[Federal Register Volume 90, Number 217 (Thursday, November 13, 2025)]
[Proposed Rules]
[Pages 50952-51011]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2025-19865]
[[Page 50951]]
Vol. 90
Thursday,
No. 217
November 13, 2025
Part II
Consumer Financial Protection Bureau
-----------------------------------------------------------------------
12 CFR Part 1002
Small Business Lending Under the Equal Credit Opportunity Act
(Regulation B); Proposed Rule
��Federal Register / Vol. 90 , No. 217 / Thursday, November 13, 2025 /
Proposed Rules��
[[Page 50952]]
-----------------------------------------------------------------------
CONSUMER FINANCIAL PROTECTION BUREAU
12 CFR Part 1002
[Docket No. CFPB-2025-0040]
RIN 3170-AB40
Small Business Lending Under the Equal Credit Opportunity Act
(Regulation B)
AGENCY: Consumer Financial Protection Bureau.
ACTION: Proposed rule; request for public comment.
-----------------------------------------------------------------------
SUMMARY: The Consumer Financial Protection Bureau (CFPB or Bureau)
proposes revisions to certain provisions of Regulation B, subpart B,
implementing changes to the Equal Credit Opportunity Act made by
section 1071 of the Dodd-Frank Wall Street Reform and Consumer
Protection Act. The Bureau is reconsidering coverage of certain credit
transactions and financial institutions; the small business definition;
inclusion of certain data points and how others are collected; and the
compliance date. The CFPB believes these proposed changes would
streamline the rule, reduce complexity for lenders, and improve data
quality, advancing the purposes of section 1071 and complying with
recent executive directives.
DATES: Comments must be received on or before December 15, 2025.
ADDRESSES: You may submit comments, identified by Docket No. CFPB-2025-
0040 or RIN 3170-AB40, by any of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments. A brief summary of
this document will be available at https://www.regulations.gov/docket/CFPB-2025-0040.
Email: [email protected]. Include
Docket No. CFPB-2025-0040 or RIN 3170-AB40 in the subject line of the
message.
Mail/Hand Delivery/Courier: Comment Intake--1071
Reconsideration NPRM, c/o Legal Division Docket Manager, Consumer
Financial Protection Bureau, 1700 G Street NW, Washington, DC 20552.
Instructions: The CFPB encourages the early submission of comments.
All submissions should include the agency name and docket number or
Regulatory Information Number (RIN) for this rulemaking. Because paper
mail is subject to delay, commenters are encouraged to submit comments
electronically. In general, all comments received will be posted
without change to https://www.regulations.gov.
All submissions, including attachments and other supporting
materials, will become part of the public record and subject to public
disclosure. Proprietary information or sensitive personal information,
such as account numbers or Social Security numbers, or names of other
individuals, should not be included. Submissions will not be edited to
remove any identifying or contact information.
FOR FURTHER INFORMATION CONTACT: Dave Gettler, Paralegal Specialist,
Office of Regulations, at 202-435-7700 or https://reginquiries.consumerfinance.gov/. If you require this document in an
alternative electronic format, please contact
[email protected].
SUPPLEMENTARY INFORMATION:
I. Background
In 2010, Congress passed the Dodd-Frank Wall Street Reform and
Consumer Protection Act (Dodd-Frank Act). Section 1071 of that Act \1\
amended the Equal Credit Opportunity Act (ECOA) \2\ to require that
financial institutions collect and report to the CFPB certain data
regarding applications for credit for women-owned, minority-owned, and
small businesses. Section 1071's statutory purposes are to (1)
facilitate enforcement of fair lending laws, and (2) enable
communities, governmental entities, and creditors to identify business
and community development needs and opportunities of women-owned,
minority-owned, and small businesses. Section 1071 directs the CFPB to
prescribe such rules and issue such guidance as may be necessary to
carry out, enforce, and compile data pursuant to section 1071.
---------------------------------------------------------------------------
\1\ Public Law 111-203, tit. X, section 1071, 124 Stat. 1376,
2056 (2010), codified at ECOA section 704B, 15 U.S.C. 1691c-2.
\2\ 15 U.S.C. 1691 et seq.
---------------------------------------------------------------------------
The CFPB worked toward a section 1071 rulemaking for a number of
years and has sought public comment from stakeholders numerous times.
The CFPB held a field hearing on May 10, 2017, and published a request
for information regarding the small business lending market.\3\ On July
22, 2020, the CFPB issued a survey to collect information about
potential one-time costs to financial institutions to prepare to
collect and report data on small business lending.
---------------------------------------------------------------------------
\3\ The CFPB received 17 comments in response to the request for
information. See CFPB, Requests for Information: Small Business
Lending Market, Docket ID CFPB 2017-0011, https://www.regulations.gov/document/CFPB-2017-0011-0001/comment.
---------------------------------------------------------------------------
On September 15, 2020, the CFPB released an Outline of Proposals
Under Consideration and Alternatives Considered pursuant to the Small
Business Regulatory Enforcement Fairness Act of 1996 (SBREFA). On
October 15, 2020, the CFPB convened a Small Business Review Panel for
the section 1071 rulemaking, and the Panel met with small entity
representatives (SERs). The Panel Report, publicly released on December
15, 2020, was the culmination of the SBREFA process for the section
1071 rulemaking and included feedback from SERs and written feedback
from other stakeholders as well.
On October 8, 2021, the CFPB published in the Federal Register a
proposed rule (2021 proposed rule) amending Regulation B to implement
changes to ECOA made by section 1071 of the Dodd-Frank Act.\4\ The
comment period for the proposed rule closed on January 6, 2022.
---------------------------------------------------------------------------
\4\ 86 FR 56356 (Oct. 8, 2021).
---------------------------------------------------------------------------
The CFPB received approximately 2,100 comments on the proposal
during the comment period. Approximately 650 of these comments were
unique, detailed comment letters representing diverse interests. These
commenters included lenders such as banks and credit unions, community
development financial institutions (CDFIs), community development
companies, Farm Credit System (FCS) lenders, online lenders, and
others; national and regional industry trade associations; software
vendors; business advocacy groups; community groups; research,
academic, and other advocacy organizations; Members of Congress;
Federal and State government offices/agencies; small businesses; and
individuals.
On May 31, 2023, the CFPB published a final rule in the Federal
Register to implement section 1071 by adding subpart B to Regulation B
(2023 final rule).\5\ Further details about section 1071, small
business lending market dynamics, and the CFPB's rulemaking process
leading up to the 2023 final rule can be found in the preamble to the
2023 final rule.
---------------------------------------------------------------------------
\5\ 88 FR 35150 (May 31, 2023).
---------------------------------------------------------------------------
On July 3, 2024, the CFPB published in the Federal Register an
interim final rule (2024 interim final rule)\6\ to extend
[[Page 50953]]
the rule's compliance dates in accordance with orders issued by the
United States District Court for the Southern District of Texas.\7\
---------------------------------------------------------------------------
\6\ 89 FR 55024 (July 3, 2024). See also Order Granting-in-Part
& Denying-in-Part Pls.' Mot. for Prelim. Inj., Texas Bankers Ass'n
v. CFPB, No. 7:23-CV-00144 (S.D. Tex. July 31, 2023), https://files.consumerfinance.gov/f/documents/cfpb_pi_order_texas_bankers.pdf; Order Granting Intervenors' Mots.
For Prelim. Inj., Texas Bankers Ass'n v. CFPB, No. 7:23-CV-00144
(S.D. Tex. Oct. 26, 2023), https://files.consumerfinance.gov/f/documents/cfpb_pi_second_order_texas_bankers.pdf; Op. & Order,
Monticello Banking Co. et al. v. CFPB et al., No. 6:23-CV-00148-KKC
(E.D. Ky. Mar. 11, 2025); Op. & Order, Revenue Based Finance
Coalition v. CFPB et al., No. 1:23-CV-24882-DSL (S.D. Fla. May 6,
2025).
\7\ Texas Bankers Ass'n v. CFPB, No. 7:23-CV-00144 (S.D. Tex.
July 31, 2023) https://files.consumerfinance.gov/f/documents/cfpb_pi_order_texas_bankers.pdf.
---------------------------------------------------------------------------
Challenges to the 2023 final rule filed by various plaintiffs
remain ongoing in three jurisdictions; each of those courts stayed the
rule's compliance deadlines for some market participants.\8\ However,
the courts did not stay the compliance dates for those who are not
plaintiffs or intervenors in those cases.
---------------------------------------------------------------------------
\8\ See Unpublished Order, Texas Bankers Ass'n v. CFPB, No. 24-
40705 (5th Cir. Feb. 7, 2025) (tolling the compliance deadlines for
plaintiffs and intervenors in that case, until further order of the
court); Op. & Order, Monticello Banking Co. et al. v. CFPB et al.,
No. 6:23-CV-00148-KKC (E.D. Ky. Mar. 11, 2025) (same).
---------------------------------------------------------------------------
On June 18, 2025, the CFPB published in the Federal Register an
interim final rule (2025 interim final rule) to extend compliance
deadlines by approximately one year\9\ to facilitate consistent
compliance across all covered financial institutions. The CFPB sought
comment on the 2025 interim final rule.
---------------------------------------------------------------------------
\9\ 90 FR 25874 (June 18, 2025).
---------------------------------------------------------------------------
On October 2, 2025, the CFPB published in the Federal Register a
final rule (2025 compliance date final rule) that confirmed its
findings in the 2025 interim final rule and determined upon a review of
comments received that no further substantive changes were
necessary.\10\ The CFPB received 20 comments in response to the 2025
interim final rule. Most commenters addressed the 2025 interim final
rule itself. Other comments addressed provisions of the 2023 final rule
not addressed by the 2025 interim final rule, some of which are
discussed below.
---------------------------------------------------------------------------
\10\ 90 FR 47514 (Oct. 2, 2025).
---------------------------------------------------------------------------
Based on reactions to the 2023 final rule, including continued
feedback from stakeholders and the ongoing litigation, the CFPB now
believes that at the onset of a potentially long-term data collection
regime, it should start with more modest requirements, focusing on core
lending products, lenders, and data. The CFPB preliminarily believes
that that reaction to the 2023 final rule, practically speaking, was in
part based on its expansive approach, appearing to seek broad coverage
of lenders, products, and information collected.\11\ The CFPB does not
believe that alignment with the statutory purposes of section 1071
requires the use of its discretionary authority to collect data with
such a breadth of scope.
---------------------------------------------------------------------------
\11\ The CFPB had considered, in its SBREFA Outline of Proposals
Under Consideration, a rule that was more limited in scope. See
generally CFPB, Final Report of the Small Business Review Panel on
the CFPB's Proposals Under Consideration for the Small Business
Lending Data Collection Rulemaking (Dec. 14, 2020), https://www.consumerfinance.gov/documents/9413/cfpb_1071-sbrefa-report.pdf.
---------------------------------------------------------------------------
The CFPB now believes that the 2023 final rule should have given
more weight to qualitative differences among certain types of lenders
and the likelihood that smaller lenders would face difficulties
addressing the complexity of a rule of broad scope, both of which could
potentially diminish the quality of the data they collect.
The CFPB believes, based on this experience, that a longer-term
approach to advance the statutory purposes of section 1071 would be to
commence the collection of data with a narrower scope to ensure its
quality and to limit, as much as possible, any disturbance of the
provision of credit to small businesses. The statutory purposes of the
rule are not well served by an expansive rule that could create
disruptions in small business lending markets.
Rather, the CFPB now believes that an incremental approach may
better serve the statutory purposes of section 1071 in the long term.
Such an approach would start with core lending products, core
providers, and core data points. This approach would comply with
section 1071 and further its statutory purposes but reduce the rule's
initial impact on small businesses and lenders. Over time, as the CFPB
and financial institutions learn from early iterations of data
collections, the CFPB could consider amending the rule.
The gradual development of data collection under the Home Mortgage
Disclosure Act (HMDA) \12\ and its implementing Regulation C \13\ over
the past 50 years provides precedent for an incremental approach.
Congress passed HMDA in 1975,\14\ and the Board Governors of the
Federal Reserve System (Board) promulgated implementing regulations in
1976, requiring the collection of relatively few data points from
relatively few lenders. At various points, HMDA amendments passed by
Congress, among other things, expanded the breadth of financial
institutions covered, as well as the number of data points collected
from those reporting institutions.\15\ Over time, rulemakings by the
Board and the CFPB implemented these amendments, added and removed data
points, and expanded and contracted the scope of Regulation C.\16\
---------------------------------------------------------------------------
\12\ 12 U.S.C. 2801 et seq.
\13\ 12 CFR part 1003.
\14\ Home Mortgage Disclosure Act of 1975, Public Law 94-200,
section 303(2), 89 Stat. 1124, 1125 (1975).
\15\ Congress amended HMDA in 1980, 1988, 1989, 1992, 1996,
2010, and 2018. See, e.g., Housing and Community Development Act of
1980, Public Law 96-399, section 340(c), 94 Stat. 1614 (1980)
(codified as amended at 12 U.S.C. 2809(a)); Housing and Community
Development Act of 1987, Public Law 100-242, section 565(a)(l), 101
Stat. 1815 (1988) (codified as amended at 12 U.S.C. 2802); Financial
Institution Reform, Recovery, and Enforcement Act, Public Law 101-
73, section 1211(d)-(e), 103 Stat. 183 (1989) (codified as amended
at 12 U.S.C. 2802(2)); Housing and Community Development Act of
1992, H. 5334, Public Law No 102-550, section 932(a)-(b) (1992)
(codified as amended at 12 U.S.C. 2803 (a)-(b)); Omnibus
Consolidated Appropriations Act, 1997, HR 3610, Public Law 104-208,
section 2225, 110 Stat 3009 (1996) (codified as amended at 12 U.S.C.
2808(b)(2)); Dodd-Frank Wall Street Reform and Consumer Protection
Act, Public Law 111-203, section 1094, 124 Stat. 1376 (2010);
Economic Growth, Regulatory Relief, and Consumer Protection Act,
Public Law 115-174, section 104, 132 Stat. 1296 (2018).
\16\ See, e.g., 46 FR 40679 (Aug. 11, 1981); 53 FR 31683 (Aug.
19, 1988); 54 FR 51356 (Dec. 15, 1989); 57 FR 56963 (Dec. 2, 1992);
60 FR 22223 (May 4, 1995); 67 FR 7222 (Feb. 15, 2002); 67 FR 43217
(June 27, 2002); 80 FR 66128 (Oct. 28, 2015); 84 FR 57946 (Oct. 29,
2019); 85 FR 28364, 28367 (May 12, 2020).
---------------------------------------------------------------------------
The CFPB believes that it should approach the section 1071 data
collection regime as a longer-term project akin to HMDA. The CFPB
believes that it is a proper use of its authority under 15 U.S.C.
1691c-2 to reconsider several portions of the 2023 final rule to
commence data collection with a focus on core lending products, core
lenders, and mostly statutory data points. The CFPB believes that this
incrementalist approach--starting with a more modest rule with a
limited set of products, lenders, or data points--will serve the long-
term interests of section 1071.
In addition, on January 20, 2025, the President issued Executive
Order (E.O.) 14168, ``Defending Women From Gender Ideology Extremism
and Restoring Biological Truth to the Federal Government'' (Defending
Women E.O.).\17\ That order, among other things, directs Federal
agencies to remove references and questions discussing gender identity.
The order also identifies a binary of male/female sex, directing
agencies to use those terms when seeking information about an
individual's sex.
---------------------------------------------------------------------------
\17\ 90 FR 8615 (Jan. 30, 2025).
---------------------------------------------------------------------------
The CFPB has consulted with the appropriate prudential regulators
and other Federal agencies regarding consistency with any prudential,
market, or systemic objectives administered by these agencies as
[[Page 50954]]
required by section 1022(b)(2)(B) of the Dodd-Frank Act.
II. Legal Authority
The Bureau is issuing this proposed rule pursuant to its authority
under section 1071. As discussed above, in the Dodd-Frank Act, Congress
amended ECOA by adding section 1071, which directs the CFPB to adopt
regulations governing the collection and reporting of small business
lending data. Specifically, section 1071 requires financial
institutions to collect and report to the CFPB certain data on
applications for credit for women-owned, minority-owned, and small
businesses. Congress enacted section 1071 for the purpose of (1)
facilitating enforcement of fair lending laws and (2) enabling
communities, governmental entities, and creditors to identify business
and community development needs and opportunities of women-owned,
minority-owned, and small businesses.\18\
---------------------------------------------------------------------------
\18\ 15 U.S.C. 1691c-2(a).
---------------------------------------------------------------------------
To advance these statutory purposes, section 1071 grants the Bureau
general rulemaking authority for section 1071, providing that the
Bureau shall prescribe such rules and issue such guidance as may be
necessary to carry out, enforce, and compile data pursuant to section
1071.\19\ Section 1071, in 15 U.S.C. 1691c-2(g)(2), also permits the
Bureau to adopt exceptions to any requirement of section 1071 and to
conditionally or unconditionally exempt any financial institution or
class of financial institutions from the requirements of section 1071,
as the Bureau deems necessary or appropriate to carry out the purposes
of section 1071. The Bureau relies on its general rulemaking authority
under 15 U.S.C. 1691c-2(g)(1) in this proposed rule and relies on 15
U.S.C. 1691c-2(g)(2) when proposing specific exceptions or exemptions
to section 1071's requirements.
---------------------------------------------------------------------------
\19\ 15 U.S.C. 1691c-2(g)(1).
---------------------------------------------------------------------------
See the 2023 final rule for a more detailed discussion of the
CFPB's legal authorities.\20\
---------------------------------------------------------------------------
\20\ See, e.g., 88 FR 35150, 35173-74.
---------------------------------------------------------------------------
III. Discussion of the Proposed Rule
A. Summary of Proposed Rule
As set out above, the CFPB now proposes to reconsider certain
provisions of the 2023 final rule. The CFPB believes that a potentially
long-term data collection regime should start with a focus on core
lending products, lenders, small businesses, and data points. The CFPB
believes in retrospect that the approach it took in the 2023 final
rule--a broad initial coverage of lenders, products, small businesses
and data points--was not conducive to the long-term success of the data
collection regime under section 1071. The CFPB now believes that a
better, longer-term approach to advance the statutory purposes of
section 1071 would be to commence the collection of data with a
narrower scope to ensure its quality, and to limit, as much as
possible, any disturbance of the provision of credit to small
businesses. The CFPB believes that such an incremental approach would
also comply with section 1071 and minimize any negative initial impact
on small business lending markets and on data quality. In the future,
based on CFPB and industry experience during the early years of data
collection, the CFPB could consider amending the rule as appropriate to
further the purposes of section 1071.
The CFPB also believes that the 2023 final rule has not created
significant reliance interests that would dissuade the Bureau from
reconsidering its position as to certain portions of the rule.
Litigation challenging provisions of the 2023 final rule and delays in
the compliance dates for this rule suggest that reconsideration of the
specific issues below would not meaningfully change compliance
obligations.
Covered credit transactions. The CFPB believes that the initial
iterations of data collection under the rule should focus on the core,
widely used lending products most likely to be foundational to small
businesses' formation and operation. The CFPB therefore proposes to
exclude merchant cash advances (MCAs), agricultural lending, and small
dollar loans from the definition of covered credit transaction.
Covered financial institutions. The CFPB believes that the initial
iterations of data collection under the rule should focus on larger
core lenders. The CFPB therefore proposes two changes to the covered
financial institution definition: first, to exclude FCS lenders from
coverage; and second, to raise the origination threshold from 100 to
1,000 covered credit transactions for each of two consecutive years.
The CFPB is also proposing conforming changes to the bona fide error
portions of the enforcement provisions in the rule.
Small business. The CFPB believes that the focus of the rule, at
least initially, should be truly small businesses. The CFPB therefore
proposes to change the gross annual revenue threshold in the rule's
definition of small business from $5 million or less to $1 million or
less.
Data points. The CFPB believes that the initial iterations of data
collection under the rule should focus on core data points and be
consistent with other executive agency directives concerning the
collection of demographic data.
The CFPB therefore intends to focus data collection on data points
specifically identified in section 1071 and a limited number of other
data points needed to facilitate the collection of these statutory data
points. The CFPB proposes to remove the discretionary data points for
application method, application recipient, denial reasons, pricing
information, and number of workers. The CFPB also proposes changes to
comply with an executive branch mandate, which would result in a
modification of the collection of data concerning business ownership
status of small business applicants and the format of demographic data
collected concerning the principal owners of a small business.
Time and manner of data collection. The CFPB proposes changes to
the provisions on the time and manner of data collection, to remove
certain requirements that are not statutorily required and appear to
anticipate or presume non-compliance with the rule. The CFPB also
proposes to add a provision that would emphasize for applicants their
statutory rights under the rule.
Compliance dates. Finally, in light of these other proposed changes
to the rule, the CFPB proposes to extend the rule's compliance date
provisions to January 1, 2028 for all financial institutions that
remain covered by the rule, and to make other simplifying and
streamlining changes.
The CFPB also addresses in this summary two other issues.
Privacy and data publication. The CFPB does not address in this
proposal the privacy discussions in the 2023 final rule or its
statements about the eventual publication of data. The 2023 final rule
did not purport to make any final or binding decisions concerning its
privacy analysis, instead announcing only its ``preliminary assessment
of how it might appropriately assess and advance privacy interests by
means of selective deletion or modification'' of data. The 2023 final
rule also did not reach conclusions regarding the procedural vehicle it
would use to convey its decisions with respect to privacy.\21\ Nor
[[Page 50955]]
has CFPB conclusively announced a timeline for the publication of
application-level data, except for observing that it would need a full
year's worth of data to conduct the necessary privacy analysis. The
CFPB also suggested that it intended to publish aggregate data in the
first year of receiving data, and before publishing any application-
level data. The CFPB is currently reconsidering all of these issues and
preliminary findings, will continue to engage with stakeholders, and
will address these issues and findings going forward in a timely
fashion.
---------------------------------------------------------------------------
\21\ Id. at 35460 (``The CFPB is not determining its final
approach to protecting such interests via pre-publication deletion
and modification because it lacks the reported data it needs to
finalize its approach and it does not see comparable datasets to use
for this purpose. In light of comments received on the NPRM's
privacy analysis, this part VIII offers a preliminary assessment of
how it might appropriately assess and advance privacy interests by
means of selective deletion or modification. The CFPB is not at this
point identifying the specific procedural vehicle for effecting its
privacy assessment. With respect to both substance and process, it
will continue to engage with external stakeholders; and it intends
to invite further input on how it plans to appropriately protect
privacy in connection with publishing application-level data.'').
---------------------------------------------------------------------------
As part of eventual data publication, as with HMDA data, the CFPB
intends to note to data users that data alone are generally not used to
determine whether a lender is complying with fair lending laws. The
data do not include all the legitimate credit risk considerations for
loan approval and loan pricing decisions. Therefore, when regulators
conduct fair lending examinations, they analyze additional information
before reaching a determination about an institution's compliance with
fair lending laws.
Grace period. The CFPB does not address the grace period policy
statement in this proposal. The CFPB does, however, announce its
intention to maintain the grace period for the same reasons articulated
in the 2023 final rule, as amended by the 2025 interim final rule, and
to alter the grace period to coincide with the new proposed compliance
date, if it is finalized.
The Bureau seeks comments on the general approach taken in this
proposal. The Bureau also seeks comment on its proposed exclusion or
reconsideration of the products, lenders, small business definition,
and data points identified below. Further, the Bureau requests comment
on the likely change in cost and complexity of data associated with
each of the specific proposed regulatory revisions identified below and
whether changes to the quality of data (e.g., better or worse data
quality), advances or is contrary to the purposes of section 1071.
Finally, the Bureau requests comment on whether the 2023 final rule has
created any reliance interests not otherwise identified in this
proposal.
B. Section 1002.104--Covered Credit Transactions and Excluded
Transactions
The CFPB believes that at the onset of data collection under
section 1071 the rule should focus on core, generally applicable,
lending products that are most likely to be foundational to small
businesses' formation and operation--loans, lines of credit, and credit
cards--before determining whether to expand the scope of the rule to
include more niche or specialty lending products. The CFPB therefore
proposes to exclude MCAs, agricultural lending, and small dollar loans
from the definition of covered credit transaction to better ensure the
smooth operation of the initial period of data collection, while
minimizing disruptions and regulatory complexity in the credit markets
subject to section 1071.
1002.104(b)(7)--Merchant Cash Advance
Current Sec. 1002.104(a) defines a ``covered credit transaction''
as ``an extension of business credit that is not an excluded
transaction under paragraph (b) of this section.'' Section
1002.104(b)(1)-(6) enumerates six types of transactions that are
excluded from covered credit extensions. The Bureau proposes adding
MCAs to the list of excluded transactions in Sec. 1002.104(b).
Proposed Sec. 1002.104(b)(7) would exclude MCAs, which it would define
as an agreement under which a small business receives a lump-sum
payment in exchange for the right to receive a percentage of the small
business's future sales or income up to a ceiling amount.\22\
Consistent with this proposed new exclusion, the CFPB proposes deleting
several references to MCAs, and the related term sales-based financing,
in commentary.
---------------------------------------------------------------------------
\22\ R. & R. on Cross Mots. for Summ. J. at 4, Revenue Based
Finance Coalition v. CFPB et al., No. 1:23-CV-24882-DSL (S.D. Fla.
Feb. 17, 2025).
---------------------------------------------------------------------------
In the 2023 final rule, the CFPB explained its belief that the
statutory term ``credit'' in ECOA is intentionally broad so as to
include a wide variety of products without specifically identifying any
particular product by name, such that all credit products should be
included in the rule unless the CFPB specifically excluded them and
concluded that ``credit'' encompasses MCAs. It further explained that
MCAs should not be understood to constitute factoring within the
meaning of the existing commentary to Regulation B subpart A or the
definition in existing comment 104(b)-1, because factoring involves
entities selling an existing legal right to payment from a third party,
while no such contemporaneous right exists in an MCA. The CFPB also
noted its understanding that, as a practical matter, MCAs are
underwritten and function like a typical loan (i.e., underwriting of
the recipient of the funds; repayment that functionally comes from the
recipient's own accounts rather than from a third party; repayment of
the advance itself plus additional amounts akin to interest; and, at
least for some subset of MCAs, repayment in regular intervals over a
predictable period of time), although it also implicitly acknowledged
practical differences between MCAs and conventional loans by including
numerous provisions intended to capture MCA-specific data.
This proposal reconsiders the CFPB's previous conclusions, as
illustrated in existing comment 104(a)(1)-1, which does not exclude
MCAs from the definition of ``covered credit transactions'' under Sec.
1002.104(a), for several independent reasons.
First, the CFPB believes that at the onset of the data collection
under section 1071 the focus should be on core lenders and products
before the CFPB considers expanding the scope of the rule. MCAs are
structured differently from traditional lending products; traditional
lending concepts like ``interest rate'' do not fit the way that MCAs
are priced.\23\ As a result, it is not clear that data collection on
MCA transactions under section 1071 would yield information that
advances section 1071's statutory purposes to the extent that some or
many such transactions do not constitute credit. The CFPB believes it
would advance the purposes of section 1071 at this time to exclude MCAs
from the definition of covered credit transaction, and to focus on
ensuring the smooth operation of data collection as to core lending
products and providers most likely to be foundational to small
businesses' formation and operation.
---------------------------------------------------------------------------
\23\ See current Sec. 1002.107(a)(12)(v) (providing for the
collection of data only applicable to merchant cash advance and
other sales-based financings subject to the rule).
---------------------------------------------------------------------------
Second, the CFPB believes it erred in prematurely determining that
collection of data on MCA transactions would serve section 1071's
statutory purposes by concluding that all MCAs constitute credit. The
2023 final rule's one-size-fits-all approach also does not take into
account the varied terms and features of MCAs across the market that
may be relevant to whether the products meet the definition of
``credit'' under ECOA, nor did it account for the fact that MCAs
[[Page 50956]]
are relatively new products whose features and practices may be
evolving, including in response to State regulation. Moreover, while
some State courts have analyzed whether some MCAs meet State law
definitions of ``debt'' or ``credit,'' there is a dearth of case law
analyzing whether MCAs meet ECOA's definition of ``credit.''
Excluding MCAs from the definition of ``covered credit
transaction'' would be consistent with the way the CFPB has already
treated leases, which also present close questions as to whether they
meet the definition of ``credit'' under ECOA. In the 2023 final rule's
analysis of leases,\24\ the CFPB acknowledged that some lease
transactions could constitute ``credit.'' But rather than include all
lease transactions in the 2023 final rule to ensure coverage of those
leases that did actually constitute credit and credit disguised as
leases, the CFPB determined that it would be able to monitor the market
for such products without including them in the 2023 final rule. The
CFPB proposes taking a similar approach to MCA transactions as it did
to leases.
---------------------------------------------------------------------------
\24\ See, e.g., 88 FR 35150, 35240 (``The Bureau is not covering
leases under this final rule, as requested by some commenters. The
Bureau agrees that some business leases are structured like loans
and other credit but notes that a commenter's example of a small
business being able to retain leased equipment is an example of the
creation of a security interest, not a lease under final comment
104(b)-2.''); id. (``The Bureau appreciates commenters' concerns
that not covering leases could open a door to potential evasion and
lead to data gaps or fair lending problems. The Bureau believes that
it can observe the small business financing market for such abuses
and prevent them without including all leases in the rule. For
example, in considering financial institutions' compliance with the
rule, the Bureau intends to closely scrutinize transactions to
ensure that companies are appropriately categorizing and reporting
products as required by section 1071.'').
---------------------------------------------------------------------------
Further, the CFPB believes that the 2023 final rule's coverage of
MCAs does not take into account State law developments addressing
sales-based financing. Several States have legislation and/or
regulations in place addressing the MCA market and requiring providers
to disclose terms such as the total cost of capital and the financing
rate. Such laws provide key protections for users of MCAs and may shape
MCA terms and practices in ways that bear on the question of whether
they meet ECOA's definition of ``credit.'' \25\ While the 2023 final
rule referenced these pieces of State legislation, it did not consider
the extent to which the evolving landscape under State law rendered
premature a determination that including MCAs in the definition of
``covered credit transaction'' for purposes of mandating data
collection furthered section 1071's statutory purposes. The CFPB
believes that it would be advantageous to observe how State laws
address MCAs before the CFPB decides how, and whether, to collect data
regarding MCAs pursuant to section 1071.
---------------------------------------------------------------------------
\25\ See, e.g., Conn. Pub. Act 23-201, Conn. Gen. Stat. sec.
36a-861 et seq. (2024) (creating a disclosure regime specific to MCA
and other sales-based financing transactions); Va. Code Ann. sec.
6.2-2230 et seq. (imposing licensing and disclosure requirements);
Utah Commercial Fin. Registration and Disclosure Act, Utah Code Ann.
sec. 7-27-102 and 7-27-202 (imposing licensing and disclosure
requirements).
---------------------------------------------------------------------------
Finally, while the final rule cited concerns about high costs and
predatory practices in the MCA market,\26\ those concerns may be
addressed by Federal and State law enforcement agencies through their
respective enforcement authorities.
---------------------------------------------------------------------------
\26\ At the same time the Bureau acknowledged that ``information
on merchant cash advance lending volume and practices is limited.''
88 FR 35150, 35220.
---------------------------------------------------------------------------
The CFPB believes that taking into account the factors listed
above, the relative novelty and evolving landscape of the MCA industry
and the ongoing changes at the State level concerning the regulation of
MCAs, that excluding MCA transactions from coverage under the rule at
this time is necessary and appropriate to carry out the purposes of
section 1071. As explained above, MCAs differ in kind from traditional
lending products, such that collecting data on MCA transactions under
Section 1071 may not produce information that is comparable to data
collected on other types of transactions. And because MCAs have not
generally been regulated as credit, many smaller MCA providers may lack
the infrastructure needed to manage compliance with regulatory
requirements associated with making extensions of credit. Taken
together, requiring MCAs to be reported could lead to data quality
issues, which would not advance the purposes of section 1071.
The CFPB will continue to monitor developments in the markets for
MCAs and other sales-based financing to determine whether over time a
subset might be appropriately included in the definition of ``covered
credit transaction'' for purposes of data collection.
The CFPB seeks comment on this proposed revision to the rule. It
also seeks comment on topics including, but not limited to, the extent
to which MCAs differ from or resemble traditional lending products; the
diversity of MCA terms and practices and how they impact whether MCAs,
or a subset of MCAs, meet the definition of ``credit'' under ECOA;
whether certain types of MCAs are more or less appropriate for
exclusion; and suggestions for how the 2023 final rule could be
modified with respect to MCAs if the CFPB ultimately does not exclude
them.
The CFPB further seeks comment on alternative definitions to the
one proposed in Sec. 1002.104(b)(7).
1002.104(b)(8)--Agricultural Lending
The CFPB proposes adding agricultural lending to the list of
excluded transactions under Sec. 1002.104(b). The CFPB proposes adding
new Sec. 1002.104(b)(8), which would define agricultural lending as a
transaction to fund the production of crops, fruits, vegetables, and
livestock, or to fund the purchase or refinance of capital assets such
as farmland, machinery and equipment, breeder livestock, and farm real
estate improvements. Consistent with this proposed addition, the Bureau
proposes deleting references to agricultural credit in current
commentary. This would simplify the rule by narrowing its scope to
core, generally applicable, small business lending products and avoid
covering a distinct and specialized lending sector that is already
subject to a different regulatory reporting scheme.\27\
---------------------------------------------------------------------------
\27\ See proposed revisions to Sec. 1002.105(b) discussed below
that would also exclude FCS lenders from the definition of ``covered
financial institution.''
---------------------------------------------------------------------------
In the 2023 final rule, the CFPB declined to exclude agricultural
credit from its definition of a ``covered credit transaction.'' It
noted that ECOA itself has no exceptions for agricultural credit, that
agricultural businesses are included in section 1071's statutory
definition of small business (defined by cross-reference to the Small
Business Act), and that there have been instances of discrimination in
agricultural lending. It rejected comments asserting that agricultural
credit is unique and not comparable to other types of small business
lending, instead observing that ``every small business industry has its
own unique characteristics.'' \28\ In response to commenters expressing
concern about the impact on local community financial institutions and
an outsized effect on the cost of credit for farmers, the CFPB
emphasized that it was increasing its institutional coverage threshold
to 100 annual originations, from the 25 originations it had originally
proposed. The CFPB mentioned that many agricultural lenders have
already been required to
[[Page 50957]]
collect and report some form of data by HMDA, the Community
Reinvestment Act (CRA), and/or the Farm Credit Administration (FCA),
but did so only to note that lenders accordingly should be able to
adapt to the CFPB's new data collection requirements.
---------------------------------------------------------------------------
\28\ 88 FR 35150, 35227.
---------------------------------------------------------------------------
The CFPB now believes that excluding agricultural lending from the
definition of ``covered credit transaction'' would advance the
statutory purposes of section 1071 at this early phase as the CFPB
begins the collection of small business lending data. Most notably,
typical agricultural lending differs markedly from other types of
commercial lending. Agricultural loans are often secured by biological-
based assets such as crops or livestock, which are subject to variables
and risk from weather and disease. These characteristics create unique
underwriting challenges that make such loans difficult to compare to
those in other industries. The 2023 rule did not adequately consider
these distinctions and the quality of data stemming from such
transactions. Indeed, other data collection regimes, such as CRA
regulations, appear to acknowledge categorical differences between
loans to small businesses generally and loans to small farms.\29\
---------------------------------------------------------------------------
\29\ Compare, e.g., 12 CFR 25.12(v) (OCC CRA regulations
defining small business loans) with Sec. 25.12(w) (OCC CRA
regulations defining small farm loans).
---------------------------------------------------------------------------
Second, agricultural lending is already subject to an existing
Federal data collection framework, one that is tailored to this
particular sector. The FCA conducts a substantial amount of
agricultural lending through a nationwide network of Congressionally
chartered, borrower-owned cooperatives. This system is subject to
extensive oversight by the FCA. Among other things, the FCA collects
demographic data including race, ethnicity, and gender from applicants
as part of its program oversight, in contrast to other forms of small
business lending where such data collection was not permissible under
Sec. 1002.5 of Regulation B until the promulgation of the 2023 final
rule.\30\ Further, under CRA regulations, institutions must report data
on lending to small farms alongside reporting their lending to small
businesses. The 2023 final rule did not adequately consider these
distinctions.\31\
---------------------------------------------------------------------------
\30\ See FSA Customer Data Worksheet (Form AD-2047).
\31\ As the CFPB acknowledged in the 2023 final rule, ``many
agricultural lenders have already been collecting and reporting some
form of data by HMDA, the CRA, and/or the Farm Credit
Administration.'' 88 FR 35150, 35227.
---------------------------------------------------------------------------
The CFPB believes upon reconsideration that the fact that
agricultural lenders are already reporting information to other
agencies supports its conclusion that excluding agricultural lending is
necessary or appropriate to carry out the purposes of section 1071 to
avoid imposing new, overlapping reporting requirements on agricultural
lenders at this point when the CFPB is commencing the collection of
data under this rule. The Bureau believes that excluding agricultural
lending would further the purposes of section 1071 because such an
exclusion would limit potential issues with data quality. Compliance
may pose greater difficulties for small agricultural lenders, which are
often rural entities with less compliance infrastructure than other
lenders, potentially impacting the quality of their data, and they may
need to divert their limited resources from lending activities.
Further, for lenders that provide both agricultural and non-
agricultural loans that would still be subject to coverage, the CFPB
believes that such lenders would be better situated to focusing their
section 1071 reporting efforts on improving the quality of data for
more core lending products.
Given these factors, the CFPB believes it would be appropriate to
reconsider the rule's application to agricultural lending to focus on
conventional, generally applicable small business lending at this time,
and to use its exemption authority under 15 U.S.C. 1691c-2(g)(2) to
exclude agricultural lending from coverage under the rule.
The CFPB seeks comment on this proposed revision to the rule. It
seeks comment on topics including, but not limited to, the definition
of agricultural lending; the extent to which agricultural lending
differs from or resembles other types of lending; and whether specific
types of agricultural lending are more or less appropriate for
exclusion.
1002.104(b)(9)--Small Dollar Business Credit
The CFPB proposes adding small dollar business credit to the list
of excluded transactions under Sec. 1002.104(b). Proposed Sec.
1002.104(b)(9) would exclude from the definition of covered credit
transaction a transaction in an amount of $1,000 or less, to be
adjusted for inflation over time.
In the 2023 final rule, the CFPB declined commenters' suggestions
that it exempt credit transactions below a certain threshold;
commenters had suggested exemption thresholds ranging from $25,000 to
$10 million, on the grounds that it would help smaller institutions
continue to make credit available. The CFPB explained that it was not
adopting an exemption because of the significant volume of small
business lending involving credit amounts below the threshold levels
proposed by commenters.
The CFPB now believes that an exclusion for the smallest loans--
well under the thresholds suggested by commenters in the 2023 final
rule--is necessary or appropriate to carry out the purposes of section
1071. Indeed, in considering comments regarding larger exemption
thresholds, the 2023 final rule did not explicitly address an exemption
for loans under $1,000.
The CFPB believes that the collection of data on such loans, to the
extent that they exist, are more likely to result in poor data quality
for purposes of any analyses in furtherance of the statutory purposes
of section 1071, given that small businesses will generally require
much larger loans to begin or operate their businesses. Typically, very
small loans below $1,000 would be satisfied by consumer credit options
and small non-profit lenders who lack infrastructure to support
regulatory compliance. Consequently, data collected from smaller
transactions may not provide meaningful insight into the practices of
most core lenders to small businesses.
Further, requiring data reporting on loans of $1,000 or less may
make offering such small credit products uneconomical for lenders.
Detailed data collection and reporting requirements are likely to
impose operational complexity, which would make producing quality data
difficult for smaller financial institutions. The CFPB is concerned
that this could impact data quality.
Moreover, the CFPB believes, based on its experience and
understanding of the markets, that many lenders treat transactions
under $1,000 as consumer credit, rather than business credit. Further,
$1,000 is substantially lower than loan amounts already characterized
as ``microloans'' to businesses. The CFPB understands that loans in
such amounts are not material for the small business lending markets.
For example, the Small Business Administration (SBA) offers business
credit that it characterizes as ``microloans,'' which are generally for
loan amounts under $50,000 and an average loan amount of $13,000.\32\
Further, several commenters in the 2023 final rule requested that the
CFPB carve out loans under $50,000 to
[[Page 50958]]
$100,000 as microloans.\33\ Some State-run programs offer business
credit that start at a minimum loan amount of $1,000.\34\ The CFPB
believes that it seems unlikely that many such small dollar loans under
$1,000 to small businesses are made, and if so the collection of such
data would not advance the statutory purposes of the rule.
---------------------------------------------------------------------------
\32\ See Small Bus. Admin., Microloans, https://www.sba.gov/funding-programs/loans/microloans (last visited Oct. 1, 2025).
\33\ 88 FR 35150, 35245.
\34\ See, e.g., Md. Dep't. of Com., Military Personnel and
Veteran-owned Small Business Loan Program (MPVOLP), https://commerce.maryland.gov/fund/programs-for-businesses/mpvolp (last
visited Sept. 10, 2025) (providing no interest loans, ranging from
$1,000 to $100,000, for businesses owned by military reservists,
veterans, National Guard personnel and for small businesses that
employ or are owned by such person).
---------------------------------------------------------------------------
The CFPB seeks comment on this proposed revision to the rule. It
seeks comment on topics including, but not limited to, the loan amount
at which the exclusion for small dollar business credit should be set;
whether the exclusion should be limited to certain types of loan
products, financial institutions, or small businesses; the extent to
which financial institutions lend to small businesses in amounts less
than $1,000 and why they do so; and whether the exclusion should
account for a lender extending multiple small dollar loans to a single
small business.
C. Section 1002.105--Covered Financial Institutions and Exempt
Institutions
The CFPB believes that at the onset of data collection under
section 1071 the focus should be on larger core lenders before the CFPB
considers whether it would be appropriate to expand the scope of the
rule to specialty lenders and smaller lenders. The CFPB therefore
proposes to exclude FCS lenders from the definition of covered
financial institution and proposes to raise the origination threshold
from 100 to 1,000 covered credit transactions to better ensure the
smooth operation of the initial period of data collection.
105(b) Covered Financial Institution--FCS Lenders
The CFPB proposes excluding FCS lenders from the ``covered
financial institution'' definition in Sec. 1002.105(b). Consistent
with this proposed exemption, the CFPB proposes deleting several
references to FCS lenders in commentary.
As with the Bureau's proposal to reconsider the treatment of
agricultural transactions as covered transaction under Sec.
1002.104(a), this proposal would simplify the rule by narrowing its
scope to core small business lending practices and lenders. The
proposal would also avoid imposing reporting requirements on a category
of specialized lenders that are already subject to a separate
regulatory reporting scheme.
The CFPB believes that an exemption for FCS lenders would advance
the statutory purposes of section 1071. FCS lenders have a unique
mission-driven structure, and they operate in a specific regulatory
environment.
FCS lenders differ from traditional financial institutions in
several significant respects. The FCS is comprised of a nationwide
network of borrower-owned, cooperative institutions with a statutory
mandate to provide the agricultural sector with reliable credit. FCS
borrowers include agricultural and related businesses as well as rural
homeowners. As owners of the FCS lending associations, these borrowers
can receive patronage dividends that can reduce borrowing costs and
make FCS loans difficult to compare to loans issued by non-FCS lenders.
Commercial banks, by contrast, are owned by shareholders, and credit
unions, while member-owned, serve a wide range of customers, provide a
wide range of products and services, and lack a specific charter that
is exclusively focused on agriculture. These differences between FCS
lenders and other types of lenders, which the CFPB did not meaningfully
address in the 2023 final rule, make it difficult to easily compare
loans made by FCS lenders with those of other non-cooperative lenders.
In addition to their unique nature and mission, as described above,
FCS lenders are also already subject to an existing regulatory
reporting framework through the FCA, including the collection of
demographic data as part of its program oversight.\35\
---------------------------------------------------------------------------
\35\ See also 88 FR 35150, 35227 (noting that many agricultural
lenders currently required to collect and report data to FCA).
