SUPPLEMENTARY INFORMATION:

I. Background

In 2010, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). Section 1071 of that Act ^[1] amended the Equal Credit Opportunity Act (ECOA) ^[2] to require that financial institutions collect and report to the Bureau certain data regarding applications for credit for women-owned, minority-owned, and small businesses. Section 1071's statutory purposes are to (1) facilitate enforcement of fair lending laws, and (2) enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses. Section 1071 directs the Bureau to prescribe such rules and issue such guidance as may be necessary to carry out, enforce, and compile data pursuant to section 1071.

The Bureau worked toward a section 1071 rulemaking for a number of years and has sought public comment from stakeholders numerous times. The Bureau held a field hearing on May 10, 2017, and published a request for information regarding the small business lending market.^[3] On July 22, 2020, the Bureau issued a survey to collect information about potential one-time costs to financial institutions to prepare to collect and report data on small business lending.

On September 15, 2020, the Bureau released an Outline of Proposals Under Consideration and Alternatives Considered pursuant to the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA). On October 15, 2020, the Bureau convened a Small Business Review Panel for the section 1071 rulemaking, and the Panel met with small entity representatives (SERs). The Panel Report, publicly released on December 15, 2020, was the culmination of the SBREFA process for the section 1071 rulemaking and included feedback from SERs and written feedback from other stakeholders as well.

On October 8, 2021, the Bureau published in the Federal Register a proposed rule (2021 proposed rule) amending Regulation B to implement changes to ECOA made by section 1071 of the Dodd-Frank Act.^[4] The comment period for the 2021 proposed rule closed on January 6, 2022.

The Bureau received approximately 2,100 comments on the 2021 proposed rule during the comment period. Approximately 650 of these comments were unique, detailed comment letters representing diverse interests. These commenters included lenders such as banks and credit unions, community development financial institutions (CDFIs), community development companies, Farm Credit System (FCS) lenders, online lenders, and others; national and regional industry trade associations; software vendors; business advocacy groups; community groups; research, academic, and other advocacy organizations; Members of Congress; Federal and State government offices/agencies; small businesses; and individuals.

On May 31, 2023, the Bureau published a final rule in the Federal Register to implement section 1071 by adding subpart B to Regulation B (2023 final rule).^[5] Further details about section 1071, small business lending market dynamics, and the Bureau's rulemaking process leading up to the 2023 final rule can be found in the preamble to the 2023 final rule.

On July 3, 2024, the Bureau published in the Federal Register an interim final rule (2024 interim final rule) ^[6] to extend the rule's compliance dates in accordance with orders issued by the United States District Court for the Southern District of Texas.^[7]

Challenges to the 2023 final rule filed by various plaintiffs remain ongoing in three jurisdictions; each of those courts stayed the rule's compliance deadlines for some market participants.^[8] However, the courts did not stay the compliance dates for those who are not plaintiffs or intervenors in those cases.

On June 18, 2025, the Bureau published in the Federal Register an interim final rule (2025 interim final rule) to extend compliance deadlines by approximately one year ^[9] to facilitate consistent compliance across all covered financial institutions. The Bureau sought comment on the 2025 interim final rule.

On October 2, 2025, the Bureau published in the Federal Register a final rule (2025 compliance date final rule) that confirmed its findings in the 2025 interim final rule and determined upon a review of comments received that no further substantive changes were necessary.^[10] The Bureau received 20 comments in response to the 2025 ( printed page 23531) interim final rule. Most commenters addressed the 2025 interim final rule itself. Other comments addressed provisions of the 2023 final rule not addressed by the 2025 interim final rule, some of which are discussed below.

On November 13, 2025, the Bureau published in the Federal Register a proposed rule to amend the 2023 final rule (2025 proposed rule).^[11] The comment period for the 2025 proposed rule closed on December 15, 2025. The Bureau received approximately 410 comments on the proposal during the comment period. These commenters included lenders such as banks and credit unions, community development financial institutions (CDFIs), Farm Credit System (FCS) lenders, online lenders, and others; national and regional industry trade associations; service providers; advocacy groups; community groups; Members of Congress; an independent office of a Federal agency; small businesses; and individuals. Materials on the record, including any ex parte submissions and summaries of ex parte discussions, are available on the public docket for this rulemaking.

Based on reactions to the 2023 final rule, including continued feedback from stakeholders and the ongoing litigation, on comments received on the 2025 proposed rule, and on further consideration, the Bureau now believes that at the onset of a potentially long-term data collection regime, it should start with more modest requirements, focusing on core lending products, lenders, and data. The Bureau believes that that reaction to the 2023 final rule was in part based on its expansive approach, appearing to seek broad coverage of lenders, products, and information collected.^[12] The Bureau does not believe that alignment with the statutory purposes of section 1071 requires the use of its discretionary authority to collect data with such a breadth of scope.

The Bureau now believes that the 2023 final rule should have given more weight to qualitative differences among certain types of lenders and the likelihood that smaller lenders would face difficulties—which they had expressed in comments on the 2021 proposed rule, after the 2023 final rule, and on the 2025 proposed rules—addressing the complexity of a rule of broad scope, both of which could potentially diminish the quality of the data they collect.

The Bureau believes, based on this experience, that a longer-term approach to advance the statutory purposes of section 1071 is to commence the collection of data with a narrower scope to ensure its quality and to limit, as much as possible, any disturbance of the provision and availability of credit to small businesses. The statutory purposes of the rule are not well served by an expansive rule that could create disruptions in small business lending markets.

Rather, the Bureau now believes that an incremental approach will better serve the statutory purposes of section 1071 in the long term. Such an approach will start with core lending products, core providers, and core data points. This approach complies with section 1071 and furthers its statutory purposes while reducing the rule's initial impact on small businesses and lenders. Over time, as the Bureau and financial institutions learn from early iterations of data collections, the Bureau could consider amending the rule.

The gradual development of data collection under the Home Mortgage Disclosure Act (HMDA) ^[13] and its implementing Regulation C ^[14] over the past 50 years demonstrates the value of an incremental approach. Congress passed HMDA in 1975,^[15] and the Board Governors of the Federal Reserve System (Board) promulgated implementing regulations in 1976, requiring the collection of relatively few data points from relatively few lenders. At various points, HMDA amendments passed by Congress, among other things, expanded the breadth of financial institutions covered, as well as the number of data points collected from those reporting institutions.^[16] Over time, rulemakings by the Board and the Bureau implemented these amendments, added and removed data points, and expanded and contracted the scope of Regulation C.^[17]

The Bureau believes that it should approach the section 1071 data collection regime as a longer-term project akin to HMDA. The Bureau believes that it is a proper use of its authority under 15 U.S.C. 1691c-2 to make changes to several portions of the 2023 final rule to commence data collection with a focus on core lending products, core lenders, and mostly statutory data points. The Bureau believes that this incrementalist approach—starting with a more modest rule with a limited set of products, lenders, or data points—will serve the long-term interests of section 1071.

In addition, on January 20, 2025, the President issued Executive Order (E.O.) 14168, “Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government” (Defending Women E.O.).^[18] That order, among other things, directs Federal agencies to remove references and questions discussing gender identity. The order also identifies a binary of male/female sex, directing agencies to use those terms when seeking information about an individual's sex.

The Bureau has consulted with the appropriate prudential regulators and other Federal agencies regarding consistency with any prudential, market, or systemic objectives administered by these agencies as required by section 1022(b)(2)(B) of the Dodd-Frank Act.

II. Legal Authority

The Bureau is issuing this final rule pursuant to its authority under section 1071. As discussed above, in the Dodd-Frank Act, Congress amended ECOA by adding section 1071, which directs the Bureau to adopt regulations governing the collection and reporting of small business lending data. Specifically, section 1071 requires financial institutions to collect and report to the Bureau certain data on applications for ( printed page 23532) credit for women-owned, minority-owned, and small businesses. Congress enacted section 1071 for the purpose of (1) facilitating enforcement of fair lending laws and (2) enabling communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.^[19]

To advance these statutory purposes, section 1071 grants the Bureau general rulemaking authority for section 1071, providing that the Bureau shall prescribe such rules and issue such guidance as may be necessary to carry out, enforce, and compile data pursuant to section 1071.^[20] Section 1071, in 15 U.S.C. 1691c-2(g)(2), also permits the Bureau to adopt exceptions to any requirement of section 1071 and to conditionally or unconditionally exempt any financial institution or class of financial institutions from the requirements of section 1071, as the Bureau deems necessary or appropriate to carry out the purposes of section 1071. The Bureau relies on its general rulemaking authority under 15 U.S.C. 1691c-2(g)(1) in this final rule and relies on 15 U.S.C. 1691c-2(g)(2) when providing specific exceptions or exemptions to section 1071's requirements.

See the 2023 final rule for a more detailed discussion of the Bureau's legal authorities.^[21]

III. Discussion of the Final Rule

A. Summary of the Final Rule

As set out above, the Bureau has reconsidered certain provisions of the 2023 final rule. The Bureau has determined that a potentially long-term data collection regime should start with a focus on core lending products, lenders, small businesses, and data points. The Bureau believes in retrospect that the approach it took in the 2023 final rule—a broad initial coverage of lenders, products, small businesses and data points—was not conducive to the long-term success of the data collection regime under section 1071. The Bureau now finds that a better, longer-term approach to advance the statutory purposes of section 1071 is to commence the collection of data with a narrower scope to ensure its quality, and to limit, as much as possible, any disturbance of the provision of credit to small businesses. The Bureau believes that such an incremental approach will also comply with section 1071 and minimize any negative initial impact on small business lending markets and on data quality. In the future, based on Bureau and industry experience during the early years of data collection, the Bureau may consider amending the rule as appropriate in furtherance of the purposes of section 1071.

The Bureau also finds that the 2023 final rule has not created significant reliance interests that dissuade the Bureau from reconsidering its position as to certain portions of the rule. Due to litigation challenging provisions of the 2023 final rule and delays in the compliance dates for this rule, the changes made by this final rule will not meaningfully change compliance obligations as they exist now.

Covered credit transactions. The Bureau concludes that the initial iterations of data collection under the rule should focus on the core, widely used lending products most likely to be foundational to small businesses' formation and operation. This final rule therefore excludes merchant cash advances (MCAs), agricultural lending, and small dollar loans from the definition of covered credit transaction.

Covered financial institutions. The Bureau concludes that the initial iterations of data collection under the rule should focus on larger core lenders. This final rule therefore contains two changes to the covered financial institution definition: first, to exclude FCS lenders from coverage; and second, to raise the origination threshold from 100 to 1,000 covered credit transactions for each of two consecutive years. This final rule also contains conforming changes to the bona fide error portions of the enforcement provisions in the rule.

Small business. The Bureau concludes that the focus of the rule, at least initially, should be truly small businesses. This final rule therefore changes the gross annual revenue threshold in the rule's definition of small business from $5 million or less to $1 million or less.

Data points. The Bureau concludes that the initial iterations of data collection under the rule should focus on core data points and be consistent with other executive agency directives concerning the collection of demographic data to minimize any burden accompanying new collections.

This final rule therefore focuses data collection on data points specifically identified in section 1071 and a limited number of other data points needed to facilitate the collection of these statutory data points. This final rule removes the discretionary data points for application method, application recipient, denial reasons, pricing information, and number of workers. This final rule also contains changes to better conform with an executive branch mandate, resulting in modifications to the collection of data concerning business ownership status of small business applicants and to the format of demographic data collected concerning the principal owners of a small business.

Time and manner of data collection. This final rule amends the provisions on the time and manner of data collection, to remove certain requirements that are not statutorily required and appear to anticipate or presume non-compliance with the rule. It also adds a provision that emphasizes for applicants their statutory rights under the rule.

Compliance dates. Finally, in light of the changes to the rule, this final rule extends the compliance date to January 1, 2028, for all financial institutions that remain covered by the rule. This final rule also adds certain special transitions rules to provide flexibility to potentially covered financial institutions.

The Bureau also addresses in this summary two other issues.

Privacy and data publication. The Bureau does not address in this final rule the privacy discussions in the 2023 final rule or its statements about the eventual publication of data. The 2023 final rule did not purport to make any final or binding decisions concerning its privacy analysis, instead announcing only its “preliminary assessment of how it might appropriately assess and advance privacy interests by means of selective deletion or modification” of data. The 2023 final rule also did not reach conclusions regarding the procedural vehicle it would use to convey its decisions with respect to privacy.^[22] Nor has the Bureau conclusively announced a timeline for the publication of application-level data, except for observing that it would need a full year's worth of data to conduct the necessary privacy analysis. The Bureau also suggested that it ( printed page 23533) intended to publish aggregate data in the first year of receiving data and before publishing any application-level data. The Bureau is currently reconsidering all of these issues and preliminary findings and will continue to engage with stakeholders. The Bureau commits to addressing these issues and findings in a notice of proposed rulemaking to be published likely after the collection of the first year's worth of data. As set out in detail below, the Bureau believes that a full notice-and-comment rulemaking would best inform the Bureau on its privacy assessment, including which modifications and deletions to make.

As part of eventual data publication, as with HMDA data, the Bureau intends to note to data users that data alone are generally not used to determine whether a lender is complying with fair lending laws. The data do not include all the legitimate credit risk considerations for loan approval and loan pricing decisions. Therefore, when regulators conduct fair lending examinations, they analyze additional information before reaching a determination about an institution's compliance with fair lending laws.

Grace period. The Bureau is retaining and updating the grace period articulated in the 2023 final rule, for the same reasons set out in that notice ^[23] and as set out in subsequent extensions of the compliance dates.^[24] The grace period is now from January 1, 2028, through December 31, 2028, to align with the new single initial compliance date of January 1, 2028.

B. General Comments

Comments Received

Many commenters, including banks, credit unions, non-depository and online lenders, trade associations for lenders and small businesses, advocacy groups, individuals, and others supported the Bureau's proposed rule.

A number of commenters, including lenders, community groups, and trade associations affirmed the importance of section 1071 and its statutory purposes. A coalition of lenders and community groups stated that section 1071 was a market-based, pro-competition solution to improving access to capital. Several industry commenters supported the aims of section 1071 and the proposed rule. An advocacy group supported section 1071 as important to strengthening credit markets and access to credit, and encouraged the Bureau to promulgate a final rule that would support a robust and inclusive credit ecosystem. An independent office of a Federal agency stated that the proposed rule was squarely in line with the Regulatory Flexibility Act and implemented statutory goals without excessive small-entity compliance costs.

One advocacy group stated that the proposed rule aligned with the Constitution, section 1071, the Defending Women E.O., and biological reality.

Several banks and a trade association stated that while they preferred a statutory repeal of section 1071, they welcomed the Bureau's proposed revisions to the rule.

A number of lenders and trade associations, as well as an advocacy group supported the proposed rule's rationale that a long-term data collection regime should start with core products, providers, and data points to avoid disruption to the markets. Two trade associations stated that the effectiveness of the rule depends on maintaining, rather than disrupting, access to credit while collecting reliable data. Several commenters, including trade associations, banks, and an advocacy organization, supported the proposal's calibrated approach to data collection, reflecting the operational and legal concerns raised by commenters earlier in response to the 2021 proposed rule and the 2023 final rule, and balancing the statutory purposes of section 1071 and the capacity of community banks to serve small businesses. An advocacy group stated that a long-term program that begins with modest, core requirements will ultimately provide more accurate and useful data while avoiding disruptions in credit availability. The commenter suggested that the Bureau commit to ongoing reassessment of this rule's requirements and that the Bureau should use the initial data collection to determine whether products, lenders, or data points should be added.

Several credit unions and their trade associations stated that the proposed rule would help credit unions and would reduce regulatory burden on credit unions. Some of these commenters stated that the 2023 final rule may have stopped small business lending by credit unions, but that the revisions in the 2025 proposed rule encourage them to continue it. A trade association stated that the proposal recognized the importance of credit unions in small business lending. One credit union cautioned the Bureau to consider carefully any expansion of the rule beyond core lenders and products.

Several community banks and trade associations supported the proposed rule, stating that it would provide substantial relief to community banks from regulatory burden. Several of these commenters called the proposed rule a meaningful recalibration. Another trade association warned that if rule was not well-tailored, it could harm community banks, their small business borrowers, and the nation's economy. Several community banks said they did not have the resources to comply with the 2023 final rule. One bank stated that a rigid rule would disrupt the tailored lending relationships and flexibility of small banks.

Some banks, trade associations, and an advocacy group supported the proposed revisions but expressed concern that the remaining requirements of the rule would still impose unintended negative consequences on lenders and small businesses. One trade association, while generally supporting the rule, suggested that the rule be brought into greater alignment with the Community Reinvestment Act regulations. One of the trade associations suggested that the 2023 final rule be rescinded entirely to remove any uncertainty caused by the judicial stays in the litigation challenging the 2023 final rule. A bank expressed concern that section 1071 did not comply with recent Supreme Court decisions concerning race-conscious university admissions and disparate impact.

One bank supported the proposed revisions but opposed incremental expansion of the rule in the future, arguing that this approach would result in a lack of regulatory uncertainty. An individual commenter supported the proposed rule and stated that a rule without bright-line tests, particularly for data points and institutional coverage, would result in the collection of insufficient or inconsistent data.

A trade association stated that the rule should evolve thoughtfully to generate reliable insights to support oversight over small business lending.

One advocacy group urged the Bureau to provide early and comprehensive technical compliance resources, including filing instructions, standardized demographic-data definitions, and system specifications, well before the January 1, 2028 effective date, noting that large last-minute revisions would undermine preparation efforts. Two trade associations requested that lenders have sufficient compliance lead time to develop data-collection platforms that accurately capture and report section 1071 data.

Many other commenters opposed the proposed rule generally. These commenters included community ( printed page 23534) groups; Members of Congress; trade associations for CDFIs, small farms, and small businesses; advocacy groups; service providers to lenders; and individuals.

Many commenters asserted that lending discrimination is still widespread, and that data collected under this rule is vital to addressing it. Two advocacy groups identified ongoing disparities in approvals or amounts approved for minority-owned and women-owned businesses. A trade association for small businesses cited studies by Federal agencies identifying gaps in credit access for minority-owned and women-owned businesses. A trade association for minority-owned CDFIs asserted that any revisions to the 2023 final rule must be evaluated against longstanding credit inequities section 1071 was enacted to address. An individual commenter stated women-owned and minority-owned businesses have faced systemic barriers in accessing fair credit, and that a rule that does not result in robust transparency in lending would be contrary to section 1071.

Several commenters, including community groups, Members of Congress, and an advocacy group, argued that the collection of less data would undermine fair lending laws. A community group supported the reduction in burdens related to this rule but argued that the proposed revisions would unintentionally reduce the usefulness of the section 1071 data, and that the Bureau must maintain elements necessary to maintain clear and consistent data on small business lending. The commenter encouraged the Bureau to reduce burden by focusing on implementation planning, clear definitions, and sequencing rather than removing data fields. Another community group stated that the Bureau should implement the 2023 final rule and collect a critical mass of data before revising the rule. Another stated that the Bureau should withdraw the 2025 proposed rule and restore the 2023 final rule to ensure the rule is sufficiently comprehensive.

One community group argued that it was inconsistent for the Bureau to propose a rule with more modest requirements that it could expand over time while seeking in the short term to shed staff and shut down its own operations. Members of Congress stated that the proposed rule would preserve the appearance that data was going to be collected but that the actual result would be too thin and partial to be useful.

Several commenters noted the benefits of collecting more data than less. A community group and a bank argued that a broader data collection would benefit both borrowers and lenders; lenders would be able to identify unmet credit needs, generate more revenue, and avoid fair lending violations, and small businesses would receive loans and expand. Several commenters stated that their experience with HMDA reinforced the importance of broad data collection and reporting in the context of section 1071. A community group argued that the Bureau should collect data on non-core lenders because data analysis can account for differences that may be attributable to different types of reporting lenders, such as MCAs.

A number of community groups, advocacy groups, service providers, and individuals, as well as a trade association for minority-owned CDFIs, argued that the proposed rule undermines the statutory purposes of section 1071. A community group asserted that, to comply with section 1071, the rule must require collection of sufficiently detailed data, and claimed that the proposed rule did not meet this standard. A coalition of community groups argued that the proposed rule would undermine section 1071's promise of bringing transparency to small business lending. One community group noted that data from the Paycheck Protection Program (PPP) demonstrated the value of section 1071 data in identifying issues faced by women-owned and minority-owned businesses in obtaining PPP funding. Another commenter noted that minority-owned community lenders have seen firsthand how incomplete data can obscure disparities and impede effective intervention.

An individual commenter asserted that the Bureau failed to adequately explain how its proposed changes would improve consumer outcomes or market stability, that a rational connection had not been made between the stated objectives and the foreseeable consequences for consumers, and that the Bureau had not considered alternatives that would maintain strong consumer protections while addressing administrative or operational concerns.

A number of commenters opposed the Bureau's rationale focusing on an initial data collection involving core products, lenders, and data points. Several community groups argued that section 1071 does not direct the CFPB to pursue a modest, pilot data collection but rather to develop a broad, comprehensive data collection immediately, sufficient to reveal patterns in credit access and support fair lending enforcement; they concluded that the proposal failed to do this and therefore would frustrate the statutory purposes of section 1071. Commenters also argued that the incremental expansion of section 1071 data would not be the best way to preserve data quality, and that lenders had years to prepare to comply with the 2023 final rule.

One advocacy group asserted that the Bureau offered no evidence of a plan to re-assess the rule at a later date to potentially expand the collection of data. A community group argued that the Bureau had taken other actions demonstrating that it was not committed to fair lending.

A bank disputed an assertion in the proposed rule that smaller institutions would produce worse data. A community group stated that the proposed revisions would shrink the scope of the rule despite evidence of an increase in high-cost and opaque small business lending products. Another community group stated that additional data is needed to explain these changes in the market. A coalition of lenders and community groups urged the Bureau to consider the risk of narrowing the rule, and argued that a less comprehensive rule could have gaps which would not permit a reliable assessment of credit flows and would limit the utility of the rule. A community group claimed that the proposed rule acknowledged, but did not justify, the loss of benefits associated with the proposed rule including a loss of fair lending benefits, reduction in community development benefits, as well as benefits associated with the coverage of certain financing markets and lenders.

One community group stated that the proposed rule's discussion of the history of HMDA was a misguided basis for the Bureau's longer-term, incremental approach to data collection. The commenter stated that HMDA implementation demonstrated that even small lenders can comply with data collection requirements, and that the market is stronger for data transparency. The commenter also asserted that while HMDA expanded over time, section 1071 does not require iteration because Congress learned from its decades of experience with HMDA. Another community group stated that the proposed revisions were not supported by evidence; by contrast, the commenter stated that HMDA's evolution provided 50 years of lessons to be learned that were embedded in the 2023 final rule.

A community group claimed that the Bureau repeatedly cited unsubstantiated comments justifying the proposed rule, arguing that where the Bureau referred to stakeholder feedback, it had met with groups with special access. The ( printed page 23535) commenter also argued that the Bureau cannot use an Executive Order as justification to override a statutory mandate. The commenter finally provided a lengthy list of specific communities—including non-profit organizations, advocacy groups, community lenders and others—that it argued would be harmed by the lack of data.

The commenter further argued that frequent changes to regulations would depress economic output; regulatory uncertainty leads lenders to be overly cautious, leading them to restrict credit access. An advocacy group argued that smaller lenders tend to pull back when regulatory standards are unclear or overly expansive.

Responses to Comments Received

With regard to concerns expressed regarding the remaining requirements of the rule, the Bureau has attempted to reduce unnecessary costs or complexity as much as possible while still complying with the statutory mandate provided by section 1071. The Bureau also notes, in response to a commenter, that rescinding the 2023 final rule entirely would be impracticable.

The Bureau does not believe that incremental expansion of the rule in the future would lead to regulatory uncertainty. The Bureau intends to consider any future expansion carefully, with sufficient advance notice to avoid regulatory uncertainty.

In response to comments stating that lending discrimination is ongoing, the Bureau notes that the data cited by commenters are consistent with data cited in the 2023 final rule. The Bureau disagrees that this information requires the Bureau to pursue an immediate and maximalist approach to data collection to comply with section 1071. As the Bureau has noted before, such a position may have the effect of discouraging lending, including to those populations described by commenters, or the collection of accurate data generally, to the extent that lenders face cost and complexity that could have been avoided under a more gradual, longer-term approach to a new data collection.

The Bureau also disagrees that that the collection of less data in the short term necessarily undermines fair lending laws. The Bureau notes that the revisions in this final rule are intended to result in a fuller, higher-quality collection of data in the longer term with a minimum of disruption to the small business lending markets. Nothing in the text or history of section 1071 requires the Bureau to pursue a maximalist collection of data in the short term, regardless of the consequences of such a program on smaller lenders. The Bureau believes based on comments received and its experience with small business lending that caution at the start of this data collection is both warranted and appropriate.

With regard to the comment that the Bureau should focus on non-rule policies to reduce burden on lenders, rather than revising the rule, the Bureau believes that this is a false dichotomy. The Bureau intends to assist covered financial institutions with implementation planning outside of the rule. The Bureau believes that its definitions are sufficiently clear for operational purposes. The Bureau notes that its long-term approach to section 1071 is a type of sequencing, as characterized by the commenter. The Bureau disagrees that it should first collect data under the 2023 final rule and then revise the rule based on that data. The Bureau is concerned that the initial cost and complexity imposed on smaller lenders and those not experienced with similar data collection regimes may cause avoidable and irreversible harm.

The Bureau agrees in principle with comments that under section 1071, all else equal, there are benefits to collecting more data rather than less. The Bureau disagrees that this general principle means that the immediate collection of the most data possible is beneficial, for the reasons stated above; the Bureau believes that there is a risk that such an approach would disrupt credit access, and may cause lenders to reconsider participation in the small business lending markets, as comments from industry have stated. The Bureau disagrees that it should collect data from non-core lenders in the short term at the start of this data collection. While data analysis may help account for differences between such lenders and core lenders, the Bureau reiterates its concerns that the rule may impact such non-core lenders if required to comply in the short term. The Bureau believes that data collected from core lenders, on core products, may help guide and ease compliance for non-core lenders and products in the longer term.

The Bureau disagrees with commenters that the proposal undermines the statutory purposes of section 1071. The Bureau again believes that this position, taken by various commenters, assumes that section 1071 on its face requires an immediate collection of the most data possible without regard to the practical consequences of doing so. Further, these commenters characterize data collection under the proposed revisions as if they would result in the collection of no data, rather than the Bureau's estimates that the revised rule would result in the collection of 92 to 93 percent of small business loans by depository institutions. By contrast, the Bureau estimated that the 2023 final rule would result in the collection of approximately 94 to 95 percent of small business credit transactions.

Regarding one commenter's assertion that there was no evidence of a plan to reassess the rule in the future, the Bureau stated in the proposed rule that it would review data received and continue to observe the small business lending markets to determine whether and how to expand coverage of the rule in the future. There are also several other mechanisms that represent natural points for the Bureau to reassess the rule, including the inflation adjustment to the small business definition under § 1002.106(b)(2) occurring every five years, as well as the statutory requirement under Dodd-Frank Act section 1022(d) that requires a retrospective assessment of a significant rule five years after the effective date.

Regarding comments asserting that the proposal acknowledged, but did not justify, the loss of benefits associated with the proposed revisions, the Bureau disagrees. The preamble to the proposed rule is forthright in acknowledging the potential value of certain data that the Bureau has determined not to collect initially, but balances this against the cost and complexity of including such requirements at the start of this long-term data collection regime.

The Bureau disagrees that its discussion of the history of HMDA is a misguided basis for the proposal's incremental, longer-term approach to data collection. The Bureau is not persuaded by comments that the market's specific experience with HMDA has prepared small lenders to comply with section 1071 immediately; commenters stated the contrary, that either they have little or no experience with HMDA. As many commenters have noted, mortgage lending is different from the varied market in small business credit; many lenders that submitted comments stated that they are not HMDA-filers and have no previous experience in complying with any data collection rules.

The broader understanding the Bureau takes from its HMDA experience is that there is a learning curve to any new data collection requirement. In this sense, the experience that lenders, borrowers, and regulators have had with HMDA suggests that it is more prudent to start modestly and later expand a data collection rule than to start immediately ( printed page 23536) with the broadest possible rule. While the rule will result in costs and operational complexity for covered financial institutions, the manner and speed with which the requirements are implemented, based on the Bureau's experience and from feedback, matters immensely.

The Bureau disagrees that it cited unsubstantiated comments justifying the proposed rule. Since the release of the 2023 final rule, much of the commentary on the requirements of that rule have been entirely public in the form of submissions to the Bureau and publications on stakeholder websites, as well as formal submissions in litigation challenging the 2023 final rule.

The Bureau disagrees with the assertion that it is using Executive Orders to override a statutory mandate. The Bureau's revisions do not override statutory requirements but, rather, comply with the requirements of section 1071. In any case the revisions to the rule that reference their consistency with Executive Orders are justified on other independent grounds, as explained below in passages discussing different Executive Orders.

The Bureau agrees in principle with the commenter that frequent changes to regulations may depress economic output. The Bureau notes, however, that final rule revises regulatory provisions that lenders have not yet had to comply with; one of the purpose of these revisions is to minimize burdens at the start of this longer-term data collection and to avoid depressing economic output. The Bureau intends to consider any future revisions to the rule carefully and to implement them in a manner intended to reduce regulatory uncertainty and maintain credit access. The Bureau agrees with the same commenter that it should provide early and comprehensive technical compliance resources, including filing instructions, and other materials, well before the compliance date.

C. Comment Period Comments

In the NPRM, the Bureau provided a 30-day comment period for the public to review and submit feedback on the proposed revisions to the section 1071 regulatory framework.

The Bureau received a number of comments requesting an extension of the 30-day comment period from a variety of stakeholders, including banks, community groups, and individuals.

Most of the commenters requesting an extension asked for an additional 60 days. One bank requested an additional 90 days, and two individual commenters requested an extension without specifying a timeframe.

Many of these commenters argued that 30 days was an insufficient amount of time to determine the proposal's impacts and provide meaningful feedback. Commenters pointed to the complexity and significance of the proposal, asserting that it was lengthy, differed significantly from the existing regulation, and contained issues that, they said, the Bureau had never before proposed or sought comment on. One bank specifically requested a 90-day extension to update the financial impact analysis it had conducted for the initial 2023 final rule, stating it needed more time for data collection and analysis to better inform the final rule.

Several commenters contrasted the 30-day period with the Bureau's past practices regarding the process leading up to the 2023 final rule, which included a robust SBREFA consultation process and public comment on the Bureau's Outline of Proposals Under Consideration, along with a 90-day comment period on the 2021 proposed rule (with some commenters noting stakeholders actually had 120 days to review the 2021 proposed rule because it was posted on the Bureau's website 30 days prior to publication in the Federal Register ). One commenter expressed specific concern that the Bureau chose to forgo a new SBREFA process for this rulemaking. A few commenters stated that the Administrative Procedure Act (APA) and E.O. 13563 require agencies to afford the public a meaningful opportunity to participate in the regulatory process, with one commenter asserting that this generally requires a comment period of at least 60 days.

Commenters also cited logistical challenges making the 30-day deadline difficult to meet. Many commenters highlighted that the Bureau simultaneously issued a separate Regulation B proposal subject to the same 30-day deadline, stressing that it was difficult to delve into both complex proposals since they required review by many of the same organizational stakeholders and experts. Additionally, many commenters pointed out that the Thanksgiving and winter holidays fell within or immediately followed the comment period.

Commenters raised special concerns regarding the comment period's impact on certain types of stakeholders. Specifically, commenters suggested the short deadline was particularly challenging for community-based organizations that needed time to develop community-informed comments; trade associations that required time to meaningfully consult with their member banks to provide robust and granular feedback; and small or public-interest organizations that lack the resources to turn around complex analyses quickly.

Finally, one commenter asserted that the short comment period—combined with the simultaneous Regulation B proposal and the holiday timing—demonstrated the Bureau's disinterest in receiving and fully considering public comments. The commenter also suggested that the timeline indicated the Bureau was ready to ignore the full weight of the public record and its own detailed analysis leading up to the 2023 final rule.

For the reasons set forth below, the Bureau concludes the 30-day period provided in the proposed rule was sufficient.

The Bureau disagrees with commenters who argued that the 30-day timeframe was too short to allow for meaningful feedback or a thorough analysis of impacts, including the specific request for a 90-day extension to update a financial impact analysis. The issues raised in this rulemaking build upon a well-established foundation, familiar to the stakeholders who commented on this rule. The public has had a substantial amount of time to consider the core concepts of the section 1071 data collection regime across a multi-year, iterative process. This process has included the 2017 Request for Information, the 2020 SBREFA process, the 2021 proposed rule, and the 2023 final rule itself. Many commenters, including those opposed to the proposed revisions, reiterated many of the things they had said in prior comment letters, precisely because they had familiarity with many, if not most, of the issues raised by the 2025 proposed rule. The comment letters that the Bureau received, both in support of and in opposition to the proposed revisions to the rule, were detailed and appeared to have considered the proposal carefully and comprehensively.

For this same reason, and because this rulemaking largely proposes burden-reducing exemptions and clarifications rather than a new regulatory framework from the ground up, the Bureau determines that a new SBREFA process is neither required nor necessary. In addition, the SBA Office of Advocacy has given the Bureau a waiver from the requirement to conduct a SBREFA Panel for purposes of this rulemaking because the Bureau had already conducted a panel in advance of the 2023 final rule, as described below in part VII.

While the occurrence of the Thanksgiving and winter holidays may have placed competing demands on commenters' time, the Bureau reiterates ( printed page 23537) that the quality and quantity of comments it received confirms that commenters had sufficient time to consider and address material issues in the proposal.

The Bureau disagrees that this timing, the concurrent publication of a separate Regulation B proposal, or the 30-day period itself, signaled a lack of interest in receiving and fully considering public feedback or an intent to ignore the full weight of the public record and its own detailed analysis leading up to the 2023 final rule. The Bureau does not agree that the concurrent Regulation B proposal limited commenters' ability to respond, because the topics of the two rulemakings were very different; while this rulemaking focuses on small business lending data collection under section 1071, the other proposal addressed aspects of ECOA related to its discrimination prohibition, specifically disparate impact, discriminatory discouragement of applications, and special purpose credit programs. To the contrary, the APA requires agencies to provide the public with a meaningful opportunity to participate in the regulatory process, but it does not mandate a minimum 60-day or 90-day comment period. The Bureau determines that 30 days provided a meaningful opportunity to comment under both the APA and all relevant E.O.s, including E.O. 13563, particularly given the targeted nature of the proposal and the extensive historical context surrounding the rule.

Furthermore, the Bureau's review of the rulemaking docket confirms that the 30-day period was sufficient for robust public participation. In total, the Bureau received approximately 410 comments on the proposal. The Bureau notes that many of the entities that submitted requests for an extension successfully submitted substantive, detailed comments on the proposal within the 30-day window. The Bureau has carefully reviewed all of these comments and utilized them to inform this final rule, demonstrating that the comment period provided an adequate and meaningful opportunity for public participation.

D. Section 1002.104—Covered Credit Transactions and Excluded Transactions

The Bureau finds that at the onset of data collection under section 1071, the rule should focus on core, generally applicable lending products that are most likely to be foundational to small businesses' formation and operation—loans, lines of credit, and credit cards—before determining whether to expand the scope of the rule to include more niche or specialty lending products. This final rule therefore excludes MCAs, agricultural lending, and small dollar loans from the definition of covered credit transaction to better ensure the smooth operation of the initial period of data collection, while minimizing disruptions and regulatory complexity in the credit markets subject to section 1071.

A trade association representing community banks opposed the Bureau's proposed exclusions, characterizing the exclusion of non-core lending products as “loopholes” that the Bureau should close. The commenter argued that small businesses—particularly those with limited access to traditional financing—frequently rely on non-traditional forms of credit, and that their exclusion would permit abuse and borrower dissatisfaction to go undetected in these less-regulated markets. Furthermore, the commenter asserted that such exclusions would give lightly regulated lenders a competitive advantage over community banks, which it described as unquestionably trusted small business lenders, potentially pushing borrowers toward what it characterized as more dangerous creditors. The commenter suggested that if the Bureau retains the exclusions, it should commit to monitoring the market with the intention of removing them at a later date.

The Bureau disagrees that these exclusions constitute “loopholes” that will harm small business borrowers. As discussed in the 2025 proposed rule and as confirmed in this final rule, the Bureau is adopting an incremental approach to coverage that focuses on core lending products that are most foundational to small business operations. The Bureau believes that this approach, at the inception of this data collection regime, appropriately balances the benefits of data collection with the need to minimize market disruption and regulatory complexity. The Bureau may revisit the scope of its coverage of credit products in future rulemakings.

1002.104(b)(7)—Merchant Cash Advance

Proposed Rule

Existing § 1002.104(a) defines a “covered credit transaction” as “an extension of business credit that is not an excluded transaction under paragraph (b) of this section.” Section 1002.104(b)(1)-(6) enumerates six types of transactions that are excluded from covered credit extensions. The Bureau proposed to add MCAs to the list of excluded transactions in § 1002.104(b). Proposed § 1002.104(b)(7) would exclude MCAs, which it would define as an agreement under which a small business receives a lump-sum payment in exchange for the right to receive a percentage of the small business's future sales or income up to a ceiling amount. Consistent with this proposed new exclusion, the Bureau also proposed deleting several references to MCAs, and the related term sales-based financing, in commentary.

Comments Received

The Bureau received many comments on several aspects of the proposal concerning MCAs from a wide range of lenders, trade associations, business advocacy groups, community groups, and individuals. The Bureau previously observed that, throughout the development of the rule to implement section 1071, MCAs had been the focus of significant attention and a unique source of near-consensus among a diverse array of stakeholders—almost all of whom advocated for covering MCAs except for MCA providers themselves and some trade associations representing MCA providers. Comments received in response to the recent NPRM were slightly different in that commenters supporting the exclusion from the rule also consisted of a few community banks and a research advocacy organization in addition to MCA providers and nonprofit trade associations. These commenters argued that MCAs do not meet the definition of credit under ECOA or State law. Conversely, many other commenters, including community groups, trade associations, and lenders urged the inclusion of MCAs in order to effectively monitor the small business credit market and facilitate fair lending enforcement. Below is a more detailed summary of comments grouped by topic.

Comparison of MCAs to Traditional Lending Products and the Growth of MCAs. In response to the request for comments on the extent to which MCAs differ from or resemble traditional lending products, several community banks asserted that there was limited comparability between MCAs and traditional loans. Some of these commenters explained that the exclusion of MCAs is appropriate given their unique structures and underwriting characteristics. A trade association for MCA providers supported the Bureau's focus on core lenders, asserting that the coverage of MCAs would not produce data promoting the statutory purposes of section 1071, given that MCAs are structured differently. The commenter ( printed page 23538) also observed that covering MCAs would be of limited utility given their small share of small business finance, relative to the hundreds of billions of dollars in traditional loans.

Several commenters disagreed with the Bureau's focus on core lenders as justification for excluding MCAs. Community groups argued that MCAs should be covered because their originations have grown exponentially, they are no longer marginal products, and small businesses are commonly exposed to them via advertising. One commenter estimated that volume of MCAs would grow from $18 billion in 2024 to $25 billion by 2029; a small business trade association estimated that MCA volume would grow from $19.7 billion in 2024 to $32.7 billion by 2032. Both commenters, as a result, argued that covering MCAs is necessary to be consistent with the statutory purposes of section 1071.

One community group noted that while MCAs function differently from traditional loans, such differences would not preclude data comparability. For instance, the commenter noted that a standard MCA contract contains enough information to calculate an estimated annual percentage rate.

A small business trade association asserted that the proposed exclusion of MCAs would harm the financial health of small businesses and obscure from policymakers and industry stakeholders the predatory and high-cost nature of these products. This commenter argued that MCAs operate with little Federal oversight and harm small businesses, as evidenced by opaque pricing terms used by many financing companies that conceal the full cost of MCA products instead of displaying the annual percentage rate (APR). Further, the commenter stated the MCA industry has faced backlash from government entities, stating that, for instance, SBA 7(a) loans may not be used directly to refinance MCA debt because of the damaging nature of high-cost MCA products that often leave small firms with no choice but to restructure or refinance to retain or improve their credit history. The commenter further stated that, because of the absence of any regulation requiring data on the MCA industry and the unwillingness of certain government guaranteed lenders to refinance small businesses with MCAs, small businesses will feel the impact by facing the difficult decision to close their doors or declare bankruptcy.

A community group cited the 2024 Federal Reserve Small Business Credit Survey indicating that 9 percent of reporting small businesses applied for an MCA and that medium- and high-risk applicants were much more likely than low-risk applicants to apply for financing at online lenders. This commenter also stated that applicants that seek financing from online lenders were more likely than applicants to other sources to experience challenges with their lenders. The commenter argued that confirming the prevalence of MCA lending in certain markets will further the statutory purposes of section 1071 and provide valuable data to policymakers and lenders about small business community development needs, including concerns about potentially detrimental and discriminatory lending.

Other feedback on MCA data reporting. Several trade associations and community banks supported the proposed exclusion of MCAs coverage under this rule, praising the Bureau's commitment to a practical implementation approach that will have a positive impact on data integrity and reporting. A community bank asserted that excluding MCAs makes the dataset more relevant and reduces unnecessary reporting. Another community bank stated that excluding MCAs allows more actionable and relevant data collection aligned with the core intent of section 1071. One trade association suggested that the exclusion of MCAs recognizes practical operational realities, and that MCAs are less likely to generate comparable data for section 1071 analyses.

A trade association for MCA providers asserted that subjecting MCAs to the rule would be especially costly and impractical because of how MCAs are structured. This commenter predicted that implementing tracking systems under the rule would require costly programming upgrades and adjustments to MCA systems that might force smaller MCA providers to exit the industry, resulting in a less competitive markets dominated by larger funders and higher costs for MCA users.

An advocacy group supported excluding MCAs from coverage to avoid unnecessary complexity and disruptions in lending markets. This commenter asserted that including novel or specialized financing structures in the earliest round of data collection risks undermining both data quality and market stability. For example, the commenter said that MCAs differ fundamentally from conventional extensions of credit in structure, risk allocation, and repayment mechanics since pricing mechanisms are often tied to receivables rather than interest rates, underwriting focuses on future cash-flow volatility, and legal treatment varies significantly under State law.

By contrast, other community groups, trade associations, and a business advocacy group maintained that exclusion will create a blind spot in the data, obscure risks to small business borrowers, and reduce market transparency. A trade association asserted that excluding these transactions undermines the statutory purposes of section 1071 and risks perpetuating inequities in credit access since alternate lenders, such as MCA providers, frequently serve more vulnerable businesses that cannot qualify for conventional loans. A trade association representing CDFIs urged the Bureau to retain broad product coverage to support effective enforcement and sound policy analysis, especially given that the MCA market plays a substantial role in the financing outcomes of minority-owned firms. It also noted that a failure to cover them would constrain the Bureau's ability to assess pricing structures, repayment burdens, and other features relevant to fair lending analysis.

A trade association representing small businesses suggested excluding MCAs contradicts the proposed rule's own data quality rationale. Specifically, this commenter explained that the Bureau justifies many of its proposed changes by citing concerns that complex requirements might yield poor-quality data from smaller, less-resourced lenders. The commenter argues that this logic does not support excluding MCAs because MCA providers typically have advanced underwriting algorithms that already collect demographic-like data, use automated systems that could easily be adapted for data reporting, and are generally larger and better-resourced than many small lenders. This commenter claimed that excluding MCAs would eliminate oversight of a growing alternative finance sector with no regulatory oversight, without reducing compliance burden on traditional lenders requesting relief.

MCAs and the ECOA definition of credit. A trade association for credit unions and a business trade association expressed uncertainty about whether MCAs constitute “credit” under ECOA but urged the Bureau to finalize the proposed exclusion of MCAs. A fintech trade association supporting the exclusion also claimed that MCAs do not meet the definition of “credit” consistent with their longstanding treatment as purchases of future receivables. A trade association representing MCA providers asked the Bureau to clarify in the preamble that MCAs are not “credit” under ECOA, arguing that MCAs do not involve debt, do not confer a right to defer payment, ( printed page 23539) and are not loans, and that MCA funders have reliance interests in the Bureau's purportedly longstanding interpretation that MCAs are not “credit.”

Two bank trade associations stated that MCAs should be covered because they do constitute credit under ECOA, even if they are structured differently than traditional loans. These commenters argued that unlike with factoring, the small business must repay the MCA provider for the advance out of future revenue. The commenters also stated that if there were some MCAs that would not meet the definition of credit, the Bureau should limit the exclusion to those specific MCAs as this would create a more level playing field across institutions that provide financing to small businesses, and create a data set that better reflects demand for small business financing.

State Laws and MCAs. A trade association representing MCA providers and an advocacy group agreed with the proposal that the MCA exclusion would not render MCA financing unregulated because of State law developments in sales-based financing. The trade association also asserted that State-level disclosure regimes impose transparency obligations tailored to these products which decreases the risk of unfair or deceptive practices. The commenter also stressed how, in light of growing State regulations on MCA financing, a final rule implementing section 1071 that imposes more Federal requirements could result in duplicative and conflicting laws that spread confusion regarding compliance.

