Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders

Federal RegisterJul 8, 2024

89 Fed. Reg. 56028 (Jul. 8, 2024)

AGENCY:

Consumer Financial Protection Bureau.

ACTION:

Final rule.

SUMMARY:

Under the Consumer Financial Protection Act of 2010 (CFPA), the Consumer Financial Protection Bureau (Bureau or CFPB) is issuing this final rule to require certain types of nonbank covered persons subject to certain final public orders obtained or issued by a government agency in connection with the offering or provision of a consumer financial product or service to report the existence of the orders and related information to a Bureau registry. The Bureau is also requiring certain supervised nonbanks to file annual reports regarding compliance with registered orders.

DATES:

Effective date: This rule is effective on September 16, 2024.

Implementation dates: For implementation dates, see § 1092.206.

FOR FURTHER INFORMATION CONTACT:

George Karithanom, Regulatory Implementation and Guidance Program Analyst, Office of Regulations, at 202-435-7700. If you require this document in an alternative electronic format, please contact CFPB_Accessibility@cfpb.gov.

SUPPLEMENTARY INFORMATION:

I. Summary of the Final Rule

The Bureau is adopting this final rule to establish and maintain a registry that will collect information about certain publicly available agency and court orders and facilitate the Bureau's supervision of certain companies. In this way, the Bureau will more effectively be able to monitor and to reduce the risks to consumers posed by entities that violate consumer protection laws. The final rule also authorizes the Bureau to consolidate this information in an online registry for use by the public and other regulators.

The final rule requires certain nonbank covered person entities (with exclusions for insured depository institutions, insured credit unions, related persons, States, certain other entities, and natural persons) to register with the Bureau upon becoming subject to a public written order imposing obligations based on violations of certain consumer protection laws. Those entities will be required to register in a system established by the Bureau, provide basic identifying information about the company and the order (including a copy of the order), and periodically update the registry to ensure its continued accuracy and completeness. The Bureau intends to publish this information on its website and potentially in other forms.

The Bureau will also require certain nonbanks subject to the Bureau's supervisory authority under section 1024(a) of the Consumer Financial Protection Act of 2010 (CFPA) annually to identify an executive (or executives) responsible for and knowledgeable of the firm's efforts to comply with the orders identified in the registry. The supervised nonbank entity will also be required to submit on an annual basis a written statement signed by the applicable executive regarding the entity's compliance with each order in the registry.

12 U.S.C. 5514(a).

Nonbanks that are subject to an order published on the Nationwide Multistate Licensing System's Consumer Access website (except for orders issued or obtained at least in part by the Bureau) may elect to comply with a one-time registration option in lieu of complying with the rule's notification and written-statement requirements with respect to that order.

Nonbank registrants will have to register with the Bureau starting after an applicable implementation date for the registry specified in the rule. Different implementation dates are specified for larger participants, other supervised nonbanks, and other nonbanks not subject to Bureau supervision. Details on how to register will be provided through filing instructions.

II. Background

A. The Bureau and Other Agencies Take Enforcement Actions Against Nonbanks To Protect Consumers

The Bureau administers and enforces Federal consumer financial laws against nonbanks in consumer financial markets. In addition to the Bureau, Congress has authorized multiple other Federal and State agencies to enforce Federal consumer financial laws, including the CFPA prohibition against unfair, deceptive, or abusive acts or practices (UDAAP) and enumerated statutes including the Truth in Lending Act, the Electronic Fund Transfer Act, the Fair Credit Reporting Act, the Equal Credit Opportunity Act, and other statutes. Several Federal agencies, most notably the Federal Trade Commission, also enforce section 5 of the Federal Trade Commission Act (FTC Act), which similarly prohibits unfair or deceptive acts or practices (UDAP). The prohibitions against unfair and deceptive acts or practices in the CFPA were modeled after the same prohibitions in the FTC Act. Furthermore, States across the country began codifying State UDAP statutes modeled after the FTC Act starting in the 1960s and 1970s. Many State UDAP statutes contain rules of construction requiring State courts to use interpretations of the FTC Act by the Federal courts and the FTC as a guide to interpreting their State UDAP statutes. These laws differ in many respects from each other, but generally they hail from a common consumer protection tradition originating with the FTC Act, similar to the CFPA's prohibition on UDAAP.