---------------------------------------------------------------------------
In issuing the 2023 final rule, the Bureau explained the decision
not to categorically exempt any specific type of financial institution
from the rule's coverage, stating that such exemptions ``would create
significant gaps in the data and would create an uneven playing field
between different types of institutions.'' \36\ The CFPB did not appear
to meaningfully consider the extent to which FCS lending differs in
kind from general-purpose lending.
---------------------------------------------------------------------------
\36\ Id. at 35258.
---------------------------------------------------------------------------
However, in light of the CFPB's reconsideration of the 2023 final
rule and new focus on ensuring the consistent and smooth initial
collection of data from core lenders and products, the CFPB believes it
would further the purposes of section 1071 to commence the data
collection without including FCS lenders.
The existing reporting requirements of FCS lenders further supports
excluding FCS lenders.\37\ Moreover, requiring compliance with a second
set of potentially redundant reporting obligations may put FCA lenders
at a competitive disadvantage relative to other lenders.
---------------------------------------------------------------------------
\37\ For instance, the FCA already tracks data on the credit
needs of young, beginning, and small (YBS) farmers and ranchers.
Farm Credit Admin., Young, beginning, and small farmer lending,
https://www.fca.gov/bank-oversight/young-beginning-and-small-farmer-lending (last visited Sept. 28, 2025) (``[E]ach [FCS] institution is
required to report to FCA yearly on operations and achievements
under its YBS program and to disclose YBS data in its own annual
report.'').
---------------------------------------------------------------------------
The CFPB believes that the rule's current application to FCS
lenders risks imposing disproportionate regulatory complexity on them,
many of which are small, rural cooperatives lacking the compliance
infrastructure of large commercial lenders, which in turn risks
diminishing the quality of the data they report to CFPB. Adding
potentially redundant reporting requirements would do little to advance
the goals of section 1071. Such a result would be counter to the
Congressional goals behind the establishment of the FCS.
Based on the factors discussed above, the CFPB believes it would be
appropriate to reconsider the rule's application to FCS lenders and to
focus the rule's scope on conventional, general-purpose small business
lending. Accordingly, the Bureau proposes to use its exemption
authority under 15 U.S.C. 1691c-2(g)(2) to exclude FCS lenders.
The CFPB seeks comment on this proposed revision to the rule.
105(b) Covered Financial Institution--Threshold Change
Current Sec. 1002.105(b) defines a covered financial institution
as one that has made at least 100 covered credit transactions to small
businesses in each of the two preceding calendar years. The CFPB is
proposing to change this definition by increasing this threshold from
100 covered credit transactions to 1,000 covered credit transactions
because it believes that it would advance the statutory purposes of
section 1071 to commence the data collection without including smaller
lenders under a 1,000 originations threshold.
In the 2023 final rule, the CFPB explained its belief that a 100-
loan origination threshold would best address widespread industry
concerns regarding compliance burdens for the smallest financial
institutions while also
[[Page 50959]]
capturing the overwhelming majority of the small business lending
market. It noted that while its original proposal of a 25-loan
threshold would have yielded more data than a 100-loan threshold, the
100-loan origination threshold ``massively expands data availability
relative to the status quo.'' \38\ The CFPB noted that a number of
commenters on the 2021 proposed rule requested a higher threshold, such
as 1,000 covered credit transactions. At that time, the CFPB was
concerned that a threshold higher than 100 covered credit transactions
would dramatically reduce the number of covered financial institutions
that must report data under the rule. However, as the CFPB noted in the
2023 final rule, a large decrease in the number of covered financial
institutions does not equate to a proportionately large reduction in
the estimated number of small business credit applications reported.
---------------------------------------------------------------------------
\38\ 88 FR 35150, 35257.
---------------------------------------------------------------------------
As a result, the CFPB believes that the proposed 1,000 originations
threshold is justified for several independent reasons. First, the CFPB
believes that at the onset of the data collection under section 1071
the focus should be on core lenders and products before the CFPB
considers whether it would be appropriate to expand the scope of the
rule. The CFPB believes that larger volume lenders are core to small
business lending. Current Sec. 1002.114(b), by way of comparison,
prioritized the collection of data from the largest volume lenders
first because they have more resources, and because they account for
the bulk of small business lending volume.\39\
---------------------------------------------------------------------------
\39\ See id. at 35438-40.
---------------------------------------------------------------------------
Second, the proposed change better aligns with E.O. 14192,\40\
which directs Federal agencies to review regulations for regulatory
burden, and is responsive to feedback received from stakeholders
following publication of the 2023 final rule. The CFPB has heard
repeatedly from industry stakeholders that its estimates in the 2023
final rule were wrong, and that a 100-loan origination threshold is too
low and captures too many smaller institutions, which they say
originate fewer small business loans and also are less able to shoulder
the costs and complexity of complying with the rule due to fewer
resources and staff.
---------------------------------------------------------------------------
\40\ 90 FR 9065 (Feb. 6, 2025).
---------------------------------------------------------------------------
The Bureau preliminarily determines that changing the originations
threshold to 1,000 strikes a better balance by minimizing complexity
for smaller entities while still collecting data on a large proportion
of small business credit applications; indeed, as the Bureau observed
with respect to the 100-loan threshold in the 2023 final rule, a 1,000-
loan threshold would substantially increase data availability as
compared to the status quo.
The CFPB believes a threshold of 1,000 originations, instead of
100, would be congruent with the statutory purposes of section 1071.
The CFPB believes that the onset of data collection should commence
with core products and lenders, as larger lenders are better resourced
and can better sustain the complexities and cost of compliance with the
rule. The CFPB believes that it should work with larger lenders to
better understand potential difficulties associated with collecting
data before considering whether to expand the rule to require that
smaller lenders comply with the rule.
Further, the CFPB also notes from its research that the proposed
change in the threshold for originations would result in a reduction in
the number of smaller institutions covered by the rule without a
proportionately large reduction in the number of loan application-level
data collected by the rule.\41\ While the proposed 1,000 originations
threshold would carve out a large number of mostly smaller depository
institutions, the rule would still cover the vast majority of small
business loan originations (well over 90 percent).
---------------------------------------------------------------------------
\41\ See part IV.D, tables 1 and 2 below.
---------------------------------------------------------------------------
Given this the CFPB believes increasing the threshold would remove
regulatory burden from small entities, and therefore the proposed
change would be responsive to E.O. 14192.
The CFPB believes that increasing the threshold is necessary or
appropriate to carry out the purposes of section 1071 because the
complexity of compliance may pose difficulties for smaller lenders,
many of which have no previous experience at all with data collection
rules such as HMDA or CRA. The new compliance complexity may result in
decreased data quality for those institutions, which would not advance
the statutory purposes of section 1071.
The proposed change to Sec. 1002.105(b) would, in turn, require
other changes. Current Sec. 1002.112(b) provides that a bona fide
error is not a violation of ECOA or Regulation B, subpart B. The
provision cross-references numerical error thresholds in current
appendix F. Under appendix F, a financial institution is presumed to
maintain procedures reasonably adapted to avoid errors with respect to
a given data field if the number of errors found in a random sample of
a financial institution's data submission for a given data field do not
equal or exceed the threshold in column C of table 1 of appendix F.
The CFPB proposes revising appendix F to conform to the proposed
changes to Sec. 1002.105(b), defining ``covered financial
institution,'' based on a revised origination threshold of 1,000
covered credit transactions. Specifically, column A of existing
appendix F lists ranges of small business lending application register
counts. The CFPB proposes eliminating the rows in table 1 associated
with application counts under 1,000, and revising the count in what is
currently the 4th row to be ``1,000-100,000'' rather than the current
``500-100,000.'' The CFPB requests comment on these proposed changes.
The CFPB seeks comment on this proposed revision to the rule, in
particular whether an originations threshold at 200, 500, 2,000, or
some other number would be appropriate, and whether the associated
changes to appendix F are appropriate.
D. Section 1002.106--Business and Small Business
106(b) Small Business
Current Sec. 1002.106(b)(1) defines ``small business'' and
provides, among other criteria, that a business is small if its gross
annual revenue for its preceding fiscal year is $5 million or less.
Section 1002.106(b)(2) provides procedures for inflation adjustments to
that threshold. For the reasons discussed below, the CFPB is proposing
to reduce the gross annual revenue threshold from $5 million or less to
$1 million or less.
In the 2023 final rule, the CFPB explained that its definition
reflected the need for financial institutions to apply a simple, broad
definition of a small business across industries. It also explained its
belief that a $5 million gross annual revenue threshold strikes the
right balance in terms of broadly covering the small business financing
market while meeting the SBA's criteria for an alternative size
standard. It noted that it did not propose a $1 million gross annual
revenue threshold out of concern that such a threshold likely would not
satisfy the SBA's requirements for an alternative size standard across
industries, while also observing that a $1 million threshold would
better align with existing Regulation B adverse action notification
requirements. It also concluded that a $1 million threshold would
exclude many businesses that should be characterized as small.
The CFPB will retain the use of a simple, broad definition of a
small business across industries but is
[[Page 50960]]
proposing to change the gross annual revenue threshold from $5 million
or less to $1 million or less, and to make conforming changes
throughout the regulatory text and commentary. The CFPB is seeking SBA
approval for this alternate small business size standard pursuant to
the Small Business Act.\42\
---------------------------------------------------------------------------
\42\ 15 U.S.C. 632(a)(2)(C).
---------------------------------------------------------------------------
Since the 2023 final rule was published, the President issued E.O.
14192.\43\ As part of the CFPB's review of the 2023 final rule under
this order, the CFPB identified that a $1 million threshold would help
reduce regulatory burden on financial institutions because it would
better align with other existing financial regulatory requirements and
standard financial industry practices related to small businesses.
---------------------------------------------------------------------------
\43\ 90 FR 9065.
---------------------------------------------------------------------------
Specifically, the CFPB believes several independent reasons justify
a change of the gross annual revenue threshold to $1 million. First, as
noted by commenters on the CFPB's 2021 proposed rule, a $1 million
threshold would align with certain metrics in CRA regulations. Several
CRA tests analyze lending to ``smaller businesses'' with $1 million or
less in revenues.\44\ The CFPB finalized the $5 million threshold in
the 2023 final rule, and the Federal agencies responsible for
implementing the CRA proposed and subsequently finalized amendments to
their small business revenue threshold to $5 million, to conform with
the CFPB's rule implementing section 1071, and to use data collected
pursuant to that rule. Since then, however, the CRA agencies have
proposed withdrawing those revisions, which never entered into force.
The CRA agencies proposed reverting back to a $1 million or less
definition, and no longer using section 1071 data in certain CRA tests
concerning small businesses.\45\ The CFPB believes that it should
follow suit to reduce avoidable regulatory complexity for regulated
entities by sharing where possible a uniform size standard with other
Federal agencies.
---------------------------------------------------------------------------
\44\ ``Smaller business'' loans are a subset of ``small
business'' loans as defined by CRA regulations before the 2024
amendments. ``Small business'' loans are those with a loan amount of
$1 million or less to a business of any size under CRA regulations.
12 CFR 25.12(v) (``small business loan means a loan included in
`loans to small businesses' as defined in the instructions for
preparation of the Consolidated Report of Condition and Income'');
Fed. Fin. Insts. Examination Council, Schedule RC-C, Part II. Loans
to Small Businesses and Small Farms General Instructions (defining
``loans to small businesses'' as loans with original amounts of $1
million or less), https://www.fdic.gov/resources/bankers/call-reports/crinst-051/2017/2017-03-051-rc-c2.pdf (last visited Sept.
30, 2025). ``Smaller business'' loans are ``small business'' loans
made to business with $1 million or less in revenues under the 1995
amendments to CRA regulations. See 12 CFR 25.22(b)(3)(ii) (assessing
the lending activity of an institutions of ``small business and
small farm loans to businesses and farms with gross annual revenues
of $1 million or less'').
\45\ The Federal agencies responsible for implementing the CRA
amended the regulations in 2024 to change the relevant threshold
from $1 million to $5 million to conform with the CFPB's rule
implementing section 1071. 89 FR 6574 (Feb. 1, 2024). These agencies
have subsequently issued a joint notice of proposed rulemaking that
would rescind the 2024 amendments to the CRA regulations, reverting
back to the 1995/2001 version of the CRA regulations. 90 FR 34086
(July 18, 2025).
---------------------------------------------------------------------------
Second, the CFPB also believes that the revised threshold in
proposed Sec. 1002.106(b) would be more consistent with Regulation B,
subpart A, further helping to reduce regulatory burden pursuant to E.O.
14192.\46\ As noted in the 2023 final rule, Regulation B, subpart A
uses a $1 million revenue threshold to determine what kind of adverse
action notice a business credit applicant receives; those under the
threshold receive a notification similar to one a consumer would
receive.\47\ As a result, many covered financial institutions likely
already apply a $1 million threshold to determine which businesses are
small. Here, the CFPB believes that using an existing size standard
would reduce regulatory complexity for covered financial institutions.
---------------------------------------------------------------------------
\46\ 90 FR 9065 (Feb. 6, 2025).
\47\ See 88 FR 35150, 35186.
---------------------------------------------------------------------------
Third, as many financial institutions have worked on implementing
the 2023 final rule, the Bureau has received more feedback, including
from a number of community banks and trade groups representing larger
institutions, that a $1 million revenue threshold would more closely
align with their internal thresholds that separate small and medium-
sized businesses within their own institutions.
The CFPB notes that the 2023 final rule adopted a $5 million
threshold in significant part because it believed that a $1 million
threshold, discussed as an alternative to the $5 million threshold,
would not satisfy the SBA's requirements for an alternative size
standard and would exclude too many businesses designated as small
under the SBA's size standards. Whether an alternative size standard
satisfies the requirements for an alternative size standard is within
the SBA's purview to determine, and as noted above the CFPB is seeking
SBA approval for its proposed $1 million threshold.
Further, as commenters initially stated, a $1 million threshold
would cover most (over 95 percent) of small businesses as defined by
the SBA size standards in effect at the time of the 2021 proposed rule.
The CFPB estimated in the 2023 final rule that among non-agricultural
industries over 1.5 million small businesses (27 percent) would not be
covered by an alternative $1 million gross annual revenue
threshold.\48\ The CFPB is now reconsidering the data provided by
commenters and its final rule estimate. In any case, the CFPB believes
that a change to $1 million is consistent with the alignment goals
noted above given the E.O.s discussed throughout, even if a 27 percent
decline in small business coverage would result. At a $1 million
threshold, the proposed rule would still cover a supermajority of small
businesses that the 2023 final rule covers.
---------------------------------------------------------------------------
\48\ Id. at 35266.
---------------------------------------------------------------------------
The CFPB is proposing conforming changes also to the inflation
adjustment provision in Sec. 1002.106(b)(2), to require adjustment in
$100,000 increments (rather than $500,000) every five years after 2030
(rather than 2025). The CFPB is concerned that, given the proposed
change to a $1 million revenue threshold, inflation adjustments in
$500,000 increments would not be granular enough for this provision to
meaningfully track inflation.
The Bureau seeks comment on the proposed changes to Sec.
1002.106(b)(1) and (b)(2), including whether revenue thresholds of
$500,000, $2 million, $3 million, or some other amount would be
appropriate.
E. Section 1002.107--Compilation of Reportable Data
107(a) Data Format and Itemization
107(a) Discretionary Data Points
Section 1071 provides for two types of data points, those
statutorily required under ECOA section 704B(e) and those promulgated
based on Bureau discretion provided for in ECOA section 704B(e)(2)(H),
which are sometimes referred to as discretionary data points, and which
the Bureau has authority to add if the ``Bureau determines [they] would
aid in fulfilling the purposes of this section.'' In the 2023 final
rule, the Bureau finalized several discretionary data points,
determining the additional data would aid in fulfilling the purposes of
section 1071 of the Dodd-Frank Act, as required by ECOA section
704B(e)(2)(H). The discretionary data points were for pricing
information, time in business, North American Industry Classification
System (NAICS) code, number of workers, application method, application
recipient, denial reasons, and number of principal owners. The Bureau
considered the additional operational complexity and
[[Page 50961]]
potential reputational harm described by commenters that collecting and
reporting these data points could impose on financial institutions, but
determined that the costs were only incremental and that the data
points were designed to minimize additional compliance burden.\49\
---------------------------------------------------------------------------
\49\ Id. at 35278.
---------------------------------------------------------------------------
Notably, in the 2023 final rule the Bureau declined to add other
discretionary data points sought by commenters, because the decision
whether to include a discretionary data point necessarily also involves
considering the relative utility of a data point and the operational
complexity of adding it. For that reason, in 2023 the Bureau stated
that it was adopting a ``limited number of data points . . . that it
believes will offer the highest value in light of section 1071's
statutory purposes,'' and it rejected additional data points on the
grounds that they would pose ``operational complexities.'' \50\ For
example, the Bureau declined to include a data point on credit scores,
even though the data would be useful for fair lending analyses, due to
the complexity and operational difficulty of doing so.\51\
---------------------------------------------------------------------------
\50\ Id. at 35281.
\51\ Id. at 35282.
---------------------------------------------------------------------------
In other words, to be included as a discretionary data point, a
data point implicitly must satisfy two independent tests: (1) whether
the data point would aid in fulfilling the purposes of section 1071,
and (2) whether the CFPB believes based on the record before it that it
is appropriate to adopt as a discretionary data point given factors
such as operational cost and regulatory complexity. Accordingly, if the
Bureau now believes that the relative utility of the data is not strong
enough to justify the additional operational complexity for financial
institutions, that is sufficient reason to propose removing the
discretionary data point, even if the discretionary data point would
otherwise advance the purposes of the statute.
After the publication of the 2023 final rule, two factors prompted
reconsideration of the discretionary data points by the Bureau. First,
as discussed above, pursuant to E.O.s. 14192 and 14219 (``Ensuring
Lawful Regulation and Implementing the President's `Department of
Government Efficiency' Deregulatory Agenda''), the Bureau is reviewing
the 2023 final rule as part of its effort to streamline and simplify
regulations.\52\ The Bureau believes that removing some of the
discretionary data points would meet the goals of these E.O.s. Second,
subsequent to the publication of the 2023 final rule and through the
implementation process, the Bureau received additional feedback about
the number of data points total, and the logistical challenges
associated with implementing some or all of the discretionary data
points. The implementation feedback provided by stakeholders further
supports reconsideration of certain discretionary data points, and the
Bureau now believes that the 2023 final rule did not adequately
consider the extent to which the value of the data point justifies the
additional operational complexity in obtaining it.
---------------------------------------------------------------------------
\52\ 90 FR 9065; 90 FR 10583 (Feb. 25, 2025).
---------------------------------------------------------------------------
Given this new information, the Bureau proposes to remove the
discretionary data points for application method, application
recipient, denial reasons, pricing, and number of workers in Sec.
1002.107(a)(3), (4), (11), (12), (16), as well as the relevant
commentary, and to make conforming changes throughout.
The data points identified for removal are not statutorily required
and are not otherwise relied upon by or intertwined with the
statutorily required data points.\53\ In any case, because the
identified data points were finalized pursuant to the Bureau's
discretionary authority under 15 U.S.C. 1691c-2(e)(2)(H), it is also
within the bounds of that discretion to remove these data points. The
CFPB believes that their removal at this time, at the start of a
potentially long-term data collection regime, would advance the longer-
term statutory purposes of the rule. Stakeholders attempting to
implement the rule have suggested the addition of data points beyond
those statutorily required had led to unnecessary complexity in
implementing the 2023 final rule, and that such complexity might reduce
data quality and lead to additional errors. The CFPB preliminarily
concludes that initiating the data collection with an expansive rule
that covered more data points would tend to make the initial
collections more complicated and result in lesser data quality and
integrity.
---------------------------------------------------------------------------
\53\ The Bureau is not proposing to remove NAICS code, time in
business, and number of principal owners because those discretionary
data points are generally integral to collection and understanding
of statutorily required data points and the Bureau did not receive
evidence during the implementation period of logistical challenges
not previously considered.
---------------------------------------------------------------------------
The CFPB believes it prudent to focus on the collection of a more
limited number of core data points (the statutory data points and a
limited number of other data points needed to facilitate the collection
of these statutory data points) to avoid complexity in the initial
implementation of a rule to implement section 1071. This in turn would
make it more likely that covered financial institutions face a smoother
transition in the initial years of the rule in ramping up to the
accurate, recurring collection of data.\54\
---------------------------------------------------------------------------
\54\ The Bureau notes that in its experience with new regulatory
regimes, especially new data collections such as the revisions to
HMDA in 2015, covered institutions face initial difficulties with
collecting and reporting data accurately, especially given the
expansive changes required by the 2015 HMDA rulemaking.
---------------------------------------------------------------------------
Application method. The 2023 final rule required financial
institutions to collect data on whether applications were submitted in
person, by phone, online, or by mail. It explained its belief that this
data will improve the market's understanding of how different types of
applicants apply for credit and provide additional context for the
business and community development needs of particular geographic
regions. The Bureau now believes that this information is of relatively
low value in furthering the purposes of section 1071 while adding to
the overall complexity of a lengthy data collection, and thus should
not be included. Upon reconsideration, the Bureau believes that in the
2023 final rule, it had underestimated the potential complexity of this
data point. The Bureau acknowledged that many lenders do not already
collect this data point as such, and that many small business
applicants have multiple interactions across the different methods
listed (in-person, telephone, online) during the application process.
However, current Sec. 1002.107(a)(3) does not seem to address this but
rather appears to reduce the potentially complex set of interactions to
identifying only one means of collecting a covered application. The
logic of the 2023 final rule justifying this provision suggests the
futility of collecting this data point without capturing the full scope
of interaction between applicant and lender for purposes of this rule.
The Bureau believes, as a result, that at this time, this data point
should be removed because its utility does not outweigh the cost and
complexity of collecting it.
Application recipient. In the 2023 rule, the Bureau required
financial institutions to collect data on application method--whether
the applicant submitted the covered application directly to the
financial institution or its affiliate, or whether the applicant
submitted the covered application indirectly to the financial
institution via a third party. It explained
[[Page 50962]]
that this discretionary data point will improve the market's
understanding of how small businesses interact with financial
institutions when applying for credit, such as whether financial
institutions making credit decisions are directly interacting with the
applicant and/or generally operating in the same community as the
applicant. The Bureau now believes that this information is of
relatively low value in furthering the purposes of section 1071 while
adding to the overall complexity of a lengthy data collection. Upon
reconsideration, the Bureau believes that in the 2023 final rule, it
overestimated the utility and underestimated the cost and complexity of
this data point. The justification for this data point in the 2023
final rule suggested that it would help determine whether lenders were
operating in the communities with applicants but did not offer details
on why a data point on third-party submissions would advance such an
understanding, above and beyond the other data points more apparently
targeted to identify community development needs, such as census tract.
Further, in response to a comment that lenders do not track data on
application submissions by third parties because such data played no
role in underwriting decisions, the Bureau summarily replied that it
did not believe it would be difficult for lenders to track this
information. The Bureau believes that submissions through third parties
may not always be identified as such, and that its statement in the
2023 final rule justifying the inclusion of this data point did not
account for this. The Bureau as a result believes that at the start of
a potentially long-term data collection regime that this data point
should be removed.
Denial reasons. The Bureau explained in the 2023 rule that data on
denial reasons will allow data users to better understand the rationale
behind denial decisions, help identify potential fair lending concerns,
and provide financial institutions with data to evaluate their business
underwriting criteria and address potential gaps as needed. As the
Bureau acknowledged in the 2023 rule, reasons for denial data could be
harmful or sensitive for applicants or related natural persons. The
Bureau now believes that the sensitivity of this information, combined
with its addition to the overall complexity of a lengthy data
collection, justifies proposing to remove it from the discretionary
data points. The 2023 final rule did not explain how the marginal or
added usefulness of denial reasons would justify the added cost and
complexity above and beyond the collection of data on denials, already
captured by the mandatory ``type of action taken'' data point. Further,
to the extent that this data point was intended to assist lenders to
analyze their own fair lending concerns, as the 2023 final rule stated,
the data point is redundant as lenders already possess this
information. To the extent that this data point was intended to assist
applicants, under subpart A of Regulation B they are already able to
access a statement of denial reasons. Section 1002.9(a)(3) in subpart A
already requires lenders to inform applicants for business credit with
$1 million or less in gross annual revenue of their right to receive a
statement of denial reasons upon request. Upon reconsideration, the
Bureau believes that it is sufficient at this time to collect data on
denials via the action taken data point, as required under 15 U.S.C.
1691c-2(e)(2)(D), and that this data point should not be included at
the start of a potentially long-term data collection regime.
Pricing. In the 2023 rule, the Bureau required reporting of an
array of different pricing data: interest rate; total origination
charges; broker fees; the total amount of all non-interest charges that
are scheduled to be imposed over the first annual period; for a
merchant cash advance or other sales-based financing transaction, the
difference between the amount advanced and the amount to be repaid; and
information about any applicable prepayment penalties. It explained its
belief that because price-setting is integral to the functioning of any
market, any analysis of the small business lending market--including to
enforce fair lending laws or identify community and business
development opportunities--would be less meaningful without this
information. The 2023 rule acknowledge the potential complexity of
collecting this data, and commenters noted the risk that it could
reveal confidential business information or lead to incorrect
inferences about discrimination. The Bureau now believes that the
potential risk of harm to applicants and the substantial complexity of
the data collection justify removing it from the discretionary data
points. While the Bureau acknowledged comments ``about the harmful
consequences of potentially misleading data,'' the Bureau addressed
this concern in the 2023 final rule by stating that it would note
``when disclosing the 1071 data that the data alone generally do not
offer proof of compliance with fair lending laws.'' \55\ The Bureau
upon reconsideration believes that such a statement may not be
sufficient to address concerns about the misuse of pricing data. In
adopting the pricing data point, the Bureau assumed that community
groups would use data responsibly but did not address how other members
of the public with access to the data might use it.\56\ Further, the
2023 final rule stated that ``the 1071 data need not reflect every
determinant of credit pricing to provide value to users'' but also
acknowledged the relevant and importance of credit score of principal
owners to ``explain[] pricing differences between transactions.'' \57\
That is, the Bureau believes that the publication of pricing
information absent certain other information may be incomplete and give
rise to incorrect inferences concerning discrimination; however, the
collection of sufficient data points to correct potentially erroneous
inferences may make the data collection unduly complex. This
combination of difficulties leads the Bureau to believe that this data
point should not be included at the start of a potentially long-term
data collection regime.
---------------------------------------------------------------------------
\55\ 88 FR 35150, 35310.
\56\ Id. at 35310.
\57\ Id.
---------------------------------------------------------------------------
Number of workers. The 2023 rule required financial institutions to
report the number of workers in ranges, and stated that data on the
number of persons working for a small business applicant will provide
data users and relevant stakeholders with a better understanding of the
job maintenance and creation that small business credit provides. The
Bureau now believes that this information is of relatively low value in
furthering the purposes of section 1071 while adding to the overall
complexity of a lengthy data collection. First, in the 2023 final rule,
the Bureau acknowledged that ``[t]he majority of small businesses are
run by a single owner.'' Given the proposed change to Sec.
1002.106(b), revising the definition of small business to those
businesses with $1 million or less in gross annual revenue, fewer small
businesses with employees would be covered under the rule. Second, as
acknowledged in the 2023 final rule, small businesses may encounter
difficulties in providing this information to financial institutions,
especially small businesses that use contractors, temporary or gig
workers, or seasonal workers, or those that cycle through employees
frequently. While the Bureau simplified a covered financial
institution's reporting requirements for this data point, the Bureau
believes that even as simplified this data point's complexity outweighs
its potential utility. That is, the Bureau
[[Page 50963]]
now believes that it would be difficult to ensure consistency in
reporting this data point across a variety of different small business
applicants, making it likely that the data collected would be of poor
quality or otherwise difficult to interpret. Further, the 2023 final
rule justified this data point solely on community development grounds.
It did not justify this data point on fair lending grounds because
nothing in Regulation B, including subpart A, offers differential
protection based on a business credit applicant's number of workers.
Based on the Bureau's intention to commence this rulemaking regime
focused on truly small businesses, the Bureau believes that this data
point should not be included at the start of a potentially long-term
data collection regime as it is not likely to result in the collection
of useful data at this time.
LGBTQI+-owned business status. The 2023 rule required financial
institutions to inquire whether a small business applicant for credit
is a minority-owned, women-owned, and/or LGBTQI+-owned business. This
discretionary data point is addressed in more detail below in the
section on the Defending Women E.O.
The Bureau solicits comment on these proposed changes, including
whether any of the identified discretionary data points should be
modified or retained, in part or in full.
Collection of Disaggregated Ethnicity and Race Categories
Current Sec. 1002.107(a)(19) requires the collection of both
aggregate and disaggregated race and ethnicity information on principal
owners of small business applicants. However, 15 U.S.C. 1691c-
2(e)(2)(G) only requires covered lenders to collect and report the
``race, sex, and ethnicity of the principal owners of the business.''
This statutory provision does not explicitly call for the collection of
disaggregated data on the race and ethnicity of principal owners. Given
its concern about commencing a long-term data collection regime by
asking for potentially complex and costly data points, the Bureau seeks
comment on whether it should revise the rule's data collection
requirements to require collection only of aggregate ethnicity and race
categories.
As a result, and consistent with its reconsideration of
discretionary data points, the Bureau also seeks specific comment on
what utility there might be for carrying out the purposes of section
1071 in requiring the collection of disaggregated categories of
ethnicity and race, in addition to the aggregate categories. The Bureau
also seeks comment on the costs and burdens for financial institutions
in requiring the collection of these disaggregated categories of
ethnicity and race.
Defending Women E.O.
LGBTQI+-ownership. Current Sec. 1002.107(a)(18) requires financial
institutions to inquire whether a small business applicant for credit
is a minority-owned, women-owned, and/or LGBTQI+-owned business. The
Bureau explained that, based on limited information available, it
believed that LGBTQI+-owned businesses may experience particular
challenges accessing small business credit, and used its discretionary
authority under 15 U.S.C. 1691c-2(e)(2)(H) to require financial
institutions to request information about whether an applicant is a
LGBTQI+-owned business. In the time since the 2023 rule, the Bureau has
heard repeated concerns from stakeholders, as well as members of
Congress and the general public, that this question in particular is an
invasion of privacy and risks damaging the relationship between small
businesses and their lenders, particularly in smaller lending markets.
The Bureau now believes that the sensitivities involved in this
inquiry, which the 2023 rule did not address, exceed any utility this
data point might provide, and that it adds to the overall complexity of
a lengthy data collection.\58\
---------------------------------------------------------------------------
\58\ The Bureau also notes that it has withdrawn its 2023
interpretive rule concerning LGBTQI+ discrimination under ECOA. 86
FR 14363 (Mar. 16, 2021) (clarifying that the prohibition against
sex discrimination in ECOA and Regulation B encompasses sexual
orientation and gender identity discrimination); 90 FR 20084 (May
12, 2025) (withdrawing the 2021 interpretive rule). That rule sought
to extend to ECOA the Court's holding in Bostock, which found title
VII's prohibition against sex discrimination includes discrimination
based on sexual orientation and gender identity. Bostock v. Clayton
Cnty., 590 U.S. 644 (2020). The Court has since declined to
expressly extend the holding of Bostock beyond the title VII
context. United States v. Skrmetti, 605 U.S. __(2025).
---------------------------------------------------------------------------
In addition, the President issued the Defending Women E.O. (E.O.
14168) on January 30, 2025, which directs Federal agencies seeking
information not to discuss gender identity and to refer to sex using a
binary of male/female. Consistent with this E.O. and the feedback the
Bureau received from stakeholders and members of Congress and the
general public described above, the Bureau is proposing to make certain
conforming changes to the rule and remove or rescind provisions in the
current rule that do not comply with the order. These changes generally
would include (1) removing references to and questions about
``LGBTQI+''-owned business status, (2) requiring financial institutions
to inquire about a principal owner's sex, rather than sex/gender, and
(3) providing that the sex of the principal owners be selected from a
static binary response option of male/female, rather than a free-form
text field.
Specifically, the proposed changes would include removing the
definition related to LGBTQI+-owned business status in Sec.
1002.102(k) and (l) and removing references to LGBTQI+-owned business
status in Sec. 1002.107(a)(18) and (19) and associated commentary, and
revising how principal owners' sex is to be collected in commentary
accompanying Sec. 1002.107(a)(19). The proposed changes would also
include removing references to LGBTQI+-owned business status in
Regulation B, subpart A, Sec. 1002.5(a)(4) and revising commentary
accompanying Sec. 1002.5(a)(2). The Bureau is also proposing to make
conforming changes elsewhere throughout the regulatory text and
associated commentary, as well as the sample form in appendix E.
The Bureau seeks comment on these proposed changes.
Sex/gender. Current Sec. 1002.107(a)(19) requires financial
institutions to ask a small business applicant to provide its principal
owners' ethnicity, race and sex. Associated commentary further explains
how financial institutions are to make these requests. Commentary to
current Sec. 1002.107(a)(19) requires financial institutions, when
requesting principal owners' sex, to use the term ``sex/gender'' and to
give applicants a free-form text field to provide a response.
Commentary accompanying current Sec. 1002.107(a)(19) requires
financial institutions, when requesting principal owners' sex, to use
the term ``sex/gender'' and to give applicants a free-form text field
to provide a response. In the 2023 rule, the Bureau explained its
belief that this approach would allow applicants to self-identify as
they see fit. Commenters had contended, however, that the free-form
text approach would inhibit data analysis.
The Bureau now agrees with commenters who had asserted that,
particularly in the context of a data collection rule, a free-form text
field would inhibit robust data analysis, contrary to the purposes of
the rule. The Bureau also now believes, based on feedback from
stakeholders of all kinds, that a free-form text field would likely
result in poor data quality, given the variety of possible responses to
the sex question even for a single type of answer.\59\ The potential
for confusion is
[[Page 50964]]
exacerbated by the lack of clarifying instructions. The Bureau now
believes that the most appropriate way to collect data on the sex of a
principal owner is to ask the straightforward question of whether the
owner is male or female.
---------------------------------------------------------------------------
\59\ Responses intended to indicate ``female'' sex could include
``female,'' ``woman,'' ``feminine,'' ``mujer,'' ``F,'' ``W,'' and
even ``M.'' Responses intended to indicate ``male'' could include
``man,'' ``male,'' ``hombre,'' ``guy,'' ``M,'' ``m,'' ``H,'' etc.
Free-form text responses may also result in non-serious responses.
---------------------------------------------------------------------------
Additionally, this proposed change comports with the Defending
Women order described above. Specifically, the changes consistent with
E.O. 14168 would include revising how principal owners' sex is to be
collected in commentary accompanying Sec. 1002.107(a)(19). The Bureau
is also proposing to make conforming changes elsewhere throughout the
regulatory text and associated commentary, as well as the sample form
in appendix E.
The Bureau solicits comment on these proposed changes.
Applicant's Right To Refuse To Provide Demographic Data
Current Sec. 1002.107(a)(18) requires covered financial
institutions to seek information from applicants about their women-
owned, minority-owned, and LGBTQI+-owned business status and Sec.
1002.107(a)(19) requires covered financial institutions to seek
information from applicants about the ethnicity, race, and sex of the
principal owners of the applicant business. Those provisions and
associated commentary also include discussions of the statutorily
provided right of an applicant to refuse to provide this
information.\60\
---------------------------------------------------------------------------
\60\ 15 U.S.C. 1691c-2(c).
---------------------------------------------------------------------------
The Bureau is proposing to revise the applicant right to refuse
discussions in Sec. 1002.107(a)(18) and (19), as well as the related
commentary. In addition, the Bureau is proposing corresponding changes
to the sample demographic data collection form in appendix E.
Currently, the regulatory text of Sec. 1002.107(a)(18) and (19)
provides that covered financial institutions must inform applicants
that the financial institution cannot discriminate against the
applicant based on the demographic information provided pursuant to the
rule or on whether the applicant invokes the right to refuse to provide
the information. Existing comments 107(a)(18)-1 and 107(a)(19)-1 state
that a financial institution must permit an applicant to refuse (i.e.,
decline) to answer the financial institution's inquiries regarding
business status and ethnicity, race, and sex, and must inform the
applicant that it is not required to provide the information. The
Bureau is proposing to add the requirement to inform applicants of
their right to refuse to the regulatory text of Sec. 1002.107(a)(18)
and (19), for clarity.
The Bureau is also proposing changes to the sample form in appendix
E to further emphasize the right to refuse.
The Bureau seeks comment on these proposed changes.
107(c) Time and Manner of Collection
Anti-Discouragement and Related Provisions
In the 2023 rule, the Bureau explained that it was adopting the
provisions in Sec. 1002.107(c) in an attempt to provide a balance
between allowing institutions flexibility in how they collect data and
ensuring that institutions do not discourage or otherwise interfere
with applicants' providing their data. Existing Sec. 1002.107(c)
requires a covered financial institution to (1) not discourage an
applicant from responding to requests for applicant-provided data under
final Sec. 1002.107(a) and to otherwise maintain procedures to collect
such data at a time and in a manner that are reasonably designed to
obtain a response; (2) identify certain minimum components when
collecting data directly from the applicant that must be included
within a financial institution's procedures to ensure they are
reasonably designed to obtain a response; (3) maintain procedures to
identify and respond to indicia that it may be discouraging applicants
from responding to requests for applicant-provided data, including low
response rates for applicant-provided data; as well as (4) provide that
low response rates for applicant-provided data may indicate that a
financial institution is discouraging applicants from responding to
requests for applicant-provided data or otherwise failing to maintain
procedures to collect applicant-provided data that are reasonably
designed to obtain a response.
The CFPB proposes to remove certain references to the
discouragement prohibition in Sec. 1002.107(c)(1) and (c)(2)(iii), as
well as related commentary that the Bureau believes are redundant and
add unnecessary regulatory complexity. It also proposes to remove Sec.
1002.107(c)(3) and (c)(4) and related commentary; these provisions
detail requirements to monitor for indicia of discouragement, such as
low response rates from applicants, and explicitly provide that low
response rates may be indicia of discouragement. Further, the CFPB
proposes to revise commentary to Sec. 1002.107(c)(2) which established
specific restrictions on the time and manner of data collection that
are similar to the anti-discouragement provisions.
Section 1071, as implemented by Regulation B, subpart B, creates
binding obligations for covered financial institutions to ask small
business applicants for credit for their demographic information, but
it includes no requirements regarding how institutions must ask for the
information.\61\ By contrast, the 2023 final rule imposed numerous
obligations in Sec. 1002.107(c) on the basis of theoretical concerns
that institutions would seek to evade compliance by discouraging
applicants from providing their information or otherwise interfering
with applicants providing their data. It did not provide any evidence
in support of its concerns, such as evidence from past experience with
HMDA or other similar situations. In addition, the Bureau now believes
that comment 107(c)(2)-2.iii.A, which discusses financial institution
statements that would violate the anti-discouragement provision, raises
serious First Amendment concerns.
---------------------------------------------------------------------------
\61\ 90 FR 20084, 20086 (May 12, 2025) (withdrawing the
Statement on Enforcement and Supervisory Practices Relating to the
Small Business Lending Rule Under the ECOA and Regulation B).
---------------------------------------------------------------------------
The 2023 final rule also describes in commentary several
obligations related to anti-discouragement, such as the requirements
that financial institutions maximize the collection of data, request
applicant-provided data before a final credit decision is made, and
ensure that applicants do not overlook requests for data.
The Bureau's belief that the anti-discouragement and other related
provisions are unnecessary is also bolstered by feedback it has
received from a number of stakeholders regarding difficulties with
implementing these provisions, particularly with respect to the
discussion in comment 107(c)(4)-1 as to comparison of response rates
for demographic questions across similar financial institutions.
Further, the provisions in Sec. 1002.107(c) that would remain after
these proposed revisions still impose affirmative obligations to
maintain procedures reasonably designed to obtain a response from
credit applicants.
Given the existence of these provisions, and in light of E.O.s
14192 and 14219 that require the CFPB to seek ways to increase
efficiency in regulations, the CFPB now reconsiders existing Sec.
1002.107(c) and preliminarily finds that its various prohibitions on
discouragement are redundant and unnecessary. They are redundant in
that
[[Page 50965]]
they appear to create obligations to comply with other existing
obligations. They are unnecessary because the obligations to collect
data and to maintain systems reasonably designed to elicit responses
are already subject to the enforcement provisions of Sec. 1002.112 in
the event of non-compliance. Further, comments received in response to
the 2025 interim final rule from a trade association suggested that
these provisions were vague and did not make clear what would and would
not constitute discouragement. All of this would add unnecessary
regulatory complexity for lenders.
The CFPB observes that the other requirements in the current
commentary to Sec. 1002.107(c)(2)--concerning maximizing the
collection of data, requesting applicant-provided data before a credit
decision is made, and ensuring that applicants not overlook requests
for data--should not have been framed as binding obligations because
they are unnecessary obligations beyond those already established in
Sec. 1002.107(c). However, unlike the anti-discouragement provisions,
these provisions identify practices likely to help covered financial
institutions comply with the 2023 final rule. The CFPB proposes
revising these provisions to provide guidance to financial institutions
rather than contributing unnecessary regulatory complexity in the form
of additional obligations. The CFPB believes that providing this
flexibility will advance the statutory purposes of the rule by helping
financial institutions collect better quality data without requiring
them to follow rigid practices that may in some instances impede rather
than encourage data collection. The CFPB further believes that making
these practices guiding principles, rather than requirements, better
conforms with the existing regulatory text of Sec. 1002.107(c), which
requires covered lenders to ``maintain procedures to collect such data
at a time and in a manner that are reasonably designed to obtain a
response'' (emphasis added).
For purposes of streamlining and simplifying the rule by removing
unnecessary regulations, as discussed above, the Bureau proposes to
remove provisions regarding or discussing a prohibition on the
discouragement of applicants from providing data required under the
rule, and proposes revising other provisions concerning the time and
manner of collection to provide guidance rather than additional
obligations.
The Bureau seeks comment on these proposed changes.
F. Section 1002.114--Effective Date, Compliance Date, and Special
Transitional Rules
114(b) Compliance Date
The rule's compliance dates, as most recently amended by the 2025
compliance dates final rule, are set forth in current Sec.
1002.114(b). That section looks to a financial institution's volume of
covered credit transactions for small businesses to determine which of
three compliance dates (currently July 1, 2026, January 1, 2027, and
October 1, 2027) are applicable to a financial institution.
The CFPB proposes amending Sec. 1002.114(b) to eliminate the
system of tiered compliance dates in favor of creating a single
compliance date. Mirroring the change to the rule's origination
threshold set forth in proposed Sec. 1002.105(b), proposed Sec.
1002.114(b) would require that all covered financial institutions that
originated at least 1,000 covered credit transactions for small
businesses in each of calendar years 2026 and 2027 begin to comply with
the rule starting on January 1, 2028. The CFPB proposes making
corresponding updates throughout the commentary accompanying Sec.
1002.114(b) and (c), which would provide additional guidance and
examples regarding the compliance date.
The CFPB preliminarily believes that the extension of the single
compliance date to January 1, 2028, is necessary and reasonable for
several independent reasons. Those covered financial institutions that
would reasonably expect to be above the new 1,000 origination threshold
will need additional time to adjust their compliance systems to any
changes to the rule the CFPB adopts after considering the comments
submitted on this NPRM. The proposed revisions would not only reduce
certain reporting requirements, such as the proposed elimination of
many of the discretionary data points, but would also change existing
requirements concerning statutorily required demographic data points,
consistent with the Defending Women E.O. Such changes may require that
financial institutions that may have already prepared to comply with
the 2023 final rule to change forms, customer interfaces, or other
compliance software or regulatory processes.
Further time would also be necessary for other institutions to
determine whether they are covered at all under the rule, given the
proposed modification of the threshold for covered financial
institutions from 100 to 1,000 originations, as well as other proposed
changes that would result in fewer transactions being counted toward
the 1,000 origination threshold (such as the proposed removal of
certain categories of credit transactions from Sec. 1002.104(b), from
the definitions of covered credit transaction, and the change to the
definition of small business in Sec. 1002.106).
The CFPB likewise believes it would be appropriate to adopt a
single compliance date, to begin on January 1, 2028, that is applicable
to all covered financial institutions. The need for a tiered compliance
structure is diminished by the length of time that has passed since the
adoption of the 2023 final rule as well as fewer covered financial
institutions as a result of changes proposed to Sec. Sec. 1002.104(b),
1002.105(b), and 1002.106. The CFPB has also heard feedback from
stakeholders regarding difficulties for financial institutions in
complying with the rule mid-year, which would be resolved by the
proposed revisions to Sec. 1002.114.