A community group stated that the proposal's discussion of State regulation of MCAs reflected the Bureau's misunderstanding of the purpose of State laws regulating MCAs and their impact on the 1071 rule, arguing that instead such laws reflect concern about the pervasiveness of MCA lending and the impact on small businesses, and that they justify inclusion of MCAs in the final rule. The commenter further asserted that Congress did not require collection of 1071 data contingent on whether States regulate the product or not, and that in the period since the 2023 final rule was issued, few States substantively regulate MCAs and these State laws cannot reasonably be cited as a changed circumstance that justifies a substantial rewrite to the rule. Lastly, this commenter disagreed with the Bureau's contention that high costs and predatory practices in the MCA market could be addressed by Federal and State law enforcement agencies.

Final Rule

The Bureau is finalizing its proposal to add MCAs to the list of excluded transactions under § 1002.104(b). Final § 1002.104(a) defines a “covered credit transaction” as an extension of business credit that is not an excluded transaction under § 1002.104(b). Section 1002.104(b) enumerates types of transactions that are excluded from the definition of a covered credit transaction. The Bureau is adding MCAs to the list of excluded transactions in § 1002.104(b). Final § 1002.104(b)(7) excludes MCAs, which are defined as agreements under which a small business receives a lump-sum payment in exchange for the right to receive a percentage of the small business's future sales or income up to a ceiling amount.^[25] Consistent with this new exclusion, the Bureau also is deleting several references to MCAs, and the related term sales-based financing, in commentary.

In the 2023 final rule, the Bureau declined to exclude MCAs from its definition of a “covered credit transaction.” It explained its belief that the statutory term “credit” in ECOA is intentionally broad so as to include a wide variety of products without specifically identifying any particular product by name, such that all credit products should be included in the rule unless the Bureau specifically excluded them and concluded that “credit” encompasses MCAs. It further explained that MCAs should not be understood to constitute factoring within the meaning of the existing commentary to Regulation B subpart A or the definition it was including as comment 104(b)-1, because factoring involves entities selling an existing legal right to payment from a third party, while no such contemporaneous right exists in an MCA. The Bureau also noted its understanding that, as a practical matter, MCAs are underwritten and function like a typical loan ( i.e., underwriting of the recipient of the funds; repayment that functionally comes from the recipient's own accounts rather than from a third party; repayment of the advance itself plus additional amounts akin to interest; and, at least for some subset of MCAs, repayment in regular intervals over a predictable period of time), although it also implicitly acknowledged practical differences between MCAs and conventional loans by including numerous provisions intended to capture MCA-specific data.

Upon further consideration and in light of the comments received, the Bureau believes it would be consistent with the purposes of section 1071 to exclude MCAs from the definition of “covered credit transaction” under § 1002.104(a). The Bureau agrees with commenters who stated that monitoring the growth and development of MCAs will generate a stronger policy record to determine whether and how MCA products should be integrated into Federal data collection requirements in the future. For the reasons outlined below, the Bureau believes it advances the purposes of section 1071 at this time to exclude MCAs from the definition of covered credit transaction, and to focus on ensuring the smooth operation of data collection as to core lending products and providers most likely to be foundational to small businesses' formation and operation.

The Bureau believes that at the onset of the data collection under section 1071 the focus should be on core lenders and products before the Bureau considers expanding the scope of the rule. The CFPB believes it would advance the purposes of section 1071 at this time to exclude MCAs from the definition of covered credit transaction, and to focus on ensuring the smooth operation of data collection as to core lending products and providers most likely to be foundational to small businesses' formation and operation.

The Bureau believes it erred in the 2023 final rule by prematurely determining that collection of data on MCA transactions would serve section 1071's statutory purposes by concluding that all MCAs constitute credit. The 2023 final rule's one-size-fits-all approach did not take into account the varied terms and features of MCAs across the market that may be relevant to whether the products meet the definition of “credit” under ECOA, nor did it account for the fact that MCAs are relatively new products whose features and practices may be evolving, including in response to State regulation. Moreover, while some State courts have analyzed whether some MCAs meet State law definitions of “debt” or “credit,” there is a dearth of case law analyzing whether MCAs meet ECOA's definition of “credit.”

Excluding MCAs from the definition of “covered credit transaction” is consistent with the way the Bureau has already treated leases, which also present close questions as to whether they meet the definition of “credit” under ECOA. In the 2023 final rule's ( printed page 23540) analysis of leases,^[26] the CFPB acknowledged that some lease transactions could constitute “credit.” But rather than include all lease transactions in the 2023 final rule to ensure coverage of those leases that did actually constitute credit the CFPB determined that it would be able to monitor the market for such products without including them in the 2023 final rule. The CFPB is now taking a similar approach to MCA transactions as it did to leases.

The Bureau also concludes that the 2023 final rule's coverage of MCAs did not take into account State law developments addressing sales-based financing. Several States have legislation and/or regulations in place addressing the MCA market and requiring providers to disclose terms such as the total cost of capital and the financing rate. The Bureau understands that such laws provide key protections for users of MCAs and may shape MCA terms and practices in ways that bear on the question of whether they meet ECOA's definition of “credit.” ^[27] While the 2023 final rule referenced these pieces of State legislation, it did not consider the extent to which the evolving landscape under State law rendered premature a determination that including MCAs in the definition of “covered credit transaction” for purposes of mandating data collection furthered section 1071's statutory purposes.

Comparison to Traditional Lending Products and the Growth of MCAs. In response to the request for comments on whether and how much MCAs differ from or resemble traditional lending products, the Bureau agrees with community banks asserting that MCAs are structured differently from traditional loans. The Bureau also agrees that they make up a small share of small business financing overall. The Bureau does not believe that these alone are sufficient to exclude MCAs from the rule. The Bureau determines, however, at the onset of this long-term data collection program that it is prudent not to cover MCAs at this time.

The Bureau acknowledges comments noting the rapid growth of MCAs and the wide exposure small businesses have to such products, but disagrees that this gives rise to an immediate necessity of covering MCAs. The Bureau recognizes that MCA data may be comparable with traditional loan data in that an estimated annual percentage rate can be calculated, but the Bureau does not agree that the calculation of an estimated APR resolves the question of whether all MCAs can or should be covered under section 1071.

The Bureau acknowledges commenter concerns that MCAs may harm the financial health of small businesses, including that government lenders will not refinance small businesses that have taken out MCAs, and that more data might help policymakers and industry stakeholders identify predatory and high-cost products. The Bureau also acknowledges the Federal Reserve survey data noting that many small businesses are familiar with and have applied for MCAs, and more often that it was medium- and high-risk applicants that did so. The Bureau further does not dispute that additional data on the prevalence of MCA financing may help policymakers and lenders understand small business community development needs, including concerns about potentially detrimental and discriminatory financings.

However, the Bureau does not necessarily agree with the conclusions of commenters that either MCAs must all be excluded from the rule on the grounds that none of them are credit or that they must all be covered by the rule on the grounds that all of them are credit. The Bureau further disagrees with the conclusion commenters draw from their observations regarding current MCA market dynamics, including that because of their growth and impact amongst small business lenders, the Bureau must collect data on all MCAs.

These observations do suggest, however, that it would be useful for the Bureau to continue monitoring the MCA market going forward. In any case, the Bureau reaffirms its determination that, while data cited by commenters suggests that nine percent of small businesses apply for MCAs, they are not yet a core product that should be covered at the onset of this long-term data collection program.

Other feedback on MCA data reporting. The Bureau disagrees with the assertion that subjecting MCAs to the rule would be any more costly or impractical than covering loans simply because of how MCAs are structured. The Bureau observes that the implementation of any compliance systems may be less costly to certain MCA providers in markets that are covered by State compliance or data collection obligations.

The Bureau agrees that MCAs should be excluded from the definition of a “covered credit transaction,” at least at the onset of this long-term data collection regime, to avoid unnecessary complexity and disruption in lending markets. The Bureau agrees fully that including novel or specialized financing structures in the earliest round of data collection risks undermining both data quality and market stability as to these products.

The Bureau acknowledges the concern by some commenters that excluding MCAs may obscure risks to small business that use MCAs and reduce market transparency. The Bureau further acknowledges comments that MCA providers frequently serve more vulnerable businesses that cannot obtain conventional loans. The Bureau agrees that MCAs may play a substantial role for many minority-owned firms. However, the Bureau returns to the predicate issue of whether it was appropriate in the 2023 rule for the Bureau to broadly conclude that all MCAs, regardless of their particular terms and features, meet ECOA's definition of “credit.” Given the difficulty of this determination, and the lack of clear resolution on this issue based on comments received, the Bureau believes it is prudent not to require the collection of data on MCAs at the onset of this data collection regime.

The Bureau disagrees that excluding MCAs necessarily contradicts the proposed rule's data quality rationale. Based on comments received, while some MCA providers may be well-positioned to provide data because they already comply with State laws or regulation requiring data collection and reporting. The same comments also suggest, however, that some MCA providers, more often but not necessarily smaller ones, have no such compliance infrastructure in place. These questions, however, appear to address the manner of implementing any data collection regime, assuming ( printed page 23541) that the transactions at issue are ones that Bureau has authority to collect data on under section 1071.

MCAs and the ECOA definition of credit. The Bureau disagrees with the assertions of certain commenters that MCAs are categorically not credit. The Bureau also disagrees with categorical attempts to exclude MCAs from the definition of credit, including on the grounds that they should be treated as simply a purchase of future receivables.^[28] There is evidence provided by commenters that in certain instances, MCAs in practice do involve debt, confer a right to payment, and are loans. Commenters also provided evidence that in many instances MCA providers are seeking recourse against the natural person owners of a small business that no longer has revenue. The Bureau also disagrees that MCA providers have a reliance interest in the purportedly longstanding interpretation that MCAs do not constitute credit; the 2023 final rule stated that all MCA transactions constitute credit. The Bureau also disagrees with the assertion that all MCAs should be covered as credit under ECOA. The Bureau believes that certain MCAs may have some features resembling factoring in certain circumstances.

The Bureau determines, however, that it has not found information in the comments it has received that would help in developing a clear, bright-line definition separating MCAs that constitute credit from those that do not. The Bureau believes, as a result, that further analysis is required to determine what subset of MCAs constitute credit for purposes of ECOA.

State laws and MCAs. The Bureau acknowledges comments that exclusion of MCAs from this rule would not render MCA financing unregulated because of State law developments in sales-based financing. The Bureau also acknowledges that State-level disclosure regimes help impose transparency obligations tailored to MCAs, potentially reducing the risk of unfair or deceptive practices, and that coverage under this rule may give rise to duplicative efforts.

The Bureau believes the discussion on whether MCAs are credit and the connection to State laws developments is misplaced. The Bureau solicited comment on State laws and regulations to understand whether their categorization of MCAs generally, or of certain MCAs, meet the criteria of ECOA credit and coverage under this rule. Many States regulate MCAs, describing them as financings without addressing directly whether such products are credit or not.

The Bureau believes that, taking into account the factors listed above, the relative novelty and evolving landscape of the MCA industry and the ongoing changes at the State level concerning the regulation of MCAs, excluding MCA transactions from coverage under the rule at this time is necessary and appropriate to carry out the purposes of section 1071. As explained above, MCAs differ in kind from traditional lending products, such that collecting data on MCA transactions under section 1071 may not produce information that is comparable to data collected on other types of transactions. And because MCAs have not been widely regulated, many smaller MCA providers may lack the infrastructure needed to manage compliance with regulatory requirements. Taken together, requiring MCAs to be reported could lead to data quality issues, which would not advance the purposes of section 1071.

While the 2023 final rule and commenters cited concerns about high costs and predatory practices in the MCA market,^[29] the Bureau continues to believe those concerns may be addressed by Federal and State law enforcement agencies through their respective enforcement authorities.

The CFPB will continue to monitor developments in the markets for MCAs and other sales-based financing to determine whether, over time, sufficient evidence might become available to allow a subset to be appropriately included in the definition of “covered credit transaction” for purposes of data collection.

1002.104(b)(8)—Agricultural Lending

Proposed Rule

The Bureau proposed to add agricultural lending to the list of excluded transactions under § 1002.104(b). The Bureau proposed new § 1002.104(b)(8), which would define agricultural lending as a transaction to fund the production of crops, fruits, vegetables, and livestock, or to fund the purchase or refinance of capital assets such as farmland, machinery and equipment, breeder livestock, and farm real estate improvements. Consistent with this proposed amendment, the Bureau proposed to delete references to agricultural credit in the current commentary. The Bureau explained in its proposal that this would simplify the rule by narrowing its scope to core, generally applicable, small business lending products and avoid covering a distinct and specialized lending sector that is already subject to a different regulatory reporting scheme.

Comments Received

Agricultural lenders, banks, trade associations, and community groups commented on this proposed exclusion. A number of banks and trade associations supported the exclusion. An advocacy group supported a phased approach to section 1071 requirements, noting that excluding coverage of certain products in the short term does not foreclose future coverage once lenders gain experience with data reporting and compliance burdens are better understood.

Some banks and trade associations stated that the utility of agricultural loan data is limited because such loans are subject to different underwriting criteria, are secured by unique assets (such as crops or livestock), and are subject to unique repayment cycles tied to seasons and commodity price cycles, making them difficult to compare with non-agricultural loans.

A trade association for banks argued that agricultural loan data is not likely useful in fulfilling section 1071's statutory purposes, explaining that agricultural lenders provide product offerings based on individual needs, financial strength, access to other funding, and other relationships with the creditor or collateral, and that the credit requests of agricultural borrowers pose unique underwriting challenges.

Other community bank commenters highlighted the relationship between community banks and agricultural borrowers, arguing that the exclusion would allow community banks to continue to serve such borrowers without increasing the costs of credit or reducing credit availability. One commenter emphasized the disproportionate importance of community banks in agricultural lending, stating that community banks extend over 75 percent of agricultural loans while representing less than 15 percent of banking assets nationwide. Two trade associations representing credit unions, and a community bank asserted that covering agricultural lending would increase compliance costs and reduce credit available to farmers. ( printed page 23542)

Several commenters stated that the proposed exemption would avoid duplicate oversight and reduce unnecessary reporting. A trade association for banks, a community bank, and a small business trade association asserted that agricultural lending is already subject to Federal data collection requirements by the Farm Credit Administration (FCA) and by prudential regulators under the Community Reinvestment Act (CRA). A trade association for FCS lenders noted that if the rule covered agricultural lending, it would overlap with existing reporting requirements for small agricultural lending and would burden FCS lenders.

Commenters opposing the exclusion emphasized that agricultural lenders have a significant impact on small business lending markets and should be covered by the rule. One community group noted that farms are small businesses that apply for agricultural loans and are therefore a subset of small business loans intended to be covered by section 1071. A small business advocacy group expressed concern that the proposed exclusion would prevent lenders and policymakers from addressing gaps in lending that threaten the livelihood of small, family-owned farms, and urged coverage of agricultural lending to generate data necessary to address lending disparities, especially because minority-owned farms constitute less than 5 percent of all small farms.

One community group representing farmers asserted that no nationwide, publicly available data set exists for farm loan applications. This commenter stated that the FCA does not publish applicant-level data, that the data they have is available only through Freedom of Information Act (FOIA) requests, that the data do not contain demographic information, and that because the CRA only applies to banks, there is no comparable data on small farm loans made by credit unions, FCS lenders, or nondepository institutions. Another community group also objected to the proposed rule's statement that agricultural lending data is already reported to other agencies, noting that the same argument could be made to exclude small business loans reported under the CRA. This commenter stated that Congress, in establishing section 1071, did not distinguish between lending data that was or was not otherwise collected by different agencies. An advocacy group for small farms expressed concerns that the exclusion will negatively impact the farmers who have long struggled to access credit that works for them.

A community-based organization and group representing farms stated that the proposed exclusion would obscure lending to small farms, which would frustrate the community development and fair lending purposes of section 1071. These commenters disagreed with the rationale proposing to exclude agricultural lending, arguing that data on farm loans could still be collected and identified as such, permitting an analysis of farm and non-farm credit trends. Several commenters cited past litigation concerning discrimination against Black farmers as evidence of a significant risk of discrimination and unequal credit access in the agricultural context as a reason justifying the collection of agricultural loans, including whether the loans were issued by a public sector lender or had a Federal guarantee. A community group and advocacy group stated that this history of discrimination, including in public sector lending, necessitates the collection of agricultural lending data.

Several advocacy groups representing farms characterized the proposed exclusion as an unlawful, arbitrary, and capricious action that abdicates the Bureau's statutory responsibility through a policy of non-enforcement. These commenters argued that Congress mandated that the collection and publication of all application-level small business loan data, and that the proposed exclusion of farm loans would violate the plain text and purpose of section 1071. Another commenter stated that the proposed exclusion ignores the evidentiary record, the Bureau's own prior findings, and overwhelming public comments on the need for transparency in agricultural lending. This commenter asserted that the Bureau's rationale for the proposed exclusion— i.e., the need to simplify data collection at this early phase—is a complete reversal that lacks new factual support and fails the APA's requirement for reasoned decision-making.

In response to the request for comments on the proposed definition of agricultural lending, a trade association for banks requested several clarifications in the regulation text and commentary. First, the commenter suggested adding the word “principally” to the beginning of the regulatory text in proposed § 1002.104(b)(8) so that the revised text would be “transaction principally to fund” (proposed addition in italics) to ensure that lenders know that if a borrower applies for a loan for multiple purposes, the transaction is exempt if the primary purpose of the loan is agricultural. Second, the commenter requested extensive additional commentary and guidance on what the proposed exclusion includes because the terms “crops” and “livestock” could be interpreted in different ways. Third, the commenter encouraged the Bureau to adopt expansive definitions to capture specialized farming operations beyond “traditional” crops and livestock. Fourth, the commenter said the Bureau also should clarify the scope of the exemption, such as whether it includes businesses that provide inputs to farmers. Lastly, this commenter urged the Bureau to adopt a safe harbor for lenders applying the definition in good faith.

An FCS lender and a trade association for banks asked the Bureau to use the definition of “agricultural purpose” in comment 8 of section 1026.3(a) in Regulation Z instead of the text of proposed § 1002.104(b)(8). One of these commenters further suggested a slight edit to the pre-existing Regulation Z definition of “agricultural purpose” by replacing “a natural person” with “any person.”

Final Rule

The Bureau is finalizing its proposal to add agricultural lending to the list of excluded transactions under § 1002.104(b). Final § 1002.104(b)(8) defines agricultural lending as a transaction to fund the production of crops, fruits, vegetables, and livestock, or to fund the purchase or refinance of capital assets such as farmland, machinery and equipment, breeder livestock, and farm real estate improvements. Consistent with this addition, the Bureau is deleting references to agricultural credit in commentary. This will simplify the rule by narrowing its scope to core, generally applicable, small business lending products and avoid covering a distinct and specialized lending sector that is already subject to a different regulatory reporting scheme.^[30]

In the 2023 final rule, the Bureau declined to exclude agricultural credit from its definition of a “covered credit transaction.” It noted that ECOA itself has no exceptions for agricultural credit, that agricultural businesses are included in section 1071's statutory definition of small business (defined by cross-reference to the Small Business Act), ( printed page 23543) and that there have been instances of discrimination in agricultural lending. It rejected comments asserting that agricultural credit is unique and not comparable to other types of small business lending, instead observing that “every small business industry has its own unique characteristics.” ^[31] In response to commenters' concerns about the impact on local community financial institutions and an outsized effect on the cost of credit for farmers, the Bureau emphasized that it was increasing its institutional coverage threshold to 100 annual originations, from the 25 originations it had originally proposed. The Bureau mentioned that many agricultural lenders have already been required to collect and report some form of data by HMDA, the CRA, and/or the FCA, but did so only to note that lenders accordingly should be able to adapt to the Bureau's new data collection requirements.

The Bureau has considered the comments on the proposal and believes that excluding agricultural lending from the definition of “covered credit transaction” advances the statutory purposes of section 1071 at this early phase as the Bureau begins the collection of small business lending data. While the 2023 final rule declined to create such an exclusion, the Bureau now believes, on reconsideration and in light of comments received, that it did not adequately consider the marked distinctions—and resulting data disparities—between agricultural lending and other types of commercial lending.^[32] Agricultural loans are often secured by biological-based assets such as crops or livestock, which are subject to variables and risk from weather and disease. These characteristics create unique underwriting challenges that make such loans difficult to compare to those in other industries. Indeed, other data collection regimes, such as CRA regulations, appear to acknowledge categorical differences between loans to small businesses generally and loans to small farms.^[33]

Some commenters argued agricultural lending must not be excluded from the definition of “covered credit transaction” to monitor the farm economy sector and identify access to credit issues. However, as the Bureau and commenters have noted, agricultural lending is subject to several existing Federal data collection frameworks, meaning that existing data regimes serve to monitor agricultural lending and access to credit. The Farm Credit System, as discussed in further detail in part III.E conducts a substantial amount of agricultural lending through a nationwide network of congressionally chartered, borrower-owned cooperatives. This system is subject to extensive oversight by the FCA and other Federal agencies with oversight over agricultural lending. Among other things, many agricultural borrowers report data to the Farm Service Agency, which collects demographic data including race, ethnicity, and gender from applicants as part of its program oversight.^[34] Further, under CRA regulations, banks must report data on lending to small farms alongside reporting their lending to small businesses. The 2023 final rule did not adequately consider the existing data reporting requirements for agricultural lending.^[35] While the application-level data that will be collected under this rule are not necessarily identical to the data that is collected by the FCA, CRA, and FSA (an agency of the USDA), the Bureau believes that these varied sources of data overlap and are currently sufficient to monitor agricultural lending.

Further, the Bureau believes that excluding agricultural lending is necessary or appropriate to carry out the purposes of section 1071 to avoid imposing new, overlapping reporting requirements on agricultural lenders at this point when the Bureau is commencing the collection of data under this rule. The Bureau disagrees with commenters that characterize the proposed exclusion of agricultural lending as unlawful, arbitrary, and capricious. The Bureau has stated its change in position from the 2023 final rule, and justified it based on its own reconsideration of existing evidence and additional feedback from an array of stakeholders. The Bureau also believes that these comments did not take into consideration the approach Bureau articulated in the 2025 proposed rule. The Bureau believes that excluding agricultural lending at this time furthers the purposes of section 1071 because such an exclusion limits potential issues with data quality. Compliance may pose greater difficulties for small agricultural lenders, which are often rural entities with less compliance infrastructure than other lenders, potentially impacting the quality of their data. The Bureau is also concerned that these entities may need to divert their limited resources away from lending activities to comply with this rule. Further, for lenders that provide both agricultural and non-agricultural loans that will still be subject to coverage, the agricultural exclusion better situates such lenders to focus their section 1071 reporting efforts on data for core lending products.

Regarding the comment requesting modifications to the proposed definition of “covered credit transaction,” the Bureau does not believe it is necessary to modify or clarify the regulation text and commentary at this time. The Bureau is concerned that the modifications or clarifications requested might have the effect of reaching lending that may be related to agricultural lending but actually is not differentiated at all from non-agricultural small business lending. After this final rule is issued, lenders will have ample opportunity to contact the Bureau for informal staff guidance on specific questions about the agricultural lending exclusion.

The Bureau also declines to adopt the definition of “agricultural purpose” in Regulation Z instead of the definition of “agricultural lending” in § 1002.104(b)(8). Commenters failed to identify practical or material differences between the Regulation Z definition and § 1002.104(b)(8). The Bureau believes that cross-referencing Regulation Z may give rise to potential unintended consequences of adopting an acontextual definition from a legal and regulatory regime with somewhat different purposes and scopes. In particular, Regulation Z generally governs only consumer-purpose credit, in contrast to this rulemaking's explicit limitation to business-purpose credit.

Given these factors, the Bureau believes it is appropriate to focus on conventional, generally applicable small business lending at this time by excluding agricultural lending from coverage under the rule. In doing so, the Bureau is using its authority under ECOA section 704B(g)(2) to adopt exceptions to any requirement of section 1071 and, conditionally or unconditionally, exempt any financial institution or class of financial institutions from the requirements of section 1071, as the Bureau deems necessary or appropriate to carry out the purposes of section 1071. ( printed page 23544)

1002.104(b)(9)—Small Dollar Business Credit

Proposed Rule

Under the 2023 final rule, a “covered credit transaction” is defined as an extension of business credit that is not an excluded transaction under § 1002.104(b). In adopting the 2023 final rule, the Bureau considered but declined to adopt a de minimis loan size threshold, citing the significant volume of lending involving credit amounts below the thresholds suggested by commenters at that time.

The Bureau proposed to add small dollar business credit to the list of excluded transactions under § 1002.104(b). Proposed § 1002.104(b)(9) would exclude from the definition of covered credit transaction a transaction in an amount of $1,000 or less, to be adjusted for inflation over time.

Comments Received

The Bureau received comments regarding the proposed exclusion of small dollar business credit in § 1002.104(b)(9) from a wide range of industry stakeholders, including banks, credit unions, and trade associations representing financial institutions. The Bureau also received comments on the proposal from consumer and civil rights advocacy organizations, as well as community development financial institutions.

Industry commenters generally supported the Bureau's proposal to exclude small-dollar loans at any threshold, with banks, credit unions, and their trade associations arguing that the costs of data collection could make the provision of small loans infeasible, increase their cost, or reduce credit availability. One commenter explained the potential harm from such effects, emphasizing that small-dollar commercial loans are critical for vulnerable businesses, with another commenter highlighting their importance in rural and underserved communities. Several commenters stated that the exclusion would allow the Bureau to focus on market segments where transparency is most valuable and prevent the distortion of data by small transactions. A few commenters noted that small-dollar loans are typically incidental in nature and often function more like consumer credit than traditional small-business loans, and a trade association for fintechs similarly observed that these products do not align with traditional small business lending structures. Finally, one commenter noted that the Bureau could always increase the threshold at a later date.

Some industry commenters, including several banks, several trade associations for banks, a trade association for small businesses, and a trade association for fintechs supported the proposed $1,000 threshold, with one trade association noting that very few small business operations can be funded with $1,000 or less.

However, other industry commenters urged the Bureau to adopt a higher threshold. A coalition of trade associations for banks argued that a $1,000 exemption is of limited benefit because businesses are more likely to use consumer credit for loans of that size. This commenter also noted that merchant cash advance providers (which the Bureau proposed to exclude from the rule) offer advances as low as $5,000, suggesting that a higher threshold is needed to allow covered lenders to compete.

Regarding specific thresholds, one trade association representing fintechs suggested a $2,500 threshold to match the CDFI Small Dollar Loan Program and better fit the commercial lending context. Several commenters recommended a $5,000 threshold. These commenters argued that $5,000 would better capture operational realities, particularly in rural or high-cost markets, and avoid capturing loans that are likely exceptions to typical lending practices, while still excluding loans that are administratively burdensome to report.

One commenter suggested a $25,000 threshold to balance operational burden with the frequent business need for fast turn-around for loans needed to, for example, fund equipment repairs or purchase inventory. Several other commenters, including credit unions and related trade associations, advocated for a $50,000 threshold. They noted that this amount tracks the National Credit Union Administration's (NCUA) definition of a “commercial loan” and that consumer credit is available below this amount. One trade association argued that loans above $50,000 are more likely to involve individualized underwriting decisions and negotiated terms that are probative for fair lending analysis. It also asserted that this threshold provides a good balance between preserving the integrity and usefulness of the data set, while protecting borrower privacy and access to small-dollar business credit. Finally, the commenter suggested that if the Bureau does not adopt a $50,000 threshold, it should adopt a more streamlined reporting regime for such loans.

Some industry commenters requested specific modifications to the proposal other than the threshold amount. One trade association requested that the exclusion be optional, noting that some lenders may have difficulty tracking and excluding small loans, particularly for credit limit increases. Another trade association stated that there should be no distinction between types of loans or lenders, nor any limit on the number of small dollar loans to a single borrower. Finally, one trade association for small businesses suggested that the Bureau monitor whether this exemption inadvertently excludes meaningful data from the microlending sector.

Two community groups opposed the proposed exclusion, arguing that it would create significant gaps in understanding how small businesses access capital. They noted that the exclusion would limit the view of credit extended to businesses with limited access to traditional credit, as well as to businesses in rural and smaller communities, and would leave out a significant portion of financing used at the earliest stages of business formation. One community group also argued that the exclusion is unnecessary because technological improvements have reduced the burden of data submission. Additionally, an individual commenter challenged the Bureau's assumption that credit under $1,000 is not relevant to small business formation or operation, particularly for minority-owned businesses. This commenter opposed the proposal, citing statistics indicating that 17 percent of new businesses took a loan of less than $5,000 in their first year, and that minority groups are more likely to borrow smaller amounts. Finally, this commenter noted that the exclusion would reduce benefits associated with the community development purposes of the rule.

Final Rule

For the reasons set forth below, the Bureau is finalizing § 1002.104(b)(9) as proposed to exclude from the definition of a covered credit transaction any transaction in an amount of $1,000 or less, to be adjusted for inflation over time.

In finalizing these revisions, the Bureau agrees with industry commenters that requiring data collection on very small transactions would create a compliance burden disproportionate to the utility of the data collected. The Bureau acknowledges that establishing a specific threshold for such an exclusion involves a degree of judgment in balancing data utility against industry burden. Based on the comments received and its understanding of small business lending markets, gained ( printed page 23545) through years of rulemaking and small business lending market observation and expertise, the Bureau agrees with commenters that business loans under $1,000 are typically circumstantial, often serving as auxiliary features of business deposit accounts, such as overdraft facilities. The Bureau thus determines that the $1,000 threshold strikes an appropriate balance and aligns with market realities by filtering out circumstantial transactions. Collecting data on transactions in this range would likely yield a partial and distorted view of the market. Simultaneously, the Bureau believes that this threshold preserves visibility into the smallest substantive commercial lending, including business credit cards. This threshold ensures coverage of core credit products often utilized by small businesses.

The Bureau declines to adopt any of the higher thresholds recommended by commenters because it is concerned about losing data necessary to fulfill the statutory purposes of section 1071. Regarding $2,500 or $5,000 alternative thresholds, the Bureau concludes that a $1,000 threshold better distinguishes between credit that is circumstantial or ancillary to a deposit account and more purposeful commercial credit that section 1071 intends to monitor. The Bureau disagrees that loans in this range generally represent exceptions to typical lending practices or that operational realities justify their exclusion. The Bureau believes, based on the comments received and its understanding of small business lending markets, that a $2,500 or $5,000 threshold would exclude valuable data on smaller dollar loans, which, as noted by commenters, is often a source of capital for the smallest minority-owned businesses. The $2,500 limit of the CDFI Small Dollar Loan Program is inapposite to this rule, as the program's goals—ultimately to assist consumers by funding CDFIs—differ from the statutory purposes of section 1071 focused on small businesses.^[36] Finally, the Bureau disagrees that a higher threshold is necessary to allow lenders to compete with MCA providers. According to the commenters requesting a $5,000 threshold, most MCA providers do not offer advances under $5,000; this suggests that MCA providers do not compete with lenders for small businesses seeking financing under $5,000. The Bureau does not believe, therefore, that a $1,000 threshold would prevent lenders from competing effectively with MCA providers.

The Bureau also declines to adopt a threshold of $25,000 or $50,000. If loans in the $1,000 to $5,000 range include credit transactions that are not ancillary and advance the statutory purposes of section 1071, this is even more true of transactions between $5,000 and $50,000. While the Bureau acknowledges industry comments regarding the operational burden of reporting these loans, and the availability of consumer credit below these amounts, the Bureau concludes that thresholds at these levels would leave substantial gaps in the dataset. Available data indicates that financing in amounts of $25,000 or less is particularly important for the smallest firms, including those with low annual revenues, startup firms, and non-employer firms.^[37] Adopting a higher threshold would obscure lending patterns for these entities and fail to capture data on “microloans,” a critical source of capital often defined as loans up to $50,000. Regarding the argument that the $50,000 threshold aligns with the NCUA definition of a “commercial loan,” the Bureau notes that the NCUA definition serves a purpose distinct from the fair lending and community development purposes of section 1071. The Bureau further disagrees that loans below $50,000 should be excluded because they lack individualized underwriting; such loans remain highly relevant for analyzing access to credit and potential fair lending risks. Finally, given the importance of these transactions to fulfill the purposes of section 1071, the Bureau declines to adopt the alternative suggestion for a streamlined reporting regime for them. Such a bifurcated system of reporting is likely to add complexity to the section 1071 data collection regime, rather than reduce it.

With respect to comments from community groups opposing the exclusion entirely, the Bureau concludes that the $1,000 threshold minimizes the loss of meaningful data while preventing distortions that result from reporting ancillary credit transactions. The Bureau acknowledges the importance of capturing data on credit for the smallest businesses, including minority-owned businesses, businesses in rural and underserved communities, and startups, and concludes that the $1,000 threshold will effectively capture such data. To the extent that the threshold excludes some non-ancillary credit, the Bureau determines that this reflects the necessary balance between data utility and burden reduction described above. Regarding the statistics cited by an individual commenter, that 17 percent of new businesses utilize loans of less than $5,000 in their first year, the Bureau notes that the exemption retains coverage for transactions between $1,001 and $5,000. Consequently, the threshold preserves significant visibility into the microlending activity cited by this commenter. The Bureau disagrees with the assertion that technological improvements render the exclusion unnecessary. The Bureau determines that, even with automated systems, the fixed costs and other burdens of data collection relative to the potential return on a transaction of $1,000 or less remain disproportionately high, creating a risk that lenders might cease offering very low dollar loans to avoid the compliance burden.

Finally, the Bureau declines to adopt the industry request to make the exclusion optional. The Bureau determines that lenders are capable of filtering these transactions out themselves before submission. Because lenders generally track the amount of the credit application, the Bureau does not believe it will be difficult for lenders to identify and exclude transactions of $1,000 or less. Regarding the comment that there should be no distinction between types of loans or lenders, the Bureau confirms that the exclusion in § 1002.104(b)(9) provides for none; nor is there a limit on the number of such small dollar loans to a single borrower that may be excluded. Finally, the Bureau intends to monitor the small business lending markets to determine if the threshold amount (as adjusted every five years for inflation) remains appropriate over time.

1002.104(b)—Other Requests for Exemptions

Proposed Rule

The 2023 final rule broadly defined a “covered credit transaction” as an extension of business credit that is not specifically excluded. While the rule enumerated certain exclusions—such as trade credit, HMDA-reportable transactions, insurance premium financing, public utilities credit, securities credit, and incidental credit— ( printed page 23546) it aimed for broad coverage to prevent evasion and ensure a complete data set. Consequently, the 2023 final rule encompassed a wide range of credit products, including merchant cash advances and agricultural credit.

In the 2025 proposed rule, the Bureau proposed narrowing the definition of “covered credit transaction” to focus on “core” lending products—loans, lines of credit, and credit cards—that are most likely to be foundational to small business formation and operation. Consistent with this focus, the Bureau proposed adding specific exclusions for merchant cash advances, agricultural lending, and small-dollar credit transactions. While the Bureau solicited comment on these specific proposals (discussed further elsewhere), the Bureau did not seek comment on other potential product or transactional exclusions.

Comments Received

A wide range of industry participants, including banks, credit unions, fintechs, and national and specialized trade associations urged the Bureau to adopt additional exclusions or clarify existing exclusions for specific types of products, transaction structures, and borrowers. Specific requests addressed indirect lending, trade credit, individual products (such as Purchase Money Obligations and Buy Now, Pay Later transactions), commercial real estate, and transactions involving entities with non-standard ownership structures such as trusts and government agencies.

A broad group of industry trade associations requested that the Bureau exclude all indirect lending transactions from coverage. These commenters argued that indirect lenders lack a direct relationship with the small business applicant, which would make data collection by the financial institution impractical and burdensome. They further asserted that indirect lenders would be forced to contact applicants solely to collect data, describing this as an unprecedented requirement unlikely to yield meaningful data and likely to harm the customer experience. Commenters also noted that intermediaries, such as vendors or dealers, often seek financing terms from multiple indirect lenders simultaneously, and that without an exclusion, the Bureau would receive duplicative data submissions from numerous financial institutions regarding the same potential transaction. One trade association suggested that if a full exemption were not feasible, the Bureau could instead allow demographic information collection after the credit decision, allow data collection to occur at the first contact between customer and financial institution, or create unique customer identifiers within loan applications and provide clear guidance on how vendors, dealers, and finance companies should collectively handle reporting using these identifiers.

Some commenters made specific requests for clarification or exclusion regarding indirect automobile lending. A group of banking trade associations urged the Bureau to clarify, through examples in commentary, that the compliance obligation for these transactions lies with the dealer, not the indirect lender, because dealers are typically the entities that interact with the applicant and have final authority to set credit terms. The commenters further noted that this was warranted because auto lending contracts are sometimes purchased by lenders after completion, when the customer already has their vehicle. Meanwhile, two trade associations for auto dealers requested that the Bureau work with the Federal Reserve Board (which has authority over auto dealers) to exempt auto dealers from any future rulemaking on this topic. The coalition argued that auto dealers do not have the appropriate staff or resources to carry out compliance functions designed for financial institutions. It also stated that auto dealers are often the type of small, women-owned, and minority-owned businesses that section 1071 is designed to protect, not the entities it should burden.

A few commenters requested exclusions for other forms of indirect credit. A group of trade associations, including one representing the equipment finance industry, requested an exclusion for indirect equipment finance transactions facilitated by dealers. The commenters argued that dealers have the final authority to set terms of equipment financing transactions, and that discrimination risk is low because credit decisions primarily focus on the value of the equipment being purchased rather than borrower characteristics. Another group of commenters requested an exclusion for private label, store-brand credit. These commenters pointed to Federal regulators' historical recognition of the unique nature of these point-of-sale transactions, citing specific exclusions in the Financial Crimes Enforcement Network's (FinCEN) beneficial ownership rule and the Bureau's Regulation P, and noted that data collection in this context would disincentivize retailers from offering this form of credit, as they are particularly interested in swift, frictionless transactions. The commenters recommended that the Bureau exempt in-store applications or at least permit demographic data requests to be sent to applicant's post-application.

A trade association representing the equipment finance industry requested that the Bureau exclude purchase money obligations (PMOs) as defined under UCC Article 9. The commenter argued that PMOs are distinct because they finance specific equipment rather than general business operations, and lenders rely on a priority security interest in that equipment for underwriting rather than borrower characteristics. Furthermore, the commenter noted that PMOs are often arranged through dealers or vendors, creating an indirect relationship between lender and borrower. Finally, the commenter asserted that PMOs should be exempt consistent with the rationale for excluding true leases, merchant cash advances, factoring, and trade credit, arguing that regulatory parity is necessary to ensure consistent treatment across similar financing structures.

Several trade associations requested that the Bureau expand the existing trade credit exclusion, which applies to “financing arrangement[s] where a business acquires goods or services from another business without immediate payment.” Two trade associations requested that the Bureau expand the exclusion to include similar credit provided by a financial institution. One of the commenters argued that such credit facilitates the same transactions between the same businesses and therefore deserves the same regulatory treatment; it also argued that any data collected by financial institutions would be of limited use without equivalent data from business-to-business trade credit. The commenter additionally asserted that, absent this exclusion, businesses would be forced to provide their own credit, but they sometimes lack the expertise or cash flow, potentially reducing the availability of credit.

A trade association requested that the Bureau exclude “floor plan financing,” which it argued is similar to trade credit in that the merchant receives the inventory without advance payment. The commenter also explained that floor plan financing has flexible timing and pricing terms that do not align well with other data to be collected under section 1071. Finally, two trade associations representing auto dealers recommended expanding the exclusion to include trade credit in situations where the business lender intends to sell or ( printed page 23547) transfer its rights as creditor to a third party. The commenters asserted that this limitation to the trade credit exclusion was added to commentary for the first time in the 2023 final rule without explanation or discussion, which it argued both violates procedural requirements of the APA and undermines the core of the trade credit exemption.^[38] They recommended removing that text from the commentary to achieve a more balanced regulatory burden.

A trade association representing the factoring industry supported the existing exclusion for factoring arrangements, noting that the 2025 proposed rule did not propose to change it.

With respect to leases, although the Bureau did not propose altering the existing exclusion for true leases, several industry participants requested an exclusion of such transactions from coverage, arguing that leases differ substantially from traditional small business credit because they involve the transfer of possession or use rather than an extension of credit. One commenter asserted that leases do not constitute credit under ECOA, and that including them would impose operational costs without advancing the rule's objectives. The commenter emphasized that the exclusion is necessary to ensure consistency with regulatory definitions and preserve data integrity.

A coalition of trade associations representing the commercial real estate finance industry requested an exclusion for all loans secured by non-owner-occupied commercial real estate. The coalition argued that such loans are not foundational to small business formation or operations. It further argued that commercial real estate loans differ from traditional small business loans because real estate loans are based on a property's expected cash flow and value, rather than the business's cash flow, and that Federal law acknowledges the distinction, citing SBA regulations, FFIEC Call Report instructions, and the OCC Commercial Real Estate Lending Handbook.

A trade association representing mid-size banks requested that the Bureau provide greater clarity regarding the existing exemption for HMDA-reportable transactions. The coalition noted that Regulation C, which implements HMDA, excludes mortgages and open-end lines of credit that are primarily for business purposes unless the loan is for home purchase, home improvement, or refinancing. They explained that although the existing rule exempts loans reportable under HMDA, the determination is burdensome and unclear because HMDA coverage depends on the purpose of the loan. To resolve this, the commenter recommended that the Bureau either provide more illustrative examples in commentary or base applicability of the section 1071 reporting framework on the purpose of the loan as expressed in FFIEC Call Report codes. One bank expressed support for the existing HMDA exemption, and an individual commenter urged the Bureau to end HMDA reporting for all commercial loans in favor of section 1071 reporting.

A trade association representing fintechs requested that the Bureau exclude Buy Now, Pay Later (BNPL) transactions, which it characterized as credit “not subject to a finance charge and not payable in more than four installments.” The commenter argued that BNPL loans differ from traditional small business loans because they facilitate discrete commercial purchases and do not involve pricing, risk-based terms, or extended underwriting considerations that give rise to potential discriminatory outcomes. The commenter further noted that BNPL loans lack the pricing variables required to even detect discriminatory credit practices. As a result, the commenter argued that the coverage under this rule of BNPL would introduce substantial volumes of low-risk data thus diluting the interpretive value of the reporting framework, could discourage BNPL lending, and would be inconsistent with Regulation Z, which the commenter characterized as excluding such arrangements from the definition of credit.

A bank requested that the Bureau exclude partner lines of credit, also known as “capital call lines of credit,” which are single-purpose loans extended to partners in venture capital or private equity firms to cover capital calls. Characterizing these loans as niche transactions, the commenter argued that an exemption would advance the purposes of the statute by allowing the Bureau to focus its data collection on core lending products that are foundational to small business formation and operation.

Two trade associations requested that the Bureau exclude transactions involving certain entities for which ownership is ambiguous or not determinable. Specifically, the commenters requested the exclusion of commercial loans made to trusts, arguing that these could raise difficult issues, including identifying the appropriate individuals for data collection ( e.g., settlors, beneficiaries, trustees), determining the “net profit or loss” of the trust, and identifying the beneficiaries entitled to that net profit or loss. The request also covered nonprofit organizations, which the commenters noted do not have a “net profit or loss” that accrues to individuals and generally do not have owners. Commenters further cited non-operating entities such as special purpose vehicles, pass-through entities, and other types of wealth management vehicles, which they characterized as primarily investment vehicles and therefore outside the intended scope of section 1071. Finally, the commenters listed public agencies, which they noted are rarely considered small businesses and have no identifiable owners.

Final Rule

The Bureau declines to adopt the additional categorical product exclusions suggested by commenters, though this final rule includes a correction to § 1002.109(a)(3) that will clarify reporting obligations, and provides clarifications regarding coverage and permissible data collection procedures for certain transactions as discussed below.

The Bureau declines to exclude indirect lending transactions from coverage. This decision encompasses the specific requests to exclude indirect automobile lending, indirect equipment finance, PMOs, and private label or store-brand credit. The Bureau believes, consistent with the 2023 final rule, that data concerning indirect lending furthers section 1071's statutory purposes. For instance, data on indirect auto and equipment finance helps data users identify business and community development needs because vehicles and equipment are often essential for small businesses to operate. Similarly, private label and co-branded credit cards can be an important source of working capital for small businesses.

In response to the request to clarify, through examples in commentary, that the compliance obligation for indirect auto transactions lies with the auto dealer, not the indirect lender, the Bureau notes that comment 105(a)-1 already clarifies the exclusion of auto dealers from coverage under this rule. Regarding the request that the Bureau work with the Federal Reserve Board (Board) to exempt auto dealers from future rulemaking, the Bureau notes that application of section 1071 requirements to entities excluded from the Bureau's jurisdiction by section 1029 of the Consumer Financial Protection Act is a matter for the Board to determine, and requests regarding the ( printed page 23548) Board's potential future actions are outside the scope of this rulemaking. Additionally, comments 109(a)(3)-1 and -2 provide several scenarios and ten specific examples identifying various indirect lending scenarios, including those in which no data on a transaction would be submitted to the Bureau because an auto dealer would have been ultimately responsible for reporting it. The Bureau recognizes, however, that the inclusion of the word “covered” in § 1002.109(a)(3) in the 2023 final rule was an error that contributed to confusion regarding these obligations in the auto lending context. Because auto dealers are statutorily excluded from the Bureau's rulemaking authority, they are not “covered” financial institutions under this rule. As a result, the phrase “last covered financial institution” inadvertently implied that the reporting obligation defaults to the indirect auto lender even when an auto dealer has the final authority to set material terms. This was not the Bureau's intent. To correct this error and clarify reporting obligations, this final rule removes the word “covered” from § 1002.109(a)(3). Thus, if the last financial institution with authority to set material terms is not a covered financial institution, the application is not reported. Finally, with respect to comments concerning the purchase of auto loans after origination, the Bureau notes that comment 104(b)-4 makes clear that the term “covered credit transaction” does not cover the purchase of an originated credit transaction.

