SUPPLEMENTARY INFORMATION:

I. Background

In 2010, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). Section 1071 of that Act ^[1] amended the Equal Credit Opportunity Act (ECOA) ^[2] to require that financial institutions collect and report to the CFPB certain data regarding applications for credit for women-owned, minority-owned, and small businesses. Section 1071's statutory purposes are to (1) facilitate enforcement of fair lending laws, and (2) enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses. Section 1071 directs the CFPB to prescribe such rules and issue such guidance as may be necessary to carry out, enforce, and compile data pursuant to section 1071.

The CFPB worked toward a section 1071 rulemaking for a number of years and has sought public comment from stakeholders numerous times. The CFPB held a field hearing on May 10, 2017, and published a request for information regarding the small business lending market.^[3] On July 22, 2020, the CFPB issued a survey to collect information about potential one-time costs to financial institutions to prepare to collect and report data on small business lending.

On September 15, 2020, the CFPB released an Outline of Proposals Under Consideration and Alternatives Considered pursuant to the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA). On October 15, 2020, the CFPB convened a Small Business Review Panel for the section 1071 rulemaking, and the Panel met with small entity representatives (SERs). The Panel Report, publicly released on December 15, 2020, was the culmination of the SBREFA process for the section 1071 rulemaking and included feedback from SERs and written feedback from other stakeholders as well.

On October 8, 2021, the CFPB published in the Federal Register a proposed rule (2021 proposed rule) amending Regulation B to implement changes to ECOA made by section 1071 of the Dodd-Frank Act.^[4] The comment period for the proposed rule closed on January 6, 2022.

The CFPB received approximately 2,100 comments on the proposal during the comment period. Approximately 650 of these comments were unique, detailed comment letters representing diverse interests. These commenters included lenders such as banks and credit unions, community development financial institutions (CDFIs), community development companies, Farm Credit System (FCS) lenders, online lenders, and others; national and regional industry trade associations; software vendors; business advocacy groups; community groups; research, academic, and other advocacy organizations; Members of Congress; Federal and State government offices/agencies; small businesses; and individuals.

On May 31, 2023, the CFPB published a final rule in the Federal Register to implement section 1071 by adding subpart B to Regulation B (2023 final rule).^[5] Further details about section 1071, small business lending market dynamics, and the CFPB's rulemaking process leading up to the 2023 final rule can be found in the preamble to the 2023 final rule.

On July 3, 2024, the CFPB published in the Federal Register an interim final rule (2024 interim final rule)^[6] to extend ( printed page 50953) the rule's compliance dates in accordance with orders issued by the United States District Court for the Southern District of Texas.^[7]

Challenges to the 2023 final rule filed by various plaintiffs remain ongoing in three jurisdictions; each of those courts stayed the rule's compliance deadlines for some market participants.^[8] However, the courts did not stay the compliance dates for those who are not plaintiffs or intervenors in those cases.

On June 18, 2025, the CFPB published in the Federal Register an interim final rule (2025 interim final rule) to extend compliance deadlines by approximately one year^[9] to facilitate consistent compliance across all covered financial institutions. The CFPB sought comment on the 2025 interim final rule.

On October 2, 2025, the CFPB published in the Federal Register a final rule (2025 compliance date final rule) that confirmed its findings in the 2025 interim final rule and determined upon a review of comments received that no further substantive changes were necessary.^[10] The CFPB received 20 comments in response to the 2025 interim final rule. Most commenters addressed the 2025 interim final rule itself. Other comments addressed provisions of the 2023 final rule not addressed by the 2025 interim final rule, some of which are discussed below.

Based on reactions to the 2023 final rule, including continued feedback from stakeholders and the ongoing litigation, the CFPB now believes that at the onset of a potentially long-term data collection regime, it should start with more modest requirements, focusing on core lending products, lenders, and data. The CFPB preliminarily believes that that reaction to the 2023 final rule, practically speaking, was in part based on its expansive approach, appearing to seek broad coverage of lenders, products, and information collected.^[11] The CFPB does not believe that alignment with the statutory purposes of section 1071 requires the use of its discretionary authority to collect data with such a breadth of scope.

The CFPB now believes that the 2023 final rule should have given more weight to qualitative differences among certain types of lenders and the likelihood that smaller lenders would face difficulties addressing the complexity of a rule of broad scope, both of which could potentially diminish the quality of the data they collect.

The CFPB believes, based on this experience, that a longer-term approach to advance the statutory purposes of section 1071 would be to commence the collection of data with a narrower scope to ensure its quality and to limit, as much as possible, any disturbance of the provision of credit to small businesses. The statutory purposes of the rule are not well served by an expansive rule that could create disruptions in small business lending markets.

Rather, the CFPB now believes that an incremental approach may better serve the statutory purposes of section 1071 in the long term. Such an approach would start with core lending products, core providers, and core data points. This approach would comply with section 1071 and further its statutory purposes but reduce the rule's initial impact on small businesses and lenders. Over time, as the CFPB and financial institutions learn from early iterations of data collections, the CFPB could consider amending the rule.

The gradual development of data collection under the Home Mortgage Disclosure Act (HMDA) ^[12] and its implementing Regulation C ^[13] over the past 50 years provides precedent for an incremental approach. Congress passed HMDA in 1975,^[14] and the Board Governors of the Federal Reserve System (Board) promulgated implementing regulations in 1976, requiring the collection of relatively few data points from relatively few lenders. At various points, HMDA amendments passed by Congress, among other things, expanded the breadth of financial institutions covered, as well as the number of data points collected from those reporting institutions.^[15] Over time, rulemakings by the Board and the CFPB implemented these amendments, added and removed data points, and expanded and contracted the scope of Regulation C.^[16]

The CFPB believes that it should approach the section 1071 data collection regime as a longer-term project akin to HMDA. The CFPB believes that it is a proper use of its authority under 15 U.S.C. 1691c-2 to reconsider several portions of the 2023 final rule to commence data collection with a focus on core lending products, core lenders, and mostly statutory data points. The CFPB believes that this incrementalist approach—starting with a more modest rule with a limited set of products, lenders, or data points—will serve the long-term interests of section 1071.

In addition, on January 20, 2025, the President issued Executive Order (E.O.) 14168, “Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government” (Defending Women E.O.).^[17] That order, among other things, directs Federal agencies to remove references and questions discussing gender identity. The order also identifies a binary of male/female sex, directing agencies to use those terms when seeking information about an individual's sex.

The CFPB has consulted with the appropriate prudential regulators and other Federal agencies regarding consistency with any prudential, market, or systemic objectives administered by these agencies as ( printed page 50954) required by section 1022(b)(2)(B) of the Dodd-Frank Act.

II. Legal Authority

The Bureau is issuing this proposed rule pursuant to its authority under section 1071. As discussed above, in the Dodd-Frank Act, Congress amended ECOA by adding section 1071, which directs the CFPB to adopt regulations governing the collection and reporting of small business lending data. Specifically, section 1071 requires financial institutions to collect and report to the CFPB certain data on applications for credit for women-owned, minority-owned, and small businesses. Congress enacted section 1071 for the purpose of (1) facilitating enforcement of fair lending laws and (2) enabling communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.^[18]

To advance these statutory purposes, section 1071 grants the Bureau general rulemaking authority for section 1071, providing that the Bureau shall prescribe such rules and issue such guidance as may be necessary to carry out, enforce, and compile data pursuant to section 1071.^[19] Section 1071, in 15 U.S.C. 1691c-2(g)(2), also permits the Bureau to adopt exceptions to any requirement of section 1071 and to conditionally or unconditionally exempt any financial institution or class of financial institutions from the requirements of section 1071, as the Bureau deems necessary or appropriate to carry out the purposes of section 1071. The Bureau relies on its general rulemaking authority under 15 U.S.C. 1691c-2(g)(1) in this proposed rule and relies on 15 U.S.C. 1691c-2(g)(2) when proposing specific exceptions or exemptions to section 1071's requirements.

See the 2023 final rule for a more detailed discussion of the CFPB's legal authorities.^[20]

III. Discussion of the Proposed Rule

A. Summary of Proposed Rule

As set out above, the CFPB now proposes to reconsider certain provisions of the 2023 final rule. The CFPB believes that a potentially long-term data collection regime should start with a focus on core lending products, lenders, small businesses, and data points. The CFPB believes in retrospect that the approach it took in the 2023 final rule—a broad initial coverage of lenders, products, small businesses and data points—was not conducive to the long-term success of the data collection regime under section 1071. The CFPB now believes that a better, longer-term approach to advance the statutory purposes of section 1071 would be to commence the collection of data with a narrower scope to ensure its quality, and to limit, as much as possible, any disturbance of the provision of credit to small businesses. The CFPB believes that such an incremental approach would also comply with section 1071 and minimize any negative initial impact on small business lending markets and on data quality. In the future, based on CFPB and industry experience during the early years of data collection, the CFPB could consider amending the rule as appropriate to further the purposes of section 1071.

The CFPB also believes that the 2023 final rule has not created significant reliance interests that would dissuade the Bureau from reconsidering its position as to certain portions of the rule. Litigation challenging provisions of the 2023 final rule and delays in the compliance dates for this rule suggest that reconsideration of the specific issues below would not meaningfully change compliance obligations.

Covered credit transactions. The CFPB believes that the initial iterations of data collection under the rule should focus on the core, widely used lending products most likely to be foundational to small businesses' formation and operation. The CFPB therefore proposes to exclude merchant cash advances (MCAs), agricultural lending, and small dollar loans from the definition of covered credit transaction.

Covered financial institutions. The CFPB believes that the initial iterations of data collection under the rule should focus on larger core lenders. The CFPB therefore proposes two changes to the covered financial institution definition: first, to exclude FCS lenders from coverage; and second, to raise the origination threshold from 100 to 1,000 covered credit transactions for each of two consecutive years. The CFPB is also proposing conforming changes to the bona fide error portions of the enforcement provisions in the rule.

Small business. The CFPB believes that the focus of the rule, at least initially, should be truly small businesses. The CFPB therefore proposes to change the gross annual revenue threshold in the rule's definition of small business from $5 million or less to $1 million or less.

Data points. The CFPB believes that the initial iterations of data collection under the rule should focus on core data points and be consistent with other executive agency directives concerning the collection of demographic data.

The CFPB therefore intends to focus data collection on data points specifically identified in section 1071 and a limited number of other data points needed to facilitate the collection of these statutory data points. The CFPB proposes to remove the discretionary data points for application method, application recipient, denial reasons, pricing information, and number of workers. The CFPB also proposes changes to comply with an executive branch mandate, which would result in a modification of the collection of data concerning business ownership status of small business applicants and the format of demographic data collected concerning the principal owners of a small business.

Time and manner of data collection. The CFPB proposes changes to the provisions on the time and manner of data collection, to remove certain requirements that are not statutorily required and appear to anticipate or presume non-compliance with the rule. The CFPB also proposes to add a provision that would emphasize for applicants their statutory rights under the rule.

Compliance dates. Finally, in light of these other proposed changes to the rule, the CFPB proposes to extend the rule's compliance date provisions to January 1, 2028 for all financial institutions that remain covered by the rule, and to make other simplifying and streamlining changes.

The CFPB also addresses in this summary two other issues.

Privacy and data publication. The CFPB does not address in this proposal the privacy discussions in the 2023 final rule or its statements about the eventual publication of data. The 2023 final rule did not purport to make any final or binding decisions concerning its privacy analysis, instead announcing only its “preliminary assessment of how it might appropriately assess and advance privacy interests by means of selective deletion or modification” of data. The 2023 final rule also did not reach conclusions regarding the procedural vehicle it would use to convey its decisions with respect to privacy.^[21] Nor ( printed page 50955) has CFPB conclusively announced a timeline for the publication of application-level data, except for observing that it would need a full year's worth of data to conduct the necessary privacy analysis. The CFPB also suggested that it intended to publish aggregate data in the first year of receiving data, and before publishing any application-level data. The CFPB is currently reconsidering all of these issues and preliminary findings, will continue to engage with stakeholders, and will address these issues and findings going forward in a timely fashion.

As part of eventual data publication, as with HMDA data, the CFPB intends to note to data users that data alone are generally not used to determine whether a lender is complying with fair lending laws. The data do not include all the legitimate credit risk considerations for loan approval and loan pricing decisions. Therefore, when regulators conduct fair lending examinations, they analyze additional information before reaching a determination about an institution's compliance with fair lending laws.

Grace period. The CFPB does not address the grace period policy statement in this proposal. The CFPB does, however, announce its intention to maintain the grace period for the same reasons articulated in the 2023 final rule, as amended by the 2025 interim final rule, and to alter the grace period to coincide with the new proposed compliance date, if it is finalized.

The Bureau seeks comments on the general approach taken in this proposal. The Bureau also seeks comment on its proposed exclusion or reconsideration of the products, lenders, small business definition, and data points identified below. Further, the Bureau requests comment on the likely change in cost and complexity of data associated with each of the specific proposed regulatory revisions identified below and whether changes to the quality of data ( e.g., better or worse data quality), advances or is contrary to the purposes of section 1071. Finally, the Bureau requests comment on whether the 2023 final rule has created any reliance interests not otherwise identified in this proposal.

B. Section 1002.104—Covered Credit Transactions and Excluded Transactions

The CFPB believes that at the onset of data collection under section 1071 the rule should focus on core, generally applicable, lending products that are most likely to be foundational to small businesses' formation and operation—loans, lines of credit, and credit cards—before determining whether to expand the scope of the rule to include more niche or specialty lending products. The CFPB therefore proposes to exclude MCAs, agricultural lending, and small dollar loans from the definition of covered credit transaction to better ensure the smooth operation of the initial period of data collection, while minimizing disruptions and regulatory complexity in the credit markets subject to section 1071.

1002.104(b)(7)—Merchant Cash Advance

Current § 1002.104(a) defines a “covered credit transaction” as “an extension of business credit that is not an excluded transaction under paragraph (b) of this section.” Section 1002.104(b)(1)-(6) enumerates six types of transactions that are excluded from covered credit extensions. The Bureau proposes adding MCAs to the list of excluded transactions in § 1002.104(b). Proposed § 1002.104(b)(7) would exclude MCAs, which it would define as an agreement under which a small business receives a lump-sum payment in exchange for the right to receive a percentage of the small business's future sales or income up to a ceiling amount.^[22] Consistent with this proposed new exclusion, the CFPB proposes deleting several references to MCAs, and the related term sales-based financing, in commentary.

In the 2023 final rule, the CFPB explained its belief that the statutory term “credit” in ECOA is intentionally broad so as to include a wide variety of products without specifically identifying any particular product by name, such that all credit products should be included in the rule unless the CFPB specifically excluded them and concluded that “credit” encompasses MCAs. It further explained that MCAs should not be understood to constitute factoring within the meaning of the existing commentary to Regulation B subpart A or the definition in existing comment 104(b)-1, because factoring involves entities selling an existing legal right to payment from a third party, while no such contemporaneous right exists in an MCA. The CFPB also noted its understanding that, as a practical matter, MCAs are underwritten and function like a typical loan ( i.e., underwriting of the recipient of the funds; repayment that functionally comes from the recipient's own accounts rather than from a third party; repayment of the advance itself plus additional amounts akin to interest; and, at least for some subset of MCAs, repayment in regular intervals over a predictable period of time), although it also implicitly acknowledged practical differences between MCAs and conventional loans by including numerous provisions intended to capture MCA-specific data.

This proposal reconsiders the CFPB's previous conclusions, as illustrated in existing comment 104(a)(1)-1, which does not exclude MCAs from the definition of “covered credit transactions” under § 1002.104(a), for several independent reasons.

First, the CFPB believes that at the onset of the data collection under section 1071 the focus should be on core lenders and products before the CFPB considers expanding the scope of the rule. MCAs are structured differently from traditional lending products; traditional lending concepts like “interest rate” do not fit the way that MCAs are priced.^[23] As a result, it is not clear that data collection on MCA transactions under section 1071 would yield information that advances section 1071's statutory purposes to the extent that some or many such transactions do not constitute credit. The CFPB believes it would advance the purposes of section 1071 at this time to exclude MCAs from the definition of covered credit transaction, and to focus on ensuring the smooth operation of data collection as to core lending products and providers most likely to be foundational to small businesses' formation and operation.

Second, the CFPB believes it erred in prematurely determining that collection of data on MCA transactions would serve section 1071's statutory purposes by concluding that all MCAs constitute credit. The 2023 final rule's one-size-fits-all approach also does not take into account the varied terms and features of MCAs across the market that may be relevant to whether the products meet the definition of “credit” under ECOA, nor did it account for the fact that MCAs ( printed page 50956) are relatively new products whose features and practices may be evolving, including in response to State regulation. Moreover, while some State courts have analyzed whether some MCAs meet State law definitions of “debt” or “credit,” there is a dearth of case law analyzing whether MCAs meet ECOA's definition of “credit.”

Excluding MCAs from the definition of “covered credit transaction” would be consistent with the way the CFPB has already treated leases, which also present close questions as to whether they meet the definition of “credit” under ECOA. In the 2023 final rule's analysis of leases,^[24] the CFPB acknowledged that some lease transactions could constitute “credit.” But rather than include all lease transactions in the 2023 final rule to ensure coverage of those leases that did actually constitute credit and credit disguised as leases, the CFPB determined that it would be able to monitor the market for such products without including them in the 2023 final rule. The CFPB proposes taking a similar approach to MCA transactions as it did to leases.

Further, the CFPB believes that the 2023 final rule's coverage of MCAs does not take into account State law developments addressing sales-based financing. Several States have legislation and/or regulations in place addressing the MCA market and requiring providers to disclose terms such as the total cost of capital and the financing rate. Such laws provide key protections for users of MCAs and may shape MCA terms and practices in ways that bear on the question of whether they meet ECOA's definition of “credit.” ^[25] While the 2023 final rule referenced these pieces of State legislation, it did not consider the extent to which the evolving landscape under State law rendered premature a determination that including MCAs in the definition of “covered credit transaction” for purposes of mandating data collection furthered section 1071's statutory purposes. The CFPB believes that it would be advantageous to observe how State laws address MCAs before the CFPB decides how, and whether, to collect data regarding MCAs pursuant to section 1071.

Finally, while the final rule cited concerns about high costs and predatory practices in the MCA market,^[26] those concerns may be addressed by Federal and State law enforcement agencies through their respective enforcement authorities.

The CFPB believes that taking into account the factors listed above, the relative novelty and evolving landscape of the MCA industry and the ongoing changes at the State level concerning the regulation of MCAs, that excluding MCA transactions from coverage under the rule at this time is necessary and appropriate to carry out the purposes of section 1071. As explained above, MCAs differ in kind from traditional lending products, such that collecting data on MCA transactions under Section 1071 may not produce information that is comparable to data collected on other types of transactions. And because MCAs have not generally been regulated as credit, many smaller MCA providers may lack the infrastructure needed to manage compliance with regulatory requirements associated with making extensions of credit. Taken together, requiring MCAs to be reported could lead to data quality issues, which would not advance the purposes of section 1071.

The CFPB will continue to monitor developments in the markets for MCAs and other sales-based financing to determine whether over time a subset might be appropriately included in the definition of “covered credit transaction” for purposes of data collection.

The CFPB seeks comment on this proposed revision to the rule. It also seeks comment on topics including, but not limited to, the extent to which MCAs differ from or resemble traditional lending products; the diversity of MCA terms and practices and how they impact whether MCAs, or a subset of MCAs, meet the definition of “credit” under ECOA; whether certain types of MCAs are more or less appropriate for exclusion; and suggestions for how the 2023 final rule could be modified with respect to MCAs if the CFPB ultimately does not exclude them.

The CFPB further seeks comment on alternative definitions to the one proposed in § 1002.104(b)(7).

1002.104(b)(8)—Agricultural Lending

The CFPB proposes adding agricultural lending to the list of excluded transactions under § 1002.104(b). The CFPB proposes adding new § 1002.104(b)(8), which would define agricultural lending as a transaction to fund the production of crops, fruits, vegetables, and livestock, or to fund the purchase or refinance of capital assets such as farmland, machinery and equipment, breeder livestock, and farm real estate improvements. Consistent with this proposed addition, the Bureau proposes deleting references to agricultural credit in current commentary. This would simplify the rule by narrowing its scope to core, generally applicable, small business lending products and avoid covering a distinct and specialized lending sector that is already subject to a different regulatory reporting scheme.^[27]

In the 2023 final rule, the CFPB declined to exclude agricultural credit from its definition of a “covered credit transaction.” It noted that ECOA itself has no exceptions for agricultural credit, that agricultural businesses are included in section 1071's statutory definition of small business (defined by cross-reference to the Small Business Act), and that there have been instances of discrimination in agricultural lending. It rejected comments asserting that agricultural credit is unique and not comparable to other types of small business lending, instead observing that “every small business industry has its own unique characteristics.” ^[28] In response to commenters expressing concern about the impact on local community financial institutions and an outsized effect on the cost of credit for farmers, the CFPB emphasized that it was increasing its institutional coverage threshold to 100 annual originations, from the 25 originations it had originally proposed. The CFPB mentioned that many agricultural lenders have already been required to ( printed page 50957) collect and report some form of data by HMDA, the Community Reinvestment Act (CRA), and/or the Farm Credit Administration (FCA), but did so only to note that lenders accordingly should be able to adapt to the CFPB's new data collection requirements.

The CFPB now believes that excluding agricultural lending from the definition of “covered credit transaction” would advance the statutory purposes of section 1071 at this early phase as the CFPB begins the collection of small business lending data. Most notably, typical agricultural lending differs markedly from other types of commercial lending. Agricultural loans are often secured by biological-based assets such as crops or livestock, which are subject to variables and risk from weather and disease. These characteristics create unique underwriting challenges that make such loans difficult to compare to those in other industries. The 2023 rule did not adequately consider these distinctions and the quality of data stemming from such transactions. Indeed, other data collection regimes, such as CRA regulations, appear to acknowledge categorical differences between loans to small businesses generally and loans to small farms.^[29]

Second, agricultural lending is already subject to an existing Federal data collection framework, one that is tailored to this particular sector. The FCA conducts a substantial amount of agricultural lending through a nationwide network of Congressionally chartered, borrower-owned cooperatives. This system is subject to extensive oversight by the FCA. Among other things, the FCA collects demographic data including race, ethnicity, and gender from applicants as part of its program oversight, in contrast to other forms of small business lending where such data collection was not permissible under § 1002.5 of Regulation B until the promulgation of the 2023 final rule.^[30] Further, under CRA regulations, institutions must report data on lending to small farms alongside reporting their lending to small businesses. The 2023 final rule did not adequately consider these distinctions.^[31]

The CFPB believes upon reconsideration that the fact that agricultural lenders are already reporting information to other agencies supports its conclusion that excluding agricultural lending is necessary or appropriate to carry out the purposes of section 1071 to avoid imposing new, overlapping reporting requirements on agricultural lenders at this point when the CFPB is commencing the collection of data under this rule. The Bureau believes that excluding agricultural lending would further the purposes of section 1071 because such an exclusion would limit potential issues with data quality. Compliance may pose greater difficulties for small agricultural lenders, which are often rural entities with less compliance infrastructure than other lenders, potentially impacting the quality of their data, and they may need to divert their limited resources from lending activities. Further, for lenders that provide both agricultural and non-agricultural loans that would still be subject to coverage, the CFPB believes that such lenders would be better situated to focusing their section 1071 reporting efforts on improving the quality of data for more core lending products.

Given these factors, the CFPB believes it would be appropriate to reconsider the rule's application to agricultural lending to focus on conventional, generally applicable small business lending at this time, and to use its exemption authority under 15 U.S.C. 1691c-2(g)(2) to exclude agricultural lending from coverage under the rule.

The CFPB seeks comment on this proposed revision to the rule. It seeks comment on topics including, but not limited to, the definition of agricultural lending; the extent to which agricultural lending differs from or resembles other types of lending; and whether specific types of agricultural lending are more or less appropriate for exclusion.

1002.104(b)(9)—Small Dollar Business Credit

The CFPB proposes adding small dollar business credit to the list of excluded transactions under § 1002.104(b). Proposed § 1002.104(b)(9) would exclude from the definition of covered credit transaction a transaction in an amount of $1,000 or less, to be adjusted for inflation over time.

In the 2023 final rule, the CFPB declined commenters' suggestions that it exempt credit transactions below a certain threshold; commenters had suggested exemption thresholds ranging from $25,000 to $10 million, on the grounds that it would help smaller institutions continue to make credit available. The CFPB explained that it was not adopting an exemption because of the significant volume of small business lending involving credit amounts below the threshold levels proposed by commenters.

The CFPB now believes that an exclusion for the smallest loans—well under the thresholds suggested by commenters in the 2023 final rule—is necessary or appropriate to carry out the purposes of section 1071. Indeed, in considering comments regarding larger exemption thresholds, the 2023 final rule did not explicitly address an exemption for loans under $1,000.

The CFPB believes that the collection of data on such loans, to the extent that they exist, are more likely to result in poor data quality for purposes of any analyses in furtherance of the statutory purposes of section 1071, given that small businesses will generally require much larger loans to begin or operate their businesses. Typically, very small loans below $1,000 would be satisfied by consumer credit options and small non-profit lenders who lack infrastructure to support regulatory compliance. Consequently, data collected from smaller transactions may not provide meaningful insight into the practices of most core lenders to small businesses.

Further, requiring data reporting on loans of $1,000 or less may make offering such small credit products uneconomical for lenders. Detailed data collection and reporting requirements are likely to impose operational complexity, which would make producing quality data difficult for smaller financial institutions. The CFPB is concerned that this could impact data quality.

Moreover, the CFPB believes, based on its experience and understanding of the markets, that many lenders treat transactions under $1,000 as consumer credit, rather than business credit. Further, $1,000 is substantially lower than loan amounts already characterized as “microloans” to businesses. The CFPB understands that loans in such amounts are not material for the small business lending markets. For example, the Small Business Administration (SBA) offers business credit that it characterizes as “microloans,” which are generally for loan amounts under $50,000 and an average loan amount of $13,000.^[32] Further, several commenters in the 2023 final rule requested that the CFPB carve out loans under $50,000 to ( printed page 50958) $100,000 as microloans.^[33] Some State-run programs offer business credit that start at a minimum loan amount of $1,000.^[34] The CFPB believes that it seems unlikely that many such small dollar loans under $1,000 to small businesses are made, and if so the collection of such data would not advance the statutory purposes of the rule.

The CFPB seeks comment on this proposed revision to the rule. It seeks comment on topics including, but not limited to, the loan amount at which the exclusion for small dollar business credit should be set; whether the exclusion should be limited to certain types of loan products, financial institutions, or small businesses; the extent to which financial institutions lend to small businesses in amounts less than $1,000 and why they do so; and whether the exclusion should account for a lender extending multiple small dollar loans to a single small business.

C. Section 1002.105—Covered Financial Institutions and Exempt Institutions

The CFPB believes that at the onset of data collection under section 1071 the focus should be on larger core lenders before the CFPB considers whether it would be appropriate to expand the scope of the rule to specialty lenders and smaller lenders. The CFPB therefore proposes to exclude FCS lenders from the definition of covered financial institution and proposes to raise the origination threshold from 100 to 1,000 covered credit transactions to better ensure the smooth operation of the initial period of data collection.

105(b) Covered Financial Institution—FCS Lenders

The CFPB proposes excluding FCS lenders from the “covered financial institution” definition in § 1002.105(b). Consistent with this proposed exemption, the CFPB proposes deleting several references to FCS lenders in commentary.

As with the Bureau's proposal to reconsider the treatment of agricultural transactions as covered transaction under § 1002.104(a), this proposal would simplify the rule by narrowing its scope to core small business lending practices and lenders. The proposal would also avoid imposing reporting requirements on a category of specialized lenders that are already subject to a separate regulatory reporting scheme.

The CFPB believes that an exemption for FCS lenders would advance the statutory purposes of section 1071. FCS lenders have a unique mission-driven structure, and they operate in a specific regulatory environment.

FCS lenders differ from traditional financial institutions in several significant respects. The FCS is comprised of a nationwide network of borrower-owned, cooperative institutions with a statutory mandate to provide the agricultural sector with reliable credit. FCS borrowers include agricultural and related businesses as well as rural homeowners. As owners of the FCS lending associations, these borrowers can receive patronage dividends that can reduce borrowing costs and make FCS loans difficult to compare to loans issued by non-FCS lenders. Commercial banks, by contrast, are owned by shareholders, and credit unions, while member-owned, serve a wide range of customers, provide a wide range of products and services, and lack a specific charter that is exclusively focused on agriculture. These differences between FCS lenders and other types of lenders, which the CFPB did not meaningfully address in the 2023 final rule, make it difficult to easily compare loans made by FCS lenders with those of other non-cooperative lenders.

In addition to their unique nature and mission, as described above, FCS lenders are also already subject to an existing regulatory reporting framework through the FCA, including the collection of demographic data as part of its program oversight.^[35]

In issuing the 2023 final rule, the Bureau explained the decision not to categorically exempt any specific type of financial institution from the rule's coverage, stating that such exemptions “would create significant gaps in the data and would create an uneven playing field between different types of institutions.” ^[36] The CFPB did not appear to meaningfully consider the extent to which FCS lending differs in kind from general-purpose lending.

However, in light of the CFPB's reconsideration of the 2023 final rule and new focus on ensuring the consistent and smooth initial collection of data from core lenders and products, the CFPB believes it would further the purposes of section 1071 to commence the data collection without including FCS lenders.

The existing reporting requirements of FCS lenders further supports excluding FCS lenders.^[37] Moreover, requiring compliance with a second set of potentially redundant reporting obligations may put FCA lenders at a competitive disadvantage relative to other lenders.

The CFPB believes that the rule's current application to FCS lenders risks imposing disproportionate regulatory complexity on them, many of which are small, rural cooperatives lacking the compliance infrastructure of large commercial lenders, which in turn risks diminishing the quality of the data they report to CFPB. Adding potentially redundant reporting requirements would do little to advance the goals of section 1071. Such a result would be counter to the Congressional goals behind the establishment of the FCS.

Based on the factors discussed above, the CFPB believes it would be appropriate to reconsider the rule's application to FCS lenders and to focus the rule's scope on conventional, general-purpose small business lending. Accordingly, the Bureau proposes to use its exemption authority under 15 U.S.C. 1691c-2(g)(2) to exclude FCS lenders.

The CFPB seeks comment on this proposed revision to the rule.

105(b) Covered Financial Institution—Threshold Change

Current § 1002.105(b) defines a covered financial institution as one that has made at least 100 covered credit transactions to small businesses in each of the two preceding calendar years. The CFPB is proposing to change this definition by increasing this threshold from 100 covered credit transactions to 1,000 covered credit transactions because it believes that it would advance the statutory purposes of section 1071 to commence the data collection without including smaller lenders under a 1,000 originations threshold.

In the 2023 final rule, the CFPB explained its belief that a 100-loan origination threshold would best address widespread industry concerns regarding compliance burdens for the smallest financial institutions while also ( printed page 50959) capturing the overwhelming majority of the small business lending market. It noted that while its original proposal of a 25-loan threshold would have yielded more data than a 100-loan threshold, the 100-loan origination threshold “massively expands data availability relative to the status quo.” ^[38] The CFPB noted that a number of commenters on the 2021 proposed rule requested a higher threshold, such as 1,000 covered credit transactions. At that time, the CFPB was concerned that a threshold higher than 100 covered credit transactions would dramatically reduce the number of covered financial institutions that must report data under the rule. However, as the CFPB noted in the 2023 final rule, a large decrease in the number of covered financial institutions does not equate to a proportionately large reduction in the estimated number of small business credit applications reported.

As a result, the CFPB believes that the proposed 1,000 originations threshold is justified for several independent reasons. First, the CFPB believes that at the onset of the data collection under section 1071 the focus should be on core lenders and products before the CFPB considers whether it would be appropriate to expand the scope of the rule. The CFPB believes that larger volume lenders are core to small business lending. Current § 1002.114(b), by way of comparison, prioritized the collection of data from the largest volume lenders first because they have more resources, and because they account for the bulk of small business lending volume.^[39]

Second, the proposed change better aligns with E.O. 14192,^[40] which directs Federal agencies to review regulations for regulatory burden, and is responsive to feedback received from stakeholders following publication of the 2023 final rule. The CFPB has heard repeatedly from industry stakeholders that its estimates in the 2023 final rule were wrong, and that a 100-loan origination threshold is too low and captures too many smaller institutions, which they say originate fewer small business loans and also are less able to shoulder the costs and complexity of complying with the rule due to fewer resources and staff.

The Bureau preliminarily determines that changing the originations threshold to 1,000 strikes a better balance by minimizing complexity for smaller entities while still collecting data on a large proportion of small business credit applications; indeed, as the Bureau observed with respect to the 100-loan threshold in the 2023 final rule, a 1,000-loan threshold would substantially increase data availability as compared to the status quo.

The CFPB believes a threshold of 1,000 originations, instead of 100, would be congruent with the statutory purposes of section 1071. The CFPB believes that the onset of data collection should commence with core products and lenders, as larger lenders are better resourced and can better sustain the complexities and cost of compliance with the rule. The CFPB believes that it should work with larger lenders to better understand potential difficulties associated with collecting data before considering whether to expand the rule to require that smaller lenders comply with the rule.

Further, the CFPB also notes from its research that the proposed change in the threshold for originations would result in a reduction in the number of smaller institutions covered by the rule without a proportionately large reduction in the number of loan application-level data collected by the rule.^[41] While the proposed 1,000 originations threshold would carve out a large number of mostly smaller depository institutions, the rule would still cover the vast majority of small business loan originations (well over 90 percent).

Given this the CFPB believes increasing the threshold would remove regulatory burden from small entities, and therefore the proposed change would be responsive to E.O. 14192.

The CFPB believes that increasing the threshold is necessary or appropriate to carry out the purposes of section 1071 because the complexity of compliance may pose difficulties for smaller lenders, many of which have no previous experience at all with data collection rules such as HMDA or CRA. The new compliance complexity may result in decreased data quality for those institutions, which would not advance the statutory purposes of section 1071.

The proposed change to § 1002.105(b) would, in turn, require other changes. Current § 1002.112(b) provides that a bona fide error is not a violation of ECOA or Regulation B, subpart B. The provision cross-references numerical error thresholds in current appendix F. Under appendix F, a financial institution is presumed to maintain procedures reasonably adapted to avoid errors with respect to a given data field if the number of errors found in a random sample of a financial institution's data submission for a given data field do not equal or exceed the threshold in column C of table 1 of appendix F.