See12 U.S.C. 5481(12), 5552; 12 CFR part 1082; Bureau Interpretive Rule, Authority of States to Enforce the Consumer Financial Protection Act of 2010,87 FR 31940 (May 26, 2022).

15 U.S.C. 45.

Dee Pridgen, The Dynamic Duo of Consumer Protection: State and Private Enforcement of Unfair and Deceptive Trade Practices Laws, 81 Antitrust L.J. 911, 912 (2017).

See, e.g., Ariz. Rev. Stat. Ann. sec. 44-1522(C) (courts “may use as a guide” FTC and Federal court interpretations of the FTC Act); Fla. Stat. sec. 501.204(2) (expressing the intent of the legislature that “due consideration and great weight” be given to interpretations of the FTC Act when interpreting Florida's State UDAP statute).

The Bureau was created in the wake of the 2008 financial crisis, which was caused by a variety of overlapping factors, including systemic malfeasance in the mortgage industry. Since passage of the CFPA, the Bureau has brought nearly 350 enforcement actions against nonbanks. When the Bureau issues an order against a covered person (often, but not always, as a consent order), or brings an action in a court of law that results in an order, the Bureau often follows up with supervisory or enforcement action to ensure the company's compliance with the order. On numerous occasions, the Bureau has uncovered companies that failed to comply with consent orders that the companies entered into with the Bureau voluntarily.

See U.S. Fin. Crisis Inquiry Comm'n, The Financial Crisis Inquiry Report, at 104-11, 113-18 (2011), https://www.govinfo.gov/content/pkg/GPO-FCIC/pdf/GPO-FCIC.pdf; see also S. Rep. No. 111-176, at 11 (2010) (“Th[e] financial crisis was precipitated by the proliferation of poorly underwritten mortgages with abusive terms, followed by a broad fall in housing prices as those mortgages went into default and led to increasing foreclosures.”).

See, e.g., RMK Financial Corp. d/b/a Majestic Home Loan or MHL, CFPB No. 2023-CFPB-0002 (Feb. 27, 2023); CFPB v. American Advisors Group, No. 21-cv-01674-JLS-JDEx (C.D. Cal. Oct. 25, 2021); Discover Bank, CFPB No. 2020-BCFP-0026 (Dec. 22, 2020); Bureau of Consumer Fin. Prot. v. Encore Capital Grp., No. 3:20-cv-01750-GPC-KSC (S.D. Cal. Oct. 16, 2020); Sec. Nat'l Automotive Acceptance Co., CFPB No. 2017-CFPB-0013 (Apr. 26, 2017); Military Credit Servs., LLC, CFPB No. 2016-CFPB-0029 (Dec. 20, 2016).

B. Congress Instructed the Bureau To Monitor Markets for Consumer Financial Products and Services

Congress established the Bureau to regulate (among other things) the offering and provision of consumer financial products and services under the Federal consumer financial laws, and it granted the Bureau authority to ensure that the Bureau could achieve that mission. But it also understood that the Bureau could not fully and effectively achieve that mission unless it developed a clear window into the markets for and persons involved in offering and providing such products and services. To that end, Congress mandated that the Bureau “shall monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services.”

See12 U.S.C. 5511.

See12 U.S.C. 5512(c)(1).

Notably, Congress directed the Bureau to engage in such monitoring “to support its rulemaking and other functions,” instructing the Bureau to use monitoring to inform all of its work. Congress separately described the Bureau's “primary functions” as “conducting financial education programs”; “collecting, investigating, and responding to consumer complaints”; “collecting, researching, monitoring, and publishing information relevant to the functioning of markets for consumer financial products and services to identify risks to consumers and the proper functioning of such markets”; “supervising covered persons for compliance with Federal consumer financial law, and taking appropriate enforcement action to address violations of Federal consumer financial law”; “issuing rules, orders, and guidance implementing Federal consumer financial law”; and “performing such support activities as may be necessary or useful to facilitate the other functions of the Bureau.” Put simply, Congress envisioned that the Bureau would use its market-monitoring work to inform its activities, all with the express purpose of “ensuring that all consumers have access to markets for consumer financial products and services and that markets for consumer financial products and services are fair, transparent, and competitive.”

Id. (emphasis added).