Moreover, the Bureau finds the remaining arguments for excluding other indirect lending products unpersuasive. The Bureau does not believe that sufficient evidence has been presented that asset-based underwriting in equipment finance or PMOs eliminates discrimination risk; fair lending concerns remain relevant regardless of collateral. Similarly, the Bureau rejects the contention that these products are not foundational; for many small businesses, securing a vehicle or equipment is as critical to operations as a working line of credit. Regarding regulatory parity, PMOs differ from true leases (which are not “credit” under ECOA) and trade credit (which is strictly between business buyers and sellers without a financial or other intermediary). Finally, with respect to comments concerning the role of dealers in other indirect lending contexts, the Bureau emphasizes that § 1002.109(a)(3) and related commentary make clear that the compliance obligation rests with the last financial institution with authority to set material terms.

The Bureau acknowledges, however, the concerns raised by commenters regarding the practical difficulties of collecting data in indirect lending and point-of-sale environments. The Bureau recognizes that in these transactions, the financial institution typically does not have any direct interaction with the applicant at the time of application. The Bureau agrees that requiring third-party intermediaries—such as auto dealers, equipment vendors, or retailers—to collect demographic data could be operationally complex and possibly disruptive to the customer experience. The Bureau also shares the concern that requiring data collection before a credit decision is made for indirect loans could—depending on which entity is the last with authority to set material terms—result in an applicant receiving duplicative data requests from multiple lenders competing for the same contract.

To address these concerns, and consistent with its request for comment regarding the 2023 final rule's provisions dictating the time and manner of information collection, the Bureau is adopting revisions to the “time and manner” provisions in § 1002.107(c), as discussed in detail below. Specifically, this final rule amends the provision concerning the timing and manner of the collection of demographic data, clarifying that such collection may take place in certain situations even after a credit decision is made on an application. This flexibility allows indirect lenders to avoid adding complexity to point-of-sale interactions and eliminates the need for dealers or vendors to collect the data on the lender's behalf. Furthermore, because the rule permits this post-decision collection, financial institutions can gather the required information directly from the applicant at a later time, ensuring that the process does not delay or interrupt the underlying commercial sale. Consequently, the Bureau believes that these modifications to the data collection procedures largely resolve the operational challenges cited by commenters, rendering a categorical exclusion for these products unnecessary.

The Bureau declines to expand the trade credit exclusion to include credit similar to trade credit provided by financial institutions. As the Bureau explained in the 2023 final rule, trade credit is excluded because it is not a general-use business loan; rather, trade creditors generally extend credit as a means to facilitate the sale of their own goods or services. These entities are not primarily financial services providers, nor do they generally have the infrastructure needed to manage compliance with regulatory requirements associated with making extensions of credit. The Bureau understands that, unlike trade creditors themselves, financial institutions requesting this exclusion offer stand-alone credit products in the same way as other lenders and are not retailers or merchants with limited regulatory compliance experience. As such, the Bureau does not have the same concerns about data quality or reduced small business lending regarding these entities that it does about trade creditors themselves. The Bureau also disagrees that limiting the trade credit exclusion to non-financial institutions will negatively impact small business cash flow; small businesses retain access to diverse credit products, including trade credit from vendors and standard credit products from financial institutions.

Consistent with this distinction, the Bureau declines to remove the commentary provision regarding the transfer of creditor rights and declines to broadly exclude floor plan financing. Regarding the transfer of rights, the Bureau reiterates that credit extended by a business is not trade credit where the supplying business intends to sell or transfer its rights as a creditor to a third party. The Bureau stands by its determination that the trade credit exclusion should be limited to arrangements where the business providing the goods or services retains the credit obligation, rather than extending to transactions that involve financial institutions or third-party purchasers. The Bureau further disagrees that the inclusion of this commentary in the 2023 final rule violated the APA; rather, it was a logical outgrowth of the Bureau's proposal and directly responsive to comments on the 2021 proposed rule requesting that the exclusion be expanded to include third-party financial institutions. The commentary affirmed the Bureau's position that the trade credit exclusion is designed for merchants, not financial institutions or those acting on their behalf. Similarly, regarding the request to exclude floor plan financing, the Bureau notes that under § 1002.104(b)(1), the trade credit exclusion applies where the manufacturer or distributor is financing its own inventory, but not where a financial institution is providing the financing.

The Bureau reaffirms the existing exclusions for true leases and factoring arrangements. The Bureau agrees with commenters that true leases differ from small business loans because they involve the transfer of possession and use rather than the extension of credit. ( printed page 23549) Accordingly, true leases are not covered credit transactions. The Bureau likewise maintains the long-standing exclusion for factoring arrangements, for the reasons set forth in the 2023 final rule.

The Bureau declines to exclude all loans secured by non-owner-occupied commercial real estate. While some commenters argued that these loans are underwritten based on property value rather than business cash flow, or that they often involve special-purpose vehicles (SPVs) formed by larger entities, the Bureau believes a categorical exclusion is unnecessary. The new definition of small business in revised § 1002.106(b), setting the gross annual revenue threshold at $1 million rather than $5 million, will likely exclude many of the transactions cited by commenters. Further, because comment 106(b)-3 allows financial institutions to include the revenue of an applicant's affiliates when determining whether an applicant is a small business, single-purpose entities—such as those common in commercial real estate—are permitted to have their revenue aggregated with that of their parent or affiliates for purposes of determining whether they are a small business under this rule. For instance, if a large developer with well over $1 million in revenue forms a new SPV with no gross annual revenue in the past fiscal year to purchase a property, the comment on affiliate revenue permits the SPV applicant for credit to be considered not a small business under this rule. The Bureau believes that this approach effectively filters out the large real estate developers that commenters sought to exclude, while preserving the collection of data on small businesses that purchase small rental properties without the help of large affiliates, as their access to credit is a core concern of the statute.

The Bureau also declines to modify the existing exclusion for HMDA-reportable transactions or to adopt an alternative standard based on FFIEC Call Report codes. The Bureau believes that existing § 1002.104(b)(2) is sufficiently clear: a transaction is excluded if it is a “covered loan” under Regulation C. The Bureau declines to adopt a different standard based on Call Report codes, as doing so could create inconsistencies where the definitions do not align, leading to coverage gaps or duplicative reporting. The Bureau also declines to provide additional illustrative examples in commentary, as the cross-reference to Regulation C already provides a precise and legally distinct boundary.

The Bureau declines to specifically exclude BNPL transactions from coverage, since the rule already excludes them as a type of “incidental credit.” The commenter requesting this exclusion defined BNPL credit in part as “not subject to a finance charge and not payable in more than four installments.” Existing § 1002.104(b)(6) excludes “incidental credit,” defined by reference to § 1002.3(c)(1) in Regulation B, subpart A (but without regard to whether the credit is consumer credit). Under that definition, extensions of credit are considered incidental credit if they are not made pursuant to the terms of a credit card account, are not subject to a finance charge, and are not payable by agreement in more than four installments. Accordingly, the BNPL transactions identified by the commenter requesting an exclusion already appear to meet these criteria for incidental credit, and are thus already excluded from the definition of a covered credit transaction.

The Bureau declines to adopt a specific exclusion for partner lines of credit, also known as “capital call lines of credit.” Specific exemptions for particular sub-types of lines of credit would complicate the rule and undermine the goal of a streamlined, consistent definition of coverage. Moreover, the concerns raised are largely mitigated by the existing regulatory framework. The commenter did not provide evidence regarding the scope of entities affected by this issue, but the Bureau believes that the volume of reportable transactions involving small businesses, as defined by revised § 1002.104(b)(2), in this context is likely minimal. Furthermore, as noted above regarding commercial real estate, the adjusted revenue threshold and existing affiliate revenue commentary will likely exclude the vast majority of investment funds and sophisticated vehicles that utilize these products.

Regarding comments on specific entity types, the Bureau confirms that nonprofit organizations and public agencies are generally excluded from coverage. The term “business” is defined in existing § 1002.106(a) by reference to the term “business or business concern” in 13 CFR 121.105 of SBA regulations. This definition, in turn, defines a business as an entity “organized for profit.” Nonprofit organizations and public agencies do not meet this definition of “business” and are not small businesses for purposes of this rule.

The Bureau declines to categorically exclude trusts or non-operating entities. Regarding trusts, the Bureau notes that many businesses are organized as trusts for commercial purposes and, provided they are organized for profit, meet the definition of “business” subject to coverage. While commenters raised concerns about identifying principal owners for trusts, the Bureau believes that existing comment 102(o)-2 provides sufficient clarity. That comment states that if the applicant is a trust, a trustee is considered the principal owner. Finally, regarding non-operating entities and wealth management vehicles, concerns regarding the reporting of investment vehicles are largely addressed by the changes to the small business definition discussed above. Specifically, the adjusted revenue threshold and existing affiliate revenue commentary will likely exclude the vast majority of the high-value investment vehicles and passive holding companies cited by commenters.

E. Section 1002.105—Covered Financial Institutions and Exempt Institutions

The Bureau finds that at the onset of data collection under section 1071 the focus should be on larger core lenders before the Bureau considers whether it would be appropriate to expand the scope of the rule to specialty lenders and smaller lenders. The Bureau therefore is excluding FCS lenders from the definition of covered financial institution and is raising the origination threshold from 100 to 1,000 covered credit transactions to better ensure the smooth operation of the initial period of data collection.

105(b) Covered Financial Institution—FCS Lenders

Proposed Rule

The Bureau proposed to exclude FCS lenders from the “covered financial institution” definition in § 1002.105(b). Consistent with this exemption, the Bureau proposed to delete several references to FCS lenders in commentary.

The CFPB sought comment on this proposed revision to the rule.

Comments Received

The Bureau received comments on this proposed exemption from various financial institutions, trade associations, research and business advocacy groups as well as community groups. Supporters of the exclusion included FCS lenders, an advocacy group, and trade associations representing small businesses and credit unions. An advocacy group characterized the exclusion of FCS lenders as acknowledging the specialized statutory oversight of agricultural credit and recognizing that reporting obligations under section 1071 would duplicate or conflict with existing supervisory ( printed page 23550) frameworks. An FCS lender described the exclusion as a necessary and practical limitation to the scope of the rule and stated that the benefits outweigh any basis for including these transactions for FCS borrower-owners. A trade association for small businesses asserted that the FCS lender exemption avoids duplicative oversight and is justified by FCS lenders' unique cooperative structure as well as existing FCA reporting requirements.

A trade association for FCS lenders argued that FCS lenders are different from other types of lenders and offered several rationales for why FCS lenders should not be covered. First, the commenter argued that FCS lenders are overseen solely by the FCA, and that Congress explicitly decreed that the Bureau should not supervise or enforce laws against FCS lenders, including requiring the reporting of data. Second, the commenter argued that Federal law limits FCS lenders to providing credit to “eligible” customers, and that therefore FCS lenders should not be subject to a broad reporting regime like section 1071. Third, the commenter asserted that FCS lenders are distinguishable from other lenders because their cooperative structure limits how their net income can be utilized, meaning that compliance costs would be passed onto to its Farm Credit customers since many FCS lenders also lack the compliance infrastructure of large commercial lenders. Fourth, FCS lenders are already subject to an existing regulatory reporting framework through the FCA. Lastly, the commenter asserted that FCS lenders should be exempt from a generally applicable reporting regime because their loan data would prove misleading. Specifically, the actual cost to the Farm Credit borrowers is usually less than the loan's contract pricing would indicate because FCS lenders provide their borrower-owners with patronage dividends from the FCS lenders' profits, unlike commercial banks and other lenders.

Community banks, trade associations, community groups, and an independent office of a Federal agency opposed the proposed FCS lender exemption. A number of banks and trade associations urged the Bureau to cover FCS lenders to ensure coverage of functionally identical lending and provide a level playing field. These commenters argued that such an exemption would add to the tax, funding, and regulatory advantages that FCS lenders, regardless of asset size, hold over banks. These commenters noted community banks make over 75 percent of bank-originated agricultural loans, and that imposing extensive reporting obligations on community banks while exempting FCS lenders would create a regulatory imbalance.

A trade association for community banks and a number of banks argued that exempting FCS lenders would disadvantage community banks, CDFIs, and other non-FCS agricultural lenders, and advocated for banks and FCS lenders to receive the same treatment for offering farm credit. These commenters stated that FCS lenders are able to provide more favorable loan terms and flexible payment options than community banks, and that FCS lenders are undermining their statutory mission and harming rural banks by increasingly competing in non-agricultural lending by operating as general-purpose lenders. A trade association for banks asserted that FCS lenders should not be categorically exempt and that both the agricultural lending exclusion and the 1,000-loan origination threshold should apply equally to all lenders. A trade association implied that an FCS lender originating more than 1,000 non-agricultural loans has deviated from a focus on agricultural lending and should be subject to reporting data related to those loans. This commenter further argued that an FCS lender that originates more than 1,000 loans in the rural area it is serving is a primary contributor of credit services, and that failing to collect data from that lender would provide an inaccurate portrayal of the small business lending market.

An employee from a community bank stated that all entities providing credit should be included in the definition of a “covered financial institution,” regardless of the credit's purposes or form, or whether the transaction is subject to a finance charge. Commenters argued that exempting FCS lenders is contrary to the congressional intent of section 1071, would distort the lending landscape, inhibit analysis of unmet credit needs, and lead to reputational risk for FCS lenders.

In reference to the statement in the 2025 proposed rule that FCS lenders already report certain data, including race, ethnicity, and gender from applicants, a bank trade association, community group, and trade association for farms stated that FCA does not publish applicant-level data, any such data can only be accessed by a FOIA request, that FCA does not collect demographic information, and that FCS lenders are not required to collect and report the data points required by the section 1071 rule. One of these commenters argued that section 1071 data will provide an incomplete picture of credit availability where FCS lenders operate if FCS lenders are excluded from the rule. Another commenter disagreed with the Bureau's statement that FCS lenders are already subject to regulatory compliance under the FCA as reasoning for exempting from section 1071 data collection and reporting requirements. This commenter stated that the goal of FCA oversight is to ensure compliance by FCS lenders with the unique rules governing the Farm Credit System, whereas it described the goals of section 1071 as disclosure and providing a complete view of the small business financing landscape for the benefit of the public, small businesses, and regulators. A community group suggested that since FCS lenders have years of experience submitting required data to FCA, the Bureau and the FCA could coordinate to eliminate duplicative data requirements.

Some community banks focused on the favorable and unique regulatory framework under which FCS lenders operate. One commenter noted a crucial difference between FCS lenders and other financial institutions—that community banks, which must compete for higher cost deposits in the private sector to fund their operations, must compete directly with FCS lenders, which are funded at a significantly lower cost by a government guarantee. The commenter also stated that the FCS lenders operate outside of safety and soundness supervision and examination by Federal prudential regulators and are subject to oversight by agricultural, rather than financial, committees in Congress. Lastly, the commenter asserted that the FCS is not accountable for compliance with the same rules and regulations as community banks, including the Community Reinvestment Act (CRA), and that FCS lenders would not be accountable for section 1071 small business data collection and reporting if exempted.

A trade association for community banks suggested covering FCS lenders in the final rule with phased compliance or tailored guidance as an alternative to exclusion if implementation challenges exist for FCS lenders. An independent office of a Federal agency recommended monitoring of the FCS lending market to assess whether coverage would be suitable in the future as regulatory frameworks and products develop.

Final Rule

For the reasons set forth herein, the Bureau is excluding FCS lenders from the “covered financial institution” definition in § 1002.105(b).^[39] Consistent ( printed page 23551) with this exemption, the Bureau is deleting several references to FCS lenders in commentary. This revision will simplify the rule by narrowing its scope to core small business lending practices and lenders. The revision will also avoid imposing reporting requirements on a category of specialized lenders that are already subject to a separate regulatory reporting scheme. The Bureau finds that an exemption for FCS lenders will advance the statutory purposes of section 1071.^[40] FCS lenders have a unique mission-driven structure, and they operate in a specific regulatory environment.

The Bureau disagrees with the argument by commenters that FCS lenders engage in functionally identical lending as other types of lenders and should be covered under section 1071 to provide a level playing field. The comments further reinforced the several significant differences between FCS lenders and traditional financial institutions. The FCS comprises a nationwide network of borrower-owned, cooperative institutions with a statutory mandate to provide the agricultural sector with reliable credit. FCS borrowers include agricultural and related businesses as well as rural homeowners. As owners of the FCS lending associations, these borrowers can receive patronage dividends that reduce borrowing costs and make FCS loans difficult to compare to loans issued by non-FCS lenders. The FCS cooperatives, as comments pointed out, face limitations on which borrowers they are permitted to lend to. Commercial banks, by contrast, are owned by shareholders; credit unions, while member-owned, serve a wide range of customers, provide a wide range of products and services, and lack a specific charter that is exclusively focused on agriculture. These differences between FCS lenders and other types of lenders, which the Bureau did not meaningfully address in the 2023 final rule, make it difficult to easily compare loans made by FCS lenders with those of other non-cooperative lenders.

In issuing the 2023 final rule, the Bureau explained the decision not to categorically exempt any specific type of financial institution from the rule's coverage, stating that such exemptions “would create significant gaps in the data and would create an uneven playing field between different types of institutions.” ^[41] The Bureau did not appear to meaningfully consider the extent to which FCS lending differs in kind from general-purpose lending.

However, after having reviewed the comments on the 2025 proposed rule and with a renewed focus on ensuring the consistent and smooth initial collection of data from core lenders and products, the Bureau believes it will further the purposes of section 1071 to commence the data collection without including FCS lenders.

The existing reporting requirements of FCS lenders further supports excluding FCS lenders.^[42] While the FCA and USDA reporting requirements are not identical to those of this rule, there is meaningful overlap, and the purposes of section 1071 are not advanced by requiring the duplicate reporting of such detailed data to other agencies. Moreover, requiring compliance with a second set of potentially redundant reporting obligations may put FCS lending at a disadvantage relative to other lenders that are not subject to the reporting requirements and oversight of the FCA. The Bureau believes that the rule's application to FCS lenders risks imposing disproportionate regulatory complexity on them, many of which are small, rural cooperatives lacking the compliance infrastructure of large commercial lenders, despite the claims of commenters concerned about the exclusion of larger FCS lenders. This added complexity imposed on such lenders risks diminishing the quality of the data they report to Bureau. Adding potentially redundant reporting requirements would do little to advance the goals of section 1071.

In response to comments that an exemption would permit FCS lenders to compete unfairly— i.e., because they are beyond the oversight of Federal banking regulators and related congressional committees, are subject to a different regulatory regime ( e.g., report to the FCA but do not report under the Community Reinvestment Act), are the only government-sponsored entity to compete directly with other lenders—the Bureau observes that these provisions are by congressional design. As other commenters noted, FCS lenders are subject to a separate regulatory regime, subject to different incentives and strictures. All of this appears to justify, rather than rebut, the rationale for excluding FCS lenders, even the larger ones, from coverage under this rule. In response to commenters arguing that FCS lenders should be covered because they are providing non-agricultural credit beyond what FCS rules permit, such comments appear to be anecdotal rather than evidence of widespread practices. To the extent that such non-agricultural lending actually violates laws or regulations that FCS lenders are subject to, such concerns are within the purview of the FCA. In any case, the Bureau intends to continue to monitor developments in the FCS lending market to evaluate the appropriateness of potentially including FCS lenders as covered financial institutions in the future as products and regulatory frameworks evolve.

The Bureau is finalizing the revisions to § 1002.105(b) to exclude FCS lenders pursuant to its authority under ECOA section 704B(g)(2) to adopt exceptions to any requirement of section 1071 and, conditionally or unconditionally, exempt any financial institution or class of financial institutions from the requirements of section 1071, as the Bureau deems necessary or appropriate to carry out the purposes of section 1071.

105(b) Covered Financial Institution—Threshold Change

Proposed Rule

The 2023 final rule defined a covered financial institution as one that has made at least 100 covered credit transactions to small businesses in each of the two preceding calendar years.

The Bureau proposed to change this definition by increasing the threshold from 100 covered credit transactions to 1,000 covered credit transactions, explaining that it believed it would advance the statutory purposes of section 1071 to commence the data collection without including lower volume lenders under a 1,000-origination threshold. The Bureau explained that the initial iterations of data collection under the rule should focus on larger core lenders to better ensure the smooth operation of the initial period of data collection.

Comments Received

The Bureau received many comments from banks and credit unions, as well as ( printed page 23552) trade associations representing banks, credit unions, nondepository lenders, fintechs, and small businesses, and an independent office of a Federal agency in support of the proposal. Many of these commenters stated that a higher threshold would ease the complexity and cost of both implementation and ongoing compliance for smaller community banks and credit unions. An independent office of a Federal agency stated that smaller lenders typically have limited resources for compliance and would have disproportionately higher costs relative to their lending volume if the Bureau did not raise the origination threshold.

Many commenters stated that at a 100-loan threshold, increased operational and compliance costs would likely be passed on to borrowers or would result in less credit availability for small businesses. One trade association argued that the 100-loan threshold risks discouraging small business lending by the institutions best placed to offer relationship-based credit. Other commenters predicted that some institutions may reduce lending to stay under the threshold and to avoid spending on compliance systems.

An advocacy group commented that the higher proposed threshold promotes what it called regulatory equity, explaining that lenders just above or below the threshold would have materially different compliance burdens despite a small difference in loan volume. Two commenters argued that a low threshold would limit the growth of smaller lenders, while a higher one would foster competition, as community banks and nonbanks typically are willing to extend credit to applicants that do not meet conventional underwriting criteria, and might not do so if faced with the cost and complexity of complying with this rule. The advocacy group also stated that a higher threshold lowers compliance costs for local lenders and allows them to provide more credit to small businesses, including minority-owned, startup, and rural businesses.

Many commenters—including individuals, banks, credit unions, trade associations, and advocacy groups—argued that a higher loan threshold would still allow for the collection of accurate and robust data. An independent office of a Federal agency, citing data in the proposed rule, stated that the 1,000-loan threshold would still permit the collection of data on 92 to 93 percent of the number of small business loans and 60.3 to 62.0 percent of the dollar volume of such lending. According to the independent office of a Federal agency, only smaller institutions accounting for approximately 5.0 to 5.7 percent of originations, and 24.1 to 26.1 percent of the dollar volume of small business lending, would be excluded.

A trade association for nondepository lenders agreed with the proposal's initial focus on core lenders, which it said would allow for reporting infrastructure to develop in a stable and orderly manner that promotes data integrity and consistency. Another commenter stated that more accurate data collection would result from a focus on larger lenders, which have more standardized data collection and reporting systems, allowing the Bureau to draw meaningful insights before collecting data from smaller lenders. Another commenter noted that collecting data initially from core lenders would generate statistically meaningful data from which to draw analyses about fair lending patterns.

A number of commenters—including individuals, lenders, trade associations for banks, fintechs, and other nondepository lenders—suggested thresholds even higher than the proposal, ranging from 2,000 to 10,000 loans. One trade association stated that raising the threshold further would reduce unnecessary regulatory burden while still achieving the statute's purpose of monitoring small businesses lending.

A few commenters noted that even many smaller lenders that do not reach the new origination threshold will still be subject to fair lending requirements by other regulatory agencies, including fair lending oversight by Federal prudential regulators, through regulatory programs such as the Community Reinvestment Act, and by State regulatory bodies.

Finally, a few commenters supported the proposed origination threshold, but sought further clarification from the Bureau on several issues. One commenter sought clarification on how the effective date applied to lenders under the 1,000 covered transactions as of January 1, 2028, whether lenders that later exceed the 1,000-transaction threshold will receive a ramp-up period before having to comply fully with the rule, whether the Bureau intended to maintain the two-year look-back in the 2023 rule; how the Bureau expects lenders to monitor their activity and prepare for potential future coverage; and tailored expectations for institutions close to the 1,000-originations threshold.

A number of other commenters, including many community groups, advocacy groups, trade associations for small businesses, and two trade associations for larger lenders opposed the proposal to raise the origination threshold. Many of these commenters argued that raising the threshold would encourage regulatory evasion, distort data sets, and obscure risks to small business borrowers. A number of other commenters argued that the increased origination thresholds, in conjunction with the lowered small business revenue threshold, would create a strong regulatory disincentive to serve the smallest businesses. By rendering these loans unprofitable for banks to pursue, this dynamic would drive small businesses to turn to more predatory loans, increasing discriminatory behavior at local levels. Other commenters suggested that raising the threshold and collecting less comprehensive data would hinder fair lending enforcement and the identification of community development needs, contrary to Congress's intent in enacting section 1071.

Several community groups and two trade associations for larger lenders urged the Bureau to adopt a threshold below 1,000 loan originations. Some recommended a 25-loan threshold, while others recommended up to 500 loans as an appropriate threshold. One community group argued that the loan threshold for this rule should be lower than the threshold for loans under HMDA because mortgages are more common than small business loans, and a lower threshold would more accurately capture necessary data.

A community group and two trade associations for small farms opposed the proposed 1,000-loan threshold disagreed with concerns about the costs of data collection for smaller lenders. They argued that some smaller lenders, such as CDFIs and farm lenders, are calling for robust section 1071 data collection, noting that many of these lenders report much of this data already. One trade association for small farms argued that a higher threshold would result in a far less accurate picture of the farm sector's credit needs, and that many lenders collect the data required by the rule already. One community group stated that many smaller lenders have already invested significant resources to comply with the 2023 final rule. It also argued that lowering the threshold would disproportionately hurt lenders that have already made efforts to comply with the rule, and would also frustrate oversight and enforcement of the CRA. Finally, an advocacy group and a coalition of lenders and community groups argued that raising the origination threshold was arbitrary and capricious. The coalition argued ( printed page 23553) that there was no empirical justification for abandoning the 100 loan threshold, and that the proposed change was an arbitrary departure from the prior rulemaking record.

Final Rule

For the reasons set forth below, the Bureau is finalizing the proposed revisions to § 1002.105(b) with respect to the requisite loan origination threshold for being a covered lender. In the 2023 final rule, the Bureau explained its belief that a 100-loan origination threshold would best address widespread industry concerns regarding compliance burdens for the smallest financial institutions while also capturing the overwhelming majority of the small business lending market. It noted that while its original proposal in 2021 of a 25-loan threshold would have yielded more data than a 100-loan threshold, the 100-loan origination threshold “massively expands data availability relative to the status quo.” ^[43] The Bureau also noted that a number of commenters on the 2021 proposed rule requested a higher threshold, such as 1,000 covered credit transactions but did not include an analysis of the coverage that would result from such a threshold. At that time, the Bureau received comments requesting thresholds higher than 100 originations. The Bureau now agrees with commenters that decreasing the number of covered financial institutions can still lead to the collection of robust, accurate, and representative information. The Bureau estimates that this final rule, at an originations threshold of 1,000, will still cover the vast majority of small business loan originations made by depository institutions (approximately 92 to 93 percent), compared with a 100-origination threshold (94 to 95 percent).

The revised 1,000-loan origination threshold is justified for several independent reasons. First, the Bureau believes that at the onset of the data collection under section 1071 the focus should be on core lenders and products before the Bureau considers whether it would be appropriate to expand the scope of the rule. The Bureau believes that larger volume lenders are core to small business lending. Indeed, § 1002.114(b) under the 2023 final rule prioritized the collection of data from the largest volume lenders first because they have more resources, and because they account for the bulk of small business lending volume.^[44]

Second, the Bureau believes that the revised provision is responsive to feedback received from stakeholders following publication of the 2023 final rule and better aligns with E.O. 14192,^[45] which directs the Federal agencies to review regulations for regulatory burden. The Bureau believes that changing the originations threshold to 1,000 strikes a better balance at the onset of this rulemaking, as the industry as a whole learns to grapple with compliance, by minimizing complexity for smaller volume lenders while still collecting data on a large proportion of small business credit applications; indeed, as the Bureau observed with respect to the 100-loan threshold in the 2023 final rule, a 1,000-loan threshold will substantially increase data availability as compared to the status quo. The Bureau recognizes that the costs of implementation and compliance shared by small community financial institutions can be significant and could potentially impact their small business lending activity. Starting with data collection from the core lenders will help the Bureau determine the appropriate next steps with respect to community banks and other smaller volume financial institutions.

The Bureau is not persuaded that a higher threshold will promote regulatory equity for financial institutions. The Bureau does not believe that it is possible to resolve this question of regulatory equity at any threshold; whether the threshold is set at 100 loans or 1,000, there will always be lenders just above or just below the threshold, resulting in differing compliance obligations.

The Bureau disagrees that the loan threshold should be raised even higher, such as at thresholds of 2,000 to 10,000 loans. The Bureau believes, based on experience with small business lending markets, that thresholds much higher than 1,000 may lead to a decline in the collection of data from mostly larger financial institutions that are better able to comply with the cost and complexity of this rule. The Bureau believes a threshold of 1,000 originations, instead of 100, is more congruent with the statutory purposes of section 1071. The Bureau does not believe that commenters have provided evidence to the contrary.

The Bureau disagrees with commenters who posit that the threshold should be lower, such as 25 or 500. The change to a 1,000-loan origination threshold will result in a reduction in the number of smaller institutions covered by the rule without a proportionately large reduction in the volume of loan application-level data collected by the rule.^[46] While the 1,000-origination threshold will carve out a large number of mostly smaller depository institutions, the rule will still cover the vast majority of small business loan originations (approximately 92 to 93 percent) from such institutions. For that reason, the Bureau disagrees with commenters expressing concern that raising the threshold will lead to the collection of less robust and accurate data, therefore not fulfilling 1071's statutory purposes. The Bureau believes that the onset of data collection should commence with core products and lenders, as larger lenders are better resourced and can better sustain the complexities and cost of compliance with the rule. The Bureau believes that it should work with larger lenders to better understand potential difficulties associated with collecting data before considering whether to expand the rule to require that smaller lenders comply with the rule.

The Bureau is not convinced by the argument that the loan threshold for this rule should be lower than the threshold for loans under HMDA. Even assuming that mortgages are more common than small business loans, and there may be reason to believe that they are not, a lower threshold would not more accurately capture “necessary” data under this rule. Necessity, in this context, is driven by the specific statutory requirements of section 1071, not those of HMDA. Further, the argument concerning the HMDA threshold does not address the core proposition of this rulemaking—that at the onset of a data collection regime that the focus should be on core lenders.

The Bureau believes that the commenters disagreeing with concerns about the costs of data collection may be correct to observe that certain lenders are calling for robust section 1071 data collection and already collect such data. However, the Bureau has received statements to the contrary in comment letters from a great number of other smaller lenders and trade associations representing them. In short, while some smaller lenders, including CDFIs and farm lenders, are eager for section 1071 data collection and already collect and report much of this data already, many other lenders have taken the contrary position and have stated clearly that they are not ready to collect section 1071 data. The Bureau is not persuaded by the comment that raising the origination threshold will disproportionately hurt lenders that have already made efforts to comply with the rule. The Bureau acknowledges ( printed page 23554) that some lenders may have sunk costs that they are unable to recoup despite no longer being covered. For additional information on the Bureau's assumptions regarding this cost, see part VI.E.1. However, the Bureau believes that lenders, in general, will experience longer-term cost savings from being excluded from coverage. Further, the Bureau does not believe that change in loan threshold would frustrate oversight and enforcement of the Community Reinvestment Act.

The Bureau disagrees with the assertion by several commenters that increasing the origination threshold is arbitrary and capricious. The 2025 proposed rule, as well as this final rule, clearly identified reasoning and evidence in support of the change in loan origination threshold. This reasoning and evidence is further supported by a range of other comments received, and the analysis in this final rule. The move to a 1,000-loan threshold, according to undisputed Bureau data, will result in the collection of 92 to 93 percent of loan volume while significantly reducing the cost to smaller volume lenders of complying with the rule. Further, the comments received do not grapple with the core proposition set out in the 2025 proposed rule—that as a practical matter, it is more prudent at the onset of this data collection regime to collect data from larger lenders that are better resourced and better able to sustain the complexities and cost of compliance with the rule, and that the Bureau can work with larger volume lenders to better understand potential difficulties associated with collecting data before considering whether to expand the rule to require that lower volume lenders comply with the rule. Given this, the Bureau believes increasing the threshold will remove regulatory burden from small entities, and therefore the change is responsive to E.O. 14192.

The Bureau believes that increasing the threshold is necessary or appropriate to carry out the purposes of section 1071 because the complexity of compliance poses difficulties for lower volume lenders, many of which have no previous experience at all with data collection rules such as HMDA or CRA. The Bureau also recognizes commenters' arguments that notwithstanding, these smaller entities will still be subject to other fair lending requirements and examinations under State law. The compliance complexity of the rule may result in decreased data quality for those institutions, which would not advance the statutory purposes of section 1071.

The Bureau also recognizes that, commenters' arguments notwithstanding, these smaller entities that may no longer be subject to this rule will still be subject to other fair lending requirements and examinations under State law.

The revision in § 1002.105(b) requires other changes. Section 1002.112(b) provides that a bona fide error is not a violation of ECOA or Regulation B, subpart B. The provision cross-references numerical error thresholds in appendix F. Under appendix F, a financial institution is presumed to maintain procedures reasonably adapted to avoid errors with respect to a given data field if the number of errors found in a random sample of a financial institution's data submission for a given data field do not equal or exceed the threshold in column C of table 1 of appendix F.

The Bureau is finalizing the changes to appendix F as proposed to conform to the changes to § 1002.105(b), defining “covered financial institution,” based on a revised origination threshold of 1,000 covered credit transactions. Specifically, column A of existing appendix F lists ranges of small business lending application register counts. The Bureau is eliminating the rows in table 1 associated with application counts under 1,000, and revising the count in what was the 4th row to be “1,000-100,000” rather than “500-100,000.”

105(b) Covered Financial Institution—Other Requests for Exemptions

Proposed Rule

Section 1002.105(b) in the 2023 final rule did not provide exemption to any specific categories or types of financial institutions from the definition of covered financial institution. The Bureau in the 2025 proposed rule also did not propose any revisions that would add exemptions for specific categories or types of financial institutions to the definition of covered financial institutions. The 2025 proposed rule did not solicit comment on any such exemptions.

Comments Received

Asset-size exemption. Numerous banks, credit unions, and trade associations urged the Bureau to adopt an asset-based, rather than an originations-based, threshold to determine coverage. Two banks suggested that an asset-based exemption would align with how other regulatory thresholds are structured and would provide more predictability for smaller lenders because, they said, loan volume can fluctuate dramatically from year to year. Several banks and bank employees noted that basing coverage on loan originations rather than asset size could discourage smaller lenders from engaging in long-term compliance planning because they could never be certain of their coverage under the rule. These commenters further suggested that a loan originations threshold could decrease credit availability for small businesses because, in order to avoid costly compliance systems, smaller lenders might alter their lending to avoid exceeding an originations-based threshold.

Some commenters argued that an asset-size threshold would be better tailored to the level of resources available to smaller lenders. Several banks stated that smaller lenders do not have the operational capacity to comply with the section 1071 rule and would need to adopt costly new technology, staff, and resources. One trade association suggested that the limited amount of data generated by smaller lenders does not justify imposing these compliance costs.

Many commenters requested an exemption for financial institutions with less than $10 billion in assets. One bank requested such an exemption because, it said, such banks are relationship-based lenders with limited market share, lower risk profiles, and business models that differ fundamentally from larger core lending institutions. The commenter added that this exemption would preserve competitiveness and stability for community lenders, and preserve access to credit for small businesses, while still allowing for the meaningful collection of data to fulfill statutory objectives.

A community group rejected an asset-based approach to defining “covered financial institutions,” preferring a loan origination threshold to an asset-based threshold because many small business loans are made by smaller lenders, and also because asset size is not a meaningful metric for nondepository institutions. The commenter added that small businesses in smaller, rural communities are more likely to seek credit from smaller banks and nonbanks because of a lack of larger lenders, and that excluding banks based on asset-size would result in an incomplete picture of small business lending in the United States.

FHLBs. A trade association for credit unions and a group of government-sponsored enterprise (GSE) lenders requested an exemption for Federal Home Loan Banks (FHLBs). The trade association argued that FHLBs should be exempt because they are GSEs that ( printed page 23555) provide wholesale funding to their member financial institutions (such as credit unions, community banks, and CDFIs) that, in turn, provide credit to small businesses. FHLBs, according to this commenter, do not lend to small businesses, and should be exempt because FHLBs do not provide the type of lending contemplated by the 1071 rule.

The group of GSE lenders argued that FHLBs already are subject to comprehensive regulations and oversight, and that the requirements of the 1071 rule would be unnecessary and duplicative. They stated that FHLBs already must provide monthly loan-level data to the FHFA, and are subject to the anti-discrimination provisions of the Federal Home Loan Bank Act. These commenters also asserted that an exemption for FHLBs would reduce undue regulatory burden consistent with E.O. 14192 and eliminate inefficiency and waste. They argued that, while FHLBs are likely to originate far fewer than 1,000 loans to small businesses annually, requiring each FHLB to perform an analysis of whether it exceeded the threshold, when the result is predictable, would be inefficient and wasteful.

These commenters also noted that the proposal would already exempt other GSEs, such as the FCS lenders, from coverage, and therefore the FHLBs also should be excluded. Commenters asserted that FCS lenders were similar to FHLBs in that they do not lend directly to retail customers, that FHLBs are already subject to other data reporting regimes managed by other Federal agencies, and that the rationale for exempting FCS lenders also applies to FHLBs.

Finally, commenters argued that subjecting the FHLBs to the section 1071 rule would harm their members, requiring them to divert time and resources away from funding affordable housing and credit options to their members.

Credit unions. A credit union and a related trade association stated that the Bureau should exempt credit unions from the rule. They noted that credit unions help borrowers because of their non-profit cooperative structure, but that compliance with rules intended for nefarious actors would increase compliance costs without benefit to borrowers. Another trade association for credit unions stated that even the proposed revisions would result in a rule that would discourage small business lending, and that the Bureau should further narrow the rule.

Community banks. Two community banks stated that even with the proposed revisions, the rule would be burdensome for them; another stated it would be neither practical nor beneficial to require data reporting by small community banks.

Final Rule

Asset-size exemption. For the reasons set out in the 2023 final rule,^[47] the Bureau declines to adopt an asset-based threshold, in lieu of or in addition to an origination-based threshold, for defining the term “covered financial institution.” The Bureau previously observed that a threshold based on lending activity is more directly related to a financial institution's role in the small business lending market than is a measurement of the financial institution's size based on total assets. Further, an asset-size threshold would only apply to depository institutions, and the Bureau is unaware of a similar size metric for nondepository institutions, and commenters did not offer one. In addition, as the Bureau previously noted, many nondepository lenders may not retain loans on their balance sheets as assets, compounding difficulties in comparability with depository institutions. No commenters suggesting an asset-based threshold appeared to offer additional analysis concerning these rationales set out in the 2023 final rule.

The Bureau acknowledges the comment that an asset-based exemption may align with other regulatory thresholds, but this reasoning only applies to banks and credit unions, and would not apply to nondepository institutions. The Bureau also acknowledges that an asset-based threshold may provide more predictability from year to year for smaller lenders. However, the two-year lookback period in existing § 1002.106(b)(1) is intended precisely to minimize this uncertainty surrounding data collection responsibilities; no commenters appeared to address this. For the same reason, the Bureau disagrees that under a loan origination threshold, smaller lenders could never be certain of their coverage under the rule; a two-year lookback gives smaller lenders at least a year's notice that they may need to come into compliance with this rule. With regard to the argument that small businesses may avoid lending to stay under a loan origination threshold to avoid costly compliance systems, the Bureau acknowledges that this may happen. However, the Bureau also notes, in its experience, that such behavior has been observed as financial institutions grow and approach certain asset-sized thresholds in other contexts.

The Bureau disagrees that an asset-size threshold would be necessarily better tailored to the level of resources available to smaller lenders. The Bureau believes based on its experience that larger and smaller lenders allocate compliance resources proportionate to the revenue derived from a specific business unit.

The Bureau is thus not persuaded that it should adopt an exemption for lenders with less than $10 billion in assets, instead of or alongside its 1,000-loan origination threshold. As noted above, an asset-based exemption would only apply to banks and credit unions, leaving open the question of whether any parallel asset-based metric could apply to nondepository institutions. The Bureau also believes that an asset-based exemption would not necessarily preserve competitiveness and stability for community lenders. It is unclear how competitiveness or stability are preserved by exempting such smaller-asset lenders above the 1,000-origination threshold, while requiring larger-asset lenders with comparable or even smaller volumes in small business lending to have to report data to the Bureau. The Bureau notes that the commenters provided no data or evidence that an exemption for banks and credit unions with less than $10 billion in assets would be better than a 1,000-loan origination threshold at preserving access to credit for small businesses and ensuring a meaningful collection of data. Finally, the Bureau agrees with the community group commenter that an asset-based threshold excluding only banks would result in an incomplete picture of small business lending in the United States.

FHLBs. The Bureau determines that an institutional exemption for FHLBs is not necessary or appropriate. It is significant that commenters requesting an exemption did so despite also stating that any particular FHLB was unlikely to exceed the 1,000-loan origination threshold. The Bureau does not believe that exempting institutions unlikely to be covered would advance the statutory purposes of section 1071. Further, the Bureau does not agree that it would be onerous for a FHLB to calculate the number of relevant loan originations for purposes of determining coverage under this rule. Commenters requesting the exclusion also stated that FHLBs already report loan-level data monthly to FHFA that would be duplicative of 1071 data. This suggests that any calculations of coverage under this rule would not be onerous for FHLBs to make. ( printed page 23556)

Further, the Bureau disagrees that the type of “wholesale” funding FHLB provides to its members would be excluded from the small business lending data collected under this rule. It is possible for a loan to a financial institution ( i.e., a FHLB member) to be a loan to a small business if the borrower has less than $1 million in gross annual revenue. The small business definition in § 1002.106(b)(1) applies across all industries. It does not automatically exempt financial institutions, including FHLB members, as small business credit applicants.

The Bureau notes that the comparison of FHLBs with FCS lenders is inapposite, other than that both types of lenders share a cooperative structure. As set out in the FCS exemption, FCS loans are backed by collateral, including crops and livestock, that are materially different from the types of collateral supporting credit for non-agricultural small businesses. Further, another difference is that while the bulk of credit FHLBs furnishes is to its members, the Bureau understands that, contrary to the trade association commenter's assertions, FHLBs provide a limited number of loans to small businesses that are not FHLB members. The Bureau believes it unlikely that FHLBs would need to divert time and resources from lending to members because of the 1071 rule because of the unlikeliness that FHLBs would be covered by this rule.

Credit unions and community banks. The Bureau declines to provide an institutional exemption for credit unions or community banks from the definition of covered financial institution. These institutions are core lenders that are important to include from the start of a long-term data collection regime. Further, the policy concerns underlying the comments favoring a categorical exemption of these institutions are largely met, the Bureau believes, by the adjustment of the activity-based threshold from 100 originated loans to 1,000. The higher activity threshold will help minimize compliance costs for all types of financial institutions with lower lending volumes but still result in a comprehensive dataset that furthers section 1071's statutory purposes.

F. Section 1002.106—Business and Small Business

106(b) Small Business

Proposed Rule

Section 1002.106(b)(1) in the 2023 final rule defines “small business” and provides, among other criteria, that a business is small if its gross annual revenue for its preceding fiscal year is $5 million or less. Section 1002.106(b)(2) provides procedures for inflation adjustments to that threshold. The Bureau proposed to reduce the gross annual revenue threshold from $5 million or less to $1 million or less. It also proposed conforming changes to the inflation adjustment to require adjustment in $100,000 increments (rather than $500,000) every five years after 2030 (rather than 2025).

Comments Received

The Bureau received comments from banks, credit unions, trade associations, and community groups regarding the Bureau's proposal to revise the rule's small business definition. Many industry commenters supported the proposal to reduce the gross annual revenue threshold to $1 million or less. Many of these commenters asserted that a $1 million threshold would reduce compliance burdens for lenders while keeping data collection aligned with the statutory purposes of section 1071. They also asserted that a $5 million threshold is too high and covers many well-capitalized businesses that do not face undue barriers to credit. Industry commenters further asserted that a $1 million threshold is better aligned with industry lending practices as well as existing Federal regulations, reporting requirements, and programs, including ECOA adverse action notices, CRA regulations, and SBA loan programs.