The CFPB proposes revising appendix F to conform to the proposed changes to § 1002.105(b), defining “covered financial institution,” based on a revised origination threshold of 1,000 covered credit transactions. Specifically, column A of existing appendix F lists ranges of small business lending application register counts. The CFPB proposes eliminating the rows in table 1 associated with application counts under 1,000, and revising the count in what is currently the 4th row to be “1,000-100,000” rather than the current “500-100,000.” The CFPB requests comment on these proposed changes.

The CFPB seeks comment on this proposed revision to the rule, in particular whether an originations threshold at 200, 500, 2,000, or some other number would be appropriate, and whether the associated changes to appendix F are appropriate.

D. Section 1002.106—Business and Small Business

106(b) Small Business

Current § 1002.106(b)(1) defines “small business” and provides, among other criteria, that a business is small if its gross annual revenue for its preceding fiscal year is $5 million or less. Section 1002.106(b)(2) provides procedures for inflation adjustments to that threshold. For the reasons discussed below, the CFPB is proposing to reduce the gross annual revenue threshold from $5 million or less to $1 million or less.

In the 2023 final rule, the CFPB explained that its definition reflected the need for financial institutions to apply a simple, broad definition of a small business across industries. It also explained its belief that a $5 million gross annual revenue threshold strikes the right balance in terms of broadly covering the small business financing market while meeting the SBA's criteria for an alternative size standard. It noted that it did not propose a $1 million gross annual revenue threshold out of concern that such a threshold likely would not satisfy the SBA's requirements for an alternative size standard across industries, while also observing that a $1 million threshold would better align with existing Regulation B adverse action notification requirements. It also concluded that a $1 million threshold would exclude many businesses that should be characterized as small.

The CFPB will retain the use of a simple, broad definition of a small business across industries but is ( printed page 50960) proposing to change the gross annual revenue threshold from $5 million or less to $1 million or less, and to make conforming changes throughout the regulatory text and commentary. The CFPB is seeking SBA approval for this alternate small business size standard pursuant to the Small Business Act.^[42]

Since the 2023 final rule was published, the President issued E.O. 14192.^[43] As part of the CFPB's review of the 2023 final rule under this order, the CFPB identified that a $1 million threshold would help reduce regulatory burden on financial institutions because it would better align with other existing financial regulatory requirements and standard financial industry practices related to small businesses.

Specifically, the CFPB believes several independent reasons justify a change of the gross annual revenue threshold to $1 million. First, as noted by commenters on the CFPB's 2021 proposed rule, a $1 million threshold would align with certain metrics in CRA regulations. Several CRA tests analyze lending to “smaller businesses” with $1 million or less in revenues.^[44] The CFPB finalized the $5 million threshold in the 2023 final rule, and the Federal agencies responsible for implementing the CRA proposed and subsequently finalized amendments to their small business revenue threshold to $5 million, to conform with the CFPB's rule implementing section 1071, and to use data collected pursuant to that rule. Since then, however, the CRA agencies have proposed withdrawing those revisions, which never entered into force. The CRA agencies proposed reverting back to a $1 million or less definition, and no longer using section 1071 data in certain CRA tests concerning small businesses.^[45] The CFPB believes that it should follow suit to reduce avoidable regulatory complexity for regulated entities by sharing where possible a uniform size standard with other Federal agencies.

Second, the CFPB also believes that the revised threshold in proposed § 1002.106(b) would be more consistent with Regulation B, subpart A, further helping to reduce regulatory burden pursuant to E.O. 14192.^[46] As noted in the 2023 final rule, Regulation B, subpart A uses a $1 million revenue threshold to determine what kind of adverse action notice a business credit applicant receives; those under the threshold receive a notification similar to one a consumer would receive.^[47] As a result, many covered financial institutions likely already apply a $1 million threshold to determine which businesses are small. Here, the CFPB believes that using an existing size standard would reduce regulatory complexity for covered financial institutions.

Third, as many financial institutions have worked on implementing the 2023 final rule, the Bureau has received more feedback, including from a number of community banks and trade groups representing larger institutions, that a $1 million revenue threshold would more closely align with their internal thresholds that separate small and medium-sized businesses within their own institutions.

The CFPB notes that the 2023 final rule adopted a $5 million threshold in significant part because it believed that a $1 million threshold, discussed as an alternative to the $5 million threshold, would not satisfy the SBA's requirements for an alternative size standard and would exclude too many businesses designated as small under the SBA's size standards. Whether an alternative size standard satisfies the requirements for an alternative size standard is within the SBA's purview to determine, and as noted above the CFPB is seeking SBA approval for its proposed $1 million threshold.

Further, as commenters initially stated, a $1 million threshold would cover most (over 95 percent) of small businesses as defined by the SBA size standards in effect at the time of the 2021 proposed rule. The CFPB estimated in the 2023 final rule that among non-agricultural industries over 1.5 million small businesses (27 percent) would not be covered by an alternative $1 million gross annual revenue threshold.^[48] The CFPB is now reconsidering the data provided by commenters and its final rule estimate. In any case, the CFPB believes that a change to $1 million is consistent with the alignment goals noted above given the E.O.s discussed throughout, even if a 27 percent decline in small business coverage would result. At a $1 million threshold, the proposed rule would still cover a supermajority of small businesses that the 2023 final rule covers.

The CFPB is proposing conforming changes also to the inflation adjustment provision in § 1002.106(b)(2), to require adjustment in $100,000 increments (rather than $500,000) every five years after 2030 (rather than 2025). The CFPB is concerned that, given the proposed change to a $1 million revenue threshold, inflation adjustments in $500,000 increments would not be granular enough for this provision to meaningfully track inflation.

The Bureau seeks comment on the proposed changes to § 1002.106(b)(1) and (b)(2), including whether revenue thresholds of $500,000, $2 million, $3 million, or some other amount would be appropriate.

E. Section 1002.107—Compilation of Reportable Data

107(a) Data Format and Itemization

107(a) Discretionary Data Points

Section 1071 provides for two types of data points, those statutorily required under ECOA section 704B(e) and those promulgated based on Bureau discretion provided for in ECOA section 704B(e)(2)(H), which are sometimes referred to as discretionary data points, and which the Bureau has authority to add if the “Bureau determines [they] would aid in fulfilling the purposes of this section.” In the 2023 final rule, the Bureau finalized several discretionary data points, determining the additional data would aid in fulfilling the purposes of section 1071 of the Dodd-Frank Act, as required by ECOA section 704B(e)(2)(H). The discretionary data points were for pricing information, time in business, North American Industry Classification System (NAICS) code, number of workers, application method, application recipient, denial reasons, and number of principal owners. The Bureau considered the additional operational complexity and ( printed page 50961) potential reputational harm described by commenters that collecting and reporting these data points could impose on financial institutions, but determined that the costs were only incremental and that the data points were designed to minimize additional compliance burden.^[49]

Notably, in the 2023 final rule the Bureau declined to add other discretionary data points sought by commenters, because the decision whether to include a discretionary data point necessarily also involves considering the relative utility of a data point and the operational complexity of adding it. For that reason, in 2023 the Bureau stated that it was adopting a “limited number of data points . . . that it believes will offer the highest value in light of section 1071's statutory purposes,” and it rejected additional data points on the grounds that they would pose “operational complexities.” ^[50] For example, the Bureau declined to include a data point on credit scores, even though the data would be useful for fair lending analyses, due to the complexity and operational difficulty of doing so.^[51]

In other words, to be included as a discretionary data point, a data point implicitly must satisfy two independent tests: (1) whether the data point would aid in fulfilling the purposes of section 1071, and (2) whether the CFPB believes based on the record before it that it is appropriate to adopt as a discretionary data point given factors such as operational cost and regulatory complexity. Accordingly, if the Bureau now believes that the relative utility of the data is not strong enough to justify the additional operational complexity for financial institutions, that is sufficient reason to propose removing the discretionary data point, even if the discretionary data point would otherwise advance the purposes of the statute.

After the publication of the 2023 final rule, two factors prompted reconsideration of the discretionary data points by the Bureau. First, as discussed above, pursuant to E.O.s. 14192 and 14219 (“Ensuring Lawful Regulation and Implementing the President's `Department of Government Efficiency' Deregulatory Agenda”), the Bureau is reviewing the 2023 final rule as part of its effort to streamline and simplify regulations.^[52] The Bureau believes that removing some of the discretionary data points would meet the goals of these E.O.s. Second, subsequent to the publication of the 2023 final rule and through the implementation process, the Bureau received additional feedback about the number of data points total, and the logistical challenges associated with implementing some or all of the discretionary data points. The implementation feedback provided by stakeholders further supports reconsideration of certain discretionary data points, and the Bureau now believes that the 2023 final rule did not adequately consider the extent to which the value of the data point justifies the additional operational complexity in obtaining it.

Given this new information, the Bureau proposes to remove the discretionary data points for application method, application recipient, denial reasons, pricing, and number of workers in § 1002.107(a)(3), (4), (11), (12), (16), as well as the relevant commentary, and to make conforming changes throughout.

The data points identified for removal are not statutorily required and are not otherwise relied upon by or intertwined with the statutorily required data points.^[53] In any case, because the identified data points were finalized pursuant to the Bureau's discretionary authority under 15 U.S.C. 1691c-2(e)(2)(H), it is also within the bounds of that discretion to remove these data points. The CFPB believes that their removal at this time, at the start of a potentially long-term data collection regime, would advance the longer-term statutory purposes of the rule. Stakeholders attempting to implement the rule have suggested the addition of data points beyond those statutorily required had led to unnecessary complexity in implementing the 2023 final rule, and that such complexity might reduce data quality and lead to additional errors. The CFPB preliminarily concludes that initiating the data collection with an expansive rule that covered more data points would tend to make the initial collections more complicated and result in lesser data quality and integrity.

The CFPB believes it prudent to focus on the collection of a more limited number of core data points (the statutory data points and a limited number of other data points needed to facilitate the collection of these statutory data points) to avoid complexity in the initial implementation of a rule to implement section 1071. This in turn would make it more likely that covered financial institutions face a smoother transition in the initial years of the rule in ramping up to the accurate, recurring collection of data.^[54]

Application method. The 2023 final rule required financial institutions to collect data on whether applications were submitted in person, by phone, online, or by mail. It explained its belief that this data will improve the market's understanding of how different types of applicants apply for credit and provide additional context for the business and community development needs of particular geographic regions. The Bureau now believes that this information is of relatively low value in furthering the purposes of section 1071 while adding to the overall complexity of a lengthy data collection, and thus should not be included. Upon reconsideration, the Bureau believes that in the 2023 final rule, it had underestimated the potential complexity of this data point. The Bureau acknowledged that many lenders do not already collect this data point as such, and that many small business applicants have multiple interactions across the different methods listed (in-person, telephone, online) during the application process. However, current § 1002.107(a)(3) does not seem to address this but rather appears to reduce the potentially complex set of interactions to identifying only one means of collecting a covered application. The logic of the 2023 final rule justifying this provision suggests the futility of collecting this data point without capturing the full scope of interaction between applicant and lender for purposes of this rule. The Bureau believes, as a result, that at this time, this data point should be removed because its utility does not outweigh the cost and complexity of collecting it.

Application recipient. In the 2023 rule, the Bureau required financial institutions to collect data on application method—whether the applicant submitted the covered application directly to the financial institution or its affiliate, or whether the applicant submitted the covered application indirectly to the financial institution via a third party. It explained ( printed page 50962) that this discretionary data point will improve the market's understanding of how small businesses interact with financial institutions when applying for credit, such as whether financial institutions making credit decisions are directly interacting with the applicant and/or generally operating in the same community as the applicant. The Bureau now believes that this information is of relatively low value in furthering the purposes of section 1071 while adding to the overall complexity of a lengthy data collection. Upon reconsideration, the Bureau believes that in the 2023 final rule, it overestimated the utility and underestimated the cost and complexity of this data point. The justification for this data point in the 2023 final rule suggested that it would help determine whether lenders were operating in the communities with applicants but did not offer details on why a data point on third-party submissions would advance such an understanding, above and beyond the other data points more apparently targeted to identify community development needs, such as census tract. Further, in response to a comment that lenders do not track data on application submissions by third parties because such data played no role in underwriting decisions, the Bureau summarily replied that it did not believe it would be difficult for lenders to track this information. The Bureau believes that submissions through third parties may not always be identified as such, and that its statement in the 2023 final rule justifying the inclusion of this data point did not account for this. The Bureau as a result believes that at the start of a potentially long-term data collection regime that this data point should be removed.

Denial reasons. The Bureau explained in the 2023 rule that data on denial reasons will allow data users to better understand the rationale behind denial decisions, help identify potential fair lending concerns, and provide financial institutions with data to evaluate their business underwriting criteria and address potential gaps as needed. As the Bureau acknowledged in the 2023 rule, reasons for denial data could be harmful or sensitive for applicants or related natural persons. The Bureau now believes that the sensitivity of this information, combined with its addition to the overall complexity of a lengthy data collection, justifies proposing to remove it from the discretionary data points. The 2023 final rule did not explain how the marginal or added usefulness of denial reasons would justify the added cost and complexity above and beyond the collection of data on denials, already captured by the mandatory “type of action taken” data point. Further, to the extent that this data point was intended to assist lenders to analyze their own fair lending concerns, as the 2023 final rule stated, the data point is redundant as lenders already possess this information. To the extent that this data point was intended to assist applicants, under subpart A of Regulation B they are already able to access a statement of denial reasons. Section 1002.9(a)(3) in subpart A already requires lenders to inform applicants for business credit with $1 million or less in gross annual revenue of their right to receive a statement of denial reasons upon request. Upon reconsideration, the Bureau believes that it is sufficient at this time to collect data on denials via the action taken data point, as required under 15 U.S.C. 1691c-2(e)(2)(D), and that this data point should not be included at the start of a potentially long-term data collection regime.

Pricing. In the 2023 rule, the Bureau required reporting of an array of different pricing data: interest rate; total origination charges; broker fees; the total amount of all non-interest charges that are scheduled to be imposed over the first annual period; for a merchant cash advance or other sales-based financing transaction, the difference between the amount advanced and the amount to be repaid; and information about any applicable prepayment penalties. It explained its belief that because price-setting is integral to the functioning of any market, any analysis of the small business lending market—including to enforce fair lending laws or identify community and business development opportunities—would be less meaningful without this information. The 2023 rule acknowledge the potential complexity of collecting this data, and commenters noted the risk that it could reveal confidential business information or lead to incorrect inferences about discrimination. The Bureau now believes that the potential risk of harm to applicants and the substantial complexity of the data collection justify removing it from the discretionary data points. While the Bureau acknowledged comments “about the harmful consequences of potentially misleading data,” the Bureau addressed this concern in the 2023 final rule by stating that it would note “when disclosing the 1071 data that the data alone generally do not offer proof of compliance with fair lending laws.” ^[55] The Bureau upon reconsideration believes that such a statement may not be sufficient to address concerns about the misuse of pricing data. In adopting the pricing data point, the Bureau assumed that community groups would use data responsibly but did not address how other members of the public with access to the data might use it.^[56] Further, the 2023 final rule stated that “the 1071 data need not reflect every determinant of credit pricing to provide value to users” but also acknowledged the relevant and importance of credit score of principal owners to “explain[] pricing differences between transactions.” ^[57] That is, the Bureau believes that the publication of pricing information absent certain other information may be incomplete and give rise to incorrect inferences concerning discrimination; however, the collection of sufficient data points to correct potentially erroneous inferences may make the data collection unduly complex. This combination of difficulties leads the Bureau to believe that this data point should not be included at the start of a potentially long-term data collection regime.

Number of workers. The 2023 rule required financial institutions to report the number of workers in ranges, and stated that data on the number of persons working for a small business applicant will provide data users and relevant stakeholders with a better understanding of the job maintenance and creation that small business credit provides. The Bureau now believes that this information is of relatively low value in furthering the purposes of section 1071 while adding to the overall complexity of a lengthy data collection. First, in the 2023 final rule, the Bureau acknowledged that “[t]he majority of small businesses are run by a single owner.” Given the proposed change to § 1002.106(b), revising the definition of small business to those businesses with $1 million or less in gross annual revenue, fewer small businesses with employees would be covered under the rule. Second, as acknowledged in the 2023 final rule, small businesses may encounter difficulties in providing this information to financial institutions, especially small businesses that use contractors, temporary or gig workers, or seasonal workers, or those that cycle through employees frequently. While the Bureau simplified a covered financial institution's reporting requirements for this data point, the Bureau believes that even as simplified this data point's complexity outweighs its potential utility. That is, the Bureau ( printed page 50963) now believes that it would be difficult to ensure consistency in reporting this data point across a variety of different small business applicants, making it likely that the data collected would be of poor quality or otherwise difficult to interpret. Further, the 2023 final rule justified this data point solely on community development grounds. It did not justify this data point on fair lending grounds because nothing in Regulation B, including subpart A, offers differential protection based on a business credit applicant's number of workers. Based on the Bureau's intention to commence this rulemaking regime focused on truly small businesses, the Bureau believes that this data point should not be included at the start of a potentially long-term data collection regime as it is not likely to result in the collection of useful data at this time.

LGBTQI+-owned business status. The 2023 rule required financial institutions to inquire whether a small business applicant for credit is a minority-owned, women-owned, and/or LGBTQI+-owned business. This discretionary data point is addressed in more detail below in the section on the Defending Women E.O.

The Bureau solicits comment on these proposed changes, including whether any of the identified discretionary data points should be modified or retained, in part or in full.

Collection of Disaggregated Ethnicity and Race Categories

Current § 1002.107(a)(19) requires the collection of both aggregate and disaggregated race and ethnicity information on principal owners of small business applicants. However, 15 U.S.C. 1691c-2(e)(2)(G) only requires covered lenders to collect and report the “race, sex, and ethnicity of the principal owners of the business.” This statutory provision does not explicitly call for the collection of disaggregated data on the race and ethnicity of principal owners. Given its concern about commencing a long-term data collection regime by asking for potentially complex and costly data points, the Bureau seeks comment on whether it should revise the rule's data collection requirements to require collection only of aggregate ethnicity and race categories.

As a result, and consistent with its reconsideration of discretionary data points, the Bureau also seeks specific comment on what utility there might be for carrying out the purposes of section 1071 in requiring the collection of disaggregated categories of ethnicity and race, in addition to the aggregate categories. The Bureau also seeks comment on the costs and burdens for financial institutions in requiring the collection of these disaggregated categories of ethnicity and race.

Defending Women E.O.

LGBTQI+-ownership. Current § 1002.107(a)(18) requires financial institutions to inquire whether a small business applicant for credit is a minority-owned, women-owned, and/or LGBTQI+-owned business. The Bureau explained that, based on limited information available, it believed that LGBTQI+-owned businesses may experience particular challenges accessing small business credit, and used its discretionary authority under 15 U.S.C. 1691c-2(e)(2)(H) to require financial institutions to request information about whether an applicant is a LGBTQI+-owned business. In the time since the 2023 rule, the Bureau has heard repeated concerns from stakeholders, as well as members of Congress and the general public, that this question in particular is an invasion of privacy and risks damaging the relationship between small businesses and their lenders, particularly in smaller lending markets. The Bureau now believes that the sensitivities involved in this inquiry, which the 2023 rule did not address, exceed any utility this data point might provide, and that it adds to the overall complexity of a lengthy data collection.^[58]

In addition, the President issued the Defending Women E.O. (E.O. 14168) on January 30, 2025, which directs Federal agencies seeking information not to discuss gender identity and to refer to sex using a binary of male/female. Consistent with this E.O. and the feedback the Bureau received from stakeholders and members of Congress and the general public described above, the Bureau is proposing to make certain conforming changes to the rule and remove or rescind provisions in the current rule that do not comply with the order. These changes generally would include (1) removing references to and questions about “LGBTQI+”-owned business status, (2) requiring financial institutions to inquire about a principal owner's sex, rather than sex/gender, and (3) providing that the sex of the principal owners be selected from a static binary response option of male/female, rather than a free-form text field.

Specifically, the proposed changes would include removing the definition related to LGBTQI+-owned business status in § 1002.102(k) and (l) and removing references to LGBTQI+-owned business status in § 1002.107(a)(18) and (19) and associated commentary, and revising how principal owners' sex is to be collected in commentary accompanying § 1002.107(a)(19). The proposed changes would also include removing references to LGBTQI+-owned business status in Regulation B, subpart A, § 1002.5(a)(4) and revising commentary accompanying § 1002.5(a)(2). The Bureau is also proposing to make conforming changes elsewhere throughout the regulatory text and associated commentary, as well as the sample form in appendix E.

The Bureau seeks comment on these proposed changes.

Sex/gender. Current § 1002.107(a)(19) requires financial institutions to ask a small business applicant to provide its principal owners' ethnicity, race and sex. Associated commentary further explains how financial institutions are to make these requests. Commentary to current § 1002.107(a)(19) requires financial institutions, when requesting principal owners' sex, to use the term “sex/gender” and to give applicants a free-form text field to provide a response.

Commentary accompanying current § 1002.107(a)(19) requires financial institutions, when requesting principal owners' sex, to use the term “sex/gender” and to give applicants a free-form text field to provide a response. In the 2023 rule, the Bureau explained its belief that this approach would allow applicants to self-identify as they see fit. Commenters had contended, however, that the free-form text approach would inhibit data analysis.

The Bureau now agrees with commenters who had asserted that, particularly in the context of a data collection rule, a free-form text field would inhibit robust data analysis, contrary to the purposes of the rule. The Bureau also now believes, based on feedback from stakeholders of all kinds, that a free-form text field would likely result in poor data quality, given the variety of possible responses to the sex question even for a single type of answer.^[59] The potential for confusion is ( printed page 50964) exacerbated by the lack of clarifying instructions. The Bureau now believes that the most appropriate way to collect data on the sex of a principal owner is to ask the straightforward question of whether the owner is male or female.

Additionally, this proposed change comports with the Defending Women order described above. Specifically, the changes consistent with E.O. 14168 would include revising how principal owners' sex is to be collected in commentary accompanying § 1002.107(a)(19). The Bureau is also proposing to make conforming changes elsewhere throughout the regulatory text and associated commentary, as well as the sample form in appendix E.

The Bureau solicits comment on these proposed changes.

Applicant's Right To Refuse To Provide Demographic Data

Current § 1002.107(a)(18) requires covered financial institutions to seek information from applicants about their women-owned, minority-owned, and LGBTQI+-owned business status and § 1002.107(a)(19) requires covered financial institutions to seek information from applicants about the ethnicity, race, and sex of the principal owners of the applicant business. Those provisions and associated commentary also include discussions of the statutorily provided right of an applicant to refuse to provide this information.^[60]

The Bureau is proposing to revise the applicant right to refuse discussions in § 1002.107(a)(18) and (19), as well as the related commentary. In addition, the Bureau is proposing corresponding changes to the sample demographic data collection form in appendix E. Currently, the regulatory text of § 1002.107(a)(18) and (19) provides that covered financial institutions must inform applicants that the financial institution cannot discriminate against the applicant based on the demographic information provided pursuant to the rule or on whether the applicant invokes the right to refuse to provide the information. Existing comments 107(a)(18)-1 and 107(a)(19)-1 state that a financial institution must permit an applicant to refuse ( i.e., decline) to answer the financial institution's inquiries regarding business status and ethnicity, race, and sex, and must inform the applicant that it is not required to provide the information. The Bureau is proposing to add the requirement to inform applicants of their right to refuse to the regulatory text of § 1002.107(a)(18) and (19), for clarity.

The Bureau is also proposing changes to the sample form in appendix E to further emphasize the right to refuse.

The Bureau seeks comment on these proposed changes.

107(c) Time and Manner of Collection

Anti-Discouragement and Related Provisions

In the 2023 rule, the Bureau explained that it was adopting the provisions in § 1002.107(c) in an attempt to provide a balance between allowing institutions flexibility in how they collect data and ensuring that institutions do not discourage or otherwise interfere with applicants' providing their data. Existing § 1002.107(c) requires a covered financial institution to (1) not discourage an applicant from responding to requests for applicant-provided data under final § 1002.107(a) and to otherwise maintain procedures to collect such data at a time and in a manner that are reasonably designed to obtain a response; (2) identify certain minimum components when collecting data directly from the applicant that must be included within a financial institution's procedures to ensure they are reasonably designed to obtain a response; (3) maintain procedures to identify and respond to indicia that it may be discouraging applicants from responding to requests for applicant-provided data, including low response rates for applicant-provided data; as well as (4) provide that low response rates for applicant-provided data may indicate that a financial institution is discouraging applicants from responding to requests for applicant-provided data or otherwise failing to maintain procedures to collect applicant-provided data that are reasonably designed to obtain a response.

The CFPB proposes to remove certain references to the discouragement prohibition in § 1002.107(c)(1) and (c)(2)(iii), as well as related commentary that the Bureau believes are redundant and add unnecessary regulatory complexity. It also proposes to remove § 1002.107(c)(3) and (c)(4) and related commentary; these provisions detail requirements to monitor for indicia of discouragement, such as low response rates from applicants, and explicitly provide that low response rates may be indicia of discouragement. Further, the CFPB proposes to revise commentary to § 1002.107(c)(2) which established specific restrictions on the time and manner of data collection that are similar to the anti-discouragement provisions.

Section 1071, as implemented by Regulation B, subpart B, creates binding obligations for covered financial institutions to ask small business applicants for credit for their demographic information, but it includes no requirements regarding how institutions must ask for the information.^[61] By contrast, the 2023 final rule imposed numerous obligations in § 1002.107(c) on the basis of theoretical concerns that institutions would seek to evade compliance by discouraging applicants from providing their information or otherwise interfering with applicants providing their data. It did not provide any evidence in support of its concerns, such as evidence from past experience with HMDA or other similar situations. In addition, the Bureau now believes that comment 107(c)(2)-2.iii.A, which discusses financial institution statements that would violate the anti-discouragement provision, raises serious First Amendment concerns.

The 2023 final rule also describes in commentary several obligations related to anti-discouragement, such as the requirements that financial institutions maximize the collection of data, request applicant-provided data before a final credit decision is made, and ensure that applicants do not overlook requests for data.

The Bureau's belief that the anti-discouragement and other related provisions are unnecessary is also bolstered by feedback it has received from a number of stakeholders regarding difficulties with implementing these provisions, particularly with respect to the discussion in comment 107(c)(4)-1 as to comparison of response rates for demographic questions across similar financial institutions. Further, the provisions in § 1002.107(c) that would remain after these proposed revisions still impose affirmative obligations to maintain procedures reasonably designed to obtain a response from credit applicants.

Given the existence of these provisions, and in light of E.O.s 14192 and 14219 that require the CFPB to seek ways to increase efficiency in regulations, the CFPB now reconsiders existing § 1002.107(c) and preliminarily finds that its various prohibitions on discouragement are redundant and unnecessary. They are redundant in that ( printed page 50965) they appear to create obligations to comply with other existing obligations. They are unnecessary because the obligations to collect data and to maintain systems reasonably designed to elicit responses are already subject to the enforcement provisions of § 1002.112 in the event of non-compliance. Further, comments received in response to the 2025 interim final rule from a trade association suggested that these provisions were vague and did not make clear what would and would not constitute discouragement. All of this would add unnecessary regulatory complexity for lenders.

The CFPB observes that the other requirements in the current commentary to § 1002.107(c)(2)—concerning maximizing the collection of data, requesting applicant-provided data before a credit decision is made, and ensuring that applicants not overlook requests for data—should not have been framed as binding obligations because they are unnecessary obligations beyond those already established in § 1002.107(c). However, unlike the anti-discouragement provisions, these provisions identify practices likely to help covered financial institutions comply with the 2023 final rule. The CFPB proposes revising these provisions to provide guidance to financial institutions rather than contributing unnecessary regulatory complexity in the form of additional obligations. The CFPB believes that providing this flexibility will advance the statutory purposes of the rule by helping financial institutions collect better quality data without requiring them to follow rigid practices that may in some instances impede rather than encourage data collection. The CFPB further believes that making these practices guiding principles, rather than requirements, better conforms with the existing regulatory text of § 1002.107(c), which requires covered lenders to “maintain procedures to collect such data at a time and in a manner that are reasonably designed to obtain a response” (emphasis added).

For purposes of streamlining and simplifying the rule by removing unnecessary regulations, as discussed above, the Bureau proposes to remove provisions regarding or discussing a prohibition on the discouragement of applicants from providing data required under the rule, and proposes revising other provisions concerning the time and manner of collection to provide guidance rather than additional obligations.

The Bureau seeks comment on these proposed changes.

F. Section 1002.114—Effective Date, Compliance Date, and Special Transitional Rules

114(b) Compliance Date

The rule's compliance dates, as most recently amended by the 2025 compliance dates final rule, are set forth in current § 1002.114(b). That section looks to a financial institution's volume of covered credit transactions for small businesses to determine which of three compliance dates (currently July 1, 2026, January 1, 2027, and October 1, 2027) are applicable to a financial institution.

The CFPB proposes amending § 1002.114(b) to eliminate the system of tiered compliance dates in favor of creating a single compliance date. Mirroring the change to the rule's origination threshold set forth in proposed § 1002.105(b), proposed § 1002.114(b) would require that all covered financial institutions that originated at least 1,000 covered credit transactions for small businesses in each of calendar years 2026 and 2027 begin to comply with the rule starting on January 1, 2028. The CFPB proposes making corresponding updates throughout the commentary accompanying § 1002.114(b) and (c), which would provide additional guidance and examples regarding the compliance date.

The CFPB preliminarily believes that the extension of the single compliance date to January 1, 2028, is necessary and reasonable for several independent reasons. Those covered financial institutions that would reasonably expect to be above the new 1,000 origination threshold will need additional time to adjust their compliance systems to any changes to the rule the CFPB adopts after considering the comments submitted on this NPRM. The proposed revisions would not only reduce certain reporting requirements, such as the proposed elimination of many of the discretionary data points, but would also change existing requirements concerning statutorily required demographic data points, consistent with the Defending Women E.O. Such changes may require that financial institutions that may have already prepared to comply with the 2023 final rule to change forms, customer interfaces, or other compliance software or regulatory processes.

Further time would also be necessary for other institutions to determine whether they are covered at all under the rule, given the proposed modification of the threshold for covered financial institutions from 100 to 1,000 originations, as well as other proposed changes that would result in fewer transactions being counted toward the 1,000 origination threshold (such as the proposed removal of certain categories of credit transactions from § 1002.104(b), from the definitions of covered credit transaction, and the change to the definition of small business in § 1002.106).

The CFPB likewise believes it would be appropriate to adopt a single compliance date, to begin on January 1, 2028, that is applicable to all covered financial institutions. The need for a tiered compliance structure is diminished by the length of time that has passed since the adoption of the 2023 final rule as well as fewer covered financial institutions as a result of changes proposed to §§ 1002.104(b), 1002.105(b), and 1002.106. The CFPB has also heard feedback from stakeholders regarding difficulties for financial institutions in complying with the rule mid-year, which would be resolved by the proposed revisions to § 1002.114.

Finally, the CFPB believes that its proposed compliance date resolves any lingering concerns arising from previous compliance date extensions. As the CFPB explained in its 2025 interim final rule and 2025 compliance date final rule, those rules were necessary to avoid a subset of covered financial institutions remaining obligated to come into compliance with the 2023 rule, even though many of these institutions would be too small to qualify as covered financial institutions under this proposed rule, if finalized, meaning that they would likely incur significant compliance costs for only a single year's submission of data. Furthermore, this costly single-year submission of data—with costs inequitably imposed only on covered financial institutions that happened not to be plaintiffs or intervenors in litigation—would likely provide little benefit. For example, the data would be submitted in accordance with a different set of data points under § 1002.107(a), which could have caused analytical concerns in comparison with data submitted pursuant to this proposed rule, if finalized. Additionally, prior to releasing any data from the single-year submission, the CFPB would need to conduct an analysis under § 1002.110(a) to determine if deletion or modification of the data would advance a privacy interest, and due to the smaller size of the single-year data set, it is likely that more data would need to be deleted or modified, limiting its utility. Finally, if covered financial institutions were not given additional time to comply with the changes ( printed page 50966) proposed here, the Bureau is concerned that credit access and data quality might be affected in a manner that would not advance the purposes of the statute.

The CFPB seeks comment on these proposed changes. It also seeks comment on whether it would be appropriate to finalize this compliance date amendment in advance of finalizing the proposal's other changes, so that institutions currently covered by the 2023 rule could have earlier certainty as to the timing of their obligations, if any.

114(c) Special Transition Rules

In the 2023 final rule, financial institutions were instructed to determine their compliance tier based on their originations in 2022 and 2023. Subsequent changes to the rule added the time periods of 2023 and 2024, or 2024 and 2025, that financial institutions could choose to use instead. These alternatives are set out in existing § 1002.114(c)(3) and related commentary.

The CFPB is proposing revising § 1002.114(c)(3) and related commentary to require a financial institution to count its originations of covered credit transactions in each of calendar years 2026 and 2027 to determine whether it must comply with the rule on the proposed compliance date of January 1, 2028. This proposed change would simplify § 1002.114(c) and better align it with the proposed revisions to § 1002.114(b).

The CFPB believes that the range of options provided by current § 1002.114(c), intended to provide flexibility to potentially covered financial institutions, is no longer appropriate for a single compliance date with a single originations threshold. Further, proposed § 1002.114(c) would use calendar years closer to the new compliance date and would be a fairer time period to count originations. The compliance date in proposed § 1002.114(b) of January 1, 2028, would be nearly five years removed from some of the two-year time periods used to determine when a covered financial institution must begin to collect data. Originations in 2026 and 2027 would be controlling in any event; if a financial institution would be covered by the rule based on its originations in 2022 and 2023, but fell below the threshold based on 2026 and 2027, it would not be a covered financial institution for 2028. The CFPB thus believes that referring to the number of originations during calendar years 2026 and 2027 would be more appropriate and relevant to determining whether a financial institution must comply with the rule starting in January 2028.

The CFPB seeks comment on this proposed change.

IV. CFPA Section 1022(b) Analysis

In developing the proposed rule, the CFPB has considered the potential benefits, costs, and impacts as required by section 1022(b)(2) of the Consumer Financial Protection Act of 2010 (CFPA). Section 1022(b)(2) calls for the CFPB to consider the potential benefits and costs of a regulation to consumers and covered persons, including the potential reduction of consumer access to consumer financial products or services, the impact on depository institutions and credit unions with $10 billion or less in total assets as described in section 1026 of the CFPA, and the impact on consumers in rural areas.

