for census tract is not
a violation of the Act or subpart B of this part, if the financial
institution obtained the census tract using a geocoding tool provided
by the FFIEC or the Bureau. However, this safe harbor provision does
not extend to a financial institution's failure to provide the correct
census tract number for a covered application on its small business
lending application register, as required by Sec. 1002.107(a)(13),
because the FFIEC or Bureau geocoding tool did not return a census
tract for the address provided by the financial institution. In
addition, this safe harbor provision does not extend to a census tract
error that results from a financial institution entering an inaccurate
address into the FFIEC or Bureau geocoding tool.
2. Applicability of NAICS code safe harbor. The safe harbor in
Sec. 1002.112(c)(3) applies to an incorrect entry for the 3-digit
NAICS code that financial institutions must collect and report pursuant
to Sec. 1002.107(a)(15), provided certain conditions are met. For
purposes of Sec. 1002.112(c)(3)(i), a financial institution is
permitted to rely on statements made by the applicant, information
provided by the applicant, or on other information obtained through its
use of appropriate third-party sources, including business information
products. See also comments 107(a)(15)-4 and 107(b)-1.
3. Incorrect determination of small business status, covered credit
transaction, or covered application--examples. Section 1002.112(c)(4)
provides a safe harbor from violations of the Act or this regulation
for a financial institution that initially collects data under Sec.
1002.107(a)(18) and (19) regarding whether an applicant for a covered
credit transaction is a minority-owned, a women-owned, or LGBTQI+-owned
business, and the ethnicity, race, and sex of the applicant's principal
owners, but later concludes that it should not have collected this
data, if certain conditions are met. Specifically, to qualify for this
safe harbor, Sec. 1002.112(c)(4) requires that the financial
institution have had a reasonable basis at the time it collected data
under Sec. 1002.107(a)(18) and (19) for believing that the application
was a covered application for a covered credit transaction from a small
business pursuant to Sec. Sec. 1002.103, 1002.104, and 1002.106,
respectively. For example, Financial Institution A collected data under
Sec. 1002.107(a)(18) and (19) from an applicant for a covered credit
transaction that had self-reported its gross annual revenue as $4.8
million. Sometime after Financial Institution A had collected this data
from the applicant, the financial institution reviewed the applicant's
tax returns, which indicated the applicant's gross annual revenue was
in fact $5.2 million. Financial Institution A is permitted to rely on
representations made by the applicant regarding gross annual revenue in
determining whether an applicant is a small business (see Sec.
1002.107(b) and comments 106(b)(1)-3 and 107(a)(14)-1). Thus, Financial
Institution A may have had a reasonable basis to believe, at the time
it collected data under Sec. 1002.107(a)(18) and (19), that the
applicant was a small business pursuant to Sec. 1002.106, in which
case Financial Institution A's collection of such data would not
violate the Act or this regulation.
Section 1002.114--Effective Date, Compliance Date, and Special
Transition Rules
114(b) Compliance Date
1. Application of compliance date. The applicable compliance date
in Sec. 1002.114(b) is the date by which the covered financial
institution must begin to compile data as specified in Sec. 1002.107,
comply with the firewall requirements of Sec. 1002.108, and begin to
maintain records as specified in Sec. 1002.111. In addition, the
covered financial institution must comply with Sec. 1002.110(c) and
(d) no later than June 1 of the year after the applicable compliance
date. For instance, if Sec. 1002.114(b)(2) applies to a financial
institution, it must comply with Sec. Sec. 1002.107 and 1002.108, and
portions of Sec. 1002.111, beginning April 1, 2025, and it must comply
with Sec. 1002.110(c) and (d), and portions of Sec. 1002.111, no
later than June 1, 2026.
2. Initial partial year collections pursuant to Sec. 1002.114(b).
i. When the compliance date of October 1, 2024 specified in Sec.
1002.114(b)(1) applies to a covered financial institution, the
financial institution is required to collect data for covered
applications during the period from October 1, 2024 to December 31,
2024. The financial institution must compile data for this period
pursuant to Sec. 1002.107, comply with the firewall requirements of
Sec. 1002.108, and maintain records as specified in Sec. 1002.111. In
addition, for data collected during this period, the covered financial
institution must comply with Sec. Sec. 1002.109 and 1002.110(c) and
(d) by June 1, 2025.
ii. When the compliance date of April 1, 2025 specified in Sec.
1002.114(b)(2) applies to a covered financial institution, the
financial institution is required to collect data for covered
applications during the period from April 1, 2025 to December 31, 2025.
The financial institution must compile data for this period pursuant to
Sec. 1002.107, comply with the firewall requirements of Sec.