Several community groups, Members of Congress, and trade associations opposed the proposal, asserting that a $1 million threshold would exclude many businesses that section 1071 is intended to help. A few community groups emphasized that firms with $1 to $5 million in revenue are often in transitional stages where access to credit remains critical for future expansion. One community group and a bank service provider calculated that lowering the threshold could reduce the number of reported loans by approximately 50 percent. One coalition of lenders and community groups commented that lowering the threshold would disproportionately exclude minority-owned and women-owned businesses. The coalition also emphasized that other Federal programs for small businesses do not exclude firms with annual revenues exceeding $1 million. Finally, one community group challenged the notion that the $1 million threshold is better aligned with CRA reporting requirements given that the CRA requires banks to report data on all business lending.

A few commenters requested further changes to the calculation of an applicant's annual revenue. One trade association recommended requiring the revenue of affiliates be included in an applicant's annual revenue rather than giving lenders the option. The association asserted that this would improve data uniformity. A coalition of trade associations requested that the assets on a schedule of real estate for a real estate loan applicant be considered affiliates of the applicant for calculating the applicant's annual revenue. A bank requested that the revenue of co-applicants be aggregated when the applicants have formed a transaction-specific entity.

A few commenters requested specific exceptions for certain types of businesses that they assert do not, or should not, fall within the rule's definition of small business. Two trade associations recommended that large commercial entities and asset management companies with more than $1 million in what they characterized as “nontraditional revenue” be excluded from the definition of small business. Similarly, a coalition of trade associations recommended that the definition exclude single-purpose real estate investment entities if the entity is projected to gross more than $1 million annually. Finally, a trade association requested that commercial real estate loans to a special purpose entity or other large project financing investment for amounts of tens of millions of dollars or more be excluded from coverage.

Several commenters preferred different approaches from the 2023 final rule or 2025 proposed rule. One credit union suggested a definition to include businesses with under 500 employees and under $8 million in annual revenue. The credit union asserted that an expansive definition of small business is important because the rule as proposed does not collect data from all women-owned or minority-owned businesses. A bank also expressed concern with a definition based purely on revenue on the grounds that revenue is not always indicative of a business' access to credit and ability scale. A trade association advocated for a threshold of $3 million as a reasonable middle ground that balances administrative burden with comprehensive coverage. A bank service provider suggested a threshold of $2.5 million based on adjusting for inflation an analogous revenue threshold in the 1995 regulatory changes to the CRA. A community group and a coalition of trade associations and community groups commented that the SBA size standards for defining small businesses is more accurate than the Bureau's approach. By contrast, several trade ( printed page 23557) associations commented that the Bureau's approach is more predictable and easier to apply than the SBA size standards.

Finally, a community bank argued that coverage should be based purely on attributes of the loan rather than attributes of the applicant. Specifically, the commenter suggested the rule cover only business loans of $1 million or less that are not secured by residential real estate, regardless of the applicant's revenue. The commenter argued that this approach would be more practical than relying on revenue because the loan amount is known at the time of application, whereas revenue is often unknown or inaccurately reported by applicants. It further asserted that because the vast majority of small businesses have revenues below $1 million and rarely borrow amounts exceeding that threshold, this definition would capture most relevant loans while reducing the risk of inadvertently collecting demographic data on ineligible transactions in violation of ECOA. Finally, the commenter emphasized that because this approach is consistent with covered transactions under the CRA, it would allow financial institutions—particularly community banks that often lack siloed product specialties—to leverage existing systems and institutional knowledge, thereby enhancing compliance and data accuracy.

Several trade associations and an advocacy organization supported the proposed changes to the inflation adjustment provision in § 1002.106(b)(2).

Final Rule

The Bureau is finalizing its changes to § 1002.106(b) as proposed. The Bureau believes that defining a small business as one with $1 million or less in gross annual revenue strikes the right balance between maintaining broad coverage of small businesses and reducing regulatory burden on financial institutions by better aligning this rule with other existing financial regulatory requirements and standard financial industry practices related to small businesses. The Bureau has obtained SBA approval for this alternate small business size standard pursuant to the Small Business Act.

The Bureau continues to believe, based on its assessments of the small business lending markets, that a $1 million threshold will cover most of small businesses as defined by the SBA size standards. Businesses above that threshold are likely to be well-capitalized and less likely to face undue barriers to credit, even if they may still be transitioning between early stages of growth, as some commenters assert. The assertion that lowering the threshold will reduce the reported loans by approximately 50 percent likely overstates the decline in loans and applications likely to be covered, for the reasons provided in part VI.D. The Bureau disagrees with the comment suggesting that a $1 million threshold disproportionately excludes minority-owned and women-owned businesses; data show that the share of minority-owned and women-owned businesses among all businesses under the $1 million threshold is likely higher than their equivalent share among all businesses between $1 million and $5 million.^[48] Further, while a $1 million threshold is not universal across all Federal programs and regulatory requirements involving small businesses, it is common among many existing programs and requirements and is, therefore, consistent with reducing regulatory burden pursuant to E.O. 14192. Further, these commenters did not suggest that a $5 million threshold was more commonly used amongst other existing programs and requirements.

As in the 2023 final rule, the Bureau disagrees that additional exceptions to the annual revenue threshold for certain types of businesses or large credit amounts are necessary or appropriate. Any such exemptions would add complexity to, and defeat the purpose of, a provision intended to promote simplicity in determining whether data must be collected and reported under this rule. In any case, several modifications requested by commenters are already addressed by existing regulatory provisions. For instance, covered financial institutions reporting on a special purpose entity or other large project financing investment entity are already permitted to rely on information provided by the applicant regarding its, and its affiliates, gross annual revenue as set forth in § 1002.107(a)(14) and (b) and comment 107(a)(14)-1. Single-purpose entities involved in large real estate investment projects are likely to be affiliated with one or more established entities whose combined gross annual revenue exceeds $1 million, and thus can be excluded from coverage under the rule regardless of the applicant's individual revenue or loan size. Moreover, the Bureau believes it would be inappropriate to define small business based on loan size because section 1071 borrows the SBA's definition of small business, and the SBA does not define small businesses based on loan size.^[49]

The Bureau considered the comments regarding affiliate revenue and aggregating revenue from unaffiliated co-applicants. For the reasons stated in the 2023 final rule, the Bureau is not permitting a financial institution to automatically categorize all owners of any real property listed on an applicant's schedule of real estate as affiliates of the applicant. Additionally, the Bureau continues to believe that permitting, but not requiring, a financial institution to include the revenue of affiliates, as provided for in comment 107(a)(14)-3, will carry out the purposes of section 1071 while reducing undue burden on financial institutions in collecting revenue data. Finally, for the reasons provided in the preamble of the 2023 final rule,^[50] the Bureau does not agree that all co-applicants should be treated as one applicant for purposes of determining gross annual revenue. The Bureau does not believe that, in situations not involving affiliated entities, such an approach would be consistent with section 1071's incorporation of the SBA's definitions of business concern and small business concern.

The Bureau also considered comments supporting alternative methods for defining a small business. As set out in the preamble to 2023 final rule,^[51] the Bureau believes that a single gross annual revenue standard is preferrable to the SBA size standards or other methods because it is simple and easy to implement while ensuring broad coverage. The Bureau believes that a $1 million threshold strikes a better balance between broad coverage and reducing regulatory burden than the higher thresholds supported by some commenters. Finally, the Bureau does not believe that it would be appropriate to define a small business based on the size of the loan applied for, as suggested by some commenters. As stated in the 2023 final rule, loan size does “not bear a sufficient relationship to the size of the business or its operations.” ^[52]

The Bureau also is making conforming changes to the inflation adjustment provision in § 1002.106(b)(2), to require adjustment in $100,000 increments (rather than $500,000) every five years after 2030 (rather than 2025). The Bureau believes that, given the change to a $1 million ( printed page 23558) revenue threshold, inflation adjustments in $500,000 increments will not be granular enough for this provision to meaningfully track inflation.

G. Section 1002.107—Compilation of Reportable Data

107(a) Discretionary Data Points

Section 1071 provides for two types of data points, those statutorily required under 15 U.S.C. 1691c-2(e) and those promulgated based on Bureau discretion provided for in 15 U.S.C. 1691c-2(e)(2)(H), which are sometimes referred to as discretionary data points, and which the Bureau has authority to add if the “Bureau determines [they] would aid in fulfilling the purposes of this section.” In the 2023 final rule, the Bureau finalized several discretionary data points, determining the additional data would aid in fulfilling the purposes of section 1071 of the Dodd-Frank Act, as required by 15 U.S.C. 1691c-2(e)(2)(H). The discretionary data points were for pricing information, time in business, North American Industry Classification System (NAICS) code, number of workers, application method, application recipient, denial reasons, and number of principal owners. The Bureau considered the additional operational complexity and potential reputational harm described by commenters that collecting and reporting these data points could impose on financial institutions, but determined that the costs were only incremental and that the data points were designed to minimize additional compliance burden.^[53]

Notably, in the 2023 final rule the Bureau declined to add other discretionary data points sought by commenters, because the decision whether to include a discretionary data point necessarily also involves considering the relative utility of a data point and the operational complexity of adding it. For that reason, in 2023 the Bureau stated that it was adopting a “limited number of data points . . . that it believes will offer the highest value in light of section 1071's statutory purposes,” and it rejected additional data points on the grounds that they would pose “operational complexities.” ^[54] For example, the Bureau declined to include a data point on credit scores, even though the data would be useful for fair lending analyses, due to the complexity and operational difficulty of doing so.^[55]

In other words, to be included as a discretionary data point, the Bureau determined that a data point implicitly must satisfy two independent tests: (1) the data point would aid in fulfilling the purposes of section 1071, and (2) the Bureau believes based on the record before it that it is appropriate to adopt as a discretionary data point given factors such as operational cost and regulatory complexity. Accordingly, if the Bureau now believes that the relative utility of the data is not strong enough to justify the additional operational complexity for financial institutions, that is sufficient reason to remove the discretionary data point, even if the discretionary data point would otherwise advance the purposes of the statute.

After the publication of the 2023 final rule, two factors prompted reconsideration of the discretionary data points by the Bureau. First, as discussed above, pursuant to E.O.s 14192 and 14219 (“Ensuring Lawful Regulation and Implementing the President's `Department of Government Efficiency' Deregulatory Agenda”), the Bureau has reviewed the 2023 final rule as part of its effort to streamline and simplify regulations.^[56] The Bureau believes that removing some of the discretionary data points will meet the goals of these E.O.s. Second, subsequent to the publication of the 2023 final rule and through the implementation process, the Bureau received additional feedback about the number of data points total, and the logistical challenges associated with implementing some or all of the discretionary data points. The implementation feedback provided by stakeholders further supports reconsideration of certain discretionary data points, and the Bureau now believes that the 2023 final rule did not adequately consider the extent to which the value of the data point justifies the additional operational complexity in obtaining it.

Given this new information, described in greater detail below, the Bureau is removing the discretionary data points for application method, application recipient, denial reasons, pricing, and number of workers in § 1002.107(a)(3), (4), (11), (12), (16), as well as the relevant commentary, and is making conforming changes throughout.

The data points identified for removal are not statutorily required and are not otherwise relied upon by or intertwined with the statutorily required data points.^[57] In any case, because the identified data points were finalized pursuant to the Bureau's discretionary authority under 15 U.S.C. 1691c-2(e)(2)(H), it is also within the bounds of that discretion to remove these data points. The Bureau believes that their removal at this time, at the start of a potentially long-term data collection regime, will advance the longer-term statutory purposes of the rule. Stakeholders attempting to implement the rule have suggested the addition of data points beyond those statutorily required had led to unnecessary complexity in implementing the 2023 final rule, and that such complexity might reduce data quality and lead to additional errors. The Bureau believes that initiating the data collection with an expansive rule that covers more data points would make the initial collections more complicated and result in lesser data quality and integrity.

The Bureau believes it prudent to focus on the collection of a more limited number of core data points (the statutory data points and a limited number of other data points needed to facilitate the collection of these statutory data points) to avoid complexity in the initial implementation of a rule to implement section 1071. This in turn will make it more likely that covered financial institutions face a smoother transition in the initial years of the rule in ramping up to the accurate, recurring collection of data.^[58]

107(a)(3) Application Method

Proposed Rule

In § 1002.107(a)(3), the 2023 final rule required financial institutions to collect data on whether applications were submitted in person, by phone, online, or by mail. The Bureau explained its belief that these data will improve the market's understanding of how different types of applicants apply for credit and provide additional context for the business and community development needs of particular geographic regions. In its 2025 proposed rule, the Bureau proposed removing this data point.

Comments Received

The Bureau received comments from banks, credit unions, trade associations, ( printed page 23559) and community groups regarding the application method data point. Many industry commenters supported the proposal to remove this discretionary data point. A coalition of trade associations questioned the value of the data point and how it fulfills section 1071's statutory purposes. The coalition also asserted that collecting the data point was too complex because loan applicants often interact with lenders through multiple channels during the application process. The coalition further suggested that the Bureau could obtain information on how businesses apply for credit through existing or new surveys of small businesses instead of imposing a costly data collection mandate.

By contrast, community groups, an advocacy organization, and a trade association for small businesses opposed the removal of the application method data point. A community group asserted that eliminating the data point would undermine the statutory purposes of section 1071. A trade association commented that application method is an important data point for identifying both predatory loan application tactics as well as successful methods for reaching historically underserved businesses. Similarly, a coalition of community groups commented that removing the data point would make it impossible to determine whether differences in application method facilitate or inhibit access to credit.

Final Rule

The Bureau is finalizing the removal of § 1002.107(a)(3) as proposed. The Bureau continues to believe that, in the 2023 final rule, it overestimated the relative value of data on application method and underestimated the potential cost and complexity of collecting the data. Many lenders do not already collect this data point, and many small business applicants have multiple interactions with lenders across different methods during the application process, yet the 2023 final rule reduces those interactions to only a single point in time—when the “application” is considered submitted. While the Bureau acknowledges that, as discussed in the 2023 final rule, the data point may have value in furthering the purposes of section 1071, it now believes that its value is currently outweighed by its cost. The Bureau now believes that the 2023 final rule erred in not sufficiently considering the value of the data point in light of its cost.

The Bureau disagrees with commenters' assertions that the removal of the data point for application method would undermine the statutory purposes of section 1071 at the inception of this data collection. The Bureau agrees that some manner of capturing application method could potentially be useful for identifying predatory loan application tactics, and may help identify historically underserved businesses. However, the Bureau notes that the commenter did not address whether the remaining data points are sufficient to address these inquiries, and did not address whether the application method data point set forth in the 2023 final rule was sufficient to capture the full complexity of relationships between lenders and applicants. The Bureau agrees that differences in application method may facilitate or inhibit access to credit but believes the effects are unlikely to be significant and will not justify the costs of the data collection. Moreover, the Bureau believes that the collection of the section 1071 data points, as amended by this final rule, will facilitate attempts to analyze access to credit more generally. Going forward, the Bureau may reconsider adding this data point.

107(a)(4) Application Recipient

Proposed Rule

In the 2023 final rule, the Bureau required financial institutions to collect data on application method—whether the applicant submitted the covered application directly to the financial institution or its affiliate, or whether the applicant submitted the covered application indirectly to the financial institution via a third party.

In 2025, the Bureau proposed removing § 1002.107(a)(4).

Comments Received

The Bureau received comments from banks, credit unions, trade associations, and community groups regarding the application recipient data point. Many industry commenters supported the proposal to remove this discretionary data point. A coalition of trade associations questioned the value of the data point and whether it advances 1071 statutory purposes.

Some commenters opposed the proposal to remove the application recipient data point. A community group asserted that eliminating the data point would undermine the 1071 statutory purposes. A trade association commented that application recipient is an important data point for identifying both predatory loan application tactics as well as successful methods for reaching historically underserved businesses. Similarly, a coalition of community groups commented that removing the data point would make it impossible to determine whether differences in application recipient facilitate or inhibit access to credit.

Final Rule

The Bureau is finalizing the removal of § 1002.107(a)(4) as proposed. As with application method, the Bureau continues to believe that in the 2023 final rule, it overestimated the relative value of data on application recipient and underestimated the potential cost and complexity of collecting the data. Many lenders do not already collect this data point, and in some instances, it may be difficult for lenders to determine whether they received an application through a third party. While the Bureau acknowledges that, as discussed in the 2023 final rule, the data point may have value in furthering the purposes of section 1071, it now believes that its value is currently outweighed by its cost. The Bureau now believes that the 2023 final rule erred in not sufficiently considering the value of the data point in light of its cost.

The Bureau disagrees with commenters' assertions that the removal of the application recipient data point would undermine the statutory purposes of section 1071 at the inception of this data collection. The Bureau agrees that application recipient could potentially be useful for identifying predatory loan application tactics, and may help identify historically underserved businesses. However, the Bureau notes that the commenter did not address whether the remaining data points are sufficient for those inquiries. The Bureau agrees that differences in application recipient may facilitate or inhibit access to credit but believes the effects are unlikely to be significant and will not justify the costs of the data collection. Moreover, the Bureau believes that the collection of the section 1071 data points, as amended by this final rule, will facilitate attempts to analyze access to credit more generally. Going forward, the Bureau may reconsider adding this data point after properly weighing costs and benefits.

107(a)(11) Denial Reasons

Proposed Rule

The Bureau explained in the 2023 final rule that data on denial reasons will allow data users to better understand the rationale behind denial decisions, help identify potential fair lending concerns, and provide financial institutions with data to evaluate their ( printed page 23560) business underwriting criteria and address potential gaps as needed.

In 2025, the Bureau proposed removing § 1002.107(a)(11).

Comments Received

The Bureau received comments from banks, credit unions, trade associations, and community groups regarding the denial reasons data point. Many commenters supported the proposal to remove this discretionary data point. Some industry commenters asserted that doing so would better protect borrowers' privacy. These commenters further asserted that the data could be misinterpreted given the large variability in underwriting for small business lending. A small business trade association commented that the action taken data point is sufficient to further the fair lending objective of section 1071 and that applicants can already obtain denial reasons under existing ECOA requirements. A couple of industry trade associations noted that in indirect vehicle financing transactions, dealerships are not often provided and do not have access to reasons why a third-party finance source denied a credit application. Other trade associations commented that differences between the requirement to provide denial reasons under section 1071 and in ECOA adverse action notices may cause confusion among lenders.

A number of other commenters opposed the proposal. Several community groups stressed the importance of denial reasons in furthering the community development objective of section 1071. Specifically, they said that denial reasons would enable policymakers, lenders, and community groups to identify gaps and barriers to credit access and devise tailored solutions. A trade association and a number of community groups expressed concern that removing the data point would undermine the fair lending objective of section 1071 by weakening the dataset's capacity to identify discriminatory patterns. Several community groups asserted that the Bureau's concerns for borrower privacy are overstated. The groups emphasized that the collection of sensitive borrower information under HMDA has not resulted in the types of privacy breaches contemplated by the Bureau. A community group asserted that the Bureau's concerns about the complexity of collecting this data are also overstated because lenders already collect and store this information.

Final Rule

The Bureau is finalizing the removal of § 1002.107(a)(11) as proposed. While the Bureau acknowledges that, as discussed in the 2023 final rule, the data point for denial reasons may have value in furthering the purposes of section 1071, it now believes that its value is outweighed by its cost at the inception of this long-term data collection regime. The Bureau now believes that the 2023 final rule erred in not sufficiently considering the value of the data point in light of its cost.

The Bureau acknowledges that denial reasons could be helpful for furthering either of the statutory purposes of section 1071 but disagrees with commenters about the extent to which the data point, as written, would facilitate this. Relative to the action taken and other data points that the rule continues to require, the Bureau believes that data on denial reasons may provide only marginal value. Commenters who stressed the importance of this data point did not explain in detail why the action taken and other remaining data points are insufficient to identify discriminatory patterns and gaps and barriers to credit access. Additionally, applicants are already able to obtain a statement of denial reasons in adverse action notices required under Regulation B.

Requiring collection and reporting of this data point would, as acknowledged in the 2023 final rule, pose a privacy risk if re-identification of the applicant were to occur. The Bureau disagrees that it has overvalued borrower privacy concerns with respect to this data point. The Bureau also disagrees that it has overestimated the complexity of collecting this data point.

Lenders already collect and store the information on denial reasons consistent with the Regulation B subpart A requirements for providing adverse action notices. Those categories are similar to, but do not entirely align with, the denial reason categories required by the 2023 final rule.

107(a)(12) Pricing

Proposed Rule

In the 2023 final rule, the Bureau required reporting of an array of different pricing data: interest rate; total origination charges; broker fees; the total amount of all non-interest charges that are scheduled to be imposed over the first annual period; for a merchant cash advance or other sales-based financing transaction, the difference between the amount advanced and the amount to be repaid; and information about any applicable prepayment penalties. It explained its belief that because price-setting is integral to the functioning of any market, any analysis of the small business lending market—including to enforce fair lending laws or identify community and business development opportunities—would be less meaningful without this information. The 2023 final rule acknowledged the potential complexity of collecting these data, and commenters noted the risk that it could reveal confidential business information or lead to incorrect inferences about discrimination.

The Bureau proposed the removal of § 1002.107(a)(12).

Comments Received

The Bureau received comments from banks, credit unions, trade associations, and community groups regarding the pricing data point. Industry commenters generally supported the proposal to remove this data point. Several commenters asserted that the numerous data fields for pricing information required by the 2023 final rule are too complicated and burdensome for lenders to isolate, store, and report. As with denial reasons, commenters also asserted that the data would be prone to misinterpretation given the large variability in underwriting for small business lending. They claimed this could cause unwarranted damage to lenders' reputations even if a disclaimer accompanied published section 1071 data explaining that the data alone does not establish discriminatory conduct. Some commenters argued that fear of discrimination allegations would cause lenders to adopt stricter underwriting guidelines, thus reducing credit access and undermining the statutory purposes of section 1071. Finally, some industry commenters worried that the data would expose proprietary business information to competitors.

A number of commenters opposed the proposal. Many community groups emphasized that the loans in the dataset will not be comparable without pricing information, and that the dataset will be less effective for detecting discriminatory practices and understanding the market. Several community groups asserted that the lack of loan-to-loan comparability would incentivize lenders to increase their approval rates by raising prices instead of innovating to deliver accessible and affordable credit. One community group commented that the recent proliferation of high-cost loan products makes price transparency particularly important now. As with denial reasons, several commenters contested the Bureau's concerns of third parties misusing the data. These commenters asserted that the Bureau did not offer any evidence that the potential misuse of the data outweighs the benefits of reporting the ( printed page 23561) data, and they claimed that the experience of data reporting under HMDA suggests the risk of misuse is low.

Final Rule

The Bureau is finalizing the removal of § 1002.107(a)(12) as proposed. While the Bureau acknowledges that, as discussed in the 2023 final rule, the data point for pricing information may have value in furthering the purposes of section 1071, it now believes that its value is outweighed by the substantial complexity of the data collection at the inception of this long-term data collection regime. The Bureau now believes that the 2023 final rule erred in not sufficiently considering the value of the data point in light of its cost.

The Bureau believes that the additional burden of collecting this data point exceeds its potential value at this time. The Bureau understands concerns that removing the pricing data point would potentially make it difficult to compare loans, and make it less effective in detecting discriminatory practices and understanding the market. As commenters have noted, pricing information has been important to the analysis of HMDA data.

However, as in their analysis of other discretionary data points, many commenters on this pricing data point seem to conflate the usefulness of a data point in the context of a long-standing data collection regime, and including such a data point at the inception of a new data collection regime. In essence, many comments on pricing treat the 2023 final rule as an existing data collection regime, from which the proposed revision would detract.

The manner in which Regulation C was implemented over time—even if the way the rule progressed over time was not necessarily by design—points to the value of incrementalism in data collection. The first pricing data point was introduced only two decades after HMDA data collection commenced, and only included at first a simplified “rate spread” field (the difference between the APR of certain loans and the Federal funds rate).^[59] Later Regulation C amendments added additional fields to the collection of pricing data.^[60]

Whether intended or not, the Bureau believes that the effect of this incrementalism in HMDA/Regulation C was to make the pricing data point easier for lenders to adapt to over time with less disruption to mortgage markets. The contrafactual that no commenter has apparently contemplated is how much more disruptive HMDA might have been if lenders had to comply with the full complement of data points that exist now at the inception of that data collection. As a result, the Bureau continues to believe that, at the inception of this long-term data collection regime, the potential complexity and cost of the pricing data point would outweigh its value.

The Bureau, therefore, agrees that, in general, loans in the dataset would be more comparable with pricing information; however, the Bureau believes that, at the inception of the data collection regime, users of the data should analyze other data points as potentially clearer indicators of lending discrimination. In the future, it may be possible to introduce collection and reporting of pricing data and obtain greater comparability when lenders are more settled in collecting section 1071 data.

Regarding the argument that removing pricing data would incentivize lenders to increase approval rates by increasing prices, the Bureau believes that such a concern is speculative at this point; the commenter does not suggest any past instance of such practices occurring in response to changes in regulations for the purpose of evading fair lending analysis. The Bureau disagrees that it has overestimated the potential harm from third parties misinterpreting or misusing the data; the Bureau acknowledged in its preliminary privacy analysis in the 2023 final rule the possibility of such misuse. In any case, such harms are not the primary reason for the removal of the pricing data point.

107(a)(15) NAICS Code

Proposed Rule

The Bureau did not propose, or solicit comments on, the removal of the data point capturing a small business's 3-digit NAICS code to identify the industry in which the credit applicant operates.

Comments Received

The Bureau received comments from banks, trade associations, and community groups regarding the data point for the 3-digit NAICS code. Some industry commenters requested that the Bureau eliminate this data point. Several trade associations commented that the data point does not facilitate fair lending enforcement. Several banks and trade associations asserted that the data would be unreliable and inaccurate because applicants and lenders often do not know which NAICS code to apply. Commenters also asserted that the data point poses re-identification risk for applicants, especially in rural areas with few small businesses. One bank noted that re-identification risk could chill businesses' willingness to apply for credit. Several banks and trade associations commented that the cost for this data point will be significant because some lenders, including automobile dealerships and community banks, do not already collect this information. Some trade associations requested additional flexibility for reporting the data, such as permitting use of 2-digit NAICS codes and providing a safe harbor if an applicant does not provide the code.

By contrast, a community group and a bank supported retaining the data point, arguing that it helps identify whether certain sectors or industries are associated with unique barriers to lending.

Final rule

The Bureau is retaining § 1002.107(a)(15) as is. The Bureau addressed similar comments opposing the data point for NAICS code in the 2023 final rule. The Bureau continues to believe that the 3-digit NAICS code achieves the right balance between minimizing compliance burdens and re-identification risk, while also providing valuable data to analyze fair lending patterns and identify industry subsectors with unmet credit needs. The Bureau does not believe that there is evidence for the assertion that the collection of the 3-digit NAICS code would discourage small businesses from applying for credit. The Bureau also disagrees with the comment that the cost for this data point will be significant because some lenders do not already collect this information. Furthermore, the Bureau notes that lenders already have significant flexibility in their collection of 3-digit NAICS codes. Their ability to rely on NAICS codes obtained from applicants or third-party sources, combined with the existing NAICS code safe harbor provision in § 1002.112(c)(3), significantly eases potential difficulties for financial institutions in collecting and reporting the data. Additionally, the Bureau believes that a 2-digit NAICS code would not provide sufficiently detailed information to aid regulators and the public in monitoring particular industries' access to small business credit, nor would it meaningfully diminish the cost of collecting and reporting the data point as compared to a 3-digit code. Finally, re-identification risk can be addressed by pre-publication modifications and deletions as needed. ( printed page 23562)

107(a)(16) Number of Workers

Proposed Rule

The 2023 final rule required financial institutions to report the number of workers in ranges, and stated that data on the number of persons working for a small business applicant will provide data users and relevant stakeholders with a better understanding of the job maintenance and creation that small business credit provides.

The Bureau proposed removing § 1002.107(a)(16).

Comments Received

The Bureau received comments from banks, industry trade associations, and community groups regarding the number of workers data point. Many commenters supported the proposal to remove this discretionary data point. A couple of trade associations asserted that the data point offers limited value for fair lending enforcement, and that the data would be inaccurate because small businesses lack precise or stable employment figures. A coalition of trade associations suggested that the Bureau could obtain this data point through existing or new surveys of small businesses instead of imposing a costly data collection mandate.

Some commenters opposed the Bureau's proposal to remove this data point. Two community groups disagreed with the Bureau's assessment that it is difficult for small businesses to calculate their number of workers. One of those groups emphasized that most small businesses do not have any employees. The group further suggested that the Bureau could reduce ambiguity about how to report the number of workers by issuing additional instructions or guidance, including allowances for relying on the judgment of the loan applicant.

A trade association for small businesses and several community groups emphasized the importance of the data point in furthering the community development purpose of section 1071. A bank and a community group disagreed with the Bureau's explanation that the data point is not justified on fair lending grounds. The community group asserted that the capacity to hire and retain workers is an important control variable in assessing lending disparities. The group also questioned why the data point's benefits for community development are not sufficient justification for collecting the data even if the Bureau is correct to conclude that the data point cannot be justified on fair lending grounds.

Final Rule

The Bureau is finalizing the removal of § 1002.107(a)(16) as proposed. The smaller number of businesses with employees that remain covered under this rule, coupled with data inconsistences that are likely to result from the complexity of providing the information, diminish the value of this data point. While the Bureau acknowledges that the data point may have value in furthering the purposes of section 1071, its value is currently diminished by its likely imprecision and outweighed by the cost and complexity of collecting the data at the inception of this long-term data collection regime.

One commenter's assertion, that most small businesses have no employees, suggests removal of this data point as much as it suggests its retention. If most applicants have no employees, the cost and complexity of collecting this data point may be relatively low but the value of the data will also be low. Changing the gross annual revenue threshold from $5 million to $1 million means fewer covered businesses are likely to have any employees to report. The Bureau continues to believe that it could be difficult for small businesses—especially those that use contractors, temporary or gig workers, or seasonal workers, or those that cycle through employees frequently—to determine their number of workers in accordance with the 2023 final rule. Commenters who asserted otherwise did not explain how these types of businesses could determine the data point easily or suggest specific guidance that the Bureau could issue to simplify the data collection.

The Bureau disagrees with some commenters about the relative importance of this data point in furthering either of the purposes of section 1071. The Bureau has acknowledged the potential value of this data point but believes that the additional burden of collecting this data point exceeds its potential value at this time. It is simply not practicable to collect every possible control variable for assessing lending disparities.

107(a)(17) Time in Business

Proposed Rule

The Bureau did not propose, or solicit comments on, the removal of the discretionary data point capturing a small business's time in business.

Comments Received

The Bureau received comments from banks, trade associations, and a community group regarding the discretionary data point for time in business. Some industry commenters requested that the Bureau eliminate this data point. Several banks asserted that the data point poses re-identification risk for applicants, especially in rural areas with few small businesses. A bank and a trade association commented that ambiguities in how to report this data ( e.g., total years of experience of the owner or years of operation of the specific business) will create inconsistencies and ultimately make the data unreliable and misleading.

A community group supported retaining the data point, arguing that it helps identify whether the age of a business is associated with barriers to lending.

Final Rule

The Bureau is retaining § 1002.107(a)(17) as is. The Bureau addressed similar comments opposing the data point for time in business in the 2023 final rule. As the Bureau acknowledged in the 2023 final rule, “allowing different methods for measuring time in business will have an effect on the comparability of the data, but information about the time in business actually collected by the financial institution for its own purposes will be useful for fair lending analysis and will impose less operational difficulty than requiring reporting based on a single definition.” ^[61] Further, the Bureau continues to believe, inter alia, that this data point may be particularly important in identifying unmet credit needs amongst relatively new businesses and start-ups, and in potentially identifying false positives in fair lending analyses.^[62] Additionally, re-identification risk can be addressed by pre-publication modifications and deletions as needed.

107(a)(20) Number of Principal Owners

Proposed Rule

The Bureau did not propose, or solicit comment on, § 1002.107(a)(20), which requires financial institutions to collect and report the number of an applicant's principal owners.

Comments Received

The Bureau received comments from several banks and trade associations regarding the discretionary data point for number of principal owners. Several industry commenters requested that the Bureau eliminate this data point. Two banks questioned whether the data point advances either of the statutory ( printed page 23563) purposes of section 1071. Those banks also asserted that collecting the data point for businesses with complex ownership structures would be difficult and burdensome. An industry trade association requested additional guidance and examples regarding the definition of principal owner.

Final Rule

The Bureau is retaining § 1002.107(a)(20) as is. The Bureau addressed similar comments opposing the data point for number of principal owners in the 2023 final rule. As the Bureau explained in the 2023 final rule, “[a]lthough some small business applicants, such as family farmers, may have ownership structures where there are many owners and/or where ownership is through various business entities, the rule's definition for principal owner means that applicants would be required to identify only individuals, and not entities or trusts, with direct ownership in the business and would not need to trace ownership through multiple business entities or provide information about individuals with small equity shares in the business.” ^[63] Furthermore, the Bureau continues to believe that the commentary in the 2023 final rule is sufficiently clear and does not need to be revised or augmented. In addition, collecting and reporting ethnicity, race, and sex for principal owners—as required by section 1071—would be considerably more difficult without this information.

LGBTQI+-Owned Business Status

The 2023 final rule required financial institutions to inquire whether a small business applicant for credit is a minority-owned, women-owned, and/or LGBTQI+-owned business. The Bureau proposed removing this data point. This discretionary data point is addressed in more detail below in the discussion of § 1002.107(a) on the collection of sex, gender, and related data.

107(a) Statutory Data Points

Proposed Rule

The Bureau did not propose or solicit comment on revisions to certain other statutory data points, including unique identifier, (§ 1002.107(a)(1)), application date (§ 1002.107(a)(2)), credit type (§ 1002.107(a)(5)), credit purpose (§ 1002.107(a)(6)), amount applied for (§ 1002.107(a)(7)), amount approved or originated (§ 1002.107(a)(8)), action taken (§ 1002.107(a)(9)), action taken date (§ 1002.107(a)(10)), census tract (§ 1002.107(a)(13)), gross annual revenue (§ 1002.107(a)(14)). Minority-owned and women-owned status (§ 1002.107(a)(18)), and ethnicity, race and sex of principal owners (§ 1002.107(a)(19)) are also statutory data points, and the Bureau did propose certain revisions to those, as set out further below.

Comments Received

The Bureau received comments from several banks and a trade association regarding a few of the statutory data points, which the Bureau did not propose to amend. One bank from a rural area commented that reporting the census tract and gross annual revenue data points poses a re-identification risk, especially in conjunction with other data points like NAICS code and time in business. A trade association asserted that the “waterfall” approach in the 2023 final rule for reporting the applicant's census tract is confusing and burdensome, and requested that the Bureau instead use the definition of census tract in section 1071. Finally, a bank commented that loan term data should only be reported for originated loans. The bank asserted that loan term data is incomplete without pricing information and would not meaningfully advance the objectives of section 1071. The bank further asserted that the value of the data is outweighed by the operational burden.

Final Rule

The Bureau declines to adopt the changes to the statutory data points suggested by commenters. The Bureau addressed similar comments opposing the data point for census tract in the 2023 final rule. The Bureau appreciates concerns regarding the potential re-identification risk posed by the publication of unmodified census tract data and understands that modification of the data may be appropriate to mitigate that risk in some instances. Regarding the waterfall approach in the 2023 final rule, the Bureau continues to believe that this reporting method strikes the appropriate balance between collecting useful information to further section 1071's purposes while avoiding imposing additional burden on financial institutions. This approach was specifically intended to provide flexibility to financial institutions in collecting this data point based on information they already have.^[64] For the reasons stated in the 2023 final rule, the Bureau does not believe that this imposes an operational burden on financial institutions.

Regarding the comments about the complexity and difficulty of reporting the remaining data points the Bureau emphasizes that nearly all the remaining data points are specifically enumerated in section 1071, and, as stated above, the limited number of other data points are needed to facilitate the collection of the statutory data points. Furthermore, the Bureau continues to believe that the commentary in the 2023 final rule for the remaining data points is sufficiently clear and does not need to be revised or augmented. In any case, the commenters did not suggest specific additional guidance or bright line rules that the Bureau could issue to simplify the data collection.

107(a) Collection of Disaggregated Ethnicity and Race Categories

Proposed Rule

Section 1002.107(a)(19) requires the collection of both aggregate and disaggregated race and ethnicity information on principal owners of small business applicants. However, 15 U.S.C. 1691c-2(e)(2)(G) only specifies “race” and “ethnicity,” without referencing disaggregation of those categories. Given the Bureau's concern about commencing a long-term data collection regime by asking for potentially complex and costly data points, the Bureau's proposal sought comment on whether it should further revise the rule's data collection requirements to require collection only of aggregate ethnicity and race categories. It also sought specific comment on: (1) what utility there might be for carrying out the purposes of section 1071 in requiring the collection of disaggregated categories of ethnicity and race, in addition to the aggregate categories, and (2) the costs and burdens for financial institutions in requiring the collection of these disaggregated categories of ethnicity and race.

Comments Received

The Bureau solicited comment regarding the utility, in furthering the purposes of section 1071, of requiring the collection of the disaggregated categories of ethnicity and race in addition to the aggregated categories. Several trade associations and lenders provided comments supporting the elimination of the use of disaggregated race and ethnicity categories, for a ( printed page 23564) number of reasons. Some trade associations asserted that the collection of disaggregated race and ethnicity data is not required by the statute. Commenters also stated that the collection of disaggregated data increases costs and burdens on financial institutions, increases operational complexities, and may result in poor data quality and fewer submissions. Two trade associations noted that the disaggregated subcategories also used free form text fields and said that data inconsistency, operational complexities and costs, and the risk of data corruption were all potential drawbacks that came with the use of such fields. Several trade associations and a lender commented that requesting this information causes applicant confusion and results in “friction” with applicants, and also that the added length to the application often leads to increased application drop-off rates. One commenter also said that the disaggregated fields were “infeasible” for mobile applications. Finally, drawing parallels with the HMDA data collection regime, several commenters asserted that disaggregated data would not facilitate meaningful fair lending statistical analysis if not enough applicants provide this data.

Several trade associations and advocacy groups supported retaining the disaggregated race and ethnicity categories. A trade association for lenders, two trade associations for small businesses, and community groups commented that disaggregated race and ethnicity categories advance the fair lending statutory purpose of section 1071, noting that fair lending statistical analyses using the aggregate categories alone often mask disparities within certain categories or across certain geographies. One trade association noted the existence of Federal statistical standards that emphasize structuring and organizing demographic data to support accurate and comparable analysis, and said that aggregation makes misclassification and error more likely, reduces comparability, limits interpretability, and weakens the reliability of any analysis. Finally, an advocacy group suggested that rather than eliminating the disaggregated categories, the Bureau should offer technical assistance to promote consistent reporting so as to strengthen the quality and the utility of the data over time.

Final Rule

Based on the requirements detailed in ECOA and the responses to its solicitation for comments on this issue, the Bureau has determined to eliminate the use of disaggregated categories in collecting principal owners' race and ethnicity in the commentary to § 1002.107(a)(19), including comments 107(a)(19)-13, -14 and 16, and has made conforming changes elsewhere in the regulatory text and commentary.

The Bureau is eliminating the use of disaggregate race and ethnicity categories for a number of reasons. First, as noted by several commenters, the best reading of the statute is that the collection and use of disaggregated race and ethnicity categories is not required explicitly by statute; only aggregated race and ethnicity are required. As such, eliminating the use of disaggregated categories will more closely align the regulation to the statute. Second, in the Bureau's view, eliminating the disaggregated race and ethnicity categories will reduce regulatory burden and operational costs and complexities while likely improving data quality, especially at the onset of a long-term data collection program. The Bureau agrees with commenters' concerns that the use of free-form text fields in collecting disaggregated race and ethnicity, could increase inconsistencies in, and unreliability of, the data reported. Additionally, eliminating the disaggregated categories will reduce small business applicants' confusion about what information to provide and decrease friction between financial institutions and customers. Finally, based on observations on data provided under the HMDA, the Bureau agrees that the disaggregated categories would not necessarily improve fair lending analysis if not enough small business applicants provide this data.

The Bureau is not persuaded by commenters supporting the retention of the disaggregated race and ethnicity categories. The Bureau finds that the regulatory burden and potential for unreliable, inconsistent data outweighs any potential benefits derived from analysis of disaggregated race and ethnicity categories, at least at the onset of this long-term data collection program. Analysis at the aggregate level should be sufficient to address the statutory requirement that race and ethnicity data be collected and shed light on areas of difference between groups of small business applicants and to conduct fair lending analysis. Further, any Federal standards regarding the specificity of the contents of large datasets do not relate directly to the particular complexities and burdens posed by this data collection statute, which, as commenters have explained, are significant.

The Bureau notes that commenters arguing that disaggregated race and ethnicity categories would advance the fair lending statutory purpose of section 1071 have not taken into account countervailing factors, such as the risk of application drop-offs and the fact that HMDA has historically had low response rates to requests for disaggregated race and ethnicity data. The Bureau notes that disaggregated data cannot unmask disparities within certain categories if meaningful numbers of small business applicants decline to provide such data. The Bureau observes that the commenters citing Federal statistical standards—which cast doubt on the reliability of aggregate race and ethnicity data—do not state if such standards take into account the specific context of small business lending, a market in which prior to section 1071 lenders were generally prohibited by ECOA from asking from such demographic data. The Bureau also observes that the Federal statistical standards cited by commenters may not take into account the most relevant basis for comparison—the historically low response rates to disaggregated race and ethnicity questions in the HMDA context.

The Bureau does not dismiss the possibility of incorporating disaggregated data in the future and acknowledges the comment that the Bureau should offer technical assistance to promote consistent reporting so as to strengthen the quality and the utility of the data over time, but has determined that it should do so first concerning aggregate data, if only to better assure the reception by applicants in the future, should the Bureau determine it appropriate to add disaggregated race and ethnicity data requests to the rule.

107(a) Collection of Sex, Gender, and Related Data

LGBTQI+-Ownership

Proposed Rule

Section 1002.107(a)(18) in the 2023 final rule requires financial institutions to inquire whether a small business applicant for credit is a minority-owned, women-owned, and/or LGBTQI+-owned business. The Bureau explained that, based on limited information available, it believed that LGBTQI+-owned businesses may experience particular challenges accessing small business credit, and used its discretionary authority under 15 U.S.C. 1691c-2(e)(2)(H) to require financial institutions to request information about whether an applicant is a LGBTQI+-owned business.

The Bureau proposed several changes related to LGBTQI+ ownership. ( printed page 23565) Specifically, the proposed revisions included removing the definition related to LGBTQI+-owned business status in § 1002.102(k) and (l); removing references to LGBTQI+-owned business status in § 1002.107(a)(18) and (19); and associated commentary, and revising how principal owners' sex is to be collected in commentary accompanying § 1002.107(a)(19). The proposed changes also included removing references to LGBTQI+-owned business status in Regulation B, subpart A, § 1002.5(a)(4) and revising commentary accompanying § 1002.5(a)(2). The Bureau is also proposed making conforming changes elsewhere throughout the regulatory text and associated commentary, as well as the sample form in appendix E.

In addition, on January 30, 2025, the President issued the Defending Women E.O. (E.O. 14168), which directs Federal agencies not to discuss gender identity and to refer to sex using a binary of male/female. Consistent with this E.O. and the feedback the Bureau received from stakeholders, the general public described above, and section 1071 itself, the Bureau is revising the rule. These changes generally include (1) removing references to and questions about “LGBTQI+”-owned business status, (2) requiring financial institutions to inquire about a principal owner's sex, rather than sex/gender, and (3) providing that the sex of the principal owners be selected from a static binary response option of male/female, rather than a free-form text field.

Comments Received

Several trade associations, lenders, advocacy groups, and at least one individual noted their support for the proposal to remove all references, definitions, and inquiries related to the LGBTQI+ status of small business applicants from the rule. One trade association and several advocacy groups argued that ECOA did not specifically cover gender and LGBTQI+ status, and that eliminating the data point would better align with ECOA and further its purposes. Several trade associations and a lender observed that the LGBTQI+ data point was discretionary and, they said, would add complexity to data collection, increase the likelihood of data errors and comparability, and require extensive staff training and system updates. Several trade associations and a bank asserted that collecting LGBTQI+ information was regulatory overreach and that removing the data point would be consistent with a more incremental approach to implementing the rule. Finally, several trade associations and lenders commented that collecting LGBTQI+ data presented privacy concerns. Two trade associations and a lender also stated that collecting this information risked damaging relationships between lenders and their customers, especially in smaller markets.

Several advocacy organizations and individuals opposed the removal of the LGBTQI+-owned status data point. Several commenters observed that LGBTQI+ applicants have faced historical, systemic barriers to accessing credit, making robust safeguards important. These commenters further noted the importance of data on LGBTQI+-owned businesses to identify unequal treatment and patterns of discrimination, and to enforce fair lending laws, including evaluating the effectiveness of special purpose credit programs intended to serve such businesses. Several commenters observed that the voluntary nature of the reporting, in that it is subject to the right to refuse, would protect applicant privacy. Finally, one advocacy group commented that LGBTQI+ persons were the best source of information on their privacy concerns, and that the Bureau should conduct outreach with them on this issue.