In the Dodd-Frank Act, which was enacted “[t]o promote the financial stability of the United States by improving accountability and transparency in the financial system,” Congress directed the Bureau to adopt regulations governing the collection of small business lending data. Under section 1071 of that Act, covered financial institutions must compile, maintain, and submit certain specified data points regarding applications for credit for small businesses, with particular attention to women-owned and minority-owned small businesses, along with “any additional data that the Bureau determines would aid in fulfilling the purposes of this section.” Under the 2023 final rule, covered financial institutions are required to collect and report the following data points: (1) a unique identifier, (2) application date, (3) application method, (4) application recipient, (5) credit type, (6) credit purpose, (7) amount applied for, (8) amount approved or originated, (9) action taken, (10) action taken date, (11) denial reasons, (12) pricing information, (13) census tract, (14) gross annual revenue, (15) NAICS code, (16) number of workers, (17) time in business, (18) minority-owned, women-owned, and LGBTQI+-owned business status, (19) ethnicity, race, and sex of principal owners, and (20) the number of principal owners.

Under the 2023 final rule, financial institutions are required to report data on small business credit applications if they originated at least 100 covered credit transactions in each of the two preceding calendar years. Loans, lines of credit, credit cards, and merchant cash advances (including such credit transactions for agricultural purposes) all fall within the transactional scope of the 2023 final rule, with no limitations on loan amount. The Bureau excluded trade credit, transactions that are reportable under HMDA, insurance premium financing, public utilities credit, securities credit, and incidental credit. Factoring, leases, and consumer-designated credit used for business or agricultural purposes are also not covered credit transactions. For purposes of the 2023 final rule, a business is a small business if its gross annual revenue for its preceding fiscal year is $5 million or less. Finally, the 2023 final rule, as subsequently amended, establishes several compliance dates for financial institutions based on three origination size thresholds.

This proposed rule reconsiders certain provisions of the 2023 final rule. Under this proposed rule, covered financial institutions would no longer be required to collect and report the following data points: application method, application recipient, denial reasons, pricing information, number of workers, and LGBTQI+-owned business status. This proposed rule would make adjustments to some of the other data points (including minority-owned business status and ethnicity, race, and sex of principal owners) as well as the timing and methods to be used in the collection of data.

In addition, under this proposed rule, a financial institution would be required to report data if the financial institution originated at least 1,000 covered credit transactions in each of the two preceding calendar years, and one category of financial institutions (FCS lenders) would be excluded from coverage. The CFPB is also proposing to exclude merchant cash advances, credit transactions for agricultural purposes, and small dollar loans of $1,000 or less from the transactional scope of the rule. For the purposes of the proposed rule, a business would be a small business under this proposed rule if its gross annual revenue for its preceding fiscal year is $1 million or less. Finally, the proposed rule would change the compliance date provision to require a single compliance date for covered financial institutions.

A. Statement of Need

Congress directed the Bureau to adopt regulations governing the collection of small business lending data. Specifically, section 1071 of the Dodd-Frank Act amended ECOA to require financial institutions to compile, maintain, and submit to the Bureau certain data on applications for credit for small businesses, particularly ( printed page 50967) women-owned and minority-owned small businesses. Congress enacted section 1071 for the purpose of facilitating enforcement of fair lending laws and enabling communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses. The Bureau is issuing this proposed rule to reconsider portions of the 2023 final rule in order to more effectively fulfill its statutory purposes.

As discussed in parts I and III, the Bureau believes, in retrospect, that its approach in the 2023 final rule was not conducive to fulfilling the long-term statutory purposes of section 1071 of the Dodd-Frank Act. The Bureau now believes that a more incremental approach would limit, as much as possible, any disturbance to the provision of credit to small entities. The Bureau expects that a more gradual approach to adding data points or expanding coverage, if needed, would more effectively serve both the fair lending and community development purposes of the rule in the long run.

In particular, the Bureau believes it should focus on core lending products, core lending providers, and core data points, rather than take the more expansive approach of its 2023 final rule. To accomplish this, the Bureau proposes multiple changes from the 2023 final rule. Among the most consequential changes, the Bureau proposes to exempt several categories of credit from the definition of covered transactions, including sales-based financing, loans for agricultural purposes, and small dollar loans. The Bureau now believes that application data collected on these types of transactions would be of lower quality while imposing collection requirements on institutions that issue them. The Bureau also proposes to raise the number of loans that trigger reporting requirement to 1,000 and exempt FCS lenders from coverage of the rule to focus on core providers in the small business lending space. The Bureau proposes to change the definition of “small business” in current § 1002.106(b) from $5 million or less to $1 million or less in annual gross revenue to ensure that data is collected on truly small businesses, rather than collect additional data on businesses that could be considered large in some contexts. Lastly the rule removes several data points from the collection, relative to the 2023 final rule, including pricing data, application method, application recipient, denial reasons, pricing and number of workers to limit the initial compliance costs for collecting and reporting data in compliance with section 1071.

The Bureau believes these changes help further the statutory purposes, for facilitating fair lending enforcement and community development, in several ways. By reducing the initial burden of the data collection on some institutions and removing the collection requirement from others, the Bureau believes that it will reduce disruption in the small business lending market compared to the more expansive 2023 final rule requirements. Disruption in the small business lending market could run counter to the community development purposes of the final rule. By focusing the data collection on core providers, transactions, and data points the Bureau expects the data collected under this proposed rule will be of higher quality and will be more useful for fair lending enforcement and community development.

B. Baseline for the Consideration of Costs and Benefits

In evaluating the potential benefits, costs, and impacts of this proposed rule, the Bureau takes as a baseline that all financial institutions covered under the 2023 final rule are in appropriate compliance with that rule, as codified in subpart B of Regulation B and amended by the 2024 interim final rule, the 2025 interim final rule, and the 2025 compliance date final rule.^[62] Under this baseline, the Bureau also assumes that institutions are complying with other regulations that they are currently subject to, including reporting data under HMDA, CRA, and any State commercial financing disclosure laws.^[63] The Bureau believes that this baseline provides the public with the most reasonable basis for analyzing the benefits and costs of this proposed rule. The Bureau seeks comment on the advantages and disadvantages of considering this baseline.

C. Basic Approach of the Bureau's Consideration of Benefits and Costs and Data Limitations

Pursuant to section 1022(b)(2)(A) of the Dodd-Frank Act,^[64] in prescribing a rule under the Federal consumer financial laws (which include ECOA and title X of the Dodd-Frank Act), the Bureau is required to consider the potential benefits and costs to “consumers” and “covered persons,” including the potential reduction of access by consumers to consumer financial products or services resulting from such rule, and the impact of final rules on covered persons as described under section 1026 of the Dodd-Frank Act ^[65] ( i.e., depository institutions and credit unions with $10 billion or less in total assets), and the impact on consumers in rural areas.

The Dodd-Frank Act defines the term “consumer” as an individual or someone acting on behalf of an individual. It defines a “covered person” as one who engages in offering or providing a “consumer financial product or service,” which means a financial product or service that is provided to consumers primarily for “personal, family, or household purposes.” ^[66] In rulemakings implementing section 1071, however, the only parties directly affected by the rule are small businesses (rather than individual consumers) and the financial institutions from which they seek credit (which may or may not be covered persons). Accordingly, a section 1022(b)(2)(A) analysis that considers only the costs and benefits to individual consumers and to covered persons would not meaningfully capture the costs and benefits of the rule.

Below, the Bureau conducts the statutorily required analysis with respect to the proposed rule's effects on consumers and covered persons. Additionally, consistent with the approach in the 2023 final rule, the Bureau is electing to conduct this same analysis with respect to small businesses and the financial institutions that would be required to compile, maintain, and submit data under the proposed rule. This analysis relies on data that the Bureau has obtained from industry, other regulatory agencies, and publicly available sources. However, as discussed further below, the available data limit the Bureau's ability to quantify the potential costs, benefits, and impacts of the proposed rule.

The Bureau seeks comments on the basic approach discussed below and any ( printed page 50968) additional data sources that may be used to improve this approach.

1. Analysis With Respect to Consumers and Covered Persons

The 2023 final rule implemented a data collection regime in which certain covered financial institutions must compile, maintain, and submit data with respect to applications for credit for small businesses. This proposed rule amends that implementation. The proposed rule would not directly impact consumers, including consumers in rural areas, as those terms are defined by the Dodd-Frank Act. However, some consumers may be impacted in their separate capacity as sole owners of small businesses covered by the proposed rule. Some covered persons, including some depository institutions or credit unions with $10 billion or less in total assets, would be affected under the proposed rule not in their capacity as covered persons ( i.e., as offerors or providers of consumer financial products or services) but in their separate capacity as financial institutions that offer small business credit covered by the proposed rule. The costs, benefits, and impact of the proposed rule on those entities are discussed below.

2. Benefits to Impacted Financial Institutions

The proposed rule would modify the 2023 final rule with respect to which financial institutions and transactions are covered, and which data points are required to be collected and reported. Many financial institutions that would not be covered by the proposed rule will still be impacted by the proposed rule because they would have been covered under the 2023 final rule (as amended). The Bureau analyzes the impacts of the proposed rule relative to the baseline (1) on covered institutions and (2) on institutions that would no longer be covered and calls the combined group of institutions “impacted financial institutions.” The main expected benefit of the proposed rule to impacted financial institutions comes in the form of cost savings. The Bureau calculates these cost savings by estimating the change in compliance costs between the proposed rule and the baseline.

In order to precisely quantify the cost savings for impacted financial institutions, the Bureau would need representative data and information on the operational costs that financial institutions would incur to gather and report 1071 data, on one-time costs for financial institutions to update or create reporting infrastructure to implement requirements of the proposed rule, and on the level of complexity of financial institutions' business models and compliance systems. Furthermore, the Bureau would need this information under both the baseline and the proposed rule. Currently, the Bureau does not believe that data on section 1071 reporting costs with this level of granularity are systematically available from any source. The Bureau has made reasonable efforts to gather data on section 1071 reporting costs and primarily uses the same methodology that it used to analyze the 2023 final rule, unless otherwise noted. The Bureau continues to believe that its analysis here and in the 2023 final rule constitutes the most comprehensive assessment to date of the compliance costs associated with implementing section 1071 reporting by financial institutions and provides the most accurate estimates of costs given available information. However, the Bureau recognizes that these estimates may not fully quantify the costs to each covered financial institution, especially given the wide variation of section 1071 reporting costs among financial institutions.

The Bureau categorizes costs required to comply with the baseline and the proposed rule into “one-time” and “ongoing” costs. Similarly, the Bureau reports cost savings in these terms. “One-time” costs refer to expenses that the financial institution incur initially and only once to implement changes required in order to comply with the requirements of this rule. “Ongoing” costs are expenses incurred as a result of the ongoing reporting requirements of the rule, which the Bureau considers on an annualized basis. In considering the costs and impacts of the 2023 final rule, the Bureau has engaged in a series of efforts to estimate the cost of compliance by covered entities. The Bureau conducted a One-Time Cost Survey, discussed in more detail in part IX.E.1 of the 2023 final rule,^[67] to learn about the one-time implementation costs associated with implementing section 1071 and adapted ongoing cost calculations from previous rulemaking efforts. The Bureau evaluated the one-time costs of implementing the procedures necessary and the ongoing costs of annually reporting under the proposed rule in part IV.F.1 below. The Bureau recognizes that costs vary by institution due to many factors, such as size, operational structure, and product complexity, and that this variance exists on a continuum that is impossible to fully represent. In order to conduct a consideration of impacts that is both practical and meaningful in light of these challenges, the Bureau has chosen an approach that focuses on three representative types of financial institutions. For each type, the Bureau has produced reasonable estimates of the costs of compliance given the limitations of the available data. Part IV.E.1 below provides additional details on this approach.

The Bureau understands that some financial institutions that are covered under the baseline have started implementing the 2023 final rule. Institutions that would be no longer covered as a result of the proposed rule may have already incurred some one-time costs to implement the baseline that would not have been necessary under this proposed rule. The Bureau does not count these expenditures as costs of the proposed rule because those costs have already been incurred and are discussed in more detail in part IV.E.1. Instead, the Bureau accounts for these expenditures through reductions in cost savings. If an institution becomes no longer covered as a result of the proposed rule, it will no longer be able to recoup all one-time implementation costs, as discussed in part IV.E.1.

3. Benefits to Small Businesses

Consistent with the 2023 final rule, the Bureau elects to estimate the benefits and cost savings to small businesses in addition to cost and benefit savings to impacted financial institutions. As with financial institutions, the Bureau expects that the main benefits of the proposed rule to small businesses would arise as a result of cost savings. The Bureau expects the direct cost savings of the proposed rule to small businesses would be negligible. However, the Bureau expects that there could be indirect cost savings of the proposed rule to small businesses if financial institutions pass on their cost savings. Therefore, the Bureau focuses its analysis on whether and how the Bureau expects impacted financial institutions to pass on the cost savings from the proposed rule to small businesses and any possible effects on the availability or terms of small business credit. The Bureau relies on economic theory to understand the potential for cost savings of financial institutions to be passed on to small businesses.

4. Costs to Small Businesses and Impacted Financial Institutions

The costs to small businesses and to impacted financial institutions associated with the proposed rule will primarily come from a decrease in the benefits associated with the 2023 final ( printed page 50969) rule. Quantifying benefits to small businesses presents substantial challenges. As discussed above, Congress enacted section 1071 for the purpose of facilitating enforcement of fair lending laws and enabling communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses. The Bureau is unable to quantify any of these benefits, both because the Bureau does not have the data to do so and because the Bureau is not able to assess how effective the 2023 final rule would be in achieving those benefits. The same difficultly holds for the change in benefits associated with the proposed rule. As discussed further below, as a data reporting rule, most provisions of the baseline and the proposed rule will benefit small businesses in indirect ways, rather than directly.

Similar issues arise in attempting to quantify the decrease in benefits to impacted financial institutions. Certain benefits to impacted financial institutions are difficult to quantify. For example, the Bureau believes that the data collected under both the baseline and this proposed rule will reduce the compliance burden of fair lending reviews for lower risk financial institutions that are likely to be in compliance with ECOA by reducing the “false positive” rates during fair lending prioritization by regulators. However, the Bureau does not have the information to quantify such benefits.

In light of these data limitations, the discussion below generally provides a qualitative consideration of the reduction of benefits under the proposed rule relative to the baseline. General economic principles, together with the limited data available, provide insight into the loss of benefits. Where possible, the Bureau makes quantitative estimates based on these principles and the data that are available. Quantifying these benefits is difficult because the size of each effect cannot be known in advance. Given the number of small business credit transactions and the size of the small business credit market, however, small changes in behavior can have substantial aggregate effects.

In addition, financial institutions that remain covered under the proposed rule may incur adjustment costs. This would occur when institutions have already made efforts to implement the provisions of the 2023 final rule and would incur additional costs to modify their existing implementation to comply with this proposed rule. If a financial institution has not begun to implement the 2023 final rule, then it would not incur adjustment costs.

D. Coverage of the Proposed Rule

The proposed rule provides that financial institutions (both depository and nondepository) that meet all the other criteria for a “financial institution” in proposed § 1002.105(a) would only be required to collect and report section 1071 data if they originated at least 1,000 covered credit transactions in each of the two preceding calendar years. In addition, under the proposed rule, FCS lenders would not be required to collect and report section 1071 data, even if they meet this proposed new threshold.

As discussed above, market-wide data on small business lending are currently limited. The Bureau is unaware of any comprehensive data available on small business originations for all financial institutions, which are needed to precisely identify all institutions to be covered by the proposed rule or the 2023 final rule. To estimate the change in coverage as a result of the proposed rule, the Bureau uses publicly available data for financial institutions divided into two groups: depository ( i.e., banks, savings associations, and credit unions) and nondepository institutions. The Bureau employs the methodology used in the 2023 final rule to estimate the change in coverage as a result of the proposed rule and relies on updated data.

With respect to depository institutions, the Bureau relies on National Credit Union Administration (NCUA) Call Reports to estimate coverage for credit unions, including for those that are not federally insured, and Federal Financial Institutions Examination Council (FFIEC) Call Reports and the CRA data to estimate coverage for banks and savings associations. For the purposes of the analysis in this part IV.D, the Bureau estimates the number of depository institutions that would have been required to report small business lending data in 2023, based on the estimated number of originations of covered products for each institution in 2022 and 2023.^[68] The Bureau accounts for mergers and acquisitions in 2022 and 2023 by assuming that any depository institutions that merged in those years report as one institution.

The NCUA Call Report captures the number and dollar value of originations on all loans over $50,000 to members for commercial purposes, regardless of any indicator about the borrowing business's size. For the purposes of estimating the impacts of the proposed rule, the Bureau uses the annual number of originated commercial loans to members reported by credit unions as a proxy for the annual number of originated covered credit transactions under the rule.^[69] These are the best data available to the Bureau for estimating the number of credit unions that may be covered by the proposed rule. However, the Bureau acknowledges that the true number of covered credit unions may be different than what is presented here. For example, this proxy would overestimate the number of credit unions that will be covered if some commercial loans to members are not covered because the member is taking out a loan for a business that is not small under the definition of a small business in the proposed rule. Alternatively, this proxy would underestimate the number of credit unions covered by the proposed rule if credit unions originate a substantial number of covered credit transactions with origination values under $50,000 that are not counted in the data.

( printed page 50970)

The FFIEC Call Report captures banks' and savings associations' outstanding number and dollar amount of small loans to businesses ( i.e., loans originated under $1 million to businesses of any size; small loans to farms are those originated under $500,000). The CRA requires banks and savings associations with assets over a specified threshold ($1.609 billion as of 2025) ^[70] to report loans to businesses in original amounts of $1 million or less. For the purposes of estimating the impacts of the proposed rule, the Bureau follows the convention of using small loans to businesses as a proxy for loans to small businesses and small loans to farms as a proxy for loans to small farms.^[71] These are the best data available for estimating the number of banks and savings associations that may be covered by the proposed rule. However, the Bureau acknowledges that the true number of covered banks and savings associations may be different than what is presented here. The Bureau acknowledges that it does not have sufficient information to meaningfully account for how the proposed change to the small business definition and the proposed minimum loan size threshold might affect the impacts of the rule.

Although banks and savings associations reporting under the CRA are required to report the number of originations of small loans to businesses and farms, the Bureau is not aware of any comprehensive dataset that contains originations made by banks and savings associations with assets below the CRA reporting threshold. To fill this gap, the Bureau simulated plausible values for the annual number and dollar value of originations for each bank and savings association that falls below the CRA reporting threshold for 2022 and 2023.^[72] The Bureau generated simulated originations in order to account for the uncertainty around the exact number and value of originations for these banks and savings associations. To simulate these values, the Bureau assumes that these banks have the same relationship between outstanding and originated small loans to businesses and farms as banks and savings associations above the CRA reporting threshold. First, the Bureau estimated the relationship between originated number and balances and outstanding numbers and balances of small loans to businesses and farms for CRA reporters. Then the Bureau used this estimate, together with the outstanding numbers and balances of small loans to businesses and farms of non-CRA reporters, to simulate these plausible values of originations. The Bureau has documented this methodology in more detail in its Supplemental estimation methodology for institutional coverage and market-level cost estimates in the small business lending rule released with the 2023 final rule.^[73]

Based on 2023 data from FFIEC and NCUA Call Reports and the CRA data, using the methodology described above, the Bureau estimates that the number of depository institutions that would be required to report under the proposed rule is between approximately 172 to 181, as shown in Table 1 below. This comprises between 167 and 176 banks and savings associations and 5 credit unions that would be required to report under the proposed rule. These ranges represent 95 percent confidence intervals over the number of credit unions, banks and savings associations that would be covered under the proposed rule. The Bureau presents this range to reflect the uncertainty associated with the estimates and notes that the uncertainty is driven by the lack of data on originations by banks and savings associations below the CRA reporting threshold.^[74]

The Bureau also estimates the number of institutions that would have been covered under the baseline but are no longer covered by the proposed rule, using the same methodology discussed above. A depository institution would have been covered at the end of 2023 by the 2023 final rule if that institution had over 100 small business and small farm loan originations in 2022 and 2023, accounting for mergers. The Bureau estimates that the number of depository institutions required to report under the 2023 final rule but that would not be required to report under the proposed rule is between approximately 1,421 to 1,570 institutions as shown in Table 2 below. ( printed page 50971)

The Bureau does not have sufficient information to meaningfully estimate the change in the number of nondepositories relative to the analysis conducted for the 2023 final rule. For the purposes of the analysis of the impacts of this proposed rule, the Bureau assumes that the number of nondepository institutions that are active in the small business lending market has not changed since the 2023 final rule, except for Farm Credit System members, for which the Bureau relies on data from the Farm Credit Administration. See part II.D of the 2023 final rule for more detail on how the Bureau arrived at these estimates.^[75] Consistent with the assumptions in the 2023 final rule, the Bureau also assumes that only online lenders and merchant cash advance providers originate more than 1,000 loans each year and the remaining nondepositories originate between 150 and 999 loans each year. Since merchant cash advances would not be covered credit transactions under the proposed rule, no merchant cash advance providers would be required to report. Based on these assumptions, the Bureau concludes that only online lenders would still be required to report under the proposed rule.

The Bureau estimates that the 2023 final rule would have covered about 610 nondepository institution, consisting of: about 30 online lenders; about 140 nondepository Community Development Financial Institutions (CDFIs); about 70 merchant cash advance providers; about 240 commercial finance companies; about 70 governmental lending entities; and 60 Farm Credit System members.^[76] The Bureau estimates that, of these nondepositories, only the 30 online lenders will continue to be covered under the proposed rule and the remaining will be impacted by the proposed rule because they are no longer covered.

The Bureau seeks comments on these estimates of coverage and changes in coverage. In particular, the Bureau seeks additional data and information that it could use to improve its estimates of nondepository institution coverage.

E. Methodology for Generating Costs and Benefits Estimates

In part IX.E of the 2023 final rule, the Bureau explained its methodology for generating estimates of one-time and ongoing costs associated with complying with the 2023 final rule. As discussed in the previous section, many financial institutions that were covered by the 2023 final rule would no longer be covered by this proposed rule. Thus, the proposed rule would confer a benefit in the form of cost savings for most impacted institutions. The Bureau also expects that institutions that continue to be covered will face a reduction in compliance costs from the proposed rule relative to the baseline. Generally, the Bureau estimates the benefits of the proposed rule by comparing the compliance costs under the baseline to those under the proposed rule. To generate cost estimates under the baseline and this proposed rule, the Bureau uses the same methodology as the 2023 final rule, unless otherwise noted. Throughout this section, the Bureau reproduces crucial parts of the methodology discussion where necessary but references the 2023 final rule for additional detail and background.

The Bureau expects that compliance costs vary with the complexity of a financial institution's compliance operations. Consistent with the 2023 final rule and for the purposes of this proposed rule, the Bureau categorizes impacted financial institutions (FIs) into Types A, B, and C in increasing order of compliance operations complexity. Based on its prior methodology, the Bureau assumes that this complexity is correlated with the number of small business loan applications received, and therefore categorizes institutions based on application volume. The Bureau assumes that Type A FIs receive fewer than 300 applications per year, Type B FIs receive between 300 and 2,000 applications per year, and Type C FIs receive more than 2,000 applications per year. The Bureau assumes that, for Type A and B FIs, one out of two small business applications will result in an origination. Thus, the Bureau assumes that Type A FIs originate fewer than 150 covered credit transactions per year and Type B FIs originate between 150 and 999 covered credit transactions per year. The Bureau assumes that Type C FIs originate one out of three small business applications and at least 1,000 covered credit transactions per year.^[77]

The Bureau recognizes that the proposed changes, as discussed in subsequent sections, will remove most Types A and B financial institutions from coverage. However, the Bureau maintains both these categorizations and assumptions in order to estimate compliance at baseline and compare it to coverage under the proposals.

The Bureau understands that compliance costs vary across financial institutions due to many factors, such as size, operational structure, and product complexity, and that this variance exists on a continuum that is very difficult or impossible to fully represent. Due to data limitations, the Bureau is unable to capture many of the ways in which compliance costs vary by institution, ( printed page 50972) and therefore uses these representative financial institution types with the above assumptions for its analysis. In order to aggregate costs to a market level, the Bureau must map financial institutions onto its types using discrete volume categories.

For the hiring costs discussion in part IV.F.1.i and ongoing costs discussion in part IV.F.1.ii below, the Bureau discusses costs in the context of representative institutions for ease of exposition. The Bureau assumes that a representative Type A FI receives 100 small business credit applications per year, a representative Type B FI receives 400 small business credit applications per year, and a representative Type C FI receives 6,000 small business credit applications per year. The Bureau further assumes that a representative Type A FI originates 50 covered credit transactions per year, a representative Type B FI originates 200 covered credit transactions per year, and a representative Type C FI originates 2,000 covered credit transactions per year.

1. Methodology for Estimating One-Time Compliance Costs

The one-time compliance cost estimation methodology for the proposed rule described in this section is the same methodology that the Bureau used in the 2023 final rule, unless otherwise noted.

The Bureau has identified the following nine categories of one-time costs that will likely be incurred by financial institutions to develop the infrastructure to collect and report data under the baseline and the proposed rule:

1. Preparation/planning.

2. Updating computer systems.

3. Testing/validating systems.

4. Developing forms/applications.

5. Training staff and third parties (such as brokers).

6. Developing policies/procedures.

7. Legal/compliance review.

8. Post-implementation review of compliance policies and procedures.

9. Hiring costs.^[78]

The Bureau also conducted a survey in 2020 regarding one-time implementation costs for section 1071 compliance targeted at financial institutions who extend small business credit.^[79] The survey collected information on the number of employee hours and non-salary expenses required to implement a section 1071 rule. The Bureau developed the survey instrument based on guidance from industry on the potential types of one-time costs institutions might incur if required to report under a rule implementing section 1071 and tested the survey instrument on a small set of financial institutions, incorporating their feedback prior to implementation. The Bureau worked with several major industry trade associations to recruit their members to respond to the survey. A total of 105 financial institutions responded to the survey.

Estimates from the 2020 survey respondents continue to form the basis of the Bureau's estimates for one-time compliance costs in assessing the impact of this proposed rule. The survey was broadly designed to ask about the one-time costs of reporting data under a regime that only included mandatory data points, used a reporting structure similar to HMDA, used the Regulation B definition of an “application,” and used the respondent's own internal small business definition.^[80] Therefore, the Bureau assumes that the tasks listed above are associated with implementing both the 2023 final rule and the proposed rule for institutions covered by each rule.

The Bureau assumes that the number of employee hours required to implement each task has not changed but that the wages have changed to reflect labor market developments. The Bureau assumes that each task may require junior, mid-level, and senior staff hours to implement. For junior staff, the Bureau uses $18.51, the 10th percentile hourly wage estimate for “loan officers” according to the 2024 Occupational Employment Statistics compiled by the Bureau of Labor Statistics.^[81] For mid-level staff, the Bureau uses $41.35, the estimated mean hourly wage estimate for “loan officers.” For senior staff, the Bureau uses $70.09, the 90th percentile hourly wage estimate for “loan officers.” To account for non-monetary compensation, the Bureau also scaled these hourly wages up by 43 percent.^[82]

Finally, the Bureau assumes that the non-salary expenses necessary to implement each one-time task have only changed according to inflation, as measure the by the Consumer Price Index.^[83]

For hiring costs, the Bureau also assumes that a covered financial institution would need to hire enough full-time equivalent workers (FTEs) to cover the estimated number of staff hours necessary to comply with the either 2023 final rule or the proposed rule on an annual, ongoing basis. In part IV.E.2 below, the Bureau describes how it estimates the ongoing costs to comply with the 2023 final rule and the proposed rule, including the number of hours of staff time an institution needs per application. The Bureau assumes for the baseline and the proposed rule that an FTE will work about 2,080 hours each year (40 hours per week × 52 weeks = 2,080). The Bureau calculates that the total number of FTEs that a covered financial institution will need to hire as the number of hours per application multiplied by the estimated number of applications received per year divided by 2,080, rounded up to the next full FTE. For example, if an institution receives 500 applications per year and an employee spends one hour on each application, it will need to hire one FTE ((1 * 500)/2080 = 0.24, which is rounded up to the next full FTE, i.e., 1). In part IV.F.1.i, the Bureau also confirms that the estimated additional staff can cover the estimated staff hours required for implementing other one-time changes.

The Bureau calculates the hiring costs using the estimated cost-per-hire of $4,683, estimated by the Society for Human Resource Management.^[84] This estimated cost includes advertising fees, recruiter pay and benefits, and employee referrals, among other categories. For each covered financial institution, the estimated hiring cost is ( printed page 50973) $4,683 multiplied by the estimated new FTEs required to comply with the requirements of the 2023 final rule or the proposed rule. The estimated total one-time costs are the sum of the estimated hiring costs and the other one-time costs for that institution discussed above.

The Bureau assumes that some financial institutions covered by the 2023 final rule have already incurred some one-time costs in order to comply with the rule. For institutions that would no longer be covered under the proposed rule, those costs are sunk and cannot be recouped. The Bureau believes that, while some one-time cost activities already underway could be used for complying with this proposed rule, some of those activities will need to be redone in order to comply. The Bureau makes this rough assumption to capture this possibility and potential sunk cost. As discussed above, the Bureau believes, to the extent this has occurred, this reduces the institution's potential benefits under this proposed rule. The Bureau does not have sufficient information upon which to base its estimate of how much these institutions may have already spent upgrading their systems and, instead, makes an assumption that institutions that would no longer be covered under the proposed rule, on average, will have incurred 25 percent of their baseline non-hiring one-time costs. That is, institutions no longer covered by the rule would save 75 percent of the estimated non-hiring one-time costs, under the baseline, because they have not yet spent those resources. The Bureau assumes that these institutions have not yet hired new employees under the baseline. The Bureau believes these are reasonable assumptions as to the extent of one-time costs already incurred by these institutions. Under these assumptions, the total cost savings for institutions that would no longer be covered is estimated to be 75 percent of the one-time costs of implementing tasks 1-8 listed above, plus the expected hiring costs associated with the baseline. The Bureau seeks comment on the validity of these assumptions and the extent to which financial institutions have already incurred one-time costs to comply with the 2023 final rule.

Institutions that were covered under the baseline may have implemented changes to their processes and systems to comply with the 2023 final rule. If an institution would no longer be covered under the proposed rule, some of these costs may be sunk. For example, the institution may have developed a manual of policies and procedures that are no longer required if the institution is no longer covered. To the extent these institutions have already incurred these expenses, the Bureau believes this reduces their one-time cost savings from the proposed rule.

If an institution remains covered under the proposed rule, some of their implementation may continue to be applicable under the proposed rule. Other parts of their implementation may need to be changed to comply the proposed rule, and thus the institution may incur the same one-time cost again. For example, an institution that already started designing data collection forms may have to change the design. The Bureau includes incurring these expenses again as part of its calculation for institutions that remain covered.

The Bureau does not have the requisite information to empirically estimate how much of the one-time costs, under the baseline, any institution is likely to have incurred. Therefore, the Bureau has decided to make a simple assumption. The Bureau assumes that all institutions will have incurred 25 percent of their non-hiring, one-time costs, at baseline, in preparation to comply with the 2023 final rule. For financial institutions that were covered under the 2023 final rule but would not be covered under the proposed rule, the Bureau assumes that the proposed rule will save the remaining 75 percent of the non-hiring, one-time costs, at baseline, plus their hiring costs.

For institutions that are covered under the baseline and would be covered under the proposed rule, the Bureau assumes that 25 percent of one-time, non-hiring costs under the baseline have already been incurred and are, likewise, sunk. Therefore, the one-time cost savings for these institutions are the one-time hiring and non-hiring costs under the proposed rule minus the one-time hiring costs and 75 percent of the non-hiring costs under the baseline.

The Bureau seeks comments on its methodology for estimating one-time costs. In particular, the Bureau seeks comments on whether financial institutions that would have been covered under the 2023 final rule have already spent resources to implement the 2023 final rule and, if so, on what they have spent those resources. Further, the Bureau seeks comments on whether financial institutions that would be covered by the proposed rule and have spent resources to implement the 2023 final rule could use those changes to comply with the proposed rule.

2. Methodology for Estimating Ongoing Compliance Costs

In the 2023 final rule, the Bureau identified 15 specific data collection and reporting activities that would impose ongoing compliance costs for covered institutions and continues to use those activities as an organization principle for its analysis of the impacts of this proposed rule. Table 3 presents the full list of the 15 activities. The Bureau assumes that substantially the same activities would be needed to comply with the proposed rule. Activities 1 through 3 can broadly be described as data collection activities: these tasks are required to intake data and transfer it to the financial institution's small business data entry system. Activities 4 through 10 are related to reporting and resubmission: these tasks are necessary to collect required data, conduct internal checks, and report data consistent with the 2023 final rule or the proposed rule. Activities 11 through 13 are related to compliance and internal audits: employee training, and internal and external auditing procedures required to ensure data consistency and reporting in compliance with the 2023 final rule or the proposed rule. Finally, activities 14 and 15 are related to small business lending examinations by regulators: these tasks would be undertaken to prepare for and assist during regulatory compliance examinations. For the purpose of this analysis and for consistency with the 2023 final rule, the Bureau assumes that all financial institutions covered under the proposed rule or the baseline will be subject to regulatory compliance examinations and thus incur costs related to activities 14 and 15.

Table 3 also provides an example of how the Bureau calculates ongoing compliance costs associated with each compliance task. The table shows the calculation for each activity and notes whether the task would be a “variable cost,” which would depend on the number of applications the institution receives, or a “fixed cost” that does not depend on the number of applications. Table 3 shows these calculations for a Type A FI, or the institution with the least amount of complexity. Table 4 below summarizes the activities whose calculation differs by institution complexity and shows the calculations for Type B FIs and Type C FIs (where they differ from those for a Type A FI). ( printed page 50974)

Many of the activities in Table 3 require time spent by loan officers and other financial institution employees. To account for time costs, the calculation uses the hourly compensation of a loan officer multiplied by the amount of time required for the activity. The Bureau uses a mean hourly wage of $41.35 for loan officers, based on data from the Bureau of Labor Statistics.^[86] To account for non-monetary compensation, the Bureau scales this hourly wage by 43 percent to arrive at a total hourly compensation of $59.07 for use in these calculations.^[87] As an example of a time calculation, the Bureau assumes that transcribing the data points that would be required under the baseline would require approximately 11 minutes per application for a Type A FI. The calculation multiplied the number of minutes by the number of applications and the hourly compensation to arrive at the total cost, on an annual basis, of transcribing data. As another example, the Bureau assumes that ongoing training for loan officers to comply with a financial institution's 1071 policies and procedures would take about two hours per loan officer per year. The cost calculation multiplies the number of hours by the number of loan officers and by the hourly compensation.