Finally, the CFPB believes that its proposed compliance date
resolves any lingering concerns arising from previous compliance date
extensions. As the CFPB explained in its 2025 interim final rule and
2025 compliance date final rule, those rules were necessary to avoid a
subset of covered financial institutions remaining obligated to come
into compliance with the 2023 rule, even though many of these
institutions would be too small to qualify as covered financial
institutions under this proposed rule, if finalized, meaning that they
would likely incur significant compliance costs for only a single
year's submission of data. Furthermore, this costly single-year
submission of data--with costs inequitably imposed only on covered
financial institutions that happened not to be plaintiffs or
intervenors in litigation--would likely provide little benefit. For
example, the data would be submitted in accordance with a different set
of data points under Sec. 1002.107(a), which could have caused
analytical concerns in comparison with data submitted pursuant to this
proposed rule, if finalized. Additionally, prior to releasing any data
from the single-year submission, the CFPB would need to conduct an
analysis under Sec. 1002.110(a) to determine if deletion or
modification of the data would advance a privacy interest, and due to
the smaller size of the single-year data set, it is likely that more
data would need to be deleted or modified, limiting its utility.
Finally, if covered financial institutions were not given additional
time to comply with the changes
[[Page 50966]]
proposed here, the Bureau is concerned that credit access and data
quality might be affected in a manner that would not advance the
purposes of the statute.
The CFPB seeks comment on these proposed changes. It also seeks
comment on whether it would be appropriate to finalize this compliance
date amendment in advance of finalizing the proposal's other changes,
so that institutions currently covered by the 2023 rule could have
earlier certainty as to the timing of their obligations, if any.
114(c) Special Transition Rules
In the 2023 final rule, financial institutions were instructed to
determine their compliance tier based on their originations in 2022 and
2023. Subsequent changes to the rule added the time periods of 2023 and
2024, or 2024 and 2025, that financial institutions could choose to use
instead. These alternatives are set out in existing Sec.
1002.114(c)(3) and related commentary.
The CFPB is proposing revising Sec. 1002.114(c)(3) and related
commentary to require a financial institution to count its originations
of covered credit transactions in each of calendar years 2026 and 2027
to determine whether it must comply with the rule on the proposed
compliance date of January 1, 2028. This proposed change would simplify
Sec. 1002.114(c) and better align it with the proposed revisions to
Sec. 1002.114(b).
The CFPB believes that the range of options provided by current
Sec. 1002.114(c), intended to provide flexibility to potentially
covered financial institutions, is no longer appropriate for a single
compliance date with a single originations threshold. Further, proposed
Sec. 1002.114(c) would use calendar years closer to the new compliance
date and would be a fairer time period to count originations. The
compliance date in proposed Sec. 1002.114(b) of January 1, 2028, would
be nearly five years removed from some of the two-year time periods
used to determine when a covered financial institution must begin to
collect data. Originations in 2026 and 2027 would be controlling in any
event; if a financial institution would be covered by the rule based on
its originations in 2022 and 2023, but fell below the threshold based
on 2026 and 2027, it would not be a covered financial institution for
2028. The CFPB thus believes that referring to the number of
originations during calendar years 2026 and 2027 would be more
appropriate and relevant to determining whether a financial institution
must comply with the rule starting in January 2028.
The CFPB seeks comment on this proposed change.
IV. CFPA Section 1022(b) Analysis
In developing the proposed rule, the CFPB has considered the
potential benefits, costs, and impacts as required by section
1022(b)(2) of the Consumer Financial Protection Act of 2010 (CFPA).
Section 1022(b)(2) calls for the CFPB to consider the potential
benefits and costs of a regulation to consumers and covered persons,
including the potential reduction of consumer access to consumer
financial products or services, the impact on depository institutions
and credit unions with $10 billion or less in total assets as described
in section 1026 of the CFPA, and the impact on consumers in rural
areas.
In the Dodd-Frank Act, which was enacted ``[t]o promote the
financial stability of the United States by improving accountability
and transparency in the financial system,'' Congress directed the
Bureau to adopt regulations governing the collection of small business
lending data. Under section 1071 of that Act, covered financial
institutions must compile, maintain, and submit certain specified data
points regarding applications for credit for small businesses, with
particular attention to women-owned and minority-owned small
businesses, along with ``any additional data that the Bureau determines
would aid in fulfilling the purposes of this section.'' Under the 2023
final rule, covered financial institutions are required to collect and
report the following data points: (1) a unique identifier, (2)
application date, (3) application method, (4) application recipient,
(5) credit type, (6) credit purpose, (7) amount applied for, (8) amount
approved or originated, (9) action taken, (10) action taken date, (11)
denial reasons, (12) pricing information, (13) census tract, (14) gross
annual revenue, (15) NAICS code, (16) number of workers, (17) time in
business, (18) minority-owned, women-owned, and LGBTQI+-owned business
status, (19) ethnicity, race, and sex of principal owners, and (20) the
number of principal owners.
Under the 2023 final rule, financial institutions are required to
report data on small business credit applications if they originated at
least 100 covered credit transactions in each of the two preceding
calendar years. Loans, lines of credit, credit cards, and merchant cash
advances (including such credit transactions for agricultural purposes)
all fall within the transactional scope of the 2023 final rule, with no
limitations on loan amount. The Bureau excluded trade credit,
transactions that are reportable under HMDA, insurance premium
financing, public utilities credit, securities credit, and incidental
credit. Factoring, leases, and consumer-designated credit used for
business or agricultural purposes are also not covered credit
transactions. For purposes of the 2023 final rule, a business is a
small business if its gross annual revenue for its preceding fiscal
year is $5 million or less. Finally, the 2023 final rule, as
subsequently amended, establishes several compliance dates for
financial institutions based on three origination size thresholds.
This proposed rule reconsiders certain provisions of the 2023 final
rule. Under this proposed rule, covered financial institutions would no
longer be required to collect and report the following data points:
application method, application recipient, denial reasons, pricing
information, number of workers, and LGBTQI+-owned business status. This
proposed rule would make adjustments to some of the other data points
(including minority-owned business status and ethnicity, race, and sex
of principal owners) as well as the timing and methods to be used in
the collection of data.
In addition, under this proposed rule, a financial institution
would be required to report data if the financial institution
originated at least 1,000 covered credit transactions in each of the
two preceding calendar years, and one category of financial
institutions (FCS lenders) would be excluded from coverage. The CFPB is
also proposing to exclude merchant cash advances, credit transactions
for agricultural purposes, and small dollar loans of $1,000 or less
from the transactional scope of the rule. For the purposes of the
proposed rule, a business would be a small business under this proposed
rule if its gross annual revenue for its preceding fiscal year is $1
million or less. Finally, the proposed rule would change the compliance
date provision to require a single compliance date for covered
financial institutions.
A. Statement of Need
Congress directed the Bureau to adopt regulations governing the
collection of small business lending data. Specifically, section 1071
of the Dodd-Frank Act amended ECOA to require financial institutions to
compile, maintain, and submit to the Bureau certain data on
applications for credit for small businesses, particularly
[[Page 50967]]
women-owned and minority-owned small businesses. Congress enacted
section 1071 for the purpose of facilitating enforcement of fair
lending laws and enabling communities, governmental entities, and
creditors to identify business and community development needs and
opportunities of women-owned, minority-owned, and small businesses. The
Bureau is issuing this proposed rule to reconsider portions of the 2023
final rule in order to more effectively fulfill its statutory purposes.
As discussed in parts I and III, the Bureau believes, in
retrospect, that its approach in the 2023 final rule was not conducive
to fulfilling the long-term statutory purposes of section 1071 of the
Dodd-Frank Act. The Bureau now believes that a more incremental
approach would limit, as much as possible, any disturbance to the
provision of credit to small entities. The Bureau expects that a more
gradual approach to adding data points or expanding coverage, if
needed, would more effectively serve both the fair lending and
community development purposes of the rule in the long run.
In particular, the Bureau believes it should focus on core lending
products, core lending providers, and core data points, rather than
take the more expansive approach of its 2023 final rule. To accomplish
this, the Bureau proposes multiple changes from the 2023 final rule.
Among the most consequential changes, the Bureau proposes to exempt
several categories of credit from the definition of covered
transactions, including sales-based financing, loans for agricultural
purposes, and small dollar loans. The Bureau now believes that
application data collected on these types of transactions would be of
lower quality while imposing collection requirements on institutions
that issue them. The Bureau also proposes to raise the number of loans
that trigger reporting requirement to 1,000 and exempt FCS lenders from
coverage of the rule to focus on core providers in the small business
lending space. The Bureau proposes to change the definition of ``small
business'' in current Sec. 1002.106(b) from $5 million or less to $1
million or less in annual gross revenue to ensure that data is
collected on truly small businesses, rather than collect additional
data on businesses that could be considered large in some contexts.
Lastly the rule removes several data points from the collection,
relative to the 2023 final rule, including pricing data, application
method, application recipient, denial reasons, pricing and number of
workers to limit the initial compliance costs for collecting and
reporting data in compliance with section 1071.
The Bureau believes these changes help further the statutory
purposes, for facilitating fair lending enforcement and community
development, in several ways. By reducing the initial burden of the
data collection on some institutions and removing the collection
requirement from others, the Bureau believes that it will reduce
disruption in the small business lending market compared to the more
expansive 2023 final rule requirements. Disruption in the small
business lending market could run counter to the community development
purposes of the final rule. By focusing the data collection on core
providers, transactions, and data points the Bureau expects the data
collected under this proposed rule will be of higher quality and will
be more useful for fair lending enforcement and community development.
B. Baseline for the Consideration of Costs and Benefits
In evaluating the potential benefits, costs, and impacts of this
proposed rule, the Bureau takes as a baseline that all financial
institutions covered under the 2023 final rule are in appropriate
compliance with that rule, as codified in subpart B of Regulation B and
amended by the 2024 interim final rule, the 2025 interim final rule,
and the 2025 compliance date final rule.\62\ Under this baseline, the
Bureau also assumes that institutions are complying with other
regulations that they are currently subject to, including reporting
data under HMDA, CRA, and any State commercial financing disclosure
laws.\63\ The Bureau believes that this baseline provides the public
with the most reasonable basis for analyzing the benefits and costs of
this proposed rule. The Bureau seeks comment on the advantages and
disadvantages of considering this baseline.
---------------------------------------------------------------------------
\62\ For example, many financial institutions would not be
required to comply with the 2023 final rule as amended until 2027.
The Bureau does not assume that such institutions would already be
in compliance with the 2023 final rule. Instead, the Bureau assumes
that some institutions have already spent some resources to
implement the rule, as discussed more in part IV.E.1.
\63\ See, e.g., N.Y.S. 898 (signed Jan. 6, 2021) (amending S.
5470-B), https://legislation.nysenate.gov/pdf/bills/2021/s898; Cal.
S.B. 1235 (approved Sept. 30, 2018), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1235; Va. H. 1027 (approved
Apr. 11, 2022), https://lis.virginia.gov/cgi-bin/legp604.exe?221+ful+CHAP0516; Utah S.B. 183 (signed Mar. 24, 2022),
https://le.utah.gov/~2022/bills/static/SB0183.html.
---------------------------------------------------------------------------
C. Basic Approach of the Bureau's Consideration of Benefits and Costs
and Data Limitations
Pursuant to section 1022(b)(2)(A) of the Dodd-Frank Act,\64\ in
prescribing a rule under the Federal consumer financial laws (which
include ECOA and title X of the Dodd-Frank Act), the Bureau is required
to consider the potential benefits and costs to ``consumers'' and
``covered persons,'' including the potential reduction of access by
consumers to consumer financial products or services resulting from
such rule, and the impact of final rules on covered persons as
described under section 1026 of the Dodd-Frank Act \65\ (i.e.,
depository institutions and credit unions with $10 billion or less in
total assets), and the impact on consumers in rural areas.
---------------------------------------------------------------------------
\64\ 12 U.S.C. 5512(b)(2)(A).
\65\ 12 U.S.C. 5516.
---------------------------------------------------------------------------
The Dodd-Frank Act defines the term ``consumer'' as an individual
or someone acting on behalf of an individual. It defines a ``covered
person'' as one who engages in offering or providing a ``consumer
financial product or service,'' which means a financial product or
service that is provided to consumers primarily for ``personal, family,
or household purposes.'' \66\ In rulemakings implementing section 1071,
however, the only parties directly affected by the rule are small
businesses (rather than individual consumers) and the financial
institutions from which they seek credit (which may or may not be
covered persons). Accordingly, a section 1022(b)(2)(A) analysis that
considers only the costs and benefits to individual consumers and to
covered persons would not meaningfully capture the costs and benefits
of the rule.
---------------------------------------------------------------------------
\66\ 12 U.S.C. 5481(4) through (6).
---------------------------------------------------------------------------
Below, the Bureau conducts the statutorily required analysis with
respect to the proposed rule's effects on consumers and covered
persons. Additionally, consistent with the approach in the 2023 final
rule, the Bureau is electing to conduct this same analysis with respect
to small businesses and the financial institutions that would be
required to compile, maintain, and submit data under the proposed rule.
This analysis relies on data that the Bureau has obtained from
industry, other regulatory agencies, and publicly available sources.
However, as discussed further below, the available data limit the
Bureau's ability to quantify the potential costs, benefits, and impacts
of the proposed rule.
The Bureau seeks comments on the basic approach discussed below and
any
[[Page 50968]]
additional data sources that may be used to improve this approach.
1. Analysis With Respect to Consumers and Covered Persons
The 2023 final rule implemented a data collection regime in which
certain covered financial institutions must compile, maintain, and
submit data with respect to applications for credit for small
businesses. This proposed rule amends that implementation. The proposed
rule would not directly impact consumers, including consumers in rural
areas, as those terms are defined by the Dodd-Frank Act. However, some
consumers may be impacted in their separate capacity as sole owners of
small businesses covered by the proposed rule. Some covered persons,
including some depository institutions or credit unions with $10
billion or less in total assets, would be affected under the proposed
rule not in their capacity as covered persons (i.e., as offerors or
providers of consumer financial products or services) but in their
separate capacity as financial institutions that offer small business
credit covered by the proposed rule. The costs, benefits, and impact of
the proposed rule on those entities are discussed below.
2. Benefits to Impacted Financial Institutions
The proposed rule would modify the 2023 final rule with respect to
which financial institutions and transactions are covered, and which
data points are required to be collected and reported. Many financial
institutions that would not be covered by the proposed rule will still
be impacted by the proposed rule because they would have been covered
under the 2023 final rule (as amended). The Bureau analyzes the impacts
of the proposed rule relative to the baseline (1) on covered
institutions and (2) on institutions that would no longer be covered
and calls the combined group of institutions ``impacted financial
institutions.'' The main expected benefit of the proposed rule to
impacted financial institutions comes in the form of cost savings. The
Bureau calculates these cost savings by estimating the change in
compliance costs between the proposed rule and the baseline.
In order to precisely quantify the cost savings for impacted
financial institutions, the Bureau would need representative data and
information on the operational costs that financial institutions would
incur to gather and report 1071 data, on one-time costs for financial
institutions to update or create reporting infrastructure to implement
requirements of the proposed rule, and on the level of complexity of
financial institutions' business models and compliance systems.
Furthermore, the Bureau would need this information under both the
baseline and the proposed rule. Currently, the Bureau does not believe
that data on section 1071 reporting costs with this level of
granularity are systematically available from any source. The Bureau
has made reasonable efforts to gather data on section 1071 reporting
costs and primarily uses the same methodology that it used to analyze
the 2023 final rule, unless otherwise noted. The Bureau continues to
believe that its analysis here and in the 2023 final rule constitutes
the most comprehensive assessment to date of the compliance costs
associated with implementing section 1071 reporting by financial
institutions and provides the most accurate estimates of costs given
available information. However, the Bureau recognizes that these
estimates may not fully quantify the costs to each covered financial
institution, especially given the wide variation of section 1071
reporting costs among financial institutions.
The Bureau categorizes costs required to comply with the baseline
and the proposed rule into ``one-time'' and ``ongoing'' costs.
Similarly, the Bureau reports cost savings in these terms. ``One-time''
costs refer to expenses that the financial institution incur initially
and only once to implement changes required in order to comply with the
requirements of this rule. ``Ongoing'' costs are expenses incurred as a
result of the ongoing reporting requirements of the rule, which the
Bureau considers on an annualized basis. In considering the costs and
impacts of the 2023 final rule, the Bureau has engaged in a series of
efforts to estimate the cost of compliance by covered entities. The
Bureau conducted a One-Time Cost Survey, discussed in more detail in
part IX.E.1 of the 2023 final rule,\67\ to learn about the one-time
implementation costs associated with implementing section 1071 and
adapted ongoing cost calculations from previous rulemaking efforts. The
Bureau evaluated the one-time costs of implementing the procedures
necessary and the ongoing costs of annually reporting under the
proposed rule in part IV.F.1 below. The Bureau recognizes that costs
vary by institution due to many factors, such as size, operational
structure, and product complexity, and that this variance exists on a
continuum that is impossible to fully represent. In order to conduct a
consideration of impacts that is both practical and meaningful in light
of these challenges, the Bureau has chosen an approach that focuses on
three representative types of financial institutions. For each type,
the Bureau has produced reasonable estimates of the costs of compliance
given the limitations of the available data. Part IV.E.1 below provides
additional details on this approach.
---------------------------------------------------------------------------
\67\ See 88 FR 35150, 35497 (May 31, 2023).
---------------------------------------------------------------------------
The Bureau understands that some financial institutions that are
covered under the baseline have started implementing the 2023 final
rule. Institutions that would be no longer covered as a result of the
proposed rule may have already incurred some one-time costs to
implement the baseline that would not have been necessary under this
proposed rule. The Bureau does not count these expenditures as costs of
the proposed rule because those costs have already been incurred and
are discussed in more detail in part IV.E.1. Instead, the Bureau
accounts for these expenditures through reductions in cost savings. If
an institution becomes no longer covered as a result of the proposed
rule, it will no longer be able to recoup all one-time implementation
costs, as discussed in part IV.E.1.
3. Benefits to Small Businesses
Consistent with the 2023 final rule, the Bureau elects to estimate
the benefits and cost savings to small businesses in addition to cost
and benefit savings to impacted financial institutions. As with
financial institutions, the Bureau expects that the main benefits of
the proposed rule to small businesses would arise as a result of cost
savings. The Bureau expects the direct cost savings of the proposed
rule to small businesses would be negligible. However, the Bureau
expects that there could be indirect cost savings of the proposed rule
to small businesses if financial institutions pass on their cost
savings. Therefore, the Bureau focuses its analysis on whether and how
the Bureau expects impacted financial institutions to pass on the cost
savings from the proposed rule to small businesses and any possible
effects on the availability or terms of small business credit. The
Bureau relies on economic theory to understand the potential for cost
savings of financial institutions to be passed on to small businesses.
4. Costs to Small Businesses and Impacted Financial Institutions
The costs to small businesses and to impacted financial
institutions associated with the proposed rule will primarily come from
a decrease in the benefits associated with the 2023 final
[[Page 50969]]
rule. Quantifying benefits to small businesses presents substantial
challenges. As discussed above, Congress enacted section 1071 for the
purpose of facilitating enforcement of fair lending laws and enabling
communities, governmental entities, and creditors to identify business
and community development needs and opportunities of women-owned,
minority-owned, and small businesses. The Bureau is unable to quantify
any of these benefits, both because the Bureau does not have the data
to do so and because the Bureau is not able to assess how effective the
2023 final rule would be in achieving those benefits. The same
difficultly holds for the change in benefits associated with the
proposed rule. As discussed further below, as a data reporting rule,
most provisions of the baseline and the proposed rule will benefit
small businesses in indirect ways, rather than directly.
Similar issues arise in attempting to quantify the decrease in
benefits to impacted financial institutions. Certain benefits to
impacted financial institutions are difficult to quantify. For example,
the Bureau believes that the data collected under both the baseline and
this proposed rule will reduce the compliance burden of fair lending
reviews for lower risk financial institutions that are likely to be in
compliance with ECOA by reducing the ``false positive'' rates during
fair lending prioritization by regulators. However, the Bureau does not
have the information to quantify such benefits.
In light of these data limitations, the discussion below generally
provides a qualitative consideration of the reduction of benefits under
the proposed rule relative to the baseline. General economic
principles, together with the limited data available, provide insight
into the loss of benefits. Where possible, the Bureau makes
quantitative estimates based on these principles and the data that are
available. Quantifying these benefits is difficult because the size of
each effect cannot be known in advance. Given the number of small
business credit transactions and the size of the small business credit
market, however, small changes in behavior can have substantial
aggregate effects.
In addition, financial institutions that remain covered under the
proposed rule may incur adjustment costs. This would occur when
institutions have already made efforts to implement the provisions of
the 2023 final rule and would incur additional costs to modify their
existing implementation to comply with this proposed rule. If a
financial institution has not begun to implement the 2023 final rule,
then it would not incur adjustment costs.
D. Coverage of the Proposed Rule
The proposed rule provides that financial institutions (both
depository and nondepository) that meet all the other criteria for a
``financial institution'' in proposed Sec. 1002.105(a) would only be
required to collect and report section 1071 data if they originated at
least 1,000 covered credit transactions in each of the two preceding
calendar years. In addition, under the proposed rule, FCS lenders would
not be required to collect and report section 1071 data, even if they
meet this proposed new threshold.
As discussed above, market-wide data on small business lending are
currently limited. The Bureau is unaware of any comprehensive data
available on small business originations for all financial
institutions, which are needed to precisely identify all institutions
to be covered by the proposed rule or the 2023 final rule. To estimate
the change in coverage as a result of the proposed rule, the Bureau
uses publicly available data for financial institutions divided into
two groups: depository (i.e., banks, savings associations, and credit
unions) and nondepository institutions. The Bureau employs the
methodology used in the 2023 final rule to estimate the change in
coverage as a result of the proposed rule and relies on updated data.
With respect to depository institutions, the Bureau relies on
National Credit Union Administration (NCUA) Call Reports to estimate
coverage for credit unions, including for those that are not federally
insured, and Federal Financial Institutions Examination Council (FFIEC)
Call Reports and the CRA data to estimate coverage for banks and
savings associations. For the purposes of the analysis in this part
IV.D, the Bureau estimates the number of depository institutions that
would have been required to report small business lending data in 2023,
based on the estimated number of originations of covered products for
each institution in 2022 and 2023.\68\ The Bureau accounts for mergers
and acquisitions in 2022 and 2023 by assuming that any depository
institutions that merged in those years report as one institution.
---------------------------------------------------------------------------
\68\ In the proposed rule, an institution would be required to
report for a given year if it originated at least 1,000 covered
originations in each of the preceding two years. For the purposes of
estimating the impacts of the proposed rule, the Bureau assumes that
a financial institution would be required to report information from
the year 2023 if the institution made at least 1,000 loans in 2022
and 2023. The Bureau makes this simplifying assumption for two
reasons. First, the Bureau does not rely on data from 2020 or 2021
to avoid the years where small business lending would have been most
affected by the COVID-19 pandemic. Second, the Bureau requires CRA
data to estimate coverage and those data are only available through
2023.
---------------------------------------------------------------------------
The NCUA Call Report captures the number and dollar value of
originations on all loans over $50,000 to members for commercial
purposes, regardless of any indicator about the borrowing business's
size. For the purposes of estimating the impacts of the proposed rule,
the Bureau uses the annual number of originated commercial loans to
members reported by credit unions as a proxy for the annual number of
originated covered credit transactions under the rule.\69\ These are
the best data available to the Bureau for estimating the number of
credit unions that may be covered by the proposed rule. However, the
Bureau acknowledges that the true number of covered credit unions may
be different than what is presented here. For example, this proxy would
overestimate the number of credit unions that will be covered if some
commercial loans to members are not covered because the member is
taking out a loan for a business that is not small under the definition
of a small business in the proposed rule. Alternatively, this proxy
would underestimate the number of credit unions covered by the proposed
rule if credit unions originate a substantial number of covered credit
transactions with origination values under $50,000 that are not counted
in the data.
---------------------------------------------------------------------------
\69\ For this analysis, the Bureau includes all types of
commercial loans to members except construction and development
loans, loans secured by multifamily residential property, loans
secured by farmland, and loans to finance agricultural production
and other loans to farmers. This includes loans secured by owner-
occupied, non-farm, non-residential property; loans secured by non-
owner occupied, non-farm, non-residential property; commercial and
industrial loans; unsecured commercial loans; and unsecured
revolving lines of credit for commercial purposes.
---------------------------------------------------------------------------
[[Page 50970]]
The FFIEC Call Report captures banks' and savings associations'
outstanding number and dollar amount of small loans to businesses
(i.e., loans originated under $1 million to businesses of any size;
small loans to farms are those originated under $500,000). The CRA
requires banks and savings associations with assets over a specified
threshold ($1.609 billion as of 2025) \70\ to report loans to
businesses in original amounts of $1 million or less. For the purposes
of estimating the impacts of the proposed rule, the Bureau follows the
convention of using small loans to businesses as a proxy for loans to
small businesses and small loans to farms as a proxy for loans to small
farms.\71\ These are the best data available for estimating the number
of banks and savings associations that may be covered by the proposed
rule. However, the Bureau acknowledges that the true number of covered
banks and savings associations may be different than what is presented
here. The Bureau acknowledges that it does not have sufficient
information to meaningfully account for how the proposed change to the
small business definition and the proposed minimum loan size threshold
might affect the impacts of the rule.
---------------------------------------------------------------------------
\70\ See Fed. Fin. Insts. Examination Council, Community
Reinvestment Act Reporting Criteria, https://www.ffiec.gov/data/cra/reporting-criteria (last visited Oct. 4, 2025).
\71\ For a discussion of the small business lending proxy, see
Jacob Goldston & Yan Y. Lee, Measurement of Small Business Lending
Using Call Reports: Further Insights From the Small Business Lending
Survey (Fed. Deposit Ins. Corp. Staff Rept. No. 2020-04, July 2020),
https://www.fdic.gov/analysis/cfr/staff-studies/2020-04.pdf.
---------------------------------------------------------------------------
Although banks and savings associations reporting under the CRA are
required to report the number of originations of small loans to
businesses and farms, the Bureau is not aware of any comprehensive
dataset that contains originations made by banks and savings
associations with assets below the CRA reporting threshold. To fill
this gap, the Bureau simulated plausible values for the annual number
and dollar value of originations for each bank and savings association
that falls below the CRA reporting threshold for 2022 and 2023.\72\ The
Bureau generated simulated originations in order to account for the
uncertainty around the exact number and value of originations for these
banks and savings associations. To simulate these values, the Bureau
assumes that these banks have the same relationship between outstanding
and originated small loans to businesses and farms as banks and savings
associations above the CRA reporting threshold. First, the Bureau
estimated the relationship between originated number and balances and
outstanding numbers and balances of small loans to businesses and farms
for CRA reporters. Then the Bureau used this estimate, together with
the outstanding numbers and balances of small loans to businesses and
farms of non-CRA reporters, to simulate these plausible values of
originations. The Bureau has documented this methodology in more detail
in its Supplemental estimation methodology for institutional coverage
and market-level cost estimates in the small business lending rule
released with the 2023 final rule.\73\
---------------------------------------------------------------------------
\72\ Based on FFIEC Call Report data as of December 2023, of the
4,587 banks and savings associations that existed in 2023, only
about 14 percent were required to report under CRA. That is, only
about 14 percent of banks and savings associations had assets below
$1.503 billion, the CRA reporting threshold in 2023. See Fed. Fin.
Insts. Examination Council, CRA Reporting Criteria, https://www.ffiec.gov/data/cra/reporting-criteria (last visited Sept. 23,
2025).
\73\ CFPB, Supplemental estimation methodology for institutional
coverage and market-level cost estimates in the small business
lending rulemaking (Mar. 30, 2023), https://www.consumerfinance.gov/data-research/research-reports/supplemental-estimation-methodology-institutional-coverage-market-level-cost-estimates-small-business-lending-rulemaking/.
---------------------------------------------------------------------------
Based on 2023 data from FFIEC and NCUA Call Reports and the CRA
data, using the methodology described above, the Bureau estimates that
the number of depository institutions that would be required to report
under the proposed rule is between approximately 172 to 181, as shown
in Table 1 below. This comprises between 167 and 176 banks and savings
associations and 5 credit unions that would be required to report under
the proposed rule. These ranges represent 95 percent confidence
intervals over the number of credit unions, banks and savings
associations that would be covered under the proposed rule. The Bureau
presents this range to reflect the uncertainty associated with the
estimates and notes that the uncertainty is driven by the lack of data
on originations by banks and savings associations below the CRA
reporting threshold.\74\
---------------------------------------------------------------------------
\74\ The Bureau acknowledges that these confidence intervals do
not account for all uncertainty in the estimates. For example, the
confidence interval does not account for how well number of small
loans to businesses proxies for number of originations of covered
products. The Bureau is unaware of information that could be used to
quantify these additional sources of uncertainty.
Table 1--Estimated Depository Institution Coverage of the Proposed Rule
[In 2023, based on 2022-2023 data]
------------------------------------------------------------------------
Coverage category Estimated coverage
------------------------------------------------------------------------
Institutions Subject to 1071 Reporting. 172-181 depository institutions
(1.85%-1.95% of all depository
institutions).
Banks and Savings Associations (SAs) 167-176 banks and SAs (3.64%-
Subject to Reporting. 3.84% of all banks and SAs).
Credit Unions Subject to Reporting..... 5 credit unions (0.11% of all
credit unions).
Share of Total Small Business Credit by 91.9%-92.8%.
Depository Institutions (Number of
Loans Originated) Captured.
Share of Total Small Business Credit by 60.3%-62.0%.
Depository Institutions (Dollar Value
of Loans Originated) Captured.
------------------------------------------------------------------------
The Bureau also estimates the number of institutions that would
have been covered under the baseline but are no longer covered by the
proposed rule, using the same methodology discussed above. A depository
institution would have been covered at the end of 2023 by the 2023
final rule if that institution had over 100 small business and small
farm loan originations in 2022 and 2023, accounting for mergers. The
Bureau estimates that the number of depository institutions required to
report under the 2023 final rule but that would not be required to
report under the proposed rule is between approximately 1,421 to 1,570
institutions as shown in Table 2 below.
[[Page 50971]]
Table 2--Estimated Depository Institutions Covered Under Baseline but No
Longer Covered by Proposed Rule
[In 2023, based on 2022-2023 data]
------------------------------------------------------------------------
Coverage category Estimated coverage
------------------------------------------------------------------------
Institutions No Longer Covered......... 1,421-1,570 depository
institutions (15.3%-16.9% of
all depository institutions).
Banks and Savings Associations (SAs) No 1,301-1,450 banks and SAs
Longer Covered. (28.4%-31.6% of all banks and
SAs).
Credit Unions No Longer Covered........ 120 credit unions (2.6% of all
credit unions).
Share of Total Small Business Credit by 5.0%-5.7%.
Depository Institutions (Number of
Loans Originated) by DIs No Longer
Covered.
Share of Total Small Business Credit by 24.1%-26.1%.
Depository Institutions (Dollar Value
of Loans Originated) by DIs No Longer
Covered.
------------------------------------------------------------------------
The Bureau does not have sufficient information to meaningfully
estimate the change in the number of nondepositories relative to the
analysis conducted for the 2023 final rule. For the purposes of the
analysis of the impacts of this proposed rule, the Bureau assumes that
the number of nondepository institutions that are active in the small
business lending market has not changed since the 2023 final rule,
except for Farm Credit System members, for which the Bureau relies on
data from the Farm Credit Administration. See part II.D of the 2023
final rule for more detail on how the Bureau arrived at these
estimates.\75\ Consistent with the assumptions in the 2023 final rule,
the Bureau also assumes that only online lenders and merchant cash
advance providers originate more than 1,000 loans each year and the
remaining nondepositories originate between 150 and 999 loans each
year. Since merchant cash advances would not be covered credit
transactions under the proposed rule, no merchant cash advance
providers would be required to report. Based on these assumptions, the
Bureau concludes that only online lenders would still be required to
report under the proposed rule.
---------------------------------------------------------------------------
\75\ See 88 FR 35153.
---------------------------------------------------------------------------
The Bureau estimates that the 2023 final rule would have covered
about 610 nondepository institution, consisting of: about 30 online
lenders; about 140 nondepository Community Development Financial
Institutions (CDFIs); about 70 merchant cash advance providers; about
240 commercial finance companies; about 70 governmental lending
entities; and 60 Farm Credit System members.\76\ The Bureau estimates
that, of these nondepositories, only the 30 online lenders will
continue to be covered under the proposed rule and the remaining will
be impacted by the proposed rule because they are no longer covered.
---------------------------------------------------------------------------
\76\ Farm Credit Admin., Number of FCS banks and associations by
type and district as of January 1, 2024, https://www.fca.gov/template-fca/bank/20240101NumberAssocs.pdf (last visited Oct. 1,
2025).
---------------------------------------------------------------------------
The Bureau seeks comments on these estimates of coverage and
changes in coverage. In particular, the Bureau seeks additional data
and information that it could use to improve its estimates of
nondepository institution coverage.
E. Methodology for Generating Costs and Benefits Estimates
In part IX.E of the 2023 final rule, the Bureau explained its
methodology for generating estimates of one-time and ongoing costs
associated with complying with the 2023 final rule. As discussed in the
previous section, many financial institutions that were covered by the
2023 final rule would no longer be covered by this proposed rule. Thus,
the proposed rule would confer a benefit in the form of cost savings
for most impacted institutions. The Bureau also expects that
institutions that continue to be covered will face a reduction in
compliance costs from the proposed rule relative to the baseline.
Generally, the Bureau estimates the benefits of the proposed rule by
comparing the compliance costs under the baseline to those under the
proposed rule. To generate cost estimates under the baseline and this
proposed rule, the Bureau uses the same methodology as the 2023 final
rule, unless otherwise noted. Throughout this section, the Bureau
reproduces crucial parts of the methodology discussion where necessary
but references the 2023 final rule for additional detail and
background.
The Bureau expects that compliance costs vary with the complexity
of a financial institution's compliance operations. Consistent with the
2023 final rule and for the purposes of this proposed rule, the Bureau
categorizes impacted financial institutions (FIs) into Types A, B, and
C in increasing order of compliance operations complexity. Based on its
prior methodology, the Bureau assumes that this complexity is
correlated with the number of small business loan applications
received, and therefore categorizes institutions based on application
volume. The Bureau assumes that Type A FIs receive fewer than 300
applications per year, Type B FIs receive between 300 and 2,000
applications per year, and Type C FIs receive more than 2,000
applications per year. The Bureau assumes that, for Type A and B FIs,
one out of two small business applications will result in an
origination. Thus, the Bureau assumes that Type A FIs originate fewer
than 150 covered credit transactions per year and Type B FIs originate
between 150 and 999 covered credit transactions per year. The Bureau
assumes that Type C FIs originate one out of three small business
applications and at least 1,000 covered credit transactions per
year.\77\
---------------------------------------------------------------------------
\77\ The Bureau chose the 1:2 and 1:3 application to origination
ratios based on two sources of information. First see Biz2Credit,
Small Business Loan Approval Rates Rebounded in May 2020: Biz2Credit
Small Business Lending Index (May 2020), https://cdn.biz2credit.com/appfiles/biz2credit/pdf/report-may-2020.pdf, which shows that, in
December of 2019, large banks approved small business loans at a
rate of 27.5 percent, while small banks and credit unions had
approval rates of 49.9 percent and 40.1 percent. Additionally, the
Bureau's supervisory data supports a 33 percent approval rate as a
conservative measure among these estimates for complex financial
institutions (Type C FIs).
---------------------------------------------------------------------------
The Bureau recognizes that the proposed changes, as discussed in
subsequent sections, will remove most Types A and B financial
institutions from coverage. However, the Bureau maintains both these
categorizations and assumptions in order to estimate compliance at
baseline and compare it to coverage under the proposals.
The Bureau understands that compliance costs vary across financial
institutions due to many factors, such as size, operational structure,
and product complexity, and that this variance exists on a continuum
that is very difficult or impossible to fully represent. Due to data
limitations, the Bureau is unable to capture many of the ways in which
compliance costs vary by institution,
[[Page 50972]]
and therefore uses these representative financial institution types
with the above assumptions for its analysis. In order to aggregate
costs to a market level, the Bureau must map financial institutions
onto its types using discrete volume categories.
For the hiring costs discussion in part IV.F.1.i and ongoing costs
discussion in part IV.F.1.ii below, the Bureau discusses costs in the
context of representative institutions for ease of exposition. The
Bureau assumes that a representative Type A FI receives 100 small
business credit applications per year, a representative Type B FI
receives 400 small business credit applications per year, and a
representative Type C FI receives 6,000 small business credit
applications per year. The Bureau further assumes that a representative
Type A FI originates 50 covered credit transactions per year, a
representative Type B FI originates 200 covered credit transactions per
year, and a representative Type C FI originates 2,000 covered credit
transactions per year.
1. Methodology for Estimating One-Time Compliance Costs
The one-time compliance cost estimation methodology for the
proposed rule described in this section is the same methodology that
the Bureau used in the 2023 final rule, unless otherwise noted.
The Bureau has identified the following nine categories of one-time
costs that will likely be incurred by financial institutions to develop
the infrastructure to collect and report data under the baseline and
the proposed rule:
1. Preparation/planning.
2. Updating computer systems.
3. Testing/validating systems.
4. Developing forms/applications.
5. Training staff and third parties (such as brokers).
6. Developing policies/procedures.
7. Legal/compliance review.
8. Post-implementation review of compliance policies and
procedures.
9. Hiring costs.\78\
---------------------------------------------------------------------------
\78\ The Bureau added this category in response to comments on
the 2021 proposed rule; it was not part of the 2020 survey discussed
below.
---------------------------------------------------------------------------
The Bureau also conducted a survey in 2020 regarding one-time
implementation costs for section 1071 compliance targeted at financial
institutions who extend small business credit.\79\ The survey collected
information on the number of employee hours and non-salary expenses
required to implement a section 1071 rule. The Bureau developed the
survey instrument based on guidance from industry on the potential
types of one-time costs institutions might incur if required to report
under a rule implementing section 1071 and tested the survey instrument
on a small set of financial institutions, incorporating their feedback
prior to implementation. The Bureau worked with several major industry
trade associations to recruit their members to respond to the survey. A
total of 105 financial institutions responded to the survey.
---------------------------------------------------------------------------
\79\ The One-Time Cost Survey was released on July 22, 2020; the
response period closed on October 16, 2020. The OMB control number
for this collection is 3170-0032. CFPB, Survey: Small Business
Compliance Cost Survey (July 22, 2020), https://files.consumerfinance.gov/f/documents/cfpb_1071-survey_2020-10.pdf.
---------------------------------------------------------------------------
Estimates from the 2020 survey respondents continue to form the
basis of the Bureau's estimates for one-time compliance costs in
assessing the impact of this proposed rule. The survey was broadly
designed to ask about the one-time costs of reporting data under a
regime that only included mandatory data points, used a reporting
structure similar to HMDA, used the Regulation B definition of an
``application,'' and used the respondent's own internal small business
definition.\80\ Therefore, the Bureau assumes that the tasks listed
above are associated with implementing both the 2023 final rule and the
proposed rule for institutions covered by each rule.
---------------------------------------------------------------------------
\80\ For more information about the 2020 survey and its
respondents, see part IX.E.1 of the 2023 final rule.
---------------------------------------------------------------------------
The Bureau assumes that the number of employee hours required to
implement each task has not changed but that the wages have changed to
reflect labor market developments. The Bureau assumes that each task
may require junior, mid-level, and senior staff hours to implement. For
junior staff, the Bureau uses $18.51, the 10th percentile hourly wage
estimate for ``loan officers'' according to the 2024 Occupational
Employment Statistics compiled by the Bureau of Labor Statistics.\81\
For mid-level staff, the Bureau uses $41.35, the estimated mean hourly
wage estimate for ``loan officers.'' For senior staff, the Bureau uses
$70.09, the 90th percentile hourly wage estimate for ``loan officers.''
To account for non-monetary compensation, the Bureau also scaled these
hourly wages up by 43 percent.\82\
---------------------------------------------------------------------------
\81\ See U.S. Bureau of Labor Stat., U.S. Dep't of Labor,
Occupational Employment and Wage Statistics (May 2024), https://www.bls.gov/oes/current/oes132072.htm.
\82\ The June 2025 Employer Costs for Employee Compensation from
the Bureau of Labor Statistics documents that wages and salaries
are, on average, about 70 percent of employee compensation for
private industry workers. The Bureau inflates the hourly wage to
account for 100 percent of employee compensation ((100/70)-1) * 100
= 43 percent). Press Release, U.S. Bureau of Labor Stat., U.S. Dep't
of Labor, USDL-25-1358, Employer Costs for Employee Compensation--
June 2025 (Sept. 12, 2025), https://www.bls.gov/news.release/pdf/ecec.pdf.
---------------------------------------------------------------------------
Finally, the Bureau assumes that the non-salary expenses necessary
to implement each one-time task have only changed according to
inflation, as measure the by the Consumer Price Index.\83\
---------------------------------------------------------------------------
\83\ The Bureau uses the CPI-U from the Bureau of Labor
Statistics and adjusts non-salary expenses to account for inflation
between December 2019 and June 2025. That is, the Bureau inflates
non-salary expenses by 26 percent. See U.S. Bureau of Labor Stat.,
U.S. Dep't of Labor, Databases, Tables & Calculators by Subject,
Consumer Price Index for All Urban Consumers (CPI-U) (Oct. 4, 2025),
https://data.bls.gov/timeseries/CUUR0000SA0.
---------------------------------------------------------------------------
For hiring costs, the Bureau also assumes that a covered financial
institution would need to hire enough full-time equivalent workers
(FTEs) to cover the estimated number of staff hours necessary to comply
with the either 2023 final rule or the proposed rule on an annual,
ongoing basis. In part IV.E.2 below, the Bureau describes how it
estimates the ongoing costs to comply with the 2023 final rule and the
proposed rule, including the number of hours of staff time an
institution needs per application. The Bureau assumes for the baseline
and the proposed rule that an FTE will work about 2,080 hours each year
(40 hours per week x 52 weeks = 2,080). The Bureau calculates that the
total number of FTEs that a covered financial institution will need to
hire as the number of hours per application multiplied by the estimated
number of applications received per year divided by 2,080, rounded up
to the next full FTE. For example, if an institution receives 500
applications per year and an employee spends one hour on each
application, it will need to hire one FTE ((1 * 500)/2080 = 0.24, which
is rounded up to the next full FTE, i.e., 1). In part IV.F.1.i, the
Bureau also confirms that the estimated additional staff can cover the
estimated staff hours required for implementing other one-time changes.
The Bureau calculates the hiring costs using the estimated cost-
per-hire of $4,683, estimated by the Society for Human Resource
Management.\84\ This estimated cost includes advertising fees,
recruiter pay and benefits, and employee referrals, among other
categories. For each covered financial institution, the estimated
hiring cost is
[[Page 50973]]
$4,683 multiplied by the estimated new FTEs required to comply with the
requirements of the 2023 final rule or the proposed rule. The estimated
total one-time costs are the sum of the estimated hiring costs and the
other one-time costs for that institution discussed above.
---------------------------------------------------------------------------
\84\ See Soc'y for Hum. Res. Mgmt., SHRM Benchmarking: Talent
Access Report, at 8 (2022), https://www.shrm.org/content/dam/en/shrm/research/benchmarking/Talent%20Access%20Report-TOTAL.pdf.
---------------------------------------------------------------------------
The Bureau assumes that some financial institutions covered by the
2023 final rule have already incurred some one-time costs in order to
comply with the rule. For institutions that would no longer be covered
under the proposed rule, those costs are sunk and cannot be recouped.
The Bureau believes that, while some one-time cost activities already
underway could be used for complying with this proposed rule, some of
those activities will need to be redone in order to comply. The Bureau
makes this rough assumption to capture this possibility and potential
sunk cost. As discussed above, the Bureau believes, to the extent this
has occurred, this reduces the institution's potential benefits under
this proposed rule. The Bureau does not have sufficient information
upon which to base its estimate of how much these institutions may have
already spent upgrading their systems and, instead, makes an assumption
that institutions that would no longer be covered under the proposed
rule, on average, will have incurred 25 percent of their baseline non-
hiring one-time costs. That is, institutions no longer covered by the
rule would save 75 percent of the estimated non-hiring one-time costs,
under the baseline, because they have not yet spent those resources.