Final Rule

The Bureau is finalizing removal of the LGBTQI+-owned status data point as proposed. In the time since the 2023 final rule, the Bureau has heard repeated concerns from stakeholders, as well as Members of Congress and the general public, that this question in particular is an invasion of privacy and risks damaging the relationship between small businesses and their lenders, particularly in smaller lending markets. The Bureau now believes that the sensitivities involved in this inquiry, which the 2023 final rule failed to address, exceed any utility this data point might provide, and that it adds to the overall complexity of a lengthy data collection.^[65]

The Bureau agrees with commenters' observations that ECOA does not explicitly refer to gender identity or LGBTQI+ status. The Bureau also agrees with comments that collection of this discretionary data point could add cost and complexity to the data collection process. The Bureau also believes that removing this discretionary data point will alleviate the privacy concerns raised by commenters regarding the collection of LGBTQI+ data from small business applicants. Lastly, the Bureau agrees with the commenters' observations that the ECOA does not explicitly refer to gender or LGBTQI+ status.

The Bureau is not persuaded by commenters that wrote to express support for the collection of LGBTQI+-owned status of applicants. Even if, as the Bureau noted in the 2023 rule, LGBTQI+-owned businesses may experience challenges accessing small business credit, the Bureau believes that it should not require collection of such data at the onset of a long-term data collection program. None of the commenters requesting that the Bureau retain this data point suggested that the collection of this data would not add to the cost or complexity of the rule. Furthermore, the determination to collect this data using the Bureau's discretionary authority under 15 U.S.C. 1691c-2(e)(2)(H), as the 2023 final rule states, was “[b]ased on limited information.” ^[66] The Bureau does not believe, given the countervailing considerations, that it should require collection of this data at this time. Further, the decision to remove this data point is consistent with the Defending Women E.O.

Finally, while the Bureau agrees with the commenter that the voluntary nature of the data collection would help protect applicant privacy on this data point, applicants would have far greater privacy protections from removing the data point entirely. The Bureau agrees with commenters stating that the very existence of such a query could strain customer relationships with financial institutions.

Sex/Gender

Proposed Rule

Section 1002.107(a)(19) in the 2023 final rule requires financial institutions to ask a small business applicant to provide its principal owners' ethnicity, race and sex. Commentary to § 1002.107(a)(19) required financial institutions, when requesting principal owners' sex, to use the term “sex/gender” and to give applicants a free-form text field to provide a response. In the 2023 final rule, the Bureau explained its belief that this approach would allow applicants to self-identify as they see fit. The Bureau proposed to ( printed page 23566) remove references to the term “gender” in commentary related to § 1002.107(a)(19) and to ask whether a principal owner is male or female.

Comments Received

The Bureau received several comments on the proposed changes to revise the collection of principal owners' sex/gender to a binary choice between male and female, and to eliminate the use of a free-form text field to provide a response. Several trade associations, and two advocacy groups supported the proposal, stating that data collected via free-form text fields tend to result in lower data quality, inconsistency in the data that are collected, and leaves room for interpretation of the data collected. Several trade associations, an advocacy group, and a bank stated that free-form text fields increase costs for lenders and result in unnecessary regulatory complexity. Finally, referencing ECOA as well as the Defending Women E.O., several advocacy groups asserted that there are only two sexes, and that gender is not synonymous with sex.

Other commenters supported retaining the free-form text field. Several community groups disputed that the Defending Women E.O. governed in this instance, stating that section 1071 as a congressional mandate had legal priority over an executive order. One community group argued that the presence of a free-form text field does not amount to “discussing” gender as prohibited by the E.O. Another community group noted that forcing non-binary persons to select a binary response would violate their rights and would render data provided to the Bureau inaccurate. One community group noted that limiting collection to male and female sex renders LGBTQI+ individuals invisible in the data. The group also asserted that this data is important because of the history of discrimination against LGBTQI+ persons, many of whom, they said, turn to starting their own businesses. This commenter further stated that some experts in LGBTQI+ issues have developed standardized, two-step measures that separately capture sex assigned at birth and current gender identity, with structured responses and coding to support high-quality data analysis without erasing gender minorities.

Final Rule

The Bureau is finalizing the revisions as proposed regarding how principal owners' sex is to be collected in commentary accompanying § 1002.107(a)(19). Specifically, financial institutions are required to inquire about a principal owner's sex, rather than sex and gender, and sex of the principal owner is to be selected from only the choices of male or female, rather than allowing any response via a free-form text box. Additionally, this change comports with the plain text of the statute, which explicitly requires financial institutions to collect of data on the sex of principal owners, but does not mention gender identity, much less require collection of data on it. Further, the revisions are in accord with the Defending Women E.O. described above. The Bureau is also making conforming changes elsewhere throughout the regulatory text and associated commentary, as well as the sample form in appendix E.

The Bureau determines that, particularly in the context of a data collection rule, use of only a free-form text field would inhibit robust data analysis, contrary to the purposes of the rule. The Bureau also now believes, based on feedback from stakeholders of all kinds, that a free-form text field would likely result in poor data quality, given the variety of possible responses to the sex question. The Bureau believes that the most appropriate way to collect data on the sex of a principal owner is to ask the straightforward question of whether the owner is male or female. These changes are consistent with the statute, the Defending Women E.O., and feedback from many stakeholders and the public.

As noted by several commenters, providing a straightforward choice of male or female and eliminating the existing, free-form text field ensures data consistency, quality, and comparability, and eliminates any need for further interpretation of the data collected. The Bureau agrees that replacing the free-form field with a binary male or female choice is more cost-effective for financial institutions and reduces the operational complexity surrounding the collection of this data, especially at the onset of a long-term data collection program such as this.

The Bureau is not persuaded by commenters who advocated for retaining the free-form text field. The Bureau believes that a simple male or female choice for sex is adequate and appropriate for the data collection under section 1071. The Bureau disagrees with the comment that a requirement that applicants choose either male or female for the sex of a principal owner would violate their rights. The Bureau believes this argument is based on the premise that the reference to “sex” in the statute must be read to include gender identity. The Bureau observes that the 2023 final rule took this position based on the interpretation of a separate statute in Bostock v. Clayton County, a case involving employment discrimination that has not been applied outside of that context. The Bureau notes that in 15 U.S.C. 1691c-2(e)(2)(G) on its face only requires the collection of the “race, sex, and ethnicity” of each principal owner. Gender is not explicitly mentioned in that provision, or any other, and is therefore not required to be collected under the statute. Further, a commenter's suggestion that a free-form text field does not equate to “discussing” gender in the manner addressed by the E.O. is not relevant for purposes of this analysis, since the E.O. plainly directs that “[a]gency forms that require an individual's sex shall list male or female.” ^[67]

Further, whether an E.O. could be sufficient to repeal a statutory mandate to collect a data point is, here, is also irrelevant; section 1071 contains no reference to, much less a mandate to collect, gender, and the changes made in this rule have been made for reasons independent of the E.O., as described herein. In any case, it is appropriate for the Bureau to follow current guidance from other parts of the Federal government, including the current practice of the White House and other Federal agencies on the reporting of demographic data as a means of ensuring standardized and comparable data.

The Bureau's primary statutory duty is the collection of data required under the statute—here, the sex of principal owners—without unnecessary complexity and burden, and data collected solely via free-form text boxes cannot serve those ends as well as a binary choice between male and female. In addition, while some commenters suggest that there are standardized methods of collecting information beyond male/female, other than using a free-form data field, the Bureau believes that the collection of any such data would require the use of is discretionary authority under 15 U.S.C. 1691c-2(e)(2)(H) to accommodate choice beyond male and female. The Bureau does not believe that the collection of such data would advance the statutory purposes of the rule at the onset of a long-term data collection program like this. ( printed page 23567)

107(a) Applicant's Right To Refuse To Provide Demographic Data

Proposed Rule

Section 1002.107(a)(18) in the 2023 final rule requires covered financial institutions to seek information from applicants about their women-owned, minority-owned, and LGBTQI+-owned business status and § 1002.107(a)(19) requires covered financial institutions to seek information from applicants about the ethnicity, race, and sex of the principal owners of the applicant business. Those provisions and associated commentary also include discussions of the statutorily provided right of an applicant to refuse to provide this information.^[68] The Bureau proposed to revise the applicant right to refuse provisions in § 1002.107(a)(18) and (19), as well as the related commentary, to emphasize the statutory right to refuse. In addition, the Bureau proposed corresponding changes to the sample demographic data collection form in appendix E.

Comments Received

The Bureau received several comments regarding its proposal to emphasize the statutory right to refuse to provide demographic information in § 1002.107(a)(18) and (19) as illustrated on the sample form in appendix E. Several trade associations offered comment in support of emphasizing the right to refuse. One trade association recommended that the language proposed in appendix E be moved from the commentary to the regulation itself in order to make applicants' right to refuse clearer. This trade association also commented that the revised language on the sample form in appendix E should be made more prominent to better inform applicants of both the financial institutions' compliance obligation and the applicants' right to refuse. Another trade association stated that the right to opt out of providing demographic data and the reporting respects statutory intent and would strengthen borrower trust. One trade association commented that small business applicants' right to privacy would be well supported with an emphasis on the right to refuse. Another trade association expressed concern that emphasizing the right to refuse creates a pathway to reduced data collection, due to increased refusal rates, which will ultimately reduce both the quantity and usefulness of the demographic data collection.

Several trade associations and a bank commented on the length and content of the sample demographic data collection form contained in appendix E. One trade association noted that longer applications increase application drop offs, and that each additional question adds to the loan application drop off rate. This commenter noted that page 2 of the sample form in appendix E included three questions but 34 possible answers for each small business applicant. The commenter suggested that allowing lenders to, at a minimum, collapse the disaggregated subcategories unless the category is selected, would mitigate applicant drop off rates. Another trade association commented that the sample form should make it clear to small business applicants that they may refuse to provide demographic data. Finally, at least one lender commented that the sample data collection form should include the ability to note or otherwise record that the small business applicant declined to provide race, ethnicity, and other demographic data.

Final Rule

The Bureau is revising the applicant right to refuse provisions in § 1002.107(a)(18) and (19), as well as the related commentary, as discussed in further detail below. In addition, the Bureau is making corresponding changes to the sample demographic data collection form in appendix E. The regulatory text of § 1002.107(a)(18) and (19) provides that covered financial institutions must inform applicants that the financial institution cannot discriminate against the applicant based on the demographic information provided pursuant to the rule or on whether the applicant invokes the right to refuse to provide the information. Existing comments 107(a)(18)-1 and 107(a)(19)-1 state that a financial institution must permit an applicant to refuse ( i.e., decline) to answer the financial institution's inquiries regarding business status and ethnicity, race, and sex, and must inform the applicant that it is not required to provide the information. The Bureau is adding the requirement to inform applicants of their right to refuse to the regulatory text of § 1002.107(a)(18) and (19), for clarity.

In addition, in this final rule, the Bureau has made several other revisions to commentary to further clarify the financial institutions' obligations to permit applicants to decline to answer inquiries regarding business status, and principal owners' ethnicity, race, and sex.

Comments 107(a)(18)-8 and 107(a)(19)-8 previously required financial institutions to report an applicant's substantive response to an inquiry requesting business status or principal owners' ethnicity, race, and sex in the event of a conflict in which the applicant selected also an option such as “none apply” or “I do not wish to respond.” The Bureau now believes that these comments did not give sufficient weight to the applicant's explicit choice of an option to decline to provide such demographic information. As a result, the Bureau now revises comments 107(a)(18)-8 and 107(a)(19)-8 to require a financial institution to report that an applicant declined to provide this information in the event of a conflict in which the applicant provides demographic information but also selects the option indicating that it declines to provide such information. The Bureau believes that this change will ease burden and decrease confusion.

Existing comments 107(a)(19)-13, 14, and 15 are amended to emphasize an applicant's right to decline to provide the ethnicity, race, and sex, respectively, of a principal owner when information about the ethnicity, race, and sex categories is provided.

Similarly, to emphasize the right to decline to provide demographic information, comment 107(a)(19)-16, concerning the financial institution's oral request for the ethnicity, race, and sex information of the principal owner(s), is amended. Previously, comment 107(a)(19)-16 required financial institutions collecting information on principal owners' ethnicity, race, and sex orally, such as by telephone, to present aggregate race and ethnicity categories before presenting the application the option to decline to provide this information. The Bureau now revises comment 107(a)(19)-16 to state that that the financial institution must present the applicant's right to decline to provide such information before listing the aggregate ethnicity, race, and sex categories that may be selected. The Bureau believes this revision is more consistent with an applicant's the statutory right to decline to provide such information because if ethnicity, race, or sex information is presented first, an applicant might answer such inquiries before becoming aware of the right to decline to provide such information.

Collectively, these changes clarify the financial institution's communication and reporting obligations related to the applicant's statutory right to refuse in response to inquiries concerning certain demographic information. The Bureau is also making changes to the sample form in appendix E to further emphasize the ( printed page 23568) right to refuse. The principal owners' statutory right to refuse to provide demographic information is prominently displayed. The principal owner's sex is collected via a binary optionality through which male or female can be selected. All inquiries related to small business applicants' LGBTQI+ status have been removed. Disaggregated race and ethnicity categories have also been removed. For each of these demographic characteristics (sex, race, and ethnicity) as well as the two remaining business ownership status questions, the applicant may decline to provide the requested information for any of the categories or all the categories.

The Bureau notes in response to comments concerned with the length of the proposed sample form in appendix E that the final sample form now reflects revisions adopted in this final rule that would eliminate disaggregated data. As a result, the revised form is much shorter, which should reduce application drop offs, and no longer includes 34 possible answers for each principal owner of a small business applicant. Regarding the comment that the sample form should make clear to applicants that they may refuse to provide demographic data, the Bureau notes that its revisions further emphasize the right to refuse. Finally, in the response to the comment that the sample data collection form should record that an applicant declined to answer questions requesting demographic data, the Bureau notes that it does.

107(c) Time and Manner of Collection; Anti-Discouragement and Related Provisions

Proposed Rule

In the 2023 final rule, the Bureau explained that it was adopting the provisions in § 1002.107(c) in an attempt to provide a balance between allowing institutions flexibility in how they collect data and ensuring that institutions do not discourage or otherwise interfere with applicants' providing their data. Existing § 1002.107(c) requires a covered financial institution to (1) not discourage an applicant from responding to requests for applicant-provided data under final § 1002.107(a) and to otherwise maintain procedures to collect such data at a time and in a manner that are reasonably designed to obtain a response; (2) identify certain minimum components when collecting data directly from the applicant that must be included within a financial institution's procedures to ensure they are reasonably designed to obtain a response; and (3) maintain procedures to identify and respond to indicia that it may be discouraging applicants from responding to requests for applicant-provided data, including low response rates for applicant-provided data. It also provides that low response rates for applicant-provided data may indicate that a financial institution is discouraging applicants from responding to requests for applicant-provided data or otherwise failing to maintain procedures to collect applicant-provided data that are reasonably designed to obtain a response.

The Bureau proposed to remove references to discouragement in § 1002.107(c)(1) and (c)(2)(iii), as well as related commentary. It also proposed to remove § 1002.107(c)(3) and (4) and related commentary; these provisions detail requirements to monitor for indicia of discouragement, such as low response rates from applicants, and explicitly provide that low response rates may be indicia of discouragement. Further, the Bureau proposed to revise commentary to § 1002.107(c)(2) which under the 2023 final rule established specific restrictions on the time and manner of data collection that are similar to the anti-discouragement provisions.

Comments Received

The Bureau received comments regarding the proposed changes to the time and manner of collection provisions in § 1002.107(c) from a range of industry participants—including banks, credit unions, fintech lenders, and national and State trade associations—as well as from community groups.

Several industry trade associations and banks supported the proposal to remove the anti-discouragement provisions. Many of these commenters argued that these provisions are unnecessary and redundant, noting that Regulation B already imposes an affirmative obligation to collect data and maintain procedures reasonably designed to obtain responses. Two trade associations stated that the Bureau had assumed without evidence that lenders would not comply.

Regarding the specific monitoring requirements, several trade associations conveyed their belief that low response rates are not necessarily an indicator of discouragement. One commenter stated that removal of the low response rate provisions is necessary to ensure borrowers a meaningful right to opt out of providing data. Additionally, two commenters stated that the Bureau's supervision and enforcement functions, rather than prescriptive rules, are the appropriate mechanisms to handle non-compliance.

A number of trade associations and banks stated that the monitoring requirements in the 2023 final rule were burdensome and subjective, with several of these noting that section 1071 does not contain such specific requirements. One bank explained that peer response rate comparisons are potentially misleading because lenders operate in diverse markets and with varied operational practices. That commenter further noted that the burden of compliance with the existing provisions generally outweighs any benefit.

Industry commenters generally supported the proposal to convert specific time and manner requirements into non-binding guidance, with one trade association arguing that this shift offers a more flexible, less burdensome framework while preserving the statute's core purposes. Another trade association noted that small business lending is not “one size fits all,” and asserted that increased flexibility allows lenders to collect information in a manner best suited to their specific procedures and most likely to yield a borrower response.

Some industry commenters requested additional clarity and modifications. Two trade associations requested standardized scripts, confirmation that a lender is only required to ask for data once per application, and confirmation that non-responses are not evidence of discouragement. Additionally, as discussed further in the section-by-section analysis of § 1002.104(b) regarding other requests for exclusions, several commenters highlighted the practical difficulties of collecting data in indirect lending scenarios where the financial institution lacks a direct relationship with the applicant. To address this, these commenters requested product exemptions or greater flexibility in the timing of data collection. One fintech lender requested explicit permission to seek data after a declination, noting that automated underwriting, where credit is referred by a broker, may result in an instant decline before the borrower has interacted with the lender to provide demographic data. The commenter also requested explicit permission for third-party brokers to collect data.

Conversely, several community groups opposed the removal of the anti-discouragement provisions. One coalition of community groups argued that allowing discouragement of data collection frustrates congressional ( printed page 23569) intent. It pointed to the implementation of the data collection required by HMDA as evidence that lenders can successfully request demographic data without adverse market effects, noting that applicants are generally willing to share such data. It further criticized the Bureau for accepting industry claims of implementation difficulty without sufficient scrutiny, as well as for omitting the substance of that industry feedback from the 2025 proposed rule.

Regarding the specific monitoring provisions, one community group noted that while low response rates may not definitively indicate discouragement, they could still helpfully reflect a need for improved collection processes or language. This commenter also disputed the Bureau's claim that the provisions were redundant, arguing that the anti-discouragement provisions are distinct from the enforcement provisions of § 1002.112, which it stated address data errors rather than response rates. Additionally, a coalition of community groups urged the Bureau to require lenders to use visual observation and surname review to identify race and ethnicity when applicants decline to provide it, arguing this is necessary to ensure data integrity has not been compromised by improper lender discouragement.

Final Rule

For the reasons set forth below, the Bureau is finalizing the revisions to § 1002.107(c) and its associated commentary largely as proposed, with a modification to the text of § 1002.107(c)(2)(i) and the commentary accompanying § 1002.107(c)(2). The Bureau is removing references to discouragement in § 1002.107(c)(1) and (c)(2)(iii) and associated commentary, deleting the monitoring requirements in § 1002.107(c)(3) and (4) and associated commentary, and revising the text of § 1002.107(c)(2)(i) to adopt a flexible standard while revising the commentary to § 1002.107(c)(2) to provide additional flexibility for certain “time and manner” requirements.

With respect to comments from community groups arguing that removing these provisions will frustrate congressional intent or signal that discouragement is permissible, the Bureau emphasizes that removing these provisions is an effort to enforce the statutory obligation to permit applicants to opt out of the collection of sensitive demographic information, and that the statutory requirement to collect data remains in full effect. Section 1071, as implemented in Regulation B, already creates a binding obligation for covered financial institutions to request applicant-provided data. Further, § 1002.107(c) continues to require covered entities to maintain procedures to collect this data and to do so at a time and in a manner reasonably designed to obtain a response. The Bureau believes that this affirmative obligation is sufficient to ensure compliance. Contrary to comments suggesting that administrative and civil enforcement under § 1002.112 is limited to data errors, the plain text of the provision, on its face, covers the entirety of subpart B and section 1071 itself; as such, it could be used to address violations such as a failure to maintain proper procedures or to train employees in those procedures.

In finalizing these amendments, however, the Bureau agrees with industry commenters that the specific anti-discouragement and monitoring provisions in the 2023 final rule are redundant and add unnecessary regulatory complexity. The Bureau concludes that the prescriptive monitoring requirements and rigid time and manner restrictions in the 2023 final rule created redundant layers of compliance. Rather than simply relying on the indisputable obligation to request applicant-provided data, these specific provisions required financial institutions to perform subjective peer comparisons and adhere to inflexible timing requirements, adding significant operational complexity without a commensurate benefit to data integrity. The Bureau concludes that the prescriptive monitoring provisions in the 2023 final rule were based on anticipatory concerns of evasion not supported by evidence, including evidence from the implementation of HMDA or other similar data collection regimes. Furthermore, the Bureau determines that relying on general supervision and enforcement authority under § 1002.112 is a more efficient mechanism for addressing potential non-compliance than the rigid rule-based regime originally adopted. The Bureau also declines to adopt the industry requests for standardized safe-harbor scripts. Standardized scripts could reimpose the regulatory rigidity this final rule seeks to eliminate.

The Bureau disagrees with comments that it failed to scrutinize industry claims of burden or that the rationale and evidence set out in the 2025 proposed rule was insufficient. The Bureau's decision to reconsider these provisions was prompted by E.O.s 14192 and 14219, which mandate the identification of regulatory efficiencies. In the context of these E.O.s, the Bureau further relied on its own analysis of the assertions at issue, i.e., that the anti-discouragement and monitoring provisions were redundant, not supported by empirical evidence of non-compliance in the 2023 final rule, created subjective compliance standards, and posed First Amendment risks. Existing § 1002.107(c)(1) and (c)(2)(iii), along with the commentary accompanying § 1002.107(c)(2)(iii), appeared to restrict companies from sharing non-misleading opinions criticizing the rule's requirements with their customers. The Bureau now believes that such restrictions raise significant First Amendment concerns, justifying the changes to those provisions implemented in this rule.

While the 2025 proposed rule referenced feedback from stakeholders regarding implementation difficulties, that feedback served only to provide further impetus for reconsidering the provisions in the 2023 final rule. Furthermore, as with any proposed rule, through issuing the 2025 proposed rule the Bureau solicited public input to further develop the record, and it has now comprehensively considered and analyzed these public comments.

Further, the Bureau disagrees that the successful implementation of HMDA demonstrates that the requirements in the 2023 final rule would have no adverse market effects or that applicants are invariably willing to provide the requested data. Data collection under Regulation C is now well-established after several decades, and successful compliance in the mortgage context today may not be indicative of whether the prescriptive provisions here strike the right balance of burden versus benefit for small business lending at the onset of a data collection regime.

The Bureau also disagrees that the monitoring requirements should be retained because response rate data may help improve lender data collection processes. While the Bureau acknowledges that response rates may be informative for lenders' own internal analysis, lenders could voluntarily choose to track response rate data on their own. Mandating the monitoring of response rates, however, creates a regulatory burden and a presumption of non-compliance that the Bureau believes is not justified. Low response rates may not necessarily be a sign of discouragement, as applicants might overlook the request or otherwise ignore the data collection form for various reasons, including privacy preferences. The Bureau concludes, therefore, that penalizing lenders or mandating strict peer comparisons based on response rates could lead to misleading conclusions and unjustified burden. Consistent with this conclusion, the Bureau confirms that the bare fact that ( printed page 23570) an application does not include applicant-provided data does not, standing alone, constitute evidence of discouragement.

The Bureau declines to adopt the suggestion by community groups to require the use of visual observation and surname review when applicants decline to provide demographic data, including for the reasons set out in the 2023 final rule.^[69] The Bureau did not solicit comment on this point. As it explained in that rule, the Bureau believes that visual observation and surname analysis, while perhaps suited to the HMDA context, may not be appropriate for small businesses where the persons interacting with the financial institution may not be the actual owners of the business. Further, such a requirement would introduce significant operational complexity and burden at the start of the data collection regime, contrary to the goals of this rulemaking. Finally, the Bureau believes that respecting an applicant's choice not to provide demographic data is consistent with the section 1071 statutory scheme, which expressly provides applicants with a right to refuse to provide this information.

Regarding commenters' request for explicit permission to collect data after notifying the applicant of a credit decision, the Bureau is modifying the text of § 1002.107(c)(2)(i) and the commentary accompanying § 1002.107(c)(2). The Bureau agrees with commenters that in certain instances, where an application is forwarded by an intermediary, the reporting financial institution may have no direct contact with the applicant until after notifying the applicant of the credit decision. Requiring data collection from an applicant by the reporting financial institution prior to notification in these specific instances may be impractical. To address this, the Bureau is finalizing § 1002.107(c)(2)(i) to provide that data be collected at a time “reasonably designed to obtain a response,” rather than deleting the provision as proposed. This revision creates a flexible regulatory standard that permits financial institutions to collect data in a manner consistent with their operations. Accordingly, revised comment 107(c)(2)-2.i. clarifies that while the general expectation remains that financial institutions should attempt to collect data prior to notification of the credit decision, a procedure can still be reasonably designed to obtain a response if the reporting institution requests the data after notification in instances where it had no prior direct interaction with the applicant. With this modification, the “time and manner” provisions of the 2023 final rule have been revised to provide the flexibility many commenters are seeking. The Bureau concludes that financial institutions are best positioned to determine the optimal phrasing and timing to maximize responses within their specific operational flows.

Finally, regarding the request for explicit permission for third-party brokers to collect data, the Bureau notes that existing § 1002.107(b) already explicitly permits financial institutions to rely on information from the applicant or appropriate third-party sources when compiling data. Additionally, existing § 1002.5, comment 1002.5(a)(2)-3, contemplates that third parties such as loan brokers may collect required sensitive data on behalf of creditors. The Bureau believes that this existing provision, combined with the revisions finalized in this final rule—specifically the removal of prescriptive monitoring requirements—provides sufficient flexibility for financial institutions to establish third-party collection procedures, without the need for additional regulatory text.

H. Section 1002.114—Effective Date, Compliance Date, and Special Transitional Rules

114(b) Compliance Date

Proposed Rule

The compliance dates for covered financial institutions, as most recently amended by the 2025 compliance dates final rule, are set forth in existing § 1002.114(b). That section looks to a financial institution's volume of covered credit transactions for small businesses to determine which of three compliance dates (July 1, 2026, January 1, 2027, and October 1, 2027) are applicable to a financial institution.

The Bureau proposed to amend § 1002.114(b) to eliminate the system of tiered compliance dates in favor of creating a single compliance date. Mirroring the change to the rule's origination threshold set forth in proposed § 1002.105(b), proposed § 1002.114(b) would have required that all covered financial institutions that originated at least 1,000 covered credit transactions for small businesses in each of calendar years 2026 and 2027 begin to comply with the rule starting on January 1, 2028. The Bureau proposed to make corresponding updates throughout the commentary accompanying § 1002.114(b) and (c) to provide additional guidance and examples regarding the compliance date.

Comments Received

The Bureau received numerous comments on the proposed single compliance date, primarily from banks, lenders, trade associations, and an independent office of a Federal agency. Commenters generally supported a single compliance date, with some recommending that the Bureau make additional adjustments. In support, some commenters stated that the proposal would provide clarity and certainty, and would thus promote efficiency. Other commenters stated that it would minimize disruption and ensure that credit markets remain stable and accessible. A coalition of trade associations noted that the proposed single compliance date would avoid mid-year implementation, averring that that mid-year implementation is disruptive and that partial year data is generally not useful. A small business trade association stated that a single compliance date created more fairness among institutions and would avoid patchwork compliance.

Many supporters commented that the single compliance date as proposed would provide the time needed for lenders to come into compliance, especially given the need to adjust systems for compliance with any other additional changes to the 2023 final rule. Several of these stated that loan processors and third-party vendors need significant time to prepare for compliance. A trade association stated that the proposed inclusion of an option for voluntary early data collection would provide flexibility for institutions seeking to validate systems and refine workflows ahead of the mandatory deadline.

Several lenders and a trade association supported the single compliance date but stated that the proposed timeline would be sufficient so long as the rule is finalized in the first quarter of 2026. Several other commenters supported a single compliance date but urged the Bureau to set the date later than proposed. These commenters stated that a later date is needed because, among other things, collection of such data in this sector is novel and complex and will require significant effort on the part of lenders, working with third-party vendors, to develop and implement new procedures. Two bank trade associations also expressed concern that lenders would not have clarity about the rule's coverage and requirements until the rule is finalized, and possibly not until further clarifications are provided the Bureau. Compliance dates suggested by commenters include 24 months after ( printed page 23571) publication of a final rule, 30 months after publication, and January 1, 2030. A few commenters recommended a compliance date of January 1, 2029 or three years after the final rule is issued.

In a similar vein, several supporters of a single compliance date stated that there was not enough time between the end of the proposed period for determining coverage and the proposed compliance date. A few of these commenters expressed concerns that some lenders may have to prepare for compliance before they know whether they are covered and thus may have to estimate data, which could introduce uncertainty and inaccuracies.

Several of these commenters, including a coalition of trade associations, recommended that the Bureau finalize a two-year look-back period of 2025 and 2026 (rather than 2026 and 2027) to address their concerns. Two bank trade associations recommended that lenders be permitted to choose between using originations from 2025 and 2026, or from 2026 and 2027, to determine whether compliance by January 1, 2028 is required. Three bank trade associations suggested that compliance be required 12 months after meeting the coverage thresholds; one bank suggested 36 months after meeting the thresholds.

Several commenters recommended that, to provide compliance certainty as soon as possible, the Bureau should finalize the proposed compliance date before finalizing any other amendments to the 2023 final rule. A small number of commenters urged the Bureau to provide clear compliance guidance ( e.g., technical specifications, filing instructions, and data-validation standards) well in advance of the compliance date. A credit union trade association recommended that the Bureau provide specific guidance addressing credit union operations.

A bank trade association suggested that the Bureau adopt the proposed 2028 compliance date for large and midsize institutions, who have staff and expertise to implement rules more quickly, and a 2029 compliance date for smaller financial institutions and those that have proven to be successful and trusted small business lenders. A community bank suggested that if covered entities are not provided at least 30 months for implementation, then the Bureau should provide staggered deadlines for smaller institutions.

The Bureau received two comments opposing any further delay of the compliance date. A community group expressed concern that a delay to January 1, 2028, would create gaps in valuable data that would otherwise be recorded and available to the public. Another community group asserted that the proposed compliance date would constitute an unlawful withholding and unreasonable delay, and that compliance with the rule should have started in mid-2025.

Final Rule

The Bureau is finalizing § 1002.114(b) substantially as proposed. Accordingly, § 1002.114(b) is amended to eliminate the system of tiered compliance dates established in the 2023 final rule and to require instead that all covered financial institutions that originate at least 1,000 covered credit transactions for small businesses in each of calendar years 2026 and 2027 begin to comply with the rule starting on January 1, 2028. In response to certain commenters' concerns, the Bureau also is adopting a new special transitional rule, in § 1002.114(c)(3), that permits, but does not require, financial institutions to use the calendar years 2025 and 2026, instead of 2026 and 2027, for purposes of determining whether they must comply with the rule beginning January 1, 2028. The Bureau also is finalizing corresponding updates to the commentary for § 1002.114(b) and (c), providing additional guidance and examples regarding the compliance date and application of the two look-back periods.

The Bureau determines that the extension of the single compliance date to January 1, 2028, is appropriate for several independent reasons. As discussed in the 2025 proposed rule, covered financial institutions that would reasonably expect to be above the new 1,000-loan origination threshold will need additional time to adjust their compliance systems to the changes to Regulation B, subpart B made by this final rule. The revisions not only reduce certain reporting requirements, such as the elimination of many of the discretionary data points, but also change existing requirements concerning statutorily required demographic data points, consistent with the Defending Women E.O. Such revisions to the rule will require financial institutions that have already prepared to comply with the 2023 final rule to change forms, customer interfaces, or other compliance software or regulatory processes.

Further time will also be necessary for some institutions to determine whether they are covered at all under the rule, given the modification of the threshold for covered financial institutions from 100 to 1,000 originations, as well as other changes that will result in fewer transactions being counted toward the 1,000 origination threshold, such as the additional exclusions from the definition of covered credit transaction in revised § 1002.104(b), and the change to the definition of small business in revised § 1002.106.

In making this determination, the Bureau notes that many industry commenters expressed support for extending the single compliance date as proposed and stated that the January 1, 2028 deadline would give them the time they need to comply. The Bureau acknowledges that some commenters recommended that the Bureau finalize a date later than proposed, citing the novelty and complexity of collecting the data and the need to work with third parties as reasons for the Bureau to provide them more time. As discussed above, other commenters expressed concern that there was insufficient time between the end of the proposed period for determining coverage and the proposed compliance date, and suggested that the Bureau finalize a date later than proposed, finalize a 2025 and 2026 look-back period instead, or provide the option of using a 2025 and 2026 look-back period.

The Bureau declines to adopt a compliance date later than January 1, 2028. The Bureau believes that the marginal benefits of adopting a later compliance date do not warrant further delaying the rule's reporting requirements. However, the Bureau is adopting an additional special transitional rule, in § 1002.104(c)(3) that, as discussed below, will permit, but not require, financial institutions to use 2025 and 2026, instead of 2026 and 2027, as the look-back period for purposes of determining whether they are initially covered by the rule. As such, it will afford financial institutions, especially smaller ones, greater flexibility and certainty in determining whether they are covered in advance of the January 1, 2028 compliance date.

The Bureau also determines it appropriate to adopt a single compliance date, to begin on January 1, 2028, for all covered financial institutions. The need for a tiered compliance structure is diminished by the length of time that has passed since the adoption of the 2023 final rule as well as the coverage of fewer lenders as a result of amendments to §§ 1002.104(b), 1002.105(b), and 1002.106(b). Moreover, as noted in the 2025 proposed rule, the Bureau acknowledges feedback from lenders regarding difficulties commencing compliance with the rule mid-year, which is resolved by setting a single compliance date on January 1. ( printed page 23572)

Finally, the Bureau determines that its new single compliance date resolves lingering concerns arising from previous compliance date extensions. As the Bureau explained in its 2025 compliance date interim final rule and 2025 compliance date final rule, those rules were necessary to avoid a situation in which only a subset of covered financial institutions were obligated to come into compliance with the 2023 final rule. Many of these institutions will, under revised § 1002.105(b), have had too low a volume of loan originations to be covered financial institutions under this final rule. If covered financial institutions were not given additional time to comply with the changes contained in this final rule, the Bureau is concerned that credit access and data quality might be affected in a manner that would not have advanced the purposes of the statute.

The Bureau declines to finalize the new single compliance date before any other revisions to the 2023 final rule, as some commenters suggested. The Bureau concludes that finalizing all revisions at once provides greater compliance certainty and efficiency to covered financial institutions than would adopting yet another compliance date in the interim. The Bureau also declines to adopt different or staggered compliance dates for larger and smaller institutions, as some commenters suggested. The Bureau believes that between the revisions to § 1002.105(b) that focus on core lenders at the onset of data collection, and the substantial steps the Bureau understands many larger-volume lenders have taken already to comply with the rule, the reasoning underlying a system of tiered compliance dates is moot. The Bureau concludes that adopting a staggered or tiered framework would risk re-creating many of the problems that the single compliance date is designed to resolve. Additionally, for the reasons set forth above, the Bureau declines to adopt an earlier compliance date than January 1, 2028, as two commenters suggested; covered financial institutions need, at a minimum, additional time to comply with the new requirements in this final rule.

Finally, as recommended by some commenters, the Bureau expects to issue compliance materials, updated to reflect the changes made by this final rule, in advance of the compliance date.

114(c) Special Transition Rules

Proposed Rule

In the 2023 final rule, financial institutions were instructed to determine their compliance tier based on their originations in 2022 and 2023. Subsequent changes to the rule added the alternative look-back periods of 2023 and 2024, or 2024 and 2025, that financial institutions could choose to use instead of 2022 and 2023. These alternatives were set out in § 1002.114(c)(3) and related commentary.

The Bureau proposed revising § 1002.114(c)(3) and related commentary to require a financial institution to count its originations of covered credit transactions in each of calendar years 2026 and 2027 to determine whether it must comply with the rule by the proposed compliance date of January 1, 2028. The Bureau believed that this proposed change would simplify § 1002.114(c) and better align it with the proposed revisions to § 1002.114(b).

Comments Received

As discussed above, in response to the proposed single compliance date of January 1, 2028, several industry commenters expressed concern that some financial institutions would need more time between the proposed look-back period of 2026 and 2027 and the proposed compliance date to determine whether they are covered by the rule. Some of these commenters suggested that the Bureau adopt a later compliance date. Others suggested the Bureau use 2025 and 2026 as the look-back period instead of 2026 and 2027. Yet others suggested that the Bureau provide financial institutions the option of using 2025 and 2026 as the look-back period, as well as 2026 and 2027.

Final Rule

The Bureau is adopting revised § 1002.114(c) as proposed with the addition of a new special transitional rule, in § 1002.114(c)(3), to address the concerns of some industry commenters. Under this provision, for purposes of determining whether a financial institution is a covered financial institution under revised § 1002.105(b) as of January 1, 2028, a financial institution is permitted, but not required, to use its originations of covered credit transactions for small businesses in the calendar years 2025 and 2026 (rather than its originations in calendar years 2026 and 2027).

Accordingly, financial institutions have the option of using the period of 2025 and 2026 instead of 2026 and 2027 for purposes of determining whether they must comply with the rule beginning January 1, 2028. The Bureau determines that this provision will provide greater clarity and certainty to financial institutions as to whether they would be covered financial institutions as of the initial compliance date. This may be particularly important for those financial institutions that originate a volume of covered credit transactions close to the 1,000-loan threshold under revised § 1002.105(b). The Bureau also determines that this provision is necessary to carry out, enforce, and compile data pursuant to section 1071.

In addition, the Bureau concludes that the range of options provided by the last iteration of § 1002.114(c), as set out in the 2025 compliance date final rule, intended to provide flexibility to potentially covered lenders, is no longer appropriate for a single compliance date with a single origination threshold. Further, revised § 1002.114(c) uses calendar years closer to the new compliance date and is a fairer time period to count originations. The January 1, 2028 compliance date in revised § 1002.114(b) is nearly five years removed from some of the two-year look-back periods used to determine when a covered financial institution must begin to collect data that had been set forth in § 1002.114(c). If a financial institution using the 2026 and 2027 look-back period would exceed 1,000 loan originations in each of 2022 and 2023, but fell below the 1,000 origination threshold in either 2026 or 2027, it would not be a covered financial institution for 2028. The Bureau thus finds that referring to the number of originations during calendar years 2026 and 2027 (or 2025 and 2026, if lenders prefer to use their originations in those years) is more appropriate and relevant to determining whether a financial institution must comply with the rule starting in January 2028.

I. Other Comments Received

The Bureau received comments on other aspects of the 2023 final rule that it had not proposed revising in the 2025 proposed rule.

Section 1002.102—Principal Owner

Existing section 1002.102(o) defines principal owner as an individual who directly owns 25 percent or more of the equity interests of a business. The 2023 final rule stated that the definition is, in part, consistent with the beneficial ownership requirements in FinCEN's customer due diligence rule.^[70] Specifically, a natural person would be a principal owner if the natural person directly owns 25 percent or more of the equity interests of the business. Further, as noted in proposed comment 102(o)- ( printed page 23573) 1, a natural person would need to directly own an equity share of 25 percent or more in the business in order to be a principal owner.

One lender called for the Bureau to adopt FinCEN's definition of beneficial owner in lieu of the definition of principal owner listed in the NPRM, as financial institutions already collect beneficial owner information and are familiar with the requirements under the Know Your Customer regulations.

The Bureau declines to revise the definition of principal owner. The definition of principal owner already borrows substantially from FinCEN's customer due diligence rule, which has been in place since 2016.^[71]

Section 1002.108—Firewall

Proposed Rule

The 2023 final rule implemented the statutory “firewall” provision of 15 U.S.C. 1691c-2(d) in § 1002.108. This provision generally prohibits underwriters and other employees involved in making a determination concerning a covered credit application from accessing an applicant's demographic information collected under section 1071. However, the rule includes an exception permitting access if a financial institution determines that limiting access is not feasible. Under the rule, it is not feasible to limit access if the institution determines that an employee or officer “should have access” to the information to perform their assigned job duties, provided the institution issues a specific notice to the applicant.

The 2025 proposed rule did not contain any proposed substantive amendments to the firewall provision in § 1002.108, nor did it solicit comment on this requirement.

Comments Received

Although the Bureau did not propose altering the existing firewall provision in § 1002.108, a number of industry commenters, including several banks and a trade association representing community banks, expressed general opposition to the requirement. These commenters argued that the firewall imposes an unnecessary regulatory burden, does not reflect the realities of small business lending, and does not further the statute's fair lending enforcement objectives. Two banks asserted that the firewall risks disrupting established workflows, slowing communication and decision-making, introducing inefficiencies, and increasing compliance costs, which could ultimately reduce access to credit.

Many of these commenters emphasized that compliance with the firewall provision is highly difficult or impossible for small institutions and community banks. Several banks noted that employees at small banks often perform multiple functions, with commercial lending staff frequently taking applications, serving as underwriters, making credit decisions, and acting as the applicant's primary point of contact. Consequently, these commenters argued that fully segregating demographic information is not feasible without substantial staffing increases, costly system changes, and significant role restructuring.

Furthermore, a trade association and two other commenters argued that the provision interferes with the relationship-based banking model. They noted that, unlike high-volume lending, small business transactions demand individualized credit analysis, close collaboration between origination and underwriting teams, and high-contact engagement. One commenter pointed out that segregation could be counterproductive because most business loan applications are processed by commercial loan officers who personally know the applicant and participate in credit committees. Another trade association asserted that while large institutions with automated systems and a broad division of labor might be able to implement firewalls, the requirement is impossible to reconcile with the community bank model.

Commenters also raised significant concerns regarding the existing feasibility exemption and its accompanying notice requirement. Several banks argued that providing notice to the applicant that underwriters may have access to demographic data places smaller lenders at a competitive disadvantage compared to larger institutions and fintechs that can comply with the firewall and avoid providing the notice. Multiple commenters expressed concern that the required notice will raise unnecessary questions, doubts, or mistrust in the applicant's mind regarding the impartiality of the credit decision. A trade association characterized the disclosure as having no practical value, serving only to “paper the file,” and damaging the close and beneficial relationships between community banks and their borrowers.

Commenters requested various modifications to the existing rule to address these concerns. Several banks urged the Bureau to eliminate the firewall provision entirely, with one bank arguing that elimination would preserve the integrity of the data collection process without creating competitive disparities, operational burdens, or undermining borrower confidence. Other banks requested that the Bureau rely entirely on an applicant disclosure or notice provision instead of requiring a firewall. One commenter noted that the HMDA does not impose a firewall requirement and alternatively relies on applicant disclosures to adequately protect borrowers. A different commenter added that reverting to a single applicant disclosure requirement would maintain transparency while reducing the significant operational burdens of costly system redesigns, complex access controls, and additional compliance monitoring.

Finally, some commenters requested specific exemptions or thresholds to alleviate the burden. One bank suggested limiting the application of the firewall requirement to only the largest institutions. A trade association requested that community banks be exempted entirely from what it characterized as an unworkable disclosure and notice requirement. Another trade association suggested addressing the firewall burden by either increasing the activity-based loan threshold exemption or adopting a general rule exemption for banks under $10 billion in assets.

Final Rule

The Bureau declines to adopt the commenters' suggested modifications to the firewall provision. Because the Bureau did not propose changes to this provision in the NPRM, and because the existing framework appropriately implements the statutory mandates of section 1071 while providing significant operational flexibility, the Bureau is retaining the firewall requirements in § 1002.108 without modification.

The Bureau declines requests to eliminate the firewall provision entirely or to replace it with a HMDA-style applicant disclosure. The firewall is an explicit statutory requirement under 15 U.S.C. 1691c-2(d). Congress, which would have been aware of the HMDA data collection regime and its lack of a firewall at the time section 1071 was enacted, specifically mandated that financial institutions limit certain employees' and officers' access to the demographic information collected under this statute. Therefore, eliminating the firewall requirement entirely, or relying solely on a single disclosure requirement for all institutions regardless of feasibility, ( printed page 23574) would conflict with the clear intent of the statute. The Bureau does not believe that eliminating the firewall is necessary or appropriate to carry out section 1071's purposes.

The Bureau disagrees with commenters' assertions that the firewall provision fails to reflect the realities of small business lending, requires costly system redesigns and staffing increases, or fundamentally interferes with the relationship-based banking model of community banks. The Bureau believes these concerns are largely resolved by the substantial flexibility already built into the rule's feasibility exception. Under § 1002.108(c) and its associated commentary, a financial institution is not required to maintain a firewall for an employee or officer if it determines that the individual “should have access” to the information to perform their assigned job duties.^[72] The commentary explicitly clarifies that a financial institution is not required to hire additional staff, upgrade its systems, change its lending or operational processes, or revise its policies or procedures for the sole purpose of maintaining a firewall.^[73] Consequently, for small institutions where employees “wear multiple hats,” the institution may simply determine that those employees should have access to the data and rely on the exception. This flexibility ensures that established workflows, close collaboration between origination and underwriting teams, and individualized credit analyses are not disrupted.