In the 2023 final rule, the Bureau explained how it arrived at its assumed number of hours required per task and makes the same assumptions in this proposed rule.

Some activity costs in Table 3 depend on the number of applications. It is important to differentiate between these variable costs and fixed costs that do not depend on number of applications because the type of cost impacts whether and to what extent covered institutions might be expected to pass on their costs to small business loan applicants in the form of higher interest rates or fees (discussed in more detail in part IV.F.2 below). Data collection, reporting, and submission activities such as geocoding data, standard annual edits and internal checks, researching questions, and resolving question responses are variable costs. All other activities are fixed costs because they do not depend on the overall number of applications being processed. An example of a fixed cost calculation is exam preparation, where the hourly compensation is multiplied by the number of total hours required by loan officers to prepare for 1071-related compliance examinations.

Table 4 shows where and how the Bureau assumes Type B FIs and Type C FIs differ from Type A FIs for the purposes of evaluating ongoing cost. Table 4 shows the activities where the assumptions differ from those in Table 3. Type B FIs and Type C FIs use more automated procedures, which result in different cost calculations. For example, for Type B FIs and Type C FIs, transferring data to the data entry system and geocoding applications are done automatically by business application data management software licensed annually by the financial institution. The relevant address is submitted for geocoding via batch processing, rather than done manually for each application. The additional ongoing geocoding costs reflect the time spent by loan officers on “problem” applications—that is, a percentage of overall applications that the geocoding software misses—rather than time spent on all applications. However, Type B FIs and Type C FIs have the additional ongoing cost of a subscription to a geocoding software or service as well as a data management software that represents an annual fixed cost of reporting 1071 data. This is an additional ongoing cost that the less complex Type A FIs would not have incurred. The Bureau expects that Type A FIs will use free geocoding software available from the FFIEC or the Bureau, which may include a new batch ( printed page 50975) function that could be developed by either the FFIEC or the Bureau.

Additionally, audit procedures differ between the three representative institution types. The Bureau expects a Type A FI would not conduct an internal audit but would pay for an annual external audit. A Type B FI would be expected to conduct a simple internal audit for data checks and also pay for an external audit on an annual basis. Type C FIs would have a sophisticated internal audit process in lieu of an external audit.

Table 5 below shows major assumptions that the Bureau makes for each activity for each type of financial institution. Based on the proposed rule and inflation, the Bureau has made changes to corresponding assumptions from the 2023 final rule where appropriate. In particular, the proposed changes eliminating several data points are the biggest source of changes to the assumptions relative to the 2023 final rule. Because fewer data point would be collected under the proposed rule than under the 2023 final rule, the Bureau assumes that tasks which depend on the number of data points would see a reduction in required employee hours. The Bureau has also updated the assumed fixed cost of software and audits to account for inflation. Table 5 also shows the number of hours assumed in the baseline scenario, for comparison.

Table 5 provides the total number of hours the Bureau assumes are required for each task that requires labor. For example, the Bureau assumes that transcribing data for 100 applications will require 14 hours of labor. The table also shows the assumed fixed cost of software and audits, as well as areas where the Bureau assumes there would be cost savings due to use of technology. In several cases, the activity described in a row does not apply to financial institutions of a certain type and is therefore entered in the table as not applicable (N/A).

The Bureau requests comment on the assumptions presented in this section.

3. Methodology for Generating Market-Level Estimates of Costs and Benefits

To generate small business lending market-level impacts estimates, the Bureau relies on the same estimates of small business lending originations described in part IV.D. above, which is the same as the methodology used in the 2023 final rule, unless otherwise noted. As with institutional coverage, the Bureau separates market-level impact estimates into estimates for depository institutions and for nondepository institutions. The Bureau also separates ( printed page 50976) market-level impact estimates for institutions that would be covered under the proposed rule and those that are covered under the 2023 final rule but would no longer be covered under the proposed rule.

Under the proposed rule, an institution would be required to report data on applications received in 2023 if it originated at least 1,000 covered originations in both 2022 and 2023. Under the 2023 final rule, an institution would have been required to report data on applications received in 2023 if it originated at least 100 covered originations in 2022 and 2023, including loans to small farms.

If two depository institutions merged between the end of 2022 and the end of 2023, the Bureau assumes that those institutions would report as one entity. Under the baseline, the Bureau categorizes each institution as a Type A DI, Type B DI, or Type C DI, as defined at the beginning of this part IV.E, based on its small business and small farm loan originations in 2023. Under the proposed rule, the Bureau categorizes each institution by type according to only its small business loan originations in 2023.^[90] Depository institutions with 0 to 149 covered originations in 2023 are categorized as Type A. Depository institutions with 150 to 999 covered originations are categorized as Type B. Depository institutions with 1,000 or more covered originations are categorized as Type C. Thus, all depository institutions that would be covered by the proposed rule are categorized as Type C, given the new reporting threshold of 1,000 loans originated in the proposed rule. Depository institutions of Types A and B are either not covered under either the baseline or the proposed rule or switched from being covered under the baseline to not being covered under the proposed rule.

For each depository institution, the Bureau assigns the appropriate estimated one-time compliance costs (including hiring cost as a function of estimated applications), ongoing fixed compliance cost, ongoing variable compliance cost per application, and applications per origination estimates associated with its institution type for both the baseline and the proposed rule. The estimated number of annual applications for each institution is the estimated number of originations multiplied by the assumed number of applications per origination for that institution type (see part IV.E above). The annual ongoing compliance cost for each institution (under either the baseline or the proposed rule) is the ongoing fixed compliance cost plus the ongoing variable compliance cost per application multiplied by the estimated number of applications. The one-time hiring cost for each institution is the estimated number of applications multiplied by the annual staff hours per application divided by 2,080, rounded up to the next full FTE, multiplied by the cost-per-hire. For each institution, the Bureau calculates the changes in one-time costs and ongoing costs for the proposed rule relative to the baseline.

As shown in part IV.F.1.ii, the Bureau estimates that under the proposed rule every impacted financial institution would experience a decrease in ongoing costs relative to the baseline, thus resulting in a benefit for every institution. For institutions that are covered both at baseline and under the proposed rule, the decrease in ongoing costs stems from reductions in variable compliance costs from, mainly, needing to report fewer data points and, potentially, fewer applications. Institutions that were covered under the 2023 final rule but are not covered under the proposed rule would have had to pay ongoing costs to comply with the baseline. Since those institutions are no longer covered, their ongoing costs decrease to zero.

The Bureau estimates that all institutions that were previously covered at baseline but that would no longer be covered under the proposed rule would incur the benefit of cost savings on one-time costs. As discussed in part IV.E.1, the Bureau believes that, under the proposal, these institutions would receive a benefit that is 75 percent of their non-hiring one-time costs plus their estimated hiring costs at baseline. For institutions that would continue to report under the proposed rule, they would experience a benefit in the form of reduced one-time hiring costs.

To generate market-level estimates, the Bureau sums the changes over institutions. The Bureau reports market-level impacts separately for covered and no longer covered institutions and for whether or not the one-time costs will yield a cost or a benefit. As with coverage estimates, the Bureau presents a range for market-level estimates. The range reflects the uncertainty associated with the estimate of costs for banks and savings associations below the CRA reporting threshold. The Bureau has documented how it calculates these ranges as part of the 2023 final rule rulemaking process in its Supplemental estimation methodology for institutional coverage and market-level cost estimates in the small business lending rulemaking.^[91]

The Bureau is unaware of institution-level data on originations by nondepository institutions that are comprehensive enough to estimate costs using the same method as that for depository institutions. Therefore, to generate market-level estimates for nondepository institutions, the Bureau relies on the estimates of the number of nondepository institutions discussed in part IV.D and several key assumptions, which it also relied on for estimating the impacts of the 2023 final rule. The Bureau assumes that fintech lenders and merchant cash advance providers are Type C FIs because they generally have more automated systems and originate more loans.^[92] The Bureau assumes that the remaining nondepository institutions are Type B FIs. The Bureau assumes that each nondepository receives the same number of applications as the representative institution for each type, as described above. Hence, the Bureau assumes that fintech lenders and merchant cash advance providers each receive 6,000 applications per year and all other nondepository institutions receive 400 applications per year. As in the 2023 final rule and above, the Bureau also assumes that all nondepository institutions have the same one-time costs as each other. The Bureau calculates changes in one-time and ongoing costs in a similar manner to the methods described above and presents market-level estimates for nondepository institutions that remain covered and that are no longer covered by the proposed rule.

( printed page 50977)

The Bureau seeks comments on its methodology for estimating impacts of the proposed rule.

F. Potential Benefits and Costs to Impacted Financial Institutions and Small Businesses

1. Benefits to Impacted Financial Institutions

i. One-Time Cost Savings of Impacted Financial Institutions

Using the methodology described in part IV.E.1 above, Table 6 shows the estimated total expected one-time costs of the proposed rule for the first eight cost categories for financial institutions covered by the proposed rule or under the baseline, as well as a breakdown by the eight component categories that comprise the one-time costs for Type A DIs, Type B DIs, Type C DIs, and Non-DIs.^[93] The final cost category, hiring costs, is discussed later in this section. The Bureau notes that the estimated costs presented in Table 6 differ slightly from the estimated costs presented in the 2023 final rule. This difference is due to inflation adjustments for non-salary expenses and updated wage rates.

In addition to these one-time costs, the Bureau estimates the one-time hiring costs for the additional FTEs a financial institution expects to hire based on the number of applications the institution expects to receive each year. For financial institutions that would no longer be covered under the proposed rule, the Bureau calculates the benefit resulting from the cost savings of no longer needing to hire more employees. The Bureau anticipates that financial institutions that continue to be covered under the proposal may also experience moderate cost savings because they may report fewer loans under the proposed rule relative to the baseline and, as a result, may have to hire fewer employees.

The Bureau estimates that there are financial institutions covered under the baseline that would no longer be covered under this proposed rule. These institutions will see a benefit in the form of savings on one-time compliance costs, since the Bureau assumes they would not incur additional one-time costs as a result of the proposed rule. Also, as discussed in part IV.E.1, the Bureau expects that these financial institutions will have already incurred 25 percent of the baseline non-hiring costs preparing to comply with the 2023 final rule. The full amount of savings by institutions that would no longer be covered are 75 percent of the non-hiring costs and the full amount of the hiring costs. The Bureau assumes that financial institutions that are covered under both the baseline and the proposed rule would still incur one-time costs to implement changes to comply with the proposed rule but may see a reduction in one-time hiring costs due to, potentially, needing fewer new employees to comply with the proposed rule relative to the baseline.

In the discussion about ongoing cost in part IV.F.3.ii below, the Bureau explains how it estimates the number of staff hours per application required to comply with the proposed rule or under the baseline. Under the proposed rule, the Bureau estimates a Type C FI, the only type that will be covered, requires 0.78 hours per application. Under the baseline, the Bureau estimates that a Type A FI requires 1.1 hours per application, a Type B FI requires 1.66 hours per application, and a Type C FI requires 0.84 hours per application.

For the purposes of exposition, the Bureau presents the estimated number of FTEs for representative financial institutions. For the market-level estimates, the Bureau estimates the number of staff hours required based on the estimated number of applications each depository institution receives.

As assumed in part IV.E, the representative Type A DI receives 100 applications annually, requiring 110 hours to comply with the 2023 final rule. Under the assumptions described in part IV.E.1, the representative Type A DI would have needed to hire one additional FTE at a one-time cost of $4,683 to cover the expected annual staff hours required to comply with the 2023 final rule on an ongoing basis. This additional staff would also have to be able to cover the staff hours required to implement one-time changes because, on average, a Type A DI would require 716 staff hours for one-time changes (see Table 12 in the 2023 final rule). Under the baseline, a Type A DI would have incurred about $67,300 in non-hiring one-time costs. As discussed above, the Bureau assumes that a Type A DI, on average, already would have spent 25 percent of its non-hiring one-time costs, or about $16,825, to implement the 2023 final rule, costs which cannot be recouped. Therefore, the Bureau estimates that the representative Type A DI would save $4,683 in one-time hiring costs and about $50,475 in non-hiring one-time costs by no longer being covered under the proposed rule, for a total of about $55,175 in cost savings.

The Bureau assumes that a representative Type B DI receives 400 applications annually, requiring 654 ( printed page 50978) hours to comply with the 2023 final rule. This DI would have needed to hire one additional FTE at a one-time cost of $4,683. This additional staff would also be able to cover the 461 staff hours, on average, required to implement one-time changes for a Type B DI. Under the baseline, a Type B DI would have incurred about $51,700 in non-hiring one-time costs. The Bureau assumes that a Type B DI, on average, would have already spent 25 percent of its non-hiring one-time costs, about $12,925, to implement the 2023 final rule, costs which cannot be recouped. Therefore, the Bureau estimates that the representative Type B DI will save $4,683 in one-time hiring costs and about $38,775 in non-hiring one-time costs by no longer being covered under the proposed rule, for a total of about $43,475 in cost savings.

A representative Type C DI, which the Bureau assumes would remain covered under the proposed rule and receives 6,000 applications, would see no one-time cost savings as a result of the proposed rule. In part IV.F.3 below, the Bureau describes how these institutions may experience a one-time adjustment cost under the proposed rule. The representative Type C DI does not incur any one-time hiring cost savings as a result of the proposed rule because it receives the same number of applications as under the baseline.^[94] In general, a covered institution may require fewer additional employees to comply with the proposed rule than it did with the baseline if the institution's number of reportable applications decreases sufficiently. Such an institution would receive one-time cost savings of $4,683 for every fewer employee it requires to comply with the proposed rule relative to the baseline.^[95]

The Bureau assumes that most nondepository institutions are primarily Type B and Type C FIs, so the estimated staff hours to cover ongoing tasks discussed above apply here. For one-time tasks, the Bureau estimates that a nondepository institution would require about 664 staff hours, on average, to implement one-time changes necessary to comply with either the baseline or the proposed rule. One additional FTE would be sufficient to cover these hours if the institution reallocates some tasks across staff. The Bureau estimates that all nondepositories would require about $114,000 to comply with the proposed rule or the baseline. Type B nondepositories and Type C merchant cash advance providers would no longer be covered under the proposed rule. Therefore, following similar logic as above, a Type B nondepository would receive cost savings of $90,200 and a Type C merchant cash advance provider would receive cost savings of $99,600.

As mentioned above, the Bureau realizes that one-time costs vary by institution due to many factors, and that this variance exists on a continuum that is very difficult or impossible to fully represent. The Bureau focuses on representative types of financial institutions in order to generate practical and meaningful estimates of costs. As a result, the Bureau expects that individual financial institutions could have slightly different one-time costs or cost savings than the average estimates presented here.

Summing across institutions as described in part IV.E.3, the Bureau estimates that the total one-time hiring and non-hiring cost savings for depository institutions that would no longer be covered under the proposed rule would be between $68,900,000 and $76,700,000. Using a 7 percent discount rate and a 10-year amortization window, the annualized one-time cost savings for depository institutions that are no longer covered under the proposed rule would be between $9,800,000 and $10,900,000.^[96] The Bureau estimates that the total hiring and non-hiring one-time cost savings for nondepository institutions that would no longer be covered under the proposed rule would be about $14,900,000. Using a 7 percent discount rate and a 10-year amortization window, the annualized one-time cost savings for nondepository institutions that are no longer covered under the rule would be about $2,100,000. The Bureau estimates that some covered institutions would receive cost savings from needing to hire fewer staff under the proposed rule. The estimated total market value of these one-time hiring cost savings would be between $3,900,000 and $4,300,000. Using a 7 percent discount rate and a 10-year amortization window, the annualized one-time cost savings for such institutions would be between $560,000 and $610,000. Covered institutions would also incur one-time adjustment costs, which are discussed in part IV.F.3. In total, the Bureau estimates the total one-time costs savings of the proposed rule across all impacted financial institutions would be between $87,700,000 and $95,900,000, with an annualized amount between $12,500,000 and $13,700,000.^[97]

The Bureau seeks comments on the one-time cost savings estimates presented here. In particular, the Bureau seeks comment on whether 10 years is a reasonable time horizon over which a financial institution might spread its implementation costs.

ii. Ongoing Cost Savings to Impacted Financial Institutions

To estimate ongoing costs at baseline, the Bureau first reproduces Table 16 of the 2023 final rule as Table 7 below, with minor modifications reflecting changes in wage rates and inflation, as discussed in part IV.E. This table shows what the Bureau would expect the annual ongoing costs to be at baseline. This table shows the total estimated annual ongoing costs at baseline as well as a breakdown by the 15 activities that give rise to ongoing costs for Type A FIs, Type B FIs, and Type C FIs. The bottom of the table shows the total estimated annual section 1071 ongoing compliance cost, at baseline, for each type of institution, along with the total cost per application processed by the financial institution. To produce the estimates in this table, the Bureau used the calculations described in Tables 3 and 4 above and the assumptions relating to each activity in Table 5. ( printed page 50979)

The Bureau estimates that, at baseline, a representative low complexity Type A FI would incur around $9,580 in total annual ongoing costs, or about $96 in total cost per application processed (assuming 100 applications per year). The Bureau estimates that a representative middle complexity Type B FI, which is somewhat automated, would incur approximately $45,253 in total annual ongoing costs, or around $113 per application (assuming a representative 400 applications per year). The Bureau estimates a representative high complexity Type C FI, would incur $299,700 of total annual ongoing costs, or $50 per application (assuming a representative 6,000 applications per year).

To estimate the expected ongoing costs for an institution that would remain covered under the proposal, the Bureau used the assumptions in Table 5 above, which characterize the decrease in the number of employee hours necessary for compliance occurring as a result of the proposed changes. Table 8 below reproduces Table 16 from the 2023 final rule ^[98] accounting for the expected effects of the proposed rule.

For institutions that would remain covered under the proposed rule, the Bureau estimates that a representative low complexity Type A FI would incur around $8,829 in total annual ongoing costs, or about $88 in total cost per application processed (assuming 100 applications per year). The Bureau estimates that a representative middle complexity Type B FI, which is somewhat automated, would incur approximately $43,351 in ongoing costs per year, or around $108 per application (assuming a 400 applications per year). The Bureau estimates a representative high complexity Type C FI would incur $285,660 of annual ongoing costs, or $48 per application (assuming 6,000 applications per year).

Under the proposed changes, some FIs would no longer be required to collect and report small business application data because they have more than 100 but fewer than 1,000 covered credit transactions. These FIs would no longer incur annual ongoing compliance costs from the small business data collection rule. Therefore, they will experience a benefit in the form of relief ( printed page 50980) from the ongoing costs they incurred under the baseline. This annual total would be $9,580, $45,253, and $299,700 for Type A, Type B, and Type C FIs, respectively.

Also under the proposed changes, FIs that continue to be covered and therefore required to collect and report small business application data would experience a benefit in the form of reduced annual ongoing compliance costs. The amount of the reduction is the difference between the costs expected to be incurred under the proposed changes (those found in Table 8) and those expected at baseline (those found in Table 7). The annual total of this expected benefit would be $751, $1,902, and $14,040 for Type A, Type B, and Type C FIs, respectively.

Summing across institutions as described in part IV.E.3, the Bureau estimates that the total annual ongoing cost savings for depository institutions that would remain covered under the proposed rule will be between about $18,000,000 and $20,000,000 per year. The Bureau estimates that the total annual ongoing cost savings for nondepository institutions that would be covered under the proposed rule would be about $400,000 per year.

Summing across institutions as described in part IV.E.3, the Bureau estimates that the total annual ongoing cost savings for depository institutions that were covered under the baseline but would no longer be covered under the proposed rule would be between about $88,000,000 and $101,000,000 per year. The Bureau estimates that the total annual ongoing cost savings per year for nondepository institutions that would no longer be covered by the proposed rule would be about $44,000,000 per year.

Therefore, the estimated total annual ongoing cost savings for all impacted institutions attributable to the proposed rule is between $151,000,000 and $166,000,000 per year, including both depository and nondepository institutions.

Financial institutions may also experience benefits under the proposal in the form of fewer reputational risks and fewer resources spent on responding to analyses of their small business credit application data alleging credit access disparities. The public nature of any dataset will allow the general public to analyze the data, which can result in accusations of fair lending violations or potential misrepresentations, which, the Bureau has acknowledged, could result in a cost to financial institutions. In the 2023 final rule, the Bureau discussed how small entity representatives during the SBREFA process and commenters on the 2021 proposed rule raised this as an expected form of cost. The Bureau is unable to quantify this cost but does expect that this proposed rule would benefit FIs by reducing such costs. FIs that would no longer be covered under the proposed rule would no longer be expected to incur any reputational risks or costs of responding to analyses as their data would no longer be submitted or published. For entities that remain covered, the reduction in the number of data points, particularly pricing data, reduce expected reputational risks.

2. Benefits to Small Businesses

The Bureau believes that any direct costs to small businesses from completing additional fields on small business credit applications would be minimal (particularly since the only applicant-provided data the Bureau is proposing to remove is the number of workers and LGBTQI+-owned business status; the remaining fields are data generated by the financial institution) and therefore small businesses would not benefit from the proposed rule changes in this way. Instead, the Bureau expects that small businesses will primarily benefit in the form of cost savings from financial institutions passed through to small businesses in the form of lower fees or interest rates.

In the 2023 final rule, the Bureau discussed how, based on economic theory and evidence from the Bureau's own survey, financial institutions would most likely react to compliance costs by raising prices and fees. In particular, the Bureau expected that ongoing variable costs would be passed through in their entirety. The proposed rule would eliminate ongoing variable costs for institutions that would no longer be covered and would reduce ongoing variable costs for institutions that remain covered.

The Bureau estimates that the per application ongoing variable cost, at baseline, is $34 for Type A FIs, $28 for Type B FIs, and $8 for Type C FIs. According to the analysis above, this is the expected benefit that would accrue to applicants at institutions that were covered at baseline but would no longer be covered under the proposed rule. For institutions that would continue to report under the proposed rule, the difference between the ongoing variable cost at baseline and under the proposed rule is $7 for Type A FIs, $2 for Type B FIs, and $1 for Type C FIs. This difference is what the Bureau expects to be passed on to applicants at financial institutions that would continue to be covered under the proposed rule.

The Bureau requests comment on these and other potential benefits to small businesses as a result of the proposed rule.

3. Costs to Impacted Financial Institutions

At baseline, the Bureau expects that data collected under the 2023 final rule would benefit covered financial institutions in two ways. The first is that the Bureau expects that the collected data would reduce some compliance burden by reducing the number of “false positives” during fair lending review prioritization by regulators. As discussed above, this proposed rule would reduce the number of covered entities and the types of covered transactions, thereby reducing the total amount of information collected in accordance with the rule. To the extent that institutions experience this benefit at baseline, the Bureau expects that this proposed rule could reduce those benefits, and thus financial institutions may incur a cost.

At baseline, the Bureau also expects that financial institutions could benefit from transparency resulting from the collection of small business application information under the 2023 final rule. Financial institutions might use the public data (such as number of applications, pricing data, denial rates, and information on the types of credit) to better understand the demand for small business credit products and the conditions under which they are being supplied by other financial institutions. Collecting data on fewer applications, from fewer financial institutions, and for fewer types of loans under this proposed rule could impose costs on financial institutions by reducing this benefit. A bank, for example, may lose the opportunity to learn more detailed information about the merchant cash advance market, which they might view as a competitor. Financial institutions of all sizes may lose insight into the lending activities of smaller competitors who fall below the reporting threshold.

Finally, the Bureau estimates that some covered institutions would incur adjustment costs to implement changes to comply with the proposed rule. The Bureau describes these costs for the representative Type C DIs because only Type C institutions, those with 1,000 or more loan originations per year, would be covered under the proposed rule. The Bureau assumes that the representative Type C DI would receive the same number of applications reportable under the baseline and the proposed rule. As discussed in part IV.F.1, a Type C DI would need to spend about $85,400 to implement the non-hiring one-time ( printed page 50981) costs to implement changes necessary to comply with either the baseline or the proposed rule. As discussed above, the Bureau assumes that an institution that would remain covered under the proposed rule has already spent, on average, about 25 percent of non-hiring one-time costs to implement changes that will not be compliant with the proposed rule. Thus, a Type C DI would incur the full cost of implementing the proposed rule but, effectively, would only receive 75 percent of the cost savings from no longer needing to comply with the baseline. The Bureau estimates that the representative Type C DI would incur total one-time costs of $21,250 to implement changes to comply with the proposed rule. Based on a similar calculation for Type C nondepository institutions, the Bureau also estimates that the representative Type C nondepository that would still be covered under the proposed rule would incur total one-time costs of $28,500 to implement changes to comply with the proposed rule.

Summing across institutions as described in part IV.E.3, the Bureau estimates that the total one-time adjustment costs for covered depository and nondepository institutions will be between $4,700,000 and $5,000,000. Using a 7 percent discount rate and a 10-year amortization window, the annualized one-time costs for covered institutions will be about $700,000.

The Bureau requests comment on these and other potential costs to impacted financial institutions arising as a result of the proposed rule.

4. Costs to Small Businesses

In the 2023 final rule, the Bureau described several benefits that would accrue to small businesses from the small business lending data collection and publication. These benefits relate to the rule's two purposes: fair lending enforcement and community development. Several provisions of this proposed rule would change the amount and types of information that would be collected and disclosed. Therefore, to the extent the Bureau expected small businesses to benefit from the collection as described in the 2023 final rule, changes that reduce or alter the amount or types of information provided would impose a cost on small businesses by reducing these expected benefits.

Several proposed changes reduce the number of financial institutions that would report data or change the composition of institutions reporting. The Bureau is proposing that the threshold number of originations of covered transactions for two consecutive years be raised to 1,000, which, as shown above, would substantially lower the number of depository and non-depository institutions collecting and reporting small business credit application data. The Bureau is also proposing that several types of transactions be exempt from coverage, relative to the baseline, including transactions from FCS lenders, merchant cash advances and agricultural loans. These types of transactions and lenders would thus be removed from the data collection and reporting. The Bureau is also proposing a minimum transaction size of $1,000 for covered transactions, which would remove smaller transactions from the data relative to the baseline. Finally, the Bureau is proposing to reduce the gross annual revenue threshold in the definition of small business to $1 million or less in the preceding fiscal year, which would further reduce the number of some transactions needing to be reported relative to the baseline.

Reducing the data collection in these ways is likely to reduce the fair lending benefits of the data collection. In the 2023 final rule, the Bureau explained that data collected under the rule would lead to more efficient use of government resources in enforcing fair lending laws. Since the above provisions would substantially reduce the number of covered entities and covered transactions, the Bureau expects small businesses would experience a reduction in this efficiency as a cost of the proposed rule. The Bureau also expects that having fewer covered institutions and transactions would reduce the ability of the public to use the data for transparency purposes and to conduct their own analyses of lending by financial institutions.

The Bureau also expects that having fewer covered institutions and transactions would result in a reduction in the community development benefits that the Bureau would expect to accrue to small businesses under the baseline. In the 2023 final rule, the Bureau detailed how governmental entities would likely use these data to develop solutions that achieve policy objectives in their administration of loan guarantee programs or disaster relief. The Bureau also expected that creditors would use the data to more effectively understand small business credit market conditions and that communities would use the data to identify gaps in credit access for small business owners. In each of these cases, the Bureau expects that creditors, communities, and governmental entities would experience costs in the form of a reduction in these benefits relative to the baseline.

The Bureau expects that removing certain transactions from coverage would reduce some of the expected benefit derived from covering certain markets, relative to the baseline. In section II.A of the 2023 final rule, the Bureau explained that nondepositories, some of whom provide merchant cash advances or sales-based financing, were an increasing share of the small business financing market, but that nondepositories typically do not report small business financing activity to regulators, which limits the baseline understanding of the activities of these entities. Thus, the Bureau expects that by removing these types of transactions from coverage, small businesses would experience a cost in the form of a reduction in fair lending and community development benefits related to these types of transactions, compared to the baseline.

However, the Bureau believes such costs might be limited if data on applications from FCS lenders, for agricultural loans, for sales-based financing, or for loans under $1,000 would have been of poor quality or otherwise difficult to interpret correctly. For example, the Bureau now believes that the types of collateral required in agricultural lending results in underwriting processes that would make application data difficult to interpret under the baseline collection. The Bureau also believes that application data from merchant cash advance providers would not produce data comparable to other transactions which would limit their value as part of the dataset. Likewise, data on transactions under $1,000 would be of poor quality as they would come from credit providers ill-suited to comply with a data reporting rule. To the extent this is the case, it would reduce the value of including these data in the small business application dataset and would have limited their contribution to the fair lending and community development benefits described above. The Bureau seeks comment on its analysis on the cost of excluding these transactions from the dataset.

The Bureau is also proposing to eliminate several data points from the small business data collection, including the application method, the application recipient, denial reasons, pricing information, and number of workers, as well as to eliminate LGBTQI+-owned business status from the business status data point. For similar reasons as above, the Bureau expects that small businesses would experience a cost from fewer collected data points in the form of less information and the benefits that they ( printed page 50982) would have derived from such information in the baseline scenario.

In the 2023 final rule, the Bureau explained that it expected the pricing information to provide both fair lending and community development benefits to small businesses. Pricing is one dimension by which a lender could potentially discriminate against a credit applicant. Removing this information could reduce the efficiency of fair lending examinations or transparency that would have resulted from its inclusion, relative to the baseline. The Bureau also expected, at baseline, that pricing information would benefit community development through communities using pricing information to identify gaps in credit access or creditors better understanding small business lending conditions more effectively. The Bureau expects that eliminating the pricing data would reduce these benefits relative to the baseline.

The removal of two datapoints in particular would likely reduce, to some degree, the community development benefits relative to the baseline. The application method data point would provide additional information about how small businesses apply for credit, while the number of workers data point is one indicator of the business's size and employment. In the 2023 final rule, the Bureau expected that creditors, communities, and governmental entities may have used such information to learn more about the small business credit market and the types of businesses it serves. To the extent this would have resulted in a community development benefit at baseline, the removal of these two data points would represent a cost to small businesses.

At baseline, the Bureau also expected that the inclusion of LGBTQI+-owned business status would have resulted in potential fair lending and community development benefits. The Bureau expected that the data could be used to learn about discrimination risks (to the extent that courts apply discrimination in the context of fair lending laws) against LGBTQI+-owned businesses, help creditors understand the credit needs of such businesses, and help facilitate the development of policies related to LGBTQI+ credit applicants. To the extent small businesses would have experienced such benefits at baseline, the proposed exclusion of LGBTQI+-owned business status represents a cost.

The Bureau requests comment on these and other potential costs to small businesses as a result of the proposed rule. To the extent the Bureau declines to finalize any exclusions proposed, the Bureau requests comment on the potential costs and benefits to financial institutions and small businesses.

5. Alternatives Considered

This section discusses two categories of alternatives considered: other methods for defining a covered financial institution and limiting the data points to those mandated by section 1071. The Bureau uses the methodologies discussed in parts IV.D and IV.E to estimate the impacts of these alternatives.

First, the Bureau considered multiple reporting thresholds for purposes of defining a covered financial institution. In particular, the Bureau considered whether to exempt financial institutions with fewer than 200, 500, or 2,000 originations in each of the two preceding calendar years instead of 1,000 originations, as proposed herein. The Bureau presents estimates for depository institutions because it does not have sufficient information to estimate how these differences in thresholds would impact nondepository institutions. Annualized values are calculated using a 7 percent discount rate and a 10-year amortization window.

Under a 200-origination threshold, the Bureau estimates that about 700 to 800 depository institutions would be covered and between 900 to 1,000 would no longer be covered. That is, the Bureau expects that between 500 to 600 additional depository institutions would be covered under a 200-origination threshold compared to the proposed 1,000-origination threshold. The Bureau estimates that an additional 3.2 to 3.7 percentage points of small business loans originated by depository institutions would be covered under a 200-origination threshold and that an additional 15 to 17 percentage points of the dollar value of such loans would be covered.

Under a 200-origination threshold, the Bureau estimates that the total one-time cost savings across all impacted depository institutions would decrease by between $25,000,000 to $29,000,000 relative to the proposed rule, with an annualized decrease in savings of between $3,600,000 and $4,100,000. The Bureau estimates that total one-time costs incurred by covered depository institutions would increase by between $6,000,000 to $7,000,000, with an annualized increase in costs of between $800,000 to $900,000. The Bureau estimates that the total ongoing costs savings across all impacted depository institutions would decrease by between $35,000,000 to $41,000,000 under this alternative.

Under a 500-origination threshold, the Bureau estimates that between 300 to 400 depository institutions would be covered and between 1,300 to 1,400 would no longer be covered. That is, the Bureau expects that around 200 additional depository institutions would be covered under a 500-origination threshold compared to the proposed 1,000-origination threshold. The Bureau estimates that an additional 1.3 to 1.7 percentage points of small business loans originated by depository institutions would be covered under a 500-origination threshold and that an additional 6.4 to 7.3 percentage points of the dollar value of such loans would be covered.

Under a 500-origination threshold, the Bureau estimates that the total one-time cost savings across all impacted depository institutions would decrease by between $8,000,000 to $10,000,000 under a 500-origination threshold relative to the proposed rule, with an annualized decrease in savings of between $1,200,000 and $1,400,000. The Bureau estimates that total one-time costs incurred by covered depository institutions would increase by between $1,000,000 to $1,400,000, with an annualized increase in costs of about $100,000 to $200,000. The Bureau estimates that the total ongoing costs savings across all impacted depository institutions would decrease by between $12,000,000 to $16,000,000 under this alternative.

Under a 2,000-origination threshold, the Bureau estimates that about 100 depository institutions would be covered and between 1,500 to 1,700 would no longer be covered. That is, the Bureau expects that about 100 fewer depository institutions would be covered under a 2,000-origination threshold compared to the proposed 1,000-origination threshold. The Bureau estimates that 1.4 to 1.9 percentage points of small business loans originated by depository institutions would no longer be covered under a 2,000-origination threshold and that 5.9 to 6.6 percentage points of the dollar value of such loans would no longer be covered.