The Bureau assumes that these institutions have not yet hired new
employees under the baseline. The Bureau believes these are reasonable
assumptions as to the extent of one-time costs already incurred by
these institutions. Under these assumptions, the total cost savings for
institutions that would no longer be covered is estimated to be 75
percent of the one-time costs of implementing tasks 1-8 listed above,
plus the expected hiring costs associated with the baseline. The Bureau
seeks comment on the validity of these assumptions and the extent to
which financial institutions have already incurred one-time costs to
comply with the 2023 final rule.
Institutions that were covered under the baseline may have
implemented changes to their processes and systems to comply with the
2023 final rule. If an institution would no longer be covered under the
proposed rule, some of these costs may be sunk. For example, the
institution may have developed a manual of policies and procedures that
are no longer required if the institution is no longer covered. To the
extent these institutions have already incurred these expenses, the
Bureau believes this reduces their one-time cost savings from the
proposed rule.
If an institution remains covered under the proposed rule, some of
their implementation may continue to be applicable under the proposed
rule. Other parts of their implementation may need to be changed to
comply the proposed rule, and thus the institution may incur the same
one-time cost again. For example, an institution that already started
designing data collection forms may have to change the design. The
Bureau includes incurring these expenses again as part of its
calculation for institutions that remain covered.
The Bureau does not have the requisite information to empirically
estimate how much of the one-time costs, under the baseline, any
institution is likely to have incurred. Therefore, the Bureau has
decided to make a simple assumption. The Bureau assumes that all
institutions will have incurred 25 percent of their non-hiring, one-
time costs, at baseline, in preparation to comply with the 2023 final
rule. For financial institutions that were covered under the 2023 final
rule but would not be covered under the proposed rule, the Bureau
assumes that the proposed rule will save the remaining 75 percent of
the non-hiring, one-time costs, at baseline, plus their hiring costs.
For institutions that are covered under the baseline and would be
covered under the proposed rule, the Bureau assumes that 25 percent of
one-time, non-hiring costs under the baseline have already been
incurred and are, likewise, sunk. Therefore, the one-time cost savings
for these institutions are the one-time hiring and non-hiring costs
under the proposed rule minus the one-time hiring costs and 75 percent
of the non-hiring costs under the baseline.
The Bureau seeks comments on its methodology for estimating one-
time costs. In particular, the Bureau seeks comments on whether
financial institutions that would have been covered under the 2023
final rule have already spent resources to implement the 2023 final
rule and, if so, on what they have spent those resources. Further, the
Bureau seeks comments on whether financial institutions that would be
covered by the proposed rule and have spent resources to implement the
2023 final rule could use those changes to comply with the proposed
rule.
2. Methodology for Estimating Ongoing Compliance Costs
In the 2023 final rule, the Bureau identified 15 specific data
collection and reporting activities that would impose ongoing
compliance costs for covered institutions and continues to use those
activities as an organization principle for its analysis of the impacts
of this proposed rule. Table 3 presents the full list of the 15
activities. The Bureau assumes that substantially the same activities
would be needed to comply with the proposed rule. Activities 1 through
3 can broadly be described as data collection activities: these tasks
are required to intake data and transfer it to the financial
institution's small business data entry system. Activities 4 through 10
are related to reporting and resubmission: these tasks are necessary to
collect required data, conduct internal checks, and report data
consistent with the 2023 final rule or the proposed rule. Activities 11
through 13 are related to compliance and internal audits: employee
training, and internal and external auditing procedures required to
ensure data consistency and reporting in compliance with the 2023 final
rule or the proposed rule. Finally, activities 14 and 15 are related to
small business lending examinations by regulators: these tasks would be
undertaken to prepare for and assist during regulatory compliance
examinations. For the purpose of this analysis and for consistency with
the 2023 final rule, the Bureau assumes that all financial institutions
covered under the proposed rule or the baseline will be subject to
regulatory compliance examinations and thus incur costs related to
activities 14 and 15.
Table 3 also provides an example of how the Bureau calculates
ongoing compliance costs associated with each compliance task. The
table shows the calculation for each activity and notes whether the
task would be a ``variable cost,'' which would depend on the number of
applications the institution receives, or a ``fixed cost'' that does
not depend on the number of applications. Table 3 shows these
calculations for a Type A FI, or the institution with the least amount
of complexity. Table 4 below summarizes the activities whose
calculation differs by institution complexity and shows the
calculations for Type B FIs and Type C FIs (where they differ from
those for a Type A FI).
[[Page 50974]]
Table 3--Ongoing Compliance Cost Calculations for a Type A FI
------------------------------------------------------------------------
No. Activity Calculation Type \85\
------------------------------------------------------------------------
1............... Transcribing data. Hourly Variable.
compensation x
hours per app. x
applications.
2............... Resolving Hourly Variable.
reportability compensation x
questions. hours per app.
with question x
applications
with questions.
3............... Transfer to Data Hourly Variable.
Entry System, compensation x
Loan Origination hours per app. x
System, or other applications.
data storage
system.
4............... Complete geocoding Hourly Variable.
data. compensation x
hours per app. x
applications.
5............... Standard annual Hourly Fixed.
edit and internal compensation x
checks. hours spent on
edits and checks.
6............... Researching Hourly Variable.
questions. compensation x
hours per app.
with question x
applications
with questions.
7............... Resolving question Hourly Variable.
responses. compensation x
hours per app.
with question x
applications
with questions.
8............... Checking post- Hourly Variable.
submission edits. compensation x
hours checking
post-submission
edits per
application.
9............... Filing post- Hourly Fixed.
submission compensation x
documents. hours filing
post-submission
docs.
10.............. Small business Uses free Fixed.
data reporting/ geocoding
geocoding software.
software.
11.............. Training.......... Hourly Fixed.
compensation x
hours of
training per
year x number of
loan officers.
12.............. Internal audit.... No internal audit Fixed.
conducted by
financial
institution
staff.
13.............. External audit.... One external Fixed.
audit per year.
14.............. Exam preparation.. Hourly Fixed.
compensation x
hours spent on
examination
preparation.
15.............. Exam assistance... Hourly Fixed.
compensation x
hours spent on
examination
assistance.
------------------------------------------------------------------------
Many of the activities in Table 3 require time spent by loan
officers and other financial institution employees. To account for time
costs, the calculation uses the hourly compensation of a loan officer
multiplied by the amount of time required for the activity. The Bureau
uses a mean hourly wage of $41.35 for loan officers, based on data from
the Bureau of Labor Statistics.\86\ To account for non-monetary
compensation, the Bureau scales this hourly wage by 43 percent to
arrive at a total hourly compensation of $59.07 for use in these
calculations.\87\ As an example of a time calculation, the Bureau
assumes that transcribing the data points that would be required under
the baseline would require approximately 11 minutes per application for
a Type A FI. The calculation multiplied the number of minutes by the
number of applications and the hourly compensation to arrive at the
total cost, on an annual basis, of transcribing data. As another
example, the Bureau assumes that ongoing training for loan officers to
comply with a financial institution's 1071 policies and procedures
would take about two hours per loan officer per year. The cost
calculation multiplies the number of hours by the number of loan
officers and by the hourly compensation.
---------------------------------------------------------------------------
\85\ In this table, the term ``variable'' means the compliance
cost depends on the number of applications. The term ``fixed'' means
the compliance cost does not depend on the number of applications
(even if there are other factors upon which it may vary).
\86\ These data reflect the mean hourly wage for ``loan
officers'' according to the 2024 Occupational Employment Statistics
compiled by the Bureau of Labor Statistics. See U.S. Bureau of Labor
Stat., U.S. Dep't of Labor, Occupational Employment and Wages
Statistics (May 2024), https://www.bls.gov/oes/current/oes132072.htm.
\87\ The June 2025 Employer Costs for Employee Compensation from
the Bureau of Labor Statistics documents that wages and salaries
are, on average, about 70 percent of employee compensation for
private industry workers. The Bureau inflates the hourly wage to
account for 100 percent of employee compensation ((100/70)-1) * 100
= 43 percent). Press Release, U.S. Bureau of Labor Stat., U.S. Dep't
of Labor, USDL-25-1358, Employer Costs for Employee Compensation--
June 2025 (Sept. 12, 2025), https://www.bls.gov/news.release/pdf/ecec.pdf.
---------------------------------------------------------------------------
In the 2023 final rule, the Bureau explained how it arrived at its
assumed number of hours required per task and makes the same
assumptions in this proposed rule.
Some activity costs in Table 3 depend on the number of
applications. It is important to differentiate between these variable
costs and fixed costs that do not depend on number of applications
because the type of cost impacts whether and to what extent covered
institutions might be expected to pass on their costs to small business
loan applicants in the form of higher interest rates or fees (discussed
in more detail in part IV.F.2 below). Data collection, reporting, and
submission activities such as geocoding data, standard annual edits and
internal checks, researching questions, and resolving question
responses are variable costs. All other activities are fixed costs
because they do not depend on the overall number of applications being
processed. An example of a fixed cost calculation is exam preparation,
where the hourly compensation is multiplied by the number of total
hours required by loan officers to prepare for 1071-related compliance
examinations.
Table 4 shows where and how the Bureau assumes Type B FIs and Type
C FIs differ from Type A FIs for the purposes of evaluating ongoing
cost. Table 4 shows the activities where the assumptions differ from
those in Table 3. Type B FIs and Type C FIs use more automated
procedures, which result in different cost calculations. For example,
for Type B FIs and Type C FIs, transferring data to the data entry
system and geocoding applications are done automatically by business
application data management software licensed annually by the financial
institution. The relevant address is submitted for geocoding via batch
processing, rather than done manually for each application. The
additional ongoing geocoding costs reflect the time spent by loan
officers on ``problem'' applications--that is, a percentage of overall
applications that the geocoding software misses--rather than time spent
on all applications. However, Type B FIs and Type C FIs have the
additional ongoing cost of a subscription to a geocoding software or
service as well as a data management software that represents an annual
fixed cost of reporting 1071 data. This is an additional ongoing cost
that the less complex Type A FIs would not have incurred. The Bureau
expects that Type A FIs will use free geocoding software available from
the FFIEC or the Bureau, which may include a new batch
[[Page 50975]]
function that could be developed by either the FFIEC or the Bureau.
Additionally, audit procedures differ between the three
representative institution types. The Bureau expects a Type A FI would
not conduct an internal audit but would pay for an annual external
audit. A Type B FI would be expected to conduct a simple internal audit
for data checks and also pay for an external audit on an annual basis.
Type C FIs would have a sophisticated internal audit process in lieu of
an external audit.
Table 4--Differences in Ongoing Cost Calculations for Type B FIs and
Type C FIs Versus Type A FIs
------------------------------------------------------------------------
Difference for a Difference for a
No. Activity Type B FI Type C FI
------------------------------------------------------------------------
3.............. Transfer to Data No employee time No employee time
Entry System. cost. cost.
Automatically Automatically
transferred by transferred by
data management data management
software software
purchased/ purchased/
licensed. licensed.
4.............. Complete Cost of time per Few applications
geocoding data. application that require
unable to be manual
geocoded by attention.
software. Completed by
third-party
software vendor.
10............. Small business Uses geocoding Uses geocoding
data reporting/ software and/or software and/or
geocoding data management data management
software. software that software that
requires annual requires annual
subscription. subscription.
12............. Internal Audit... Hourly Hourly
compensation x compensation x
hours spent on hours spent on
internal audit. internal audit.
13............. External Audit... Yearly fixed Only an extensive
expense on internal audit
external audit. and no expenses
on external
audits.
------------------------------------------------------------------------
Table 5 below shows major assumptions that the Bureau makes for
each activity for each type of financial institution. Based on the
proposed rule and inflation, the Bureau has made changes to
corresponding assumptions from the 2023 final rule where appropriate.
In particular, the proposed changes eliminating several data points are
the biggest source of changes to the assumptions relative to the 2023
final rule. Because fewer data point would be collected under the
proposed rule than under the 2023 final rule, the Bureau assumes that
tasks which depend on the number of data points would see a reduction
in required employee hours. The Bureau has also updated the assumed
fixed cost of software and audits to account for inflation. Table 5
also shows the number of hours assumed in the baseline scenario, for
comparison.
Table 5 provides the total number of hours the Bureau assumes are
required for each task that requires labor. For example, the Bureau
assumes that transcribing data for 100 applications will require 14
hours of labor. The table also shows the assumed fixed cost of software
and audits, as well as areas where the Bureau assumes there would be
cost savings due to use of technology. In several cases, the activity
described in a row does not apply to financial institutions of a
certain type and is therefore entered in the table as not applicable
(N/A).
Table 5--Major Assumptions for the Representative Type A FIs, Type B FIs, and Type C FIs,\88\ Under the Proposed
Rule and the Baseline \89\
----------------------------------------------------------------------------------------------------------------
No. Activity Type A FI Type B FI Type C FI
----------------------------------------------------------------------------------------------------------------
1................... Transcribing data.... 14 hours total (19 26 hours total (38 414 hours total (571
baseline). baseline). baseline).
2................... Resolving 8 hours total (11 17 hours total (23 25 hours total (34
reportability baseline). baseline). baseline).
questions.
3................... Transfer to 1071 data 14 hours total (19 N/A.................. N/A.
management software. baseline).
4................... Complete geocoding 7 hours total; 10 hours total (0.5 N/A.
data. reduction in time hours per
cost relative to ``problem'' loan x
HMDA for software 5% of loans that are
with batch ``problem'').
processing.
5................... Standard annual edit 13 hours total; 259 hours total; 537 hours total;
and internal checks. reduction for online reduction for online reduction for online
submission platform submission platform submission platform
(18 baseline). (357 baseline). (741 baseline).
6................... Researching questions 4 hours total (6 8 hours total (11 12 hours total (17
baseline). baseline). baseline).
7................... Resolving question 1 hour total......... 1 hour total......... 1 hour total.
responses.
8................... Checking post- 1 hour total......... 3 hours total (5 13 hours total (18
submission edits. baseline). baseline).
9................... Filing post- <1 hour total........ <1 hour total........ <1 hour total.
submission documents.
10.................. 1071 data management N/A.................. $10,080.............. $17,199.
system/geocoding
software.
11.................. Training............. 24 hours total....... 120 hours total...... 800 hours total.
12.................. Internal audit....... N/A.................. 8 hours total........ 2,304 hours total.
13.................. External audit....... $4,410............... $6,300............... N/A.
14.................. Exam preparation..... <1 hour total........ 80 hours total....... 480 hours total.
15.................. Exam assistance...... 2 hours total........ 12 hours total....... 80 hours total.
----------------------------------------------------------------------------------------------------------------
The Bureau requests comment on the assumptions presented in this
section.
---------------------------------------------------------------------------
\88\ As discussed above, the representative Type A, Type B, and
Type C FIs are assumed to receive, respectively, 100, 400 and 6,000
applications.
\89\ Row numbers correspond to row numbers in previous tables.
---------------------------------------------------------------------------
3. Methodology for Generating Market-Level Estimates of Costs and
Benefits
To generate small business lending market-level impacts estimates,
the Bureau relies on the same estimates of small business lending
originations described in part IV.D. above, which is the same as the
methodology used in the 2023 final rule, unless otherwise noted. As
with institutional coverage, the Bureau separates market-level impact
estimates into estimates for depository institutions and for
nondepository institutions. The Bureau also separates
[[Page 50976]]
market-level impact estimates for institutions that would be covered
under the proposed rule and those that are covered under the 2023 final
rule but would no longer be covered under the proposed rule.
Under the proposed rule, an institution would be required to report
data on applications received in 2023 if it originated at least 1,000
covered originations in both 2022 and 2023. Under the 2023 final rule,
an institution would have been required to report data on applications
received in 2023 if it originated at least 100 covered originations in
2022 and 2023, including loans to small farms.
If two depository institutions merged between the end of 2022 and
the end of 2023, the Bureau assumes that those institutions would
report as one entity. Under the baseline, the Bureau categorizes each
institution as a Type A DI, Type B DI, or Type C DI, as defined at the
beginning of this part IV.E, based on its small business and small farm
loan originations in 2023. Under the proposed rule, the Bureau
categorizes each institution by type according to only its small
business loan originations in 2023.\90\ Depository institutions with 0
to 149 covered originations in 2023 are categorized as Type A.
Depository institutions with 150 to 999 covered originations are
categorized as Type B. Depository institutions with 1,000 or more
covered originations are categorized as Type C. Thus, all depository
institutions that would be covered by the proposed rule are categorized
as Type C, given the new reporting threshold of 1,000 loans originated
in the proposed rule. Depository institutions of Types A and B are
either not covered under either the baseline or the proposed rule or
switched from being covered under the baseline to not being covered
under the proposed rule.
---------------------------------------------------------------------------
\90\ For example, a financial institution could be considered
Type B under the baseline and Type A under the proposed rule due to
its volume of small farm loans.
---------------------------------------------------------------------------
For each depository institution, the Bureau assigns the appropriate
estimated one-time compliance costs (including hiring cost as a
function of estimated applications), ongoing fixed compliance cost,
ongoing variable compliance cost per application, and applications per
origination estimates associated with its institution type for both the
baseline and the proposed rule. The estimated number of annual
applications for each institution is the estimated number of
originations multiplied by the assumed number of applications per
origination for that institution type (see part IV.E above). The annual
ongoing compliance cost for each institution (under either the baseline
or the proposed rule) is the ongoing fixed compliance cost plus the
ongoing variable compliance cost per application multiplied by the
estimated number of applications. The one-time hiring cost for each
institution is the estimated number of applications multiplied by the
annual staff hours per application divided by 2,080, rounded up to the
next full FTE, multiplied by the cost-per-hire. For each institution,
the Bureau calculates the changes in one-time costs and ongoing costs
for the proposed rule relative to the baseline.
As shown in part IV.F.1.ii, the Bureau estimates that under the
proposed rule every impacted financial institution would experience a
decrease in ongoing costs relative to the baseline, thus resulting in a
benefit for every institution. For institutions that are covered both
at baseline and under the proposed rule, the decrease in ongoing costs
stems from reductions in variable compliance costs from, mainly,
needing to report fewer data points and, potentially, fewer
applications. Institutions that were covered under the 2023 final rule
but are not covered under the proposed rule would have had to pay
ongoing costs to comply with the baseline. Since those institutions are
no longer covered, their ongoing costs decrease to zero.
The Bureau estimates that all institutions that were previously
covered at baseline but that would no longer be covered under the
proposed rule would incur the benefit of cost savings on one-time
costs. As discussed in part IV.E.1, the Bureau believes that, under the
proposal, these institutions would receive a benefit that is 75 percent
of their non-hiring one-time costs plus their estimated hiring costs at
baseline. For institutions that would continue to report under the
proposed rule, they would experience a benefit in the form of reduced
one-time hiring costs.
To generate market-level estimates, the Bureau sums the changes
over institutions. The Bureau reports market-level impacts separately
for covered and no longer covered institutions and for whether or not
the one-time costs will yield a cost or a benefit. As with coverage
estimates, the Bureau presents a range for market-level estimates. The
range reflects the uncertainty associated with the estimate of costs
for banks and savings associations below the CRA reporting threshold.
The Bureau has documented how it calculates these ranges as part of the
2023 final rule rulemaking process in its Supplemental estimation
methodology for institutional coverage and market-level cost estimates
in the small business lending rulemaking.\91\
---------------------------------------------------------------------------
\91\ See CFPB, Supplemental estimation methodology for
institutional coverage and market-level cost estimates in the small
business lending rulemaking (Mar. 30, 2023), https://www.consumerfinance.gov/data-research/research-reports/supplemental-estimation-methodology-institutional-coverage-market-level-cost-estimates-small-business-lending-rulemaking/.
---------------------------------------------------------------------------
The Bureau is unaware of institution-level data on originations by
nondepository institutions that are comprehensive enough to estimate
costs using the same method as that for depository institutions.
Therefore, to generate market-level estimates for nondepository
institutions, the Bureau relies on the estimates of the number of
nondepository institutions discussed in part IV.D and several key
assumptions, which it also relied on for estimating the impacts of the
2023 final rule. The Bureau assumes that fintech lenders and merchant
cash advance providers are Type C FIs because they generally have more
automated systems and originate more loans.\92\ The Bureau assumes that
the remaining nondepository institutions are Type B FIs. The Bureau
assumes that each nondepository receives the same number of
applications as the representative institution for each type, as
described above. Hence, the Bureau assumes that fintech lenders and
merchant cash advance providers each receive 6,000 applications per
year and all other nondepository institutions receive 400 applications
per year. As in the 2023 final rule and above, the Bureau also assumes
that all nondepository institutions have the same one-time costs as
each other. The Bureau calculates changes in one-time and ongoing costs
in a similar manner to the methods described above and presents market-
level estimates for nondepository institutions that remain covered and
that are no longer covered by the proposed rule.
---------------------------------------------------------------------------
\92\ The Bureau includes merchant cash advance providers in the
estimates of the baseline but not in the estimates of the proposed
rule. The Bureau assumes that merchant cash advance providers are
Type C for the purposes of estimating their impacts from not being
covered by the proposed rule.
---------------------------------------------------------------------------
[[Page 50977]]
The Bureau seeks comments on its methodology for estimating impacts
of the proposed rule.
F. Potential Benefits and Costs to Impacted Financial Institutions and
Small Businesses
1. Benefits to Impacted Financial Institutions
i. One-Time Cost Savings of Impacted Financial Institutions
Using the methodology described in part IV.E.1 above, Table 6 shows
the estimated total expected one-time costs of the proposed rule for
the first eight cost categories for financial institutions covered by
the proposed rule or under the baseline, as well as a breakdown by the
eight component categories that comprise the one-time costs for Type A
DIs, Type B DIs, Type C DIs, and Non-DIs.\93\ The final cost category,
hiring costs, is discussed later in this section. The Bureau notes that
the estimated costs presented in Table 6 differ slightly from the
estimated costs presented in the 2023 final rule. This difference is
due to inflation adjustments for non-salary expenses and updated wage
rates.
---------------------------------------------------------------------------
\93\ The estimated one-time costs by cost category for each FI
type is the sum of the wages multiplied by the estimated staff hours
plus the non-salary expenses. For example, the Bureau expects that
for preparation and planning for the final rule, on average, a Type
A DI will pay senior staff $100.13 x 38 hours (= $3,804.94), mid-
level staff $59.07 x 43 hours (= $2,540.01), and junior staff $26.44
x 21 hours (= $555.24). The total estimated cost is $6,900.19
rounded to $6,900, because a Type A DI is not expected to pay non-
salary expenses for preparation and planning.
Table 6--Estimated One-Time Costs by Cost Category and FI Type
----------------------------------------------------------------------------------------------------------------
No. Category Type A DI Type B DI Type C DI Non-DI
----------------------------------------------------------------------------------------------------------------
1..................... Preparation/planning.... $6,900 $7,900 $22,000 $16,300
2..................... Updating computer 20,200 21,100 8,000 70,000
systems.
3..................... Testing/validating 13,000 3,400 12,500 8,700
systems.
4..................... Developing forms/ 4,800 3,400 5,000 4,800
applications.
5..................... Training staff and third 3,800 5,000 5,800 3,400
parties.
6..................... Developing policies/ 4,500 2,700 3,900 4,700
procedures.
7..................... Legal/compliance review. 8,900 3,400 8,300 4,200
8..................... Post-implementation 5,400 4,900 19,800 1,900
review.
---------------------------------------------------------------
Total................ 67,300 51,700 85,400 114,000
----------------------------------------------------------------------------------------------------------------
In addition to these one-time costs, the Bureau estimates the one-
time hiring costs for the additional FTEs a financial institution
expects to hire based on the number of applications the institution
expects to receive each year. For financial institutions that would no
longer be covered under the proposed rule, the Bureau calculates the
benefit resulting from the cost savings of no longer needing to hire
more employees. The Bureau anticipates that financial institutions that
continue to be covered under the proposal may also experience moderate
cost savings because they may report fewer loans under the proposed
rule relative to the baseline and, as a result, may have to hire fewer
employees.
The Bureau estimates that there are financial institutions covered
under the baseline that would no longer be covered under this proposed
rule. These institutions will see a benefit in the form of savings on
one-time compliance costs, since the Bureau assumes they would not
incur additional one-time costs as a result of the proposed rule. Also,
as discussed in part IV.E.1, the Bureau expects that these financial
institutions will have already incurred 25 percent of the baseline non-
hiring costs preparing to comply with the 2023 final rule. The full
amount of savings by institutions that would no longer be covered are
75 percent of the non-hiring costs and the full amount of the hiring
costs. The Bureau assumes that financial institutions that are covered
under both the baseline and the proposed rule would still incur one-
time costs to implement changes to comply with the proposed rule but
may see a reduction in one-time hiring costs due to, potentially,
needing fewer new employees to comply with the proposed rule relative
to the baseline.
In the discussion about ongoing cost in part IV.F.3.ii below, the
Bureau explains how it estimates the number of staff hours per
application required to comply with the proposed rule or under the
baseline. Under the proposed rule, the Bureau estimates a Type C FI,
the only type that will be covered, requires 0.78 hours per
application. Under the baseline, the Bureau estimates that a Type A FI
requires 1.1 hours per application, a Type B FI requires 1.66 hours per
application, and a Type C FI requires 0.84 hours per application.
For the purposes of exposition, the Bureau presents the estimated
number of FTEs for representative financial institutions. For the
market-level estimates, the Bureau estimates the number of staff hours
required based on the estimated number of applications each depository
institution receives.
As assumed in part IV.E, the representative Type A DI receives 100
applications annually, requiring 110 hours to comply with the 2023
final rule. Under the assumptions described in part IV.E.1, the
representative Type A DI would have needed to hire one additional FTE
at a one-time cost of $4,683 to cover the expected annual staff hours
required to comply with the 2023 final rule on an ongoing basis. This
additional staff would also have to be able to cover the staff hours
required to implement one-time changes because, on average, a Type A DI
would require 716 staff hours for one-time changes (see Table 12 in the
2023 final rule). Under the baseline, a Type A DI would have incurred
about $67,300 in non-hiring one-time costs. As discussed above, the
Bureau assumes that a Type A DI, on average, already would have spent
25 percent of its non-hiring one-time costs, or about $16,825, to
implement the 2023 final rule, costs which cannot be recouped.
Therefore, the Bureau estimates that the representative Type A DI would
save $4,683 in one-time hiring costs and about $50,475 in non-hiring
one-time costs by no longer being covered under the proposed rule, for
a total of about $55,175 in cost savings.
The Bureau assumes that a representative Type B DI receives 400
applications annually, requiring 654
[[Page 50978]]
hours to comply with the 2023 final rule. This DI would have needed to
hire one additional FTE at a one-time cost of $4,683. This additional
staff would also be able to cover the 461 staff hours, on average,
required to implement one-time changes for a Type B DI. Under the
baseline, a Type B DI would have incurred about $51,700 in non-hiring
one-time costs. The Bureau assumes that a Type B DI, on average, would
have already spent 25 percent of its non-hiring one-time costs, about
$12,925, to implement the 2023 final rule, costs which cannot be
recouped. Therefore, the Bureau estimates that the representative Type
B DI will save $4,683 in one-time hiring costs and about $38,775 in
non-hiring one-time costs by no longer being covered under the proposed
rule, for a total of about $43,475 in cost savings.
A representative Type C DI, which the Bureau assumes would remain
covered under the proposed rule and receives 6,000 applications, would
see no one-time cost savings as a result of the proposed rule. In part
IV.F.3 below, the Bureau describes how these institutions may
experience a one-time adjustment cost under the proposed rule. The
representative Type C DI does not incur any one-time hiring cost
savings as a result of the proposed rule because it receives the same
number of applications as under the baseline.\94\ In general, a covered
institution may require fewer additional employees to comply with the
proposed rule than it did with the baseline if the institution's number
of reportable applications decreases sufficiently. Such an institution
would receive one-time cost savings of $4,683 for every fewer employee
it requires to comply with the proposed rule relative to the
baseline.\95\
---------------------------------------------------------------------------
\94\ This is by assumption, because the representative Type C DI
is defined by the number of applications it processes.
\95\ For example, if a Type CI DI needed five additional
employees to comply with the baseline and only three additional
employees to comply with the proposed rule, then that institution
would save 2 x $4,683 = $9,366.
---------------------------------------------------------------------------
The Bureau assumes that most nondepository institutions are
primarily Type B and Type C FIs, so the estimated staff hours to cover
ongoing tasks discussed above apply here. For one-time tasks, the
Bureau estimates that a nondepository institution would require about
664 staff hours, on average, to implement one-time changes necessary to
comply with either the baseline or the proposed rule. One additional
FTE would be sufficient to cover these hours if the institution
reallocates some tasks across staff. The Bureau estimates that all
nondepositories would require about $114,000 to comply with the
proposed rule or the baseline. Type B nondepositories and Type C
merchant cash advance providers would no longer be covered under the
proposed rule. Therefore, following similar logic as above, a Type B
nondepository would receive cost savings of $90,200 and a Type C
merchant cash advance provider would receive cost savings of $99,600.
As mentioned above, the Bureau realizes that one-time costs vary by
institution due to many factors, and that this variance exists on a
continuum that is very difficult or impossible to fully represent. The
Bureau focuses on representative types of financial institutions in
order to generate practical and meaningful estimates of costs. As a
result, the Bureau expects that individual financial institutions could
have slightly different one-time costs or cost savings than the average
estimates presented here.
Summing across institutions as described in part IV.E.3, the Bureau
estimates that the total one-time hiring and non-hiring cost savings
for depository institutions that would no longer be covered under the
proposed rule would be between $68,900,000 and $76,700,000. Using a 7
percent discount rate and a 10-year amortization window, the annualized
one-time cost savings for depository institutions that are no longer
covered under the proposed rule would be between $9,800,000 and
$10,900,000.\96\ The Bureau estimates that the total hiring and non-
hiring one-time cost savings for nondepository institutions that would
no longer be covered under the proposed rule would be about
$14,900,000. Using a 7 percent discount rate and a 10-year amortization
window, the annualized one-time cost savings for nondepository
institutions that are no longer covered under the rule would be about
$2,100,000. The Bureau estimates that some covered institutions would
receive cost savings from needing to hire fewer staff under the
proposed rule. The estimated total market value of these one-time
hiring cost savings would be between $3,900,000 and $4,300,000. Using a
7 percent discount rate and a 10-year amortization window, the
annualized one-time cost savings for such institutions would be between
$560,000 and $610,000. Covered institutions would also incur one-time
adjustment costs, which are discussed in part IV.F.3. In total, the
Bureau estimates the total one-time costs savings of the proposed rule
across all impacted financial institutions would be between $87,700,000
and $95,900,000, with an annualized amount between $12,500,000 and
$13,700,000.\97\
---------------------------------------------------------------------------
\96\ The Bureau annualizes one-time costs using a 7 percent
discount rate and a 10-year amortization schedule. OMB recommends
using 3 percent and 7 percent discount rates to calculate annualized
costs in Memo M-25-24. OMB does not provide guidance on the
appropriate length of the amortization schedule. M-25-24, Memo for:
Regul. Pol'y Officers at Exec. Dep'ts & Agencies and Managing and
Exec. Dir. of Certain Agencies & Comm'n from Jeffrey B. Clark, Off.
of Mgmt. & Budget (April 17, 2025), https://www.whitehouse.gov/wp-content/uploads/2025/02/M-25-24-Interim-Guidance-Implementing-Section-3-of-Executive-Order-14215-Titled-Ensuring-Accountability-for-All-Agencies.pdf. The Bureau uses a 10-year schedule as a
reasonable time horizon over which a financial institution might
spread its costs.
\97\ Assuming the same 7 percent discount rate and a 10-year
amortization window as above.
---------------------------------------------------------------------------
The Bureau seeks comments on the one-time cost savings estimates
presented here. In particular, the Bureau seeks comment on whether 10
years is a reasonable time horizon over which a financial institution
might spread its implementation costs.
ii. Ongoing Cost Savings to Impacted Financial Institutions
To estimate ongoing costs at baseline, the Bureau first reproduces
Table 16 of the 2023 final rule as Table 7 below, with minor
modifications reflecting changes in wage rates and inflation, as
discussed in part IV.E. This table shows what the Bureau would expect
the annual ongoing costs to be at baseline. This table shows the total
estimated annual ongoing costs at baseline as well as a breakdown by
the 15 activities that give rise to ongoing costs for Type A FIs, Type
B FIs, and Type C FIs. The bottom of the table shows the total
estimated annual section 1071 ongoing compliance cost, at baseline, for
each type of institution, along with the total cost per application
processed by the financial institution. To produce the estimates in
this table, the Bureau used the calculations described in Tables 3 and
4 above and the assumptions relating to each activity in Table 5.
[[Page 50979]]
Table 7--Estimated Ongoing Costs per Compliance Task and FI Type at Baseline
----------------------------------------------------------------------------------------------------------------
No. Activity Type A FI Type B FI Type C FI
----------------------------------------------------------------------------------------------------------------
1............................. Transcribing data............... $1,181 $2,250 $33,754
2............................. Resolving reportability 236 473 709
questions.
3............................. Transfer to 1071 Data Management 1,181 0 0
Software.
4............................. Complete geocoding data......... 148 591 300
5............................. Standard annual edit and 544 11,863 29,825
internal checks.
6............................. Researching questions........... 294 587 881
7............................. Resolving question responses.... 0 0 0
8............................. Checking post-submission edits.. 7 28 112
9............................. Filing post-submission documents 15 15 15
10............................ 1071 Data Management software/ 0 10,080 17,199
geocoding software.
11............................ Training........................ 1,425 7,124 47,492
12............................ Internal audit.................. 0 473 136,097
13............................ External audit.................. 4,410 6,300 0
14............................ Exam preparation................ 15 4,726 28,354
15............................ Exam assistance................. 124 744 4,962
-----------------------------------------------
Total........................ 9,580 45,253 299,700
Per application................. 96 113 50
----------------------------------------------------------------------------------------------------------------
The Bureau estimates that, at baseline, a representative low
complexity Type A FI would incur around $9,580 in total annual ongoing
costs, or about $96 in total cost per application processed (assuming
100 applications per year). The Bureau estimates that a representative
middle complexity Type B FI, which is somewhat automated, would incur
approximately $45,253 in total annual ongoing costs, or around $113 per
application (assuming a representative 400 applications per year). The
Bureau estimates a representative high complexity Type C FI, would
incur $299,700 of total annual ongoing costs, or $50 per application
(assuming a representative 6,000 applications per year).
To estimate the expected ongoing costs for an institution that
would remain covered under the proposal, the Bureau used the
assumptions in Table 5 above, which characterize the decrease in the
number of employee hours necessary for compliance occurring as a result
of the proposed changes. Table 8 below reproduces Table 16 from the
2023 final rule \98\ accounting for the expected effects of the
proposed rule.
---------------------------------------------------------------------------
\98\ 88 FR 35150, 35510-11.
Table 8--Estimated Ongoing Costs per Compliance Task and FI Type, Under the Proposed Rule
----------------------------------------------------------------------------------------------------------------
No. Activity Type A FI Type B FI Type C FI
----------------------------------------------------------------------------------------------------------------
1............................. Transcribing data............... $879 $1,631 $24,472
2............................. Resolving reportability 171 343 514
questions.
3............................. Transfer to 1071 Data Management 879 0 0
Software.
4............................. Complete geocoding data......... 148 591 300
5............................. Standard annual edit and 520 10,803 25,219
internal checks.
6............................. Researching questions........... 231 462 693
7............................. Resolving question responses.... 0 0 0
8............................. Checking post-submission edits.. 5 21 83
9............................. Filing post-submission documents 15 15 15
10............................ 1071 Data Management System/ 0 10,080 17,199
geocoding software.
11............................ Training........................ 1,429 7,143 47,623
12............................ Internal audit.................. 0 473 136,097
13............................ External audit.................. 4,410 6,300 0
14............................ Exam preparation................ 15 4,726 28,354
15............................ Exam assistance................. 127 764 5,092
-----------------------------------------------
Total........................ 8,829 43,351 285,660
Per application................. 88 108 48
----------------------------------------------------------------------------------------------------------------
For institutions that would remain covered under the proposed rule,
the Bureau estimates that a representative low complexity Type A FI
would incur around $8,829 in total annual ongoing costs, or about $88
in total cost per application processed (assuming 100 applications per
year). The Bureau estimates that a representative middle complexity
Type B FI, which is somewhat automated, would incur approximately
$43,351 in ongoing costs per year, or around $108 per application
(assuming a 400 applications per year). The Bureau estimates a
representative high complexity Type C FI would incur $285,660 of annual
ongoing costs, or $48 per application (assuming 6,000 applications per
year).
Under the proposed changes, some FIs would no longer be required to
collect and report small business application data because they have
more than 100 but fewer than 1,000 covered credit transactions. These
FIs would no longer incur annual ongoing compliance costs from the
small business data collection rule. Therefore, they will experience a
benefit in the form of relief
[[Page 50980]]
from the ongoing costs they incurred under the baseline. This annual
total would be $9,580, $45,253, and $299,700 for Type A, Type B, and
Type C FIs, respectively.
Also under the proposed changes, FIs that continue to be covered
and therefore required to collect and report small business application
data would experience a benefit in the form of reduced annual ongoing
compliance costs. The amount of the reduction is the difference between
the costs expected to be incurred under the proposed changes (those
found in Table 8) and those expected at baseline (those found in Table
7). The annual total of this expected benefit would be $751, $1,902,
and $14,040 for Type A, Type B, and Type C FIs, respectively.
Summing across institutions as described in part IV.E.3, the Bureau
estimates that the total annual ongoing cost savings for depository
institutions that would remain covered under the proposed rule will be
between about $18,000,000 and $20,000,000 per year. The Bureau
estimates that the total annual ongoing cost savings for nondepository
institutions that would be covered under the proposed rule would be
about $400,000 per year.
Summing across institutions as described in part IV.E.3, the Bureau
estimates that the total annual ongoing cost savings for depository
institutions that were covered under the baseline but would no longer
be covered under the proposed rule would be between about $88,000,000
and $101,000,000 per year. The Bureau estimates that the total annual
ongoing cost savings per year for nondepository institutions that would
no longer be covered by the proposed rule would be about $44,000,000
per year.
Therefore, the estimated total annual ongoing cost savings for all
impacted institutions attributable to the proposed rule is between
$151,000,000 and $166,000,000 per year, including both depository and
nondepository institutions.
Financial institutions may also experience benefits under the
proposal in the form of fewer reputational risks and fewer resources
spent on responding to analyses of their small business credit
application data alleging credit access disparities. The public nature
of any dataset will allow the general public to analyze the data, which
can result in accusations of fair lending violations or potential
misrepresentations, which, the Bureau has acknowledged, could result in
a cost to financial institutions. In the 2023 final rule, the Bureau
discussed how small entity representatives during the SBREFA process
and commenters on the 2021 proposed rule raised this as an expected
form of cost. The Bureau is unable to quantify this cost but does
expect that this proposed rule would benefit FIs by reducing such
costs. FIs that would no longer be covered under the proposed rule
would no longer be expected to incur any reputational risks or costs of
responding to analyses as their data would no longer be submitted or
published. For entities that remain covered, the reduction in the
number of data points, particularly pricing data, reduce expected
reputational risks.
2. Benefits to Small Businesses
The Bureau believes that any direct costs to small businesses from
completing additional fields on small business credit applications
would be minimal (particularly since the only applicant-provided data
the Bureau is proposing to remove is the number of workers and LGBTQI+-
owned business status; the remaining fields are data generated by the
financial institution) and therefore small businesses would not benefit
from the proposed rule changes in this way. Instead, the Bureau expects
that small businesses will primarily benefit in the form of cost
savings from financial institutions passed through to small businesses
in the form of lower fees or interest rates.
In the 2023 final rule, the Bureau discussed how, based on economic
theory and evidence from the Bureau's own survey, financial
institutions would most likely react to compliance costs by raising
prices and fees. In particular, the Bureau expected that ongoing
variable costs would be passed through in their entirety. The proposed
rule would eliminate ongoing variable costs for institutions that would
no longer be covered and would reduce ongoing variable costs for
institutions that remain covered.
The Bureau estimates that the per application ongoing variable
cost, at baseline, is $34 for Type A FIs, $28 for Type B FIs, and $8
for Type C FIs. According to the analysis above, this is the expected
benefit that would accrue to applicants at institutions that were
covered at baseline but would no longer be covered under the proposed
rule. For institutions that would continue to report under the proposed
rule, the difference between the ongoing variable cost at baseline and
under the proposed rule is $7 for Type A FIs, $2 for Type B FIs, and $1
for Type C FIs. This difference is what the Bureau expects to be passed
on to applicants at financial institutions that would continue to be
covered under the proposed rule.
The Bureau requests comment on these and other potential benefits
to small businesses as a result of the proposed rule.
3. Costs to Impacted Financial Institutions
At baseline, the Bureau expects that data collected under the 2023
final rule would benefit covered financial institutions in two ways.
The first is that the Bureau expects that the collected data would
reduce some compliance burden by reducing the number of ``false
positives'' during fair lending review prioritization by regulators. As
discussed above, this proposed rule would reduce the number of covered
entities and the types of covered transactions, thereby reducing the
total amount of information collected in accordance with the rule. To
the extent that institutions experience this benefit at baseline, the
Bureau expects that this proposed rule could reduce those benefits, and
thus financial institutions may incur a cost.
At baseline, the Bureau also expects that financial institutions
could benefit from transparency resulting from the collection of small
business application information under the 2023 final rule. Financial
institutions might use the public data (such as number of applications,
pricing data, denial rates, and information on the types of credit) to
better understand the demand for small business credit products and the
conditions under which they are being supplied by other financial
institutions. Collecting data on fewer applications, from fewer
financial institutions, and for fewer types of loans under this
proposed rule could impose costs on financial institutions by reducing
this benefit. A bank, for example, may lose the opportunity to learn
more detailed information about the merchant cash advance market, which
they might view as a competitor. Financial institutions of all sizes
may lose insight into the lending activities of smaller competitors who
fall below the reporting threshold.
Finally, the Bureau estimates that some covered institutions would
incur adjustment costs to implement changes to comply with the proposed
rule. The Bureau describes these costs for the representative Type C
DIs because only Type C institutions, those with 1,000 or more loan
originations per year, would be covered under the proposed rule. The
Bureau assumes that the representative Type C DI would receive the same
number of applications reportable under the baseline and the proposed
rule. As discussed in part IV.F.1, a Type C DI would need to spend
about $85,400 to implement the non-hiring one-time
[[Page 50981]]
costs to implement changes necessary to comply with either the baseline
or the proposed rule. As discussed above, the Bureau assumes that an
institution that would remain covered under the proposed rule has
already spent, on average, about 25 percent of non-hiring one-time
costs to implement changes that will not be compliant with the proposed
rule. Thus, a Type C DI would incur the full cost of implementing the
proposed rule but, effectively, would only receive 75 percent of the
cost savings from no longer needing to comply with the baseline. The
Bureau estimates that the representative Type C DI would incur total
one-time costs of $21,250 to implement changes to comply with the
proposed rule. Based on a similar calculation for Type C nondepository
institutions, the Bureau also estimates that the representative Type C
nondepository that would still be covered under the proposed rule would
incur total one-time costs of $28,500 to implement changes to comply
with the proposed rule.
Summing across institutions as described in part IV.E.3, the Bureau
estimates that the total one-time adjustment costs for covered
depository and nondepository institutions will be between $4,700,000
and $5,000,000. Using a 7 percent discount rate and a 10-year
amortization window, the annualized one-time costs for covered
institutions will be about $700,000.
The Bureau requests comment on these and other potential costs to
impacted financial institutions arising as a result of the proposed
rule.
4. Costs to Small Businesses
In the 2023 final rule, the Bureau described several benefits that
would accrue to small businesses from the small business lending data
collection and publication. These benefits relate to the rule's two
purposes: fair lending enforcement and community development. Several
provisions of this proposed rule would change the amount and types of
information that would be collected and disclosed. Therefore, to the
extent the Bureau expected small businesses to benefit from the
collection as described in the 2023 final rule, changes that reduce or
alter the amount or types of information provided would impose a cost
on small businesses by reducing these expected benefits.