12 U.S.C. 5511(c).

12 U.S.C. 5511(a).

To achieve these ends, Congress took care to ensure that the Bureau had the tools necessary to effectively monitor for risks in the markets for consumer financial products and services. It granted the Bureau authority “to gather information from time to time regarding the organization, business conduct, markets, and activities of covered persons and service providers.” In particular, Congress authorized the Bureau to “require covered persons and service providers participating in consumer financial services markets to file with the Bureau, under oath or otherwise, in such form and within such reasonable period of time as the Bureau may prescribe by rule or order, annual or special reports, or answers in writing to specific questions,” that would furnish the Bureau with such information “as necessary for the Bureau to fulfill the monitoring . . . responsibilities imposed by Congress.”

12 U.S.C. 5512(c)(4)(A).

12 U.S.C. 5512(c)(4)(B)(ii) (emphasis added).

To assist the Bureau in allocating resources to perform its monitoring, Congress also identified a non-exhaustive list of factors that the Bureau may consider, including “likely risks and costs to consumers associated with buying or using a type of consumer financial product or service”; “understanding by consumers of the risks of a type of consumer financial product or service”; “the legal protections applicable to the offering or provision of a consumer financial product or service, including the extent to which the law is likely to adequately protect consumers”; “rates of growth in the offering or provision of a consumer financial product or service”; “the extent, if any, to which the risks of a consumer financial product or service may disproportionately affect traditionally underserved consumers”; and “the types, number, and other pertinent characteristics of covered persons that offer or provide the consumer financial product or service.”

12 U.S.C. 5512(c)(2)(A).

12 U.S.C. 5512(c)(2)(B).

12 U.S.C. 5512(c)(2)(C).

12 U.S.C. 5512(c)(2)(D).

12 U.S.C. 5512(c)(2)(E).

12 U.S.C. 5512(c)(2)(F).

Congress also anticipated that the insights the Bureau would gain from such market monitoring should at times become available to a wider audience than just Bureau employees. Not only did Congress mandate that the Bureau “publish not fewer than 1 report of significant findings of its monitoring . . . in each calendar year,” but it also instructed that the Bureau may make non-confidential information available to the public “as is in the public interest.” Congress gave the Bureau discretion to determine the format of publication, authorizing the Bureau to make the information available “through aggregated reports or other appropriate formats designed to protect confidential information in accordance with [specified protections in this section].” These instructions regarding public release of market-monitoring information align with one of the Bureau's “primary functions” mentioned above—to “publish[ ] information relevant to the functioning of markets for consumer financial products and services to identify risks to consumers and the proper functioning of such markets.”

12 U.S.C. 5512(c)(3).

12 U.S.C. 5512(c)(3)(B).

12 U.S.C. 5511(c)(3).

The Bureau takes its market-monitoring obligations seriously, and it has incorporated valuable insights gained to date from such monitoring in conducting the multiple functions assigned to it under the CFPA, including its supervisory and enforcement efforts, as well as its rulemaking, consumer education, and other functions. As discussed in further detail below, this final rule seeks to continue and build upon that commitment by creating an order registry to accomplish a number of goals, with a particular focus on monitoring for risks to consumers related to repeat offenders of consumer protection law. A public registry of agency and court orders issued or obtained in connection with violations of law will help the Bureau and the broader public monitor trends concerning corporate recidivism relating to consumer protection law, including areas where prior violations of law are indicia of risk to consumers.

See, e.g., CFPB Semiannual Regulatory Agenda, 87 FR 5326, 5328 (Jan. 31, 2022) (“The Bureau's market monitoring work assists in identifying issues for potential future rulemaking work.”); Payday, Vehicle, and Certain High-Cost Installment Loans, 82 FR 54472, 54475, 54488, 54498 (Nov. 17, 2017) (citing information obtained through Bureau market-monitoring efforts); Arbitration Agreements, 82 FR 33210, 33220 (July 19, 2017) (same). See also, e.g., Consumer Fin. Prot. Bureau, Buy Now, Pay Later: Market trends and consumer impacts (Sept. 2022), https://files.consumerfinance.gov/f/documents/cfpb_buy-now-pay-later-market-trends-consumer-impacts_report_2022-09.pdf (publishing information obtained through Bureau market-monitoring efforts); Consumer Fin. Prot. Bureau, Consumer Credit Trends: Credit Card Line Decreases (June 2022), https://files.consumerfinance.gov/f/documents/cfpb_credit-card-line-decreases_report_2022-06.pdf (same); Consumer Fin. Prot. Bureau, Data Point: Checking Account Overdraft at Financial Institutions Served by Core Processors (Dec. 2021), https://files.consumerfinance.gov/f/documents/cfpb_overdraft-core-processors_report_2021-12.pdf (same).