Under a 2,000-origination threshold, the Bureau estimates that the total one-time cost savings across all impacted depository institutions would increase by between $6,000,000 to $7,000,000 under a 2,000-origination threshold relative to the proposed rule, with an annualized increase in savings of between $900,000 and $1,000,000. The Bureau estimates that total one-time costs incurred by covered depository institutions would decrease by about $1,500,000 to $2,000,000, with an ( printed page 50983) annualized decrease in costs of between $200,000 and $300,000. The Bureau estimates that the total ongoing costs savings across all impacted depository institutions would increase by between $22,000,000 to $25,000,000 under this alternative.

Second, the Bureau considered the costs and benefits for limiting its data collection to the data points specifically enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G). In addition to those data points, the statute also requires financial institutions to collect and report any additional data that the Bureau determines would aid in fulfilling the purposes of section 1071. In addition to the data points specifically enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G), the proposal keeps three data points from the 2023 final rule that relied on the authority in 1691c-2(e)(2)(H). These are the number of principal owners, three-digit NAICS industry code of the business, and the time in business. The Bureau has considered the impact of instead proposing only the collection of those data points enumerated in 1691c-2(e)(2)(A) through (G).

Requiring the collection and reporting of only the data points enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G) would result in a reduction in the fair lending benefit of the data compared to the 2023 final rule. For example, not collecting time in business or industry information would obscure possible fair lending risk by covered financial institutions. As mentioned in part IV.F.3 above, several of the data points the Bureau maintaining in this proposed rule under the 1691c-2(e)(2)(H) authority are critical to conducting more accurate and complete fair lending analyses. A reduction in the rule's ability to facilitate the enforcement of fair lending laws would negatively impact small businesses and small business owners and thus run counter to that statutory purpose of section 1071.

Limiting the rule's data collection to only the data points required under the statute would also reduce the ability of the rule to support the business and community development needs and opportunities of small businesses, which is the other statutory purpose of section 1071. For example, not including NAICS code or time in business would also reduce the ability of governmental entities to tailor programs that can specifically benefit new businesses or businesses in certain industries.

The Bureau also believes that removing the number of principal owners data point, in addition to the reduced benefits described above, would also make collecting and reporting data on principal owners' ethnicity, race, and sex more difficult. Without collecting the number of principal owners, it will be harder to identify and correct erroneous submissions. For example, if an institution submitted data on no principal owners, it would be unclear if that was an error or because the small business had no individuals that met the principal owner criteria. The operational confusion could counteract the cost reduction that stems from the fewer resources require to collect and report this field.

Only requiring the collection and reporting of the data points enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G) would have reduced the annual ongoing cost of complying with the proposed rule. Under this alternative, the estimated total annual ongoing costs for Type A FIs, Type B FIs, and Type C FIs would be reduced by $148; $503 and $2,778, respectively. Per application, the estimated reduction in ongoing cost would be $1, less than $1, and $1 for Type A FIs, Type B FIs, and Type C FIs, respectively. The estimated total annual market-level ongoing cost savings of impacted depository institutions would increase by about $3,500,000. The Bureau does not expect that one-time costs or cost savings would be meaningfully different as a result of this alternative.

G. Potential Impact on Depository Institutions and Credit Unions With $10 Billion or Less in Total Assets

As discussed above, the proposed rule would exclude financial institutions with fewer than 1,000 originated covered credit transactions in both of the two preceding calendar years. The Bureau believes that the decrease in benefits of the proposed rule to banks, savings associations, and credit unions with $10 billion or less in total assets would be similar to the decrease in benefits to covered financial institutions as a whole, discussed above. Regarding cost savings, other than as noted here, the Bureau also believes that the impact of the proposed rule on banks, savings associations, and credit unions with $10 billion or less in total assets will be similar to the impact for other financial institutions that would be covered by the proposed rule. The primary difference in the impact on these institutions would likely come from differences in the level of complexity of operations, compliance systems, and software, as well as number of product offerings and volume of originations of these institutions, all of which the Bureau has incorporated into the cost estimates using the three representative financial institution types.

Based on FFIEC and NCUA Call Report data for December 2023, 9,109 of 9,288 banks, savings associations, and credit unions had $10 billion or less in total assets. The Bureau estimates that between 75 and 85 of such institutions would be subject to the proposed rule and about 1,375 to 1,525 more were covered under the baseline but would not be covered under the proposed rule. The Bureau estimates that the market-level impact of the proposed rule on annual ongoing cost savings for banks, saving associations, and credit unions with $10 billion or less in assets would be between $88,000,000 and $103,000,000 for impacted institutions. The Bureau estimates that the total one-time cost savings for such institutions would be between $67,000,000 and $75,000,000. The Bureau also estimates that some covered depository institutions with less than $10 billion in assets would experience some one-time costs to comply with the proposed rule relative to the baseline, with such estimated total costs to be between $1,600,000 and $1,800,000.

H. Potential Impact on Small Businesses in Rural Areas

The Bureau expects that small businesses in rural areas will directly experience many of the costs of the rule described above in part IV.F.4. This includes a reduction in benefits derived from more efficient fair lending enforcement and community development generated by data collection under the small business lending rule. The proposed rule would increase the threshold number of loan originations above which institutions have to report data, which would lead to fewer lenders in rural areas reporting data on small business credit application in rural areas. The Bureau's presents estimates of this change in coverage below. The proposed rule also would exempt agricultural credit from the types of covered transactions. Many banks and credit unions in rural areas provide credit for farming and livestock production since they are primary industries and are responsible for much employment in these areas. Small businesses, communities, governmental entities will lose insight into these areas of credit provision as a consequence of the proposed rule. However, as explained in part IV.F.4 above, the Bureau believes that data collected for certain loan types, including agricultural loans, would have been of poor quality and, therefore, the costs from eliminating them would be limited. ( printed page 50984)

The source data from CRA submissions that the Bureau uses to estimate institutional coverage and market estimates provide information on the county in which small business borrowers are located. However, approximately 86 percent of banks did not report CRA data in 2023, and as a result the Bureau does not believe the reported data are robust enough to estimate the locations of the small business borrowers for the banks that do not report CRA data.^[99] The NCUA Call Report data do not provide any information on the location of credit union borrowers. Nonetheless, the Bureau is able to provide some geographical estimates of institutional coverage based on depository institution branch locations.

The Bureau used the FDIC's Summary of Deposits to identify the location of all brick and mortar bank and savings association branches and the NCUA Credit Union Branch Information to identify the location of all credit union branch and corporate offices.^[100] A bank, savings association, or credit union branch was defined as rural if it is in a rural county, as specified by the USDA's Urban Influence Codes.^[101] A branch is considered covered by the proposed rule if it belongs to a bank, savings association, or credit union that the Bureau estimates would be included using the proposed threshold of 1,000 small business loan originations in 2022 and 2023. A branch is considered covered under the baseline if it belongs to a bank, savings association, or credit union that the Bureau estimates would be included under a threshold of 100 small business or small farm loan originations in 2022 and 2023. Using the estimation methodology discussed in part IV.D above, the Bureau estimates that about 25 percent of rural depository institution branches and about 63 percent of non-rural depository institution branches would be covered under the proposed rule. Under the baseline, the Bureau estimates that about 65 to 68 percent of rural depository institution branches and about 84 to 85 percent of non-rural depository institution branches are covered. This estimate includes the reduction in coverage that stems from excluding agricultural lending as a covered credit transaction.

As described in part IV.F.2 above, the Bureau expects that covered financial institutions would pass the cost savings from ongoing variable costs on to small businesses in the form of lower interest rates or fees but would not do so with one-time or fixed costs. The Bureau expects that this pass through from covered financial institutions would also apply to small businesses in rural areas. As described above, the variable cost savings per application is $7 for Type A FIs, $2 for Type B FIs, and $1 for Type C FIs. This is the savings that the Bureau expects would pass on to small business applicants regardless of where they are located.

V. Regulatory Flexibility Act Analysis

The Regulatory Flexibility Act (RFA) ^[102] generally requires an agency to conduct an initial regulatory flexibility analysis (IRFA) and a final regulatory flexibility analysis (FRFA) of any rule subject to notice-and-comment rulemaking requirements. These analyses must “describe the impact of the proposed rule on small entities.” ^[103] An IRFA or FRFA is not required if the agency certifies that the rule would not have a significant economic impact on a substantial number of small entities.^[104] The Bureau also is subject to certain additional procedures under the RFA involving the convening of a panel to consult with small business representatives prior to proposing a rule for which an IRFA is required.^[105] The Bureau has not certified that the proposed rule would not have a significant economic impact on a substantial number of small entities within the meaning of the RFA.

The Bureau convened and chaired a Small Business Review Panel under SBREFA to consider the impact of the 2020 proposals under consideration on small entities that would be subject to that rule and to obtain feedback from representatives of such small entities. The Small Business Review Panel for this rulemaking is discussed below in part V.A. The Bureau is also publishing an IRFA.^[106] Among other things, the IRFA estimates the number of small entities that will be subject to the proposed rule and describes the impact of that rule on those entities. The IRFA for this rulemaking is set forth below in part V.B.

A. Small Business Review Panel

Having received from CFPB information on the potential impacts of the proposed rule on small entities and the type of small entities that might be affected, the Chief Counsel for Advocacy of the Small Business Administration (SBA) consulted with affected small entities and with the Administrator of the Office of Information and Regulatory Affairs within the Office of Management and Budget regarding the extent to which the CFPB reached out to affected small entities with respect to the potential impacts of the rule and took their concerns into consideration. The SBA's Chief Counsel for Advocacy noted that the CFPB had, in 2020, convened a review panel in accordance with 5 U.S.C. 609(b). The Chief Counsel for Advocacy concluded that reconvening a review panel for the present NPRM would not advance the effective participation of small entities in the rulemaking process. Pursuant to 5 U.S.C. 609(e), a written finding that contains the reasons for his conclusion will be submitted into the rulemaking record by the Chief Counsel for Advocacy.

As part of the initial proposed regulation implementing Section 1071 of the ECOA, the CFPB along with the Small Business Administration, Office of Advocacy and the Office of Information and Regulatory Affairs convened a SBREFA Panel in 2020,^[107] because the agency believed the rule was likely to have a significant impact on a substantial number of small entities. The panel gathered feedback from 20 small entity representatives (SERs) and offered suggestions about how the future rule could minimize the ( printed page 50985) impact on small entities while still achieving their statutory objectives.

The SERs had several suggestions at this early stage on how to minimize the impact of data collection on small entities. The first of these was to exclude small lenders from the requirement to collect data. Several different methods of exemptions were proposed including using a number of small business loans, value of small business loans, and basing the exemption on the size of the lender rather than their small business loan portfolio specifically. The second was to use a single definition for a small business loan applicant based on revenue, rather than the SBA size standards, which vary based on industry. The SERs disagreed on what the revenue cutoff for a small business loan applicant should be with some arguing for a low value of less than $1 million while others preferred a higher value of $8 million. Finally, SERs recommended limiting the number of discretionary data points, noting that some of the required collections would be difficult to produce at the application stage.

Besides its involvement in the SBREFA panel, the Office of Advocacy has provided further feedback on the implementation of Section 1071 of the Dodd-Frank Act. In January 2022, Advocacy documented concerns that were raised by small entities, including community banks, credit unions, non-depository lenders, and automobile dealerships. They saw the 2021 NPRM as potentially increasing the cost of credit for small businesses and discouraging lending to small, minority-, and women-owned businesses. The Office of Advocacy believed that the CFPB had underestimated compliance costs in 2021, particularly the costs related to new systems, training, and reporting requirements. Advocacy believed that $5 million or less in gross annual revenue was too expansive a definition of small business loan applicant. It recommended minimizing adverse effects by considering alternative thresholds and definitions. SERs also expressed concerns about the burden of collecting extra data, potential privacy breaches (especially in smaller communities), and the risk of misinterpretation or reputational harm if unique loan pricing is disclosed without proper context. In response to Advocacy's comment letter, the CFPB made a substantial change to the filing threshold for data collection, in the 2023 final rule, raising it from 25 small business loans to 100.^[108] Since the final rule was published, the CFPB has twice extended the compliance deadline, first in July of 2024,^[109] and again in June of 2025.^[110] The SBA's Office of Advocacy commented on the latter of these, supporting the extension and encouraging the CFPB to modify the rule by reiterating the concerns it had previously gathered from small entities.

B. Initial Regulatory Flexibility Analysis

Under RFA section 603(a), an initial regulatory flexibility analysis (IRFA) “shall describe the impact of the proposed rule on small entities.” ^[111] Section 603(b) of the RFA sets forth the required elements of the IRFA. Section 603(b)(1) requires the IRFA to contain a description of the reasons why action by the agency is being considered.^[112] Section 603(b)(2) requires a succinct statement of the objectives of, and the legal basis for, the proposed rule.^[113] The IRFA further must contain a description of and, where feasible, an estimate of the number of small entities to which the proposed rule will apply.^[114] Section 603(b)(4) requires a description of the projected reporting, recordkeeping, and other compliance requirements of the proposed rule, including an estimate of the classes of small entities that will be subject to the requirement and the types of professional skills necessary for the preparation of the report or record.^[115] In addition, the Bureau must identify, to the extent practicable, all relevant Federal rules which may duplicate, overlap, or conflict with the proposed rule.^[116] Furthermore, the Bureau must describe any significant alternatives to the proposed rule which accomplish the stated objectives of applicable statutes and which minimize any significant economic impact of the proposed rule on small entities.^[117] Finally, as amended by the Dodd-Frank Act, RFA section 603(d) requires that the IRFA include a description of any projected increase in the cost of credit for small entities, a description of any significant alternatives to the proposed rule which accomplish the stated objectives of applicable statutes and which minimize any increase in the cost of credit for small entities (if such an increase in the cost of credit is projected), and a description of the advice and recommendations of representatives of small entities relating to the cost of credit issues.^[118]

The Bureau publishes the following IRFA for public comment.

1. Description of the Reasons Why Agency Action Is Being Considered

Section 1071 of the Dodd-Frank Act amended ECOA to require that financial institutions collect and report to the Bureau certain data regarding applications for credit for women-owned, minority-owned, and small businesses. Section 1071's statutory purposes are (1) to facilitate enforcement of fair lending laws, and (2) to enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses. On May 31, 2023, the Bureau published a final rule in the Federal Register to implement section 1071, and the Bureau subsequently extended the rule's compliance dates (most recently in October 2025).

In this proposed rule, the Bureau proposes to reconsider certain provisions of the 2023 final rule to focus on core lending products, lenders, small businesses, and data points. Based on reactions to the 2023 final rule, including continued feedback from stakeholders and the ongoing litigation, the Bureau now believes that a better, longer-term approach to advance the statutory purposes of section 1071 would be to commence the collection of data with a narrower scope to ensure its quality, and to limit, as much as possible, any disturbance of the provision of credit to small businesses. Only as the Bureau and financial institutions learn from early iterations of data collections will the CFPB consider amending the rule as appropriate while taking care not to disturb the provision of credit to small businesses. The CFPB believes that such an incremental approach would comply with section 1071 and minimize any negative initial impact on small business lending markets and on data quality.

For a further description of the reasons why agency action is being considered, see the background discussion for the proposed rule in part I above.

2. Succinct Statement of the Objectives of, and Legal Basis for, the Proposed Rule

As stated above, Congress enacted section 1071 for the purpose of (1) facilitating enforcement of fair lending ( printed page 50986) laws and (2) enabling communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.^[119] Section 1071, in 15 U.S.C. 1691c-2(g)(2), also permits the Bureau to adopt exceptions to any requirement of section 1071 and to conditionally or unconditionally exempt any financial institution or class of financial institutions from the requirements of section 1071, as the Bureau deems necessary or appropriate to carry out the purposes of section 1071. The Bureau relies on its general rulemaking authority under 15 U.S.C. 1691c-2(g)(1) in this proposed rule and relies on 15 U.S.C. 1691c-2(g)(2) when proposing specific exceptions or exemptions to section 1071's requirements.

To accomplish the incremental approach described above, this proposed rule limits the scope of the 2023 final rule's required data collection in several ways. The proposed rule would exclude certain categories of lending products from the definition of covered credit transaction, such as MCAs, agricultural lending, and small dollar loans. The Bureau also proposes to exclude FCS lenders from coverage and raise the origination threshold from 100 to 1,000 covered credit transactions for each of two consecutive years. The Bureau also proposes to change the definition of small business to $1 million in gross annual revenue from the $5 million definition in the 2023 final rule. Lastly, the Bureau proposes to remove certain data points from the required collection, including application method, application recipient, denial reasons, pricing information, the number of workers, and the LGBTQI+ ownership status of the small business.

For a further description of the proposed provisions, see the discussion of the proposed rule in part III above.

3. Description of and, Where Feasible, Provision of an Estimate of the Number of Small Entities to Which the Proposed Rule Will Apply

For the purposes of assessing the impacts of the proposed rule on small entities, “small entities” is defined in the RFA to include small businesses, small nonprofit organizations, and small government jurisdictions.^[120] A “small business” is determined by application of SBA regulations in reference to the North American Industry Classification System (NAICS) classification and size standards.^[121] Under such standards, the Bureau identified several categories of small entities that may be affected by the proposed provisions: depository institutions; fintech lenders and MCA providers; commercial finance companies; nondepository CDFIs; Farm Credit System members; and governmental lending entities. The NAICS codes covered by these categories are described below.

Table 9 provides the Bureau's estimate of the number and types of entities that may be affected by the proposed rule. The first column provides the category of institution type, the second column provides the NAICS codes associated with that category, the third column provides the SBA small entity threshold for that institution category. The second to last column presents the estimated total number of entities in that category that would be affected by the proposed rule and the final column presents the estimate total number of small entities in that category that would be affected by the proposed rule. See part II.D in the 2023 final rule and part IV.D above for additional information on how the Bureau arrived at the estimates presented below.

The following paragraphs describe the categories of entities that the Bureau expects would be affected by the proposed rule.

Depository institutions (banks and credit unions): The Bureau estimates that there are about 1,700 banks, savings associations, and credit unions engaged in small business lending that would be affected by the proposed rule.^[122] The Bureau estimates that about 170 banks, savings associations, and credit unions would be required to report under the proposed rule. The Bureau estimates that about 1,530 banks, savings associations, and credit unions would have been required to report under the 2023 final rule but would not be required to report under the proposed rule. These entities potentially fall into four different industry categories, including “Commercial Banking” (NAICS 522110), “Credit Unions” (NAICS 522130), “Savings Institutions and Other Depository Credit Intermediation” (NAICS 522180), and “Credit Card Issuing” (NAICS 522210). All these industries have a size standard threshold of $850 million in assets. The Bureau estimates that about 5 of the institutions that would be covered by the proposed rule are small entities according to this threshold. The Bureau ( printed page 50987) estimates that about 795 of the institutions that would no longer be covered by the proposed rule are small entities.

Online lenders and MCA providers: The Bureau estimates that there are about 30 online lenders and about 70 MCA providers engaged in small business lending that would be affected by the proposed rule. The online lenders would be covered by the proposed rule and the MCA providers would have been covered by the 2023 final rule but would no longer be covered by the proposed rule. These companies span multiple industries, including “International, Secondary Market, and All Other Nondepository Credit Intermediation” (NAICS 522299), “Consumer Lending” (NAICS 522291), “Financial Transactions, Processing, Reserve, and Clearinghouse Activities” (NAICS 522320), and “Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services” (NAICS 518210). All these industries have a size standard threshold of $40 million in sales (NAICS 518210) or $47 million in sales (all other NAICS). The Bureau assumes that about 25 of these online lenders are small entities and about 65 MCA providers are small entities.

Commercial finance companies: The Bureau estimates that about 240 commercial finance companies, including captive and independent financing, engaged in small business lending would be affected by the proposed rule. The Bureau assumes that all these entities would have been covered by the 2023 final rule but would not be covered by the proposed rule. These companies span multiple industries, including “Software Publishers” (NAICS 513210), “Commercial Air, Rail, and Water Transportation Equipment Rental and Leasing” (NAICS 532411), “Other Commercial and Industrial Machinery and Equipment Rental and Leasing” (NAICS 532490), “Sales financing” (NAICS 522220) and “Consumer Lending” (NAICS 522291). These industries have size standard thresholds that range from $40 million to $47 million. The Bureau assumes that about 90 percent, or 216, of these commercial finance companies are small according to these size standards.

Nondepository CDFIs: The Bureau estimates that there are 140 nondepository CDFIs engaged in small business lending that would be affected by the proposed rule. The Bureau assumes that all these entities would have been covered by the 2023 final rule but would not be covered by the proposed rule. CDFIs generally fall into “Other Activities Related to Credit Intermediation” (NAICS 522390), “Miscellaneous Intermediation” (NAICS 523910), “Civic and Social Organizations” (NAICS 813410), and “Mortgage and Nonmortgage Loan Brokers” (NAICS 522310). These industries have size standard thresholds that range from $9.5 million in sales to $47 million in sales. The Bureau assumes that about 95 percent, or 132, nondepository CDFIs are small entities.

Farm Credit System members: The Bureau estimates that there are 60 members of the Farm Credit System (banks and associations) engaged in small business lending that would be affected by the proposed rule.^[123] The Bureau assumes that all these entities would have been covered by the 2023 final rule but would not be covered by the proposed rule. These institutions are in the “All Other Nondepository Credit Intermediation” (NAICS 522298) industry. The size standard for this industry is $47 million in revenue. The Bureau estimates that 31 members of the Farm Credit System are small entities.

Governmental lending entities: The Bureau estimates that there are about 70 governmental lending entities engaged in small business lending that would be affected by the proposed rule. The Bureau assumes that all these entities would have been covered by the 2023 final rule but would not be covered by the proposed rule. “Small governmental jurisdictions” are the governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand. The Bureau assumes that none of the governmental lending entities covered by the proposed rule are considered small.

The Bureau requests comment on the accuracy of these estimates of small entities.

4. Projected Reporting, Recordkeeping, and Other Compliance Requirements of the Proposed Rule, Including an Estimate of the Classes of Small Entities Which Will Be Subject to the Requirement and the Type of Professional Skills Necessary for the Preparation of the Report

Reporting requirements. ECOA section 704B(f)(1) provides that “[t]he data required to be compiled and maintained under [section 1071] by any financial institution shall be submitted annually to the Bureau.” The 2023 final rule requires financial institutions to collect and report information regarding any application for “credit” made by small businesses. In this proposal, the Bureau is proposing that the following transactions are no longer covered by the rule: MCAs, agricultural credit, and small dollar loans. The Bureau also proposes to amend the definition of “small business” to $1 million in gross annual revenue. Under the 2023 final rule, financial institutions would be required to report data on small business credit applications if they originated at least 100 covered transactions in each of the previous two calendar years. The Bureau proposes to raise this threshold to 1,000 covered transactions in each of the previous two calendar years.

The Bureau also proposes to remove several data points from the reporting requirements. This includes the data points for application method, application recipient, denial reasons, pricing information, the number of workers, and the LBGTQI+-owned business status.

Part III above discusses these proposed changes in greater detail.

Recordkeeping requirements. The proposed rule, generally, does not alter the recordkeeping requirement of the 2023 final rule. The proposal leaves in place requirements to retain application data for three years, prohibitions on including certain personally identifiable information about individuals, a limitation on access for certain officers and employees to certain demographic information collected, and a requirement that collected demographic information be maintained separately from the application and accompanying information.

Costs to small entities. The proposed rule may impose costs on small financial institutions in two ways. First, the Bureau believes that small financial institutions that were covered under the 2023 final rule and remain covered under the proposed rule may experience an adjustment cost. Second, in the 2023 final rule, Bureau detailed some ways in which covered small financial institutions may benefit from the information collected under the rule. Changing the information collection could reduce these benefits. As a result, small covered financial institutions may experience a cost under the proposed rule.

The Bureau expects that financial institutions that were covered under the 2023 final rule and remain covered under the proposed rule may experience costs that stem from adjusting to complying with the requirements of the proposed rule instead of the 2023 final ( printed page 50988) rule.^[124] Using the methodology described in part IV.D above, the Bureau estimates that about five small depository institutions and 25 small online lenders (nondepository institutions) would be covered by the proposed rule. This is the number of small financial institutions that the Bureau expects would incur the adjustment cost.

As described in part IV above, the Bureau assumes that, on average, financial institutions will have already incurred 25 percent of their non-hiring one-time costs in preparation to comply with the 2023 final rule. For financial institutions that continue to be covered under this proposed rule, the Bureau assumes that this percentage of non-hiring costs would have to be incurred again in order to meet the requirements of the proposed rule. The Bureau estimates that covered small depository institutions would spend about $21,000 each in one-time adjustment costs, annualized to about $3,000 per year, and that the covered small non-depository institutions would spend about $114,000 in one-time adjustment costs, annualized to about $4,000 per year.^[125] The Bureau estimates that the total market level adjustment costs for small depository institutions would be between $21,000 and $128,000. The Bureau estimates that the total market level adjustment costs for small nondepository institutions would be about $2,850,000.

Financial institutions that remain covered under the proposed rule would continue to require compliance personnel in order to report data under the rule. For some financial institutions, the data intake and transcribing stage could involve loan officers or processors whose primary function is to evaluate or process loan applications. For example, at some financial institutions the loan officers would take in information from the applicant to complete the application and input that information into the reporting system. However, the Bureau believes that such roles generally do not require any additional professional skills related to recordkeeping or other compliance requirements of this proposed rule that are not otherwise required during the ordinary course of business for small financial institutions.

The type of professional skills required for compliance varies depending on the particular task involved.^[126] For example, data transcribing requires data entry skills. Transferring data to a data entry system and using vendor data management software requires knowledge of computer systems and the ability to use them. Researching and resolving reportability questions requires a more complex understanding of the regulatory requirements and the details of the relevant line of business. Geocoding requires skills in using the geocoding software, web systems, or, in cases where geocoding is difficult, knowledge of the local area in which the property is located. Standard annual editing, internal checks, and post-submission editing require knowledge of the relevant data systems, data formats, and section 1071 regulatory requirements in addition to skills in quality control and assurance. Filing post-submission documents requires skills in information creation, dissemination, and communication. Training, internal audits, and external audits require communications skills, educational skills, and regulatory knowledge. Section 1071-related exam preparation and exam assistance involve knowledge of regulatory requirements, the relevant line of business, and the relevant data systems.

The Standard Occupational Classification (SOC) code has compliance officers listed under code 13-1041. The Bureau believes that most of the skills required for preparation of the reports or records related to this proposal are the skills required for job functions performed in this occupation. However, the Bureau recognizes that under this general occupational code there is a high level of heterogeneity in the type of skills required as well as the corresponding labor costs incurred by the financial institutions performing these functions. The Bureau seeks comment regarding the skills required for the preparation of the records related to this proposed rule.

Benefits to small entities. The primary benefits to small credit providers in this proposed rule result from compliance cost savings. Small financial institutions that were covered under the 2023 final rule but would not be covered under the proposed rule would save on one-time costs of setting up to comply with the final rule as well as on the ongoing costs that they would otherwise have incurred to collect and report the data every year.

Small financial institutions that were covered under the 2023 final rule and that would remain covered under the proposed rule would save on compliance costs in two ways. First, the Bureau expects that they would be required to report fewer loans and therefore see a reduction in associated hiring costs. This is a one-time costs savings. Second, the reduction in the number of data points to be reported under the proposed rule (relative to the 2023 final rule) would likely result in annual ongoing cost savings.

Using the same coverage estimation described in the 2023 final rule and in part IV above, the Bureau estimates that about 800 small depository institutions and 469 small nondepository institutions would have been covered under the 2023 final rule but not under the proposed rule.

For all estimates discussed below, the Bureau relies on the methodology described in part IV.E, above, but focuses on estimating the impacts of the rule on small entities.

The Bureau estimates that depository institutions with the lowest level of complexity in compliance operations ( i.e., Type A DIs) would save about $50,475 in non-hiring one-time costs by no longer being covered by the proposed rule. The Bureau estimates that depository institutions with a middle level of complexity in compliance operations ( i.e., Type B DIs) would save about $38,775 in non-hiring one-time costs by no longer being covered under the proposed rule. The Bureau estimates that nondepository institutions that would no longer be covered by the proposed rule would save about $85,500 in non-hiring one-time costs. All institutions that would no longer be covered by the proposed rule would also no longer need to hire additional employees to comply with the 2023 final rule and would save $4,683 per FTE in one-time hiring costs.

The Bureau estimates that the overall market impact of one-time cost savings for small depository institutions would be between $34,000,000 and $41,000,000.^[127] The Bureau estimates ( printed page 50989) that the overall market impact of one-time cost savings for small nondepository institutions would be $41,000,000.

Small financial institutions would also experience annual ongoing cost savings under the proposed revisions to the rule. Small institutions that were covered under the 2023 final rule but would no longer be required to report under the proposal would save on compliance costs that they would have otherwise incurred from having to collect and report application data to the Bureau annually. Small financial institutions that would remain covered under this proposed rule would see an ongoing cost savings from the reduction in required data points, which reduces the cost of collecting, checking, and reporting data to the Bureau annually.

The Bureau estimates that the overall annual market impact of ongoing cost savings for small depository institutions would be between $35,000,000 and $45,000,000 per year. The Bureau estimates that the overall annual market impact of ongoing cost savings for small nondepository institutions would be about $35,000,000 per year.

The Bureau estimates that about five small depository institutions and 25 small nondepository institutions (online lenders) would be covered under the proposed rule. The Bureau assumes online lenders would originate the same number of loans under the 2023 final rule and the proposed rule and, thus, would not experience any cost savings. The Bureau expects that some small depository institutions may originate fewer reportable loans under the proposed rule relative to the baseline, primarily because loans for agricultural purposes would not be reported under the proposed rule. These institutions may need to hire fewer additional employees to process reportable loans. The overall market level estimate of one-time hiring cost savings for covered small depositories is between $0 and $47,000.^[128] These institutions would also experience annual ongoing cost savings with an overall market level between about $27,000 and $252,000 per year.

The Bureau requests comment on the estimated impacts of the proposed rule on the small financial institutions.

5. Identification, to the Extent Practicable, of All Relevant Federal Rules Which May Duplicate, Overlap, or Conflict With the Proposed Rule

The proposed rule would amend the existing requirements under the 2023 final rule related to the collection and reporting of small business lending information by certain financial institutions and publication by the Bureau. In its SBREFA Outline, the Bureau identified certain other Federal statutes and regulations that relate in some fashion to these areas and has considered the extent to which they may duplicate, overlap, or conflict with this proposal.^[129] The SBREFA Panel Report included an updated list of these Federal statutes and regulations, as informed by SER feedback.^[130] Each of the statutes and regulations identified in the SBREFA Panel Report is discussed below.

ECOA, implemented by the Bureau's Regulation B, subpart A (12 CFR part 1002), prohibits creditors from discriminating in any aspect of a credit transaction, including a business-purpose transaction, on the basis of race, color, religion, national origin, sex, marital status, age (if the applicant is old enough to enter into a contract), receipt of income from any public assistance program, or the exercise in good faith of a right under the Consumer Credit Protection Act. The Bureau has certain oversight, enforcement, and supervisory authority over ECOA requirements and has rulemaking authority under the statute.

Regulation B subpart A generally prohibits creditors from inquiring about an applicant's race, color, religion, national origin, or sex, with limited exceptions, including if it is required by law. Regulation B subpart A requires creditors to request information about the race, ethnicity, sex, marital status, and age of applicants for certain dwelling-secured loans and to retain that information for certain periods. Regulation B requires this data collection for credit primarily for the purchase or refinancing of a dwelling occupied or to be occupied by the applicant as a principal residence, where the extension of credit will be secured by the dwelling, and requires the data to be maintained by the creditor for 25 months for purposes of monitoring and enforcing compliance with ECOA/Regulation B and other laws. Section 1071 of the Dodd-Frank Act amended ECOA to require financial institutions to compile, maintain, and submit to the Bureau certain data on credit applications by women-owned, minority-owned, and small businesses.

The Small Business Act,^[131] administered through the SBA, defines a small business concern as a business that is “independently owned and operated and which is not dominant in its field of operation” and empowers the Administrator to prescribe detailed size standards by which a business concern may be categorized as a small business. The SBA has adopted nearly one thousand industry-specific size standards, classified by 6-digit NAICS codes, to determine whether a business concern is “small.” In addition, the Small Business Act authorizes loans for qualified small business concerns for purposes of plant acquisition, construction, conversion, or expansion, including the acquisition of land, material, supplies, equipment, and working capital. The SBA sets the guidelines that govern the “7(a) loan program,” determining which businesses financial institutions may lend to through the program and the type of loans they can provide. The Bureau's rule includes reporting on SBA lending and guarantee programs.

The CRA—implemented through regulations issued by the OCC, the Board, and the FDIC—requires some institutions to collect, maintain, and report certain data about small business, farm, and consumer lending to ensure they are serving their communities. The purpose of the CRA is to encourage institutions to help meet the credit needs of the local communities in which they do business, including low- and moderate-income neighborhoods.

The Riegle Community Development and Regulatory Improvement Act of 1994 ^[132] authorized the Community Development Financial Institution Fund (CDFI Fund). The Department of the Treasury administers the regulations that govern the CDFI Fund. The CDFI program includes an annual mandatory Certification and Data Collection Report. The 2023 final rule requires that financial institutions reporting 1071 data identify if they are CDFIs.

HMDA, implemented by the Bureau's Regulation C (12 CFR part 1003), requires lenders who meet certain coverage tests to collect, report, and disclose detailed information to their Federal supervisory agencies about mortgage applications and loans at the ( printed page 50990) transaction level. The HMDA data are a valuable source for regulators, researchers, economists, industry, and advocates assessing housing needs, public investment, and possible discrimination as well as studying and analyzing trends in the mortgage market for a variety of purposes, including general market and economic monitoring. The 2023 final rule eliminated the overlap between what is required to be reported under HMDA and what is covered by section 1071 for certain credit applications secured by dwellings.

The Currency and Foreign Transactions Reporting Act,^[133] as amended by the USA PATRIOT Act,^[134] and commonly referred to as the Bank Secrecy Act, authorized the Financial Crimes Enforcement Network (FinCEN), a bureau of the Department of the Treasury, to combat money laundering and promote financial security. FinCEN regulations require financial institutions to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers, which is sometimes called the customer due diligence (CDD) rule.