1002.108, and maintain records as specified in Sec. 1002.111. In
addition, for data collected during this period, the covered financial
institution must
[[Page 35569]]
comply with Sec. Sec. 1002.109 and 1002.110(c) and (d) by June 1,
2026.
3. Informal names for compliance date provisions. To facilitate
discussion of the compliance dates specified in Sec. 1002.114(b)(1),
(2), and (3), in the official commentary and any other documents
referring to these compliance dates, the Bureau adopts the following
informal simplified names. Tier 1 refers to the cohort of covered
financial institutions that have a compliance date of October 1, 2024
pursuant to Sec. 1002.114(b)(1). Tier 2 refers to the cohort of
covered financial institutions that have a compliance date of April 1,
2025 pursuant to Sec. 1002.114(b)(2). Tier 3 refers to the cohort of
covered financial institutions that have a compliance date of January
1, 2026 pursuant to Sec. 1002.114(b)(3).
4. Examples. The following scenarios illustrate how to determine
whether a financial institution is a covered financial institution and
which compliance date specified in Sec. 1002.114(b) applies.
i. Financial Institution A originated 3,000 covered credit
transactions for small businesses in calendar year 2022, and 3,000 in
calendar year 2023. Financial Institution A is in Tier 1 and has a
compliance date of October 1, 2024.
ii. Financial Institution B originated 2,000 covered credit
transactions for small businesses in calendar year 2022, and 3,000 in
calendar year 2023. Because Financial Institution B did not originate
at least 2,500 covered credit transactions for small businesses in each
of 2022 and 2023, it is not in Tier 1. Because Financial Institution B
did originate at least 500 covered credit transactions for small
businesses in each of 2022 and 2023, it is in Tier 2 and has a
compliance date of April 1, 2025.
iii. Financial Institution C originated 400 covered credit
transactions to small businesses in calendar year 2022, and 1,000 in
calendar year 2023. Because Financial Institution C did not originate
at least 2,500 covered credit transactions for small businesses in each
of 2022 and 2023, it is not in Tier 1, and because it did not originate
at least 500 covered credit transactions for small businesses in each
of 2022 and 2023, it is not in Tier 2. Because Financial Institution C
did originate at least 100 covered credit transactions for small
businesses in each of 2022 and 2023, it is in Tier 3 and has a
compliance date of January 1, 2026.
iv. Financial Institution D originated 90 covered credit
transactions to small businesses in calendar year 2022, 120 in calendar
year 2023, and 90 in both of the calendar years 2024 and 2025. Because
Financial Institution D did not originate at least 100 covered credit
transactions for small businesses in each of 2022 and 2023, it is not
in Tier 1, Tier 2, or Tier 3. Because Financial Institution D did not
originate at least 100 covered credit transactions for small businesses
in subsequent consecutive calendar years, it is not a covered financial
institution under Sec. 1002.105(b) and is not required to comply with
the rule in 2024, 2025, or 2026.
v. Financial Institution E originated 120 covered credit
transactions for small businesses in each of calendar years 2022, 2023,
and 2024, and 90 in 2025. Because Financial Institution E did not
originate at least 2,500 or 500 covered credit transactions for small
businesses in each of 2022 and 2023, it is not in Tier 1 or Tier 2.
Because Financial Institution E originated at least 100 covered credit
transactions for small businesses in each of 2022 and 2023, it is in
Tier 3 and has a compliance date of January 1, 2026. However, because
Financial Institution E did not originate at least 100 covered credit
transactions for small businesses in each of 2024 and 2025, it no
longer satisfies the definition of a covered financial institution in
Sec. 1002.105(b) at the time of the compliance date for Tier 3
institutions and thus is not required to comply with the rule in 2026.
vi. Financial Institution F originated 90 covered credit
transactions for small businesses in calendar year 2022, and 120 in
2023, 2024, and 2025. Because Financial Institution F did not originate
at least 100 covered credit transactions for small businesses in each
of 2022 and 2023, it is not in Tier 1, Tier 2, or Tier 3. Because
Financial Institution F originated at least 100 covered credit
transactions for small businesses in subsequent calendar years, Sec.
1002.114(b)(4), which cross-references Sec. 1002.105(b), applies to
Financial Institution F. Because Financial Institution F originated at
least 100 covered credit transactions for small businesses in each of
2024 and 2025, it is a covered financial institution under Sec.