Several proposed changes reduce the number of financial
institutions that would report data or change the composition of
institutions reporting. The Bureau is proposing that the threshold
number of originations of covered transactions for two consecutive
years be raised to 1,000, which, as shown above, would substantially
lower the number of depository and non-depository institutions
collecting and reporting small business credit application data. The
Bureau is also proposing that several types of transactions be exempt
from coverage, relative to the baseline, including transactions from
FCS lenders, merchant cash advances and agricultural loans. These types
of transactions and lenders would thus be removed from the data
collection and reporting. The Bureau is also proposing a minimum
transaction size of $1,000 for covered transactions, which would remove
smaller transactions from the data relative to the baseline. Finally,
the Bureau is proposing to reduce the gross annual revenue threshold in
the definition of small business to $1 million or less in the preceding
fiscal year, which would further reduce the number of some transactions
needing to be reported relative to the baseline.
Reducing the data collection in these ways is likely to reduce the
fair lending benefits of the data collection. In the 2023 final rule,
the Bureau explained that data collected under the rule would lead to
more efficient use of government resources in enforcing fair lending
laws. Since the above provisions would substantially reduce the number
of covered entities and covered transactions, the Bureau expects small
businesses would experience a reduction in this efficiency as a cost of
the proposed rule. The Bureau also expects that having fewer covered
institutions and transactions would reduce the ability of the public to
use the data for transparency purposes and to conduct their own
analyses of lending by financial institutions.
The Bureau also expects that having fewer covered institutions and
transactions would result in a reduction in the community development
benefits that the Bureau would expect to accrue to small businesses
under the baseline. In the 2023 final rule, the Bureau detailed how
governmental entities would likely use these data to develop solutions
that achieve policy objectives in their administration of loan
guarantee programs or disaster relief. The Bureau also expected that
creditors would use the data to more effectively understand small
business credit market conditions and that communities would use the
data to identify gaps in credit access for small business owners. In
each of these cases, the Bureau expects that creditors, communities,
and governmental entities would experience costs in the form of a
reduction in these benefits relative to the baseline.
The Bureau expects that removing certain transactions from coverage
would reduce some of the expected benefit derived from covering certain
markets, relative to the baseline. In section II.A of the 2023 final
rule, the Bureau explained that nondepositories, some of whom provide
merchant cash advances or sales-based financing, were an increasing
share of the small business financing market, but that nondepositories
typically do not report small business financing activity to
regulators, which limits the baseline understanding of the activities
of these entities. Thus, the Bureau expects that by removing these
types of transactions from coverage, small businesses would experience
a cost in the form of a reduction in fair lending and community
development benefits related to these types of transactions, compared
to the baseline.
However, the Bureau believes such costs might be limited if data on
applications from FCS lenders, for agricultural loans, for sales-based
financing, or for loans under $1,000 would have been of poor quality or
otherwise difficult to interpret correctly. For example, the Bureau now
believes that the types of collateral required in agricultural lending
results in underwriting processes that would make application data
difficult to interpret under the baseline collection. The Bureau also
believes that application data from merchant cash advance providers
would not produce data comparable to other transactions which would
limit their value as part of the dataset. Likewise, data on
transactions under $1,000 would be of poor quality as they would come
from credit providers ill-suited to comply with a data reporting rule.
To the extent this is the case, it would reduce the value of including
these data in the small business application dataset and would have
limited their contribution to the fair lending and community
development benefits described above. The Bureau seeks comment on its
analysis on the cost of excluding these transactions from the dataset.
The Bureau is also proposing to eliminate several data points from
the small business data collection, including the application method,
the application recipient, denial reasons, pricing information, and
number of workers, as well as to eliminate LGBTQI+-owned business
status from the business status data point. For similar reasons as
above, the Bureau expects that small businesses would experience a cost
from fewer collected data points in the form of less information and
the benefits that they
[[Page 50982]]
would have derived from such information in the baseline scenario.
In the 2023 final rule, the Bureau explained that it expected the
pricing information to provide both fair lending and community
development benefits to small businesses. Pricing is one dimension by
which a lender could potentially discriminate against a credit
applicant. Removing this information could reduce the efficiency of
fair lending examinations or transparency that would have resulted from
its inclusion, relative to the baseline. The Bureau also expected, at
baseline, that pricing information would benefit community development
through communities using pricing information to identify gaps in
credit access or creditors better understanding small business lending
conditions more effectively. The Bureau expects that eliminating the
pricing data would reduce these benefits relative to the baseline.
The removal of two datapoints in particular would likely reduce, to
some degree, the community development benefits relative to the
baseline. The application method data point would provide additional
information about how small businesses apply for credit, while the
number of workers data point is one indicator of the business's size
and employment. In the 2023 final rule, the Bureau expected that
creditors, communities, and governmental entities may have used such
information to learn more about the small business credit market and
the types of businesses it serves. To the extent this would have
resulted in a community development benefit at baseline, the removal of
these two data points would represent a cost to small businesses.
At baseline, the Bureau also expected that the inclusion of
LGBTQI+-owned business status would have resulted in potential fair
lending and community development benefits. The Bureau expected that
the data could be used to learn about discrimination risks (to the
extent that courts apply discrimination in the context of fair lending
laws) against LGBTQI+-owned businesses, help creditors understand the
credit needs of such businesses, and help facilitate the development of
policies related to LGBTQI+ credit applicants. To the extent small
businesses would have experienced such benefits at baseline, the
proposed exclusion of LGBTQI+-owned business status represents a cost.
The Bureau requests comment on these and other potential costs to
small businesses as a result of the proposed rule. To the extent the
Bureau declines to finalize any exclusions proposed, the Bureau
requests comment on the potential costs and benefits to financial
institutions and small businesses.
5. Alternatives Considered
This section discusses two categories of alternatives considered:
other methods for defining a covered financial institution and limiting
the data points to those mandated by section 1071. The Bureau uses the
methodologies discussed in parts IV.D and IV.E to estimate the impacts
of these alternatives.
First, the Bureau considered multiple reporting thresholds for
purposes of defining a covered financial institution. In particular,
the Bureau considered whether to exempt financial institutions with
fewer than 200, 500, or 2,000 originations in each of the two preceding
calendar years instead of 1,000 originations, as proposed herein. The
Bureau presents estimates for depository institutions because it does
not have sufficient information to estimate how these differences in
thresholds would impact nondepository institutions. Annualized values
are calculated using a 7 percent discount rate and a 10-year
amortization window.
Under a 200-origination threshold, the Bureau estimates that about
700 to 800 depository institutions would be covered and between 900 to
1,000 would no longer be covered. That is, the Bureau expects that
between 500 to 600 additional depository institutions would be covered
under a 200-origination threshold compared to the proposed 1,000-
origination threshold. The Bureau estimates that an additional 3.2 to
3.7 percentage points of small business loans originated by depository
institutions would be covered under a 200-origination threshold and
that an additional 15 to 17 percentage points of the dollar value of
such loans would be covered.
Under a 200-origination threshold, the Bureau estimates that the
total one-time cost savings across all impacted depository institutions
would decrease by between $25,000,000 to $29,000,000 relative to the
proposed rule, with an annualized decrease in savings of between
$3,600,000 and $4,100,000. The Bureau estimates that total one-time
costs incurred by covered depository institutions would increase by
between $6,000,000 to $7,000,000, with an annualized increase in costs
of between $800,000 to $900,000. The Bureau estimates that the total
ongoing costs savings across all impacted depository institutions would
decrease by between $35,000,000 to $41,000,000 under this alternative.
Under a 500-origination threshold, the Bureau estimates that
between 300 to 400 depository institutions would be covered and between
1,300 to 1,400 would no longer be covered. That is, the Bureau expects
that around 200 additional depository institutions would be covered
under a 500-origination threshold compared to the proposed 1,000-
origination threshold. The Bureau estimates that an additional 1.3 to
1.7 percentage points of small business loans originated by depository
institutions would be covered under a 500-origination threshold and
that an additional 6.4 to 7.3 percentage points of the dollar value of
such loans would be covered.
Under a 500-origination threshold, the Bureau estimates that the
total one-time cost savings across all impacted depository institutions
would decrease by between $8,000,000 to $10,000,000 under a 500-
origination threshold relative to the proposed rule, with an annualized
decrease in savings of between $1,200,000 and $1,400,000. The Bureau
estimates that total one-time costs incurred by covered depository
institutions would increase by between $1,000,000 to $1,400,000, with
an annualized increase in costs of about $100,000 to $200,000. The
Bureau estimates that the total ongoing costs savings across all
impacted depository institutions would decrease by between $12,000,000
to $16,000,000 under this alternative.
Under a 2,000-origination threshold, the Bureau estimates that
about 100 depository institutions would be covered and between 1,500 to
1,700 would no longer be covered. That is, the Bureau expects that
about 100 fewer depository institutions would be covered under a 2,000-
origination threshold compared to the proposed 1,000-origination
threshold. The Bureau estimates that 1.4 to 1.9 percentage points of
small business loans originated by depository institutions would no
longer be covered under a 2,000-origination threshold and that 5.9 to
6.6 percentage points of the dollar value of such loans would no longer
be covered.
Under a 2,000-origination threshold, the Bureau estimates that the
total one-time cost savings across all impacted depository institutions
would increase by between $6,000,000 to $7,000,000 under a 2,000-
origination threshold relative to the proposed rule, with an annualized
increase in savings of between $900,000 and $1,000,000. The Bureau
estimates that total one-time costs incurred by covered depository
institutions would decrease by about $1,500,000 to $2,000,000, with an
[[Page 50983]]
annualized decrease in costs of between $200,000 and $300,000. The
Bureau estimates that the total ongoing costs savings across all
impacted depository institutions would increase by between $22,000,000
to $25,000,000 under this alternative.
Second, the Bureau considered the costs and benefits for limiting
its data collection to the data points specifically enumerated in 15
U.S.C. 1691c-2(e)(2)(A) through (G). In addition to those data points,
the statute also requires financial institutions to collect and report
any additional data that the Bureau determines would aid in fulfilling
the purposes of section 1071. In addition to the data points
specifically enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G), the
proposal keeps three data points from the 2023 final rule that relied
on the authority in 1691c-2(e)(2)(H). These are the number of principal
owners, three-digit NAICS industry code of the business, and the time
in business. The Bureau has considered the impact of instead proposing
only the collection of those data points enumerated in 1691c-2(e)(2)(A)
through (G).
Requiring the collection and reporting of only the data points
enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G) would result in a
reduction in the fair lending benefit of the data compared to the 2023
final rule. For example, not collecting time in business or industry
information would obscure possible fair lending risk by covered
financial institutions. As mentioned in part IV.F.3 above, several of
the data points the Bureau maintaining in this proposed rule under the
1691c-2(e)(2)(H) authority are critical to conducting more accurate and
complete fair lending analyses. A reduction in the rule's ability to
facilitate the enforcement of fair lending laws would negatively impact
small businesses and small business owners and thus run counter to that
statutory purpose of section 1071.
Limiting the rule's data collection to only the data points
required under the statute would also reduce the ability of the rule to
support the business and community development needs and opportunities
of small businesses, which is the other statutory purpose of section
1071. For example, not including NAICS code or time in business would
also reduce the ability of governmental entities to tailor programs
that can specifically benefit new businesses or businesses in certain
industries.
The Bureau also believes that removing the number of principal
owners data point, in addition to the reduced benefits described above,
would also make collecting and reporting data on principal owners'
ethnicity, race, and sex more difficult. Without collecting the number
of principal owners, it will be harder to identify and correct
erroneous submissions. For example, if an institution submitted data on
no principal owners, it would be unclear if that was an error or
because the small business had no individuals that met the principal
owner criteria. The operational confusion could counteract the cost
reduction that stems from the fewer resources require to collect and
report this field.
Only requiring the collection and reporting of the data points
enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G) would have reduced
the annual ongoing cost of complying with the proposed rule. Under this
alternative, the estimated total annual ongoing costs for Type A FIs,
Type B FIs, and Type C FIs would be reduced by $148; $503 and $2,778,
respectively. Per application, the estimated reduction in ongoing cost
would be $1, less than $1, and $1 for Type A FIs, Type B FIs, and Type
C FIs, respectively. The estimated total annual market-level ongoing
cost savings of impacted depository institutions would increase by
about $3,500,000. The Bureau does not expect that one-time costs or
cost savings would be meaningfully different as a result of this
alternative.
G. Potential Impact on Depository Institutions and Credit Unions With
$10 Billion or Less in Total Assets
As discussed above, the proposed rule would exclude financial
institutions with fewer than 1,000 originated covered credit
transactions in both of the two preceding calendar years. The Bureau
believes that the decrease in benefits of the proposed rule to banks,
savings associations, and credit unions with $10 billion or less in
total assets would be similar to the decrease in benefits to covered
financial institutions as a whole, discussed above. Regarding cost
savings, other than as noted here, the Bureau also believes that the
impact of the proposed rule on banks, savings associations, and credit
unions with $10 billion or less in total assets will be similar to the
impact for other financial institutions that would be covered by the
proposed rule. The primary difference in the impact on these
institutions would likely come from differences in the level of
complexity of operations, compliance systems, and software, as well as
number of product offerings and volume of originations of these
institutions, all of which the Bureau has incorporated into the cost
estimates using the three representative financial institution types.
Based on FFIEC and NCUA Call Report data for December 2023, 9,109
of 9,288 banks, savings associations, and credit unions had $10 billion
or less in total assets. The Bureau estimates that between 75 and 85 of
such institutions would be subject to the proposed rule and about 1,375
to 1,525 more were covered under the baseline but would not be covered
under the proposed rule. The Bureau estimates that the market-level
impact of the proposed rule on annual ongoing cost savings for banks,
saving associations, and credit unions with $10 billion or less in
assets would be between $88,000,000 and $103,000,000 for impacted
institutions. The Bureau estimates that the total one-time cost savings
for such institutions would be between $67,000,000 and $75,000,000. The
Bureau also estimates that some covered depository institutions with
less than $10 billion in assets would experience some one-time costs to
comply with the proposed rule relative to the baseline, with such
estimated total costs to be between $1,600,000 and $1,800,000.
H. Potential Impact on Small Businesses in Rural Areas
The Bureau expects that small businesses in rural areas will
directly experience many of the costs of the rule described above in
part IV.F.4. This includes a reduction in benefits derived from more
efficient fair lending enforcement and community development generated
by data collection under the small business lending rule. The proposed
rule would increase the threshold number of loan originations above
which institutions have to report data, which would lead to fewer
lenders in rural areas reporting data on small business credit
application in rural areas. The Bureau's presents estimates of this
change in coverage below. The proposed rule also would exempt
agricultural credit from the types of covered transactions. Many banks
and credit unions in rural areas provide credit for farming and
livestock production since they are primary industries and are
responsible for much employment in these areas. Small businesses,
communities, governmental entities will lose insight into these areas
of credit provision as a consequence of the proposed rule. However, as
explained in part IV.F.4 above, the Bureau believes that data collected
for certain loan types, including agricultural loans, would have been
of poor quality and, therefore, the costs from eliminating them would
be limited.
[[Page 50984]]
The source data from CRA submissions that the Bureau uses to
estimate institutional coverage and market estimates provide
information on the county in which small business borrowers are
located. However, approximately 86 percent of banks did not report CRA
data in 2023, and as a result the Bureau does not believe the reported
data are robust enough to estimate the locations of the small business
borrowers for the banks that do not report CRA data.\99\ The NCUA Call
Report data do not provide any information on the location of credit
union borrowers. Nonetheless, the Bureau is able to provide some
geographical estimates of institutional coverage based on depository
institution branch locations.
---------------------------------------------------------------------------
\99\ Calculated by the Bureau using CRA data.
---------------------------------------------------------------------------
The Bureau used the FDIC's Summary of Deposits to identify the
location of all brick and mortar bank and savings association branches
and the NCUA Credit Union Branch Information to identify the location
of all credit union branch and corporate offices.\100\ A bank, savings
association, or credit union branch was defined as rural if it is in a
rural county, as specified by the USDA's Urban Influence Codes.\101\ A
branch is considered covered by the proposed rule if it belongs to a
bank, savings association, or credit union that the Bureau estimates
would be included using the proposed threshold of 1,000 small business
loan originations in 2022 and 2023. A branch is considered covered
under the baseline if it belongs to a bank, savings association, or
credit union that the Bureau estimates would be included under a
threshold of 100 small business or small farm loan originations in 2022
and 2023. Using the estimation methodology discussed in part IV.D
above, the Bureau estimates that about 25 percent of rural depository
institution branches and about 63 percent of non-rural depository
institution branches would be covered under the proposed rule. Under
the baseline, the Bureau estimates that about 65 to 68 percent of rural
depository institution branches and about 84 to 85 percent of non-rural
depository institution branches are covered. This estimate includes the
reduction in coverage that stems from excluding agricultural lending as
a covered credit transaction.
---------------------------------------------------------------------------
\100\ See Fed. Deposit Ins. Corp., Bank Financial Reports,
Summary of Deposits (SOD)--Annual Survey of Branch Office Deposits
(last updated 2024), https://www.fdic.gov/regulations/resources/call/sod.html. The NCUA provides data on credit union branches in
the quarterly Call Report Data files. See Nat'l Credit Union Admin.,
Call Report Quarterly Data, https://www.ncua.gov/analysis/credit-union-corporate-call-report-data/quarterly-data (last visited Sept.
30, 2025).
\101\ This is the same methodology as used in the Bureau's rural
counties list. See CFPB, Rural and underserved counties list,
https://www.consumerfinance.gov/compliance/compliance-resources/mortgage-resources/rural-and-underserved-counties-list/ (last
visited Sept. 30, 2025).
---------------------------------------------------------------------------
As described in part IV.F.2 above, the Bureau expects that covered
financial institutions would pass the cost savings from ongoing
variable costs on to small businesses in the form of lower interest
rates or fees but would not do so with one-time or fixed costs. The
Bureau expects that this pass through from covered financial
institutions would also apply to small businesses in rural areas. As
described above, the variable cost savings per application is $7 for
Type A FIs, $2 for Type B FIs, and $1 for Type C FIs. This is the
savings that the Bureau expects would pass on to small business
applicants regardless of where they are located.
V. Regulatory Flexibility Act Analysis
The Regulatory Flexibility Act (RFA) \102\ generally requires an
agency to conduct an initial regulatory flexibility analysis (IRFA) and
a final regulatory flexibility analysis (FRFA) of any rule subject to
notice-and-comment rulemaking requirements. These analyses must
``describe the impact of the proposed rule on small entities.'' \103\
An IRFA or FRFA is not required if the agency certifies that the rule
would not have a significant economic impact on a substantial number of
small entities.\104\ The Bureau also is subject to certain additional
procedures under the RFA involving the convening of a panel to consult
with small business representatives prior to proposing a rule for which
an IRFA is required.\105\ The Bureau has not certified that the
proposed rule would not have a significant economic impact on a
substantial number of small entities within the meaning of the RFA.
---------------------------------------------------------------------------
\102\ 5 U.S.C. 601 et seq.
\103\ 5 U.S.C. 603(a). For purposes of assessing the impacts of
the proposed rule on small entities, ``small entities'' is defined
in the RFA to include small businesses, small not-for-profit
organizations, and small government jurisdictions. 5 U.S.C. 601(6).
A ``small business'' is determined by application of SBA regulations
and reference to the NAICS classifications and size standards. 5
U.S.C. 601(3). A ``small organization'' is any ``not-for-profit
enterprise which is independently owned and operated and is not
dominant in its field.'' 5 U.S.C. 601(4). A ``small governmental
jurisdiction'' is the government of a city, county, town, township,
village, school district, or special district with a population of
less than 50,000. 5 U.S.C. 601(5).
\104\ 5 U.S.C. 605(b).
\105\ 5 U.S.C. 609.
---------------------------------------------------------------------------
The Bureau convened and chaired a Small Business Review Panel under
SBREFA to consider the impact of the 2020 proposals under consideration
on small entities that would be subject to that rule and to obtain
feedback from representatives of such small entities. The Small
Business Review Panel for this rulemaking is discussed below in part
V.A. The Bureau is also publishing an IRFA.\106\ Among other things,
the IRFA estimates the number of small entities that will be subject to
the proposed rule and describes the impact of that rule on those
entities. The IRFA for this rulemaking is set forth below in part V.B.
---------------------------------------------------------------------------
\106\ The CFPB has taken the steps described below in order to
inform the rulemaking more fully, whether or not required.
---------------------------------------------------------------------------
A. Small Business Review Panel
Having received from CFPB information on the potential impacts of
the proposed rule on small entities and the type of small entities that
might be affected, the Chief Counsel for Advocacy of the Small Business
Administration (SBA) consulted with affected small entities and with
the Administrator of the Office of Information and Regulatory Affairs
within the Office of Management and Budget regarding the extent to
which the CFPB reached out to affected small entities with respect to
the potential impacts of the rule and took their concerns into
consideration. The SBA's Chief Counsel for Advocacy noted that the CFPB
had, in 2020, convened a review panel in accordance with 5 U.S.C.
609(b). The Chief Counsel for Advocacy concluded that reconvening a
review panel for the present NPRM would not advance the effective
participation of small entities in the rulemaking process. Pursuant to
5 U.S.C. 609(e), a written finding that contains the reasons for his
conclusion will be submitted into the rulemaking record by the Chief
Counsel for Advocacy.
As part of the initial proposed regulation implementing Section
1071 of the ECOA, the CFPB along with the Small Business
Administration, Office of Advocacy and the Office of Information and
Regulatory Affairs convened a SBREFA Panel in 2020,\107\ because the
agency believed the rule was likely to have a significant impact on a
substantial number of small entities. The panel gathered feedback from
20 small entity representatives (SERs) and offered suggestions about
how the future rule could minimize the
[[Page 50985]]
impact on small entities while still achieving their statutory
objectives.
---------------------------------------------------------------------------
\107\ CFPB, Final Report of the Small Business Review Panel on
the CFPB's Proposals Under Consideration for the Small Business
Lending Data Collection Rulemaking (Dec. 14, 2020), https://www.consumerfinance.gov/documents/9413/cfpb_1071-sbrefa-report.pdf.
---------------------------------------------------------------------------
The SERs had several suggestions at this early stage on how to
minimize the impact of data collection on small entities. The first of
these was to exclude small lenders from the requirement to collect
data. Several different methods of exemptions were proposed including
using a number of small business loans, value of small business loans,
and basing the exemption on the size of the lender rather than their
small business loan portfolio specifically. The second was to use a
single definition for a small business loan applicant based on revenue,
rather than the SBA size standards, which vary based on industry. The
SERs disagreed on what the revenue cutoff for a small business loan
applicant should be with some arguing for a low value of less than $1
million while others preferred a higher value of $8 million. Finally,
SERs recommended limiting the number of discretionary data points,
noting that some of the required collections would be difficult to
produce at the application stage.
Besides its involvement in the SBREFA panel, the Office of Advocacy
has provided further feedback on the implementation of Section 1071 of
the Dodd-Frank Act. In January 2022, Advocacy documented concerns that
were raised by small entities, including community banks, credit
unions, non-depository lenders, and automobile dealerships. They saw
the 2021 NPRM as potentially increasing the cost of credit for small
businesses and discouraging lending to small, minority-, and women-
owned businesses. The Office of Advocacy believed that the CFPB had
underestimated compliance costs in 2021, particularly the costs related
to new systems, training, and reporting requirements. Advocacy believed
that $5 million or less in gross annual revenue was too expansive a
definition of small business loan applicant. It recommended minimizing
adverse effects by considering alternative thresholds and definitions.
SERs also expressed concerns about the burden of collecting extra data,
potential privacy breaches (especially in smaller communities), and the
risk of misinterpretation or reputational harm if unique loan pricing
is disclosed without proper context. In response to Advocacy's comment
letter, the CFPB made a substantial change to the filing threshold for
data collection, in the 2023 final rule, raising it from 25 small
business loans to 100.\108\ Since the final rule was published, the
CFPB has twice extended the compliance deadline, first in July of
2024,\109\ and again in June of 2025.\110\ The SBA's Office of Advocacy
commented on the latter of these, supporting the extension and
encouraging the CFPB to modify the rule by reiterating the concerns it
had previously gathered from small entities.
---------------------------------------------------------------------------
\108\ 88 FR 35150 (May 31, 2023).
\109\ 89 FR 55024 (July 3, 2024).
\110\ 90 FR 25874 (June 18, 2025).
---------------------------------------------------------------------------
B. Initial Regulatory Flexibility Analysis
Under RFA section 603(a), an initial regulatory flexibility
analysis (IRFA) ``shall describe the impact of the proposed rule on
small entities.'' \111\ Section 603(b) of the RFA sets forth the
required elements of the IRFA. Section 603(b)(1) requires the IRFA to
contain a description of the reasons why action by the agency is being
considered.\112\ Section 603(b)(2) requires a succinct statement of the
objectives of, and the legal basis for, the proposed rule.\113\ The
IRFA further must contain a description of and, where feasible, an
estimate of the number of small entities to which the proposed rule
will apply.\114\ Section 603(b)(4) requires a description of the
projected reporting, recordkeeping, and other compliance requirements
of the proposed rule, including an estimate of the classes of small
entities that will be subject to the requirement and the types of
professional skills necessary for the preparation of the report or
record.\115\ In addition, the Bureau must identify, to the extent
practicable, all relevant Federal rules which may duplicate, overlap,
or conflict with the proposed rule.\116\ Furthermore, the Bureau must
describe any significant alternatives to the proposed rule which
accomplish the stated objectives of applicable statutes and which
minimize any significant economic impact of the proposed rule on small
entities.\117\ Finally, as amended by the Dodd-Frank Act, RFA section
603(d) requires that the IRFA include a description of any projected
increase in the cost of credit for small entities, a description of any
significant alternatives to the proposed rule which accomplish the
stated objectives of applicable statutes and which minimize any
increase in the cost of credit for small entities (if such an increase
in the cost of credit is projected), and a description of the advice
and recommendations of representatives of small entities relating to
the cost of credit issues.\118\
---------------------------------------------------------------------------
\111\ 5 U.S.C. 603(a).
\112\ 5 U.S.C. 603(b)(1).
\113\ 5 U.S.C. 603(b)(2).
\114\ 5 U.S.C. 603(b)(3).
\115\ 5 U.S.C. 603(b)(4).
\116\ 5 U.S.C. 603(b)(5).
\117\ 5 U.S.C. 603(c).
\118\ 5 U.S.C. 603(d)(1); Dodd-Frank Act section 1100G(d)(1),
124 Stat. 2112.
---------------------------------------------------------------------------
The Bureau publishes the following IRFA for public comment.
1. Description of the Reasons Why Agency Action Is Being Considered
Section 1071 of the Dodd-Frank Act amended ECOA to require that
financial institutions collect and report to the Bureau certain data
regarding applications for credit for women-owned, minority-owned, and
small businesses. Section 1071's statutory purposes are (1) to
facilitate enforcement of fair lending laws, and (2) to enable
communities, governmental entities, and creditors to identify business
and community development needs and opportunities of women-owned,
minority-owned, and small businesses. On May 31, 2023, the Bureau
published a final rule in the Federal Register to implement section
1071, and the Bureau subsequently extended the rule's compliance dates
(most recently in October 2025).
In this proposed rule, the Bureau proposes to reconsider certain
provisions of the 2023 final rule to focus on core lending products,
lenders, small businesses, and data points. Based on reactions to the
2023 final rule, including continued feedback from stakeholders and the
ongoing litigation, the Bureau now believes that a better, longer-term
approach to advance the statutory purposes of section 1071 would be to
commence the collection of data with a narrower scope to ensure its
quality, and to limit, as much as possible, any disturbance of the
provision of credit to small businesses. Only as the Bureau and
financial institutions learn from early iterations of data collections
will the CFPB consider amending the rule as appropriate while taking
care not to disturb the provision of credit to small businesses. The
CFPB believes that such an incremental approach would comply with
section 1071 and minimize any negative initial impact on small business
lending markets and on data quality.
For a further description of the reasons why agency action is being
considered, see the background discussion for the proposed rule in part
I above.
2. Succinct Statement of the Objectives of, and Legal Basis for, the
Proposed Rule
As stated above, Congress enacted section 1071 for the purpose of
(1) facilitating enforcement of fair lending
[[Page 50986]]
laws and (2) enabling communities, governmental entities, and creditors
to identify business and community development needs and opportunities
of women-owned, minority-owned, and small businesses.\119\ Section
1071, in 15 U.S.C. 1691c-2(g)(2), also permits the Bureau to adopt
exceptions to any requirement of section 1071 and to conditionally or
unconditionally exempt any financial institution or class of financial
institutions from the requirements of section 1071, as the Bureau deems
necessary or appropriate to carry out the purposes of section 1071. The
Bureau relies on its general rulemaking authority under 15 U.S.C.
1691c-2(g)(1) in this proposed rule and relies on 15 U.S.C. 1691c-
2(g)(2) when proposing specific exceptions or exemptions to section
1071's requirements.
---------------------------------------------------------------------------
\119\ 15 U.S.C. 1691c-2(a).
---------------------------------------------------------------------------
To accomplish the incremental approach described above, this
proposed rule limits the scope of the 2023 final rule's required data
collection in several ways. The proposed rule would exclude certain
categories of lending products from the definition of covered credit
transaction, such as MCAs, agricultural lending, and small dollar
loans. The Bureau also proposes to exclude FCS lenders from coverage
and raise the origination threshold from 100 to 1,000 covered credit
transactions for each of two consecutive years. The Bureau also
proposes to change the definition of small business to $1 million in
gross annual revenue from the $5 million definition in the 2023 final
rule. Lastly, the Bureau proposes to remove certain data points from
the required collection, including application method, application
recipient, denial reasons, pricing information, the number of workers,
and the LGBTQI+ ownership status of the small business.
For a further description of the proposed provisions, see the
discussion of the proposed rule in part III above.
3. Description of and, Where Feasible, Provision of an Estimate of the
Number of Small Entities to Which the Proposed Rule Will Apply
For the purposes of assessing the impacts of the proposed rule on
small entities, ``small entities'' is defined in the RFA to include
small businesses, small nonprofit organizations, and small government
jurisdictions.\120\ A ``small business'' is determined by application
of SBA regulations in reference to the North American Industry
Classification System (NAICS) classification and size standards.\121\
Under such standards, the Bureau identified several categories of small
entities that may be affected by the proposed provisions: depository
institutions; fintech lenders and MCA providers; commercial finance
companies; nondepository CDFIs; Farm Credit System members; and
governmental lending entities. The NAICS codes covered by these
categories are described below.
---------------------------------------------------------------------------
\120\ 5 U.S.C. 601(6).
\121\ The current SBA size standards are found on SBA's website,
Small Bus. Admin., Table of size standards (Dec. 26, 2024), https://www.sba.gov/document/support-table-size-standards.
---------------------------------------------------------------------------
Table 9 provides the Bureau's estimate of the number and types of
entities that may be affected by the proposed rule. The first column
provides the category of institution type, the second column provides
the NAICS codes associated with that category, the third column
provides the SBA small entity threshold for that institution category.
The second to last column presents the estimated total number of
entities in that category that would be affected by the proposed rule
and the final column presents the estimate total number of small
entities in that category that would be affected by the proposed rule.
See part II.D in the 2023 final rule and part IV.D above for additional
information on how the Bureau arrived at the estimates presented below.
Table 9--Estimated Number of Affected Entities and Small Entities by Category
----------------------------------------------------------------------------------------------------------------
Estimated
Estimated total of
total small
Category NAICS Small entity threshold affected affected
financial financial
institutions institutions
----------------------------------------------------------------------------------------------------------------
Depository Institutions.......... 522110, 522130, $850 million in assets.. 1,700 800
522180, 522210.
Online Lenders and MCA providers. 522299, 522291, $40 million (NAICS 100 90
522320, 518210. 518210); $47 million
(NAICS 522299, 522291,
522320).
Commercial Finance Companies..... 513210, 532411, $40 million (NAICS 240 216
532490, 522220, 532490); $45.5 million
522291. (NAICS 532411); $47
million (NAICS 513210,
522291, and 522220).
Nondepository CDFIs.............. 522390, 523910, $9.5 million (NAICS 140 132
813410, 522310. 813410); $15 million
(NAICS 522310); $28.5
million (NAICS 522390);
$47 million (NAICS
523910).
Farm Credit System members....... 522299............. $47 million............. 60 31
Governmental Lending Entities.... NA................. Population below 50,000. 70 0
----------------------------------------------------------------------------------------------------------------
The following paragraphs describe the categories of entities that
the Bureau expects would be affected by the proposed rule.
Depository institutions (banks and credit unions): The Bureau
estimates that there are about 1,700 banks, savings associations, and
credit unions engaged in small business lending that would be affected
by the proposed rule.\122\ The Bureau estimates that about 170 banks,
savings associations, and credit unions would be required to report
under the proposed rule. The Bureau estimates that about 1,530 banks,
savings associations, and credit unions would have been required to
report under the 2023 final rule but would not be required to report
under the proposed rule. These entities potentially fall into four
different industry categories, including ``Commercial Banking'' (NAICS
522110), ``Credit Unions'' (NAICS 522130), ``Savings Institutions and
Other Depository Credit Intermediation'' (NAICS 522180), and ``Credit
Card Issuing'' (NAICS 522210). All these industries have a size
standard threshold of $850 million in assets. The Bureau estimates that
about 5 of the institutions that would be covered by the proposed rule
are small entities according to this threshold. The Bureau
[[Page 50987]]
estimates that about 795 of the institutions that would no longer be
covered by the proposed rule are small entities.
---------------------------------------------------------------------------
\122\ The Bureau notes that the category of depository
institutions also includes CDFIs that are also depository
institutions.
---------------------------------------------------------------------------
Online lenders and MCA providers: The Bureau estimates that there
are about 30 online lenders and about 70 MCA providers engaged in small
business lending that would be affected by the proposed rule. The
online lenders would be covered by the proposed rule and the MCA
providers would have been covered by the 2023 final rule but would no
longer be covered by the proposed rule. These companies span multiple
industries, including ``International, Secondary Market, and All Other
Nondepository Credit Intermediation'' (NAICS 522299), ``Consumer
Lending'' (NAICS 522291), ``Financial Transactions, Processing,
Reserve, and Clearinghouse Activities'' (NAICS 522320), and ``Computing
Infrastructure Providers, Data Processing, Web Hosting, and Related
Services'' (NAICS 518210). All these industries have a size standard
threshold of $40 million in sales (NAICS 518210) or $47 million in
sales (all other NAICS). The Bureau assumes that about 25 of these
online lenders are small entities and about 65 MCA providers are small
entities.
Commercial finance companies: The Bureau estimates that about 240
commercial finance companies, including captive and independent
financing, engaged in small business lending would be affected by the
proposed rule. The Bureau assumes that all these entities would have
been covered by the 2023 final rule but would not be covered by the
proposed rule. These companies span multiple industries, including
``Software Publishers'' (NAICS 513210), ``Commercial Air, Rail, and
Water Transportation Equipment Rental and Leasing'' (NAICS 532411),
``Other Commercial and Industrial Machinery and Equipment Rental and
Leasing'' (NAICS 532490), ``Sales financing'' (NAICS 522220) and
``Consumer Lending'' (NAICS 522291). These industries have size
standard thresholds that range from $40 million to $47 million. The
Bureau assumes that about 90 percent, or 216, of these commercial
finance companies are small according to these size standards.
Nondepository CDFIs: The Bureau estimates that there are 140
nondepository CDFIs engaged in small business lending that would be
affected by the proposed rule. The Bureau assumes that all these
entities would have been covered by the 2023 final rule but would not
be covered by the proposed rule. CDFIs generally fall into ``Other
Activities Related to Credit Intermediation'' (NAICS 522390),
``Miscellaneous Intermediation'' (NAICS 523910), ``Civic and Social
Organizations'' (NAICS 813410), and ``Mortgage and Nonmortgage Loan
Brokers'' (NAICS 522310). These industries have size standard
thresholds that range from $9.5 million in sales to $47 million in
sales. The Bureau assumes that about 95 percent, or 132, nondepository
CDFIs are small entities.
Farm Credit System members: The Bureau estimates that there are 60
members of the Farm Credit System (banks and associations) engaged in
small business lending that would be affected by the proposed
rule.\123\ The Bureau assumes that all these entities would have been
covered by the 2023 final rule but would not be covered by the proposed
rule. These institutions are in the ``All Other Nondepository Credit
Intermediation'' (NAICS 522298) industry. The size standard for this
industry is $47 million in revenue. The Bureau estimates that 31
members of the Farm Credit System are small entities.
---------------------------------------------------------------------------
\123\ Farm Credit Admin., Number of FCS banks and associations
by type and district as of January 1, 2024, https://www.fca.gov/template-fca/bank/20240101NumberAssocs.pdf (last visited Oct. 1,
2025).
---------------------------------------------------------------------------
Governmental lending entities: The Bureau estimates that there are
about 70 governmental lending entities engaged in small business
lending that would be affected by the proposed rule. The Bureau assumes
that all these entities would have been covered by the 2023 final rule
but would not be covered by the proposed rule. ``Small governmental
jurisdictions'' are the governments of cities, counties, towns,
townships, villages, school districts, or special districts, with a
population of less than fifty thousand. The Bureau assumes that none of
the governmental lending entities covered by the proposed rule are
considered small.
The Bureau requests comment on the accuracy of these estimates of
small entities.
4. Projected Reporting, Recordkeeping, and Other Compliance
Requirements of the Proposed Rule, Including an Estimate of the Classes
of Small Entities Which Will Be Subject to the Requirement and the Type
of Professional Skills Necessary for the Preparation of the Report
Reporting requirements. ECOA section 704B(f)(1) provides that
``[t]he data required to be compiled and maintained under [section
1071] by any financial institution shall be submitted annually to the
Bureau.'' The 2023 final rule requires financial institutions to
collect and report information regarding any application for ``credit''
made by small businesses. In this proposal, the Bureau is proposing
that the following transactions are no longer covered by the rule:
MCAs, agricultural credit, and small dollar loans. The Bureau also
proposes to amend the definition of ``small business'' to $1 million in
gross annual revenue. Under the 2023 final rule, financial institutions
would be required to report data on small business credit applications
if they originated at least 100 covered transactions in each of the
previous two calendar years. The Bureau proposes to raise this
threshold to 1,000 covered transactions in each of the previous two
calendar years.
The Bureau also proposes to remove several data points from the
reporting requirements. This includes the data points for application
method, application recipient, denial reasons, pricing information, the
number of workers, and the LBGTQI+-owned business status.
Part III above discusses these proposed changes in greater detail.
Recordkeeping requirements. The proposed rule, generally, does not
alter the recordkeeping requirement of the 2023 final rule. The
proposal leaves in place requirements to retain application data for
three years, prohibitions on including certain personally identifiable
information about individuals, a limitation on access for certain
officers and employees to certain demographic information collected,
and a requirement that collected demographic information be maintained
separately from the application and accompanying information.
Costs to small entities. The proposed rule may impose costs on
small financial institutions in two ways. First, the Bureau believes
that small financial institutions that were covered under the 2023
final rule and remain covered under the proposed rule may experience an
adjustment cost. Second, in the 2023 final rule, Bureau detailed some
ways in which covered small financial institutions may benefit from the
information collected under the rule. Changing the information
collection could reduce these benefits. As a result, small covered
financial institutions may experience a cost under the proposed rule.
The Bureau expects that financial institutions that were covered
under the 2023 final rule and remain covered under the proposed rule
may experience costs that stem from adjusting to complying with the
requirements of the proposed rule instead of the 2023 final
[[Page 50988]]
rule.\124\ Using the methodology described in part IV.D above, the
Bureau estimates that about five small depository institutions and 25
small online lenders (nondepository institutions) would be covered by
the proposed rule. This is the number of small financial institutions
that the Bureau expects would incur the adjustment cost.
---------------------------------------------------------------------------
\124\ As discussed in part IV.F above, small financial
institutions, both those that would remain covered under the
proposed rule and those that would no longer covered, would
experience a cost in the form of reduced benefits from the
information collected and publicly disseminated under the small
business lending rule's collection. However, these costs are not
derived from compliance with the final rule and therefore, the
discussion here will limit itself to compliance costs.
---------------------------------------------------------------------------
As described in part IV above, the Bureau assumes that, on average,
financial institutions will have already incurred 25 percent of their
non-hiring one-time costs in preparation to comply with the 2023 final
rule. For financial institutions that continue to be covered under this
proposed rule, the Bureau assumes that this percentage of non-hiring
costs would have to be incurred again in order to meet the requirements
of the proposed rule. The Bureau estimates that covered small
depository institutions would spend about $21,000 each in one-time
adjustment costs, annualized to about $3,000 per year, and that the
covered small non-depository institutions would spend about $114,000 in
one-time adjustment costs, annualized to about $4,000 per year.\125\
The Bureau estimates that the total market level adjustment costs for
small depository institutions would be between $21,000 and $128,000.
The Bureau estimates that the total market level adjustment costs for
small nondepository institutions would be about $2,850,000.
---------------------------------------------------------------------------
\125\ The Bureau annualizes one-time costs using a 7 percent
discount rate and a 10-year amortization schedule. OMB recommends
using 3% and 7% discount rates to calculate annualized costs in Memo
M-25-24. OMB does not provide guidance on the appropriate length of
the amortization schedule. The Bureau uses a 10-year schedule as a
reasonable time horizon over which a financial institution might
spread its costs.
---------------------------------------------------------------------------
Financial institutions that remain covered under the proposed rule
would continue to require compliance personnel in order to report data
under the rule. For some financial institutions, the data intake and
transcribing stage could involve loan officers or processors whose
primary function is to evaluate or process loan applications. For
example, at some financial institutions the loan officers would take in
information from the applicant to complete the application and input
that information into the reporting system. However, the Bureau
believes that such roles generally do not require any additional
professional skills related to recordkeeping or other compliance
requirements of this proposed rule that are not otherwise required
during the ordinary course of business for small financial
institutions.
The type of professional skills required for compliance varies
depending on the particular task involved.\126\ For example, data
transcribing requires data entry skills. Transferring data to a data
entry system and using vendor data management software requires
knowledge of computer systems and the ability to use them. Researching
and resolving reportability questions requires a more complex
understanding of the regulatory requirements and the details of the
relevant line of business. Geocoding requires skills in using the
geocoding software, web systems, or, in cases where geocoding is
difficult, knowledge of the local area in which the property is
located. Standard annual editing, internal checks, and post-submission
editing require knowledge of the relevant data systems, data formats,
and section 1071 regulatory requirements in addition to skills in
quality control and assurance. Filing post-submission documents
requires skills in information creation, dissemination, and
communication. Training, internal audits, and external audits require
communications skills, educational skills, and regulatory knowledge.
Section 1071-related exam preparation and exam assistance involve
knowledge of regulatory requirements, the relevant line of business,
and the relevant data systems.
---------------------------------------------------------------------------
\126\ A thorough discussion of the required tasks can be found
in part IV.E above.
---------------------------------------------------------------------------
The Standard Occupational Classification (SOC) code has compliance
officers listed under code 13-1041. The Bureau believes that most of
the skills required for preparation of the reports or records related
to this proposal are the skills required for job functions performed in
this occupation. However, the Bureau recognizes that under this general
occupational code there is a high level of heterogeneity in the type of
skills required as well as the corresponding labor costs incurred by
the financial institutions performing these functions. The Bureau seeks
comment regarding the skills required for the preparation of the
records related to this proposed rule.
Benefits to small entities. The primary benefits to small credit
providers in this proposed rule result from compliance cost savings.
Small financial institutions that were covered under the 2023 final
rule but would not be covered under the proposed rule would save on
one-time costs of setting up to comply with the final rule as well as
on the ongoing costs that they would otherwise have incurred to collect
and report the data every year.
Small financial institutions that were covered under the 2023 final
rule and that would remain covered under the proposed rule would save
on compliance costs in two ways. First, the Bureau expects that they
would be required to report fewer loans and therefore see a reduction
in associated hiring costs. This is a one-time costs savings. Second,
the reduction in the number of data points to be reported under the
proposed rule (relative to the 2023 final rule) would likely result in
annual ongoing cost savings.