The Federal Credit Union Act, implemented by the NCUA (12 CFR part 1756), requires Federal credit unions to make financial reports as specified by the agency. The NCUA requires quarterly reports of the total number of outstanding loans, total outstanding loan balance, total number of loans granted or purchased year-to-date, total amount granted or purchased year-to-date for commercial loans to members, not including loans with original amounts less than $50,000. The NCUA also requires quarterly reports of the total number and total outstanding balance (including the guaranteed portion) of loans originated under an SBA loan program.

The Federal Deposit Insurance Act,^[135] implemented by the FDIC (12 CFR part 304), requires insured banks and savings associations to file Call Reports in accordance with applicable instructions. These instructions require quarterly reports of loans to small businesses, defined as loans for commercial and industrial purposes to sole proprietorships, partnerships, corporations, and other business enterprises and loans secured by non-farm non-residential properties with original amounts of $1 million or less. In accordance with amendments by the Federal Deposit Insurance Corporation Improvement Act of 1991,^[136] the instructions require quarterly reports of loans to small farms, defined as loans to finance agricultural production, other loans to farmers, and loans secured by farmland (including farm residential and other improvements) with original amounts of $500,000 or less.

The Bureau requests comment to identify any additional such Federal statutes or regulations that impose duplicative, overlapping, or conflicting requirements on financial institutions and potential changes to the proposed rules in light of duplicative, overlapping, or conflicting requirements.

6. Description of Any Significant Alternatives to the Proposed Rule Which Accomplish the Stated Objectives of Applicable Statutes and Minimize Any Significant Economic Impact of the Proposed Rule on Small Entities

In drafting this proposed rule, the Bureau considered multiple reporting thresholds for purposes of defining a covered financial institution. In particular, the Bureau considered whether to exempt financial institutions with fewer than 200, 500, or 2,000 originations in each of the two preceding calendar years instead of 1,000 originations, as proposed herein. The Bureau presents estimates for depository institutions because it does not have sufficient information to estimate how these differences in thresholds would impact nondepository institutions. The following table shows the estimated impact that different reporting thresholds the Bureau considered would have had on financial institution coverage.

The Bureau also considered limiting its data collection to the data points specifically enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G). In this proposal, the Bureau would continue to require the collection of the number of principal owners, three-digit NAICS industry code of the business, and the time in business, in addition to the data points required by statute. The Bureau has considered the impact on small entities of proposing only the collection of those data points enumerated in 1691c-2(e)(2)(A) through (G), excluding the additional data points that the Bureau believes help further the purposes of section 1071. Only requiring the collection and reporting of the data points enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G) would have reduced the annual ongoing cost of ( printed page 50991) complying with the proposed rule for small financial institutions. Under this alternative, the estimated total annual ongoing costs for Type A FIs, Type B FIs, and Type C FIs would be reduced by $148, $503 and $2,778, respectively. Per application, the estimated reduction in ongoing cost would be $1, less than $1, and $1 for Type A FIs, Type B FIs, and Type C FIs, respectively. The estimated total annual market-level ongoing cost savings of impacted small depository institutions would increase by about $20,000. The Bureau does not expect that one-time cost savings would be meaningfully different as a result of this alternative.

7. Discussion of Impact on Cost of Credit for Small Entities

The proposed rule would eliminate ongoing variable costs for institutions that would no longer be covered and would reduce ongoing variable costs for institutions that remain covered. In part IV.F.2 above, the Bureau describes how, based on economic theory and evidence from the Bureau's own surveys, financial institutions would most likely pass on these savings to small business borrowers from eliminated or lower ongoing variable costs in the form of lower prices and fees. Therefore, the Bureau expects that the proposed rule would decrease the cost of credit for small entities who are small business applicants for credit under the rule.

In part IV.F.2 above, the Bureau estimates that the per application ongoing variable cost, at baseline, is $34 for Type A FIs, $28 for Type B FIs, and $8 for Type C FIs. According to the analysis above, this is the expected benefit that would accrue to applicants at institutions that were covered at baseline but would no longer be covered under the proposed rule. For institutions that would continue to report under the proposed rule, the difference between the ongoing variable cost at baseline and under the proposed rule is $7 for Type A FIs, $2 for Type B FIs, and $1 for Type C FIs. This difference is what the Bureau expects to be passed on to applicants at financial institutions that would continue to be covered under the proposed rule.

Furthermore, the Bureau expects that small financial institutions covered under the proposed rule (insofar as they are considered “small entities” for the purposes of the RFA) are unlikely to experience a meaningful change in the costs of credit. Generally, financial institutions borrow in a manner that is different from other types of small businesses, including from other financial institutions in a separate Federal Funds market or from the Federal Reserve. The changes in compliance costs due to the proposed rule are unlikely to significantly change the cost of borrowing for these small financial institutions.

VI. Paperwork Reduction Act

Under the Paperwork Reduction Act of 1995 (PRA),^[137] Federal agencies are generally required to seek approval from the Office of Management and Budget (OMB) for information collection requirements prior to implementation. Under the PRA, the Bureau may not conduct nor sponsor, and, notwithstanding any other provision of law, a person is not required to respond to, an information collection unless the information collection displays a valid control number assigned by OMB.

As part of its continuing effort to reduce paperwork and respondent burden, the Bureau conducts a preclearance consultation program to provide the general public and Federal agencies with an opportunity to comment on the information collection requirements in accordance with the PRA. This helps ensure that the public understands the Bureau's requirements or instructions, respondents can provide the requested data in the desired format, reporting burden (time and financial resources) is minimized, information collection instruments are clearly understood, and the Bureau can properly assess the impact of information collection requirements on respondents.

The proposed rule would amend 12 CFR part 1002 (Regulation B), which implements ECOA. The Bureau's OMB control number for Regulation B is 3170-0013. This proposed rule would revise the information collection requirements contained in Regulation B that OMB has approved under that OMB control number.

Under the proposal, the Bureau would amend one information collection requirement in Regulation B: Compilation of reportable data (proposed § 1002.107), including a notice requirement (in proposed § 1002.107(a)(18) and (19)).

The information collection requirements in Regulation B, as amended by this proposed rule, would be mandatory. Certain data fields would be modified or deleted by the Bureau, in its discretion, to advance a privacy interest before the data are made available to the public (as permitted by section 1071 and the Bureau's rule). The data that are not modified or deleted would be made available to the public and are not considered confidential. The rest of the data would be considered confidential if the information:

• Identifies any natural persons who might not be applicants (e.g., owners of a business where a legal entity is the applicant); or
• Implicates the privacy interests of financial institutions.

The collections of information contained in this proposed rule, and identified as such, have been submitted to OMB for review under section 3507(d) of the PRA. A complete description of the information collection requirements (including the burden estimate methods) is provided in the information collection request (ICR) that the Bureau has submitted to OMB under the requirements of the PRA. Please send your comments to the Office of Information and Regulatory Affairs, OMB, Attention: Desk Officer for the Consumer Financial Protection Bureau. Send these comments by email to oira_submission@omb.eop.gov or by fax to 202-395-6974. If you wish to share your comments with the Bureau, please send a copy of these comments as described in the ADDRESSES section above. The ICR submitted to OMB requesting approval under the PRA for the information collection requirements contained herein is available at www.regulations.gov as well as on OMB's public-facing docket at www.reginfo.gov.

Title of Collection: Regulation B: Equal Credit Opportunity Act.

OMB Control Number: 3170-0013.

Type of Review: Revision of a currently approved collection.

Affected Public: Private Sector; Federal and State Governments.

Estimated Number of Respondents: 188,800.

Estimated Total Annual Burden Hours: 5,921,9579.

Comments are invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the Bureau, including whether the information will have practical utility; (b) the accuracy of the Bureau's estimate of the burden of the collection of information, including the validity of the methods and the assumptions used; (c) ways to enhance the quality, utility, and clarity of the information to be collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology. Comments submitted in response to this proposal will be summarized and/or included in the request for OMB approval. All comments will become a matter of public record. ( printed page 50992)

If applicable, the notice of final rule will display the control number assigned by OMB to any information collection requirements proposed herein and adopted in the final rule.

VII. Regulatory Review

Executive Orders 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select those regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety, and other advantages; and distributive impacts). Section 3(f) of Executive Order 12866 defines a “significant regulatory action” as any regulatory action that is likely to result in a rule that may: (1) have an annual effect on the economy of $100 million or more or adversely affect in a material way the economy, a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local, or tribal governments or communities; (2) create a serious inconsistency or otherwise interfere with an action taken or planned by another agency; (3) materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations of recipients thereof; or (4) raise novel legal or policy issues arising out of legal mandates, or the President's priorities. The Office of Information and Regulatory Affairs (OIRA), within the Office of Management and Budget (OMB), has determined that this action is a “significant regulatory action” under Executive Order 12866. Accordingly, OMB has reviewed this action.

Authority and Issuance

For the reasons set forth in the preamble, the Bureau proposes to amend Regulation B, 12 CFR part 1002, as set forth below:

1. The authority citation for part 1002 continues to read as follows:

Authority: 12 U.S.C. 5512, 5581; 15 U.S.C. 1691b. Subpart B is also issued under 15 U.S.C. 1691c-2.

2. Amend § 1002.5 by revising paragraphs (a)(4)(vii) through (x) as follows:

3. Amend § 1002.101 by removing and reserving paragraphs (k) and (l).

4. Amend § 1002.104 by adding paragraphs (b)(7) through (9) as follows:

5. Amend § 1002.105 by revising paragraph (b) as follows:

6. Amend § 1002.106 by revising paragraph (b) as follows:

7. Amend § 1002.107 by removing and reserving paragraphs (a)(3), (4), (11), (12), and (16), (c)(2)(i) and (iii), and (c)(3) and (4), and by revising paragraphs (a)(18), (19), (c)(1), (d) introductory text, and (d)(1) as follows:

8. Amend § 1002.108 by revising paragraphs (b) and (d) as follows:

9. Amend § 1002.111 by revising paragraph (b) as follows:

10. Amend § 1002.112 by revising paragraph (c)(4) as follows:

11. Amend § 1002.114 by removing and reserving paragraphs (b)(2) and (3), and (c)(3), and by revising paragraphs (b)(1) and (4), and (c)(1) and (2).

12. Amend Appendices E and F by revising them as follows:

Appendix E to Part 1002—Sample Form for Collecting Certain Applicant-Provided Data Under Subpart B

( printed page 50995)

( printed page 50996)

Appendix F to Part 1002—Tolerances for Bona Fide Errors in Data Reported Under Subpart B

As set out in § 1002.112(b) and in comment 112(b)-1, a financial institution is presumed to maintain procedures reasonably adapted to avoid errors with respect to a given data field if the number of errors found in a random sample of a financial institution's data submission for a given data field do not equal or exceed the threshold in column C of the following table (Table 1, Tolerance Thresholds for Bona Fide Errors): ( printed page 50997)

The size of the random sample, under column B, shall depend on the size of the financial institution's small business lending application register, as shown in column A of the Threshold Table.

The thresholds in column C of the Threshold Table reflect the number of unintentional errors a financial institution may make within a particular data field ( e.g., the credit product data field within the credit type data point or the sex data field for a particular principal owner within the ethnicity, race, and sex of principal owners data point) in a small business lending application register that would be deemed bona fide errors for purposes of § 1002.112(b).

For instance, a financial institution that submitted a small business lending application register containing 11,000 applications would be subject to a threshold of four errors per data field. If the financial institution had made two errors in reporting loan amount and two errors reporting gross annual income, all of these errors would be covered by the bona fide error provision of § 1002.112(b) and would not constitute a violation of the Act or this part. If the same financial institution had made five errors in reporting loan amount and two errors reporting gross annual revenue, the bona fide error provision of § 1002.112(b) would not apply to the five loan amount errors but would still apply to the two gross annual revenue errors.

Even when the number of errors in a particular data field do not equal or exceed the threshold in column C, if either there is a reasonable basis to believe that errors in that field were intentional or there is evidence that the financial institution did not maintain procedures reasonably adapted to avoid such errors, then the errors are not bona fide errors under § 1002.112(b).

For purposes of determining bona fide errors under § 1002.112(b), the term “data field” generally refers to individual fields. Some data fields may allow for more than one response. For example, with respect to information on the ethnicity or race of an applicant's principal owners, a data field may identify more than one race or more than one ethnicity for a given person. If one or more of the ethnicities or races identified in a data field are erroneous, they count as one (and only one) error for that data field.

13. In Supplement I to part 1002:

a. Under Section 1002.5—Rules Concerning Requests for Information, revise 5(a)(2) Required Collection of Information.

b. Under Section 1002.102—Definitions, remove 102(l) LGBTQI+-Owned Business and revise 102(o) Principal Owner.

c. Under Section 1002.104—Covered Credit Transactions and Excluded Transactions, revise 104(a) Covered Credit Transaction and 104(b) Excluded Transactions, and add 104(b)(9) Small dollar business credit transactions.

d. Under Section 1002.105—Covered Financial Institutions and Exempt Institutions, revise 105(a) Financial Institution and 105(b) Covered Financial Institution.

e. Under Section 1002.106—Business and Small Business, revise 106(b)(1) Small Business and 106(b)(2) Inflation Adjustment.

f. Under Section 1002.107—Compilation of Reportable Data, remove 107(a)(3) Application Method, 107(a)(4) Application Recipient, 107(a)(11) Denial Reasons, 107(a)(12) Pricing Information, 107(a)(12)(i) Interest Rate, 107(a)(12)(ii) Total Origination Charges, 107(a)(12)(iii) Broker Fees, 107(a)(12)(iv) Initial Annual Charges, 107(a)(12)(v) Additional Cost for Merchant Cash Advances or Other Sales-Based Financing, 107(a)(12)(vi) Prepayment Penalties, 107(a)(16) Number of Workers, 107(c)(3) Procedures To Monitor Compliance, 107(c)(4) Low Response Rates, and revise 107(a)(2) Application Date, 107(a)(5) Credit Type, 107(a)(18) Minority-Owned, Women-Owned, and LGBTQI+-Owned Business Statuses including the heading, 107(a)(19) Ethnicity, Race, and Sex of Principal Owners, 107(b) Reliance on and Verification of Applicant-Provided Data, 107(c)(1) In General, 107(c)(2) Applicant-Provided Data Collected Directly From the Applicant, and 107(d) Previously Collected Data.

g. Under Section 1002.108—Firewall, revise 108(b) Prohibition on Access to Certain Information and 108(d) Notice.

h. Under Section 1002.109—Reporting of Data to the Bureau, revise 109(a)(3) Reporting Obligations Where Multiple Financial Institutions Are Involved in a Covered Credit Transaction, 109(b) Financial Institution Identifying Information, and Paragraph 109(b)(9).

i. Under Section 1002.112—Enforcement, revise 112(c) Safe Harbors.

j. Under Section 1002.114—Effective Date, Compliance Date, and Special Transition Rules, revise 114(b) Compliance Date and 114(c) Special Transition Rules.

The revisions read as follows:

Supplement I to Part 1002—Official Interpretations

Section 1002.5—Rules Concerning Requests for Information

5(a)(2) Required Collection of Information

1. Local laws. Information that a creditor is allowed to collect pursuant to a “state” statute or regulation includes information required by a local statute, regulation, or ordinance.

2. Information required by Regulation C. Regulation C, 12 CFR part 1003, generally requires creditors covered by the Home Mortgage Disclosure Act (HMDA) to collect and report information about the race, ethnicity, and sex of applicants for certain dwelling-secured loans, including some types of loans not covered by § 1002.13.

3. Collecting information on behalf of creditors. Persons such as loan brokers and correspondents do not violate the ECOA or Regulation B if they collect information that they are otherwise prohibited from collecting, where the purpose of collecting the information is to provide it to a creditor that is subject to subpart B of this part, the Home Mortgage Disclosure Act, or another Federal or State statute or regulation requiring data collection.

4. Information required by subpart B. Subpart B of this part generally requires creditors that are covered financial institutions as defined in § 1002.105(b) to collect and report information about the ethnicity, race, and sex of the principal owners of applicants for certain small business credit, as well as whether the applicant is a minority-owned business or a women-owned business, as defined in § 1002.102(m) and (s), respectively.

Section 1002.102—Definitions

102(o) Principal Owner

1. Individual. Only an individual can be a principal owner of a business for purposes of subpart B of this part. Entities, such as trusts, partnerships, limited liability companies, and corporations, are not principal owners for this purpose. Additionally, an individual must directly own an equity share of 25 percent or more in the business in order to be a principal owner. Unlike the determination of ownership for purposes of collecting and reporting minority-owned business status and women-owned business ( printed page 50998) status, indirect ownership is not considered when determining if someone is a principal owner for purposes of collecting and reporting principal owners' ethnicity, race, and sex or the number of principal owners. Thus, when determining who is a principal owner, ownership is not traced through multiple corporate structures to determine if an individual owns 25 percent or more of the equity interests. For example, if individual A directly owns 20 percent of a business, individual B directly owns 20 percent, and partnership C owns 60 percent, the business does not have any owners who satisfy the definition of principal owner set forth in § 1002.102(o), even if individual A and individual B are the only partners in the partnership C. Similarly, if individual A directly owns 30 percent of a business, individual B directly owns 20 percent, and trust D owns 50 percent, individual A is the only principal owner as defined in § 1002.102(o), even if individual B is the sole trustee of trust D.

2. Trustee. Although a trust is not considered a principal owner of a business for the purposes of subpart B, if the applicant for a covered credit transaction is a trust, a trustee is considered the owner of the trust. Thus, if a trust is an applicant for a covered credit transaction and the trust has two co-trustees, each co-trustee is considered to own 50 percent of the business and would each be a principal owner as defined in § 1002.102(o). In contrast, if the trust has five co-trustees, each co-trustee is considered to own 20 percent of the business and would not meet the definition of principal owner under § 1002.102(o).

3. Purpose of definition. A financial institution shall provide an applicant with the definition of principal owner when asking the applicant to provide the number of its principal owners pursuant to § 1002.107(a)(20) and the ethnicity, race, and sex of its principal owners pursuant to § 1002.107(a)(19). See comments 107(a)(19)-2 and 107(a)(20)-1.

Section 1002.104—Covered Credit Transactions and Excluded Transactions

104(a) Covered Credit Transaction

1. General. The term “covered credit transaction” includes all business credit (including loans, lines of credit, and credit cards) unless otherwise excluded under § 1002.104(b).

104(b) Excluded Transactions

1. Factoring. The term “covered credit transaction” does not cover factoring as described herein. For the purpose of this subpart, factoring is an accounts receivable purchase transaction between businesses that includes an agreement to purchase, transfer, or sell a legally enforceable claim for payment for goods that the recipient has supplied or services that the recipient has rendered but for which payment in full has not yet been made. The name used by the financial institution for a product is not determinative of whether or not it is a “covered credit transaction.” This description of factoring is not intended to repeal, abrogate, annul, impair, or interfere with any existing interpretations, orders, agreements, ordinances, rules, or regulations adopted or issued pursuant to comment 9(a)(3)-3. A financial institution shall report an extension of business credit incident to a factoring arrangement that is otherwise a covered credit transaction as “Other sales-based financing transaction” under § 1002.107(a)(5).

2. Leases. The term “covered credit transaction” does not cover leases as described herein. A lease, for the purpose of this subpart, is a transfer from one business to another of the right to possession and use of goods for a term, and for primarily business or commercial (including agricultural) purposes, in return for consideration. A lease does not include a sale, including a sale on approval or a sale or return, or a transaction resulting in the retention or creation of a security interest. The name used by the financial institution for a product is not determinative of whether or not it is a “covered credit transaction.”

3. Consumer-designated credit. The term “covered credit transaction” does not include consumer-designated credit that is used for business purposes. A transaction qualifies as consumer-designated credit if the financial institution offers or extends the credit primarily for personal, family, or household purposes. For example, an open-end credit account used for both personal and business purposes is not business credit for the purpose of subpart B of this part unless the financial institution designated or intended for the primary purpose of the account to be business-related.

4. Credit transaction purchases, purchases of an interest in a pool of credit transactions, and purchases of a partial interest in a credit transaction. The term “covered credit transaction” does not cover the purchase of an originated credit transaction, the purchase of an interest in a pool of credit transactions, or the purchase of a partial interest in a credit transaction such as through a loan participation agreement. Such purchases do not, in themselves, constitute an application for credit. See also comment 109(a)(3)-2.i.

104(b)(9) Small Dollar Business Credit Transactions

1. General. Small dollar business credit transactions, as defined in § 1002.104(b)(9), are excluded from the definition of a covered credit transaction. Applications that are originated or approved but not accepted satisfy this exclusion if the amount originated or approved is $1,000 or less. Applications that are denied, withdrawn, or incomplete satisfy this exclusion if the amount applied for is $1,000 or less. If the particular type of credit product applied for does not involve a specific amount requested, and the financial institution as matter of general practice does not originate that particular type of credit product in amounts of $1,000 or less, the application cannot be treated as a small dollar business credit transaction. See comment 107(a)(7)-2.

2. Inflation adjustment methodology. The small dollar business credit transaction amount set forth in § 1002.104(b)(9)(ii) will be adjusted upward or downward to reflect changes, if any, in the Consumer Price Index for All Urban Consumers (U.S. city average series for all items, not seasonally adjusted), as published by the United States Bureau of Labor Statistics (“CPI-U”). The base for computing each adjustment is the January 2030 CPI-U; this base value shall be compared to the CPI-U value in January 2035 and every five years thereafter. For example, after the January 2035 CPI-U is made available, the adjustment is calculated by determining the percentage change in the CPI-U between January 2030 and January 2035, applying this change to the $1,000 small dollar business transaction amount, and rounding to the nearest $100. If, as a result of this rounding, there is no change in the transaction amount, there will be no adjustment. For example, if in January 2035 the adjusted value were $950 (reflecting a $50 decrease from January 2030 CPI-U), then the transaction amount would not adjust because $950 would be rounded up to $1,000. If on the other hand, the adjusted value were $1,120, then the transaction amount would adjust to $1,100. Where the adjusted value is a multiple of $50 ( e.g., $1,050), then the transaction amount adjusts upward.

2. Substitute for CPI-U. If publication of the CPI-U ceases, or if the CPI-U otherwise becomes unavailable or is altered in such a way as to be unusable, then the Bureau shall substitute another reliable cost of living indicator from the United States Government for the purpose of calculating adjustments pursuant to § 1002.104(b)(9)(ii).

Section 1002.105—Covered Financial Institutions and Exempt Institutions

105(a) Financial Institution

1. Examples. Section 1002.105(a) defines a financial institution as any partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity that engages in any financial activity. This definition includes, but is not limited to, banks, savings associations, credit unions, online lenders, platform lenders, community development financial institutions, lenders involved in equipment and vehicle financing (captive financing companies and independent financing companies), commercial finance companies, organizations exempt from taxation pursuant to 26 U.S.C. 501(c), and governments or governmental subdivisions or agencies.

2. Motor vehicle dealers. Pursuant to § 1002.101(a), subpart B of this part excludes from coverage persons defined by section 1029 of the Consumer Financial Protection Act of 2010, title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1376, 2004 (2010).

105(b) Covered Financial Institution

1. Preceding calendar year. The definition of covered financial institution refers to preceding calendar years. For example, in 2029, the two preceding calendar years are 2027 and 2028. Accordingly, in 2029, Financial Institution A does not meet the loan-volume threshold in § 1002.105(b) if did not originate at least 1,000 covered credit ( printed page 50999) transactions for small businesses both during 2027 and during 2028.

2. Origination threshold. A financial institution qualifies as a covered financial institution based on total covered credit transactions originated for small businesses, rather than covered applications received from small businesses. For example, if in both 2028 and 2029, Financial Institution B received 1,100 covered applications from small businesses and originated 900 covered credit transactions for small businesses, then for 2029, Financial Institution B is not a covered financial institution.

3. Counting originations when multiple financial institutions are involved in originating a covered credit transaction. For the purpose of counting originations to determine whether a financial institution is a covered financial institution under § 1002.105(b), in a situation where multiple financial institutions are involved in originating a single covered credit transaction, only the last financial institution with authority to set the material terms of the covered credit transaction is required to count the origination.

4. Counting originations after adjustments to the gross annual revenue threshold due to inflation. Pursuant to § 1002.106(b)(2), every five years, the gross annual revenue threshold used to define a small business in § 1002.106(b)(1) shall be adjusted, if necessary, to account for inflation. The first time such an adjustment could occur is in 2035, with an effective date of January 1, 2036. A financial institution seeking to determine whether it is a covered financial institution applies the gross annual revenue threshold that is in effect for each year it is evaluating. For example, a financial institution seeking to determine whether it is a covered financial institution in 2037 counts its originations of covered credit transactions for small businesses in calendar years 2035 and 2036. The financial institution applies the initial $1 million threshold to evaluate whether its originations were to small businesses in 2035. In this example, if the small business threshold were increased to $1.1 million effective January 1, 2036, the financial institution applies the $1.1 million threshold to count its originations for small businesses in 2036.

5. Reevaluation, extension, or renewal requests, as well as credit line increases and other requests for additional credit amounts. While requests for additional credit amounts on an existing account can constitute a “covered application” pursuant to § 1002.103(b)(1), such requests are not counted as originations for the purpose of determining whether a financial institution is a covered financial institution pursuant to § 1002.105(b). In addition, transactions that extend, renew, or otherwise amend a transaction are not counted as originations. For example, if a financial institution originates 600 term loans and 250 lines of credit for small businesses in each of the preceding two calendar years, along with 100 line increases for small businesses in each of those years, the financial institution is not a covered financial institution because it has not originated at least 1,000 covered credit transactions in each of the two preceding calendar years.

6. Annual consideration. Whether a financial institution is a covered financial institution for a particular year depends on its small business lending activity in the preceding two calendar years. Therefore, whether a financial institution is a covered financial institution is an annual consideration for each year that data may be compiled and maintained for purposes of subpart B of this part. A financial institution may be a covered financial institution for a given year of data collection (and the obligations arising from qualifying as a covered financial institution shall continue into subsequent years, pursuant to §§ 1002.110 and 1002.111), but the same financial institution may not be a covered financial institution for the following year of data collection. For example, Financial Institution C originated 1,100 covered transactions for small businesses in both 2027 and 2028. In 2029, Financial Institution C is a covered financial institution and therefore is obligated to compile and maintain applicable 2029 small business lending data under § 1002.107(a). During 2029, Financial Institution C originates 900 covered transactions for small businesses. In 2030, Financial Institution C is not a covered financial institution with respect to 2030 small business lending data, and is not obligated to compile and maintain 2030 data under § 1002.107(a) (although Financial Institution C may volunteer to collect and maintain 2030 data pursuant to § 1002.5(a)(4)(vii) and as explained in comment 105(b)-10). Pursuant to § 1002.109(a), Financial Institution C shall submit its small business lending application register for 2029 data in the format prescribed by the Bureau by June 1, 2030 because Financial Institution C is a covered financial institution with respect to 2029 data, and the data submission deadline of June 1, 2030 applies to 2029 data.

7. Merger or acquisition—coverage of surviving or newly formed institution. After a merger or acquisition, the surviving or newly formed financial institution is a covered financial institution under § 1002.105(b) if it, considering the combined lending activity of the surviving or newly formed institution and the merged or acquired financial institutions (or acquired branches or locations), satisfies the criteria included in § 1002.105(b). For example, Financial Institutions A and B merge. The surviving or newly formed financial institution meets the threshold in § 1002.105(b) if the combined previous components of the surviving or newly formed financial institution (A plus B) would have originated at least 1,000 covered credit transactions for small businesses for each of the two preceding calendar years. Similarly, if the combined previous components and the surviving or newly formed financial institution would have reported at least 1,000 covered transactions for small businesses for the year previous to the merger as well as 1,000 covered transactions for small businesses for the year of the merger, the threshold described in § 1002.105(b) would be met and the surviving or newly formed financial institution would be a covered institution under § 1002.105(b) for the year following the merger. Comment 105(b)-8 discusses a financial institution's responsibilities with respect to compiling and maintaining (and subsequently reporting) data during the calendar year of a merger.

8. Merger or acquisition—coverage specific to the calendar year of the merger or acquisition. The scenarios described below illustrate a financial institution's responsibilities specifically for data from the calendar year of a merger or acquisition. For purposes of these illustrations, an “institution that is not covered” means either an institution that is not a financial institution, as defined in § 1002.105(a), or a financial institution that is not a covered financial institution, as defined in § 1002.105(b).

i. Two institutions that are not covered financial institutions merge. The surviving or newly formed institution meets all of the requirements necessary to be a covered financial institution. No data are required to be compiled, maintained, or reported for the calendar year of the merger (even though the merger creates an institution that meets all of the requirements necessary to be a covered financial institution).

ii. A covered financial institution and an institution that is not covered merge. The covered financial institution is the surviving institution, or a new covered financial institution is formed. For the calendar year of the merger, data are required to be compiled, maintained, and reported for covered applications from the covered financial institution and is optional for covered applications from the financial institution that was previously not covered.

iii. A covered financial institution and an institution that is not covered merge. The institution that is not covered is the surviving institution and remains not covered after the merger, or a new institution that is not covered is formed. For the calendar year of the merger, data are required to be compiled and maintained (and subsequently reported) for covered applications from the previously covered financial institution that took place prior to the merger. After the merger date, compiling, maintaining, and reporting data is optional for applications from the institution that was previously covered for the remainder of the calendar year of the merger.

iv. Two covered financial institutions merge. The surviving or newly formed financial institution is a covered financial institution. Data are required to be compiled and maintained (and subsequently reported) for the entire calendar year of the merger. The surviving or newly formed financial institution files either a consolidated submission or separate submissions for that calendar year.

9. Foreign applicability. As discussed in comment 1(a)-2, Regulation B (including subpart B) generally does not apply to lending activities that occur outside the United States.

10. Voluntary collection and reporting. Section 1002.5(a)(4)(vii) through (x) permits a creditor that is not a covered financial institution under § 1002.105(b) to voluntarily collect and report information regarding covered applications from small businesses ( printed page 51000) in certain circumstances. If a creditor is voluntarily collecting information for covered applications regarding whether the applicant is a minority-owned business and/or a women-owned business under § 1002.107(a)(18), and regarding the ethnicity, race, and sex of the applicant's principal owners under § 1002.107(a)(19), it shall do so in compliance with §§ 1002.107, 1002.108, 1002.111, 1002.112 as though it were a covered financial institution. If a creditor is reporting those covered applications from small businesses to the Bureau, it shall do so in compliance with §§ 1002.109 and 1002.110 as though it were a covered financial institution.

Section 1002.106—Business and Small Business

106(b) Small Business Definition

106(b)(1) Small Business

1. Change in determination of small business status—business is ultimately not a small business. If a financial institution initially determines an applicant is a small business as defined in § 1002.106 based on available information and collects data required by § 1002.107(a)(18) and (19) but later concludes that the applicant is not a small business, the financial institution does not violate the Act or this regulation if it meets the requirements of § 1002.112(c)(4). The financial institution shall not report the application on its small business lending application register pursuant to § 1002.109.

2. Change in determination of small business status—business is ultimately a small business. Consistent with comment 107(a)(14)-1, a financial institution need not independently verify gross annual revenue. If a financial institution initially determines that the applicant is not a small business as defined in § 1002.106(b), but later concludes the applicant is a small business prior to taking final action on the application, the financial institution must report the covered application pursuant to § 1002.109. In this situation, the financial institution shall endeavor to compile, maintain, and report the data required under § 1002.107(a) in a manner that is reasonable under the circumstances. For example, if the applicant initially provides a gross annual revenue of $1.1 million (that is, above the threshold for a small business as initially defined in § 1002.106(b)(1)), but during the course of underwriting the financial institution discovers the applicant's gross annual revenue was in fact $950,000 (meaning that the applicant is within the definition of a small business under § 1002.106(b)), the financial institution is required to report the covered application pursuant to § 1002.109. In this situation, the financial institution shall take reasonable steps upon discovery to compile, maintain, and report the data necessary under § 1002.107(a) to comply with subpart B of this part for that covered application. Thus, in this example, even if the financial institution's procedure is typically to request applicant-provided data together with the application form, in this circumstance, the financial institution shall seek to collect the data during the application process necessary to comply with subpart B in a manner that is reasonable under the circumstances.

3. Applicant's representations regarding gross annual revenue; inclusion of affiliate revenue; updated or verified information. A financial institution is permitted to rely on an applicant's representations regarding gross annual revenue (which may or may not include any affiliate's revenue) for purposes of determining small business status under § 1002.106(b). However, if the applicant provides updated gross annual revenue information or the financial institution verifies the gross annual revenue information (see comment 107(b)-1), the financial institution must use the updated or verified information in determining small business status.

4. Multiple unaffiliated co-applicants—size determination. The financial institution shall not aggregate unaffiliated co-applicants' gross annual revenues for purposes of determining small business status under § 1002.106(b). If a covered financial institution receives a covered application from multiple businesses who are not affiliates, as defined by § 1002.102(a), where at least one business is a small business under § 1002.106(b), the financial institution shall compile, maintain, and report data pursuant to §§ 1002.107 through 1002.109 regarding the covered application for only a single applicant that is a small business. See comment 103(a)-10 for additional details.

106(b)(2) Inflation Adjustment

1. Inflation adjustment methodology. The small business gross annual revenue threshold set forth in § 1002.106(b)(1) will be adjusted upward or downward to reflect changes, if any, in the Consumer Price Index for All Urban Consumers (U.S. city average series for all items, not seasonally adjusted), as published by the United States Bureau of Labor Statistics (“CPI-U”). The base for computing each adjustment is the January 2030 CPI-U; this base value shall be compared to the CPI-U value in January 2035 and every five years thereafter. For example, after the January 2035 CPI-U is made available, the adjustment is calculated by determining the percentage change in the CPI-U between January 2030 and January 2035, applying this change to the $1 million gross annual revenue threshold, and rounding to the nearest $100,000. If, as a result of this rounding, there is no change in the gross annual revenue threshold, there will be no adjustment. For example, if in January 2035 the adjusted value were $950,000 (reflecting a $50,000 decrease from January 2030 CPI-U), then the threshold would not adjust because $950,000 million would be rounded up to $1 million. If on the other hand, the adjusted value were $1.12 million, then the threshold would adjust to $1.1 million. Where the adjusted value is a multiple of $50,000 ( e.g., $1,050,000), then the threshold adjusts upward.