1002.105(b) and is required to comply with the rule beginning January
1, 2026.
vii. Financial Institution G originated 90 covered credit
transactions for small businesses in each of calendar years 2022, 2023,
2024, and 2025, and 120 in each of 2026 and 2027. Because Financial
Institution F did not originate at least 100 covered credit
transactions for small businesses in each of 2022 and 2023, it is not
in Tier 1, Tier 2, or Tier 3. Because Financial Institution G
originated at least 100 covered credit transactions for small
businesses in subsequent calendar years, Sec. 1002.114(b)(4), which
cross-references Sec. 1002.105(b), applies to Financial Institution G.
Because Financial Institution G originated at least 100 covered credit
transactions for small businesses in each of 2026 and 2027, it is a
covered financial institution under Sec. 1002.105(b) and is required
to comply with the rule beginning January 1, 2028.
114(c) Special Transition Rules
1. Collection of certain information prior to a financial
institution's compliance date. Notwithstanding Sec. 1002.5(a)(4)(ix),
a financial institution that chooses to collect information on covered
applications as permitted by Sec. 1002.114(c)(1) in the 12 months
prior to its initial compliance date as specified in Sec.
1002.114(b)(1), (2) or (3) need comply only with the requirements set
out in Sec. Sec. 1002.107(a)(18) and (19), 1002.108, and 1002.111(b)
and (c) with respect to the information collected. During this 12-month
period, a covered financial institution need not comply with the
provisions of Sec. 1002.107 (other than Sec. Sec. 1002.107(a)(18) and
(19)), 1002.109, 1002.110, 1002.111(a), or 1002.114.
2. Transition rule for applications received prior to a compliance
date but final action is taken after a compliance date. If a covered
financial institution receives a covered application from a small
business prior to its initial compliance date specified in Sec.
1002.114(b), but takes final action on or after that date, the
financial institution is not required to collect data regarding that
application pursuant to Sec. 1002.107 nor to report the application
pursuant to Sec. 1002.109. For example, if a financial institution is
subject to a compliance date of October 1, 2024, and it receives an
application on September 15, 2024 but does not take final action on the
application until October 5, 2024, the financial institution is not
required to collect data pursuant to Sec. 1002.107 nor to report data
to the Bureau pursuant to Sec. 1002.109 regarding that application.
3. Has readily accessible the information needed to determine small
business status. A financial institution has readily accessible the
information needed to determine whether its originations of covered
credit transactions were for small businesses as defined in Sec.
1002.106 if, for instance, it in the ordinary course of business
collects data on the precise gross annual revenue of the businesses for
which it originates loans, it obtains information sufficient to
determine whether an applicant for business credit had gross annual
revenues of $5 million or less, or if it collects and reports similar
data to
[[Page 35570]]
Federal or State government agencies pursuant to other laws or
regulations.
4. Does not have readily accessible the information needed to
determine small business status. A financial institution does not have
readily accessible the information needed to determine whether its
originations of covered credit transactions were for small businesses
as defined in Sec. 1002.106 if it did not in the ordinary course of
business collect either precise or approximate information on whether
the businesses to which it originated covered credit had gross annual
revenue of $5 million or less. In addition, even if precise or
approximate information on gross annual revenue was initially
collected, a financial institution does not have readily accessible
this information if, to retrieve this information, for example, it must
review paper loan files, recall such information from either archived
paper records or scanned records in digital archives, or obtain such
information from third parties that initially obtained this information
but did not transmit such information to the financial institution.
5. Reasonable method to estimate the number of originations. The
reasonable methods that financial institutions may use to estimate
originations for 2022 and 2023 include, but are not limited to, the
following:
i. A financial institution may comply with Sec. 1002.114(c)(2) by
determining the small business status of covered credit transactions by
asking every applicant, prior to the closing of approved transactions,
to self-report whether it had gross annual revenue for its preceding
fiscal year of $5 million or less, during the period October 1 through
December 31, 2023. The financial institution may annualize the number
of covered credit transactions it originates to small businesses from
October 1 through December 31, 2023 by quadrupling the originations for
this period, and apply the annualized number of originations to both
calendar years 2022 and 2023.
ii. A financial institution may comply with Sec. 1002.114(c)(2) by
assuming that every covered credit transaction it originates for
business customers in calendar years 2022 and 2023 is to a small
business.
iii. A financial institution may comply with Sec. 1002.114(c)(2)
by using another methodology provided that such methodology is
reasonable and documented in writing.
6. Examples. The following scenarios illustrate the potential
application of Sec. 1002.114(c)(2) to a financial institution's
compliance date under Sec. 1002.114(b).
i. Prior to October 1, 2023, Financial Institution A did not
collect gross annual revenue or other information that would allow it
to determine the small business status of the businesses for whom it
originated covered credit transactions in calendar years 2022 and 2023.