The Bureau also declines to exempt community banks from the notice requirement when utilizing the feasibility exception, as providing this notice is a statutory condition of the exception under 15 U.S.C. 1691c-2(d)(2). The Bureau disagrees with the characterization that the disclosure has no practical value or merely serves to “paper the file.” Congress explicitly provided applicants with the right to refuse to provide the requested demographic information. The required notice serves the practical purpose of informing applicants that individuals involved in making their credit decision may see their demographic data, allowing the applicant to make an informed choice about whether to exercise their statutory right to refuse.

Regarding concerns that the notice will place smaller lenders at a competitive disadvantage or raise mistrust and doubts regarding the impartiality of the credit decision, the Bureau notes that the rule provides flexibility to mitigate these issues. The rule does not mandate the use of specific language. While the Bureau provides sample language in the sample data collection form at appendix E, financial institutions are free to use different language that better suits their customer relationships, provided the notice informs the applicant of the statutorily required information. The Bureau believes this flexibility will allow community banks to maintain borrower confidence while fulfilling their compliance obligations.

Finally, the Bureau declines to adopt specific exemptions from the firewall provision for institutions under $10 billion in assets, or to limit the firewall's application only to the largest institutions. Creating a separate compliance regime specifically for the firewall would add unnecessary regulatory complexity. Furthermore, the Bureau believes that the burden on smaller institutions is already appropriately addressed by the broader threshold changes adopted in this final rule. Specifically, the revised definition of a small business in § 1002.106(b), which sets the gross annual revenue threshold at $1 million rather than $5 million, combined with the increased institutional coverage threshold in § 1002.105(b) and additional product exclusions in § 1002.104(b), will naturally exclude many of the smallest institutions from the rule entirely and reduce the overall volume of reportable transactions for others. The Bureau concludes that these revisions sufficiently balance the benefits of data collection with the need to minimize industry burden, making additional, firewall-specific exemptions unwarranted.

Section 1002.113—Severability

One trade association suggested that the Bureau include a severability clause in the rule to safeguard any revisions to the existing rule to the extent possible in the event that discrete aspects of this final rule are challenged and set aside in Federal court.

The Bureau notes that the existing rule already includes a severability clause in § 1002.113, which provides that “[i]f any provision of this subpart, or any application of a provision, is stayed or determined to be invalid, the remaining provisions or applications are severable and shall continue in effect.”

The Bureau intends that the provisions of this final rule are separate and severable from one another. If any provision of this final rule or the 2023 final rule as modified by this rule, or any application of a provision, is stayed or determined to be invalid, the remaining provisions or applications are severable and shall continue to be in effect. The Bureau has designed each provision—including but not limited to the covered credit transaction exclusions articulated in § 1002.104(b), the covered financial institution exclusions in § 1002.105(b), and the small business definition in § 1002.106(b)—to operate independently so that the effect of each provision will continue regardless of whether one or another provision is not effectuated. Therefore, any of the revisions in this final rule concerning the coverage of certain products, financial institutions, applicants, or data points, or other provisions including those concerning how financial institutions should report data, compliance dates for covered financial institutions, and any other provisions are intended to be separate and severable. Moreover, aspects of these provisions are also intended to be severable, if any portion is not effectuated.

Public Disclosure of Data

In the 2023 final rule, the Bureau offered a preliminary assessment, based on comments received on the 2021 proposed rule, of how it might appropriately balance and advance privacy interests through the selective deletion or modification of data. It did not make final, binding decisions regarding specific modifications or deletions, nor did it reach conclusions regarding the procedural vehicle it would use to convey those decisions.^[74] The Bureau preliminarily determined that the Administrative Procedure Act and other laws did not require the Bureau to seek comment on the full privacy analysis or to issue modification and deletion decisions through a legislative rule with formal notice and comment.^[75] The Bureau stated that it would make decisions about both the appropriate vehicle and the substance of modifications and deletions only after receiving a full year of reported 1071 data.

The 2025 proposed rule did not include any proposed revisions and solicited no comments on its preliminary assessment, set out in the 2023 final rule, of how it might appropriately assess and advance privacy interests by means of selective deletion or modification.

Nevertheless, the Bureau received comments regarding the public release and transparency of collected data. Industry participants raised a number of privacy and re-identification concerns, ( printed page 23575) while consumer and community advocacy groups strongly supported prompt and robust public disclosure.

A wide range of industry commenters, including banks, credit unions, and trade associations, warned that publishing granular loan data creates a meaningful risk of reverse-engineering and re-identifying small businesses. Commenters emphasized that these re-identification risks are particularly severe in rural communities and niche markets where anonymity is difficult to maintain. Industry commenters argued that this loss of privacy could damage borrower trust, chill credit application rates, and expose proprietary underwriting and pricing models. Furthermore, they cautioned that publishing data without the full context of a lender's underwriting considerations could result in unfair reputational harm to financial institutions.

To mitigate these risks, industry commenters urged the Bureau to implement robust aggregation and suppression standards. Several lenders and trade associations requested that the Bureau finalize a formal privacy-balancing framework through a separate notice-and-comment rulemaking process prior to requiring institutions to submit data or publishing any data. They opposed relying on post-hoc balancing tests or undefined future judgment calls, arguing that sensitive information must be protected through formal, upfront standards. Other high-level suggestions from industry included eliminating data points not explicitly required by statute, restricting the use of the data to specific enforcement or academic purposes, and ensuring clear caveats are provided alongside any published data to prevent misinterpretation.

Conversely, community groups urged the Bureau not to delay the publication of data, describing public availability as the linchpin of section 1071 and a foundational mechanism to combat redlining and ensure a fair marketplace. Pointing to the history of HMDA, one commenter requested that data be published on the Bureau's website in a searchable, downloadable format. Other commenters emphasized that the data must be sufficiently detailed to allow the public and researchers to assess local and national trends, hold lenders accountable, and build trust within communities.

The Bureau is not making any specific modification or deletion decisions with respect to the publication of application-level data in this final rule. The Bureau acknowledges the feedback it has received from stakeholders regarding the privacy of small business applicants, the risk of re-identification, and the importance of public data availability to fulfill the statutory purposes of section 1071.

The Bureau acknowledges commenters' concerns regarding re-identification—particularly in rural and niche markets—as well as requests for a formal notice-and-comment rulemaking to establish a privacy-balancing framework. The Bureau reiterates that it needs a full year's worth of reported data to conduct the re-identification analysis necessary to determine the appropriate modifications or deletions to make to application-level data. Under the compliance date finalized in this rule, the first full year of data will be collected in 2028 and submitted to the Bureau by June 1, 2029.

The Bureau, after further consideration and in response to comments received, has determined that the appropriate vehicle to memorialize its modification and deletion decisions is a notice-and-comment rulemaking under 5 U.S.C. 553. The Bureau believes that its previous, preliminary determination that an APA rulemaking was not necessary is erroneous. In support of its previous determination, the Bureau cited 15 U.S.C. 1691c-2(e)(4), which provides that the Bureau “may, at its discretion, delete or modify data collected under this section which is or will be available to the public, if the Bureau determines that the deletion or modification of the data would advance a privacy interest.”

The Bureau believes that in the 2023 final rule it read section 1691c-2(e)(4) in isolation, ignoring the fuller statutory context of the provision. In the 2023 final rule, the Bureau appeared not to consider either 15 U.S.C. 1691c-2(f)(2)(C), under which section 1071 data shall “annually [be] made available to the public generally by the Bureau, in such form and in such manner as is determined by the Bureau, by regulation ” (emphasis added), or the provision's placement in section 1691c-2(e), which generally governs the “form and manner of information.”

The Bureau now believes that the better reading of section 1691c-2(e)(4) is in conjunction with section 1691c-2(f)(2)(C) and the whole of section 1691c-2(e). In full context, section 1071 enables the Bureau to use its discretion to make modification or deletion decisions prior to the publication of application-level data, but because those modifications expressly implicate the “form and manner of information” under 1691c-2(e), the Bureau believes such modification or deletion decisions must be announced and made by way of regulation.

Further, in light of the statutory purpose in section 1691c-2(a) to enable communities, governmental entities, and creditors to identify business and community development needs and opportunities,” the Bureau believes it requires public input on how data will be modified or deleted to ensure that that purpose is met. In light of this provision, the Bureau believes that it would be imprudent to decide what data to make publicly available without public input. As a result, even if the statute did not require the Bureau to make these determinations via a notice-and-comment rulemaking, considering and responding to public input would clearly be appropriate.

As a result, the Bureau now commits to releasing a notice of proposed rulemaking, with proposed modifications and deletion decisions for specific data points, in a timely fashion after it has received and analyzed a full year's worth of section 1071 data.

IV. Effective Date

The Bureau is adopting an effective date of 60 days after the publication of this final rule in the Federal Register consistent with the Administrative Procedure Act at 5 U.S.C. 553(d) and the Congressional Review Act at 5 U.S.C. 801(a)(3)(A).

V. Grace Period Policy Statement

In the 2023 final rule, the Bureau adopted a 12-month grace period during which the Bureau—for covered financial institutions under its supervisory and enforcement jurisdiction—would not intend to assess penalties for errors in data reporting, and would intend to conduct examinations only to diagnose compliance weaknesses, to the extent that these institutions engaged in good faith compliance efforts. The Grace Period Policy Statement set forth in the 2023 final rule explained the Bureau's reasons for adopting such a grace period along with how the Bureau intended to implement such a grace period.^[76] The Bureau updated the Grace Period Policy Statement in the 2024 interim final rule.^[77] On April 30, 2025, the Bureau announced that it would not prioritize enforcement or supervision actions with regard to entities outside the stay imposed by the Fifth Circuit in Texas Bankers Ass'n v. CFPB, discussed in part I above.^[78] The Bureau further ( printed page 23576) updated the Grace Period Policy Statement in the 2025 interim final rule,^[79] as confirmed by the 2025 compliance date final rule.^[80]

Although the Bureau did not address the grace period policy statement in the proposal, it did announce its intention to maintain the grace period for the same reasons articulated in the 2023 final rule, as amended in the 2025 interim final rule, and to coincide with the proposed compliance date, if finalized. Several industry commenters responded to this announcement. All of these commenters expressed support for a grace period, though some suggested that the Bureau provide a longer grace period or issue a more robust statement than in the past, among other things.

The Bureau is again updating its Grace Period Policy Statement to reflect the new single compliance date set forth in this final rule.^[81] The following discussion explains how the Bureau intends to exercise its supervisory and enforcement discretion for the first 12 months of data collected after the new single compliance date.

With respect to covered financial institutions subject to the Bureau's supervisory or enforcement jurisdiction that make good faith efforts to comply with this final rule, the Bureau intends to provide a grace period to reflect the new single compliance date. The Grace Period Policy Statement will apply to those covered financial institutions that must comply with the new single compliance date specified in revised § 1002.114(b)(1), as well as any financial institutions that make a voluntary submission for the first time for data collected in 2028, for data collected in 2028, i.e., from January 1, 2028, through December 31, 2028.

As discussed in the 2023 final rule, the 2024 and 2025 interim final rules, and the 2025 compliance date final rule, the Bureau believes that a 12-month grace period will give institutions time to diagnose and address unintentional errors without the prospect of penalties for inadvertent compliance issues, and may ultimately assist other covered financial institutions, especially those in later compliance tiers, in identifying best practices. The Bureau views this grace period as enabling deliberate and thoughtful compliance with the rule, while still providing important data regarding small business lending as soon as is practical.

During the grace period, if the Bureau identifies errors in a financial institution's initial data submissions, it does not intend to require data resubmission unless data errors are material. Further, the Bureau does not intend to assess penalties with respect to unintentional and good faith errors in the initial data submissions. Any examinations of these initial data submissions will be diagnostic and will help to identify compliance weaknesses. However, errors that are not the result of good faith compliance efforts by financial institutions, especially attempts to discourage applicants from providing data, will remain subject to the Bureau's supervisory and enforcement authority.

The Bureau believes that the grace period covering the initial data submissions will provide financial institutions an opportunity to identify any gaps in their implementation of this final rule and make improvements in their compliance management systems for future data submissions. In addition, a grace period will permit the Bureau to help financial institutions identify errors and, thereby, self-correct to avoid such errors in the future. The Bureau can also use data collected during the grace period to alert financial institutions of common errors and potential best practices in data collection and submissions under the rule.

VI. CFPA Section 1022(b) Analysis

In developing this final rule, the Bureau has considered the potential benefits, costs, and impacts as required by section 1022(b)(2) of the Consumer Financial Protection Act of 2010 (CFPA). Section 1022(b)(2) calls for the Bureau to consider the potential benefits and costs of a regulation to consumers and covered persons, including the potential reduction of consumer access to consumer financial products or services, the impact on depository institutions and credit unions with $10 billion or less in total assets as described in section 1026 of the CFPA, and the impact on consumers in rural areas.

In the Dodd-Frank Act, which was enacted “[t]o promote the financial stability of the United States by improving accountability and transparency in the financial system,” Congress directed the Bureau to adopt regulations governing the collection of small business lending data. Under section 1071 of that Act, covered financial institutions must compile, maintain, and submit certain specified data points regarding applications for credit for small businesses, with particular attention to women-owned and minority-owned small businesses, along with “any additional data that the Bureau determines would aid in fulfilling the purposes of this section.” Under the 2023 final rule, covered financial institutions are required to collect and report the following data points: (1) a unique identifier, (2) application date, (3) application method, (4) application recipient, (5) credit type, (6) credit purpose, (7) amount applied for, (8) amount approved or originated, (9) action taken, (10) action taken date, (11) denial reasons, (12) pricing information, (13) census tract, (14) gross annual revenue, (15) NAICS code, (16) number of workers, (17) time in business, (18) minority-owned, women-owned, and LGBTQI+-owned business status, (19) ethnicity, race, and sex of principal owners, and (20) the number of principal owners.

Under the 2023 final rule, financial institutions are required to report data on small business credit applications if they originated at least 100 covered credit transactions in each of the two preceding calendar years. Loans, lines of credit, credit cards, and merchant cash advances (including such credit transactions for agricultural purposes) all fall within the transactional scope of the 2023 final rule, with no limitations on loan amount. The Bureau excluded trade credit, transactions that are reportable under HMDA, insurance premium financing, public utilities credit, securities credit, and incidental credit. Factoring, leases, and consumer-designated credit used for business or agricultural purposes are also not covered credit transactions. For purposes of the 2023 final rule, a business is a small business if its gross annual revenue for its preceding fiscal year is $5 million or less. Finally, the 2023 final rule, as subsequently amended, establishes several compliance dates for financial institutions based on three origination size thresholds.

This final rule amends or removes certain provisions of the 2023 final rule. Under this final rule, covered financial institutions will no longer be required to collect and report the following data points: application method, application recipient, denial reasons, pricing ( printed page 23577) information, number of workers, and LGBTQI+-owned business status. This final rule makes adjustments to some of the other data points (including minority-owned business status and ethnicity, race, and sex of principal owners) as well as the timing and methods to be used in the collection of data.

In addition, under this final rule, a financial institution is required to report data if the financial institution originated at least 1,000 covered credit transactions in each of the two preceding calendar years, and one category of financial institutions (FCS lenders) is excluded from coverage. The Bureau is also excluding merchant cash advances, credit transactions for agricultural purposes, and small dollar loans of $1,000 or less from the transactional scope of the rule. For the purposes of this final rule, a business is a small business if its gross annual revenue for its preceding fiscal year is $1 million or less. Finally, this final rule changes the compliance date provision to require a single compliance date for covered financial institutions.

A. Statement of Need

Congress directed the Bureau to adopt regulations governing the collection of small business lending data. Specifically, section 1071 of the Dodd-Frank Act amended ECOA to require financial institutions to compile, maintain, and submit to the Bureau certain data on applications for credit for small businesses, particularly women-owned and minority-owned small businesses. Congress enacted section 1071 for the purpose of facilitating enforcement of fair lending laws and enabling communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses. The Bureau is issuing this final rule to amend portions of the 2023 final rule in order to more effectively fulfill section 1071's statutory purposes.

As discussed in parts I and III, the Bureau believes, in retrospect, that its approach in the 2023 final rule was not conducive to fulfilling the long-term statutory purposes of section 1071 of the Dodd-Frank Act. The Bureau now believes that a more incremental approach will limit, as much as possible, any disturbance to the provision of credit to small entities. The Bureau expects that a more gradual approach to adding data points or expanding coverage, if needed, will more effectively serve both the fair lending and community development purposes of the rule in the long run.

In particular, the Bureau believes it should focus on core lending products, core lending providers, and core data points, rather than take the more expansive approach of its 2023 final rule. To accomplish this, the Bureau is making multiple changes to the 2023 final rule. Among the most consequential changes, the Bureau is exempting several categories of credit from the definition of covered transactions, including merchant cash advances, loans for agricultural purposes, and small dollar loans. The Bureau now believes that application data collected on these types of transactions would be of lower quality while imposing collection requirements on institutions that issue them. The Bureau also is raising the number of loans that trigger reporting requirement to 1,000 and exempting FCS lenders from coverage of the rule to focus on core providers in the small business lending space. The Bureau is changing the definition of “small business” in § 1002.106(b) from $5 million or less to $1 million or less in annual gross revenue to ensure that data is collected on truly small businesses, rather than also collect data on businesses that could be considered large in some contexts. Lastly this final rule removes several data points from the collection, relative to the 2023 final rule, including application method, application recipient, denial reasons, pricing and number of workers to limit the initial compliance costs for collecting and reporting data in compliance with section 1071.

The Bureau believes these changes help further the statutory purposes, for facilitating fair lending enforcement and community development, in several ways. By reducing the initial burden of the data collection on some institutions and removing the collection requirement from others, the Bureau believes that it will reduce disruption in the small business lending market compared to the more expansive 2023 final rule requirements. Disruption in the small business lending market could run counter to the community development purposes of this final rule. By focusing the data collection on core providers, transactions, and data points the Bureau expects the data collected under this final rule will be of higher quality and will be more useful for fair lending enforcement and community development.

B. Baseline for the Consideration of Costs and Benefits

In evaluating the potential benefits, costs, and impacts of this final rule, the Bureau takes as a baseline that all financial institutions covered under the 2023 final rule are in appropriate compliance with that rule, as codified in subpart B of Regulation B and amended by the 2024 interim final rule, the 2025 interim final rule, and the 2025 compliance date final rule.^[82] Under this baseline, the Bureau also assumes that institutions are complying with other regulations that they are currently subject to, including reporting data under HMDA, CRA, and any State commercial financing disclosure laws.^[83] The Bureau believes that this baseline provides the public with the most reasonable basis for analyzing the benefits and costs of this final rule.

C. Basic Approach of the Bureau's Consideration of Benefits and Costs and Data Limitations

Pursuant to section 1022(b)(2)(A) of the Dodd-Frank Act,^[84] in prescribing a rule under the Federal consumer financial laws (which include ECOA and title X of the Dodd-Frank Act), the Bureau is required to consider the potential benefits and costs to “consumers” and “covered persons,” including the potential reduction of access by consumers to consumer financial products or services resulting from such rule, and the impact of final rules on covered persons as described under section 1026 of the Dodd-Frank Act ^[85] ( i.e., depository institutions and credit unions with $10 billion or less in total assets), and the impact on consumers in rural areas.

The Dodd-Frank Act defines the term “consumer” as an individual or someone acting on behalf of an individual. It defines a “covered person” as one who engages in offering or providing a “consumer financial product or service,” which means a ( printed page 23578) financial product or service that is provided to consumers primarily for “personal, family, or household purposes.” ^[86] In rulemakings implementing section 1071, however, the only parties directly affected by the rule are small businesses (rather than individual consumers) and the financial institutions from which they seek credit (which may or may not be covered persons). Accordingly, a section 1022(b)(2)(A) analysis that considers only the costs and benefits to individual consumers and to covered persons would not meaningfully capture the costs and benefits of the rule.

Below, the Bureau conducts the statutorily required analysis with respect to this final rule's effects on consumers and covered persons. Additionally, consistent with the approach in the 2023 final rule, the Bureau is electing to conduct this same analysis with respect to small businesses and the financial institutions that will be required to compile, maintain, and submit data under this final rule. This analysis relies on data that the Bureau has obtained from industry, other regulatory agencies, and publicly available sources. However, as discussed further below, the available data limit the Bureau's ability to quantify the potential costs, benefits, and impacts of this final rule.

1. Analysis With Respect to Consumers and Covered Persons

The 2023 final rule implemented a data collection regime in which certain covered financial institutions must compile, maintain, and submit data with respect to applications for credit for small businesses. This final rule amends that implementation. This final rule will not directly impact consumers, including consumers in rural areas, as those terms are defined by the Dodd-Frank Act. However, some consumers may be impacted in their separate capacity as sole owners of small businesses covered by this final rule. Some covered persons, including some depository institutions or credit unions with $10 billion or less in total assets, will be affected under this final rule not in their capacity as covered persons ( i.e., as offerors or providers of consumer financial products or services) but in their separate capacity as financial institutions that offer small business credit covered by this final rule. The costs, benefits, and impact of this final rule on those entities are discussed below.

2. Benefits to Impacted Financial Institutions

This final rule modifies the 2023 final rule with respect to which financial institutions and transactions are covered, and which data points are required to be collected and reported. Many financial institutions that are not covered by this final rule will still be impacted by it because they would have been covered under the 2023 final rule (as amended). The Bureau analyzes the impacts of this final rule relative to the baseline (1) on covered institutions and (2) on institutions that are no longer covered and calls the combined group of institutions “impacted financial institutions.” The main expected benefit of this final rule to impacted financial institutions comes in the form of cost savings. The Bureau calculates these cost savings by estimating the change in compliance costs between this final rule and the baseline.

In order to precisely quantify the cost savings for impacted financial institutions, the Bureau would need representative data and information on the operational costs that financial institutions would incur to gather and report section 1071 data, on one-time costs for financial institutions to update or create reporting infrastructure to implement requirements of this final rule, and on the level of complexity of financial institutions' business models and compliance systems. Furthermore, the Bureau would need this information under both the baseline and this final rule. Currently, the Bureau does not believe that data on section 1071 reporting costs with this level of granularity are systematically available from any source. The Bureau has made reasonable efforts to gather data on section 1071 reporting costs and primarily uses the same methodology that it used to analyze the 2023 final rule, unless otherwise noted. The Bureau continues to believe that its analysis here and in the 2023 final rule constitutes the most comprehensive assessment to date of the compliance costs associated with implementing section 1071 reporting by financial institutions and provides the most accurate estimates of costs given available information. However, the Bureau recognizes that these estimates may not fully quantify the costs to each covered financial institution, especially given the wide variation of section 1071 reporting costs among financial institutions.

The Bureau categorizes costs required to comply with the baseline and this final rule into “one-time” and “ongoing” costs. Similarly, the Bureau reports cost savings in these terms. “One-time” costs refer to expenses that the financial institution incur initially and only once to implement changes required in order to comply with the requirements of a rule. “Ongoing” costs are expenses incurred as a result of the ongoing reporting requirements of a rule, which the Bureau considers on an annualized basis. In considering the costs and impacts of the 2023 final rule, the Bureau engaged in a series of efforts to estimate the cost of compliance by covered entities. The Bureau conducted a One-Time Cost Survey, discussed in more detail in part IX.E.1 of the 2023 final rule,^[87] to learn about the one-time implementation costs associated with implementing section 1071 and adapted ongoing cost calculations from previous rulemaking efforts. The Bureau evaluated the one-time costs of implementing the procedures necessary and the ongoing costs of annually reporting under this final rule, as discussed in part VI.F.1 below. The Bureau recognizes that costs vary by institution due to many factors, such as size, operational structure, and product complexity, and that this variance exists on a continuum that is impossible to fully represent. In order to conduct a consideration of impacts that is both practical and meaningful in light of these challenges, the Bureau has chosen an approach that focuses on three representative types of financial institutions. For each type, the Bureau has produced reasonable estimates of the costs of compliance given the limitations of the available data. Part VI.E.1 below provides additional details on this approach.

The Bureau understands that some financial institutions that are covered under the baseline have started implementing the 2023 final rule. Institutions that are no longer covered as a result of this final rule may have already incurred some one-time costs to implement the baseline that are not necessary under this final rule. The Bureau does not count these expenditures as costs of this final rule because those costs have already been incurred and are discussed in more detail in part VI.E.1. Instead, the Bureau accounts for these expenditures through reductions in cost savings. If an institution is no longer covered as a result of this final rule, it will no longer be able to recoup all one-time implementation costs, as discussed in part VI.E.1. ( printed page 23579)

3. Benefits to Small Businesses

Consistent with the 2023 final rule, the Bureau elects to estimate the benefits and cost savings to small businesses in addition to cost and benefit savings to impacted financial institutions. As with financial institutions, the Bureau expects that the main benefits of this final rule to small businesses will arise as a result of cost savings. The Bureau expects the direct cost savings of this final to small businesses will be negligible. However, the Bureau expects that there would be indirect cost savings from this final rule to small businesses if financial institutions pass on their cost savings. Therefore, the Bureau focuses its analysis on whether and how the Bureau expects impacted financial institutions to pass on the cost savings from this final rule to small businesses and any possible effects on the availability or terms of small business credit. The Bureau relies on economic theory to understand the potential for cost savings of financial institutions to be passed on to small businesses.

4. Costs to Small Businesses and Impacted Financial Institutions

The costs to small businesses and to impacted financial institutions associated with this final rule will primarily come from a decrease in the benefits associated with the 2023 final rule. As discussed above, Congress enacted section 1071 for the purpose of facilitating enforcement of fair lending laws and enabling communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses. Quantifying these benefits to small businesses presents substantial challenges because the Bureau does not have the data to do so and because the Bureau is not able to assess how effective the 2023 final rule would be in achieving those benefits. The same difficultly holds for the change in benefits associated with this final rule. As discussed further below, as a data reporting rule, most provisions of the baseline and this final rule will benefit small businesses in indirect ways, rather than directly.

Similar issues arise in attempting to quantify the decrease in benefits to impacted financial institutions. Certain benefits to impacted financial institutions are difficult to quantify. For example, the Bureau believes that the data collected under both the baseline and this final rule will reduce the compliance burden of fair lending reviews for lower risk financial institutions that are likely to be in compliance with ECOA by reducing the “false positive” rates during fair lending prioritization by regulators. However, the Bureau does not have the information to quantify such benefits.

In light of these data limitations, the discussion below generally provides a qualitative consideration of the reduction of benefits under this final rule relative to the baseline. General economic principles, together with the limited data available, provide insight into the loss of benefits. Where possible, the Bureau makes quantitative estimates based on these principles and the data that are available. Quantifying these benefits is difficult because the size of each effect cannot be known in advance. Given the number of small business credit transactions and the size of the small business credit market, however, small changes in behavior can have substantial aggregate effects.

In addition, financial institutions that remain covered under this final rule may incur adjustment costs. This occurs when institutions have already made efforts to implement the provisions of the 2023 final rule and incur additional costs to modify their existing implementation to comply with this final rule. If a financial institution has not begun to implement the 2023 final rule, then it will not incur adjustment costs.

D. Coverage of the Final Rule

This final rule provides that financial institutions (both depository and nondepository) that meet all the other criteria for a “financial institution” in § 1002.105(a) will only be required to collect and report section 1071 data if they originated at least 1,000 covered credit transactions in each of the two preceding calendar years. In addition, under this final rule, FCS lenders will not be required to collect and report section 1071 data, even if they meet this new threshold.

As discussed above, market-wide data on small business lending are currently limited. The Bureau is unaware of any comprehensive data available on small business originations for all financial institutions, which are needed to precisely identify all institutions to be covered by this final rule or the 2023 final rule. To estimate the change in coverage as a result of this final rule, the Bureau uses publicly available data for financial institutions divided into two groups: depository ( i.e., banks, savings associations, and credit unions) and nondepository institutions. The Bureau employs the methodology used in the 2023 final rule to estimate the change in coverage as a result of this final rule and relies on updated data.

With respect to depository institutions, the Bureau relies on National Credit Union Administration (NCUA) Call Reports to estimate coverage for credit unions, including for those that are not federally insured, and Federal Financial Institutions Examination Council (FFIEC) Call Reports and the CRA data to estimate coverage for banks and savings associations. For the purposes of the analysis in this part VI.D, the Bureau estimates the number of depository institutions that would have been required to report small business lending data for 2023, based on the estimated number of originations of covered products for each institution in 2022 and 2023.^[88] The Bureau accounts for mergers and acquisitions in 2022 and 2023 by assuming that any depository institutions that merged in those years report as one institution.

The NCUA Call Report captures the number and dollar value of originations on all loans over $50,000 to members for commercial purposes, regardless of any indicator about the borrowing business's size. For the purposes of estimating the impacts of this final rule, the Bureau uses the annual number of originated commercial loans to members reported by credit unions as a proxy for the annual number of originated covered credit transactions under the rule.^[89] These are the best data available to the Bureau for estimating the number of credit unions that may be covered by this final rule. However, the Bureau acknowledges that the true number of covered credit unions may be different ( printed page 23580) than what is presented here. For example, this proxy would overestimate the number of credit unions that will be covered if some commercial loans to members are not covered because the member is taking out a loan for a business that is not small under the definition of a small business in this final rule. Alternatively, this proxy would underestimate the number of credit unions covered by this final rule if credit unions originate a substantial number of covered credit transactions with origination values under $50,000 that are not counted in the NCUA call report data.

The FFIEC Call Report captures banks' and savings associations' outstanding number and dollar amount of small loans to businesses ( i.e., loans originated under $1 million to businesses of any size; small loans to farms are those originated under $500,000). The CRA requires banks and savings associations with assets over a specified threshold ($1.649 billion as of 2026) ^[90] to report loans to businesses in original amounts of $1 million or less. For the purposes of estimating the impacts of this final rule, the Bureau follows the convention of using small loans to businesses as a proxy for loans to small businesses and small loans to farms as a proxy for loans to small farms.^[91] These are the best data available for estimating the number of banks and savings associations that may be covered by this final rule. However, the Bureau acknowledges that the true number of covered banks and savings associations may be different than what is presented here. The Bureau acknowledges that it does not have sufficient information to quantify how the changes to the small business definition and the minimum loan size threshold might affect the impacts of this final rule. The Bureau sought comments on its estimates of coverage of the proposed rule but did not receive any additional data or information with which it could estimate coverage more precisely. The Bureau discusses the comments it received about coverage below.

Although banks and savings associations reporting under the CRA are required to report the number of originations of small loans to businesses and farms, the Bureau is not aware of any comprehensive dataset that contains originations made by banks and savings associations with assets below the CRA reporting threshold. To fill this gap, the Bureau simulated plausible values for the annual number and dollar value of originations for each bank and savings association that falls below the CRA reporting threshold for 2022 and 2023.^[92] The Bureau generated simulated originations in order to account for the uncertainty around the exact number and value of originations for these banks and savings associations. To simulate these values, the Bureau assumes that these banks have the same relationship between outstanding and originated small loans to businesses and farms as banks and savings associations above the CRA reporting threshold. First, the Bureau estimated the relationship between originated number and balances and outstanding numbers and balances of small loans to businesses and farms for CRA reporters. Then the Bureau used this estimate, together with the outstanding numbers and balances of small loans to businesses and farms of non-CRA reporters, to simulate these plausible values of originations. The Bureau has documented this methodology in more detail in its Supplemental estimation methodology for institutional coverage and market-level cost estimates in the small business lending rule released with the 2023 final rule.^[93]

Based on 2023 data from FFIEC and NCUA Call Reports and the CRA data, using the methodology described above, the Bureau estimates that the number of depository institutions that will be required to report under this final rule is between approximately 172 to 181, as shown in Table 1 below. This comprises between 167 and 176 banks and savings associations and five credit unions that will be required to report under this final rule. These ranges represent 95 percent confidence intervals over the number of credit unions, banks and savings associations that will be covered under this final rule. The Bureau presents this range to reflect the uncertainty associated with the estimates and notes that the uncertainty is driven by the lack of data on originations by banks and savings associations below the CRA reporting threshold.^[94]

( printed page 23581)

The Bureau also estimates the number of institutions that would have been covered under the baseline but are no longer covered under this final rule, using the same methodology discussed above. A depository institution would have been covered at the end of 2023 by the 2023 final rule if that institution had over 100 small business and small farm loan originations in 2022 and 2023, accounting for mergers. The Bureau estimates that the number of depository institutions required to report under the 2023 final rule but that will not be required to report under this final rule is between approximately 1,421 to 1,570 institutions, as shown in Table 2 below.

The Bureau does not have sufficient information to meaningfully estimate the change in the number of nondepositories relative to the analysis conducted for the 2023 final rule. For consistency with the method the Bureau uses to estimate covered depository institutions, the Bureau estimates the number of nondepository institutions impacted by the final rule as of the end of 2023. For the purposes of the analysis of the impacts of this final rule, the Bureau assumes that the number of nondepository institutions that are active in the small business lending market has not changed since the 2023 final rule, except for FCS members, for which the Bureau relies on data from the FCA, and merchant cash advance (MCA) providers, as discussed below. See part II.D of the 2023 final rule for more detail on how the Bureau arrived at these estimates.^[95] Consistent with the assumptions in the 2023 final rule, the Bureau also assumes that only online lenders and merchant cash advance providers originate more than 1,000 loans each year and the remaining nondepositories originate between 150 and 999 loans each year. Since MCAs are not covered credit transactions under this final rule, no MCA providers will be required to report. Based on these assumptions, the Bureau concludes that only online lenders will still be required to report under this final rule.

The Bureau estimates that the 2023 final rule would have covered about 610 nondepository institutions, consisting of: about 30 online lenders; about 140 nondepository Community Development Financial Institutions (CDFIs); about 100 merchant cash advance providers; about 240 commercial finance companies; about 70 governmental lending entities; and 60 Farm Credit System members.^[96] The Bureau estimates that, of these nondepositories, the 30 online lenders will continue to be covered under this final rule and a federal agency lender will be covered by this rule.^[97] The remaining nondepository entities will be impacted by this final rule because they are no longer covered.

Comments on the estimates of coverage of the proposed rule. Using the Community Reinvestment Act data, two commenters argued that changing the small business definition from $5 million to $1 million in revenue will exclude about 50 percent of loans considered small business loans. The Bureau disagrees with this estimate for several reasons. First, as the commenters acknowledge, the CRA data are not sufficiently granular to support the drastic estimated decline in transactions covered; the data only distinguish between businesses with revenues less than and greater than $1 million and cannot speak to the relevant change in covered loans for business with $1 million to $5 million in revenue. Second, the CRA data underestimate lending to businesses with less than $1 million in revenue because those data omit larger loans to small businesses. Research has shown that using small loans to businesses as a proxy for small business lending may underestimate small business lending by up to 23 percent, depending on small business definition and bank characteristics.^[98] The Bureau acknowledges the limitations of the existing data sources on small business lending and how this impacts its estimates of covered lending. However, the Bureau is not convinced that the CRA data can be used to meaningfully estimate the impact of changing the small business definition on market coverage. Furthermore, the Bureau acknowledges that adopting a $1 million revenue threshold will reduce the number of reportable loans but believes it is appropriate under the statute to implement a more limited collection focused on the smallest businesses.

One industry trade association provided additional information that there were about 100 MCA providers as of March 2024.^[99] The Bureau has updated its above estimates of the number of providers as of the end of 2023 based on this evidence.

E. Methodology for Generating Costs and Benefits Estimates

In part IX.E of the 2023 final rule, the Bureau explained its methodology for generating estimates of one-time and ongoing costs associated with complying with the 2023 final rule. As discussed in the previous section, many financial institutions that were covered by the 2023 final rule are no longer ( printed page 23582) covered by this final rule. Thus, this final rule will confer a benefit in the form of cost savings for most impacted institutions. The Bureau also expects that institutions that continue to be covered will face a reduction in compliance costs from this final rule relative to the baseline. Generally, the Bureau estimates the benefits of this final rule by comparing the compliance costs under the baseline to those under this final rule. To generate cost estimates under the baseline and this final rule, the Bureau uses the same methodology as the 2023 final rule, unless otherwise noted. Throughout this section, the Bureau reproduces crucial parts of the methodology discussion where necessary but references the 2023 final rule for additional detail and background.

The Bureau expects that compliance costs vary with the complexity of a financial institution's compliance operations. Consistent with the 2023 final rule and for the purposes of this final rule, the Bureau categorizes impacted financial institutions (FIs) into Types A, B, and C in increasing order of compliance operations complexity. Based on its prior methodology, the Bureau assumes that this complexity is correlated with the number of small business loan applications received, and therefore categorizes institutions based on application volume. The Bureau assumes that Type A FIs receive fewer than 300 applications per year, Type B FIs receive between 300 and 2,000 applications per year, and Type C FIs receive more than 2,000 applications per year. The Bureau assumes that, for Type A and B FIs, one out of two small business applications will result in an origination. Thus, the Bureau assumes that Type A FIs originate fewer than 150 covered credit transactions per year and Type B FIs originate between 150 and 999 covered credit transactions per year. The Bureau assumes that Type C FIs originate one out of three small business applications and at least 1,000 covered credit transactions per year.^[100]

The Bureau recognizes that the changes in this final rule, as discussed in subsequent sections, will remove most Types A and B financial institutions from coverage. However, the Bureau maintains both these categorizations and assumptions in order to estimate compliance at baseline and compare it to coverage under this final rule.

The Bureau understands that compliance costs vary across financial institutions due to many factors, such as size, operational structure, and product complexity, and that this variance exists on a continuum that is very difficult or impossible to fully represent. Due to data limitations, the Bureau is unable to capture many of the ways in which compliance costs vary by institution, and therefore uses these representative financial institution types with the above assumptions for its analysis. In order to aggregate costs to a market level, the Bureau must map financial institutions onto its types using discrete volume categories.

For the hiring costs discussion in part VI.F.1.i and ongoing costs discussion in part VI.F.1.ii below, the Bureau discusses costs in the context of representative institutions for ease of exposition. The Bureau assumes that a representative Type A FI receives 100 small business credit applications per year, a representative Type B FI receives 400 small business credit applications per year, and a representative Type C FI receives 6,000 small business credit applications per year. The Bureau further assumes that a representative Type A FI originates 50 covered credit transactions per year, a representative Type B FI originates 200 covered credit transactions per year, and a representative Type C FI originates 2,000 covered credit transactions per year.

1. Methodology for Estimating One-Time Compliance Costs

The one-time compliance cost estimation methodology for this final rule described in this section is the same methodology that the Bureau used in the 2023 final rule, unless otherwise noted.

The Bureau has identified the following nine categories of one-time costs that will likely be incurred by financial institutions to develop the infrastructure to collect and report data under the baseline and this final rule:

1. Preparation/planning

2. Updating computer systems

3. Testing/validating systems

4. Developing forms/applications

5. Training staff and third parties (such as brokers)

6. Developing policies/procedures

7. Legal/compliance review

8. Post-implementation review of compliance policies and procedures

9. Hiring costs.^[101]

The Bureau also conducted a survey in 2020 regarding one-time implementation costs for section 1071 compliance targeted at financial institutions who extend small business credit.^[102] The survey collected information on the number of employee hours and non-salary expenses required to implement a section 1071 rule. The Bureau developed the survey instrument based on guidance from industry on the potential types of one-time costs institutions might incur if required to report under a rule implementing section 1071 and tested the survey instrument on a small set of financial institutions, incorporating their feedback prior to implementation. The Bureau worked with several major industry trade associations to recruit their members to respond to the survey. A total of 105 financial institutions responded to the survey.

Estimates from the 2020 survey respondents continue to form the basis of the Bureau's estimates for one-time compliance costs in assessing the impact of this final rule. The survey was broadly designed to ask about the one-time costs of reporting data under a regime that only included mandatory data points, used a reporting structure similar to HMDA, used the Regulation B definition of an “application,” and used the respondent's own internal small business definition.^[103] Therefore, the Bureau assumes that the tasks listed above are associated with implementing both the 2023 final rule and this final rule for institutions covered by each rule.

The Bureau assumes that the number of employee hours required to implement each task has not changed but that the wages have changed to reflect labor market developments. The Bureau assumes that each task may require junior, mid-level, and senior staff hours to implement. For junior staff, the Bureau uses $18.51, the 10th percentile hourly wage estimate for “loan officers” according to the 2024 Occupational Employment Statistics compiled by the Bureau of Labor ( printed page 23583) Statistics.^[104] For mid-level staff, the Bureau uses $41.35, the estimated mean hourly wage estimate for “loan officers.” For senior staff, the Bureau uses $70.09, the 90th percentile hourly wage estimate for “loan officers.” To account for non-monetary compensation, the Bureau also scaled these hourly wages up by 43 percent.^[105]

Finally, the Bureau assumes that the non-salary expenses necessary to implement each one-time task have only changed according to inflation, as measured by the Consumer Price Index.^[106]

For hiring costs, the Bureau also assumes that a covered financial institution will need to hire enough full-time equivalent workers (FTEs) to cover the estimated number of staff hours necessary to comply with either the 2023 final rule or this final rule on an annual, ongoing basis. In part VI.E.2 below, the Bureau describes how it estimates the ongoing costs to comply with the 2023 final rule and this final rule, including the number of hours of staff time an institution needs per application. The Bureau assumes for the baseline and this final rule that an FTE will work about 2,080 hours each year (40 hours per week × 52 weeks = 2,080). The Bureau calculates that the total number of FTEs that a covered financial institution will need to hire as the number of hours per application multiplied by the estimated number of applications received per year divided by 2,080, rounded up to the next full FTE. For example, if an institution receives 500 applications per year and an employee spends one hour on each application, it will need to hire one FTE ((1 * 500)/2080 = 0.24, which is rounded up to the next full FTE, i.e., 1). In part VI.F.1.i, the Bureau also confirms that the estimated additional staff can cover the estimated staff hours required for implementing other one-time changes.

The Bureau calculates the hiring costs using the estimated cost-per-hire of $4,683, estimated by the Society for Human Resource Management.^[107] This estimated cost includes advertising fees, recruiter pay and benefits, and employee referrals, among other categories. For each covered financial institution, the estimated hiring cost is $4,683 multiplied by the estimated new FTEs required to comply with the requirements of the 2023 final rule or this final rule. The estimated total one-time costs are the sum of the estimated hiring costs and the other one-time costs for that institution discussed above.

The Bureau assumes that some financial institutions covered by the 2023 final rule have already incurred some one-time costs in order to comply with the rule. For institutions that will no longer be covered under this final rule, those costs are sunk and cannot be recouped. The Bureau believes that, while some one-time cost activities already underway could be used for complying with this final rule, some of those activities will need to be redone in order to comply. The Bureau makes this rough assumption to capture this possibility and potential sunk cost. As discussed above, the Bureau believes, to the extent this has occurred, this reduces the institution's potential benefits under this final rule. The Bureau does not have sufficient information upon which to base its estimate of how much these institutions may have already spent upgrading their systems and, instead, makes an assumption that institutions that will no longer be covered under this final rule, on average, will have incurred 25 percent of their baseline non-hiring one-time costs. That is, institutions no longer covered by this final rule will save 75 percent of the estimated non-hiring one-time costs under the baseline, because they have not yet spent those resources. The Bureau assumes that these institutions have not yet hired new employees under the baseline. The Bureau believes these are reasonable assumptions as to the extent of one-time costs already incurred by these institutions. Under these assumptions, the total cost savings for institutions that will no longer be covered is estimated to be 75 percent of the one-time costs of implementing tasks 1-8 listed above, plus the expected hiring costs associated with the baseline.

Institutions that were covered under the baseline may have implemented changes to their processes and systems to comply with the 2023 final rule. If an institution will no longer be covered under this final rule, some of these costs may be sunk. For example, the institution may have developed a manual of policies and procedures that are no longer required if the institution is no longer covered. To the extent these institutions have already incurred some of these expenses, the Bureau believes this reduces their one-time cost savings from this final rule.

If an institution remains covered under this final rule, some of their implementation may continue to be applicable under this final rule. Other parts of their implementation may need to be changed to comply with this final rule, and thus the institution may incur the same one-time cost again. For example, an institution that already started designing data collection forms may have to change the design. The Bureau includes incurring these expenses again as part of its calculation for institutions that remain covered.

The Bureau does not have the requisite information to empirically estimate how much of the one-time costs, under the baseline, any institution is likely to have incurred. Therefore, the Bureau has decided to make a simple assumption. The Bureau assumes that all institutions will have incurred 25 percent of their non-hiring, one-time costs, at baseline, in preparation to comply with the 2023 final rule. For financial institutions that were covered under the 2023 final rule but will not be covered under this final rule, the Bureau assumes that this final rule will save the remaining 75 percent of the non-hiring, one-time costs, at baseline, plus their hiring costs.

For institutions that are covered under the baseline and will be covered under this final rule, the Bureau assumes that 25 percent of one-time, non-hiring costs under the baseline have already been incurred and are, likewise, sunk. Therefore, the one-time cost savings for these institutions are the one-time hiring and non-hiring costs under this final rule minus the one-time hiring costs and 75 percent of the non-hiring costs under the baseline.