Using the same coverage estimation described in the 2023 final rule
and in part IV above, the Bureau estimates that about 800 small
depository institutions and 469 small nondepository institutions would
have been covered under the 2023 final rule but not under the proposed
rule.
For all estimates discussed below, the Bureau relies on the
methodology described in part IV.E, above, but focuses on estimating
the impacts of the rule on small entities.
The Bureau estimates that depository institutions with the lowest
level of complexity in compliance operations (i.e., Type A DIs) would
save about $50,475 in non-hiring one-time costs by no longer being
covered by the proposed rule. The Bureau estimates that depository
institutions with a middle level of complexity in compliance operations
(i.e., Type B DIs) would save about $38,775 in non-hiring one-time
costs by no longer being covered under the proposed rule. The Bureau
estimates that nondepository institutions that would no longer be
covered by the proposed rule would save about $85,500 in non-hiring
one-time costs. All institutions that would no longer be covered by the
proposed rule would also no longer need to hire additional employees to
comply with the 2023 final rule and would save $4,683 per FTE in one-
time hiring costs.
The Bureau estimates that the overall market impact of one-time
cost savings for small depository institutions would be between
$34,000,000 and $41,000,000.\127\ The Bureau estimates
[[Page 50989]]
that the overall market impact of one-time cost savings for small
nondepository institutions would be $41,000,000.
---------------------------------------------------------------------------
\127\ The Bureau notes that the variation in this range comes
primarily from the uncertainty in the number of originations made by
small banks and savings associations. The range does not fully
account for the uncertainty associated with estimates of the one-
time costs for each type of institution.
---------------------------------------------------------------------------
Small financial institutions would also experience annual ongoing
cost savings under the proposed revisions to the rule. Small
institutions that were covered under the 2023 final rule but would no
longer be required to report under the proposal would save on
compliance costs that they would have otherwise incurred from having to
collect and report application data to the Bureau annually. Small
financial institutions that would remain covered under this proposed
rule would see an ongoing cost savings from the reduction in required
data points, which reduces the cost of collecting, checking, and
reporting data to the Bureau annually.
The Bureau estimates that the overall annual market impact of
ongoing cost savings for small depository institutions would be between
$35,000,000 and $45,000,000 per year. The Bureau estimates that the
overall annual market impact of ongoing cost savings for small
nondepository institutions would be about $35,000,000 per year.
The Bureau estimates that about five small depository institutions
and 25 small nondepository institutions (online lenders) would be
covered under the proposed rule. The Bureau assumes online lenders
would originate the same number of loans under the 2023 final rule and
the proposed rule and, thus, would not experience any cost savings. The
Bureau expects that some small depository institutions may originate
fewer reportable loans under the proposed rule relative to the
baseline, primarily because loans for agricultural purposes would not
be reported under the proposed rule. These institutions may need to
hire fewer additional employees to process reportable loans. The
overall market level estimate of one-time hiring cost savings for
covered small depositories is between $0 and $47,000.\128\ These
institutions would also experience annual ongoing cost savings with an
overall market level between about $27,000 and $252,000 per year.
---------------------------------------------------------------------------
\128\ See parts IV.E and IV.F for a discussion of how the market
level one-time costs are calculated and a thorough discussion of the
estimates, respectively.
---------------------------------------------------------------------------
The Bureau requests comment on the estimated impacts of the
proposed rule on the small financial institutions.
5. Identification, to the Extent Practicable, of All Relevant Federal
Rules Which May Duplicate, Overlap, or Conflict With the Proposed Rule
The proposed rule would amend the existing requirements under the
2023 final rule related to the collection and reporting of small
business lending information by certain financial institutions and
publication by the Bureau. In its SBREFA Outline, the Bureau identified
certain other Federal statutes and regulations that relate in some
fashion to these areas and has considered the extent to which they may
duplicate, overlap, or conflict with this proposal.\129\ The SBREFA
Panel Report included an updated list of these Federal statutes and
regulations, as informed by SER feedback.\130\ Each of the statutes and
regulations identified in the SBREFA Panel Report is discussed below.
---------------------------------------------------------------------------
\129\ Rules are duplicative or overlapping if they are based on
the same or similar reasons for the regulation, the same or similar
regulatory goals, and if they regulate the same classes of industry.
Rules are conflicting when they impose two conflicting regulatory
requirements on the same classes of industry.
\130\ See SBREFA Panel Report at app. C.
---------------------------------------------------------------------------
ECOA, implemented by the Bureau's Regulation B, subpart A (12 CFR
part 1002), prohibits creditors from discriminating in any aspect of a
credit transaction, including a business-purpose transaction, on the
basis of race, color, religion, national origin, sex, marital status,
age (if the applicant is old enough to enter into a contract), receipt
of income from any public assistance program, or the exercise in good
faith of a right under the Consumer Credit Protection Act. The Bureau
has certain oversight, enforcement, and supervisory authority over ECOA
requirements and has rulemaking authority under the statute.
Regulation B subpart A generally prohibits creditors from inquiring
about an applicant's race, color, religion, national origin, or sex,
with limited exceptions, including if it is required by law. Regulation
B subpart A requires creditors to request information about the race,
ethnicity, sex, marital status, and age of applicants for certain
dwelling-secured loans and to retain that information for certain
periods. Regulation B requires this data collection for credit
primarily for the purchase or refinancing of a dwelling occupied or to
be occupied by the applicant as a principal residence, where the
extension of credit will be secured by the dwelling, and requires the
data to be maintained by the creditor for 25 months for purposes of
monitoring and enforcing compliance with ECOA/Regulation B and other
laws. Section 1071 of the Dodd-Frank Act amended ECOA to require
financial institutions to compile, maintain, and submit to the Bureau
certain data on credit applications by women-owned, minority-owned, and
small businesses.
The Small Business Act,\131\ administered through the SBA, defines
a small business concern as a business that is ``independently owned
and operated and which is not dominant in its field of operation'' and
empowers the Administrator to prescribe detailed size standards by
which a business concern may be categorized as a small business. The
SBA has adopted nearly one thousand industry-specific size standards,
classified by 6-digit NAICS codes, to determine whether a business
concern is ``small.'' In addition, the Small Business Act authorizes
loans for qualified small business concerns for purposes of plant
acquisition, construction, conversion, or expansion, including the
acquisition of land, material, supplies, equipment, and working
capital. The SBA sets the guidelines that govern the ``7(a) loan
program,'' determining which businesses financial institutions may lend
to through the program and the type of loans they can provide. The
Bureau's rule includes reporting on SBA lending and guarantee programs.
---------------------------------------------------------------------------
\131\ 15 U.S.C. 631 et seq.
---------------------------------------------------------------------------
The CRA--implemented through regulations issued by the OCC, the
Board, and the FDIC--requires some institutions to collect, maintain,
and report certain data about small business, farm, and consumer
lending to ensure they are serving their communities. The purpose of
the CRA is to encourage institutions to help meet the credit needs of
the local communities in which they do business, including low- and
moderate-income neighborhoods.
The Riegle Community Development and Regulatory Improvement Act of
1994 \132\ authorized the Community Development Financial Institution
Fund (CDFI Fund). The Department of the Treasury administers the
regulations that govern the CDFI Fund. The CDFI program includes an
annual mandatory Certification and Data Collection Report. The 2023
final rule requires that financial institutions reporting 1071 data
identify if they are CDFIs.
---------------------------------------------------------------------------
\132\ 12 U.S.C. 4701 et seq.
---------------------------------------------------------------------------
HMDA, implemented by the Bureau's Regulation C (12 CFR part 1003),
requires lenders who meet certain coverage tests to collect, report,
and disclose detailed information to their Federal supervisory agencies
about mortgage applications and loans at the
[[Page 50990]]
transaction level. The HMDA data are a valuable source for regulators,
researchers, economists, industry, and advocates assessing housing
needs, public investment, and possible discrimination as well as
studying and analyzing trends in the mortgage market for a variety of
purposes, including general market and economic monitoring. The 2023
final rule eliminated the overlap between what is required to be
reported under HMDA and what is covered by section 1071 for certain
credit applications secured by dwellings.
The Currency and Foreign Transactions Reporting Act,\133\ as
amended by the USA PATRIOT Act,\134\ and commonly referred to as the
Bank Secrecy Act, authorized the Financial Crimes Enforcement Network
(FinCEN), a bureau of the Department of the Treasury, to combat money
laundering and promote financial security. FinCEN regulations require
financial institutions to establish and maintain written procedures
that are reasonably designed to identify and verify beneficial owners
of legal entity customers, which is sometimes called the customer due
diligence (CDD) rule.
---------------------------------------------------------------------------
\133\ Public Law 91-508, tit. II, 84 Stat. 1118 (1970).
\134\ Public Law 107-56, 115 Stat. 272 (2001).
---------------------------------------------------------------------------
The Federal Credit Union Act, implemented by the NCUA (12 CFR part
1756), requires Federal credit unions to make financial reports as
specified by the agency. The NCUA requires quarterly reports of the
total number of outstanding loans, total outstanding loan balance,
total number of loans granted or purchased year-to-date, total amount
granted or purchased year-to-date for commercial loans to members, not
including loans with original amounts less than $50,000. The NCUA also
requires quarterly reports of the total number and total outstanding
balance (including the guaranteed portion) of loans originated under an
SBA loan program.
The Federal Deposit Insurance Act,\135\ implemented by the FDIC (12
CFR part 304), requires insured banks and savings associations to file
Call Reports in accordance with applicable instructions. These
instructions require quarterly reports of loans to small businesses,
defined as loans for commercial and industrial purposes to sole
proprietorships, partnerships, corporations, and other business
enterprises and loans secured by non-farm non-residential properties
with original amounts of $1 million or less. In accordance with
amendments by the Federal Deposit Insurance Corporation Improvement Act
of 1991,\136\ the instructions require quarterly reports of loans to
small farms, defined as loans to finance agricultural production, other
loans to farmers, and loans secured by farmland (including farm
residential and other improvements) with original amounts of $500,000
or less.
---------------------------------------------------------------------------
\135\ 12 U.S.C. 1811 et seq.
\136\ Public Law 102-242, 105 Stat. 2236 (1991).
---------------------------------------------------------------------------
The Bureau requests comment to identify any additional such Federal
statutes or regulations that impose duplicative, overlapping, or
conflicting requirements on financial institutions and potential
changes to the proposed rules in light of duplicative, overlapping, or
conflicting requirements.
6. Description of Any Significant Alternatives to the Proposed Rule
Which Accomplish the Stated Objectives of Applicable Statutes and
Minimize Any Significant Economic Impact of the Proposed Rule on Small
Entities
In drafting this proposed rule, the Bureau considered multiple
reporting thresholds for purposes of defining a covered financial
institution. In particular, the Bureau considered whether to exempt
financial institutions with fewer than 200, 500, or 2,000 originations
in each of the two preceding calendar years instead of 1,000
originations, as proposed herein. The Bureau presents estimates for
depository institutions because it does not have sufficient information
to estimate how these differences in thresholds would impact
nondepository institutions. The following table shows the estimated
impact that different reporting thresholds the Bureau considered would
have had on financial institution coverage.
Table 10--Estimated Impact of Different Reporting Thresholds on the Number and Percentage of Small Depository
Institutions Covered
----------------------------------------------------------------------------------------------------------------
# of small depository % of small depository
Threshold considered institutions covered institutions covered
----------------------------------------------------------------------------------------------------------------
200 originations............................................ 110-160 1.4-2.1
500 originations............................................ 8-20 0.10-0.26
2,000 originations.......................................... 1-3 0.01-0.04
----------------------------------------------------------------------------------------------------------------
Table 11--Estimated Impact of Different Reporting Thresholds on the Number and Percentage of Small Depository
Institutions no Longer Covered Relative to the 2023 Final Rule
----------------------------------------------------------------------------------------------------------------
# of small depository % of small depository
Threshold considered institutions covered institutions covered
----------------------------------------------------------------------------------------------------------------
200 originations............................................ 600-710 7.9-9.3
500 originations............................................ 700-840 9.2-11.0
2,000 originations.......................................... 720-860 9.4-11.3
----------------------------------------------------------------------------------------------------------------
The Bureau also considered limiting its data collection to the data
points specifically enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through
(G). In this proposal, the Bureau would continue to require the
collection of the number of principal owners, three-digit NAICS
industry code of the business, and the time in business, in addition to
the data points required by statute. The Bureau has considered the
impact on small entities of proposing only the collection of those data
points enumerated in 1691c-2(e)(2)(A) through (G), excluding the
additional data points that the Bureau believes help further the
purposes of section 1071. Only requiring the collection and reporting
of the data points enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G)
would have reduced the annual ongoing cost of
[[Page 50991]]
complying with the proposed rule for small financial institutions.
Under this alternative, the estimated total annual ongoing costs for
Type A FIs, Type B FIs, and Type C FIs would be reduced by $148, $503
and $2,778, respectively. Per application, the estimated reduction in
ongoing cost would be $1, less than $1, and $1 for Type A FIs, Type B
FIs, and Type C FIs, respectively. The estimated total annual market-
level ongoing cost savings of impacted small depository institutions
would increase by about $20,000. The Bureau does not expect that one-
time cost savings would be meaningfully different as a result of this
alternative.
7. Discussion of Impact on Cost of Credit for Small Entities
The proposed rule would eliminate ongoing variable costs for
institutions that would no longer be covered and would reduce ongoing
variable costs for institutions that remain covered. In part IV.F.2
above, the Bureau describes how, based on economic theory and evidence
from the Bureau's own surveys, financial institutions would most likely
pass on these savings to small business borrowers from eliminated or
lower ongoing variable costs in the form of lower prices and fees.
Therefore, the Bureau expects that the proposed rule would decrease the
cost of credit for small entities who are small business applicants for
credit under the rule.
In part IV.F.2 above, the Bureau estimates that the per application
ongoing variable cost, at baseline, is $34 for Type A FIs, $28 for Type
B FIs, and $8 for Type C FIs. According to the analysis above, this is
the expected benefit that would accrue to applicants at institutions
that were covered at baseline but would no longer be covered under the
proposed rule. For institutions that would continue to report under the
proposed rule, the difference between the ongoing variable cost at
baseline and under the proposed rule is $7 for Type A FIs, $2 for Type
B FIs, and $1 for Type C FIs. This difference is what the Bureau
expects to be passed on to applicants at financial institutions that
would continue to be covered under the proposed rule.
Furthermore, the Bureau expects that small financial institutions
covered under the proposed rule (insofar as they are considered ``small
entities'' for the purposes of the RFA) are unlikely to experience a
meaningful change in the costs of credit. Generally, financial
institutions borrow in a manner that is different from other types of
small businesses, including from other financial institutions in a
separate Federal Funds market or from the Federal Reserve. The changes
in compliance costs due to the proposed rule are unlikely to
significantly change the cost of borrowing for these small financial
institutions.
VI. Paperwork Reduction Act
Under the Paperwork Reduction Act of 1995 (PRA),\137\ Federal
agencies are generally required to seek approval from the Office of
Management and Budget (OMB) for information collection requirements
prior to implementation. Under the PRA, the Bureau may not conduct nor
sponsor, and, notwithstanding any other provision of law, a person is
not required to respond to, an information collection unless the
information collection displays a valid control number assigned by OMB.
---------------------------------------------------------------------------
\137\ 44 U.S.C. 3501 et seq.
---------------------------------------------------------------------------
As part of its continuing effort to reduce paperwork and respondent
burden, the Bureau conducts a preclearance consultation program to
provide the general public and Federal agencies with an opportunity to
comment on the information collection requirements in accordance with
the PRA. This helps ensure that the public understands the Bureau's
requirements or instructions, respondents can provide the requested
data in the desired format, reporting burden (time and financial
resources) is minimized, information collection instruments are clearly
understood, and the Bureau can properly assess the impact of
information collection requirements on respondents.
The proposed rule would amend 12 CFR part 1002 (Regulation B),
which implements ECOA. The Bureau's OMB control number for Regulation B
is 3170-0013. This proposed rule would revise the information
collection requirements contained in Regulation B that OMB has approved
under that OMB control number.
Under the proposal, the Bureau would amend one information
collection requirement in Regulation B: Compilation of reportable data
(proposed Sec. 1002.107), including a notice requirement (in proposed
Sec. 1002.107(a)(18) and (19)).
The information collection requirements in Regulation B, as amended
by this proposed rule, would be mandatory. Certain data fields would be
modified or deleted by the Bureau, in its discretion, to advance a
privacy interest before the data are made available to the public (as
permitted by section 1071 and the Bureau's rule). The data that are not
modified or deleted would be made available to the public and are not
considered confidential. The rest of the data would be considered
confidential if the information:
Identifies any natural persons who might not be applicants
(e.g., owners of a business where a legal entity is the applicant); or
Implicates the privacy interests of financial
institutions.
The collections of information contained in this proposed rule, and
identified as such, have been submitted to OMB for review under section
3507(d) of the PRA. A complete description of the information
collection requirements (including the burden estimate methods) is
provided in the information collection request (ICR) that the Bureau
has submitted to OMB under the requirements of the PRA. Please send
your comments to the Office of Information and Regulatory Affairs, OMB,
Attention: Desk Officer for the Consumer Financial Protection Bureau.
Send these comments by email to [email protected] or by fax
to 202-395-6974. If you wish to share your comments with the Bureau,
please send a copy of these comments as described in the ADDRESSES
section above. The ICR submitted to OMB requesting approval under the
PRA for the information collection requirements contained herein is
available at www.regulations.gov as well as on OMB's public-facing
docket at www.reginfo.gov.
Title of Collection: Regulation B: Equal Credit Opportunity Act.
OMB Control Number: 3170-0013.
Type of Review: Revision of a currently approved collection.
Affected Public: Private Sector; Federal and State Governments.
Estimated Number of Respondents: 188,800.
Estimated Total Annual Burden Hours: 5,921,9579.
Comments are invited on: (a) Whether the collection of information
is necessary for the proper performance of the functions of the Bureau,
including whether the information will have practical utility; (b) the
accuracy of the Bureau's estimate of the burden of the collection of
information, including the validity of the methods and the assumptions
used; (c) ways to enhance the quality, utility, and clarity of the
information to be collected; and (d) ways to minimize the burden of the
collection of information on respondents, including through the use of
automated collection techniques or other forms of information
technology. Comments submitted in response to this proposal will be
summarized and/or included in the request for OMB approval. All
comments will become a matter of public record.
[[Page 50992]]
If applicable, the notice of final rule will display the control
number assigned by OMB to any information collection requirements
proposed herein and adopted in the final rule.
VII. Regulatory Review
Executive Orders 12866 and 13563 direct agencies to assess all
costs and benefits of available regulatory alternatives and, if
regulation is necessary, to select those regulatory approaches that
maximize net benefits (including potential economic, environmental,
public health and safety, and other advantages; and distributive
impacts). Section 3(f) of Executive Order 12866 defines a ``significant
regulatory action'' as any regulatory action that is likely to result
in a rule that may: (1) have an annual effect on the economy of $100
million or more or adversely affect in a material way the economy, a
sector of the economy, productivity, competition, jobs, the
environment, public health or safety, or State, local, or tribal
governments or communities; (2) create a serious inconsistency or
otherwise interfere with an action taken or planned by another agency;
(3) materially alter the budgetary impact of entitlements, grants, user
fees, or loan programs or the rights and obligations of recipients
thereof; or (4) raise novel legal or policy issues arising out of legal
mandates, or the President's priorities. The Office of Information and
Regulatory Affairs (OIRA), within the Office of Management and Budget
(OMB), has determined that this action is a ``significant regulatory
action'' under Executive Order 12866. Accordingly, OMB has reviewed
this action.
List of Subjects in 12 CFR Part 1002
Banks, Banking, Civil rights, Consumer protection, Credit, Credit
unions, Marital status discrimination, National banks, Penalties.
Authority and Issuance
For the reasons set forth in the preamble, the Bureau proposes to
amend Regulation B, 12 CFR part 1002, as set forth below:
PART 1002--EQUAL CREDIT OPPORTUNITY ACT (REGULATION B)
0
1. The authority citation for part 1002 continues to read as follows:
Authority: 12 U.S.C. 5512, 5581; 15 U.S.C. 1691b. Subpart B is
also issued under 15 U.S.C. 1691c-2.
Subpart A--General
0
2. Amend Sec. 1002.5 by revising paragraphs (a)(4)(vii) through (x) as
follows:
Sec. 1002.5 Rules concerning requests for information.
(a) * * *
(4) * * *
(vii) A creditor that was required to report small business lending
data pursuant to Sec. 1002.109 for any of the preceding five calendar
years but is not currently a covered financial institution under Sec.
1002.105(b) may collect information pursuant to subpart B of this part
for covered applications from small businesses as defined in Sec. Sec.
1002.103 and 1002.106(b) regarding whether an applicant is a minority-
owned business or a women-owned business, and the ethnicity, race, and
sex of the applicant's principal owners if it complies with the
requirements for covered financial institutions pursuant to Sec. Sec.
1002.107(a)(18) and (19), 1002.108, 1002.111, and 1002.112 for that
application. Such a creditor is permitted, but not required, to report
data to the Bureau collected pursuant to subpart B of this part if it
complies with the requirements of subpart B as otherwise required for
covered financial institutions pursuant to Sec. Sec. 1002.109 and
1002.110.
(viii) A creditor that exceeded the loan-volume threshold in the
first year of the two-year threshold period provided in Sec.
1002.105(b) may, in the second year, collect information pursuant to
subpart B of this part for covered applications from small businesses
as defined in Sec. Sec. 1002.103 and 1002.106(b) regarding whether an
applicant is a minority-owned business or a women-owned business, and
the ethnicity, race, and sex of the applicant's principal owners if it
complies with the requirements for covered financial institutions
pursuant to Sec. Sec. 1002.107(a)(18) and (19), 1002.108, 1002.111,
and 1002.112 for that application. Such a creditor is permitted, but
not required, to report data to the Bureau collected pursuant to
subpart B of this part if it complies with the requirements of subpart
B as otherwise required for covered financial institutions pursuant to
Sec. Sec. 1002.109 and 1002.110.
(ix) A creditor that is not currently a covered financial
institution under Sec. 1002.105(b), and is not otherwise a creditor to
which Sec. 1002.5(a)(4)(vii) or (viii) applies, may collect
information pursuant to subpart B of this part for covered applications
from small businesses as defined in Sec. Sec. 1002.103 and 1002.106(b)
regarding whether an applicant for a covered credit transaction is a
minority-owned business or a women-owned business, and the ethnicity,
race, and sex of the applicant's principal owners for a transaction if
it complies with the requirements for covered financial institutions
pursuant to Sec. Sec. 1002.107 through 1002.112 for that application.
(x) A creditor that is collecting information pursuant to subpart B
of this part or as described in paragraphs (a)(4)(vii) through (ix) of
this section for covered applications from small businesses as defined
in Sec. Sec. 1002.103 and 1002.106(b) regarding whether an applicant
for a covered credit transaction is a minority-owned business or a
women-owned business, and the ethnicity, race, and sex of the
applicant's principal owners may also collect that same information for
any co-applicants provided that it also complies with the relevant
requirements of subpart B of this part or as described in paragraphs
(a)(4)(vii) through (ix) of this section with respect to those co-
applicants.
* * * * *
Subpart B--Small Business Lending Data Collection
0
3. Amend Sec. 1002.101 by removing and reserving paragraphs (k) and
(l).
0
4. Amend Sec. 1002.104 by adding paragraphs (b)(7) through (9) as
follows:
Sec. 1002.104 Covered credit transactions and excluded transactions.
* * * * *
(b) * * *
(7) Merchant cash advance. An agreement under which a small
business receives a lump-sum payment in exchange for the right to
receive a percentage of the small business's future sales or income up
to a ceiling amount.
(8) Agricultural lending. A transaction to fund the production of
crops, fruits, vegetables, and livestock, or to fund the purchase or
refinance of capital assets such as farmland, machinery and equipment,
breeder livestock, and farm real estate improvements.
(9) Small dollar business credit--(i) A transaction in an amount of
$1,000 or less.
(ii) Inflation adjustment. Every 5 years after January 1, 2030, the
transaction amount set forth in paragraph (b)(9) of this section shall
adjust based on changes to the Consumer Price Index for All Urban
Consumers (U.S. city average series for all items, not seasonally
adjusted), as published by the United States Bureau of Labor
Statistics. Any adjustment that takes effect under this
[[Page 50993]]
paragraph shall be rounded to the nearest multiple of $100. If an
adjustment is to take effect, it will do so on January 1 of the
following calendar year.
0
5. Amend Sec. 1002.105 by revising paragraph (b) as follows:
Sec. 1002.105 Covered financial institutions and exempt institutions.
* * * * *
(b) Covered financial institution means a financial institution,
other than a Farm Credit System lender, that originated at least 1,000
covered credit transactions for small businesses in each of the two
preceding calendar years.
0
6. Amend Sec. 1002.106 by revising paragraph (b) as follows:
Sec. 1002.106 Business and small business.
* * * * *
(b) Small business definition--(1) Small business has the same
meaning as the term ``small business concern'' in 15 U.S.C. 632(a), as
implemented in 13 CFR 121.101 through 121.107. Notwithstanding the size
standards set forth in 13 CFR 121.201, for purposes of this subpart, a
business is a small business if its gross annual revenue, as defined in
Sec. 1002.107(a)(14), for its preceding fiscal year is $1 million or
less.
(2) Inflation adjustment. Every 5 years after January 1, 2030, the
gross annual revenue threshold set forth in paragraph (b)(1) of this
section shall adjust based on changes to the Consumer Price Index for
All Urban Consumers (U.S. city average series for all items, not
seasonally adjusted), as published by the United States Bureau of Labor
Statistics. Any adjustment that takes effect under this paragraph shall
be rounded to the nearest multiple of $100,000. If an adjustment is to
take effect, it will do so on January 1 of the following calendar year.
0
7. Amend Sec. 1002.107 by removing and reserving paragraphs (a)(3),
(4), (11), (12), and (16), (c)(2)(i) and (iii), and (c)(3) and (4), and
by revising paragraphs (a)(18), (19), (c)(1), (d) introductory text,
and (d)(1) as follows:
Sec. 1002.107 Compilation of reportable data.
(a) * * *
(18) Minority-owned and women-owned business statuses. Whether the
applicant is a minority-owned and/or women-owned business. When
requesting minority-owned and women-owned business statuses from an
applicant, the financial institution shall inform the applicant that
the financial institution cannot discriminate on the basis of minority-
owned or women-owned business statuses, or on whether the applicant
provides this information. The financial institution must also inform
the applicant of its right to refuse to provide this information.
(19) Ethnicity, race, and sex of principal owners. The ethnicity,
race, and sex of the applicant's principal owners. When requesting
ethnicity, race, and sex information from an applicant, the financial
institution shall inform the applicant that the financial institution
cannot discriminate on the basis of a principal owner's ethnicity,
race, or sex, or on whether the applicant provides this information.
The financial institution must also inform the applicant of its right
to refuse to provide this information.
* * * * *
(c) * * *
(1) In general. A covered financial institution shall maintain
procedures to collect applicant-provided data under paragraph (a) of
this section and shall otherwise maintain procedures to collect such
data at a time and in a manner that are reasonably designed to obtain a
response.
* * * * *
(d) Previously collected data. A covered financial institution is
permitted, but not required, to reuse previously collected data to
satisfy paragraphs (a)(13) through (15) and (16) through (20) of this
section if:
(1) To satisfy paragraphs (a)(13), (15), and (17) through (20) of
this section, the data were collected within the 36 months preceding
the current covered application, or to satisfy paragraph (a)(14) of
this section, the data were collected within the same calendar year as
the current covered application; and
* * * * *
0
8. Amend Sec. 1002.108 by revising paragraphs (b) and (d) as follows:
Sec. 1002.108 Firewall.
* * * * *
(b) Prohibition on access to certain information. Unless the
exception under paragraph (c) of this section applies, an employee or
officer of a covered financial institution or a covered financial
institution's affiliate shall not have access to an applicant's
responses to inquiries that the financial institution makes pursuant to
this subpart regarding whether the applicant is a minority-owned
business or a women-owned business under Sec. 1002.107(a)(18), and
regarding the ethnicity, race, and sex of the applicant's principal
owners under Sec. 1002.107(a)(19), if that employee or officer is
involved in making any determination concerning that applicant's
covered application.
* * * * *
(d) Notice. In order to satisfy the exception set forth in
paragraph (c) of this section, a financial institution shall provide a
notice to each applicant whose responses will be accessed, informing
the applicant that one or more employees or officers involved in making
determinations concerning the covered application may have access to
the applicant's responses to the financial institution's inquiries
regarding whether the applicant is a minority-owned business or a
women-owned business, and regarding the ethnicity, race, and sex of the
applicant's principal owners. The financial institution shall provide
the notice required by this paragraph (d) when making the inquiries
required under Sec. 1002.107(a)(18) and (19) and together with the
notices required pursuant to Sec. 1002.107(a)(18) and (19).
0
9. Amend Sec. 1002.111 by revising paragraph (b) as follows:
Sec. 1002.111 Recordkeeping.
* * * * *
(b) Certain information kept separate from the rest of the
application. A financial institution shall maintain, separately from
the rest of the application and accompanying information, an
applicant's responses to the financial institution's inquiries pursuant
to this subpart regarding whether an applicant for a covered credit
transaction is a minority-owned business and/or a women-owned business
under Sec. 1002.107(a)(18), and regarding the ethnicity, race, and sex
of the applicant's principal owners under Sec. 1002.107(a)(19).
* * * * *
0
10. Amend Sec. 1002.112 by revising paragraph (c)(4) as follows:
Sec. 1002.112 Enforcement.
* * * * *
(c) * * *
(4) Incorrect determination of small business status, covered
credit transaction, or covered application. A financial institution
that initially collects data regarding whether an applicant for a
covered credit transaction is a minority-owned business or a women-
owned business and the ethnicity, race, and sex of the applicant's
principal owners pursuant to Sec. 1002.107(a)(18) and (19) but later
concludes that it should not have collected such data does not violate
the Act or this regulation if the financial institution, at the time it
collected this data, had a reasonable basis for believing that the
application was a
[[Page 50994]]
covered application for a covered credit transaction from a small
business pursuant to Sec. Sec. 1002.103, 1002.104, and 1002.106,
respectively. A financial institution seeking to avail itself of this
safe harbor shall comply with the requirements of this subpart as
otherwise required pursuant to Sec. Sec. 1002.107, 1002.108, and
1002.111 with respect to the collected data.
* * * * *
0
11. Amend Sec. 1002.114 by removing and reserving paragraphs (b)(2)
and (3), and (c)(3), and by revising paragraphs (b)(1) and (4), and
(c)(1) and (2).
Sec. 1002.114 Effective date, compliance date, and special
transitional rules.
* * * * *
(b) * * *
(1) A covered financial institution that originated at least 1,000
covered credit transactions for small businesses in each of calendar
years 2026 and 2027 shall comply with the requirements of this subpart
beginning January 1, 2028.
* * * * *
(4) A financial institution that did not originate at least 1,000
covered credit transactions for small businesses in each of calendar
years 2026 and 2027, but subsequently originates at least 1,000 such
transactions in two consecutive calendar years shall comply with the
requirements of this subpart in accordance with Sec. 1002.105(b), but
in any case no earlier than January 1, 2029.
(c) Special transitional rules--(1) Collection of certain
information prior to the compliance date. A financial institution that
reasonably anticipates being a covered financial institution as
described in paragraph (b)(1) of this section is permitted, but not
required, to collect information regarding whether an applicant for a
covered credit transaction is a minority-owned business and/or a women-
owned business under Sec. 1002.107(a)(18), and the ethnicity, race,
and sex of the applicant's principal owners under Sec. 1002.107(a)(19)
beginning 12 months prior to the compliance date as set forth in
paragraph (b)(1) of this section. A financial institution collecting
such information pursuant to this paragraph (c)(1) must do so in
accordance with the requirements set out in Sec. Sec. 1002.107(a)(18)
and (19), 1002.108, and 1002.111(b) and (c).
(2) Determining which compliance date applies to a financial
institution that does not collect information sufficient to determine
small business status. A financial institution that is unable to
determine the number of covered credit transactions it originated for
small businesses in each of calendar years 2026 and 2027 for purposes
of determining its compliance date pursuant to paragraph (b) of this
section, because for some or all of this period it does not have
readily accessible the information needed to determine whether its
covered credit transactions were originated for small businesses as
defined in Sec. 1002.106(b), is permitted to use any reasonable method
to estimate its originations to small businesses for either or both of
the calendar years 2026 and 2027.
* * * * *
0
12. Amend Appendices E and F by revising them as follows:
Appendix E to Part 1002--Sample Form for Collecting Certain Applicant-
Provided Data Under Subpart B
BILLING CODE 4810-AM-P
[[Page 50995]]
[GRAPHIC] [TIFF OMITTED] TP13NO25.000
[[Page 50996]]
[GRAPHIC] [TIFF OMITTED] TP13NO25.001
BILLING CODE 4810-AM-C
Appendix F to Part 1002--Tolerances for Bona Fide Errors in Data
Reported Under Subpart B
As set out in Sec. 1002.112(b) and in comment 112(b)-1, a
financial institution is presumed to maintain procedures reasonably
adapted to avoid errors with respect to a given data field if the
number of errors found in a random sample of a financial
institution's data submission for a given data field do not equal or
exceed the threshold in column C of the following table (Table 1,
Tolerance Thresholds for Bona Fide Errors):
[[Page 50997]]
Table 1 to Appendix F--Tolerance Thresholds for Bona Fide Errors
----------------------------------------------------------------------------------------------------------------
Random sample Threshold (#) Threshold (%)
Small business lending application register count (A) size (B) (C) (D)
----------------------------------------------------------------------------------------------------------------
1,000-100,000................................................... 79 4 5.1
100,001+........................................................ 159 4 2.5
----------------------------------------------------------------------------------------------------------------
The size of the random sample, under column B, shall depend on
the size of the financial institution's small business lending
application register, as shown in column A of the Threshold Table.
The thresholds in column C of the Threshold Table reflect the
number of unintentional errors a financial institution may make
within a particular data field (e.g., the credit product data field
within the credit type data point or the sex data field for a
particular principal owner within the ethnicity, race, and sex of
principal owners data point) in a small business lending application
register that would be deemed bona fide errors for purposes of Sec.
1002.112(b).
For instance, a financial institution that submitted a small
business lending application register containing 11,000 applications
would be subject to a threshold of four errors per data field. If
the financial institution had made two errors in reporting loan
amount and two errors reporting gross annual income, all of these
errors would be covered by the bona fide error provision of Sec.
1002.112(b) and would not constitute a violation of the Act or this
part. If the same financial institution had made five errors in
reporting loan amount and two errors reporting gross annual revenue,
the bona fide error provision of Sec. 1002.112(b) would not apply
to the five loan amount errors but would still apply to the two
gross annual revenue errors.
Even when the number of errors in a particular data field do not
equal or exceed the threshold in column C, if either there is a
reasonable basis to believe that errors in that field were
intentional or there is evidence that the financial institution did
not maintain procedures reasonably adapted to avoid such errors,
then the errors are not bona fide errors under Sec. 1002.112(b).
For purposes of determining bona fide errors under Sec.
1002.112(b), the term ``data field'' generally refers to individual
fields. Some data fields may allow for more than one response. For
example, with respect to information on the ethnicity or race of an
applicant's principal owners, a data field may identify more than
one race or more than one ethnicity for a given person. If one or
more of the ethnicities or races identified in a data field are
erroneous, they count as one (and only one) error for that data
field.
* * * * *
0
13. In Supplement I to part 1002:
0
a. Under Section 1002.5--Rules Concerning Requests for Information,
revise 5(a)(2) Required Collection of Information.
0
b. Under Section 1002.102--Definitions, remove 102(l) LGBTQI+-Owned
Business and revise 102(o) Principal Owner.
0
c. Under Section 1002.104--Covered Credit Transactions and Excluded
Transactions, revise 104(a) Covered Credit Transaction and 104(b)
Excluded Transactions, and add 104(b)(9) Small dollar business credit
transactions.
0
d. Under Section 1002.105--Covered Financial Institutions and Exempt
Institutions, revise 105(a) Financial Institution and 105(b) Covered
Financial Institution.
0
e. Under Section 1002.106--Business and Small Business, revise
106(b)(1) Small Business and 106(b)(2) Inflation Adjustment.
0
f. Under Section 1002.107--Compilation of Reportable Data, remove
107(a)(3) Application Method, 107(a)(4) Application Recipient,
107(a)(11) Denial Reasons, 107(a)(12) Pricing Information,
107(a)(12)(i) Interest Rate, 107(a)(12)(ii) Total Origination Charges,
107(a)(12)(iii) Broker Fees, 107(a)(12)(iv) Initial Annual Charges,
107(a)(12)(v) Additional Cost for Merchant Cash Advances or Other
Sales-Based Financing, 107(a)(12)(vi) Prepayment Penalties, 107(a)(16)
Number of Workers, 107(c)(3) Procedures To Monitor Compliance,
107(c)(4) Low Response Rates, and revise 107(a)(2) Application Date,
107(a)(5) Credit Type, 107(a)(18) Minority-Owned, Women-Owned, and
LGBTQI+-Owned Business Statuses including the heading, 107(a)(19)
Ethnicity, Race, and Sex of Principal Owners, 107(b) Reliance on and
Verification of Applicant-Provided Data, 107(c)(1) In General,
107(c)(2) Applicant-Provided Data Collected Directly From the
Applicant, and 107(d) Previously Collected Data.
0
g. Under Section 1002.108--Firewall, revise 108(b) Prohibition on
Access to Certain Information and 108(d) Notice.
0
h. Under Section 1002.109--Reporting of Data to the Bureau, revise
109(a)(3) Reporting Obligations Where Multiple Financial Institutions
Are Involved in a Covered Credit Transaction, 109(b) Financial
Institution Identifying Information, and Paragraph 109(b)(9).
0
i. Under Section 1002.112--Enforcement, revise 112(c) Safe Harbors.
0
j. Under Section 1002.114--Effective Date, Compliance Date, and Special
Transition Rules, revise 114(b) Compliance Date and 114(c) Special
Transition Rules.
The revisions read as follows:
Supplement I to Part 1002--Official Interpretations
Section 1002.5--Rules Concerning Requests for Information
* * * * *
5(a)(2) Required Collection of Information
1. Local laws. Information that a creditor is allowed to collect
pursuant to a ``state'' statute or regulation includes information
required by a local statute, regulation, or ordinance.
2. Information required by Regulation C. Regulation C, 12 CFR
part 1003, generally requires creditors covered by the Home Mortgage
Disclosure Act (HMDA) to collect and report information about the
race, ethnicity, and sex of applicants for certain dwelling-secured
loans, including some types of loans not covered by Sec. 1002.13.
3. Collecting information on behalf of creditors. Persons such
as loan brokers and correspondents do not violate the ECOA or
Regulation B if they collect information that they are otherwise
prohibited from collecting, where the purpose of collecting the
information is to provide it to a creditor that is subject to
subpart B of this part, the Home Mortgage Disclosure Act, or another
Federal or State statute or regulation requiring data collection.
4. Information required by subpart B. Subpart B of this part
generally requires creditors that are covered financial institutions
as defined in Sec. 1002.105(b) to collect and report information
about the ethnicity, race, and sex of the principal owners of
applicants for certain small business credit, as well as whether the
applicant is a minority-owned business or a women-owned business, as
defined in Sec. 1002.102(m) and (s), respectively.
* * * * *
Section 1002.102--Definitions
* * * * *
102(o) Principal Owner
1. Individual. Only an individual can be a principal owner of a
business for purposes of subpart B of this part. Entities, such as
trusts, partnerships, limited liability companies, and corporations,
are not principal owners for this purpose. Additionally, an
individual must directly own an equity share of 25 percent or more
in the business in order to be a principal owner. Unlike the
determination of ownership for purposes of collecting and reporting
minority-owned business status and women-owned business
[[Page 50998]]
status, indirect ownership is not considered when determining if
someone is a principal owner for purposes of collecting and
reporting principal owners' ethnicity, race, and sex or the number
of principal owners. Thus, when determining who is a principal
owner, ownership is not traced through multiple corporate structures
to determine if an individual owns 25 percent or more of the equity
interests. For example, if individual A directly owns 20 percent of
a business, individual B directly owns 20 percent, and partnership C
owns 60 percent, the business does not have any owners who satisfy
the definition of principal owner set forth in Sec. 1002.102(o),
even if individual A and individual B are the only partners in the
partnership C. Similarly, if individual A directly owns 30 percent
of a business, individual B directly owns 20 percent, and trust D
owns 50 percent, individual A is the only principal owner as defined
in Sec. 1002.102(o), even if individual B is the sole trustee of
trust D.
2. Trustee. Although a trust is not considered a principal owner
of a business for the purposes of subpart B, if the applicant for a
covered credit transaction is a trust, a trustee is considered the
owner of the trust. Thus, if a trust is an applicant for a covered
credit transaction and the trust has two co-trustees, each co-
trustee is considered to own 50 percent of the business and would
each be a principal owner as defined in Sec. 1002.102(o). In
contrast, if the trust has five co-trustees, each co-trustee is
considered to own 20 percent of the business and would not meet the
definition of principal owner under Sec. 1002.102(o).
3. Purpose of definition. A financial institution shall provide
an applicant with the definition of principal owner when asking the
applicant to provide the number of its principal owners pursuant to
Sec. 1002.107(a)(20) and the ethnicity, race, and sex of its
principal owners pursuant to Sec. 1002.107(a)(19). See comments
107(a)(19)-2 and 107(a)(20)-1.
* * * * *
Section 1002.104--Covered Credit Transactions and Excluded
Transactions
104(a) Covered Credit Transaction
1. General. The term ``covered credit transaction'' includes all
business credit (including loans, lines of credit, and credit cards)
unless otherwise excluded under Sec. 1002.104(b).
104(b) Excluded Transactions
1. Factoring. The term ``covered credit transaction'' does not
cover factoring as described herein. For the purpose of this
subpart, factoring is an accounts receivable purchase transaction
between businesses that includes an agreement to purchase, transfer,
or sell a legally enforceable claim for payment for goods that the
recipient has supplied or services that the recipient has rendered
but for which payment in full has not yet been made. The name used
by the financial institution for a product is not determinative of
whether or not it is a ``covered credit transaction.'' This
description of factoring is not intended to repeal, abrogate, annul,
impair, or interfere with any existing interpretations, orders,
agreements, ordinances, rules, or regulations adopted or issued
pursuant to comment 9(a)(3)-3. A financial institution shall report
an extension of business credit incident to a factoring arrangement
that is otherwise a covered credit transaction as ``Other sales-
based financing transaction'' under Sec. 1002.107(a)(5).
2. Leases. The term ``covered credit transaction'' does not
cover leases as described herein. A lease, for the purpose of this
subpart, is a transfer from one business to another of the right to
possession and use of goods for a term, and for primarily business
or commercial (including agricultural) purposes, in return for
consideration. A lease does not include a sale, including a sale on
approval or a sale or return, or a transaction resulting in the
retention or creation of a security interest. The name used by the
financial institution for a product is not determinative of whether
or not it is a ``covered credit transaction.''
3. Consumer-designated credit. The term ``covered credit
transaction'' does not include consumer-designated credit that is
used for business purposes. A transaction qualifies as consumer-
designated credit if the financial institution offers or extends the
credit primarily for personal, family, or household purposes. For
example, an open-end credit account used for both personal and
business purposes is not business credit for the purpose of subpart
B of this part unless the financial institution designated or
intended for the primary purpose of the account to be business-
related.
4. Credit transaction purchases, purchases of an interest in a
pool of credit transactions, and purchases of a partial interest in
a credit transaction. The term ``covered credit transaction'' does
not cover the purchase of an originated credit transaction, the
purchase of an interest in a pool of credit transactions, or the
purchase of a partial interest in a credit transaction such as
through a loan participation agreement. Such purchases do not, in
themselves, constitute an application for credit. See also comment
109(a)(3)-2.i.