Financial Institution A chose to use the methodology set out in comment
114(c)-5.i and as of October 1, 2023 began to collect information on
gross annual revenue as defined in Sec. 1002.107(a)(14) for its
covered credit transactions originated for businesses. Using this
information, Financial Institution A determined that it had originated
750 covered credit transactions for businesses that were small as
defined in Sec. 1002.106. On an annualized basis, Financial
Institution A originated 3,000 covered credit transactions for small
businesses (750 originations * 4 = 3,000 originations per year).
Applying this annualized figure of 3,000 originations to both calendar
years 2022 and 2023, Financial Institution A is in Tier 1 and has a
compliance date of October 1, 2024.
ii. Prior to July 1, 2023, Financial Institution B collected gross
annual revenue information for some applicants for business credit, but
such information was only noted in its paper loan files. Financial
Institution B thus does not have reasonable access to information that
would allow it to determine the small business status of the businesses
for whom it originated covered credit transactions for calendar years
2022 and 2023. Financial Institution B chose to use the methodology set
out in comment 114(c)-5.i, and as of October 1, 2023, Financial
Institution B began to ask all businesses for whom it was closing
covered credit transactions if they had gross annual revenues in the
preceding fiscal year of $5 million or less. Using this information,
Financial Institution B determined that it had originated 350 covered
credit transactions for businesses that were small as defined in Sec.
1002.106. On an annualized basis, Financial Institution B originated
1,400 covered credit transactions for small businesses (350
originations * 4 = 1,400 originations per year). Applying this
estimated figure of 1,400 originations to both calendar years 2022 and
2023, Financial Institution B is in Tier 2 and has a compliance date of
April 1, 2025.
iii. Prior to April 1, 2023, Financial Institution C did not
collect gross annual revenue or other information that would allow it
to determine the small business status of the businesses for whom it
originated covered credit transactions in calendar years 2022 and 2023.
Financial Institution C chose its own methodology pursuant to comment
114(c)-5.iii, basing it in part on the methodology specified in comment
114(c)-5.i. Starting on April 1, 2023, Financial Institution C began to
ask all business applicants for covered credit transactions if they had
gross annual revenue in their preceding fiscal year of $5 million or
less. Using this information, Financial Institution C determined that
it had originated 100 covered credit transactions for businesses that
were small as defined in Sec. 1002.106. On an annualized basis,
Financial Institution C originated approximately 133 covered credit
transactions for small businesses ((100 originations * 365 days)/275
days = 132.73 originations per year). Applying this estimate of 133
originations to both calendar years 2022 and 2023, Financial
Institution C is in Tier 3 and has a compliance date of January 1,
2026.
iv. Financial Institution D did not collect gross annual revenue or
other information that would allow it to determine the small business
status of the businesses for whom it originated covered credit
transactions in calendar years 2022 and 2023. Financial Institution D
determined that it had originated 3,000 total covered credit
transactions for businesses in each of 2022 and 2023. Applying the
methodology specified in comment 114(c)-5.ii, Financial Institution D
assumed that all 3,000 covered credit transactions originated in each
of 2022 and 2023 were to small businesses. On that basis, Financial
Institution D is in Tier 1 and has a compliance date of October 1,
2024.
v. Financial Institution E did not collect gross annual revenue or
other information that would allow it to determine the small business
status of the businesses for whom it originated covered credit
transactions in calendar years 2022 and 2023. Financial Institution E
determined that it had originated 700 total covered credit transactions
for businesses in each of 2022 and 2023. Applying the methodology
specified in comment 114(c)-5.ii, Financial Institution E assumed that
all such transactions in each of 2022 and 2023 were originated for
small businesses. On that basis, Financial Institution E is in Tier 2
and has a compliance date of April 1, 2025.
vi. Financial Institution F did does not have readily accessible
gross annual revenue or other information that would allow it to
determine the small business status of the businesses for whom it
originated covered credit transactions in calendar years 2022 and 2023.
Financial Institution F determined that it had originated 80 total
covered credit transactions for businesses in 2022 and
[[Page 35571]]
150 total covered credit transactions for businesses in 2023. Applying
the methodology set out in comment 114(c)-5.ii, Financial Institution F
assumed that all such transactions originated in 2022 and 2023 were
originated for small businesses. On that basis, Financial Institution E
is not in Tier 1, Tier 2 or Tier 3, and is subject to the compliance
date provision specified in Sec. 1002.114(b)(4).
* * * * *
Rohit Chopra,
Director, Consumer Financial Protection Bureau.
[FR Doc. 2023-07230 Filed 5-30-23; 8:45 am]
BILLING CODE 4810-AM-P