Comments on resources spent to implement the 2023 final rule. In the proposed rule, the Bureau sought comment on whether financial institutions that would have been covered under the 2023 final rule have already spent resources to implement that final rule. The Bureau received a ( printed page 23584) few comments from financial institutions that would have been covered stating that they had started implementing some changes and at least one bank stated how much they had paid for new software. These comments are consistent with the Bureau's assumptions of how many financial institutions have already incurred costs to comply with the 2023 final rule, the magnitude of those costs, or the ability of institutions to recoup some of the costs and the Bureau did not receive any specific feedback on these assumptions.

2. Methodology for Estimating Ongoing Compliance Costs

In the 2023 final rule, the Bureau identified 15 specific data collection and reporting activities that would impose ongoing compliance costs for covered institutions and continues to use those activities as an organization principle for its analysis of the impacts of this final rule. Table 3 presents the full list of the 15 activities. The Bureau assumes that substantially the same activities will be needed to comply with this final rule. Activities 1 through 3 can broadly be described as data collection activities: these tasks are required to intake data and transfer it to the financial institution's small business data entry system. Activities 4 through 10 are related to reporting and resubmission: these tasks are necessary to collect required data, conduct internal checks, and report data consistent with the 2023 final rule or this final rule. Activities 11 through 13 are related to compliance and internal audits: employee training, and internal and external auditing procedures required to ensure data consistency and reporting in compliance with the 2023 final rule or this final rule. Finally, activities 14 and 15 are related to small business lending examinations by regulators: these tasks will be undertaken to prepare for and assist during regulatory compliance examinations. For the purpose of this analysis and for consistency with the 2023 final rule, the Bureau assumes that all financial institutions covered under this final rule or the baseline will be subject to regulatory compliance examinations and thus incur costs related to activities 14 and 15.

Table 3 also provides an example of how the Bureau calculates ongoing compliance costs associated with each compliance task. The table shows the calculation for each activity and notes whether the task is a “variable cost,” which depends on the number of applications the institution receives, or a “fixed cost” that does not depend on the number of applications. Table 3 shows these calculations for a Type A FI, or the institution with the least amount of complexity. Table 4 below summarizes the activities whose calculation differs by institution complexity and shows the calculations for Type B FIs and Type C FIs (where they differ from those for a Type A FI).

Many of the activities in Table 3 require time spent by loan officers and other financial institution employees. To account for time costs, the calculation uses the hourly compensation of a loan officer multiplied by the amount of time required for the activity. The Bureau uses a mean hourly wage of $41.35 for loan officers, based on data from the Bureau of Labor Statistics.^[109] To account for non-monetary compensation, the Bureau scales this hourly wage by 43 percent to arrive at a total hourly compensation of $59.07 for use in these calculations.^[110] As an example of a time calculation, the Bureau assumes that transcribing the data points that would be required under the baseline would require ( printed page 23585) approximately 11 minutes per application for a Type A FI. The calculation multiplied the number of minutes by the number of applications and the hourly compensation to arrive at the total cost, on an annual basis, of transcribing data. As another example, the Bureau assumes that ongoing training for loan officers to comply with a financial institution's 1071 policies and procedures will take about two hours per loan officer per year. The cost calculation multiplies the number of hours by the number of loan officers and by the hourly compensation.

In the 2023 final rule, the Bureau explained how it arrived at its assumed number of hours required per task and makes the same assumptions in this final rule.

Some activity costs in Table 3 depend on the number of applications. It is important to differentiate between these variable costs and fixed costs that do not depend on number of applications because the type of cost impacts whether and to what extent covered institutions might be expected to pass on their costs to small business loan applicants in the form of higher interest rates or fees (discussed in more detail in part VI.F.2 below). Data collection, reporting, and submission activities such as geocoding data, standard annual edits and internal checks, researching questions, and resolving question responses are variable costs. All other activities are fixed costs because they do not depend on the overall number of applications being processed. An example of a fixed cost calculation is exam preparation, where the hourly compensation is multiplied by the number of total hours required by loan officers to prepare for 1071-related compliance examinations.

Table 4 shows where and how the Bureau assumes Type B FIs and Type C FIs differ from Type A FIs for the purposes of evaluating ongoing cost. Table 4 shows the activities where the assumptions differ from those in Table 3. Type B FIs and Type C FIs use more automated procedures, which result in different cost calculations. For example, for Type B FIs and Type C FIs, transferring data to the data entry system and geocoding applications are done automatically by business application data management software licensed annually by the financial institution. The relevant address is submitted for geocoding via batch processing, rather than done manually for each application. The additional ongoing geocoding costs reflect the time spent by loan officers on “problem” applications—that is, a percentage of overall applications that the geocoding software misses—rather than time spent on all applications. However, Type B FIs and Type C FIs have the additional ongoing cost of a subscription to a geocoding software or service as well as a data management software that represents an annual fixed cost of reporting 1071 data. This is an additional ongoing cost that the less complex Type A FIs will not incur. The Bureau expects that Type A FIs will use free geocoding software available from the FFIEC or the Bureau, which may include a new batch function that could be developed by either the FFIEC or the Bureau.

Additionally, audit procedures differ between the three representative institution types. The Bureau expects a Type A FI would not conduct an internal audit but would pay for an annual external audit. A Type B FI would be expected to conduct a simple internal audit for data checks and also pay for an external audit on an annual basis. Type C FIs would have a sophisticated internal audit process in lieu of an external audit.

Table 5 below shows major assumptions that the Bureau makes for each activity for each type of financial institution. Based on this final rule and inflation, the Bureau has made changes to corresponding assumptions from the 2023 final rule where appropriate. In particular, the changes eliminating several data points are the biggest source of changes to the assumptions relative to the 2023 final rule. Because fewer data points will be collected under this final rule than under the 2023 final rule, the Bureau assumes that tasks which depend on the number of data points will see a reduction in required employee hours. The Bureau has also updated the assumed fixed cost of software and audits to account for inflation. Table 5 also shows the number of hours assumed in the baseline scenario, for comparison.

Table 5 provides the total number of staff hours the Bureau assumes are required for each task under this final rule and baseline for representative financial institutions of different types. For example, the Bureau assumes that transcribing data for a Type A financial institution with 100 applications will require 14 hours of labor under this final rule. In comparison, transcribing data would have taken 19 hours for the same representative institution under the baseline. The table also shows the assumed fixed cost of software and audits, as well as areas where the Bureau assumes there would be cost savings due to use of technology. In several cases, the activity described in a row does not apply to financial institutions of a certain type and is therefore entered in the table as not applicable (N/A). ( printed page 23586)

3. Methodology for Generating Market-Level Estimates of Costs and Benefits

To generate small business lending market-level impacts estimates, the Bureau relies on the same estimates of small business lending originations described in part VI.D. above, which is the same as the methodology used in the 2023 final rule, unless otherwise noted. As with institutional coverage, the Bureau separates market-level impact estimates into estimates for depository institutions and for nondepository institutions. The Bureau also separates market-level impact estimates for institutions that will be covered under this final rule and those that are covered under the 2023 final rule but are no longer to be covered under this final rule.

Under this final rule, an institution would be required to report data on applications received in 2023 if it originated at least 1,000 covered originations in both 2022 and 2023.^[113] Under the 2023 final rule, an institution would have been required to report data on applications received in 2023 if it originated at least 100 covered originations in 2022 and 2023, including loans to small farms.

If two depository institutions merged between the end of 2022 and the end of 2023, the Bureau assumes that those institutions would report as one entity. Under the baseline, the Bureau categorizes each institution as a Type A DI, Type B DI, or Type C DI, as defined at the beginning of this part VI.E, based on its small business and small farm loan originations in 2023. Under this final rule, the Bureau categorizes each institution by type according to only its small business loan originations in 2023.^[114] Depository institutions with 0 to 149 covered originations in 2023 are categorized as Type A. Depository institutions with 150 to 999 covered originations are categorized as Type B. Depository institutions with 1,000 or more covered originations are categorized as Type C. Thus, all depository institutions that will be covered by this final rule are categorized as Type C, given the new reporting threshold of 1,000 loans originated in this final rule. Some depository institutions of Type A are not covered under the baseline or this final rule and others of Type A switched from being covered under the baseline to not being covered under this final rule. All depository institutions of Type B switched from being covered under the baseline to not being covered under this final rule.

For each depository institution, the Bureau assigns the appropriate estimated one-time compliance costs (including hiring cost as a function of estimated applications), ongoing fixed compliance cost, ongoing variable compliance cost per application, and applications per origination associated with its institution type for both the baseline and this final rule. The estimated number of annual applications for each institution is the estimated number of originations multiplied by the assumed number of applications per origination for that institution type (see part VI.E above). The annual ongoing compliance cost for each institution (under either the baseline or this final rule) is the ongoing fixed compliance cost plus the ongoing variable compliance cost per application multiplied by the estimated number of applications. The one-time hiring cost for each institution is the estimated number of applications multiplied by the annual staff hours per application divided by 2,080, rounded up to the next full FTE, multiplied by the cost-per-hire. For each institution, the Bureau calculates the changes in one-time costs and ongoing costs for this final rule relative to the baseline.

As shown in part VI.F.1.ii, the Bureau estimates that under this final rule every impacted financial institution will experience a decrease in ongoing costs relative to the baseline, thus resulting in ( printed page 23587) a benefit for every institution. For institutions that are covered both at baseline and under this final rule, the decrease in ongoing costs stems from reductions in variable compliance costs from, mainly, needing to report fewer data points and, potentially, fewer applications. Institutions that were covered under the 2023 final rule but are not covered under this final rule would have had to pay ongoing costs to comply with the baseline. Since those institutions are no longer covered, their ongoing costs decrease to zero.

The Bureau estimates that all institutions that were previously covered at baseline but that are no longer covered under this final rule will incur the benefit of cost savings on one-time costs. As discussed in part VI.E.1, the Bureau believes that, under this final rule, these institutions will receive a benefit that is 75 percent of their non-hiring one-time costs plus their estimated hiring costs at baseline. For institutions that will continue to be covered under this final rule, they will experience a benefit in the form of reduced one-time hiring costs.

To generate market-level estimates, the Bureau sums the changes over institutions. The Bureau reports market-level impacts separately for covered and no longer covered institutions and for whether or not the one-time costs will yield a cost or a benefit. As with coverage estimates, the Bureau presents a range for market-level estimates. The range reflects the uncertainty associated with the estimate of costs for banks and savings associations below the CRA reporting threshold. The Bureau has documented how it calculates these ranges as part of the 2023 final rule rulemaking process in its Supplemental estimation methodology for institutional coverage and market-level cost estimates in the small business lending rulemaking.^[115]

The Bureau is unaware of institution-level data on originations by nondepository institutions that are comprehensive enough to estimate costs using the same method as that for depository institutions. Therefore, to generate market-level estimates for nondepository institutions, the Bureau relies on the estimates of the number of nondepository institutions discussed in part VI.D and several key assumptions, which it also relied on for estimating the impacts of the 2023 final rule. The Bureau assumes that fintech lenders and merchant cash advance providers are Type C FIs because they generally have more automated systems and originate more loans.^[116] The Bureau also assumes that a federal agency lender is a Type C institution. The Bureau assumes that the remaining nondepository institutions are Type B FIs. The Bureau assumes that each nondepository receives the same number of applications as the representative institution for each type, as described above. Hence, the Bureau assumes that fintech lenders, merchant cash advance providers, and a federal agency lender each receive 6,000 applications per year and all other nondepository institutions receive 400 applications per year. As in the 2023 final rule and above, the Bureau also assumes that all nondepository institutions have the same one-time costs as each other. The Bureau calculates changes in one-time and ongoing costs in a similar manner to the methods described above and presents market-level estimates for nondepository institutions that remain covered and that are no longer covered by this final rule.

F. Potential Benefits and Costs to Impacted Financial Institutions and Small Businesses

Comments on general approach to analysis of potential benefits and costs. In the NPRM, the Bureau sought comment on its analysis of benefits to financial institutions. Most industry commenters provided general feedback that the proposed rule would be broadly beneficial for financial institutions. Some commenters provided more specific feedback on how different elements of the proposal would benefit financial institutions. Most of these comments are discussed in more detail in part III.D and III.E. The Bureau discusses here some of the comments more directly related to the impacts of the rule.

Many industry commenters confirmed the Bureau's analysis that the removal of certain discretionary data points would reduce the burden of collecting those data for covered institutions. Several other industry commenters argued that the Bureau should remove the remaining discretionary data points because they are still burdensome. The Bureau acknowledges that financial institutions will incur costs to collect any data point but continues to believe that the remaining discretionary data points are necessary to facilitate the collection of the statutory data points.

Many industry commenters and an independent office of a Federal agency also confirmed the Bureau's analysis that the higher coverage threshold would relieve the burden of the rule on the smaller lenders. Some industry commenters suggested that some institutions that would remain covered by the proposed rule still face high compliance costs. These commenters proposed that the Bureau adopt either a higher origination threshold or an asset threshold to reduce burden for more institutions. An industry trade association argued that a low origination threshold would discourage smaller financial institutions from entering the small business lending market. The Bureau acknowledges that covered financial institutions will incur costs associated complying with this final rule but continues to believe that the threshold appropriately considers both the costs incurred by financial institutions and the statutory data collection requirements.

Many industry commenters agreed with the Bureau's analysis that the proposal to remove the pricing data points and reduce the number of covered institutions would benefit financial institutions by reducing reputational risks. Another commenter argued that the pricing data points should not be removed because data are not operationally difficult to collect and, thus, removing those data points does not confer much of a benefit. The Bureau expects that no longer collecting pricing data from covered institutions will benefit these institutions beyond just the operational cost savings associated with not reporting the data. For example, as other industry commenters confirmed, impacted institutions will benefit from fewer resources expended addressing possibly incorrect inferences about pricing discrimination based on data collected under this rule.

Some commenters argued that the Bureau did not provide sufficient evidence for the assertion that exempted institutions lack experience with other reporting regimes. In particular, one commenter argued that many depository institutions that were exempted are likely to be HMDA reporters. The Bureau agrees that many depository institutions exempted under this rule are familiar with regulatory reporting and clarifies that primarily nondepository institutions that do not report HMDA data would benefit from ( printed page 23588) being exempted due to a lack of familiarity with regulatory reporting.

Finally, one bank confirmed that the proposal to change the small business definition to $1 million would reduce burden for financial institutions by reducing the number of reportable transactions. The Bureau agrees with this observation but does not have sufficient information to quantify it.

One consumer group argued that the Bureau's own analysis showed that compliance costs savings would be “modest.” The commenter noted that the $100 million and $44 million saved for depository and nondepository institutions exempted from coverage would be spread over 2,000 exempted lenders. When comparing on a per lender, or per application basis, the commenter characterized the cost savings as “minimal.” Another individual commenter argued that the cost savings were nearly negligible, but nonetheless the Bureau proposed changes.

An advocacy group asserted that the proposed rule, combined with the proposed rescission of the 2023 Community Reinvestment Act rule (2023 CRA rule), will require several banks and thrifts to report two similar databases, one for CRA purposes and one for section 1071. They also argue that savings for banks and thrifts not covered by the final rule will be smaller than the Bureau's estimates because they will still have to report similar data for CRA purposes.

The Bureau does not agree with the commenter that it is appropriate to attribute preexisting CRA compliance costs to the proposed 1071 rule. The CRA compliance costs that exist under the 2023 CRA rule are separate from the compliance costs of this 1071 final rule. Furthermore, it notes that the proposed recission of the 2023 CRA rule has not been finalized, so the appropriate baseline for the analysis of this final rule is under the existing 2023 CRA rule. The Bureau concludes that the 2023 CRA rule does not yet require the FDIC, OCC, and Federal Reserve System (the agencies) to use section 1071 data to assess compliance with the 2023 CRA rule.^[117] Instead, the 2023 CRA rule specifies that the agencies will continue to use the data from the prior CRA approach to assess compliance until the section 1071 data are available. After section 1071 data become available, the agencies will publish a notice in the Federal Register announcing the effective date of the section 1071-related transition amendments.

The 2023 CRA rule does not affect the baseline for this analysis because the 2023 CRA rule, as it currently stands, still requires a separate reporting system and does not provide a benefit to lenders of reduced reporting requirements by relying on 1071 data. Furthermore, the Bureau has already appropriately accounted for how potentially duplicative reporting affects the impacts of the rule by estimating the costs and benefits of the rule in the context of complying with the relevant existing regulations, including CRA.

The Bureau continues to believe that the cost savings of this rule are significant and this analysis is supported by consumer groups' own comments and industry commenters reporting the tens of thousands of dollars in costs that they expect the rule to save them in compliance costs. Even spread over 2,000 exempted lenders, $144 million in savings would amount to $72,000 per affected entity. Various bank commenters gave estimates of $40,000, $72,000, $100,000, and $120,000 in estimated annual cost savings. Combined with the Bureau's own analysis the Bureau continues to believe this represents meaningful savings from this final rule's provisions.

1. Benefits to Impacted Financial Institutions

i. One-Time Cost Savings of Impacted Financial Institutions

Using the methodology described in part VI.E.1 above, Table 6 shows the estimated total per institution expected one-time costs of this final rule for the first eight cost categories for financial institutions covered by this final rule or under the baseline, as well as a breakdown by the eight component categories that comprise the one-time costs for Type A DIs, Type B DIs, Type C DIs, and Non-DIs.^[118] The final cost category, hiring costs, is discussed later in this section. The Bureau notes that the estimated costs presented in Table 6 differ slightly from the estimated costs presented in the 2023 final rule. This difference is due to inflation adjustments for non-salary expenses and updated wage rates.

In addition to these one-time costs, the Bureau estimates the one-time hiring costs for the additional FTEs a financial institution expects to hire based on the number of applications the institution expects to receive each year. For financial institutions that will no longer be covered under this final rule, the Bureau calculates the benefit resulting from the cost savings of no longer needing to hire more employees. The Bureau anticipates that financial institutions that continue to be covered may also experience moderate cost savings because they may report fewer loans under this final rule relative to the baseline and, as a result, may have to hire fewer employees. ( printed page 23589)

The Bureau estimates that there are financial institutions covered under the baseline that will no longer be covered under this final rule. These institutions will see a benefit in the form of savings on one-time compliance costs, since the Bureau assumes they would not incur additional one-time costs as a result of this final rule. Also, as discussed in part VI.E.1, the Bureau expects that these financial institutions will have already incurred 25 percent of the baseline non-hiring costs preparing to comply with the 2023 final rule. The full amount of savings by institutions that will no longer be covered are 75 percent of the non-hiring costs and the full amount of the hiring costs. The Bureau assumes that financial institutions that are covered under both the baseline and this final rule would still incur one-time costs to implement changes to comply with this final rule but may see a reduction in one-time hiring costs due to, potentially, needing fewer new employees to comply with this final rule relative to the baseline.

In the discussion about ongoing cost in part VI.F.3.ii below, the Bureau explains how it estimates the number of staff hours per application required to comply with this final rule or under the baseline. Under this final rule, the Bureau estimates a Type C FI, the only type that will be covered, requires 0.78 hours per application. Under the baseline, the Bureau estimates that a Type A FI requires 1.1 hours per application, a Type B FI requires 1.66 hours per application, and a Type C FI requires 0.84 hours per application.

For the purposes of exposition, the Bureau presents the estimated number of FTEs for representative financial institutions. For the market-level estimates, the Bureau estimates the number of staff hours required based on the estimated number of applications each depository institution receives.

As assumed in part VI.E, the representative Type A DI receives 100 applications annually, requiring 110 hours to comply with the 2023 final rule. Under the assumptions described in part VI.E.1, the representative Type A DI would have needed to hire one additional FTE at a one-time cost of $4,683 to cover the expected annual staff hours required to comply with the 2023 final rule on an ongoing basis. This additional staff would also have to be able to cover the staff hours required to implement one-time changes because, on average, a Type A DI would require 716 staff hours for one-time changes (see Table 12 in the 2023 final rule). Under the baseline, a Type A DI would have incurred about $67,300 in non-hiring one-time costs. As discussed above, the Bureau assumes that a Type A DI, on average, already will have spent 25 percent of its non-hiring one-time costs, or about $16,825, to implement the 2023 final rule, costs which cannot be recouped. Therefore, the Bureau estimates that the representative Type A DI will save $4,683 in one-time hiring costs and about $50,475 in non-hiring one-time costs by no longer being covered under this final rule, for a total of about $55,175 in cost savings.

The Bureau assumes that a representative Type B DI receives 400 applications annually, requiring 654 hours to comply with the 2023 final rule. This DI would have needed to hire one additional FTE at a one-time cost of $4,683. This additional staff would also be able to cover the 461 staff hours, on average, required to implement one-time changes for a Type B DI. Under the baseline, a Type B DI would have incurred about $51,700 in non-hiring one-time costs. The Bureau assumes that a Type B DI, on average, will have already spent 25 percent of its non-hiring one-time costs, about $12,925, to implement the 2023 final rule, costs which cannot be recouped. Therefore, the Bureau estimates that the representative Type B DI will save $4,683 in one-time hiring costs and about $38,775 in non-hiring one-time costs by no longer being covered under this final rule, for a total of about $43,475 in cost savings.

A representative Type C DI, which the Bureau assumes receives 6,000 applications and thus remains covered under this final rule, would see no one-time cost savings as a result of this final rule. In part VI.F.3 below, the Bureau describes how these institutions may experience a one-time adjustment cost under this final rule. The representative Type C DI does not incur any one-time hiring cost savings as a result of this final rule because it receives the same number of applications as under the baseline.^[119] In general, a covered institution may require fewer additional employees to comply with this final rule than it did with the baseline if the institution's number of reportable applications decreases sufficiently. Such an institution will receive one-time cost savings of $4,683 for every fewer employee it requires to comply with this final rule relative to the baseline.^[120]

The Bureau assumes that most nondepository institutions are primarily Type B and Type C FIs, so the estimated staff hours to cover ongoing tasks discussed above apply here. For one-time tasks, the Bureau estimates that a covered nondepository institution would require about 664 staff hours, on average, to implement one-time changes necessary to comply with either the baseline or this final rule. One additional FTE would be sufficient to cover these hours if the institution reallocates some tasks across staff. The Bureau estimates that all nondepositories would require about $114,000 to comply with this final rule or the baseline. Type B nondepositories and Type C merchant cash advance providers are no longer covered under this final rule. Therefore, following similar logic as above, a Type B nondepository will receive cost savings of $90,200 and a Type C merchant cash advance provider will receive cost savings of $99,600.

As mentioned above, the Bureau realizes that one-time costs vary by institution due to many factors, and that this variance exists on a continuum that is very difficult or impossible to fully represent. The Bureau focuses on representative types of financial institutions in order to generate practical and meaningful estimates of costs. As a result, the Bureau expects that individual financial institutions could have slightly different one-time costs or cost savings than the average estimates presented here.

Summing across institutions as described in part VI.E.3, the Bureau estimates that the total one-time hiring and non-hiring cost savings for depository institutions that will no longer be covered under this final rule will be between $68,900,000 and $76,700,000. Using a 7 percent discount rate and a 10-year amortization window, the annualized one-time cost savings for depository institutions that are no longer covered under this final rule will be between $9,800,000 and $10,900,000.^[121] The Bureau estimates ( printed page 23590) that the total hiring and non-hiring one-time cost savings for nondepository institutions that will no longer be covered under this final rule would be about $15,900,000. Using a 7 percent discount rate and a 10-year amortization window, the annualized one-time cost savings for nondepository institutions that are no longer covered under this final rule will be about $2,300,000. The Bureau estimates that some covered institutions will receive cost savings from needing to hire fewer staff under this final rule. The estimated total market value of these one-time hiring cost savings is between $3,900,000 and $4,300,000. Using a 7 percent discount rate and a 10-year amortization window, the annualized one-time cost savings for such institutions will be between $560,000 and $610,000. Covered institutions will also incur one-time adjustment costs, which are discussed in part VI.F.3. In total, the Bureau estimates the total one-time costs savings of this final rule across all impacted financial institutions will be between $88,700,000 and $96,900,000, with an annualized amount between $12,600,000 and $13,800,000.^[122]

Comments on the one-time cost savings estimates of the proposed rulemaking. In the NPRM, the Bureau sought comment on its analysis of the one-time cost savings of impacted financial institutions. Many industry commenters confirmed that the proposal would significantly benefit newly excluded lenders by conferring savings on one-time implementation costs. Several institutions confirmed that the proposed rule would save them tens of thousands of dollars by exempting them from coverage. For example, multiple financial institutions that will not be covered by the rule stated that they would no longer need to hire additional employees or reassign employees to new tasks, which would have been a significant burden. Multiple financial institutions that will not be covered by the rule estimated that they would save up to $100,000 because they would no longer need to purchase new software or update their data management systems and training. Multiple financial institutions that will not be covered by the rule estimated that they would save tens of thousands of dollars overall on implementation costs. Finally, one financial institution that will still be covered by the proposed rule estimated that the overall implementation costs of the rule would exceed $800,000.

In addition to comments from individual financial institutions, a bank trade association argued that the Bureau underestimated the one-time costs of complying with the 2023 final rule and, thus, underestimated the one-time cost savings of the proposed rule. The trade association cited their own internal survey of compliance costs to provide evidence that the Bureau's estimates are too low.

The Bureau has reviewed these estimates and considered the information reported by the commenters, together with the existing evidence provided in the one-time cost survey. The Bureau reiterates that the costs of implementing the 2023 final rule or this final rule are all institution-specific. As discussed above, the one-time cost savings estimates should be considered the average expected cost savings for an institution based on the complexity of the institution's operations. In addition, the Bureau expects that financial institutions would have used a variety of methods to prepare for the 2023 final rule or this final rule. Some institutions would have updated systems using staff, while other institutions would have purchased updates from third-party vendors. Overall, the trade association presented estimates only moderately higher than the Bureau's, after accounting for DIs that do not need to update computer systems. The Bureau considers most estimates provided by commenters as broadly consistent with the Bureau's one-time cost savings estimates.

The Bureau requested comment on the appropriate time horizon over which to amortize one-time implementation costs but did not receive any such comments.

ii. Ongoing Cost Savings to Impacted Financial Institutions

To estimate ongoing costs at baseline, the Bureau first reproduces Table 16 of the 2023 final rule as Table 7 below, with minor modifications reflecting inflation and changes in wage rates, as discussed in part VI.E. This table shows what the Bureau would expect the annual ongoing costs to be for representative final institutions of different types at baseline. It shows the total estimated annual ongoing costs at baseline as well as a breakdown by the 15 activities that give rise to ongoing costs for representative Type A, Type B, and Type C FIs. The bottom of the table shows the total estimated annual section 1071 ongoing compliance cost, at baseline, for each type of representative institution, along with the total cost per application processed by the financial institution. To produce the estimates in this table, the Bureau used the calculations described in Tables 3 and 4 above and the assumptions relating to each activity in Table 5.

The Bureau estimates that, at baseline, a representative low complexity Type A FI would incur around $9,580 in total annual ongoing costs, or about $96 in total cost per application processed (assuming 100 applications per year). The Bureau estimates that a representative middle complexity Type B FI, which is somewhat automated, would incur approximately $45,253 in total annual ongoing costs, or around $113 per application (assuming a representative 400 applications per year). The Bureau estimates a representative high complexity Type C FI, would incur $299,700 of total annual ongoing costs, or $50 per application (assuming a representative 6,000 applications per year).

To estimate the expected ongoing costs for an institution that remains covered under this final rule, the Bureau used the assumptions in Table 5 above, which characterize the decrease in the number of employee hours necessary for compliance occurring as a result of the changes. Table 8 below reproduces Table 16 from the 2023 final rule ^[123] accounting for the expected effects of this final rule.

The Bureau believes that removing the collection of aggregate data will reduce the resources required to complete some of the tasks described above. Therefore, to account for this, the Bureau is reducing the ongoing compliance costs in certain categories by a little less than five percent. This includes several of the tasks, like “transcribing data” or “standard annual edit and internal checks,” that depend on labor.

For institutions that remain covered under this final rule, the Bureau estimates that a representative low complexity Type A FI will incur around $8,700 in total annual ongoing costs, or about $87 in total cost per application processed (assuming 100 applications per year). The Bureau estimates that a representative middle complexity Type B FI, which is somewhat automated, will incur approximately $42,858 in ongoing costs per year, or around $107 per application (assuming a 400 applications per year). The Bureau estimates a representative high complexity Type C FI will incur $284,210 of annual ongoing costs, or a little over $47 per application (assuming 6,000 applications per year).

Under the changes in this final rule, some FIs will no longer be required to collect and report small business application data because they have more than 100 but fewer than 1,000 covered credit transactions. These FIs will no longer incur annual ongoing compliance costs from the small business data collection rule. Therefore, they will experience a benefit in the form of relief from the ongoing costs they incurred under the baseline. This annual total will be $9,580, $45,253, and $299,700 for representative Type A, B and C FIs, respectively.

Also under the changes in this final rule, FIs that continue to be covered and therefore required to collect and report small business application data will experience a benefit in the form of reduced annual ongoing compliance costs. The amount of the reduction is the difference between the costs expected to be incurred under the changes (those found in Table 8) and those expected at baseline (those found in Table 7). The annual total of this expected benefit will be $880, $2,395, and $15,490 for representative Type A, B, and C FIs, respectively.

Summing across institutions as described in part VI.E.3, the Bureau estimates that the total annual ongoing cost savings for depository institutions that remain covered under this final rule will be between about $24,000,000 and $26,000,000 per year. The Bureau estimates that the total annual ongoing cost savings for nondepository institutions that remain covered under ( printed page 23592) this final rule will be about $500,000 per year.

Summing across institutions as described in part VI.E.3, the Bureau estimates that the total annual ongoing cost savings for depository institutions that were covered under the baseline but are no longer covered under this final rule is between about $88,000,000 and $101,000,000 per year. The Bureau estimates that the total annual ongoing cost savings per year for nondepository institutions that are no longer covered by this final rule is about $53,000,000 per year.

Therefore, the estimated total annual ongoing cost savings for all impacted institutions attributable to this final rule is between $166,000,000 and $181,000,000 per year, including both depository and nondepository institutions.

Financial institutions may also experience benefits under this final rule in the form of fewer reputational risks and fewer resources spent on responding to analyses of their small business credit application data alleging credit access disparities. The public nature of any dataset will allow the general public to analyze the data, which can result in accusations of fair lending violations or potential misrepresentations, which, the Bureau has acknowledged, could result in a cost to financial institutions. In the 2023 final rule, the Bureau discussed how small entity representatives during the SBREFA process and commenters on the 2021 proposed rule raised this as an expected form of cost. The Bureau is unable to quantify this cost but does expect that this final rule will benefit FIs by reducing such costs. FIs that are no longer covered under this final rule are no longer expected to incur any reputational risks or costs of responding to analyses based on the data collected under this rule as their data will no longer be submitted or published. For entities that remain covered, the reduction in the number of data points, particularly pricing data, reduces expected reputational risks.

Comments on the ongoing cost savings estimates of the proposed rulemaking. Many industry groups and industry commenters agreed with the Bureau's analysis that its proposal will reduce the ongoing compliance costs for financial institutions, either by removing an institution from coverage or reducing the compliance costs for institutions that remain covered by the rule. Several industry commenters reported that the proposal would save them tens of thousands of dollars in annual costs by exempting them from coverage.

The Bureau believes the commenters reporting their reduced compliance costs provide support for the Bureau's analysis, which estimates significant compliance costs savings.

One industry group commented that the Bureau's analysis underestimates the ongoing cost savings of the rule. The commenter believes that the Bureau is incorrect to rely on adapted HMDA compliance costs as a basis for compliance costs for the small business lending rule. The commenter also noted that the Bureau's estimated ongoing cost of compliance is lower than the cost estimate the commenter obtained from surveying its members, and thus argued the Bureau is underestimating ongoing compliance cost savings of the rule. An additional industry commenter noted that it remained covered by the rule, and expected to incur $110 per loan in costs, which is higher than the Bureau's estimates for an institution of a similar size.

The Bureau has reviewed these estimates and considered the information reported by the commenters, together with the Bureau's own analysis. The Bureau reiterates that the costs of implementing the 2023 final rule or this final rule are all institution-specific. As discussed above, the ongoing cost savings estimates should be considered the average expected cost savings for an institution based on the complexity of the institution's operations. The Bureau continues to believe that its costs of compliance are comparable to the commenters' estimates, when appropriately converted to a per application basis using the Bureau's estimates of loan volume and assumptions about applications per loan. It also continues to believe that HMDA serves as a reasonable starting point for adapting a cost estimate for data collection and reporting.

2. Benefits to Small Businesses

The Bureau believes that any direct costs to small businesses from completing additional fields on small business credit applications as a result of the 2023 final rule would have been minimal and therefore small businesses will not benefit from this final rule's removal of those fields in this way.^[124] Instead, the Bureau expects that small businesses will primarily benefit in the form of cost savings from financial institutions passed through to small businesses in the form of lower fees or interest rates.

In the 2023 final rule, the Bureau discussed how, based on economic theory and evidence from the Bureau's own survey, financial institutions would most likely react to compliance costs by raising prices and fees. In particular, the Bureau expected that ongoing variable costs would be passed through in their entirety. This final rule will eliminate ongoing variable costs for institutions that are no longer be covered and will reduce ongoing variable costs for institutions that remain covered.

The Bureau estimates that the per application ongoing variable cost, at baseline, is $34 for Type A FIs, $28 for Type B FIs, and $8 for Type C FIs. According to the analysis above, this is the expected benefit that will accrue to applicants at institutions that were covered at baseline but are no longer covered under this final rule. For institutions that continue to be covered under this final rule, the difference between the ongoing variable cost at baseline and under this final rule is $8 for Type A FIs, $4 for Type B FIs, and around $1 for Type C FIs. This difference is what the Bureau expects to be passed on to applicants at financial institutions that continue to be covered under this final rule.

Comments on the Bureau's estimation of the benefits to small businesses. Many commenters highlighted that the proposal will be broadly beneficial for the small business lending market by reducing the risk of market exit and increasing competition among lenders relative to the 2023 final rule. The Bureau expects that this final rule may decrease the risk of market exit relative to the 2023 final rule.

Several industry commenters noted that the Bureau's proposal would also benefit small businesses by making applying for credit less costly for small businesses. For example, one commenter argued that the proposal would reduce the burdens on small businesses during the application process, including less time filling out forms and fewer procedural delays. A few financial institutions stated that they would have passed on the costs of the 2023 final rule to their small business customers in the form of higher rates and fees and would no longer do so under the proposed rule because they are exempted from coverage.

One individual commenter argued that the Bureau overestimated the pass-through benefits of the proposed rule for small businesses relative to the baseline. The commenter cited multiple research studies that provide evidence that the ( printed page 23593) impacts of government policies are not always fully passed on to consumers and argued that the savings of the proposed rule would not be large enough for financial institutions to pass on to consumers. The Bureau agrees with the commenter's assessment of the bank pass through literature that banks do not always or fully pass on savings due to policy changes to their customers. However, the Bureau disagrees with the commenter's analysis. This literature, including a paper cited by the commenter,^[125] has primarily found that the absence of pass through is because banks face costs to adjust existing prices. The Bureau does not expect that financial institutions have yet changed prices to cover section 1071 variable compliance costs and, thus, the cited literature does not apply. Based on the information described above, including the Bureau's own survey, the Bureau believes that financial institutions will raise prices in response to this final rule. However, the Bureau expects they will do so by less than the amount that they would have if they implemented the 2023 final rule, thus conferring cost savings to small businesses. If, instead, financial institutions had already raised prices in response to the 2023 final rule and now face lower compliance costs under this final rule, the Bureau agrees with the commenter that financial institutions may not have fully passed those savings on to their customers. Furthermore, the Bureau acknowledges, as it did in the proposed rule, that covered financial institutions are likely to only pass on ongoing variable compliance costs to customers in the form of higher interest rates and fees.

3. Costs to Impacted Financial Institutions

At baseline, the Bureau expects that data collected under the 2023 final rule would benefit covered financial institutions in two ways. The first is that the Bureau expects that the collected data would reduce some compliance burden by reducing the number of “false positives” during fair lending review prioritization by regulators. As discussed above, this final rule would reduce the number of covered entities and the types of covered transactions, thereby reducing the total amount of information collected in accordance with the rule. To the extent that institutions would experience this benefit at baseline, the Bureau expects that this final rule could reduce those benefits, and thus financial institutions may incur a cost.

At baseline, the Bureau also expects that financial institutions could benefit from transparency resulting from the collection of small business application information under the 2023 final rule. Financial institutions might use the public data (such as number of applications, pricing data, denial rates, and information on the types of credit) to better understand the demand for small business credit products and the conditions under which they are being supplied by other financial institutions. Collecting data on fewer applications, from fewer financial institutions, and for fewer types of loans under this final rule could impose costs on financial institutions by reducing this benefit. A bank, for example, may lose the opportunity to learn more detailed information about the merchant cash advance market, which they might view as a competitor. Financial institutions of all sizes may lose insight into the lending activities of smaller competitors who fall below the reporting threshold under this final rule.

Finally, the Bureau estimates that some covered institutions will incur adjustment costs to implement changes to comply with this final rule. The Bureau describes these costs for the representative Type C DIs because only Type C institutions, those with 1,000 or more loan originations per year, are covered under this final rule. The Bureau assumes that the representative Type C DI would receive the same number of applications reportable under the baseline and this final rule. As discussed in part VI.F.1, a Type C DI would need to spend about $85,400 to implement the non-hiring one-time costs to implement changes necessary to comply with either the baseline or this final rule. As discussed above, the Bureau assumes that an institution that remains covered under this final rule has already spent, on average, about 25 percent of non-hiring one-time costs to implement changes that will not be compliant with this final rule. Thus, a Type C DI would incur the full cost of implementing this final rule but, effectively, would only receive 75 percent of the cost savings from no longer needing to comply with the baseline. The Bureau estimates that the representative Type C DI will incur total one-time costs of $21,250 to implement changes to comply with this final rule. Based on a similar calculation for Type C nondepository institutions, the Bureau also estimates that the representative Type C nondepository that remains covered under this final rule will incur total one-time costs of $28,500 to implement changes to comply with this final rule.

Summing across institutions as described in part VI.E.3, the Bureau estimates that the total one-time adjustment costs for covered depository and nondepository institutions will be between $4,600,000 and $4,700,000. Using a 7 percent discount rate and a 10-year amortization window, the annualized one-time costs for covered institutions will be about $600,000 to $700,000.

The Bureau requested comments on these and other potential costs to impacted financial institutions arising as a result of the proposed rule but did not receive any such comments.

4. Costs to Small Businesses

In the 2023 final rule, the Bureau described several benefits that would accrue to small businesses from the small business lending data collection and publication. These benefits relate to the rule's two purposes: fair lending enforcement and community development. Several provisions of this final rule change the amount and types of information that will be collected and disclosed. Therefore, to the extent the Bureau expected small businesses to benefit from the collection as described in the 2023 final rule, changes that reduce or alter the amount or types of information provided will impose a cost on small businesses by reducing these expected benefits.

Several changes reduce the number of financial institutions that will report data or change the composition of institutions reporting. This final rule provides that the threshold number of originations of covered transactions for two consecutive years is raised to 1,000, which, as shown above, will substantially lower the number of depository and nondepository institutions collecting and reporting small business credit application data. This final rule also provides that several types of transactions are exempt from coverage, relative to the baseline, including transactions from FCS lenders, merchant cash advances and agricultural loans. These types of transactions and lenders are thus removed from the data collection and reporting. This final rule also provides a minimum transaction size of $1,000 for covered transactions, which will remove smaller transactions from the data relative to the baseline. Finally, this final rule reduces the gross annual revenue threshold in the definition of small business to $1 million or less in the preceding fiscal year, which will ( printed page 23594) further reduce the number of some transactions needing to be reported relative to the baseline.

Reducing the data collection in these ways is likely to reduce the fair lending benefits of the data collection. In the 2023 final rule, the Bureau explained that data collected under the rule would lead to more efficient use of government resources in enforcing fair lending laws. Since the above provisions will substantially reduce the number of covered entities and covered transactions, the Bureau expects small businesses will experience a reduction in this efficiency as a cost of this final rule. The Bureau also expects that having fewer covered institutions and transactions will reduce the ability of the public to use the data for transparency purposes and to conduct their own analyses of lending by financial institutions.

The Bureau also expects that having fewer covered institutions and transactions will result in a reduction in the community development benefits that the Bureau would expect to accrue to small businesses under the baseline. In the 2023 final rule, the Bureau detailed how governmental entities would likely use these data to develop solutions that achieve policy objectives in their administration of loan guarantee programs or disaster relief. The Bureau also expected that creditors would use the data to more effectively understand small business credit market conditions and that communities would use the data to identify gaps in credit access for small business owners. In each of these cases, the Bureau expects that creditors, communities, and governmental entities will experience costs in the form of a reduction in these benefits relative to the baseline.

The Bureau expects that removing certain transactions from coverage will reduce some of the expected benefit derived from covering certain markets, relative to the baseline. In section II.A of the 2023 final rule, the Bureau explained that nondepositories, some of whom provide merchant cash advances or sales-based financing, were an increasing share of the small business financing market, but that nondepositories typically do not report small business financing activity to regulators, which limits the baseline understanding of the activities of these entities. Thus, the Bureau expects that by removing these types of transactions from coverage, small businesses will experience a cost in the form of a reduction in fair lending and community development benefits related to these types of transactions, compared to the baseline.

However, the Bureau believes such costs might be limited if data on applications from FCS lenders, for agricultural loans, for sales-based financing, or for loans under $1,000 would have been of poor quality or otherwise difficult to interpret correctly. For example, the Bureau now believes that the types of collateral required in agricultural lending results in underwriting processes that would make application data difficult to interpret under the baseline collection. The Bureau also believes that application data from merchant cash advance providers would not produce data comparable to other transactions, which would limit their value as part of the dataset. Likewise, the Bureau believes that data on transactions under $1,000 likely would be of poor quality as they would come from credit providers ill-suited to comply with a data reporting rule. To the extent this is the case, it would reduce the value of including these data in the small business application dataset and would have limited their contribution to the fair lending and community development benefits described above.

This final rule also eliminates several data points from the small business data collection, including the application method, the application recipient, denial reasons, pricing information, and number of workers. It also eliminates LGBTQI+-owned business status from the business status data point. For similar reasons as above, the Bureau expects that small businesses will experience a cost from fewer collected data points in the form of less information and the benefits that they would have derived from such information in the baseline scenario.

In the 2023 final rule, the Bureau explained that it expected the pricing information to provide both fair lending and community development benefits to small businesses. Pricing is one dimension by which a lender could potentially discriminate against a credit applicant. Removing this information could reduce the efficiency of fair lending examinations or transparency that would have resulted from its inclusion, relative to the baseline. The Bureau also expected, at baseline, that pricing information would benefit community development through communities using pricing information to identify gaps in credit access or creditors better understanding small business lending conditions. The Bureau expects that eliminating the pricing data will reduce these benefits relative to the baseline.

The removal of two datapoints in particular will likely reduce, to some degree, the community development benefits relative to the baseline. The application method data point would provide additional information about how small businesses apply for credit, while the number of workers data point is one indicator of the business's size and employment. In the 2023 final rule, the Bureau expected that creditors, communities, and governmental entities may have used such information to learn more about the small business credit market and the types of businesses it serves. To the extent this would have resulted in a community development benefit at baseline, the removal of these two data points represents a cost to small businesses.

At baseline, the Bureau also expected that the inclusion of LGBTQI+-owned business status would have resulted in potential fair lending and community development benefits. The Bureau expected that the data could be used to learn about discrimination risks (to the extent that courts apply discrimination in the context of fair lending laws) against LGBTQI+-owned businesses, help creditors understand the credit needs of such businesses, and help facilitate the development of policies related to LGBTQI+ credit applicants. To the extent small businesses would have experienced such benefits at baseline, the exclusion of LGBTQI+-owned business status represents a cost.

Comments on the Bureau's estimates of costs to small businesses. Multiple commenters, including community groups, community group coalitions, and one trade organization argued that the removal of certain discretionary data points, particularly pricing, would reduce visibility into possible fair lending violations, a statutory purpose of the rule. Commenters noted, for example, that pricing data could indicate if lenders were providing credit but at high interest rates in a way that could potentially be unsustainable or discriminatory. Industry commenters, however, agreed with the Bureau's proposed changes to discretionary data points, arguing that the information provided would be of little value, especially relative to the cost of compliance.

The Bureau acknowledges, as it did in its proposal, that small businesses may incur a cost from the removed discretionary data points because of their potential fair lending value. However, the Bureau agrees with industry commenters that the fair lending value of these discretionary data points is limited, and thus the reduction of the dataset's fair lending value to small businesses is likewise limited. Loan pricing, for example, is based on ( printed page 23595) many different factors, only a fraction of which would be captured by even the full set of discretionary data points in the 2023 final rule. Therefore, analyses based on the loan pricing data would have been incomplete which suggests a limited fair lending value of collecting pricing information.

Multiple consumer group and industry group commenters noted that excluding additional types of lenders and transactions would further undermine the fair lending value of the dataset. Several commenters noted that excluding MCAs from coverage would potentially advantage MCA providers while limiting visibility into potential fair lending issues within this industry. Other industry group commenters argued that data from MCAs would be of little informational value. One commenter expressed concern that removing agricultural lending from coverage would impact the ability to address fair lending in an industry with previous fair lending concerns.