2. Substitute for CPI-U. If publication of the CPI-U ceases, or if the CPI-U otherwise becomes unavailable or is altered in such a way as to be unusable, then the Bureau shall substitute another reliable cost of living indicator from the United States Government for the purpose of calculating adjustments pursuant to § 1002.106(b)(2).

Section 1002.107—Compilation of Reportable Data

107(a)(2) Application Date

1. Consistency. Section 1002.107(a)(2) requires that, in reporting the date of covered application, a financial institution shall report the date the covered application was received or the date shown on a paper or electronic application form. Although a financial institution need not choose the same approach for its entire small business lending application register, it should generally be consistent in its approach by, for example, establishing procedures for how to report this date within particular scenarios, products, or divisions. If the financial institution chooses to report the date shown on an application form and the institution retains multiple versions of the application form, the institution reports the date shown on the first application form satisfying the definition of covered application pursuant to § 1002.103.

2. Application received. For an application submitted directly to the financial institution or its affiliate, the financial institution shall report the date it received the covered application, as defined under § 1002.103, or the date shown on a paper or electronic application form. For an application initially submitted to a third party, see comment 107(a)(2)-3.

3. Indirect applications. For an application that was not submitted directly to the financial institution or its affiliate, the financial institution shall report the date the application was received by the party that initially received the application, the date the application was received by the financial institution, or the date shown on the application form. Although a financial institution need not choose the same approach for its entire small business lending application register, it should generally be consistent in its approach by, for example, establishing procedures for how to report this date within particular scenarios, products, or divisions.

4. Safe harbor. Pursuant to § 1002.112(c)(1), a financial institution that reports on its small business lending application register an application date that is within three business days of the actual application date pursuant to § 1002.107(a)(2) does not violate the Act or subpart B of this part. For purposes of this paragraph, a business day means any day the financial institution is open for business.

107(a)(5) Credit Type

1. Reporting credit product—in general. A financial institution complies with § 1002.107(a)(5)(i) by selecting the credit product applied for or originated, from the list below. If the credit product applied for or originated is not included on this list, the financial institution selects “other,” and reports the credit product via free-form text field. If an applicant requested more than one credit product at the same time, the financial institution reports each credit product requested as a separate application. However, if the applicant only requested a single ( printed page 51001) covered credit transaction, but had not decided on which particular product, the financial institution complies with § 1002.107(a)(5)(i) by reporting the credit product originated (if originated), or the credit product denied (if denied), or the credit product of greater interest to the applicant, if readily determinable. If the credit product of greater interest to the applicant is not readily determinable, the financial institution complies with § 1002.107(a)(5)(i) by reporting one of the credit products requested as part of the request for a single covered credit transaction, in its discretion. See comment 103(a)-5 for instructions on reporting requests for multiple covered credit transactions at one time.

i. Term loan—unsecured.

ii. Term loan—secured.

iii. Line of credit—unsecured.

iv. Line of credit—secured.

v. Credit card account, not private-label.

vi. Private-label credit card account.

vii. [Reserved]

viii. [Reserved]

ix. Other.

x. Not provided by applicant and otherwise undetermined.

2. Credit card account, not private-label. A financial institution complies with § 1002.107(a)(5)(i) by reporting the credit product as a “credit card account, not private-label” when the product is a business-purpose open-end credit account that is not private label and that may be accessed from time to time by a card, plate, or other single credit device to obtain credit, except that accounts or lines of credit secured by real property and overdraft lines of credit accessed by debit cards are not credit card accounts. The term credit card account does not include debit card accounts or closed-end credit that may be accessed by a card, plate, or single credit device. The term credit card account does include charge card accounts that are generally paid in full each billing period, as well as hybrid prepaid-credit cards. A financial institution reports multiple credit card account, not private-label applications requested at one time using the guidance in comment 103(a)-7.

3. Private-label credit card account. A financial institution complies with § 1002.107(a)(5)(i) by reporting the credit product as a “private-label credit card account” when the product is a business-purpose open-end private-label credit account that otherwise meets the description of a credit card account in comment 107(a)(5)-2. A private-label credit card account is a credit card account that can only be used to acquire goods or services provided by one business (for example, a specific merchant, retailer, independent dealer, or manufacturer) or a small group of related businesses. A co-branded or other card that can also be used for purchases at unrelated businesses is not a private-label credit card. A financial institution reports multiple private-label credit card account applications requested at one time in the same manner as credit card account, not private-label applications, using the guidance in comment 103(a)-7.

4. Credit product not provided by the applicant and otherwise undetermined. Pursuant to § 1002.107(c), a financial institution is required to maintain procedures reasonably designed to collect applicant-provided data, which includes credit product. However, if a financial institution is nonetheless unable to collect or otherwise determine credit product information because the applicant does not indicate what credit product it seeks and the application is denied, withdrawn, or closed for incompleteness before a credit product is identified, the financial institution reports that the credit product is “not provided by applicant and otherwise undetermined.”

5. Reporting credit product involving counteroffers. If a financial institution presents a counteroffer for a different credit product than the product the applicant had initially requested, and the applicant does not agree to proceed with the counteroffer, the financial institution reports the application for the original credit product as denied pursuant to § 1002.107(a)(9). If the applicant agrees to proceed with consideration of the financial institution's counteroffer, the financial institution reports the disposition of the application based on the credit product that was offered and does not report the original credit product applied for. See comment 107(a)(9)-2.

6. [Reserved]

7. Guarantees. A financial institution complies with § 1002.107(a)(5)(ii) by selecting the type or types of guarantees that were obtained for an originated covered credit transaction, or that would have been obtained if the covered credit transaction was originated, from the list below. The financial institution selects, if applicable, up to a maximum of five guarantees for a single application. If the type of guarantee does not appear on the list, the financial institution selects “other” and reports the type of guarantee via free-form text field. If no guarantee is obtained or would have been obtained if the covered credit transaction was originated, the financial institution selects “no guarantee.” If an application is denied, withdrawn, or closed for incompleteness before any guarantee has been identified, the financial institution selects “no guarantee.” The financial institution chooses State government guarantee or local government guarantee, as applicable, based on the entity directly administering the program, not the source of funding.

i. Personal guarantee—owner(s).

ii. Personal guarantee—non-owner(s).

iii. SBA guarantee—7(a) program.

iv. SBA guarantee—504 program.

v. SBA guarantee—other.

vi. USDA guarantee.

vii. FHA insurance.

viii. Bureau of Indian Affairs guarantee.

ix. Other Federal guarantee.

x. State government guarantee.

xi. Local government guarantee.

xii. Other.

xiii. No guarantee.

8. Loan term. A financial institution complies with § 1002.107(a)(5)(iii) by reporting the number of months in the loan term for the covered credit transaction. The loan term is the number of months after which the legal obligation will mature or terminate, measured from the date of origination. For transactions involving real property, the financial institution may instead measure the loan term from the date of the first payment period and disregard the time that elapses, if any, between the settlement of the transaction and the first payment period. For example, if a loan closes on April 12, but the first payment is not due until June 1 and includes the interest accrued in May (but not April), the financial institution may choose not to include the month of April in the loan term. In addition, the financial institution may round the loan term to the nearest full month or may count only full months and ignore partial months, as it so chooses. If a credit product, such as a credit card, does not have a loan term, the financial institution reports that the loan term is “not applicable.” The financial institution also reports that the loan term is “not applicable” if the credit product is reported as “not provided by applicant and otherwise undetermined.” For a credit product that generally has a loan term, the financial institution reports “not provided by applicant and otherwise undetermined” if the application is denied, withdrawn, or determined to be incomplete before a loan term has been identified.

107(a)(18) Minority-Owned and Women-Owned Business Statuses

1. General. A financial institution must ask an applicant whether it is a minority-owned and/or women-owned business. The financial institution must permit an applicant to refuse ( i.e., decline) to answer the financial institution's inquiry regarding business status and must inform the applicant that the applicant is not required to provide the information. See the sample data collection form in appendix E to this part for sample language for providing this notice to applicants. The financial institution must report the applicant's substantive response regarding each business status, that the applicant declined to answer the inquiry (that is, selected an answer option of “I do not wish to provide this information” or similar), or its failure to respond to the inquiry (that is, “not provided by applicant”), as applicable.

2. Definitions. When inquiring about minority-owned and women-owned business statuses (regardless of whether the request is made on a paper form, electronically, or orally), the financial institution also must provide the applicant with definitions of the terms “minority-owned business” and “women-owned business” as set forth in § 1002.102(m) and (s), respectively. The financial institution satisfies this requirement if it provides the definitions as set forth in the sample data collection form in appendix E.

3. Combining questions. A financial institution may combine on the same paper or electronic data collection form the questions regarding minority-owned and women-owned business status pursuant to § 1002.107(a)(18) with principal owners' ethnicity, race, and sex pursuant to § 1002.107(a)(19) and the applicant's number ( printed page 51002) of principal owners pursuant to § 1002.107(a)(20). See the sample data collection form in appendix E.

4. Notices. When requesting minority-owned and women-owned business statuses from an applicant, a financial institution must inform the applicant that the financial institution cannot discriminate on the basis of the applicant's minority-owned or women-owned business statuses, or on whether the applicant provides its minority-owned or women-owned business statuses. A financial institution must also inform the applicant that Federal law requires it to ask for an applicant's minority-owned and women-owned business statuses to help ensure that all small business applicants for credit are treated fairly, and that communities' small business credit needs are being fulfilled. A financial institution may combine these notices regarding minority-owned and women-owned business statuses with the notices that a financial institution is required to provide when requesting principal owners' ethnicity, race, and sex if a financial institution requests information pursuant to § 1002.107(a)(18) and (19) in the same data collection form or at the same time. See the sample data collection form in appendix E for sample language that a financial institution may use for these notices.

5. Maintaining the record of an applicant's response regarding minority-owned and women-owned business statuses separate from the application. A financial institution must maintain the record of an applicant's responses to the financial institution's inquiry pursuant to § 1002.107(a)(18) separate from the application and accompanying information. See § 1002.111(b) and comment 111(b)-1. If the financial institution provides a paper or electronic data collection form, the data collection form must not be part of the application form or any other document that the financial institution uses to provide or collect any information other than minority-owned business status, women-owned business status, principal owners' ethnicity, race, and sex, and the number of the applicant's principal owners. See the sample data collection form in appendix E. For example, if the financial institution sends the data collection form via email, the data collection form should be a separate attachment to the email or accessed through a separate link in the email. If the financial institution uses a web-based data collection form, the form should be on its own page.

6. Minority-owned and/or women-owned business statuses not provided by applicant. Pursuant to § 1002.107(c), a financial institution shall maintain procedures reasonably designed to collect applicant-provided data, which includes the applicant's minority-owned and women-owned business statuses. However, if a financial institution does not receive a response to the financial institution's inquiry pursuant to § 1002.107(a)(18), the financial institution reports that the applicant's business statuses were “not provided by applicant.”

7. Applicant declines to provide information about minority-owned and/or women-owned business statuses. A financial institution reports that the applicant responded that it did not wish to provide the information about an applicant's minority-owned and women-owned business statuses, if the applicant declines to provide the information by selecting such a response option on a paper or electronic form ( e.g., by selecting an answer option of “I do not wish to provide this information” or similar). The financial institution also reports an applicant's refusal to provide such information in this way, if the applicant orally declines to provide such information for a covered application taken by telephone or another medium that does not involve providing any paper or electronic documents.

8. Conflicting responses provided by applicants. If the applicant both provides a substantive response to the financial institution's inquiry regarding business status (that is, indicates that it is a minority-owned and/or women-owned business, or checks “none apply” or similar) and also checks the box indicating “I do not wish to provide this information” or similar, the financial institution reports the substantive response(s) provided by the applicant (rather than reporting that the applicant declined to provide the information).

9. No verification of business statuses. Notwithstanding § 1002.107(b), a financial institution must report the applicant's substantive response(s), that the applicant declined to answer the inquiry (that is, selected an answer option of “I do not wish to provide this information” or similar), or the applicant's failure to respond to the inquiry (that is, that the information was “not provided by applicant”) pursuant to § 1002.107(a)(18), even if the financial institution verifies or otherwise obtains an applicant's minority-owned and/or women-owned business statuses for other purposes. For example, if a financial institution uses a paper data collection form to ask an applicant if it is a minority-owned business and/or a women-owned business, and the applicant does not indicate that it is a minority-owned business, the financial institution must not report that the applicant is a minority-owned business, even if the applicant indicates that it is a minority-owned business for other purposes, such as for a special purpose credit program or a Small Business Administration program.

107(a)(19) Ethnicity, Race, and Sex of Principal Owners

1. General. A financial institution must ask an applicant to provide its principal owners' ethnicity, race, and sex. The financial institution must permit an applicant to refuse ( i.e., decline) to answer the financial institution's inquiry and must inform the applicant that it is not required to provide the information. See the sample data collection form in appendix E to this part for sample language for providing this notice to applicants. The financial institution must report the applicant's substantive responses regarding principal owners' ethnicity, race, and sex, that the applicant declined to answer an inquiry (that is, selected an answer option of “I do not wish to provide this information” or similar), or its failure to respond to an inquiry (that is, “not provided by applicant”), as applicable. The financial institution must report an applicant's responses about its principal owners' ethnicity, race, and sex, regardless of whether an applicant declines or fails to answer an inquiry about the number of its principal owners under § 1002.107(a)(20). If an applicant provides some, but not all, of the requested information about the ethnicity, race, and sex of a principal owner, the financial institution reports the information that was provided by the applicant and reports that the applicant declined to provide or did not provide (as applicable) the remainder of the information. See comments 107(a)(19)-6 and -7.

2. Definition of principal owner. When requesting a principal owner's ethnicity, race, and sex, the financial institution must also provide the applicant with the definition of the term “principal owner” as set forth in § 1002.102(o). The financial institution satisfies this requirement if it provides the definition of principal owner as set forth in the sample data collection form in appendix E.

3. Combining questions. A financial institution may combine on the same paper or electronic data collection form the questions regarding the principal owners' ethnicity, race and sex pursuant to § 1002.107(a)(19) with the applicant's number of principal owners pursuant to § 1002.107(a)(20) and the applicant's minority-owned and women-owned business statuses pursuant to § 1002.107(a)(18). See the sample data collection form in appendix E.

4. Notices. When requesting a principal owner's ethnicity, race, and sex from an applicant, a financial institution must inform the applicant that the financial institution cannot discriminate on the basis of a principal owner's ethnicity, race, or sex, or on whether the applicant provides the information. A financial institution must also inform the applicant that Federal law requires it to ask for the principal owners' ethnicity, race, and sex to help ensure that all small business applicants for credit are treated fairly, and that communities' small business credit needs are being fulfilled. A financial institution may combine these notices with the similar notices that a financial institution is required to provide when requesting minority-owned business status and women-owned business status, if a financial institution requests information pursuant to § 102.107(a)(18) and (19) in the same data collection form or at the same time. See the sample data collection form in appendix E for sample language that a financial institution may use for these notices.

5. Maintaining the record of an applicant's responses regarding principal owners' ethnicity, race, and sex separate from the application. A financial institution must maintain the record of an applicant's response to the financial institution's inquiries pursuant to § 1002.107(a)(19) separate from the application and accompanying information. See § 1002.111(b) and comment 111(b)-1. If the financial institution provides a paper or electronic data collection form, the data collection form must not be part of the application form or ( printed page 51003) any other document that the financial institution uses to provide or collect any information other than minority-owned business status, women-owned business status, principal owners' ethnicity, race, and sex, and the number of the applicant's principal owners. See the sample data collection form in appendix E for sample language. For example, if the financial institution sends the data collection form via email, the data collection form should be a separate attachment to the email or accessed through a separate link in the email. If the financial institution uses a web-based data collection form, the form should be on its own page.

6. Ethnicity, race, or sex of principal owners not provided by applicant. Pursuant to § 1002.107(c), a financial institution shall maintain procedures reasonably designed to collect applicant-provided data, which includes the ethnicity, race, and sex of an applicant's principal owners. However, if an applicant does not provide the information, such as in response to a request for a principal owner's ethnicity, race, or sex on a paper or electronic data collection form, the financial institution reports the ethnicity, race, or sex (as applicable) as “not provided by applicant” for that principal owner. For example, if the financial institution provides a paper data collection form to an applicant with two principal owners, and asks the applicant to complete and return the form but the applicant does not do so, the financial institution reports that the two principal owners' ethnicity, race, and sex were “not provided by applicant.” Similarly, if the financial institution provides an electronic data collection form, the applicant indicates that it has two principal owners, the applicant provides ethnicity, race, and sex for the first principal owner, and the applicant does not make any selections for the second principal owner's ethnicity, race, or sex, the financial institution reports the ethnicity, race, and sex that the applicant provided for the first principal owner and reports that the ethnicity, race, and sex for the second principal owner was “not provided by applicant.” Additionally, if the financial institution provides an electronic or paper data collection form, the applicant indicates that it has one principal owner, provides the principal owner's ethnicity and sex information, but does not provide information about the principal owner's race and also does not select a response of “I do not wish to provide this information” with regard to race, the financial institution reports the ethnicity and sex provided by the applicant and reports that the race of the principal owner was “not provided by applicant.”

7. Applicant declines to provide information about a principal owner's ethnicity, race, or sex. A financial institution reports that the applicant did not wish to provide the information about a principal owner's ethnicity, race or sex (as applicable), if the applicant declines to provide the information, such as by selecting a response option of “I do not wish to provide this information” on a paper or electronic form ( e.g., by selecting an answer option of “I do not wish to provide this information” or similar). The financial institution also reports an applicant's refusal to provide such information in this way, if the applicant orally declines to provide such information for a covered application taken by telephone or another medium that does not involve providing any paper or electronic form or providing a similar response for an application taken by telephone.

8. Conflicting responses provided by applicant. If the applicant both provides a substantive response to a request for a principal owner's ethnicity, race, or sex (that is, identifies a principal owner's ethnicity, race, or sex) and also checks the box indicating “I do not wish to provide this information” or similar, the financial institution reports the information on ethnicity, race, or sex that was provided by the applicant (rather than reporting that the applicant declined provide the information). For example, if an applicant is completing a paper data collection form and indicates that a principal owner's sex is female and also indicates on the form that the applicant does not wish to provide information regarding that principal owner's sex, the financial institution reports the principal owner's sex as female. A financial institution may, but is not required, to prevent conflicting responses from being entered on an electronic data collection form.

9. No verification of ethnicity, race, and sex of principal owners. Notwithstanding § 1002.107(b), a financial institution must report the applicant's substantive responses as to its principal owners' ethnicity, race, and sex (that is, the applicant's identification of its principal owners' ethnicity, race, and sex), that the applicant declined to answer the inquiry (that is, selected an answer option of “I do not wish to provide this information” or similar), or the applicant's failure to respond to the inquiry (that is, the information was “not provided by applicant”) pursuant to § 1002.107(a)(19), even if the financial institution verifies or otherwise obtains the ethnicity, race, or sex of the applicant's principal owners for other purposes.

10. Reporting for fewer than four principal owners. If an applicant has fewer than four principal owners, the financial institution reports ethnicity, race, and sex information for the number of principal owners that the applicant has and reports the ethnicity, race, and sex fields for additional principal owners as “not applicable.” For example, if an applicant has only one principal owner, the financial institution reports ethnicity, race, and sex information for the first principal owner and reports as “not applicable” the ethnicity, race, and sex data fields for principal owners two through four.

11. Previously collected ethnicity, race, and sex information. If a financial institution reports one or more principal owners' ethnicity, race, or sex information based on previously collected data under § 1002.107(d), the financial institution does not need to collect any additional ethnicity, race, or sex information for other principal owners (if any). See also comment 107(d)-9.

12. Guarantors. A financial institution does not collect or report a guarantor's ethnicity, race, or sex unless the guarantor is also a principal owner of the applicant, as defined in § 1002.102(o).

13. Ethnicity. i. Aggregate categories. A financial institution must permit an applicant to provide each principal owner's ethnicity for purposes of § 1002.107(a)(19) using one or more of the following aggregate categories:

A. Hispanic or Latino.

B. Not Hispanic or Latino.

ii. Disaggregated subcategories. A financial institution must permit an applicant to provide each principal owner's ethnicity for purposes of § 1002.107(a)(19) using one or more of the following disaggregated subcategories, regardless of whether the applicant has indicated that the relevant principal owner is Hispanic or Latino and regardless of whether the applicant selects any aggregate categories: Cuban; Mexican; Puerto Rican; or Other Hispanic or Latino. If an applicant indicates that a principal owner is Other Hispanic or Latino, the financial institution must permit the applicant to provide additional information regarding the principal owner's ethnicity, by using free-form text on a paper or electronic data collection form or using language that informs the applicant of the opportunity to self-identify when taking the application by means other than a paper or electronic data collection form, such as by telephone. The financial institution must permit the applicant to provide additional information indicating, for example, that the principal owner is Argentinean, Colombian, Dominican, Nicaraguan, Salvadoran, or Spaniard. See the sample data collection form in appendix E for sample language. If an applicant chooses to provide additional information regarding a principal owner's ethnicity, such as by indicating that a principal owner is Argentinean orally or in writing on a paper or electronic form, a financial institution must report that additional information via free-form text. If the applicant provides such additional information but does not also indicate that the principal owner is Other Hispanic or Latino ( e.g., by selecting Other Hispanic or Latino on a paper or electronic form), a financial institution is permitted, but not required, to report Other Hispanic or Latino as well.

iii. Selecting multiple categories. The financial institution must permit the applicant to select one, both, or none of the aggregate categories and as many disaggregated subcategories as the applicant chooses. A financial institution must permit an applicant to select a disaggregated subcategory even if the applicant does not select the corresponding aggregate category. For example, an applicant must be permitted to select the Mexican disaggregated subcategory for a principal owner without being required to select the Hispanic or Latino aggregate category. If an applicant provides ethnicity information for a principal owner, the financial institution reports all of the aggregate categories and disaggregated subcategories provided by the applicant. For example, if an applicant selects both aggregate categories and four disaggregated subcategories for a principal owner, the financial institution reports the two aggregate ( printed page 51004) categories that the applicant selected and all four of the disaggregated subcategories that the applicant selected. Additionally, if an applicant selects only the Mexican disaggregated subcategory for a principal owner and no aggregate categories, the financial institution reports Mexican for the ethnicity of the applicant's principal owner but does not also report Hispanic or Latino. Further, if the applicant selects an aggregate category ( e.g., Not Hispanic or Latino) and a disaggregated subcategory that does not correspond to the aggregate category ( e.g., Puerto Rican), the financial institution reports the information as provided by the applicant ( e.g., Not Hispanic or Latino, and Puerto Rican).

14. Race. i. Aggregate categories. A financial institution must permit an applicant to provide each principal owner's race for purposes of § 1002.107(a)(19) using one or more of the following aggregate categories:

A. American Indian or Alaska Native.

B. Asian.

C. Black or African American.

D. Native Hawaiian or Other Pacific Islander.

E. White.

ii. Disaggregated subcategories. The financial institution must permit an applicant to provide a principal owner's race for purposes of § 1002.107(a)(19) using one or more of the disaggregated subcategories as listed in this comment 107(a)(19)-14.ii, regardless of whether the applicant has selected the corresponding aggregate category.

A. The Asian aggregate category includes the following disaggregated subcategories: Asian Indian, Chinese, Filipino, Japanese, Korean, Vietnamese, and Other Asian. An applicant must also be permitted to provide the principal owner's race using one or more of these disaggregated subcategories regardless of whether the applicant indicates that the principal owner is Asian and regardless of whether the applicant selects any aggregate categories. Additionally, if an applicant indicates that a principal owner is Other Asian, the financial institution must permit the applicant to provide additional information about the principal owner's race, by using free-form text on a paper or electronic data collection form or using language that informs the applicant of the opportunity to self-identify when taking the application by means other than a paper or electronic data collection form, such as by telephone. The financial institution must permit the applicant to provide additional information indicating, for example, that the principal owner is Cambodian, Hmong, Laotian, Pakistani, or Thai. See the sample data collection form in appendix E for sample language.

B. The Black or African American aggregate category includes the following disaggregated subcategories: African American, Ethiopian, Haitian, Jamaican, Nigerian, Somali, and Other Black or African American. An applicant must also be permitted to provide the principal owner's race using one or more of these disaggregated subcategories regardless of whether the applicant indicates that the principal owner is Black or African American and regardless of whether the applicant selects any aggregate categories. Additionally, if an applicant indicates that a principal owner is Other Black or African American, the financial institution must permit the applicant to provide additional information about the principal owner's race, by using free-form text on a paper or electronic data collection form or using language that informs the applicant of the opportunity to self-identify when taking the application by means other than a paper or electronic data collection form, such as by telephone. The financial institution must permit the applicant to provide additional information indicating, for example, that the principal owner is Barbadian, Ghanaian, or South African. See the sample data collection form in appendix E for sample language.

C. The Native Hawaiian or Other Pacific Islander aggregate category includes the following disaggregated subcategories: Guamanian, Chamorro, Native Hawaiian, Samoan, and Other Pacific Islander. An applicant must also be permitted to provide the principal owner's race using one or more of these disaggregated subcategories regardless of whether the applicant indicates that the principal owner is Native Hawaiian or Other Pacific Islander and regardless of whether the applicant selects any aggregate categories. Additionally, if an applicant indicates that a principal owner is Other Pacific Islander, the financial institution must permit the applicant to provide additional information about the principal owner's race, by using free-form text on a paper or electronic data collection form or using language that informs the applicant of the opportunity to self-identify when taking the application by means other than a paper or electronic data collection form, such as by telephone. The financial institution must permit the applicant to provide additional information indicating, for example, that the principal owner is Fijian or Tongan. See the sample data collection form in appendix E for sample language.

D. If an applicant chooses to provide additional information regarding a principal owner's race, such as indicating that a principal owner is Cambodian, Barbadian, or Fijian orally or in writing on a paper or electronic form, a financial institution must report that additional information via free-form text in the appropriate data reporting field. If the applicant provides such additional information but does not also indicate that the principal owner is Other Asian, Other Black or African American, or Other Pacific Islander, as applicable ( e.g., by selecting Other Asian on a paper or electronic form), a financial institution is permitted, but not required, to report the corresponding “Other” race disaggregated subcategory ( i.e., Other Asian, Other Black or African American, or Other Pacific Islander).

E. In addition to permitting an applicant to indicate that a principal owner is American Indian or Alaska Native, a financial institution must permit an applicant to provide the name of an enrolled or principal tribe, by using free-form text on a paper or electronic data collection form or using language that informs the applicant of the opportunity to self-identify when taking the application by means other than a paper or electronic data collection form, such as by telephone. If an applicant chooses to provide the name of an enrolled or principal tribe, a financial institution must report that information via free-form text in the appropriate data reporting field. If the applicant provides the name of an enrolled or principal tribe but does not also indicate that the principal owner is American Indian or Alaska Native ( e.g., by selecting American Indian or Alaska Native on a paper or electronic form), a financial institution is permitted, but not required, to report American Indian or Alaska Native as well.

iii. Selecting multiple categories. The financial institution must permit the applicant to select as many aggregate categories and disaggregated subcategories as the applicant chooses. A financial institution must permit an applicant to select one or more disaggregated subcategories even if the applicant does not select an aggregate category. For example, an applicant must be permitted to select the Chinese disaggregated subcategory for a principal owner without being required to select the Asian aggregate category. If an applicant provides race information for a principal owner, the financial institution reports all of the aggregate categories and disaggregated subcategories provided by the applicant. For example, if an applicant selects two aggregate categories and five disaggregated subcategories for a principal owner, the financial institution reports the two aggregate categories that the applicant selected and the five disaggregated subcategories that the applicant selected. Additionally, if an applicant selects only the Chinese disaggregated subcategory for a principal owner, the financial institution reports Chinese for the race of the principal owner but does not also report that the principal owner is Asian. Similarly, if the applicant selects an aggregate category ( e.g., Asian) and a disaggregated subcategory that does not correspond to the aggregate category ( e.g., Native Hawaiian), the financial institution reports the information as provided by the applicant ( e.g., Asian and Native Hawaiian).

15. Sex. A financial institution must permit an applicant to provide each principal owner's sex for purposes of § 1002.107(a)(19) using the categories male or female.

16. Ethnicity and race information requested orally. As described in comments 107(a)(19)-13 and -14, when collecting principal owners' ethnicity and race pursuant to § 1002.107(a)(19), a financial institution must present the applicant with the specified aggregate categories and disaggregated subcategories. When collecting ethnicity and race information orally, such as by telephone, a financial institution may not present the applicant with the option to decline to provide the information without also presenting the applicant with the specified aggregate categories and disaggregated subcategories.

i. Ethnicity and race categories. Notwithstanding comments 107(a)(19)-13 and -14, a financial institution is not required to read aloud every disaggregated subcategory when collecting ethnicity and ( printed page 51005) race information orally, such as by telephone. Rather, the financial institution must orally present the lists of aggregate ethnicity and race categories, followed by the disaggregated subcategories (if any) associated with the aggregate categories selected by the applicant or which the applicant requests to be presented. After the applicant makes any disaggregated category selections associated with the aggregate ethnicity or race category, the financial institution must also ask if the applicant wishes to hear the lists of disaggregated subcategories for any aggregate categories not selected by the applicant. The financial institution must record any aggregate categories selected by the applicant, as well as any disaggregated subcategories regardless of whether such subcategories were selected based on the disaggregated subcategories read by the financial institution or were otherwise provided by the applicant.

ii. More than one principal owner. If an applicant has more than one principal owner, the financial institution is permitted to ask about ethnicity and race in a manner that reduces repetition when collecting ethnicity and race information orally, such as by telephone. For example, if an applicant has two principal owners, the financial institution may ask for both principal owners' ethnicity at the same time, rather than asking about ethnicity, race, and sex for the first principal owner followed by ethnicity, race, and sex for the second principal owner.

107(b) Reliance on and Verification of Applicant-Provided Data

1. Reliance on information provided by an applicant or appropriate third-party sources. A financial institution may rely on statements made by an applicant (whether made in writing or orally) or information provided by an applicant when compiling and reporting data pursuant to subpart B of this part for applicant-provided data; the financial institution is not required to verify those statements or that information. However, if the financial institution does verify applicant statements or information for its own business purposes, such as statements relating to gross annual revenue or time in business, the financial institution reports the verified information. Depending on the circumstances and the financial institution's procedures, certain applicant-provided data can be collected from appropriate third-party sources without a specific request from the applicant, and such information may also be relied on. For example, gross annual revenue or NAICS code may be collected from tax return documents; a financial institution may also collect an applicant's NAICS code using third-party sources such as business information products. Applicant-provided data are the data that are or could be provided by the applicant, including § 1002.107(a)(5) through (7), (13) through (15), and (17) through (20). See comment 107(c)(1)-3. In regard to restrictions on verification of minority-owned and women-owned business statuses, and principal owners' ethnicity, race, and sex, see comments 107(a)(18)-9 and 107(a)(19)-9.

107(c) Time and Manner of Collection

107(c)(1) In General

1. Procedures. The term “procedures” refers to the actual practices followed by a financial institution as well as its stated procedures. For example, if a financial institution's stated procedure is to collect applicant-provided data on or with a paper application form, but employees encourage applicants to skip the page that asks whether the applicant is a minority-owned business or a women-owned business under § 1002.107(a)(18), the financial institution's procedures are not reasonably designed to obtain a response.

2. Latitude to design procedures. A financial institution has flexibility to establish procedures concerning the timing and manner in which it collects applicant-provided data that work best for its particular lending model and product offerings, provided those procedures are reasonably designed to collect the applicant-provided data in § 1002.107(a), as required pursuant to § 1002.107(c)(1), and where applicable comply with the minimum requirements set forth in § 1002.107(c)(2).

3. Applicant-provided data. Applicant-provided data are the data that are or could be provided by the applicant, including § 1002.107(a)(5) (credit type), § 1002.107(a)(6) (credit purpose), § 1002.107(a)(7) (amount applied for), § 1002.107(a)(13) (address or location for purposes of determining census tract), § 1002.107(a)(14) (gross annual revenue), § 1002.107(a)(15) (NAICS code, or information about the business such that the financial institution can determine the applicant's NAICS code), § 1002.107(a)(17) (time in business), § 1002.107(a)(18) (minority-owned business status and women-owned business status), § 1002.107(a)(19) (ethnicity, race, and sex of the applicant's principal owners), and § 1002.107(a)(20) (number of principal owners). Applicant-provided data do not include data that are generated or supplied only by the financial institution, including § 1002.107(a)(1) (unique identifier), § 1002.107(a)(2) (application date), § 1002.107(a)(8) (amount approved or originated), § 1002.107(a)(9) (action taken), § 1002.107(a)(10) (action taken date), and § 1002.107(a)(13) (census tract, based on address or location provided by the applicant).

4. Collecting applicant-provided data without a direct request to the applicant. Depending on the circumstances and the financial institution's procedures, certain applicant-provided data can be collected without a direct request to the applicant. For example, credit type may be collected based on the type of product chosen by the applicant. Similarly, a financial institution may rely on appropriate third-party sources to collect certain applicant-provided data. See § 1002.107(b) concerning the use of third-party sources.

5. Data updated by the applicant. A financial institution reports updated data if it obtains more current data from the applicant during the application process. For example, if an applicant states its gross annual revenue for the preceding fiscal year was $900,000, but then the applicant notifies the financial institution that its revenue in the preceding fiscal year was actually $950,000, the financial institution reports gross annual revenue of $950,000. For reporting verified applicant-provided data, see § 1002.107(b) and comment 107(b)-1. If a financial institution has already verified data and then the applicant updates it, the financial institution reports the information it believes to be more accurate, in its discretion. If a financial institution receives updates from the applicant after the application process has closed (for example, after closing or account opening), the financial institution may, at its discretion, update the data at any time prior to reporting the covered application to the Bureau.

107(c)(2) Applicant-Provided Data Collected Directly From the Applicant

1. In general. Whether a financial institution's procedures are reasonably designed to collect applicant-provided data is a fact-based determination and may depend on the financial institution's particular lending model, product offerings, and other circumstances; procedures that are reasonably designed to obtain a response may therefore require additional provisions beyond the minimum criteria set forth in § 1002.107(c)(2). In general, reasonably designed procedures will make applicant-provided data available for collection. While the requirements of § 1002.107(c)(2) do not apply to applicant-provided data that a financial institution obtains without a direct request to the applicant, as explained in comment 107(c)(1)-4, in such instances, a covered financial institution must still comply with § 1002.107(c)(1).