* * * * *
104(b)(9) Small Dollar Business Credit Transactions
1. General. Small dollar business credit transactions, as
defined in Sec. 1002.104(b)(9), are excluded from the definition of
a covered credit transaction. Applications that are originated or
approved but not accepted satisfy this exclusion if the amount
originated or approved is $1,000 or less. Applications that are
denied, withdrawn, or incomplete satisfy this exclusion if the
amount applied for is $1,000 or less. If the particular type of
credit product applied for does not involve a specific amount
requested, and the financial institution as matter of general
practice does not originate that particular type of credit product
in amounts of $1,000 or less, the application cannot be treated as a
small dollar business credit transaction. See comment 107(a)(7)-2.
2. Inflation adjustment methodology. The small dollar business
credit transaction amount set forth in Sec. 1002.104(b)(9)(ii) will
be adjusted upward or downward to reflect changes, if any, in the
Consumer Price Index for All Urban Consumers (U.S. city average
series for all items, not seasonally adjusted), as published by the
United States Bureau of Labor Statistics (``CPI-U''). The base for
computing each adjustment is the January 2030 CPI-U; this base value
shall be compared to the CPI-U value in January 2035 and every five
years thereafter. For example, after the January 2035 CPI-U is made
available, the adjustment is calculated by determining the
percentage change in the CPI-U between January 2030 and January
2035, applying this change to the $1,000 small dollar business
transaction amount, and rounding to the nearest $100. If, as a
result of this rounding, there is no change in the transaction
amount, there will be no adjustment. For example, if in January 2035
the adjusted value were $950 (reflecting a $50 decrease from January
2030 CPI-U), then the transaction amount would not adjust because
$950 would be rounded up to $1,000. If on the other hand, the
adjusted value were $1,120, then the transaction amount would adjust
to $1,100. Where the adjusted value is a multiple of $50 (e.g.,
$1,050), then the transaction amount adjusts upward.
2. Substitute for CPI-U. If publication of the CPI-U ceases, or
if the CPI-U otherwise becomes unavailable or is altered in such a
way as to be unusable, then the Bureau shall substitute another
reliable cost of living indicator from the United States Government
for the purpose of calculating adjustments pursuant to Sec.
1002.104(b)(9)(ii).
Section 1002.105--Covered Financial Institutions and Exempt
Institutions
105(a) Financial Institution
1. Examples. Section 1002.105(a) defines a financial institution
as any partnership, company, corporation, association (incorporated
or unincorporated), trust, estate, cooperative organization, or
other entity that engages in any financial activity. This definition
includes, but is not limited to, banks, savings associations, credit
unions, online lenders, platform lenders, community development
financial institutions, lenders involved in equipment and vehicle
financing (captive financing companies and independent financing
companies), commercial finance companies, organizations exempt from
taxation pursuant to 26 U.S.C. 501(c), and governments or
governmental subdivisions or agencies.
2. Motor vehicle dealers. Pursuant to Sec. 1002.101(a), subpart
B of this part excludes from coverage persons defined by section
1029 of the Consumer Financial Protection Act of 2010, title X of
the Dodd-Frank Wall Street Reform and Consumer Protection Act,
Public Law 111-203, 124 Stat. 1376, 2004 (2010).
105(b) Covered Financial Institution
1. Preceding calendar year. The definition of covered financial
institution refers to preceding calendar years. For example, in
2029, the two preceding calendar years are 2027 and 2028.
Accordingly, in 2029, Financial Institution A does not meet the
loan-volume threshold in Sec. 1002.105(b) if did not originate at
least 1,000 covered credit
[[Page 50999]]
transactions for small businesses both during 2027 and during 2028.
2. Origination threshold. A financial institution qualifies as a
covered financial institution based on total covered credit
transactions originated for small businesses, rather than covered
applications received from small businesses. For example, if in both
2028 and 2029, Financial Institution B received 1,100 covered
applications from small businesses and originated 900 covered credit
transactions for small businesses, then for 2029, Financial
Institution B is not a covered financial institution.
3. Counting originations when multiple financial institutions
are involved in originating a covered credit transaction. For the
purpose of counting originations to determine whether a financial
institution is a covered financial institution under Sec.
1002.105(b), in a situation where multiple financial institutions
are involved in originating a single covered credit transaction,
only the last financial institution with authority to set the
material terms of the covered credit transaction is required to
count the origination.
4. Counting originations after adjustments to the gross annual
revenue threshold due to inflation. Pursuant to Sec.
1002.106(b)(2), every five years, the gross annual revenue threshold
used to define a small business in Sec. 1002.106(b)(1) shall be
adjusted, if necessary, to account for inflation. The first time
such an adjustment could occur is in 2035, with an effective date of
January 1, 2036. A financial institution seeking to determine
whether it is a covered financial institution applies the gross
annual revenue threshold that is in effect for each year it is
evaluating. For example, a financial institution seeking to
determine whether it is a covered financial institution in 2037
counts its originations of covered credit transactions for small
businesses in calendar years 2035 and 2036. The financial
institution applies the initial $1 million threshold to evaluate
whether its originations were to small businesses in 2035. In this
example, if the small business threshold were increased to $1.1
million effective January 1, 2036, the financial institution applies
the $1.1 million threshold to count its originations for small
businesses in 2036.
5. Reevaluation, extension, or renewal requests, as well as
credit line increases and other requests for additional credit
amounts. While requests for additional credit amounts on an existing
account can constitute a ``covered application'' pursuant to Sec.
1002.103(b)(1), such requests are not counted as originations for
the purpose of determining whether a financial institution is a
covered financial institution pursuant to Sec. 1002.105(b). In
addition, transactions that extend, renew, or otherwise amend a
transaction are not counted as originations. For example, if a
financial institution originates 600 term loans and 250 lines of
credit for small businesses in each of the preceding two calendar
years, along with 100 line increases for small businesses in each of
those years, the financial institution is not a covered financial
institution because it has not originated at least 1,000 covered
credit transactions in each of the two preceding calendar years.
6. Annual consideration. Whether a financial institution is a
covered financial institution for a particular year depends on its
small business lending activity in the preceding two calendar years.
Therefore, whether a financial institution is a covered financial
institution is an annual consideration for each year that data may
be compiled and maintained for purposes of subpart B of this part. A
financial institution may be a covered financial institution for a
given year of data collection (and the obligations arising from
qualifying as a covered financial institution shall continue into
subsequent years, pursuant to Sec. Sec. 1002.110 and 1002.111), but
the same financial institution may not be a covered financial
institution for the following year of data collection. For example,
Financial Institution C originated 1,100 covered transactions for
small businesses in both 2027 and 2028. In 2029, Financial
Institution C is a covered financial institution and therefore is
obligated to compile and maintain applicable 2029 small business
lending data under Sec. 1002.107(a). During 2029, Financial
Institution C originates 900 covered transactions for small
businesses. In 2030, Financial Institution C is not a covered
financial institution with respect to 2030 small business lending
data, and is not obligated to compile and maintain 2030 data under
Sec. 1002.107(a) (although Financial Institution C may volunteer to
collect and maintain 2030 data pursuant to Sec. 1002.5(a)(4)(vii)
and as explained in comment 105(b)-10). Pursuant to Sec.
1002.109(a), Financial Institution C shall submit its small business
lending application register for 2029 data in the format prescribed
by the Bureau by June 1, 2030 because Financial Institution C is a
covered financial institution with respect to 2029 data, and the
data submission deadline of June 1, 2030 applies to 2029 data.
7. Merger or acquisition--coverage of surviving or newly formed
institution. After a merger or acquisition, the surviving or newly
formed financial institution is a covered financial institution
under Sec. 1002.105(b) if it, considering the combined lending
activity of the surviving or newly formed institution and the merged
or acquired financial institutions (or acquired branches or
locations), satisfies the criteria included in Sec. 1002.105(b).
For example, Financial Institutions A and B merge. The surviving or
newly formed financial institution meets the threshold in Sec.
1002.105(b) if the combined previous components of the surviving or
newly formed financial institution (A plus B) would have originated
at least 1,000 covered credit transactions for small businesses for
each of the two preceding calendar years. Similarly, if the combined
previous components and the surviving or newly formed financial
institution would have reported at least 1,000 covered transactions
for small businesses for the year previous to the merger as well as
1,000 covered transactions for small businesses for the year of the
merger, the threshold described in Sec. 1002.105(b) would be met
and the surviving or newly formed financial institution would be a
covered institution under Sec. 1002.105(b) for the year following
the merger. Comment 105(b)-8 discusses a financial institution's
responsibilities with respect to compiling and maintaining (and
subsequently reporting) data during the calendar year of a merger.
8. Merger or acquisition--coverage specific to the calendar year
of the merger or acquisition. The scenarios described below
illustrate a financial institution's responsibilities specifically
for data from the calendar year of a merger or acquisition. For
purposes of these illustrations, an ``institution that is not
covered'' means either an institution that is not a financial
institution, as defined in Sec. 1002.105(a), or a financial
institution that is not a covered financial institution, as defined
in Sec. 1002.105(b).
i. Two institutions that are not covered financial institutions
merge. The surviving or newly formed institution meets all of the
requirements necessary to be a covered financial institution. No
data are required to be compiled, maintained, or reported for the
calendar year of the merger (even though the merger creates an
institution that meets all of the requirements necessary to be a
covered financial institution).
ii. A covered financial institution and an institution that is
not covered merge. The covered financial institution is the
surviving institution, or a new covered financial institution is
formed. For the calendar year of the merger, data are required to be
compiled, maintained, and reported for covered applications from the
covered financial institution and is optional for covered
applications from the financial institution that was previously not
covered.
iii. A covered financial institution and an institution that is
not covered merge. The institution that is not covered is the
surviving institution and remains not covered after the merger, or a
new institution that is not covered is formed. For the calendar year
of the merger, data are required to be compiled and maintained (and
subsequently reported) for covered applications from the previously
covered financial institution that took place prior to the merger.
After the merger date, compiling, maintaining, and reporting data is
optional for applications from the institution that was previously
covered for the remainder of the calendar year of the merger.
iv. Two covered financial institutions merge. The surviving or
newly formed financial institution is a covered financial
institution. Data are required to be compiled and maintained (and
subsequently reported) for the entire calendar year of the merger.
The surviving or newly formed financial institution files either a
consolidated submission or separate submissions for that calendar
year.
9. Foreign applicability. As discussed in comment 1(a)-2,
Regulation B (including subpart B) generally does not apply to
lending activities that occur outside the United States.
10. Voluntary collection and reporting. Section
1002.5(a)(4)(vii) through (x) permits a creditor that is not a
covered financial institution under Sec. 1002.105(b) to voluntarily
collect and report information regarding covered applications from
small businesses
[[Page 51000]]
in certain circumstances. If a creditor is voluntarily collecting
information for covered applications regarding whether the applicant
is a minority-owned business and/or a women-owned business under
Sec. 1002.107(a)(18), and regarding the ethnicity, race, and sex of
the applicant's principal owners under Sec. 1002.107(a)(19), it
shall do so in compliance with Sec. Sec. 1002.107, 1002.108,
1002.111, 1002.112 as though it were a covered financial
institution. If a creditor is reporting those covered applications
from small businesses to the Bureau, it shall do so in compliance
with Sec. Sec. 1002.109 and 1002.110 as though it were a covered
financial institution.
Section 1002.106--Business and Small Business
106(b) Small Business Definition
106(b)(1) Small Business
1. Change in determination of small business status--business is
ultimately not a small business. If a financial institution
initially determines an applicant is a small business as defined in
Sec. 1002.106 based on available information and collects data
required by Sec. 1002.107(a)(18) and (19) but later concludes that
the applicant is not a small business, the financial institution
does not violate the Act or this regulation if it meets the
requirements of Sec. 1002.112(c)(4). The financial institution
shall not report the application on its small business lending
application register pursuant to Sec. 1002.109.
2. Change in determination of small business status--business is
ultimately a small business. Consistent with comment 107(a)(14)-1, a
financial institution need not independently verify gross annual
revenue. If a financial institution initially determines that the
applicant is not a small business as defined in Sec. 1002.106(b),
but later concludes the applicant is a small business prior to
taking final action on the application, the financial institution
must report the covered application pursuant to Sec. 1002.109. In
this situation, the financial institution shall endeavor to compile,
maintain, and report the data required under Sec. 1002.107(a) in a
manner that is reasonable under the circumstances. For example, if
the applicant initially provides a gross annual revenue of $1.1
million (that is, above the threshold for a small business as
initially defined in Sec. 1002.106(b)(1)), but during the course of
underwriting the financial institution discovers the applicant's
gross annual revenue was in fact $950,000 (meaning that the
applicant is within the definition of a small business under Sec.
1002.106(b)), the financial institution is required to report the
covered application pursuant to Sec. 1002.109. In this situation,
the financial institution shall take reasonable steps upon discovery
to compile, maintain, and report the data necessary under Sec.
1002.107(a) to comply with subpart B of this part for that covered
application. Thus, in this example, even if the financial
institution's procedure is typically to request applicant-provided
data together with the application form, in this circumstance, the
financial institution shall seek to collect the data during the
application process necessary to comply with subpart B in a manner
that is reasonable under the circumstances.
3. Applicant's representations regarding gross annual revenue;
inclusion of affiliate revenue; updated or verified information. A
financial institution is permitted to rely on an applicant's
representations regarding gross annual revenue (which may or may not
include any affiliate's revenue) for purposes of determining small
business status under Sec. 1002.106(b). However, if the applicant
provides updated gross annual revenue information or the financial
institution verifies the gross annual revenue information (see
comment 107(b)-1), the financial institution must use the updated or
verified information in determining small business status.
4. Multiple unaffiliated co-applicants--size determination. The
financial institution shall not aggregate unaffiliated co-
applicants' gross annual revenues for purposes of determining small
business status under Sec. 1002.106(b). If a covered financial
institution receives a covered application from multiple businesses
who are not affiliates, as defined by Sec. 1002.102(a), where at
least one business is a small business under Sec. 1002.106(b), the
financial institution shall compile, maintain, and report data
pursuant to Sec. Sec. 1002.107 through 1002.109 regarding the
covered application for only a single applicant that is a small
business. See comment 103(a)-10 for additional details.
106(b)(2) Inflation Adjustment
1. Inflation adjustment methodology. The small business gross
annual revenue threshold set forth in Sec. 1002.106(b)(1) will be
adjusted upward or downward to reflect changes, if any, in the
Consumer Price Index for All Urban Consumers (U.S. city average
series for all items, not seasonally adjusted), as published by the
United States Bureau of Labor Statistics (``CPI-U''). The base for
computing each adjustment is the January 2030 CPI-U; this base value
shall be compared to the CPI-U value in January 2035 and every five
years thereafter. For example, after the January 2035 CPI-U is made
available, the adjustment is calculated by determining the
percentage change in the CPI-U between January 2030 and January
2035, applying this change to the $1 million gross annual revenue
threshold, and rounding to the nearest $100,000. If, as a result of
this rounding, there is no change in the gross annual revenue
threshold, there will be no adjustment. For example, if in January
2035 the adjusted value were $950,000 (reflecting a $50,000 decrease
from January 2030 CPI-U), then the threshold would not adjust
because $950,000 million would be rounded up to $1 million. If on
the other hand, the adjusted value were $1.12 million, then the
threshold would adjust to $1.1 million. Where the adjusted value is
a multiple of $50,000 (e.g., $1,050,000), then the threshold adjusts
upward.
2. Substitute for CPI-U. If publication of the CPI-U ceases, or
if the CPI-U otherwise becomes unavailable or is altered in such a
way as to be unusable, then the Bureau shall substitute another
reliable cost of living indicator from the United States Government
for the purpose of calculating adjustments pursuant to Sec.
1002.106(b)(2).
Section 1002.107--Compilation of Reportable Data
* * * * *
107(a)(2) Application Date
1. Consistency. Section 1002.107(a)(2) requires that, in
reporting the date of covered application, a financial institution
shall report the date the covered application was received or the
date shown on a paper or electronic application form. Although a
financial institution need not choose the same approach for its
entire small business lending application register, it should
generally be consistent in its approach by, for example,
establishing procedures for how to report this date within
particular scenarios, products, or divisions. If the financial
institution chooses to report the date shown on an application form
and the institution retains multiple versions of the application
form, the institution reports the date shown on the first
application form satisfying the definition of covered application
pursuant to Sec. 1002.103.
2. Application received. For an application submitted directly
to the financial institution or its affiliate, the financial
institution shall report the date it received the covered
application, as defined under Sec. 1002.103, or the date shown on a
paper or electronic application form. For an application initially
submitted to a third party, see comment 107(a)(2)-3.
3. Indirect applications. For an application that was not
submitted directly to the financial institution or its affiliate,
the financial institution shall report the date the application was
received by the party that initially received the application, the
date the application was received by the financial institution, or
the date shown on the application form. Although a financial
institution need not choose the same approach for its entire small
business lending application register, it should generally be
consistent in its approach by, for example, establishing procedures
for how to report this date within particular scenarios, products,
or divisions.
4. Safe harbor. Pursuant to Sec. 1002.112(c)(1), a financial
institution that reports on its small business lending application
register an application date that is within three business days of
the actual application date pursuant to Sec. 1002.107(a)(2) does
not violate the Act or subpart B of this part. For purposes of this
paragraph, a business day means any day the financial institution is
open for business.
* * * * *
107(a)(5) Credit Type
1. Reporting credit product--in general. A financial institution
complies with Sec. 1002.107(a)(5)(i) by selecting the credit
product applied for or originated, from the list below. If the
credit product applied for or originated is not included on this
list, the financial institution selects ``other,'' and reports the
credit product via free-form text field. If an applicant requested
more than one credit product at the same time, the financial
institution reports each credit product requested as a separate
application. However, if the applicant only requested a single
[[Page 51001]]
covered credit transaction, but had not decided on which particular
product, the financial institution complies with Sec.
1002.107(a)(5)(i) by reporting the credit product originated (if
originated), or the credit product denied (if denied), or the credit
product of greater interest to the applicant, if readily
determinable. If the credit product of greater interest to the
applicant is not readily determinable, the financial institution
complies with Sec. 1002.107(a)(5)(i) by reporting one of the credit
products requested as part of the request for a single covered
credit transaction, in its discretion. See comment 103(a)-5 for
instructions on reporting requests for multiple covered credit
transactions at one time.
i. Term loan--unsecured.
ii. Term loan--secured.
iii. Line of credit--unsecured.
iv. Line of credit--secured.
v. Credit card account, not private-label.
vi. Private-label credit card account.
vii. [Reserved]
viii. [Reserved]
ix. Other.
x. Not provided by applicant and otherwise undetermined.
2. Credit card account, not private-label. A financial
institution complies with Sec. 1002.107(a)(5)(i) by reporting the
credit product as a ``credit card account, not private-label'' when
the product is a business-purpose open-end credit account that is
not private label and that may be accessed from time to time by a
card, plate, or other single credit device to obtain credit, except
that accounts or lines of credit secured by real property and
overdraft lines of credit accessed by debit cards are not credit
card accounts. The term credit card account does not include debit
card accounts or closed-end credit that may be accessed by a card,
plate, or single credit device. The term credit card account does
include charge card accounts that are generally paid in full each
billing period, as well as hybrid prepaid-credit cards. A financial
institution reports multiple credit card account, not private-label
applications requested at one time using the guidance in comment
103(a)-7.
3. Private-label credit card account. A financial institution
complies with Sec. 1002.107(a)(5)(i) by reporting the credit
product as a ``private-label credit card account'' when the product
is a business-purpose open-end private-label credit account that
otherwise meets the description of a credit card account in comment
107(a)(5)-2. A private-label credit card account is a credit card
account that can only be used to acquire goods or services provided
by one business (for example, a specific merchant, retailer,
independent dealer, or manufacturer) or a small group of related
businesses. A co-branded or other card that can also be used for
purchases at unrelated businesses is not a private-label credit
card. A financial institution reports multiple private-label credit
card account applications requested at one time in the same manner
as credit card account, not private-label applications, using the
guidance in comment 103(a)-7.
4. Credit product not provided by the applicant and otherwise
undetermined. Pursuant to Sec. 1002.107(c), a financial institution
is required to maintain procedures reasonably designed to collect
applicant-provided data, which includes credit product. However, if
a financial institution is nonetheless unable to collect or
otherwise determine credit product information because the applicant
does not indicate what credit product it seeks and the application
is denied, withdrawn, or closed for incompleteness before a credit
product is identified, the financial institution reports that the
credit product is ``not provided by applicant and otherwise
undetermined.''
5. Reporting credit product involving counteroffers. If a
financial institution presents a counteroffer for a different credit
product than the product the applicant had initially requested, and
the applicant does not agree to proceed with the counteroffer, the
financial institution reports the application for the original
credit product as denied pursuant to Sec. 1002.107(a)(9). If the
applicant agrees to proceed with consideration of the financial
institution's counteroffer, the financial institution reports the
disposition of the application based on the credit product that was
offered and does not report the original credit product applied for.
See comment 107(a)(9)-2.
6. [Reserved]
7. Guarantees. A financial institution complies with Sec.
1002.107(a)(5)(ii) by selecting the type or types of guarantees that
were obtained for an originated covered credit transaction, or that
would have been obtained if the covered credit transaction was
originated, from the list below. The financial institution selects,
if applicable, up to a maximum of five guarantees for a single
application. If the type of guarantee does not appear on the list,
the financial institution selects ``other'' and reports the type of
guarantee via free-form text field. If no guarantee is obtained or
would have been obtained if the covered credit transaction was
originated, the financial institution selects ``no guarantee.'' If
an application is denied, withdrawn, or closed for incompleteness
before any guarantee has been identified, the financial institution
selects ``no guarantee.'' The financial institution chooses State
government guarantee or local government guarantee, as applicable,
based on the entity directly administering the program, not the
source of funding.
i. Personal guarantee--owner(s).
ii. Personal guarantee--non-owner(s).
iii. SBA guarantee--7(a) program.
iv. SBA guarantee--504 program.
v. SBA guarantee--other.
vi. USDA guarantee.
vii. FHA insurance.
viii. Bureau of Indian Affairs guarantee.
ix. Other Federal guarantee.
x. State government guarantee.
xi. Local government guarantee.
xii. Other.
xiii. No guarantee.
8. Loan term. A financial institution complies with Sec.
1002.107(a)(5)(iii) by reporting the number of months in the loan
term for the covered credit transaction. The loan term is the number
of months after which the legal obligation will mature or terminate,
measured from the date of origination. For transactions involving
real property, the financial institution may instead measure the
loan term from the date of the first payment period and disregard
the time that elapses, if any, between the settlement of the
transaction and the first payment period. For example, if a loan
closes on April 12, but the first payment is not due until June 1
and includes the interest accrued in May (but not April), the
financial institution may choose not to include the month of April
in the loan term. In addition, the financial institution may round
the loan term to the nearest full month or may count only full
months and ignore partial months, as it so chooses. If a credit
product, such as a credit card, does not have a loan term, the
financial institution reports that the loan term is ``not
applicable.'' The financial institution also reports that the loan
term is ``not applicable'' if the credit product is reported as
``not provided by applicant and otherwise undetermined.'' For a
credit product that generally has a loan term, the financial
institution reports ``not provided by applicant and otherwise
undetermined'' if the application is denied, withdrawn, or
determined to be incomplete before a loan term has been identified.
* * * * *
107(a)(18) Minority-Owned and Women-Owned Business Statuses
1. General. A financial institution must ask an applicant
whether it is a minority-owned and/or women-owned business. The
financial institution must permit an applicant to refuse (i.e.,
decline) to answer the financial institution's inquiry regarding
business status and must inform the applicant that the applicant is
not required to provide the information. See the sample data
collection form in appendix E to this part for sample language for
providing this notice to applicants. The financial institution must
report the applicant's substantive response regarding each business
status, that the applicant declined to answer the inquiry (that is,
selected an answer option of ``I do not wish to provide this
information'' or similar), or its failure to respond to the inquiry
(that is, ``not provided by applicant''), as applicable.
2. Definitions. When inquiring about minority-owned and women-
owned business statuses (regardless of whether the request is made
on a paper form, electronically, or orally), the financial
institution also must provide the applicant with definitions of the
terms ``minority-owned business'' and ``women-owned business'' as
set forth in Sec. 1002.102(m) and (s), respectively. The financial
institution satisfies this requirement if it provides the
definitions as set forth in the sample data collection form in
appendix E.
3. Combining questions. A financial institution may combine on
the same paper or electronic data collection form the questions
regarding minority-owned and women-owned business status pursuant to
Sec. 1002.107(a)(18) with principal owners' ethnicity, race, and
sex pursuant to Sec. 1002.107(a)(19) and the applicant's number
[[Page 51002]]
of principal owners pursuant to Sec. 1002.107(a)(20). See the
sample data collection form in appendix E.
4. Notices. When requesting minority-owned and women-owned
business statuses from an applicant, a financial institution must
inform the applicant that the financial institution cannot
discriminate on the basis of the applicant's minority-owned or
women-owned business statuses, or on whether the applicant provides
its minority-owned or women-owned business statuses. A financial
institution must also inform the applicant that Federal law requires
it to ask for an applicant's minority-owned and women-owned business
statuses to help ensure that all small business applicants for
credit are treated fairly, and that communities' small business
credit needs are being fulfilled. A financial institution may
combine these notices regarding minority-owned and women-owned
business statuses with the notices that a financial institution is
required to provide when requesting principal owners' ethnicity,
race, and sex if a financial institution requests information
pursuant to Sec. 1002.107(a)(18) and (19) in the same data
collection form or at the same time. See the sample data collection
form in appendix E for sample language that a financial institution
may use for these notices.
5. Maintaining the record of an applicant's response regarding
minority-owned and women-owned business statuses separate from the
application. A financial institution must maintain the record of an
applicant's responses to the financial institution's inquiry
pursuant to Sec. 1002.107(a)(18) separate from the application and
accompanying information. See Sec. 1002.111(b) and comment 111(b)-
1. If the financial institution provides a paper or electronic data
collection form, the data collection form must not be part of the
application form or any other document that the financial
institution uses to provide or collect any information other than
minority-owned business status, women-owned business status,
principal owners' ethnicity, race, and sex, and the number of the
applicant's principal owners. See the sample data collection form in
appendix E. For example, if the financial institution sends the data
collection form via email, the data collection form should be a
separate attachment to the email or accessed through a separate link
in the email. If the financial institution uses a web-based data
collection form, the form should be on its own page.
6. Minority-owned and/or women-owned business statuses not
provided by applicant. Pursuant to Sec. 1002.107(c), a financial
institution shall maintain procedures reasonably designed to collect
applicant-provided data, which includes the applicant's minority-
owned and women-owned business statuses. However, if a financial
institution does not receive a response to the financial
institution's inquiry pursuant to Sec. 1002.107(a)(18), the
financial institution reports that the applicant's business statuses
were ``not provided by applicant.''
7. Applicant declines to provide information about minority-
owned and/or women-owned business statuses. A financial institution
reports that the applicant responded that it did not wish to provide
the information about an applicant's minority-owned and women-owned
business statuses, if the applicant declines to provide the
information by selecting such a response option on a paper or
electronic form (e.g., by selecting an answer option of ``I do not
wish to provide this information'' or similar). The financial
institution also reports an applicant's refusal to provide such
information in this way, if the applicant orally declines to provide
such information for a covered application taken by telephone or
another medium that does not involve providing any paper or
electronic documents.
8. Conflicting responses provided by applicants. If the
applicant both provides a substantive response to the financial
institution's inquiry regarding business status (that is, indicates
that it is a minority-owned and/or women-owned business, or checks
``none apply'' or similar) and also checks the box indicating ``I do
not wish to provide this information'' or similar, the financial
institution reports the substantive response(s) provided by the
applicant (rather than reporting that the applicant declined to
provide the information).
9. No verification of business statuses. Notwithstanding Sec.
1002.107(b), a financial institution must report the applicant's
substantive response(s), that the applicant declined to answer the
inquiry (that is, selected an answer option of ``I do not wish to
provide this information'' or similar), or the applicant's failure
to respond to the inquiry (that is, that the information was ``not
provided by applicant'') pursuant to Sec. 1002.107(a)(18), even if
the financial institution verifies or otherwise obtains an
applicant's minority-owned and/or women-owned business statuses for
other purposes. For example, if a financial institution uses a paper
data collection form to ask an applicant if it is a minority-owned
business and/or a women-owned business, and the applicant does not
indicate that it is a minority-owned business, the financial
institution must not report that the applicant is a minority-owned
business, even if the applicant indicates that it is a minority-
owned business for other purposes, such as for a special purpose
credit program or a Small Business Administration program.
107(a)(19) Ethnicity, Race, and Sex of Principal Owners
1. General. A financial institution must ask an applicant to
provide its principal owners' ethnicity, race, and sex. The
financial institution must permit an applicant to refuse (i.e.,
decline) to answer the financial institution's inquiry and must
inform the applicant that it is not required to provide the
information. See the sample data collection form in appendix E to
this part for sample language for providing this notice to
applicants. The financial institution must report the applicant's
substantive responses regarding principal owners' ethnicity, race,
and sex, that the applicant declined to answer an inquiry (that is,
selected an answer option of ``I do not wish to provide this
information'' or similar), or its failure to respond to an inquiry
(that is, ``not provided by applicant''), as applicable. The
financial institution must report an applicant's responses about its
principal owners' ethnicity, race, and sex, regardless of whether an
applicant declines or fails to answer an inquiry about the number of
its principal owners under Sec. 1002.107(a)(20). If an applicant
provides some, but not all, of the requested information about the
ethnicity, race, and sex of a principal owner, the financial
institution reports the information that was provided by the
applicant and reports that the applicant declined to provide or did
not provide (as applicable) the remainder of the information. See
comments 107(a)(19)-6 and -7.
2. Definition of principal owner. When requesting a principal
owner's ethnicity, race, and sex, the financial institution must
also provide the applicant with the definition of the term
``principal owner'' as set forth in Sec. 1002.102(o). The financial
institution satisfies this requirement if it provides the definition
of principal owner as set forth in the sample data collection form
in appendix E.
3. Combining questions. A financial institution may combine on
the same paper or electronic data collection form the questions
regarding the principal owners' ethnicity, race and sex pursuant to
Sec. 1002.107(a)(19) with the applicant's number of principal
owners pursuant to Sec. 1002.107(a)(20) and the applicant's
minority-owned and women-owned business statuses pursuant to Sec.
1002.107(a)(18). See the sample data collection form in appendix E.
4. Notices. When requesting a principal owner's ethnicity, race,
and sex from an applicant, a financial institution must inform the
applicant that the financial institution cannot discriminate on the
basis of a principal owner's ethnicity, race, or sex, or on whether
the applicant provides the information. A financial institution must
also inform the applicant that Federal law requires it to ask for
the principal owners' ethnicity, race, and sex to help ensure that
all small business applicants for credit are treated fairly, and
that communities' small business credit needs are being fulfilled. A
financial institution may combine these notices with the similar
notices that a financial institution is required to provide when
requesting minority-owned business status and women-owned business
status, if a financial institution requests information pursuant to
Sec. 102.107(a)(18) and (19) in the same data collection form or at
the same time. See the sample data collection form in appendix E for
sample language that a financial institution may use for these
notices.
5. Maintaining the record of an applicant's responses regarding
principal owners' ethnicity, race, and sex separate from the
application. A financial institution must maintain the record of an
applicant's response to the financial institution's inquiries
pursuant to Sec. 1002.107(a)(19) separate from the application and
accompanying information. See Sec. 1002.111(b) and comment 111(b)-
1. If the financial institution provides a paper or electronic data
collection form, the data collection form must not be part of the
application form or
[[Page 51003]]
any other document that the financial institution uses to provide or
collect any information other than minority-owned business status,
women-owned business status, principal owners' ethnicity, race, and
sex, and the number of the applicant's principal owners. See the
sample data collection form in appendix E for sample language. For
example, if the financial institution sends the data collection form
via email, the data collection form should be a separate attachment
to the email or accessed through a separate link in the email. If
the financial institution uses a web-based data collection form, the
form should be on its own page.
6. Ethnicity, race, or sex of principal owners not provided by
applicant. Pursuant to Sec. 1002.107(c), a financial institution
shall maintain procedures reasonably designed to collect applicant-
provided data, which includes the ethnicity, race, and sex of an
applicant's principal owners. However, if an applicant does not
provide the information, such as in response to a request for a
principal owner's ethnicity, race, or sex on a paper or electronic
data collection form, the financial institution reports the
ethnicity, race, or sex (as applicable) as ``not provided by
applicant'' for that principal owner. For example, if the financial
institution provides a paper data collection form to an applicant
with two principal owners, and asks the applicant to complete and
return the form but the applicant does not do so, the financial
institution reports that the two principal owners' ethnicity, race,
and sex were ``not provided by applicant.'' Similarly, if the
financial institution provides an electronic data collection form,
the applicant indicates that it has two principal owners, the
applicant provides ethnicity, race, and sex for the first principal
owner, and the applicant does not make any selections for the second
principal owner's ethnicity, race, or sex, the financial institution
reports the ethnicity, race, and sex that the applicant provided for
the first principal owner and reports that the ethnicity, race, and
sex for the second principal owner was ``not provided by
applicant.'' Additionally, if the financial institution provides an
electronic or paper data collection form, the applicant indicates
that it has one principal owner, provides the principal owner's
ethnicity and sex information, but does not provide information
about the principal owner's race and also does not select a response
of ``I do not wish to provide this information'' with regard to
race, the financial institution reports the ethnicity and sex
provided by the applicant and reports that the race of the principal
owner was ``not provided by applicant.''
7. Applicant declines to provide information about a principal
owner's ethnicity, race, or sex. A financial institution reports
that the applicant did not wish to provide the information about a
principal owner's ethnicity, race or sex (as applicable), if the
applicant declines to provide the information, such as by selecting
a response option of ``I do not wish to provide this information''
on a paper or electronic form (e.g., by selecting an answer option
of ``I do not wish to provide this information'' or similar). The
financial institution also reports an applicant's refusal to provide
such information in this way, if the applicant orally declines to
provide such information for a covered application taken by
telephone or another medium that does not involve providing any
paper or electronic form or providing a similar response for an
application taken by telephone.
8. Conflicting responses provided by applicant. If the applicant
both provides a substantive response to a request for a principal
owner's ethnicity, race, or sex (that is, identifies a principal
owner's ethnicity, race, or sex) and also checks the box indicating
``I do not wish to provide this information'' or similar, the
financial institution reports the information on ethnicity, race, or
sex that was provided by the applicant (rather than reporting that
the applicant declined provide the information). For example, if an
applicant is completing a paper data collection form and indicates
that a principal owner's sex is female and also indicates on the
form that the applicant does not wish to provide information
regarding that principal owner's sex, the financial institution
reports the principal owner's sex as female. A financial institution
may, but is not required, to prevent conflicting responses from
being entered on an electronic data collection form.
9. No verification of ethnicity, race, and sex of principal
owners. Notwithstanding Sec. 1002.107(b), a financial institution
must report the applicant's substantive responses as to its
principal owners' ethnicity, race, and sex (that is, the applicant's
identification of its principal owners' ethnicity, race, and sex),
that the applicant declined to answer the inquiry (that is, selected
an answer option of ``I do not wish to provide this information'' or
similar), or the applicant's failure to respond to the inquiry (that
is, the information was ``not provided by applicant'') pursuant to
Sec. 1002.107(a)(19), even if the financial institution verifies or
otherwise obtains the ethnicity, race, or sex of the applicant's
principal owners for other purposes.
10. Reporting for fewer than four principal owners. If an
applicant has fewer than four principal owners, the financial
institution reports ethnicity, race, and sex information for the
number of principal owners that the applicant has and reports the
ethnicity, race, and sex fields for additional principal owners as
``not applicable.'' For example, if an applicant has only one
principal owner, the financial institution reports ethnicity, race,
and sex information for the first principal owner and reports as
``not applicable'' the ethnicity, race, and sex data fields for
principal owners two through four.
11. Previously collected ethnicity, race, and sex information.
If a financial institution reports one or more principal owners'
ethnicity, race, or sex information based on previously collected
data under Sec. 1002.107(d), the financial institution does not
need to collect any additional ethnicity, race, or sex information
for other principal owners (if any). See also comment 107(d)-9.
12. Guarantors. A financial institution does not collect or
report a guarantor's ethnicity, race, or sex unless the guarantor is
also a principal owner of the applicant, as defined in Sec.
1002.102(o).
13. Ethnicity. i. Aggregate categories. A financial institution
must permit an applicant to provide each principal owner's ethnicity
for purposes of Sec. 1002.107(a)(19) using one or more of the
following aggregate categories:
A. Hispanic or Latino.
B. Not Hispanic or Latino.
ii. Disaggregated subcategories. A financial institution must
permit an applicant to provide each principal owner's ethnicity for
purposes of Sec. 1002.107(a)(19) using one or more of the following
disaggregated subcategories, regardless of whether the applicant has
indicated that the relevant principal owner is Hispanic or Latino
and regardless of whether the applicant selects any aggregate
categories: Cuban; Mexican; Puerto Rican; or Other Hispanic or
Latino. If an applicant indicates that a principal owner is Other
Hispanic or Latino, the financial institution must permit the
applicant to provide additional information regarding the principal
owner's ethnicity, by using free-form text on a paper or electronic
data collection form or using language that informs the applicant of
the opportunity to self-identify when taking the application by
means other than a paper or electronic data collection form, such as
by telephone. The financial institution must permit the applicant to
provide additional information indicating, for example, that the
principal owner is Argentinean, Colombian, Dominican, Nicaraguan,
Salvadoran, or Spaniard. See the sample data collection form in
appendix E for sample language. If an applicant chooses to provide
additional information regarding a principal owner's ethnicity, such
as by indicating that a principal owner is Argentinean orally or in
writing on a paper or electronic form, a financial institution must
report that additional information via free-form text. If the
applicant provides such additional information but does not also
indicate that the principal owner is Other Hispanic or Latino (e.g.,
by selecting Other Hispanic or Latino on a paper or electronic
form), a financial institution is permitted, but not required, to
report Other Hispanic or Latino as well.
iii. Selecting multiple categories. The financial institution
must permit the applicant to select one, both, or none of the
aggregate categories and as many disaggregated subcategories as the
applicant chooses. A financial institution must permit an applicant
to select a disaggregated subcategory even if the applicant does not
select the corresponding aggregate category. For example, an
applicant must be permitted to select the Mexican disaggregated
subcategory for a principal owner without being required to select
the Hispanic or Latino aggregate category. If an applicant provides
ethnicity information for a principal owner, the financial
institution reports all of the aggregate categories and
disaggregated subcategories provided by the applicant. For example,
if an applicant selects both aggregate categories and four
disaggregated subcategories for a principal owner, the financial
institution reports the two aggregate
[[Page 51004]]
categories that the applicant selected and all four of the
disaggregated subcategories that the applicant selected.
Additionally, if an applicant selects only the Mexican disaggregated
subcategory for a principal owner and no aggregate categories, the
financial institution reports Mexican for the ethnicity of the
applicant's principal owner but does not also report Hispanic or
Latino. Further, if the applicant selects an aggregate category
(e.g., Not Hispanic or Latino) and a disaggregated subcategory that
does not correspond to the aggregate category (e.g., Puerto Rican),
the financial institution reports the information as provided by the
applicant (e.g., Not Hispanic or Latino, and Puerto Rican).
14. Race. i. Aggregate categories. A financial institution must
permit an applicant to provide each principal owner's race for
purposes of Sec. 1002.107(a)(19) using one or more of the following
aggregate categories:
A. American Indian or Alaska Native.
B. Asian.
C. Black or African American.
D. Native Hawaiian or Other Pacific Islander.
E. White.
ii. Disaggregated subcategories. The financial institution must
permit an applicant to provide a principal owner's race for purposes
of Sec. 1002.107(a)(19) using one or more of the disaggregated
subcategories as listed in this comment 107(a)(19)-14.ii, regardless
of whether the applicant has selected the corresponding aggregate
category.
A. The Asian aggregate category includes the following
disaggregated subcategories: Asian Indian, Chinese, Filipino,
Japanese, Korean, Vietnamese, and Other Asian. An applicant must
also be permitted to provide the principal owner's race using one or
more of these disaggregated subcategories regardless of whether the
applicant indicates that the principal owner is Asian and regardless
of whether the applicant selects any aggregate categories.
Additionally, if an applicant indicates that a principal owner is
Other Asian, the financial institution must permit the applicant to
provide additional information about the principal owner's race, by
using free-form text on a paper or electronic data collection form
or using language that informs the applicant of the opportunity to
self-identify when taking the application by means other than a
paper or electronic data collection form, such as by telephone. The
financial institution must permit the applicant to provide
additional information indicating, for example, that the principal
owner is Cambodian, Hmong, Laotian, Pakistani, or Thai. See the
sample data collection form in appendix E for sample language.
B. The Black or African American aggregate category includes the
following disaggregated subcategories: African American, Ethiopian,
Haitian, Jamaican, Nigerian, Somali, and Other Black or African
American. An applicant must also be permitted to provide the
principal owner's race using one or more of these disaggregated
subcategories regardless of whether the applicant indicates that the
principal owner is Black or African American and regardless of
whether the applicant selects any aggregate categories.
Additionally, if an applicant indicates that a principal owner is
Other Black or African American, the financial institution must
permit the applicant to provide additional information about the
principal owner's race, by using free-form text on a paper or
electronic data collection form or using language that informs the
applicant of the opportunity to self-identify when taking the
application by means other than a paper or electronic data
collection form, such as by telephone. The financial institution
must permit the applicant to provide additional information
indicating, for example, that the principal owner is Barbadian,
Ghanaian, or South African. See the sample data collection form in
appendix E for sample language.
C. The Native Hawaiian or Other Pacific Islander aggregate
category includes the following disaggregated subcategories:
Guamanian, Chamorro, Native Hawaiian, Samoan, and Other Pacific
Islander. An applicant must also be permitted to provide the
principal owner's race using one or more of these disaggregated
subcategories regardless of whether the applicant indicates that the
principal owner is Native Hawaiian or Other Pacific Islander and
regardless of whether the applicant selects any aggregate
categories. Additionally, if an applicant indicates that a principal
owner is Other Pacific Islander, the financial institution must
permit the applicant to provide additional information about the
principal owner's race, by using free-form text on a paper or
electronic data collection form or using language that informs the
applicant of the opportunity to self-identify when taking the
application by means other than a paper or electronic data
collection form, such as by telephone. The financial institution
must permit the applicant to provide additional information
indicating, for example, that the principal owner is Fijian or
Tongan. See the sample data collection form in appendix E for sample
language.
D. If an applicant chooses to provide additional information
regarding a principal owner's race, such as indicating that a
principal owner is Cambodian, Barbadian, or Fijian orally or in
writing on a paper or electronic form, a financial institution must
report that additional information via free-form text in the
appropriate data reporting field. If the applicant provides such
additional information but does not also indicate that the principal
owner is Other Asian, Other Black or African American, or Other
Pacific Islander, as applicable (e.g., by selecting Other Asian on a
paper or electronic form), a financial institution is permitted, but
not required, to report the corresponding ``Other'' race
disaggregated subcategory (i.e., Other Asian, Other Black or African
American, or Other Pacific Islander).
E. In addition to permitting an applicant to indicate that a
principal owner is American Indian or Alaska Native, a financial
institution must permit an applicant to provide the name of an
enrolled or principal tribe, by using free-form text on a paper or
electronic data collection form or using language that informs the
applicant of the opportunity to self-identify when taking the
application by means other than a paper or electronic data
collection form, such as by telephone. If an applicant chooses to
provide the name of an enrolled or principal tribe, a financial
institution must report that information via free-form text in the
appropriate data reporting field. If the applicant provides the name
of an enrolled or principal tribe but does not also indicate that
the principal owner is American Indian or Alaska Native (e.g., by
selecting American Indian or Alaska Native on a paper or electronic
form), a financial institution is permitted, but not required, to
report American Indian or Alaska Native as well.
iii. Selecting multiple categories. The financial institution
must permit the applicant to select as many aggregate categories and
disaggregated subcategories as the applicant chooses. A financial
institution must permit an applicant to select one or more
disaggregated subcategories even if the applicant does not select an
aggregate category. For example, an applicant must be permitted to
select the Chinese disaggregated subcategory for a principal owner
without being required to select the Asian aggregate category. If an
applicant provides race information for a principal owner, the
financial institution reports all of the aggregate categories and
disaggregated subcategories provided by the applicant. For example,
if an applicant selects two aggregate categories and five
disaggregated subcategories for a principal owner, the financial
institution reports the two aggregate categories that the applicant
selected and the five disaggregated subcategories that the applicant
selected. Additionally, if an applicant selects only the Chinese
disaggregated subcategory for a principal owner, the financial
institution reports Chinese for the race of the principal owner but
does not also report that the principal owner is Asian. Similarly,
if the applicant selects an aggregate category (e.g., Asian) and a
disaggregated subcategory that does not correspond to the aggregate
category (e.g., Native Hawaiian), the financial institution reports
the information as provided by the applicant (e.g., Asian and Native
Hawaiian).