The Bureau continues to acknowledge that these exclusions may reduce the fair lending value of the dataset and thus incur a cost to small businesses. However, the Bureau continues to believe that the low value of data from these lenders and types of loans suggest that the cost of their exclusion is limited.

Multiple consumer group commenters also voiced concerns about the higher loan origination threshold and lower small business definition threshold and argued that fewer covered institutions and transactions would significantly reduce visibility into possible fair lending risk. One consumer group noted that the Bureau's own analysis showed there would be a significant decrease in the number of depository institutions covered by the rule and their own geographical analysis also suggested that the decrease in coverage would be spread unevenly by geography. One consumer group also argued that the change in small business definition to $1 million in gross annual revenue provided a perverse incentive to originate loans to businesses with over $1 million in annual revenue.

The Bureau acknowledges, as it did in its proposal, that these changes will reduce the number of covered lenders. However, the Bureau's analysis suggests that the effect on the overall fraction of covered loans is much smaller, and thus the impact of the changes to the transaction threshold and small business definition will have a limited effect on the fair lending value of the dataset.

Multiple commenters suggested that the Bureau's changes, particularly those that remove data points from collection or reduce the number of covered entities and transactions, will reduce the community development value of the collection. One consumer group, for example, argued that removing the pricing data point will make it difficult to view and compare trends and adjust small business lending policies. Another argued that removing discretionary data points restricts the ability of lenders, policymakers, and community groups from creating community development opportunities for small businesses.

In its proposal, the Bureau acknowledged the potential costs to small businesses in the form of reduced community development benefits of the data collection. The Bureau continues to acknowledge that the Bureau's changes to the Small Business Rule may impact the ability of creditors, communities, and governmental entities to use the data to learn information about the small business credit market, relative to baseline. However, as stated above, the Bureau believes the community development purposes are better served overall by a more streamlined data collection.

5. Alternatives Considered

This section discusses two categories of alternatives considered: other methods for defining a covered financial institution and limiting the data points to those mandated by section 1071. The Bureau uses the methodologies discussed in parts VI.D and VI.E to estimate the impacts of these alternatives.

First, the Bureau considered multiple reporting thresholds for purposes of defining a covered financial institution. In particular, the Bureau considered whether to exempt financial institutions with fewer than 200, 500, or 2,000 originations in each of the two preceding calendar years instead of fewer than 1,000 originations, as provided in this final rule. The Bureau presents estimates for depository institutions because it does not have sufficient information to estimate how these differences in thresholds would impact nondepository institutions. Annualized values are calculated using a 7 percent discount rate and a 10-year amortization window.

Under a 200-origination threshold, the Bureau estimates that about 700 to 800 depository institutions would be covered and between 900 to 1,000 would no longer be covered. That is, the Bureau expects that between 500 to 600 additional depository institutions would be covered under a 200-origination threshold compared to the 1,000-origination threshold in this final rule. The Bureau estimates that an additional 3.2 to 3.7 percentage points of small business loans originated by depository institutions would be covered under a 200-origination threshold and that an additional 15 to 17 percentage points of the dollar value of such loans would be covered.

Under a 200-origination threshold, the Bureau estimates that the total one-time cost savings across all impacted depository institutions would decrease by between $25,000,000 to $29,000,000 relative to this final rule, with an annualized decrease in savings of between $3,600,000 and $4,100,000. The Bureau estimates that total one-time costs incurred by covered depository institutions would increase by between $6,000,000 to $7,000,000, with an annualized increase in costs of between $800,000 to $900,000. The Bureau estimates that the total ongoing costs savings across all impacted depository institutions would decrease by between $34,000,000 to $40,000,000 under this alternative.

Under a 500-origination threshold, the Bureau estimates that between 300 to 400 depository institutions would be covered and between 1,300 to 1,400 would no longer be covered. That is, the Bureau expects that around 200 additional depository institutions would be covered under a 500-origination threshold compared to the 1,000-origination threshold in this final rule. The Bureau estimates that an additional 1.3 to 1.7 percentage points of small business loans originated by depository institutions would be covered under a 500-origination threshold and that an additional 6.4 to 7.3 percentage points of the dollar value of such loans would be covered.

Under a 500-origination threshold, the Bureau estimates that the total one-time cost savings across all impacted depository institutions would decrease by between $8,000,000 to $10,000,000 under a 500-origination threshold relative to this final rule, with an annualized decrease in savings of between $1,200,000 and $1,400,000. The Bureau estimates that total one-time costs incurred by covered depository institutions would increase by between $1,000,000 to $1,400,000, with an annualized increase in costs of about $100,000 to $200,000. The Bureau estimates that the total ongoing costs savings across all impacted depository institutions would decrease by between $12,000,000 to $16,000,000 under this alternative.

Under a 2,000-origination threshold, the Bureau estimates that about 100 depository institutions would be ( printed page 23596) covered and between 1,500 to 1,700 would no longer be covered. That is, the Bureau expects that about 100 fewer depository institutions would be covered under a 2,000-origination threshold compared to the 1,000-origination threshold under this final rule. The Bureau estimates that 1.4 to 1.9 percentage points of small business loans originated by depository institutions would no longer be covered under a 2,000-origination threshold and that 5.9 to 6.6 percentage points of the dollar value of such loans would no longer be covered.

Under a 2,000-origination threshold, the Bureau estimates that the total one-time cost savings across all impacted depository institutions would increase by between $6,000,000 to $7,000,000 under a 2,000-origination threshold relative to this final rule, with an annualized increase in savings of between $900,000 and $1,000,000. The Bureau estimates that total one-time costs incurred by covered depository institutions would decrease by about $1,500,000 to $2,000,000, with an annualized decrease in costs of between $200,000 and $300,000. The Bureau estimates that the total ongoing costs savings across all impacted depository institutions would increase by between $22,000,000 to $25,000,000 under this alternative.

Second, the Bureau considered the costs and benefits for limiting its data collection to the data points specifically enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G). In addition to those data points, the statute also requires financial institutions to collect and report any additional data that the Bureau determines would aid in fulfilling the purposes of section 1071. In addition to the data points specifically enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G), this final rule keeps three data points from the 2023 final rule that relied on the authority in 1691c-2(e)(2)(H). These are the number of principal owners, three-digit NAICS industry code of the business, and the time in business. The Bureau has considered the impact of instead requiring only the collection of those data points enumerated in 1691c-2(e)(2)(A) through (G).

Requiring the collection and reporting of only the data points enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G) would result in a reduction in the fair lending benefit of the data compared to the 2023 final rule. For example, not collecting time in business or industry information would obscure possible fair lending risk by covered financial institutions. As mentioned in part VI.F.3 above, the data points the Bureau continues to require in this final rule under the 15 U.S.C. 1691c-2(e)(2)(H) authority are critical to conducting more accurate and complete fair lending analyses. A reduction in the rule's ability to facilitate the enforcement of fair lending laws would negatively impact small businesses and small business owners and thus run counter to that statutory purpose of section 1071.

Limiting the rule's data collection to only the data points required under the statute would also reduce the ability of the rule to support the business and community development needs and opportunities of small businesses, which is the other statutory purpose of section 1071. For example, not including NAICS code or time in business would also reduce the ability of governmental entities to tailor programs that can specifically benefit new businesses or businesses in certain industries.

The Bureau also believes that removing the number of principal owners data point, in addition to the reduced benefits described above, would make collecting and reporting data on principal owners' ethnicity, race, and sex more difficult. Without collecting the number of principal owners, it would be harder to identify and correct erroneous submissions. For example, if an institution submitted no demographic information on for any principal owners, it would be unclear if that was an error or because the small business had no individuals that met the principal owners criteria. The operational confusion could counteract the cost reduction that stems from the fewer resources require to collect and report this field.

Only requiring the collection and reporting of the data points enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G) would have reduced the annual ongoing cost of complying with this final rule. Under this alternative, the estimated total annual ongoing costs for representative Type A, Type B, and Type C FIs would be reduced by $149, $523, and $2,838, respectively. Per application, the estimated reduction in ongoing cost would be $1, just over $1, and less than $1 for representative Type A, Type B, and Type C FIs, respectively. The estimated total annual market-level ongoing cost savings of impacted depository institutions would increase by about $3,500,000. The Bureau does not expect that one-time costs or cost savings would be meaningfully different as a result of this alternative.

6. Summary of Quantified Impacts

The Bureau estimates that the total quantified cost savings of the final rule relative to baseline will be between $176,000,000 and $192,000,000 per year, annualized using a 3% discount rate and a 10-year amortization schedule, or between $178,000,000 and $195,000,000 per year, annualized using a 7% discount rate and a 10-year amortization schedule.^[126] The Bureau further estimates that the total quantified costs of the final rule relative to the baseline will be between $534,000 and $557,000 per year, annualized using a 3% discount rate and a 10-year amortization schedule, or between $649,000 and $676,000 per year, annualized using a 7% discount rate and a 10-year amortization schedule.^[127] These estimates do not include qualitatively described costs or benefits.

G. Potential Impact on Depository Institutions and Credit Unions With $10 Billion or Less in Total Assets

As discussed above, this final rule excludes financial institutions with fewer than 1,000 originated covered credit transactions in both of the two preceding calendar years. The Bureau believes that the decrease in benefits of this final rule to banks, savings associations, and credit unions with $10 billion or less in total assets will be similar to the decrease in benefits to covered financial institutions as a whole, discussed above. Regarding cost savings, other than as noted here, the Bureau also believes that the impact of this final rule on banks, savings associations, and credit unions with $10 billion or less in total assets will be similar to the impact for other financial institutions covered by this final rule. The primary difference in the impact on these institutions will likely come from differences in the level of complexity of operations, compliance systems, and software, as well as number of product offerings and volume of originations of these institutions, all of which the Bureau has incorporated into the cost estimates using the three representative financial institution types.

Based on FFIEC and NCUA Call Report data for December 2023, 9,109 of 9,288 banks, savings associations, and credit unions had $10 billion or less in total assets. The Bureau estimates that between 75 and 85 of such institutions will be subject to this final rule and about 1,375 to 1,525 more were covered under the baseline but will not be ( printed page 23597) covered under this final rule. The Bureau estimates that the market-level impact of this final rule on annual ongoing cost savings for banks, saving associations, and credit unions with $10 billion or less in assets will be between $88,000,000 and $103,000,000 for impacted institutions. The Bureau estimates that the total one-time cost savings for such institutions will be between $67,000,000 and $75,000,000. The Bureau also estimates that some covered depository institutions with less than $10 billion in assets will experience some one-time costs to comply with this final rule relative to the baseline, with such estimated total costs to be between $1,600,000 and $1,800,000.

H. Potential Impact on Small Businesses in Rural Areas

The Bureau expects that small businesses in rural areas will directly experience many of the costs of this final rule described above in part VI.F.4. This includes a reduction in benefits derived from more efficient fair lending enforcement and community development generated by data collection compared to the baseline. This final rule increases the threshold number of loan originations above which institutions have to report data, which will lead to fewer lenders in rural areas reporting data on small business credit application in rural areas. The Bureau presents estimates of this change in coverage below. This final rule also exempts agricultural credit from the types of covered transactions. Many banks and credit unions in rural areas provide credit for farming and livestock production since they are primary industries and are responsible for much employment in these areas. Small businesses, communities, governmental entities will lose insight into these areas of credit provision as a consequence of this final rule. However, as explained in part VI.F.4 above, the Bureau believes that data collected for certain loan types, including agricultural loans, would have been of poor quality and, therefore, the costs from eliminating them will be limited.

The source data from CRA submissions that the Bureau uses to estimate institutional coverage and market estimates provide information on the county in which small business borrowers are located. However, approximately 86 percent of banks did not report CRA data in 2023, and as a result the Bureau does not believe the reported data are robust enough to estimate the locations of the small business borrowers for the banks that do not report CRA data.^[128] The NCUA Call Report data do not provide any information on the location of credit union borrowers. Nonetheless, the Bureau is able to provide some geographical estimates of institutional coverage based on depository institution branch locations.

The Bureau used the FDIC's Summary of Deposits to identify the location of all brick and mortar bank and savings association branches and the NCUA Credit Union Branch Information to identify the location of all credit union branch and corporate offices.^[129] A bank, savings association, or credit union branch was defined as rural if it is in a rural county, as specified by the USDA's Urban Influence Codes.^[130] A branch is considered covered by this final rule if it belongs to a bank, savings association, or credit union that the Bureau estimates would be included using the threshold of 1,000 small business loan originations in 2022 and 2023.^[131] A branch is considered covered under the baseline if it belongs to a bank, savings association, or credit union that the Bureau estimates would be included under a threshold of 100 small business or small farm loan originations in 2022 and 2023. Using the estimation methodology discussed in part VI.D above, the Bureau estimates that about 25 percent of rural depository institution branches and about 63 percent of non-rural depository institution branches will be covered under this final rule.^[132] Under the baseline, the Bureau estimates that about 65 to 68 percent of rural depository institution branches and about 84 to 85 percent of non-rural depository institution branches would be covered.

As described in part VI.F.2 above, the Bureau expects that covered financial institutions will pass the cost savings from ongoing variable costs on to small businesses in the form of lower interest rates or fees but will not do so with one-time or fixed costs. The Bureau expects that this pass through from covered financial institutions will also apply to small businesses in rural areas. As described above, the variable cost savings per application is $7 for Type A FIs, $2 for Type B FIs, and $1 for Type C FIs. This is the savings that the Bureau expects would pass on to small business applicants regardless of where they are located.

VII. Regulatory Flexibility Act Analysis

The Regulatory Flexibility Act (RFA) ^[133] generally requires an agency to conduct an initial regulatory flexibility analysis (IRFA) and a final regulatory flexibility analysis (FRFA) of any rule subject to notice-and-comment rulemaking requirements. Among other requirements, these analyses describe the impact of the rule on small entities.^[134] An IRFA or FRFA is not required if the agency certifies that the rule would not have a significant economic impact on a substantial number of small entities.^[135] The Bureau also is subject to certain additional procedures under the RFA involving the convening of a panel to consult with small business representatives prior to promulgating a rule for which an IRFA is required.^[136] The Bureau has not certified that this final rule will not have a significant economic impact on a substantial number of small entities within the meaning of the RFA.

The Bureau convened and chaired a Small Business Review Panel under SBREFA to consider the impact of the 2020 proposals under consideration on small entities that would be subject to those proposals under consideration and to obtain feedback from representatives of such small entities. The Small Business Review Panel requirement for the present rulemaking ( printed page 23598) is discussed below in part VII.A. The Bureau is also publishing an FRFA.^[137] Among other things, the FRFA estimates the number of small entities that will be subject to this final rule and describes the impact of that rule on those entities. The FRFA for this final rule is set forth below in part VII.B.

A. Small Business Review Panel

Having received from the Bureau information on the potential impacts of this final rules on small entities and the types of small entities that might be affected, the SBA's Chief Counsel for Advocacy noted that the Bureau had, in 2020, convened a review panel in accordance with 5 U.S.C. 609(b). The Chief Counsel for Advocacy concluded that reconvening a review panel for the present rulemaking would not advance the effective participation of small entities in the rulemaking process pursuant to 5 U.S.C. 609(e).

As part of the initial proposed regulation implementing section 1071 of the ECOA, the Bureau along with the Small Business Administration, Office of Advocacy and the Office of Information and Regulatory Affairs convened a SBREFA Panel in 2020,^[138] because the agency believed the rule was likely to have a significant impact on a substantial number of small entities. The panel gathered feedback from 20 small entity representatives (SERs) and offered suggestions about how the future rule could minimize the impact on small entities while still achieving their statutory objectives.

The SERs had several suggestions on how to minimize the impact of data collection on small entities. The first of these was to exclude small lenders from the requirement to collect data. Several different methods of exemptions were proposed including using a number of small business loans, value of small business loans, and basing the exemption on the size of the lender rather than their small business loan portfolio specifically. The second was to use a single definition for a small business loan applicant based on revenue, rather than the SBA size standards, which vary based on industry. The SERs disagreed on what the revenue cutoff for a small business loan applicant should be with some arguing for a low value of less than $1 million while others preferred a higher value of $8 million. Finally, SERs recommended limiting the number of discretionary data points, noting that some of the required collections would be difficult to produce at the application stage.

Besides its involvement in the SBREFA panel, the Office of Advocacy has provided further feedback on the implementation of Section 1071 of the Dodd-Frank Act. In January 2022, Advocacy documented concerns that were raised by small entities, including community banks, credit unions, nondepository lenders, and automobile dealerships. They saw the 2021 proposed rule as potentially increasing the cost of credit for small businesses and discouraging lending to small, minority-, and women-owned businesses. The Office of Advocacy believed that the Bureau had underestimated compliance costs in the 2021 proposed rule, particularly the costs related to new systems, training, and reporting requirements. Advocacy believed that $5 million or less in gross annual revenue was too expansive a definition of small business loan applicant. It recommended minimizing adverse effects by considering alternative thresholds and definitions. SERs also expressed concerns about the burden of collecting extra data, potential privacy breaches (especially in smaller communities), and the risk of misinterpretation or reputational harm if unique loan pricing is disclosed without proper context. In response to Advocacy's comment letter, the Bureau made a substantial change to the filing threshold for data collection in the 2023 final rule, raising it from 25 small business loans to 100.^[139] Since the 2023 final rule was published, the Bureau has twice extended the compliance deadline, first in July of 2024,^[140] and again in June of 2025.^[141] The SBA's Office of Advocacy commented on the latter of these, supporting the extension and encouraging the Bureau to modify the rule by reiterating the concerns it had previously gathered from small entities.

B. Final Regulatory Flexibility Analysis

Under RFA section 604(a), when promulgating a final rule under 5 U.S.C. 553, after publishing a notice of proposed rulemaking, the Bureau must prepare a FRFA. Section 603(a) of the RFA also sets forth the required elements of the FRFA. Section 604(a)(1) requires the FRFA to contain a statement of the need for, and objectives of, the rule. Section 604(a)(2) requires the FRFA to contain a statement of the significant issues raised by the public comments in response to the initial regulatory flexibility analysis, a statement of the assessment of the agency of such issues, and a statement of any changes made in the proposed rule as a result of such comments. Section 604(a)(3) requires the Bureau to respond to any comments filed by the Chief Counsel for Advocacy of the SBA in response to the proposed rule and provide a detailed statement of any change made to the proposed rule in the final rule as a result of the comments.

The FRFA further must contain a description of and an estimate of the number of small entities to which the rule will apply or an explanation of why no such estimate is available.^[142] Section 603(b)(5) requires a description of the projected reporting, recordkeeping, and other compliance requirements of the rule, including an estimate of the classes of small entities that will be subject to the requirement and the type of professional skills necessary for the preparation of the report or record. In addition, the Bureau must describe any steps it has taken to minimize the significant economic impact on small entities consistent with the stated objectives of applicable statutes, including a statement of the factual, policy, and legal reasons for selecting the alternative adopted in the final rule and why each one of the other significant alternatives to the rule considered by the agency which affect the impact on small entities was rejected. Finally, as amended by the Dodd-Frank Act, RFA section 604(a)(6) requires that the FRFA include a description of the steps the agency has taken to minimize any additional cost of credit for small entities.

1. Statement of the Need for, and Objectives of, the Rule

Section 1071 of the Dodd-Frank Act amended ECOA to require that financial institutions collect and report to the Bureau certain data regarding applications for credit for women-owned, minority-owned, and small businesses. Section 1071's statutory purposes are (1) to facilitate enforcement of fair lending laws, and (2) to enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses. On May 31, 2023, the Bureau published a final rule in the ( printed page 23599) Federal Register to implement section 1071, and the Bureau subsequently extended the rule's compliance dates (most recently in October 2025).

In this final rule, the Bureau has reconsidered certain provisions of the 2023 final rule to focus on core lending products, lenders, small businesses, and data points. Based on reactions to the 2023 final rule, including continued feedback from stakeholders and the ongoing litigation, the Bureau now believes that a better, longer-term approach to advance the statutory purposes of section 1071 will be to commence the collection of data with a narrower scope to ensure its quality, and to limit, as much as possible, any disturbance of the provision of credit to small businesses. Only as the Bureau and financial institutions learn from early iterations of data collections will the Bureau consider amending the rule as appropriate while taking care not to disturb the provision of credit to small businesses. The Bureau believes that such an incremental approach would comply with section 1071 and minimize any negative initial impact on small business lending markets and on data quality.

For a further description of the reasons why agency action is being taken, see the background discussion for this final rule in part I above.

Section 1071, in 15 U.S.C. 1691c-2(g)(2), permits the Bureau to adopt exceptions to any requirement of section 1071 and to conditionally or unconditionally exempt any financial institution or class of financial institutions from the requirements of section 1071, as the Bureau deems necessary or appropriate to carry out the purposes of section 1071. The Bureau relies on its general rulemaking authority under 15 U.S.C. 1691c-2(g)(1) in this final rule and relies on 15 U.S.C. 1691c-2(g)(2) when proposing specific exceptions or exemptions to section 1071's requirements.

To accomplish the incremental approach described above, this final rule limits the scope of the 2023 final rule's required data collection in several ways. This final rule will exclude certain categories of lending products from the definition of covered credit transaction, such as MCAs, agricultural lending, and small dollar loans. The Bureau is also excluding FCS lenders from coverage and raise the origination threshold from 100 to 1,000 covered credit transactions for each of two consecutive years. The Bureau is also changing the definition of small business to $1 million in gross annual revenue from the $5 million definition in the 2023 final rule. Lastly, the Bureau is removing certain data points from the required collection, including application method, application recipient, denial reasons, pricing information, the number of workers, and the LGBTQI+ ownership status of the small business.

For a further description of these provisions, see the discussion of this final rule in part III above.

2. Statement of the Significant Issues Raised by the Public Comments in Response to the Initial Regulatory Flexibility Analysis, a Statement of the Assessment of the Agency of Such Issues, and a Statement of any Changes Made to the Proposed Rule in the Final Rule as a Result of Such Comments

With regards to the IRFA published in the proposal, multiple commenters noted that the Bureau had not convened a new SBREFA panel nor published a panel report for the proposal. The commenters argued that reliance on information from the 2020 SBREFA panel and panel report was insufficient, and that the Bureau should have convened one for the proposed rule.

The Bureau discussed its reliance on the 2020 SBREFA panel and report above and notes that the SBA waived the requirement to convene a new panel for this rule.

One commenter also argued that the Bureau's proposed changes could materially change burdens for small entities and noted that referring to the 2023 FRFA was insufficient. This commenter also noted that market conditions for small lenders, including the interest rate and liquidity conditions, have materially changed and were not properly accounted for by the Bureau in the IRFA.

The Bureau disagrees with the commenter's characterization of the IRFA included in the proposal. The Bureau estimated the impacts of proposed changes on small entities in the IRFA included in the proposal. This FRFA includes discussions of the number of small entities affected, how the Bureau expects the entities to be affected, and steps taken to minimize the burden on small entities.

3. Response of the Agency to any Comments Filed by the Chief Counsel for Advocacy of the Small Business Administration in Response to the Proposed Rule, and a Detailed Statement of any Change Made to the Proposed Rule in the Final Rule as a Result of the Comments

In its letter commenting on the proposed rule, SBA's Office of Advocacy noted its support for several of the Bureau's proposed changes to the small business lending rule. SBA's Office of Advocacy supported the Bureau's decisions to increase the loan origination threshold to 1,000 transactions, change the small business definition revenue threshold to $1 million, remove certain discretionary data points from collection, and change the implementation timeline. The Bureau considered the SBA's Office of Advocacy's support in its decision-making regarding finalizing these provisions.

The SBA's Office of Advocacy noted that, while there are justifications for excluding merchant cash advance providers, agricultural lenders, and Farm Credit System lenders from coverage, there were stakeholder concerns about the potential differential treatment of these lenders compared to those that remain covered under the rule. SBA's Office of Advocacy suggested that the Bureau monitor the excluded markets to ensure that other small institutions did not experience a competitive disadvantage from the exclusions. As described above, the Bureau believes that this initial narrower scope of coverage is prudent to limit disturbances to the provision of credit to small businesses but may consider future amendments as appropriate to fulfill the statutory purposes of the rule.

4. Description of and an Estimate of the Number of Small Entities to Which the Rule Will Apply

For the purposes of assessing the impacts of this final rule on small entities, “small entities” is defined in the RFA to include small businesses, small nonprofit organizations, and small government jurisdictions.^[143] A “small business” is determined by application of SBA regulations in reference to the North American Industry Classification System (NAICS) classification and size standards.^[144] Under such standards, the Bureau identified several categories of small entities that may be affected by this final rule's provisions: depository institutions; fintech lenders and MCA providers; commercial finance companies; nondepository CDFIs; Farm Credit System members; and governmental lending entities. The NAICS codes covered by these categories are described below.

Table 9 provides the Bureau's estimate of the number and types of entities that will be affected by this final rule. The first column provides the ( printed page 23600) category of institution type, the second column provides the NAICS codes associated with that category, the third column provides the SBA small entity threshold for that institution category. The second to last column presents the estimated total number of entities in that category that will be affected by this final rule and the final column presents the estimate total number of small entities in that category that will be affected by this final rule. See part II.D in the 2023 final rule and part VI.D above for additional information on how the Bureau arrived at the estimates presented below.

The following paragraphs describe the categories of entities that the Bureau expects will be affected by this final rule.

Depository institutions (banks and credit unions): The Bureau estimates that there are about 1,700 banks, savings associations, and credit unions engaged in small business lending that will be affected by this final rule.^[145] The Bureau estimates that about 170 banks, savings associations, and credit unions will be required to report under this final rule. The Bureau estimates that about 1,530 banks, savings associations, and credit unions would have been required to report under the 2023 final rule but will not be required to report under this final rule. These entities potentially fall into four different industry categories, including “Commercial Banking” (NAICS 522110), “Credit Unions” (NAICS 522130), “Savings Institutions and Other Depository Credit Intermediation” (NAICS 522180), and “Credit Card Issuing” (NAICS 522210). All these industries have a size standard threshold of $850 million in assets. The Bureau estimates that about five of the institutions that will be covered by this final rule are small entities according to this threshold. The Bureau estimates that about 795 of the institutions that will no longer be covered by this final rule are small entities.

Online lenders and MCA providers: The Bureau estimates that there are about 30 online lenders and about 100 MCA providers engaged in small business lending that will be affected by this final rule. The online lenders will be covered by this final rule and the MCA providers would have been covered by the 2023 final rule but will no longer be covered by this final rule. These companies span multiple industries, including “International, Secondary Market, and All Other Nondepository Credit Intermediation” (NAICS 522299), “Consumer Lending” (NAICS 522291), “Financial Transactions, Processing, Reserve, and Clearinghouse Activities” (NAICS 522320), and “Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services” (NAICS 518210). All these industries have a size standard threshold of $40 million in sales (NAICS 518210) or $47 million in sales (all other NAICS). The Bureau assumes that about 25 of these online lenders are small entities and about 90 MCA providers are small entities.

Commercial finance companies: The Bureau estimates that about 240 commercial finance companies, including captive and independent financing, engaged in small business lending will be affected by this final rule. The Bureau assumes that all these entities would have been covered by the 2023 final rule but will not be covered by this final rule. These companies span multiple industries, including “Software Publishers” (NAICS 513210), “Commercial Air, Rail, and Water Transportation Equipment Rental and Leasing” (NAICS 532411), “Other Commercial and Industrial Machinery and Equipment Rental and Leasing” (NAICS 532490), “Sales financing” (NAICS 522220) and “Consumer Lending” (NAICS 522291). These industries have size standard thresholds that range from $40 million to $47 million. The Bureau assumes that about 90 percent, or 216, of these commercial finance companies are small according to these size standards.

Nondepository CDFIs: The Bureau estimates that there are 140 nondepository CDFIs engaged in small business lending that will be affected by this final rule. The Bureau assumes that all these entities would have been covered by the 2023 final rule but will not be covered by this final rule. CDFIs generally fall into “Other Activities Related to Credit Intermediation” (NAICS 522390), “Miscellaneous Intermediation” (NAICS 523910), “Civic and Social Organizations” (NAICS ( printed page 23601) 813410), and “Mortgage and Nonmortgage Loan Brokers” (NAICS 522310). These industries have size standard thresholds that range from $9.5 million in sales to $47 million in sales. The Bureau assumes that about 95 percent, or 132, nondepository CDFIs are small entities.

Farm Credit System members: The Bureau estimates that there are 60 members of the Farm Credit System (banks and associations) engaged in small business lending that will be affected by this final rule.^[146] The Bureau assumes that all these entities would have been covered by the 2023 final rule but will not be covered by this final rule. These institutions are in the “All Other Nondepository Credit Intermediation” (NAICS 522298) industry. The size standard for this industry is $47 million in revenue. The Bureau estimates that 31 members of the Farm Credit System are small entities.

Governmental lending entities: The Bureau estimates that there are about 70 governmental lending entities engaged in small business lending that will be affected by this final rule. The Bureau assumes that a federal agency lender will still be covered by this final rule and all other governmental lending entities that would have been covered by the 2023 final rule but will not be covered by this final rule. “Small governmental jurisdictions” are the governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand. The Bureau assumes that none of the governmental lending entities covered by this final rule are considered small.

5. Projected Reporting, Recordkeeping, and Other Compliance Requirements of the Final Rule, Including an Estimate of the Classes of Small Entities Which Will Be Subject to the Requirement and the Type of Professional Skills Necessary for the Preparation of the Report or Record

Reporting requirements. ECOA section 704B(f)(1) provides that “[t]he data required to be compiled and maintained under [section 1071] by any financial institution shall be submitted annually to the Bureau.” The 2023 final rule requires financial institutions to collect and report information regarding any application for “credit” made by small businesses. In this final rule, the following transactions are no longer covered by the rule: MCAs, agricultural credit, and small dollar loans. The Bureau is also amending the definition of “small business” to $1 million in gross annual revenue. Under the 2023 final rule, financial institutions would be required to report data on small business credit applications if they originated at least 100 covered transactions in each of the previous two calendar years. The Bureau is raising this threshold to 1,000 covered transactions in each of the previous two calendar years.

The Bureau is also removing several data points from the reporting requirements. This includes the data points for application method, application recipient, denial reasons, pricing information, the number of workers, and the LBGTQI+-owned business status.

Part III above discusses these changes in greater detail.

Recordkeeping requirements. This final rule, generally, does not alter the recordkeeping requirement of the 2023 final rule. This final rule leaves in place requirements to retain application data for three years, prohibitions on including certain personally identifiable information about individuals, a limitation on access for certain officers and employees to certain demographic information collected, and a requirement that collected demographic information be maintained separately from the application and accompanying information.

Costs to small entities. This final rule may impose costs on small financial institutions in two ways. First, the Bureau believes that small financial institutions that were covered under the 2023 final rule and remain covered under this final rule may experience an adjustment cost. Second, in the 2023 final rule, Bureau detailed some ways in which covered small financial institutions may benefit from the information collected under the rule. Changing the information collection could reduce these benefits. As a result, small covered financial institutions may experience a cost under this final rule.

The Bureau expects that financial institutions that were covered under the 2023 final rule and remain covered under this final rule may experience costs that stem from adjusting to complying with the requirements of this final rule instead of the 2023 final rule.^[147] Using the methodology described in part VI.D above, the Bureau estimates that about five small depository institutions and 25 small online lenders (nondepository institutions) will be covered by this final rule. This is the number of small financial institutions that the Bureau expects will incur the adjustment cost.

As described in part VI above, the Bureau assumes that, on average, financial institutions will have already incurred 25 percent of their non-hiring one-time costs in preparation to comply with the 2023 final rule. For financial institutions that continue to be covered under this final rule, the Bureau assumes that this percentage of non-hiring costs will have to be incurred again in order to meet the requirements of this final rule. The Bureau estimates that covered small depository institutions will spend about $21,000 each in one-time adjustment costs, annualized to about $3,000 per year, and that the covered small nondepository institutions will spend about $114,000 in one-time adjustment costs, annualized to about $4,000 per year.^[148] The Bureau estimates that the total market level adjustment costs for small depository institutions will be between $21,000 and $128,000. The Bureau estimates that the total market level adjustment costs for small nondepository institutions will be about $2,850,000.

Financial institutions that remain covered under this final rule will continue to require compliance personnel in order to report data under the rule. For some financial institutions, the data intake and transcribing stage could involve loan officers or processors whose primary function is to evaluate or process loan applications. For example, at some financial institutions the loan officers will take in information from the applicant to complete the application and input that information into the reporting system. However, the Bureau believes that such roles generally do not require any additional professional skills related to recordkeeping or other compliance requirements of this final rule that are not otherwise required during the ordinary course of business for small financial institutions. ( printed page 23602)

The type of professional skills required for compliance varies depending on the particular task involved.^[149] For example, data transcribing requires data entry skills. Transferring data to a data entry system and using vendor data management software requires knowledge of computer systems and the ability to use them. Researching and resolving reportability questions requires a more complex understanding of the regulatory requirements and the details of the relevant line of business. Geocoding requires skills in using the geocoding software, web systems, or, in cases where geocoding is difficult, knowledge of the local area in which the property is located. Standard annual editing, internal checks, and post-submission editing require knowledge of the relevant data systems, data formats, and section 1071 regulatory requirements in addition to skills in quality control and assurance. Filing post-submission documents requires skills in information creation, dissemination, and communication. Training, internal audits, and external audits require communications skills, educational skills, and regulatory knowledge. Section 1071-related exam preparation and exam assistance involve knowledge of regulatory requirements, the relevant line of business, and the relevant data systems.

The Standard Occupational Classification (SOC) code has compliance officers listed under code 13-1041. The Bureau believes that most of the skills required for preparation of the reports or records related to this proposal are the skills required for job functions performed in this occupation. However, the Bureau recognizes that under this general occupational code there is a high level of heterogeneity in the type of skills required as well as the corresponding labor costs incurred by the financial institutions performing these functions.

Benefits to small entities. The primary benefits to small credit providers in this final rule result from compliance cost savings. Small financial institutions that were covered under the 2023 final rule but will not be covered under this final rule will save on one-time costs of setting up to comply with this final rule as well as on the ongoing costs that they will otherwise have incurred to collect and report the data every year.

Small financial institutions that were covered under the 2023 final rule and that will remain covered under this final rule will save on compliance costs in two ways. First, the Bureau expects that they will be required to report fewer loans and therefore see a reduction in associated hiring costs. This is a one-time costs savings. Second, the reduction in the number of data points to be reported under this final rule (relative to the 2023 final rule) will likely result in annual ongoing cost savings.

Using the same coverage estimation described in the 2023 final rule and in part VI above, the Bureau estimates that about 800 small depository institutions and 469 small nondepository institutions would have been covered under the 2023 final rule but not under this final rule.

For all estimates discussed below, the Bureau relies on the methodology described in part VI.E, above, but focuses on estimating the impacts of the rule on small entities.

The Bureau estimates that depository institutions with the lowest level of complexity in compliance operations ( i.e., Type A DIs) will save about $50,475 in non-hiring one-time costs by no longer being covered by this final rule. The Bureau estimates that depository institutions with a middle level of complexity in compliance operations ( i.e., Type B DIs) will save about $38,775 in non-hiring one-time costs by no longer being covered under this final rule. The Bureau estimates that nondepository institutions that will no longer be covered by this final rule will save about $85,500 in non-hiring one-time costs. All institutions that will no longer be covered by this final rule will also no longer need to hire additional employees to comply with the 2023 final rule and will save $4,683 per FTE in one-time hiring costs.

The Bureau estimates that the overall market impact of one-time cost savings for small depository institutions will be between $34,000,000 and $41,000,000.^[150] The Bureau estimates that the overall market impact of one-time cost savings for small nondepository institutions will be $43,000,000.

Small financial institutions will also experience annual ongoing cost savings under the revisions in this final rule. Small institutions that were covered under the 2023 final rule but will no longer be required to report under this final rule will save on compliance costs that they would have otherwise incurred from having to collect and report application data to the Bureau annually. Small financial institutions that will remain covered under this final rule will see an ongoing cost savings from the reduction in required data points, which reduces the cost of collecting, checking, and reporting data to the Bureau annually.

The Bureau estimates that the overall annual market impact of ongoing cost savings for small depository institutions will be between $35,000,000 and $45,000,000 per year. The Bureau estimates that the overall annual market impact of ongoing cost savings for small nondepository institutions will be about $42,000,000 per year.

The Bureau estimates that about five small depository institutions and 25 small nondepository institutions (online lenders) will be covered under this final rule. The Bureau assumes online lenders will originate the same number of reportable loans under the 2023 final rule as they will under this final rule and, thus, will not experience any cost savings. The Bureau expects that some small depository institutions may originate fewer reportable loans under this final rule relative to the baseline, primarily because loans for agricultural purposes will not be reported under this final rule. These institutions may need to hire fewer additional employees to process reportable loans. The overall market level estimate of one-time hiring cost savings for covered small depositories is between $0 and $47,000.^[151] These institutions will also experience annual ongoing cost savings with an overall market level between about $27,000 and $252,000 per year.

6. Description of the Steps the Agency Has Taken To Minimize the Significant Economic Impact on Small Entities Consistent With the Stated Objectives of Applicable Statutes, Including a Statement of the Factual, Policy, and Legal Reasons for Selecting the Alternative Adopted in the Final Rule and why Each one of the Other Significant Alternatives to the Rule Considered by the Agency Which Affect the Impact on Small Entities Was Rejected; and for a Covered Agency, as Defined in Section 609(d)(2), a Description of the Steps the Agency Has Taken To Minimize any Additional Cost of Credit for Small Entities

Throughout this rulemaking, the Bureau considered multiple reporting thresholds for purposes of defining a covered financial institution. In ( printed page 23603) particular, the Bureau considered whether to exempt financial institutions with fewer than 200, 500, or 2,000 originations in each of the two preceding calendar years instead of 1,000 originations, as set by this final rule. The Bureau presents estimates for depository institutions because it does not have sufficient information to estimate how these differences in thresholds will impact nondepository institutions. The following table shows the estimated impact that different reporting thresholds the Bureau considered would have on financial institution coverage.

The Bureau also considered limiting its data collection to the data points specifically enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G). In this final rule, the Bureau will continue to require the collection of the number of principal owners, three-digit NAICS industry code of the business, and the time in business, in addition to the data points required by statute. The Bureau has considered the impact on small entities of proposing only the collection of those data points enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G), excluding the additional data points that the Bureau believes help further the purposes of section 1071. Only requiring the collection and reporting of the data points enumerated in 15 U.S.C. 1691c-2(e)(2)(A) through (G) would have reduced the annual ongoing cost of complying with this final rule for small financial institutions. Under this alternative, the estimated total annual ongoing costs for representative Type A, Type B, and Type C FIs would be reduced by $149, $523 and $2,838, respectively. Per application, the estimated reduction in ongoing cost would be $1, just over $1, and less than $1 for representative Type A, Type B, and Type C, respectively. The estimated total annual market-level ongoing cost savings of impacted small depository institutions would increase by about $20,000. The Bureau does not expect that one-time cost savings would be meaningfully different as a result of this alternative.

This final rule will eliminate ongoing variable costs for institutions that will no longer be covered and will reduce ongoing variable costs for institutions that remain covered. In part VI.F.2 above, the Bureau describes how, based on economic theory and evidence from the Bureau's own surveys, financial institutions will most likely pass on these savings to small business borrowers from eliminated or lower ongoing variable costs in the form of lower prices and fees. Therefore, the Bureau expects that this final rule will decrease the cost of credit for small entities who are small business applicants for credit under the rule.

In part VI.F.2 above, the Bureau estimates that the per application ongoing variable cost, at baseline, is $34 for Type A FIs, $28 for Type B FIs, and $8 for Type C FIs. According to the analysis above, this is the expected benefit that will accrue to applicants at institutions that were covered at baseline but will no longer be covered under this final rule. For institutions that will continue to report under this final rule, the difference between the ongoing variable cost at baseline and under this final is $8 for Type A FIs, $4 for Type B FIs, and around $1 for Type C FIs. This difference is what the Bureau expects to be passed on to applicants at financial institutions that will continue to be covered under this final rule.

Furthermore, the Bureau expects that small financial institutions covered under this final rule (insofar as they are considered “small entities” for the purposes of the RFA) are unlikely to experience a meaningful change in the costs of credit. Generally, financial institutions borrow in a manner that is different from other types of small businesses, including from other financial institutions in a separate Federal Funds market or from the Federal Reserve. The changes in compliance costs due to this final rule are unlikely to significantly change the cost of borrowing for these small financial institutions.

VIII. Paperwork Reduction Act

Under the Paperwork Reduction Act of 1995 (PRA),^[152] Federal agencies are generally required to seek approval from the Office of Management and Budget (OMB) for information collection requirements prior to implementation. Under the PRA, the Bureau may not conduct nor sponsor, and, notwithstanding any other provision of law, a person is not required to respond to, an information collection unless the information collection displays a valid control number assigned by OMB.

As part of its continuing effort to reduce paperwork and respondent ( printed page 23604) burden, the Bureau conducts a preclearance consultation program to provide the general public and Federal agencies with an opportunity to comment on the information collection requirements in accordance with the PRA. This helps ensure that the public understands the Bureau's requirements or instructions, respondents can provide the requested data in the desired format, reporting burden (time and financial resources) is minimized, information collection instruments are clearly understood, and the Bureau can properly assess the impact of information collection requirements on respondents.

This final rule amends 12 CFR part 1002 (Regulation B), which implements ECOA. The Bureau's OMB control number for Regulation B is 3170-0013. This final rule revises the information collection requirements contained in Regulation B that OMB has approved under that OMB control number.

Under the rule, the Bureau amends one information collection requirement in Regulation B: Compilation of reportable data (revised § 1002.107), including a notice requirement (in revised § 1002.107(a)(18) and (19)).

The information collection requirements in Regulation B, as amended by this final rule, are mandatory. Certain data fields will be modified or deleted by the Bureau, in its discretion, to advance a privacy interest before the data are made available to the public (as permitted by section 1071 and the Bureau's rule). The data that are not modified or deleted will be made available to the public and are not considered confidential. Unmodified data will be considered confidential if the information:

• Identifies any natural persons who might not be applicants (e.g., owners of a business where a legal entity is the applicant); or
• Implicates the privacy interests of financial institutions.

The collections of information contained in this final rule, and identified as such, have been submitted to OMB for review under section 3507(d) of the PRA. A complete description of the information collection requirements (including the burden estimate methods) is provided in the information collection request (ICR) that the Bureau has submitted to OMB under the requirements of the PRA. The ICR submitted to OMB requesting approval under the PRA for the information collection requirements contained herein is available at www.regulations.gov as well as on OMB's public-facing docket at www.reginfo.gov.

Title of Collection: Regulation B: Equal Credit Opportunity Act.

OMB Control Number: 3170-0013.

Type of Review: Revision of a currently approved collection.

Affected Public: Private Sector; Federal and State Governments.

Estimated Number of Respondents: 201 (subpart B only).

Estimated Total Annual Burden Hours: 4,643,082 (subpart B only).

In the NPRM the Bureau invited comments on: (a) Whether the collection of information is necessary for the proper performance of the functions of the Bureau, including whether the information will have practical utility; (b) the accuracy of the Bureau's estimate of the burden of the collection of information, including the validity of the methods and the assumptions used; (c) ways to enhance the quality, utility, and clarity of the information to be collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology.

One commenter noted that the Bureau should have published a 60-day PRA notice. This commenter also stated that the Bureau did not adequately update the collection burden analysis after having altered key parameters that affect respondent burden. The Bureau believes that its notice was sufficient. The Bureau also updated burden estimates of the collection requirements in accordance with the burden estimation presented in part VI above.

IX. Congressional Review Act

Pursuant to the Congressional Review Act (5 U.S.C. 801 et seq.), the Bureau will submit a report containing this final rule and other required information to the U.S. Senate, the U.S. House of Representatives, and the Comptroller General of the United States prior to this final rule taking effect. The Office of Information and Regulatory Affairs (OIRA) has designated this final rule as a “major rule” as defined by 5 U.S.C. 804(2).

X. Regulatory Review

Executive Orders 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select those regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety, and other advantages; and distributive impacts). Section 3(f) of E.O. 12866 defines a “significant regulatory action” as any regulatory action that is likely to result in a rule that may: (1) have an annual effect on the economy of $100 million or more or adversely affect in a material way the economy, a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local, or tribal governments or communities; (2) create a serious inconsistency or otherwise interfere with an action taken or planned by another agency; (3) materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations of recipients thereof; or (4) raise novel legal or policy issues arising out of legal mandates, or the President's priorities. The Office of Information and Regulatory Affairs (OIRA), within the Office of Management and Budget (OMB), has determined that this action is a “significant regulatory action” under Section 3(f)(1) of Executive Order 12866. Accordingly, OMB has reviewed this action.

This rule is considered an Executive Order 14192 deregulatory action with estimated quantified annualized cost savings of $156.6 million at a 7% discount rate, discounted relative to year 2024, over a perpetual time horizon.

Authority and Issuance

For the reasons set forth in the preamble, the Bureau is amending Regulation B, 12 CFR part 1002, as set forth below:

91 FR 23530