2. Specific components. i. Timing of initial collection attempt. While a financial institution has some flexibility concerning when applicant-provided data is are collected, it should attempt to make the initial request for applicant-provided data before notifying an applicant of final action taken on a covered application. Generally, the earlier in the application process the financial institution initially seeks to collect applicant-provided data, the more likely the timing of collection is reasonably designed to obtain a response.

ii. The request for applicant-provided data is prominently displayed or presented. Pursuant to § 1002.107(c)(2)(ii), a financial institution must make a reasonable attempt to ensure an applicant actually sees, hears, or is otherwise presented with the request for applicant-provided data. A financial institution also does not have reasonably designed procedures if it obscures, prevents, or inhibits an applicant from accessing or reviewing a request for applicant-provided data.

iii. [Reserved]

iv. The applicant can easily provide a response. Pursuant to § 1002.107(c)(2)(iv), a financial institution must structure the request for information in a manner that makes it easy for the applicant to provide a response. For example, a financial institution requests applicant-provided data in the same format as other information required for the covered application, provides applicants multiple methods to provide or return applicant-provided data (for example, on a ( printed page 51006) written form, through a web portal, or through other means), or provides the applicant some other type of straightforward and seamless method to provide a response. Conversely, a financial institution must avoid imposing unnecessary burden on an applicant to provide the information requested or requiring the applicant to take steps that are inconsistent with the rest of its application process. For example, a financial institution does not have reasonably designed procedures if it collects application information related to its own creditworthiness determination in electronic form, but mails a paper form to the applicant initially seeking the data required under § 1002.107(a) that the financial institution does not otherwise need for its creditworthiness determination and requiring the applicant to mail it back. On the other hand, a financial institution complies with § 1002.107(c)(2)(iv) if, at its discretion, it requests the applicant to respond to inquiries made pursuant to § 1002.107(a)(18) and (19) through a reasonable method intended to keep the applicant's responses discrete and protected from view.

v. Multiple requests for applicant-provided data. A financial institution is permitted, but not required, to make more than one attempt to obtain applicant-provided data if the applicant does not respond to an initial request. For example, if an applicant initially does not respond when asked early in the application process (before notifying the applicant of final action taken on the application, pursuant to § 1002.107(c)(2)(i)) to inquiries made pursuant to § 1002.107(a)(18) and (19), a financial institution may request this information again, for example, during a subsequent in-person meeting with the applicant or after notifying the applicant of final action taken on the covered application. However, making multiple inquiries for applicant-provided data does not evidence the existence of reasonably designed procedures.

107(d) Previously Collected Data

1. In general. A financial institution may, for the purpose of reporting such data pursuant to § 1002.109, reuse certain previously collected data if the requirements of § 1002.107(d) are met. In that circumstance, a financial institution need not seek to collect the data anew in connection with a subsequent covered application to satisfy the requirements of this subpart. For example, if an applicant applies for and is granted a term loan, and then subsequently applies for a credit card in the same calendar year, the financial institution need not request again the data specified in § 1002.107(d). Similarly, if an applicant applies for more than one covered credit transaction at one time, a financial institution need only ask once for the data specified in § 1002.107(d).

2. Data that can be reused. Subject to the requirements of § 1002.107(d), a financial institution may reuse the following data: § 1002.107(a)(13) (address or location for purposes of determining census tract), § 1002.107(a)(14) (gross annual revenue) (subject to comment 107(d)-7), § 1002.107(a)(15) (NAICS code), § 1002.107(a)(17) (time in business) (subject to comment 107(d)-8), § 1002.107(a)(18) (minority-owned business status and women-owned business status) (subject to comment 107(d)-9), § 1002.107(a)(19) (ethnicity, race, and sex of applicant's principal owners) (subject to comment 107(d)-9), and § 1002.107(a)(20) (number of principal owners). A financial institution is not, however, permitted to reuse other data, such as § 1002.107(a)(6) (credit purpose).

3. Previously reported data without a substantive response. Data have not been “previously collected” within the meaning of § 1002.107(d) if the applicant did not provide a substantive response to the financial institution's request for that data and the financial institution was not otherwise able to obtain the requested data (for example, from the applicant's credit report, or tax returns).

4. Updated data. If, after the application process has closed on a prior covered application, a financial institution obtains updated information relevant to the data required to be collected and reported pursuant to § 1002.107(a)(13) through (15) and (17) through (20), and the applicant subsequently submits a new covered application, the financial institution must use the updated information in connection with the new covered application (if the requirements of § 1002.107(d) are otherwise met) or seek to collect the data again. For example, if a business notifies a financial institution of a change of address of its sole business location, and subsequently submits a covered application within the time period specified in § 1002.107(d)(1) for reusing previously collected data, the financial institution must report census tract based on the updated information. In that circumstance, the financial institution may still reuse other previously collected data to satisfy § 1002.107(a)(14), (15), and (17) through (20) if the requirements of § 1002.107(d) are met.

5. Collection within the preceding 36 months. Pursuant to § 1002.107(d)(1), data can be reused to satisfy § 1002.107(a)(13), (15), and (17) through (20) if they are collected within the preceding 36 months. A financial institution may measure the 36-month period from the date of final action taken (§ 1002.107(a)(9)) on a prior application to the application date (§ 1002.107(a)(2)) on a subsequent application. For example, if a financial institution takes final action on an application on February 1, 2027, it may reuse certain previously collected data pursuant to § 1002.107(d)(1) for subsequent covered applications dated or received by the financial institution through January 31, 2030.

6. Reason to believe data are inaccurate. Whether a financial institution has reason to believe data are inaccurate pursuant to § 1002.107(d)(2) depends on the particular facts and circumstances. For example, a financial institution may have reason to believe data on the applicant's minority-owned business status and women-owned business status may be inaccurate if it knows that the applicant has had a change in ownership or a change in an owner's percentage of ownership.

7. Collection of gross annual revenue in the same calendar year. Pursuant to § 1002.107(d)(1), gross annual revenue information can be reused to satisfy § 1002.107(a)(14) provided it is collected in the same calendar year as the current covered application, as measured from the application date. For example, if an application is received and gross annual revenue is collected in connection with a covered application in one calendar year, but then final action was taken on the application in the following calendar year, the data may only be reused for the calendar year in which it was collected and not the calendar year in which final action was taken on the application. However, if an application is received and gross annual revenue is collected in connection with a covered application in one calendar year, a financial institution may reuse that data pursuant to § 1002.107(d) in a subsequent application initiated in the same calendar year, even if final action was taken on the subsequent application in the following calendar year.

8. Time in business. A financial institution that decides to reuse previously collected data to satisfy § 1002.107(a)(17) (time in business) must update the data to reflect the passage of time since the data were collected. If a financial institution only knows that the applicant had been in business less than two years at the time the data was initially collected, as described in comment 107(a)(17)-1.ii or iii, it updates the data based on the assumption that the applicant had been in business for 12 months at the time of the prior collection. For example:

i. If a financial institution previously collected data on a prior covered application that the applicant has been in business for four years, and then seeks to reuse that data for a subsequent covered application submitted one year later, it must update the data to reflect that the applicant has been in business for five years.

ii. If a financial institution previously collected data on a prior covered application that the applicant had been in business less than two years (and was not aware of the business's actual length of time in business at the time), and then seeks to reuse that data for a subsequent covered application submitted 18 months later, the financial institution reports time in business on the subsequent covered application as over two years in business.

9. Minority-owned business status, women-owned business status, and principal owners' ethnicity, race, and sex. A financial institution may not reuse data to satisfy § 1002.107(a)(18) and (19) unless the data were collected in connection with a prior covered application pursuant to this subpart B. If the financial institution previously asked the applicant to provide its minority-owned business status and women-owned business status, and principal owners' ethnicity, race, and sex for purposes of § 1002.107(a)(18) and (19), and the applicant declined to provide the information (such as by selecting “I do not wish to provide this information” or similar on a data collection form or by telling the financial institution that it did not wish to provide the information), the financial institution may use that response when reporting data for a ( printed page 51007) subsequent application pursuant to § 1002.107(d). However, if the applicant failed to respond (such as by leaving the response to the question blank or by failing to return a data collection form), the financial institution must inquire about the applicant's minority-owned business status, women-owned business status, and principal owners' ethnicity, race, or sex, as applicable, in connection with a subsequent application because the data were not previously obtained. See also comment 107(a)(19)-11 concerning previously collected ethnicity, race, and sex information.

Section 1002.108—Firewall

108(b) Prohibition on Access to Certain Information

1. Scope of persons subject to the prohibition. The prohibition in § 1002.108(b) applies to an employee or officer of a covered financial institution or its affiliate if the employee or officer is involved in making any determination concerning a covered application from a small business. For example, if a financial institution is affiliated with company B and an employee of company B is involved in making a determination concerning a covered application on behalf of the financial institution, then the financial institution must comply with § 1002.108 with regard to company B's employee. Section 1002.108 does not require a financial institution to limit the access of employees and officers of third parties who are not affiliates of the financial institution.

2. Scope of information that cannot be accessed when the prohibition applies to an employee or officer. i. Information that cannot be accessed when the prohibition applies. If a particular employee or officer is involved in making a determination concerning a covered application from a small business, the prohibition in § 1002.108(b) only limits that employee's or officer's access to that small business applicant's responses to the inquiries that the covered financial institution makes to satisfy § 1002.107(a)(18) and (19). For example, if a financial institution uses a paper data collection form to request information pursuant to § 1002.107(a)(18) and (19), an employee or officer that is subject to the prohibition is not permitted access to the paper data collection form that contains the applicant's responses to the inquiries made pursuant to pursuant to § 1002.107(a)(18) and (19), or to any other record that identifies how the particular applicant responded to those inquires. Similarly, if a financial institution makes the inquiries required pursuant to § 1002.107(a)(18) and (19) during a telephone call, the prohibition applies to the applicant's responses to those inquiries provided during that telephone call and to any record that identifies how the particular applicant responded to those inquiries.

ii. Information that can be accessed when the prohibition applies. If a particular employee or officer is involved in making a determination concerning a covered application, the prohibition in § 1002.108(b) does not limit that employee's or officer's access to an applicant's responses to inquiries regarding whether the applicant is a minority-owned or women-owned business, or principal owners' ethnicity, race, or sex, made for purposes other than compliance with § 1002.107(a)(18) or (19). Thus, for example, an employee or officer who is subject to the prohibition in § 1002.108(b) may have access to information regarding whether an applicant is eligible for a Small Business Administration program for women-owned businesses without regard to whether the exception in § 1002.108(c) is satisfied. Additionally, an employee or officer who knows that an applicant is a minority-owned business or a women-owned business, or who knows the ethnicity, race, or sex of any of the applicant's principal owners due to activities unrelated to the inquiries made to satisfy the financial institution's obligations under § 1002.107(a)(18) and (19) is not prohibited from making a determination concerning the applicant's covered application. Thus, an employee or officer who knows, for example, that an applicant is a minority-owned business due to a social relationship or another professional relationship with the applicant or any of its principal owners may make determinations concerning the applicant's covered application. Furthermore, an employee or officer that is involved in making a determination concerning a covered application may see, consider, refer to, or use data collected to satisfy aspects of § 1002.107 other than § 1002.107(a)(18) or (19), such as gross annual revenue and time in business.

108(d) Notice

1. General. If a financial institution determines that one or more employees or officers should have access pursuant to § 1002.108(c), the financial institution must provide the required notice to, at a minimum, the applicant or applicants whose responses will be accessed by an employee or officer involved in making determinations concerning the applicant's or applicants' covered applications. Alternatively, a financial institution may also provide the required notice to applicants whose responses will not or might not be accessed. For example, a financial institution could provide the notice to all applicants for covered credit transactions or all applicants for a specific type of product.

2. Content of the required notice. The notice must inform the applicant that one or more employees and officers involved in making determinations concerning the applicant's covered application may have access to the applicant's responses regarding the applicant's minority-owned business status and women-owned business status, and its principal owners' ethnicity, race, and sex. See the sample data collection form in appendix E to this part for sample language for providing this notice to applicants. If a financial institution establishes and maintains a firewall and chooses to use the sample data collection form, the financial institution can delete this sample language from the form.

3. Timing for providing the notice. If the financial institution is providing the notice orally, it must provide the notice required by § 1002.108(d) prior to asking the applicant if it is a minority-owned business or women-owned business and prior to asking for a principal owner's ethnicity, race, or sex. If the notice is provided on the same paper or electronic data collection form as the inquiries about minority-owned business status, women-owned business status, and the principal owners' ethnicity, race, or sex, the notice must appear before the inquiries. If the notice is provided in an electronic or paper document that is separate from the data collection form, the notice must be provided at the same time as the data collection form or prior to providing the data collection form. Additionally, the notice must be provided with the non-discrimination notices required pursuant to § 1002.107(a)(18) and (19). See appendix E for sample language.

Section 1002.109—Reporting of Data to the Bureau

109(a)(3) Reporting Obligations Where Multiple Financial Institutions Are Involved in a Covered Credit Transaction

1. General. The following clarifies how to report applications involving more than one financial institution. The discussion below assumes that all parties involved with the covered credit transaction are covered financial institutions. However, the same principles apply if any party is not a covered financial institution.

i. A financial institution shall report the action that it takes on a covered application, whether or not the covered credit transaction closed in the financial institution's name and even if the financial institution used underwriting criteria supplied by another financial institution. However, where it is necessary for more than one financial institution to make a credit decision in order to approve a single covered credit transaction, only the last financial institution with authority to set the material terms of the covered credit transaction is required to report. Setting the material terms of the covered credit transaction include, for example, selecting among competing offers, or modifying pricing information, amount approved or originated, or repayment duration. In this situation, the determinative factor is not which financial institution actually made the last credit decision prior to closing, but rather which financial institution last had the authority for setting the material terms of the covered credit transaction prior to closing. Whether a financial institution has taken action for purposes of § 1002.109(a)(3) and comment 109(a)(3)-1 is not relevant to, and is not intended to repeal, abrogate, annul, impair, or interfere with, section 701(d) (15 U.S.C. 1691(d)) of the Act, § 1002.9, or any other provision within subpart A of this Regulation.

ii. A financial institution takes action on a covered application for purposes of § 1002.109(a)(3) if it denies the application, originates the application, approves the application but the applicant did not accept the transaction, or closes the file or denies for incompleteness. The financial institution ( printed page 51008) must also report the application if it was withdrawn. For reporting purposes, it is not relevant whether the financial institution receives the application directly from the applicant or indirectly through another party, such as a broker, or (except as otherwise provided in comment 109(a)(3)-1.i) whether another financial institution also reviews and reports an action taken on a covered application involving the same credit transaction.

iii. Where it is necessary for more than one financial institution to make a credit decision in order to approve a single covered credit transaction and where more than one financial institution denies the application or otherwise does not approve the application, the reporting financial institution (the last financial institution with authority to set the material terms of the covered credit transaction) shall have a consistent procedure for determining how it reports inconsistent or differing data points for purposes of subpart B. For example, Financial Institution A is the reporting entity because it has the last authority to set the material credit terms. Financial Institution A sends the application to Financial Institution B and Financial Institution C for review, but both Financial Institution B and Financial Institution C deny the application. Based on these denials, Financial Institution A follows suit and denies the application.

2. Examples. The following scenarios illustrate how a financial institution reports a particular covered application. The illustrations assume that all parties involved with the covered credit transaction are covered financial institutions. However, the same principles apply if any party is not a covered financial institution. Examples i through iv involve a single financial institution with responsibility for making a credit decision without the involvement of an intermediary. Example v describes a financial institution intermediary with only passive involvement in the covered credit transaction. Example vi describes a transaction where multiple financial institutions independently decision and take action on a covered application. Examples vii and viii describe situations where more than one financial institution must make a credit decision in order to approve the covered credit transaction. Examples ix and x describe situations involving pooled and participation interests.

i. Financial Institution A received a covered application from an applicant and approved the application before closing the covered credit transaction in its name. Financial Institution A was not acting as Financial Institution B's agent. Financial Institution B later purchased the covered credit transaction from Financial Institution A. Financial Institution A was not acting as Financial Institution B's agent. Financial Institution A reports the application. Financial Institution B has no reporting obligation for this transaction.

ii. Financial Institution A received a covered application from an applicant. If approved, the covered credit transaction would have closed in Financial Institution B's name. Financial Institution A denied the application without sending it to Financial Institution B for approval. Financial Institution A was not acting as Financial Institution B's agent. Since Financial Institution A took action on the application, Financial Institution A reports the application as denied. Financial Institution B does not report the application.

iii. Financial Institution A reviewed a covered application and made a credit decision to approve it using the underwriting criteria provided by a Financial Institution B. Financial Institution B did not review the application and did not make a credit decision prior to closing. Financial Institution A was not acting as Financial Institution B's agent. Financial Institution A reports the application. Financial Institution B has no reporting obligation for this application.

iv. Financial Institution A reviewed and made the credit decision on a covered application based on the criteria of a third-party insurer or guarantor (for example, a government or private insurer or guarantor). Financial Institution A reports the action taken on the application.

v. Financial Institution A received a covered application from an applicant and forwarded that application to Financial Institution B. Financial Institution B reviewed the application and made a credit decision approving the application prior to closing. The covered credit transaction closed in Financial Institution A's name. Financial Institution B purchased the covered credit transaction from Financial Institution A after closing. Financial Institution B was not acting as Financial Institution A's agent. Since Financial Institution B made the credit decision prior to closing, and Financial Institution A's approval was not necessary for the credit transaction, Financial Institution B reports the origination. Financial Institution A does not report the application. Assume the same facts, except that Financial Institution B reviewed the application before the covered credit transaction would have closed, but Financial Institution B denied the application. Financial Institution B reports the application as denied. Financial Institution A does not report the application because it did not take an action on the application. If, under the same facts, the application was withdrawn before Financial Institution B made a credit decision, Financial Institution B would report the application as withdrawn and Financial Institution A would not report the application for the same reason.

vi. Financial Institution A received a covered application and forwarded it to Financial Institutions B and C. Financial Institution A made a credit decision, acting as Financial Institution D's agent, and approved the application. Financial Institutions B and C are not working together with Financial Institutions A or D, or with each other, and are solely responsible for setting the terms of their own credit transactions. Financial Institution B made a credit decision approving the application, and Financial Institution C made a credit decision denying the application. The applicant did not accept the covered credit transaction from Financial Institution D. Financial Institution D reports the application as approved but not accepted. Financial Institution A does not report the application, because it was acting as Financial Institution D's agent. The applicant accepted the offer of credit from Financial Institution B, and credit was extended. Financial Institution B reports the application as originated. Financial Institution C reports the application as denied.

vii. Financial Institution A received a covered application and made a credit decision to approve it using the underwriting criteria provided by Financial Institution B. Financial Institution A was not acting as Financial Institution B's agent. Financial Institution A forwarded the application to Financial Institution B. Financial Institution B reviewed the application and made a credit decision approving the application prior to closing. Financial Institution A makes a credit decision on the application and modifies the credit terms (the interest rate and repayment term) offered by Financial Institution B. The covered credit transaction reflecting the modified terms closes in Financial Institution A's name. Financial Institution B purchases the covered credit transaction from Financial Institution A after closing. As the last financial institution with the authority for setting the material terms of the covered credit transaction, Financial Institution A reports the application as originated. Financial Institution B does not report the origination because it was not the last financial institution with the authority to set the material terms on the application. If, under the same facts, Financial Institution A did not modify the credit terms offered by Financial Institution B, Financial Institution A still reports the application as originated because it was still the last financial institution with the authority for setting the material terms, even if it chose not to so do in a particular instance. Financial Institution B does not report the origination.

viii. Financial Institution A received a covered application and forwarded it to Financial Institutions B, C, and D. Financial Institution A was not acting as anyone's agent. Financial Institution B and C reviewed the application and made a credit decision approving the application and Financial Institution D reviewed the application and made a credit decision denying the application. Prior to closing, Financial Institution A makes a credit decision on the application by deciding to offer to the applicant the credit terms offered by Financial Institution B and does not convey to the applicant the credit terms offered by Financial Institution C. The applicant does not accept the covered credit transaction. As the last financial institution with the authority for setting the material terms of the covered credit transaction, Financial Institution A reports the application as approved but not accepted. Financial Institutions B, C, and D do not report the application because they were not the last financial institution with the authority for setting the material terms of the covered credit transaction. Assume the same facts, except the applicant accepts the terms of the covered credit transaction from Financial ( printed page 51009) Institution B as offered by Financial Institution A. The covered credit transaction closes in Financial Institution A's name. Financial Institution B purchases the transaction after closing. Here, Financial Institution A reports the application as originated. Financial Institutions B, C, and D do not report the application because they were not the last financial institution responsible for setting the material terms of the covered credit transaction.

ix. Financial Institution A receives a covered application and approves it, and then Financial Institution A elects to organize a loan participation agreement where Financial Institutions B and C agree to purchase a partial interest in the covered credit transaction. Financial Institution A reports the application. Financial Institutions B and C have no reporting obligation for this application.

x. Financial Institution A purchases an interest in a pool of covered credit transactions, such as credit-backed securities or real estate investment conduits. Financial Institution A does not report this purchase.

3. Agents. If a covered financial institution takes action on a covered application through its agent, the financial institution reports the application. For example, acting as Financial Institution A's agent, Financial Institution B approved an application prior to closing and a covered credit transaction was originated. Financial Institution A reports the covered credit transaction as an origination. State law determines whether one party is the agent of another.

109(b) Financial Institution Identifying Information

1. Changes to financial institution identifying information. If a financial institution's information required pursuant to § 1002.109(b) changes, the financial institution shall provide the new information with the data submission for the collection year of the change. For example, assume two financial institutions that previously reported data under subpart B of this part merge and the surviving institution retained its Legal Entity Identifier but obtained a new TIN in February 2029. The surviving institution must report the new TIN with its data submission for its 2029 data (which is due by June 1, 2030) pursuant to § 1002.109(b)(5). Likewise, if that financial institution's Federal prudential regulator changes in February 2029 as a result of the merger, it must identify its new Federal prudential regulator in its annual submission for its 2029 data.

Paragraph 109(b)(9)

1. Type of financial institution. A financial institution complies with § 1002.109(b)(9) by selecting the applicable type or types of financial institution from the list below. A financial institution shall select all applicable types.

i. Bank or savings association.

ii. Minority depository institution.

iii. Credit union.

iv. Nondepository institution.

v. Community development financial institution (CDFI).

vi. Other nonprofit financial institution.

vii. [Reserved]

viii. Government lender.

ix. Commercial finance company.

x. Equipment finance company.

xi. Industrial loan company.

xii. Online lender.

xiii. Other.

2. Use of “other” for type of financial institution. A financial institution reports type of financial institution as “other” where none of the enumerated types of financial institution appropriately describe the applicable type of financial institution, and the institution reports the type of financial institution via free-form text field. A financial institution that selects at least one type from the list is permitted, but not required, to also report “other” (with appropriate free-form text) if there is an additional aspect of its business that is not one of the enumerated types set out in comment 109(b)(9)-1.

3. Additional types of financial institution. The Bureau may add additional types of financial institutions via the Filing Instructions Guide and related materials. Refer to the Filing Instructions Guide for any updates for each reporting year.

Section 1002.112—Enforcement

112(c) Safe Harbors

1. Information from a Federal agency—census tract. Section 1002.112(c)(2) provides that an incorrect entry for census tract is not a violation of the Act or subpart B of this part, if the financial institution obtained the census tract using a geocoding tool provided by the FFIEC or the Bureau. However, this safe harbor provision does not extend to a financial institution's failure to provide the correct census tract number for a covered application on its small business lending application register, as required by § 1002.107(a)(13), because the FFIEC or Bureau geocoding tool did not return a census tract for the address provided by the financial institution. In addition, this safe harbor provision does not extend to a census tract error that results from a financial institution entering an inaccurate address into the FFIEC or Bureau geocoding tool.

2. Applicability of NAICS code safe harbor. The safe harbor in § 1002.112(c)(3) applies to an incorrect entry for the 3-digit NAICS code that financial institutions must collect and report pursuant to § 1002.107(a)(15), provided certain conditions are met. For purposes of § 1002.112(c)(3)(i), a financial institution is permitted to rely on statements made by the applicant, information provided by the applicant, or on other information obtained through its use of appropriate third-party sources, including business information products. See also comments 107(a)(15)-4 and 107(b)-1.

3. Incorrect determination of small business status, covered credit transaction, or covered application—examples. Section 1002.112(c)(4) provides a safe harbor from violations of the Act or this regulation for a financial institution that initially collects data under § 1002.107(a)(18) and (19) regarding whether an applicant for a covered credit transaction is a minority-owned or women-owned business, and the ethnicity, race, and sex of the applicant's principal owners, but later concludes that it should not have collected this data, if certain conditions are met. Specifically, to qualify for this safe harbor, § 1002.112(c)(4) requires that the financial institution have had a reasonable basis at the time it collected data under § 1002.107(a)(18) and (19) for believing that the application was a covered application for a covered credit transaction from a small business pursuant to §§ 1002.103, 1002.104, and 1002.106, respectively. For example, Financial Institution A collected data under § 1002.107(a)(18) and (19) from an applicant for a covered credit transaction that had self-reported its gross annual revenue as $900,000. Sometime after Financial Institution A had collected this data from the applicant, the financial institution reviewed the applicant's tax returns, which indicated the applicant's gross annual revenue was in fact $1.1 million. Financial Institution A is permitted to rely on representations made by the applicant regarding gross annual revenue in determining whether an applicant is a small business (see § 1002.107(b) and comments 106(b)(1)-3 and 107(a)(14)-1). Thus, Financial Institution A may have had a reasonable basis to believe, at the time it collected data under § 1002.107(a)(18) and (19), that the applicant was a small business pursuant to § 1002.106, in which case Financial Institution A's collection of such data would not violate the Act or this regulation.

Section 1002.114—Effective Date, Compliance Date, and Special Transition Rules

114(b) Compliance Date

1. Application of compliance date. The compliance date in § 1002.114(b) is the date by which the covered financial institution must begin to compile data as specified in § 1002.107, comply with the firewall requirements of § 1002.108, and begin to maintain records as specified in § 1002.111. In addition, the covered financial institution must comply with § 1002.110(c) and (d) no later than June 1 of the year after the compliance date.

2. [Reserved]

3. [Reserved]

4. Examples. The following scenarios illustrate how to determine whether a financial institution is a covered financial institution subject to the initial compliance date specified in § 1002.114(b)(1).

i. Financial Institution A originated 3,000 covered credit transactions for small businesses in calendar year 2026, and 3,000 in calendar year 2027. Financial Institution A has a compliance date of January 1, 2028.

ii. [Reserved]

iii. [Reserved]

iv. Financial Institution D originated 990 covered credit transactions to small businesses in calendar year 2026, 1,020 in calendar year 2027, and 990 in calendar years 2028 and 2029. Because Financial Institution D did not originate at least 1,000 covered credit transactions for small businesses in each of 2026 and 2027, it is not subject to the initial compliance date set forth in ( printed page 51010) § 1002.114(b)(1). Because Financial Institution D did not originate at least 1,000 covered credit transactions for small businesses in subsequent consecutive calendar years, it is not a covered financial institution under § 1002.105(b) and is not required to comply with the rule in 2029 or 2030.

v. [Reserved]

vi. Financial Institution F originated 990 covered credit transactions for small businesses in calendar year 2026, and 1,020 in 2027, 2028, and 2029. Because Financial Institution F did not originate at least 1,000 covered credit transactions for small businesses in each of 2026 and 2027, it is not subject to the initial compliance date set forth in § 1002.114(b)(1). Because Financial Institution F originated at least 1,000 covered credit transactions for small businesses in subsequent calendar years, § 1002.114(b)(4), which cross-references § 1002.105(b), applies to Financial Institution F. Because Financial Institution F originated at least 1,000 covered credit transactions for small businesses in each of 2027 and 2028, it is a covered financial institution under § 1002.105(b) and is required to comply with the rule beginning January 1, 2029.

vii. [Reserved]

viii. [Reserved]

114(c) Special Transition Rules

1. Collection of certain information prior to a financial institution's compliance date. Notwithstanding § 1002.5(a)(4)(ix), a financial institution that chooses to collect information on covered applications as permitted by § 1002.114(c)(1) in the 12 months prior to the initial compliance date as specified in § 1002.114(b)(1) need comply only with the requirements set out in §§ 1002.107(a)(18) and (19), 1002.108, and 1002.111(b) and (c) with respect to the information collected. During this 12-month period, a covered financial institution need not comply with the provisions of § 1002.107 (other than §§ 1002.107(a)(18) and (19)), § 1002.109, § 1002.110, § 1002.111(a), or § 1002.114.

2. Transition rule for applications received prior to a compliance date but final action is taken after a compliance date. If a covered financial institution receives a covered application from a small business prior to the initial compliance date specified in § 1002.114(b)(1), but takes final action on or after that date, the financial institution is not required to collect data regarding that application pursuant to § 1002.107 nor to report the application pursuant to § 1002.109. For example, if a financial institution receives an application on December 27, 2027, but does not take final action on the application until January 25, 2028, the financial institution is not required to collect data pursuant to § 1002.107 nor to report data to the Bureau pursuant to § 1002.109 regarding that application.

3. Has readily accessible the information needed to determine small business status. A financial institution has readily accessible the information needed to determine whether its originations of covered credit transactions were for small businesses as defined in § 1002.106 if, for instance, it in the ordinary course of business collects data on the precise gross annual revenue of the businesses for which it originates loans, it obtains information sufficient to determine whether an applicant for business credit had gross annual revenues of $1 million or less, or if it collects and reports similar data to Federal or State government agencies pursuant to other laws or regulations.

4. Does not have readily accessible the information needed to determine small business status. A financial institution does not have readily accessible the information needed to determine whether its originations of covered credit transactions were for small businesses as defined in § 1002.106 if it did not in the ordinary course of business collect either precise or approximate information on whether the businesses to which it originated covered credit transactions had gross annual revenue of $1 million or less. In addition, even if precise or approximate information on gross annual revenue was initially collected, a financial institution does not have readily accessible this information if, to retrieve this information, for example, it must review paper loan files, recall such information from either archived paper records or scanned records in digital archives, or obtain such information from third parties that initially obtained this information but did not transmit such information to the financial institution.

5. Reasonable method to estimate the number of originations. The reasonable methods that financial institutions may use to estimate originations for 2026 and 2027 include, but are not limited to, the following:

i. A financial institution may comply with § 1002.114(c)(2) by determining the small business status of covered credit transactions by asking every applicant, prior to the closing of approved transactions, to self-report whether it had gross annual revenue for its preceding fiscal year of $1 million or less, during the period October 1 through December 31, 2026. The financial institution may annualize the number of covered credit transactions it originates to small businesses from October 1 through December 31, 2026, by quadrupling the originations for this period, and apply the annualized number of originations to both calendar years 2026 and 2027.

ii. A financial institution may comply with § 1002.114(c)(2) by asking a representative sample of applicants for covered credit transactions whether they are small businesses.

iii. A financial institution may comply with § 1002.114(c)(2) by using another methodology provided that such methodology is reasonable and documented in writing.

6. Examples. The following scenarios illustrate the potential application of § 1002.114(c)(2) to a financial institution's initial compliance date under § 1002.114(b).

i. Prior to July 1, 2026, Financial Institution A did not collect gross annual revenue or other information that would allow it to determine the small business status of the businesses for whom it originated covered credit transactions in calendar year 2026. Financial Institution A chose to use the methodology set out in comment 114(c)-5.i and as of July 1, 2026, began to collect information on gross annual revenue as defined in § 1002.107(a)(14) for its covered credit transactions originated for businesses. Using this information, Financial Institution A determined that it had originated 750 covered credit transactions for businesses that were small as defined in § 1002.106. On an annualized basis, Financial Institution A originated 3,000 covered credit transactions for small businesses (750 originations * 4 = 3,000 originations per year). Applying this annualized figure of 3,000 originations to both calendar years 2026 and 2027, Financial Institution A is subject to the initial compliance date set forth in § 1002.114(b)(1).

ii. Prior to July 1, 2026, Financial Institution B collected gross annual revenue information for some applicants for business credit, but such information was only noted in its paper loan files. Financial Institution B thus does not have reasonable access to information that would allow it to determine the small business status of the businesses for whom it originated covered credit transactions for the first half of calendar year 2026. Financial Institution B chose to use the methodology set out in comment 114(c)-5.i, and as of October 1, 2026, Financial Institution B began to ask all businesses for whom it was closing covered credit transactions if they had gross annual revenues in the preceding fiscal year of $1 million or less. Using this information, Financial Institution B determined that it had originated 850 covered credit transactions for businesses that were small as defined in § 1002.106. On an annualized basis, Financial Institution B originated 3,400 covered credit transactions for small businesses (850 originations * 4 = 3,400 originations per year). Applying this estimated figure of 3,400 originations to both calendar years 2026 and 2027, Financial Institution B is subject to the initial compliance date set forth in § 1002.114(b)(1).

iii. [Reserved]

iv. Financial Institution D did not collect gross annual revenue or other information that would allow it to determine the small business status of the businesses for whom it originated covered credit transactions in calendar years 2026 and 2027. Financial Institution D determined that it had originated 3,000 total covered credit transactions for businesses in each of 2026 and 2027. Applying the methodology specified in comment 114(c)-5.ii, Financial Institution D assumed that all 3,000 covered credit transactions originated in each of 2026 and 2027 were to small businesses. On that basis, Financial Institution D is subject to the initial compliance date set forth in § 1002.114(b)(1).

v. [Reserved]

vi. Financial Institution F does not have readily accessible gross annual revenue or other information that would allow it to determine the small business status of the businesses for whom it originated covered credit transactions in calendar years 2026 and 2027. Financial Institution F determined that it had originated 480 total covered credit transactions for businesses in 2026 and 550 total covered credit transactions for businesses in 2027. Applying the ( printed page 51011) methodology set out in comment 114(c)-5.ii, Financial Institution F assumed that all such transactions originated in 2026 and 2027 were originated for small businesses. On that basis, Financial Institution E is not subject to the initial compliance date set forth in § 1002.114(b)(1).

vii. [Reserved]

90 FR 50952