15. Sex. A financial institution must permit an applicant to
provide each principal owner's sex for purposes of Sec.
1002.107(a)(19) using the categories male or female.
16. Ethnicity and race information requested orally. As
described in comments 107(a)(19)-13 and -14, when collecting
principal owners' ethnicity and race pursuant to Sec.
1002.107(a)(19), a financial institution must present the applicant
with the specified aggregate categories and disaggregated
subcategories. When collecting ethnicity and race information
orally, such as by telephone, a financial institution may not
present the applicant with the option to decline to provide the
information without also presenting the applicant with the specified
aggregate categories and disaggregated subcategories.
i. Ethnicity and race categories. Notwithstanding comments
107(a)(19)-13 and -14, a financial institution is not required to
read aloud every disaggregated subcategory when collecting ethnicity
and
[[Page 51005]]
race information orally, such as by telephone. Rather, the financial
institution must orally present the lists of aggregate ethnicity and
race categories, followed by the disaggregated subcategories (if
any) associated with the aggregate categories selected by the
applicant or which the applicant requests to be presented. After the
applicant makes any disaggregated category selections associated
with the aggregate ethnicity or race category, the financial
institution must also ask if the applicant wishes to hear the lists
of disaggregated subcategories for any aggregate categories not
selected by the applicant. The financial institution must record any
aggregate categories selected by the applicant, as well as any
disaggregated subcategories regardless of whether such subcategories
were selected based on the disaggregated subcategories read by the
financial institution or were otherwise provided by the applicant.
ii. More than one principal owner. If an applicant has more than
one principal owner, the financial institution is permitted to ask
about ethnicity and race in a manner that reduces repetition when
collecting ethnicity and race information orally, such as by
telephone. For example, if an applicant has two principal owners,
the financial institution may ask for both principal owners'
ethnicity at the same time, rather than asking about ethnicity,
race, and sex for the first principal owner followed by ethnicity,
race, and sex for the second principal owner.
* * * * *
107(b) Reliance on and Verification of Applicant-Provided Data
1. Reliance on information provided by an applicant or
appropriate third-party sources. A financial institution may rely on
statements made by an applicant (whether made in writing or orally)
or information provided by an applicant when compiling and reporting
data pursuant to subpart B of this part for applicant-provided data;
the financial institution is not required to verify those statements
or that information. However, if the financial institution does
verify applicant statements or information for its own business
purposes, such as statements relating to gross annual revenue or
time in business, the financial institution reports the verified
information. Depending on the circumstances and the financial
institution's procedures, certain applicant-provided data can be
collected from appropriate third-party sources without a specific
request from the applicant, and such information may also be relied
on. For example, gross annual revenue or NAICS code may be collected
from tax return documents; a financial institution may also collect
an applicant's NAICS code using third-party sources such as business
information products. Applicant-provided data are the data that are
or could be provided by the applicant, including Sec.
1002.107(a)(5) through (7), (13) through (15), and (17) through
(20). See comment 107(c)(1)-3. In regard to restrictions on
verification of minority-owned and women-owned business statuses,
and principal owners' ethnicity, race, and sex, see comments
107(a)(18)-9 and 107(a)(19)-9.
107(c) Time and Manner of Collection
107(c)(1) In General
1. Procedures. The term ``procedures'' refers to the actual
practices followed by a financial institution as well as its stated
procedures. For example, if a financial institution's stated
procedure is to collect applicant-provided data on or with a paper
application form, but employees encourage applicants to skip the
page that asks whether the applicant is a minority-owned business or
a women-owned business under Sec. 1002.107(a)(18), the financial
institution's procedures are not reasonably designed to obtain a
response.
2. Latitude to design procedures. A financial institution has
flexibility to establish procedures concerning the timing and manner
in which it collects applicant-provided data that work best for its
particular lending model and product offerings, provided those
procedures are reasonably designed to collect the applicant-provided
data in Sec. 1002.107(a), as required pursuant to Sec.
1002.107(c)(1), and where applicable comply with the minimum
requirements set forth in Sec. 1002.107(c)(2).
3. Applicant-provided data. Applicant-provided data are the data
that are or could be provided by the applicant, including Sec.
1002.107(a)(5) (credit type), Sec. 1002.107(a)(6) (credit purpose),
Sec. 1002.107(a)(7) (amount applied for), Sec. 1002.107(a)(13)
(address or location for purposes of determining census tract),
Sec. 1002.107(a)(14) (gross annual revenue), Sec. 1002.107(a)(15)
(NAICS code, or information about the business such that the
financial institution can determine the applicant's NAICS code),
Sec. 1002.107(a)(17) (time in business), Sec. 1002.107(a)(18)
(minority-owned business status and women-owned business status),
Sec. 1002.107(a)(19) (ethnicity, race, and sex of the applicant's
principal owners), and Sec. 1002.107(a)(20) (number of principal
owners). Applicant-provided data do not include data that are
generated or supplied only by the financial institution, including
Sec. 1002.107(a)(1) (unique identifier), Sec. 1002.107(a)(2)
(application date), Sec. 1002.107(a)(8) (amount approved or
originated), Sec. 1002.107(a)(9) (action taken), Sec.
1002.107(a)(10) (action taken date), and Sec. 1002.107(a)(13)
(census tract, based on address or location provided by the
applicant).
4. Collecting applicant-provided data without a direct request
to the applicant. Depending on the circumstances and the financial
institution's procedures, certain applicant-provided data can be
collected without a direct request to the applicant. For example,
credit type may be collected based on the type of product chosen by
the applicant. Similarly, a financial institution may rely on
appropriate third-party sources to collect certain applicant-
provided data. See Sec. 1002.107(b) concerning the use of third-
party sources.
5. Data updated by the applicant. A financial institution
reports updated data if it obtains more current data from the
applicant during the application process. For example, if an
applicant states its gross annual revenue for the preceding fiscal
year was $900,000, but then the applicant notifies the financial
institution that its revenue in the preceding fiscal year was
actually $950,000, the financial institution reports gross annual
revenue of $950,000. For reporting verified applicant-provided data,
see Sec. 1002.107(b) and comment 107(b)-1. If a financial
institution has already verified data and then the applicant updates
it, the financial institution reports the information it believes to
be more accurate, in its discretion. If a financial institution
receives updates from the applicant after the application process
has closed (for example, after closing or account opening), the
financial institution may, at its discretion, update the data at any
time prior to reporting the covered application to the Bureau.
107(c)(2) Applicant-Provided Data Collected Directly From the Applicant
1. In general. Whether a financial institution's procedures are
reasonably designed to collect applicant-provided data is a fact-
based determination and may depend on the financial institution's
particular lending model, product offerings, and other
circumstances; procedures that are reasonably designed to obtain a
response may therefore require additional provisions beyond the
minimum criteria set forth in Sec. 1002.107(c)(2). In general,
reasonably designed procedures will make applicant-provided data
available for collection. While the requirements of Sec.
1002.107(c)(2) do not apply to applicant-provided data that a
financial institution obtains without a direct request to the
applicant, as explained in comment 107(c)(1)-4, in such instances, a
covered financial institution must still comply with Sec.
1002.107(c)(1).
2. Specific components. i. Timing of initial collection attempt.
While a financial institution has some flexibility concerning when
applicant-provided data is are collected, it should attempt to make
the initial request for applicant-provided data before notifying an
applicant of final action taken on a covered application. Generally,
the earlier in the application process the financial institution
initially seeks to collect applicant-provided data, the more likely
the timing of collection is reasonably designed to obtain a
response.
ii. The request for applicant-provided data is prominently
displayed or presented. Pursuant to Sec. 1002.107(c)(2)(ii), a
financial institution must make a reasonable attempt to ensure an
applicant actually sees, hears, or is otherwise presented with the
request for applicant-provided data. A financial institution also
does not have reasonably designed procedures if it obscures,
prevents, or inhibits an applicant from accessing or reviewing a
request for applicant-provided data.
iii. [Reserved]
iv. The applicant can easily provide a response. Pursuant to
Sec. 1002.107(c)(2)(iv), a financial institution must structure the
request for information in a manner that makes it easy for the
applicant to provide a response. For example, a financial
institution requests applicant-provided data in the same format as
other information required for the covered application, provides
applicants multiple methods to provide or return applicant-provided
data (for example, on a
[[Page 51006]]
written form, through a web portal, or through other means), or
provides the applicant some other type of straightforward and
seamless method to provide a response. Conversely, a financial
institution must avoid imposing unnecessary burden on an applicant
to provide the information requested or requiring the applicant to
take steps that are inconsistent with the rest of its application
process. For example, a financial institution does not have
reasonably designed procedures if it collects application
information related to its own creditworthiness determination in
electronic form, but mails a paper form to the applicant initially
seeking the data required under Sec. 1002.107(a) that the financial
institution does not otherwise need for its creditworthiness
determination and requiring the applicant to mail it back. On the
other hand, a financial institution complies with Sec.
1002.107(c)(2)(iv) if, at its discretion, it requests the applicant
to respond to inquiries made pursuant to Sec. 1002.107(a)(18) and
(19) through a reasonable method intended to keep the applicant's
responses discrete and protected from view.
v. Multiple requests for applicant-provided data. A financial
institution is permitted, but not required, to make more than one
attempt to obtain applicant-provided data if the applicant does not
respond to an initial request. For example, if an applicant
initially does not respond when asked early in the application
process (before notifying the applicant of final action taken on the
application, pursuant to Sec. 1002.107(c)(2)(i)) to inquiries made
pursuant to Sec. 1002.107(a)(18) and (19), a financial institution
may request this information again, for example, during a subsequent
in-person meeting with the applicant or after notifying the
applicant of final action taken on the covered application. However,
making multiple inquiries for applicant-provided data does not
evidence the existence of reasonably designed procedures.
107(d) Previously Collected Data
1. In general. A financial institution may, for the purpose of
reporting such data pursuant to Sec. 1002.109, reuse certain
previously collected data if the requirements of Sec. 1002.107(d)
are met. In that circumstance, a financial institution need not seek
to collect the data anew in connection with a subsequent covered
application to satisfy the requirements of this subpart. For
example, if an applicant applies for and is granted a term loan, and
then subsequently applies for a credit card in the same calendar
year, the financial institution need not request again the data
specified in Sec. 1002.107(d). Similarly, if an applicant applies
for more than one covered credit transaction at one time, a
financial institution need only ask once for the data specified in
Sec. 1002.107(d).
2. Data that can be reused. Subject to the requirements of Sec.
1002.107(d), a financial institution may reuse the following data:
Sec. 1002.107(a)(13) (address or location for purposes of
determining census tract), Sec. 1002.107(a)(14) (gross annual
revenue) (subject to comment 107(d)-7), Sec. 1002.107(a)(15) (NAICS
code), Sec. 1002.107(a)(17) (time in business) (subject to comment
107(d)-8), Sec. 1002.107(a)(18) (minority-owned business status and
women-owned business status) (subject to comment 107(d)-9), Sec.
1002.107(a)(19) (ethnicity, race, and sex of applicant's principal
owners) (subject to comment 107(d)-9), and Sec. 1002.107(a)(20)
(number of principal owners). A financial institution is not,
however, permitted to reuse other data, such as Sec. 1002.107(a)(6)
(credit purpose).
3. Previously reported data without a substantive response. Data
have not been ``previously collected'' within the meaning of Sec.
1002.107(d) if the applicant did not provide a substantive response
to the financial institution's request for that data and the
financial institution was not otherwise able to obtain the requested
data (for example, from the applicant's credit report, or tax
returns).
4. Updated data. If, after the application process has closed on
a prior covered application, a financial institution obtains updated
information relevant to the data required to be collected and
reported pursuant to Sec. 1002.107(a)(13) through (15) and (17)
through (20), and the applicant subsequently submits a new covered
application, the financial institution must use the updated
information in connection with the new covered application (if the
requirements of Sec. 1002.107(d) are otherwise met) or seek to
collect the data again. For example, if a business notifies a
financial institution of a change of address of its sole business
location, and subsequently submits a covered application within the
time period specified in Sec. 1002.107(d)(1) for reusing previously
collected data, the financial institution must report census tract
based on the updated information. In that circumstance, the
financial institution may still reuse other previously collected
data to satisfy Sec. 1002.107(a)(14), (15), and (17) through (20)
if the requirements of Sec. 1002.107(d) are met.
5. Collection within the preceding 36 months. Pursuant to Sec.
1002.107(d)(1), data can be reused to satisfy Sec. 1002.107(a)(13),
(15), and (17) through (20) if they are collected within the
preceding 36 months. A financial institution may measure the 36-
month period from the date of final action taken (Sec.
1002.107(a)(9)) on a prior application to the application date
(Sec. 1002.107(a)(2)) on a subsequent application. For example, if
a financial institution takes final action on an application on
February 1, 2027, it may reuse certain previously collected data
pursuant to Sec. 1002.107(d)(1) for subsequent covered applications
dated or received by the financial institution through January 31,
2030.
6. Reason to believe data are inaccurate. Whether a financial
institution has reason to believe data are inaccurate pursuant to
Sec. 1002.107(d)(2) depends on the particular facts and
circumstances. For example, a financial institution may have reason
to believe data on the applicant's minority-owned business status
and women-owned business status may be inaccurate if it knows that
the applicant has had a change in ownership or a change in an
owner's percentage of ownership.
7. Collection of gross annual revenue in the same calendar year.
Pursuant to Sec. 1002.107(d)(1), gross annual revenue information
can be reused to satisfy Sec. 1002.107(a)(14) provided it is
collected in the same calendar year as the current covered
application, as measured from the application date. For example, if
an application is received and gross annual revenue is collected in
connection with a covered application in one calendar year, but then
final action was taken on the application in the following calendar
year, the data may only be reused for the calendar year in which it
was collected and not the calendar year in which final action was
taken on the application. However, if an application is received and
gross annual revenue is collected in connection with a covered
application in one calendar year, a financial institution may reuse
that data pursuant to Sec. 1002.107(d) in a subsequent application
initiated in the same calendar year, even if final action was taken
on the subsequent application in the following calendar year.
8. Time in business. A financial institution that decides to
reuse previously collected data to satisfy Sec. 1002.107(a)(17)
(time in business) must update the data to reflect the passage of
time since the data were collected. If a financial institution only
knows that the applicant had been in business less than two years at
the time the data was initially collected, as described in comment
107(a)(17)-1.ii or iii, it updates the data based on the assumption
that the applicant had been in business for 12 months at the time of
the prior collection. For example:
i. If a financial institution previously collected data on a
prior covered application that the applicant has been in business
for four years, and then seeks to reuse that data for a subsequent
covered application submitted one year later, it must update the
data to reflect that the applicant has been in business for five
years.
ii. If a financial institution previously collected data on a
prior covered application that the applicant had been in business
less than two years (and was not aware of the business's actual
length of time in business at the time), and then seeks to reuse
that data for a subsequent covered application submitted 18 months
later, the financial institution reports time in business on the
subsequent covered application as over two years in business.
9. Minority-owned business status, women-owned business status,
and principal owners' ethnicity, race, and sex. A financial
institution may not reuse data to satisfy Sec. 1002.107(a)(18) and
(19) unless the data were collected in connection with a prior
covered application pursuant to this subpart B. If the financial
institution previously asked the applicant to provide its minority-
owned business status and women-owned business status, and principal
owners' ethnicity, race, and sex for purposes of Sec.
1002.107(a)(18) and (19), and the applicant declined to provide the
information (such as by selecting ``I do not wish to provide this
information'' or similar on a data collection form or by telling the
financial institution that it did not wish to provide the
information), the financial institution may use that response when
reporting data for a
[[Page 51007]]
subsequent application pursuant to Sec. 1002.107(d). However, if
the applicant failed to respond (such as by leaving the response to
the question blank or by failing to return a data collection form),
the financial institution must inquire about the applicant's
minority-owned business status, women-owned business status, and
principal owners' ethnicity, race, or sex, as applicable, in
connection with a subsequent application because the data were not
previously obtained. See also comment 107(a)(19)-11 concerning
previously collected ethnicity, race, and sex information.
Section 1002.108--Firewall
* * * * *
108(b) Prohibition on Access to Certain Information
1. Scope of persons subject to the prohibition. The prohibition
in Sec. 1002.108(b) applies to an employee or officer of a covered
financial institution or its affiliate if the employee or officer is
involved in making any determination concerning a covered
application from a small business. For example, if a financial
institution is affiliated with company B and an employee of company
B is involved in making a determination concerning a covered
application on behalf of the financial institution, then the
financial institution must comply with Sec. 1002.108 with regard to
company B's employee. Section 1002.108 does not require a financial
institution to limit the access of employees and officers of third
parties who are not affiliates of the financial institution.
2. Scope of information that cannot be accessed when the
prohibition applies to an employee or officer. i. Information that
cannot be accessed when the prohibition applies. If a particular
employee or officer is involved in making a determination concerning
a covered application from a small business, the prohibition in
Sec. 1002.108(b) only limits that employee's or officer's access to
that small business applicant's responses to the inquiries that the
covered financial institution makes to satisfy Sec. 1002.107(a)(18)
and (19). For example, if a financial institution uses a paper data
collection form to request information pursuant to Sec.
1002.107(a)(18) and (19), an employee or officer that is subject to
the prohibition is not permitted access to the paper data collection
form that contains the applicant's responses to the inquiries made
pursuant to pursuant to Sec. 1002.107(a)(18) and (19), or to any
other record that identifies how the particular applicant responded
to those inquires. Similarly, if a financial institution makes the
inquiries required pursuant to Sec. 1002.107(a)(18) and (19) during
a telephone call, the prohibition applies to the applicant's
responses to those inquiries provided during that telephone call and
to any record that identifies how the particular applicant responded
to those inquiries.
ii. Information that can be accessed when the prohibition
applies. If a particular employee or officer is involved in making a
determination concerning a covered application, the prohibition in
Sec. 1002.108(b) does not limit that employee's or officer's access
to an applicant's responses to inquiries regarding whether the
applicant is a minority-owned or women-owned business, or principal
owners' ethnicity, race, or sex, made for purposes other than
compliance with Sec. 1002.107(a)(18) or (19). Thus, for example, an
employee or officer who is subject to the prohibition in Sec.
1002.108(b) may have access to information regarding whether an
applicant is eligible for a Small Business Administration program
for women-owned businesses without regard to whether the exception
in Sec. 1002.108(c) is satisfied. Additionally, an employee or
officer who knows that an applicant is a minority-owned business or
a women-owned business, or who knows the ethnicity, race, or sex of
any of the applicant's principal owners due to activities unrelated
to the inquiries made to satisfy the financial institution's
obligations under Sec. 1002.107(a)(18) and (19) is not prohibited
from making a determination concerning the applicant's covered
application. Thus, an employee or officer who knows, for example,
that an applicant is a minority-owned business due to a social
relationship or another professional relationship with the applicant
or any of its principal owners may make determinations concerning
the applicant's covered application. Furthermore, an employee or
officer that is involved in making a determination concerning a
covered application may see, consider, refer to, or use data
collected to satisfy aspects of Sec. 1002.107 other than Sec.
1002.107(a)(18) or (19), such as gross annual revenue and time in
business.
* * * * *
108(d) Notice
1. General. If a financial institution determines that one or
more employees or officers should have access pursuant to Sec.
1002.108(c), the financial institution must provide the required
notice to, at a minimum, the applicant or applicants whose responses
will be accessed by an employee or officer involved in making
determinations concerning the applicant's or applicants' covered
applications. Alternatively, a financial institution may also
provide the required notice to applicants whose responses will not
or might not be accessed. For example, a financial institution could
provide the notice to all applicants for covered credit transactions
or all applicants for a specific type of product.
2. Content of the required notice. The notice must inform the
applicant that one or more employees and officers involved in making
determinations concerning the applicant's covered application may
have access to the applicant's responses regarding the applicant's
minority-owned business status and women-owned business status, and
its principal owners' ethnicity, race, and sex. See the sample data
collection form in appendix E to this part for sample language for
providing this notice to applicants. If a financial institution
establishes and maintains a firewall and chooses to use the sample
data collection form, the financial institution can delete this
sample language from the form.
3. Timing for providing the notice. If the financial institution
is providing the notice orally, it must provide the notice required
by Sec. 1002.108(d) prior to asking the applicant if it is a
minority-owned business or women-owned business and prior to asking
for a principal owner's ethnicity, race, or sex. If the notice is
provided on the same paper or electronic data collection form as the
inquiries about minority-owned business status, women-owned business
status, and the principal owners' ethnicity, race, or sex, the
notice must appear before the inquiries. If the notice is provided
in an electronic or paper document that is separate from the data
collection form, the notice must be provided at the same time as the
data collection form or prior to providing the data collection form.
Additionally, the notice must be provided with the non-
discrimination notices required pursuant to Sec. 1002.107(a)(18)
and (19). See appendix E for sample language.
Section 1002.109--Reporting of Data to the Bureau
* * * * *
109(a)(3) Reporting Obligations Where Multiple Financial Institutions
Are Involved in a Covered Credit Transaction
1. General. The following clarifies how to report applications
involving more than one financial institution. The discussion below
assumes that all parties involved with the covered credit
transaction are covered financial institutions. However, the same
principles apply if any party is not a covered financial
institution.
i. A financial institution shall report the action that it takes
on a covered application, whether or not the covered credit
transaction closed in the financial institution's name and even if
the financial institution used underwriting criteria supplied by
another financial institution. However, where it is necessary for
more than one financial institution to make a credit decision in
order to approve a single covered credit transaction, only the last
financial institution with authority to set the material terms of
the covered credit transaction is required to report. Setting the
material terms of the covered credit transaction include, for
example, selecting among competing offers, or modifying pricing
information, amount approved or originated, or repayment duration.
In this situation, the determinative factor is not which financial
institution actually made the last credit decision prior to closing,
but rather which financial institution last had the authority for
setting the material terms of the covered credit transaction prior
to closing. Whether a financial institution has taken action for
purposes of Sec. 1002.109(a)(3) and comment 109(a)(3)-1 is not
relevant to, and is not intended to repeal, abrogate, annul, impair,
or interfere with, section 701(d) (15 U.S.C. 1691(d)) of the Act,
Sec. 1002.9, or any other provision within subpart A of this
Regulation.
ii. A financial institution takes action on a covered
application for purposes of Sec. 1002.109(a)(3) if it denies the
application, originates the application, approves the application
but the applicant did not accept the transaction, or closes the file
or denies for incompleteness. The financial institution
[[Page 51008]]
must also report the application if it was withdrawn. For reporting
purposes, it is not relevant whether the financial institution
receives the application directly from the applicant or indirectly
through another party, such as a broker, or (except as otherwise
provided in comment 109(a)(3)-1.i) whether another financial
institution also reviews and reports an action taken on a covered
application involving the same credit transaction.
iii. Where it is necessary for more than one financial
institution to make a credit decision in order to approve a single
covered credit transaction and where more than one financial
institution denies the application or otherwise does not approve the
application, the reporting financial institution (the last financial
institution with authority to set the material terms of the covered
credit transaction) shall have a consistent procedure for
determining how it reports inconsistent or differing data points for
purposes of subpart B. For example, Financial Institution A is the
reporting entity because it has the last authority to set the
material credit terms. Financial Institution A sends the application
to Financial Institution B and Financial Institution C for review,
but both Financial Institution B and Financial Institution C deny
the application. Based on these denials, Financial Institution A
follows suit and denies the application.
2. Examples. The following scenarios illustrate how a financial
institution reports a particular covered application. The
illustrations assume that all parties involved with the covered
credit transaction are covered financial institutions. However, the
same principles apply if any party is not a covered financial
institution. Examples i through iv involve a single financial
institution with responsibility for making a credit decision without
the involvement of an intermediary. Example v describes a financial
institution intermediary with only passive involvement in the
covered credit transaction. Example vi describes a transaction where
multiple financial institutions independently decision and take
action on a covered application. Examples vii and viii describe
situations where more than one financial institution must make a
credit decision in order to approve the covered credit transaction.
Examples ix and x describe situations involving pooled and
participation interests.
i. Financial Institution A received a covered application from
an applicant and approved the application before closing the covered
credit transaction in its name. Financial Institution A was not
acting as Financial Institution B's agent. Financial Institution B
later purchased the covered credit transaction from Financial
Institution A. Financial Institution A was not acting as Financial
Institution B's agent. Financial Institution A reports the
application. Financial Institution B has no reporting obligation for
this transaction.
ii. Financial Institution A received a covered application from
an applicant. If approved, the covered credit transaction would have
closed in Financial Institution B's name. Financial Institution A
denied the application without sending it to Financial Institution B
for approval. Financial Institution A was not acting as Financial
Institution B's agent. Since Financial Institution A took action on
the application, Financial Institution A reports the application as
denied. Financial Institution B does not report the application.
iii. Financial Institution A reviewed a covered application and
made a credit decision to approve it using the underwriting criteria
provided by a Financial Institution B. Financial Institution B did
not review the application and did not make a credit decision prior
to closing. Financial Institution A was not acting as Financial
Institution B's agent. Financial Institution A reports the
application. Financial Institution B has no reporting obligation for
this application.
iv. Financial Institution A reviewed and made the credit
decision on a covered application based on the criteria of a third-
party insurer or guarantor (for example, a government or private
insurer or guarantor). Financial Institution A reports the action
taken on the application.
v. Financial Institution A received a covered application from
an applicant and forwarded that application to Financial Institution
B. Financial Institution B reviewed the application and made a
credit decision approving the application prior to closing. The
covered credit transaction closed in Financial Institution A's name.
Financial Institution B purchased the covered credit transaction
from Financial Institution A after closing. Financial Institution B
was not acting as Financial Institution A's agent. Since Financial
Institution B made the credit decision prior to closing, and
Financial Institution A's approval was not necessary for the credit
transaction, Financial Institution B reports the origination.
Financial Institution A does not report the application. Assume the
same facts, except that Financial Institution B reviewed the
application before the covered credit transaction would have closed,
but Financial Institution B denied the application. Financial
Institution B reports the application as denied. Financial
Institution A does not report the application because it did not
take an action on the application. If, under the same facts, the
application was withdrawn before Financial Institution B made a
credit decision, Financial Institution B would report the
application as withdrawn and Financial Institution A would not
report the application for the same reason.
vi. Financial Institution A received a covered application and
forwarded it to Financial Institutions B and C. Financial
Institution A made a credit decision, acting as Financial
Institution D's agent, and approved the application. Financial
Institutions B and C are not working together with Financial
Institutions A or D, or with each other, and are solely responsible
for setting the terms of their own credit transactions. Financial
Institution B made a credit decision approving the application, and
Financial Institution C made a credit decision denying the
application. The applicant did not accept the covered credit
transaction from Financial Institution D. Financial Institution D
reports the application as approved but not accepted. Financial
Institution A does not report the application, because it was acting
as Financial Institution D's agent. The applicant accepted the offer
of credit from Financial Institution B, and credit was extended.
Financial Institution B reports the application as originated.
Financial Institution C reports the application as denied.
vii. Financial Institution A received a covered application and
made a credit decision to approve it using the underwriting criteria
provided by Financial Institution B. Financial Institution A was not
acting as Financial Institution B's agent. Financial Institution A
forwarded the application to Financial Institution B. Financial
Institution B reviewed the application and made a credit decision
approving the application prior to closing. Financial Institution A
makes a credit decision on the application and modifies the credit
terms (the interest rate and repayment term) offered by Financial
Institution B. The covered credit transaction reflecting the
modified terms closes in Financial Institution A's name. Financial
Institution B purchases the covered credit transaction from
Financial Institution A after closing. As the last financial
institution with the authority for setting the material terms of the
covered credit transaction, Financial Institution A reports the
application as originated. Financial Institution B does not report
the origination because it was not the last financial institution
with the authority to set the material terms on the application. If,
under the same facts, Financial Institution A did not modify the
credit terms offered by Financial Institution B, Financial
Institution A still reports the application as originated because it
was still the last financial institution with the authority for
setting the material terms, even if it chose not to so do in a
particular instance. Financial Institution B does not report the
origination.
viii. Financial Institution A received a covered application and
forwarded it to Financial Institutions B, C, and D. Financial
Institution A was not acting as anyone's agent. Financial
Institution B and C reviewed the application and made a credit
decision approving the application and Financial Institution D
reviewed the application and made a credit decision denying the
application. Prior to closing, Financial Institution A makes a
credit decision on the application by deciding to offer to the
applicant the credit terms offered by Financial Institution B and
does not convey to the applicant the credit terms offered by
Financial Institution C. The applicant does not accept the covered
credit transaction. As the last financial institution with the
authority for setting the material terms of the covered credit
transaction, Financial Institution A reports the application as
approved but not accepted. Financial Institutions B, C, and D do not
report the application because they were not the last financial
institution with the authority for setting the material terms of the
covered credit transaction. Assume the same facts, except the
applicant accepts the terms of the covered credit transaction from
Financial
[[Page 51009]]
Institution B as offered by Financial Institution A. The covered
credit transaction closes in Financial Institution A's name.
Financial Institution B purchases the transaction after closing.
Here, Financial Institution A reports the application as originated.
Financial Institutions B, C, and D do not report the application
because they were not the last financial institution responsible for
setting the material terms of the covered credit transaction.
ix. Financial Institution A receives a covered application and
approves it, and then Financial Institution A elects to organize a
loan participation agreement where Financial Institutions B and C
agree to purchase a partial interest in the covered credit
transaction. Financial Institution A reports the application.
Financial Institutions B and C have no reporting obligation for this
application.
x. Financial Institution A purchases an interest in a pool of
covered credit transactions, such as credit-backed securities or
real estate investment conduits. Financial Institution A does not
report this purchase.
3. Agents. If a covered financial institution takes action on a
covered application through its agent, the financial institution
reports the application. For example, acting as Financial
Institution A's agent, Financial Institution B approved an
application prior to closing and a covered credit transaction was
originated. Financial Institution A reports the covered credit
transaction as an origination. State law determines whether one
party is the agent of another.
109(b) Financial Institution Identifying Information
1. Changes to financial institution identifying information. If
a financial institution's information required pursuant to Sec.
1002.109(b) changes, the financial institution shall provide the new
information with the data submission for the collection year of the
change. For example, assume two financial institutions that
previously reported data under subpart B of this part merge and the
surviving institution retained its Legal Entity Identifier but
obtained a new TIN in February 2029. The surviving institution must
report the new TIN with its data submission for its 2029 data (which
is due by June 1, 2030) pursuant to Sec. 1002.109(b)(5). Likewise,
if that financial institution's Federal prudential regulator changes
in February 2029 as a result of the merger, it must identify its new
Federal prudential regulator in its annual submission for its 2029
data.
* * * * *
Paragraph 109(b)(9)
1. Type of financial institution. A financial institution
complies with Sec. 1002.109(b)(9) by selecting the applicable type
or types of financial institution from the list below. A financial
institution shall select all applicable types.
i. Bank or savings association.
ii. Minority depository institution.
iii. Credit union.
iv. Nondepository institution.
v. Community development financial institution (CDFI).
vi. Other nonprofit financial institution.
vii. [Reserved]
viii. Government lender.
ix. Commercial finance company.
x. Equipment finance company.
xi. Industrial loan company.
xii. Online lender.
xiii. Other.
2. Use of ``other'' for type of financial institution. A
financial institution reports type of financial institution as
``other'' where none of the enumerated types of financial
institution appropriately describe the applicable type of financial
institution, and the institution reports the type of financial
institution via free-form text field. A financial institution that
selects at least one type from the list is permitted, but not
required, to also report ``other'' (with appropriate free-form text)
if there is an additional aspect of its business that is not one of
the enumerated types set out in comment 109(b)(9)-1.
3. Additional types of financial institution. The Bureau may add
additional types of financial institutions via the Filing
Instructions Guide and related materials. Refer to the Filing
Instructions Guide for any updates for each reporting year.
* * * * *
Section 1002.112--Enforcement
* * * * *
112(c) Safe Harbors
1. Information from a Federal agency--census tract. Section
1002.112(c)(2) provides that an incorrect entry for census tract is
not a violation of the Act or subpart B of this part, if the
financial institution obtained the census tract using a geocoding
tool provided by the FFIEC or the Bureau. However, this safe harbor
provision does not extend to a financial institution's failure to
provide the correct census tract number for a covered application on
its small business lending application register, as required by
Sec. 1002.107(a)(13), because the FFIEC or Bureau geocoding tool
did not return a census tract for the address provided by the
financial institution. In addition, this safe harbor provision does
not extend to a census tract error that results from a financial
institution entering an inaccurate address into the FFIEC or Bureau
geocoding tool.
2. Applicability of NAICS code safe harbor. The safe harbor in
Sec. 1002.112(c)(3) applies to an incorrect entry for the 3-digit
NAICS code that financial institutions must collect and report
pursuant to Sec. 1002.107(a)(15), provided certain conditions are
met. For purposes of Sec. 1002.112(c)(3)(i), a financial
institution is permitted to rely on statements made by the
applicant, information provided by the applicant, or on other
information obtained through its use of appropriate third-party
sources, including business information products. See also comments
107(a)(15)-4 and 107(b)-1.
3. Incorrect determination of small business status, covered
credit transaction, or covered application--examples. Section
1002.112(c)(4) provides a safe harbor from violations of the Act or
this regulation for a financial institution that initially collects
data under Sec. 1002.107(a)(18) and (19) regarding whether an
applicant for a covered credit transaction is a minority-owned or
women-owned business, and the ethnicity, race, and sex of the
applicant's principal owners, but later concludes that it should not
have collected this data, if certain conditions are met.
Specifically, to qualify for this safe harbor, Sec. 1002.112(c)(4)
requires that the financial institution have had a reasonable basis
at the time it collected data under Sec. 1002.107(a)(18) and (19)
for believing that the application was a covered application for a
covered credit transaction from a small business pursuant to
Sec. Sec. 1002.103, 1002.104, and 1002.106, respectively. For
example, Financial Institution A collected data under Sec.
1002.107(a)(18) and (19) from an applicant for a covered credit
transaction that had self-reported its gross annual revenue as
$900,000. Sometime after Financial Institution A had collected this
data from the applicant, the financial institution reviewed the
applicant's tax returns, which indicated the applicant's gross
annual revenue was in fact $1.1 million. Financial Institution A is
permitted to rely on representations made by the applicant regarding
gross annual revenue in determining whether an applicant is a small
business (see Sec. 1002.107(b) and comments 106(b)(1)-3 and
107(a)(14)-1). Thus, Financial Institution A may have had a
reasonable basis to believe, at the time it collected data under
Sec. 1002.107(a)(18) and (19), that the applicant was a small
business pursuant to Sec. 1002.106, in which case Financial
Institution A's collection of such data would not violate the Act or
this regulation.
Section 1002.114--Effective Date, Compliance Date, and Special
Transition Rules
114(b) Compliance Date
1. Application of compliance date. The compliance date in Sec.
1002.114(b) is the date by which the covered financial institution
must begin to compile data as specified in Sec. 1002.107, comply
with the firewall requirements of Sec. 1002.108, and begin to
maintain records as specified in Sec. 1002.111. In addition, the
covered financial institution must comply with Sec. 1002.110(c) and
(d) no later than June 1 of the year after the compliance date.
2. [Reserved]
3. [Reserved]
4. Examples. The following scenarios illustrate how to determine
whether a financial institution is a covered financial institution
subject to the initial compliance date specified in Sec.
1002.114(b)(1).
i. Financial Institution A originated 3,000 covered credit
transactions for small businesses in calendar year 2026, and 3,000
in calendar year 2027. Financial Institution A has a compliance date
of January 1, 2028.
ii. [Reserved]
iii. [Reserved]
iv. Financial Institution D originated 990 covered credit
transactions to small businesses in calendar year 2026, 1,020 in
calendar year 2027, and 990 in calendar years 2028 and 2029. Because
Financial Institution D did not originate at least 1,000 covered
credit transactions for small businesses in each of 2026 and 2027,
it is not subject to the initial compliance date set forth in
[[Page 51010]]
Sec. 1002.114(b)(1). Because Financial Institution D did not
originate at least 1,000 covered credit transactions for small
businesses in subsequent consecutive calendar years, it is not a
covered financial institution under Sec. 1002.105(b) and is not
required to comply with the rule in 2029 or 2030.
v. [Reserved]
vi. Financial Institution F originated 990 covered credit
transactions for small businesses in calendar year 2026, and 1,020
in 2027, 2028, and 2029. Because Financial Institution F did not
originate at least 1,000 covered credit transactions for small
businesses in each of 2026 and 2027, it is not subject to the
initial compliance date set forth in Sec. 1002.114(b)(1). Because
Financial Institution F originated at least 1,000 covered credit
transactions for small businesses in subsequent calendar years,
Sec. 1002.114(b)(4), which cross-references Sec. 1002.105(b),
applies to Financial Institution F. Because Financial Institution F
originated at least 1,000 covered credit transactions for small
businesses in each of 2027 and 2028, it is a covered financial
institution under Sec. 1002.105(b) and is required to comply with
the rule beginning January 1, 2029.
vii. [Reserved]
viii. [Reserved]
114(c) Special Transition Rules
1. Collection of certain information prior to a financial
institution's compliance date. Notwithstanding Sec.
1002.5(a)(4)(ix), a financial institution that chooses to collect
information on covered applications as permitted by Sec.
1002.114(c)(1) in the 12 months prior to the initial compliance date
as specified in Sec. 1002.114(b)(1) need comply only with the
requirements set out in Sec. Sec. 1002.107(a)(18) and (19),
1002.108, and 1002.111(b) and (c) with respect to the information
collected. During this 12-month period, a covered financial
institution need not comply with the provisions of Sec. 1002.107
(other than Sec. Sec. 1002.107(a)(18) and (19)), Sec. 1002.109,
Sec. 1002.110, Sec. 1002.111(a), or Sec. 1002.114.
2. Transition rule for applications received prior to a
compliance date but final action is taken after a compliance date.
If a covered financial institution receives a covered application
from a small business prior to the initial compliance date specified
in Sec. 1002.114(b)(1), but takes final action on or after that
date, the financial institution is not required to collect data
regarding that application pursuant to Sec. 1002.107 nor to report
the application pursuant to Sec. 1002.109. For example, if a
financial institution receives an application on December 27, 2027,
but does not take final action on the application until January 25,
2028, the financial institution is not required to collect data
pursuant to Sec. 1002.107 nor to report data to the Bureau pursuant
to Sec. 1002.109 regarding that application.
3. Has readily accessible the information needed to determine
small business status. A financial institution has readily
accessible the information needed to determine whether its
originations of covered credit transactions were for small
businesses as defined in Sec. 1002.106 if, for instance, it in the
ordinary course of business collects data on the precise gross
annual revenue of the businesses for which it originates loans, it
obtains information sufficient to determine whether an applicant for
business credit had gross annual revenues of $1 million or less, or
if it collects and reports similar data to Federal or State
government agencies pursuant to other laws or regulations.
4. Does not have readily accessible the information needed to
determine small business status. A financial institution does not
have readily accessible the information needed to determine whether
its originations of covered credit transactions were for small
businesses as defined in Sec. 1002.106 if it did not in the
ordinary course of business collect either precise or approximate
information on whether the businesses to which it originated covered
credit transactions had gross annual revenue of $1 million or less.
In addition, even if precise or approximate information on gross
annual revenue was initially collected, a financial institution does
not have readily accessible this information if, to retrieve this
information, for example, it must review paper loan files, recall
such information from either archived paper records or scanned
records in digital archives, or obtain such information from third
parties that initially obtained this information but did not
transmit such information to the financial institution.
5. Reasonable method to estimate the number of originations. The
reasonable methods that financial institutions may use to estimate
originations for 2026 and 2027 include, but are not limited to, the
following:
i. A financial institution may comply with Sec. 1002.114(c)(2)
by determining the small business status of covered credit
transactions by asking every applicant, prior to the closing of
approved transactions, to self-report whether it had gross annual
revenue for its preceding fiscal year of $1 million or less, during
the period October 1 through December 31, 2026. The financial
institution may annualize the number of covered credit transactions
it originates to small businesses from October 1 through December
31, 2026, by quadrupling the originations for this period, and apply
the annualized number of originations to both calendar years 2026
and 2027.
ii. A financial institution may comply with Sec. 1002.114(c)(2)
by asking a representative sample of applicants for covered credit
transactions whether they are small businesses.
iii. A financial institution may comply with Sec.
1002.114(c)(2) by using another methodology provided that such
methodology is reasonable and documented in writing.
6. Examples. The following scenarios illustrate the potential
application of Sec. 1002.114(c)(2) to a financial institution's
initial compliance date under Sec. 1002.114(b).
i. Prior to July 1, 2026, Financial Institution A did not
collect gross annual revenue or other information that would allow
it to determine the small business status of the businesses for whom
it originated covered credit transactions in calendar year 2026.
Financial Institution A chose to use the methodology set out in
comment 114(c)-5.i and as of July 1, 2026, began to collect
information on gross annual revenue as defined in Sec.
1002.107(a)(14) for its covered credit transactions originated for
businesses. Using this information, Financial Institution A
determined that it had originated 750 covered credit transactions
for businesses that were small as defined in Sec. 1002.106. On an
annualized basis, Financial Institution A originated 3,000 covered
credit transactions for small businesses (750 originations * 4 =
3,000 originations per year). Applying this annualized figure of
3,000 originations to both calendar years 2026 and 2027, Financial
Institution A is subject to the initial compliance date set forth in
Sec. 1002.114(b)(1).
ii. Prior to July 1, 2026, Financial Institution B collected
gross annual revenue information for some applicants for business
credit, but such information was only noted in its paper loan files.
Financial Institution B thus does not have reasonable access to
information that would allow it to determine the small business
status of the businesses for whom it originated covered credit
transactions for the first half of calendar year 2026. Financial
Institution B chose to use the methodology set out in comment
114(c)-5.i, and as of October 1, 2026, Financial Institution B began
to ask all businesses for whom it was closing covered credit
transactions if they had gross annual revenues in the preceding
fiscal year of $1 million or less. Using this information, Financial
Institution B determined that it had originated 850 covered credit
transactions for businesses that were small as defined in Sec.
1002.106. On an annualized basis, Financial Institution B originated
3,400 covered credit transactions for small businesses (850
originations * 4 = 3,400 originations per year). Applying this
estimated figure of 3,400 originations to both calendar years 2026
and 2027, Financial Institution B is subject to the initial
compliance date set forth in Sec. 1002.114(b)(1).
iii. [Reserved]
iv. Financial Institution D did not collect gross annual revenue
or other information that would allow it to determine the small
business status of the businesses for whom it originated covered
credit transactions in calendar years 2026 and 2027. Financial
Institution D determined that it had originated 3,000 total covered
credit transactions for businesses in each of 2026 and 2027.
Applying the methodology specified in comment 114(c)-5.ii, Financial
Institution D assumed that all 3,000 covered credit transactions
originated in each of 2026 and 2027 were to small businesses. On
that basis, Financial Institution D is subject to the initial
compliance date set forth in Sec. 1002.114(b)(1).
v. [Reserved]
vi. Financial Institution F does not have readily accessible
gross annual revenue or other information that would allow it to
determine the small business status of the businesses for whom it
originated covered credit transactions in calendar years 2026 and
2027. Financial Institution F determined that it had originated 480
total covered credit transactions for businesses in 2026 and 550
total covered credit transactions for businesses in 2027. Applying
the
[[Page 51011]]
methodology set out in comment 114(c)-5.ii, Financial Institution F
assumed that all such transactions originated in 2026 and 2027 were
originated for small businesses. On that basis, Financial
Institution E is not subject to the initial compliance date set
forth in Sec. 1002.114(b)(1).
vii. [Reserved]
* * * * *
Russell Vought,
Acting Director, Consumer Financial Protection Bureau.
[FR Doc. 2025-19865 Filed 11-12-25; 8:45 am]
BILLING CODE 4810-AM-P