More generally, entities subject to such public orders relating to the offering or provision of consumer financial products and services may pose ongoing risks to consumers in the markets for those products and services. A broad collection of such public orders will shed light on how laws are being enforced across consumer protection laws, jurisdictions, and markets, and help identify trends and potential gaps in enforcement. Both heightened enforcement and the absence of enforcement could possibly provide information regarding risks to consumers—the former as evidence that government agencies with various jurisdictions have identified the need to enforce consumer protection laws, and the latter as potential evidence of less risk to consumers, or perhaps of inattention by regulatory agencies. A centralized, up-to-date repository of such public orders will provide valuable market-based insight that the Bureau could use both to identify concerning trends in these markets that it otherwise might miss and to decide which of several different policy tools would best address the consumer risks presented by these trends. In short, the information sought will significantly increase the Bureau's ability to identify, understand, and ultimately prevent harm in the markets for consumer financial products and services. These and other core goals of the information the Bureau will collect are discussed further below at part IV.

Consistent with an approach suggested by commenters, the Bureau is adopting a one-time registration option for nonbanks that are identified by name as a party subject to an order that is published on the Nationwide Multistate Licensing System (NMLS) Consumer Access website, www.NMLSConsumerAccess.org (except for orders issued or obtained by the Bureau). Such nonbanks may choose to submit certain information to the Bureau in lieu of complying with the other ongoing requirements of the final rule with respect to the order. The information provided to the Bureau in connection with such orders will notify the Bureau about the nonbank and the relevant order and will enable the Bureau to follow up with the NMLS's operator and any applicable agency as appropriate.

C. Congress Authorized the Bureau To Supervise Certain Nonbank Covered Persons

One of the Bureau's key responsibilities under the CFPA is the supervision of very large banks, thrifts, and credit unions, and their affiliates, and certain nonbank covered persons. Congress has authorized the Bureau to supervise certain categories of nonbank covered persons under CFPA section 1024. Congress provided that the Bureau “shall require reports and conduct examinations on a periodic basis” of nonbank covered persons subject to its supervisory authority for purposes of “assessing compliance with the requirements of Federal consumer financial law”; “obtaining information about the activities and compliance systems or procedures of such person[s]”; and “detecting and assessing risks to consumers and to markets for consumer financial products and services.” Pursuant to the CFPA, the Bureau implements a risk-based supervision program under which it prioritizes nonbank covered persons for supervision in accordance with its assessment of risks posed to consumers. In making prioritization determinations, the Bureau considers several factors, including “the asset size of the covered person,” “the volume of transactions involving consumer financial products or services in which the covered person engages,” “the risks to consumers created by the provision of such consumer financial products or services,” “the extent to which such institutions are subject to oversight by State authorities for consumer protection,” and “any other factors that the Bureau determines to be relevant to a class of covered persons.” CFPA section 1024(b)(7)(A)-(C) further authorizes the Bureau to prescribe rules to facilitate supervision and assessing and detecting risks to consumers, as well as to ensure that supervised nonbanks “are legitimate entities and are able to perform their obligations to consumers.”

12 U.S.C. 5514.

12 U.S.C. 5514(b)(1).

12 U.S.C. 5514(b)(2).

12 U.S.C. 5514(b)(2)(A).

12 U.S.C. 5514(b)(2)(B).

12 U.S.C. 5514(b)(2)(C).

12 U.S.C. 5514(b)(2)(D).

12 U.S.C. 5514(b)(2)(E).

12 U.S.C. 5514(b)(7)(A)-(C).

Under CFPA section 1024(b)(7)(A)-(C), the Bureau is requiring that certain supervised nonbanks annually submit a written statement regarding the company's compliance with any outstanding registered orders. The statement must be signed by a designated senior executive. In the written statement, the attesting executive must generally describe the steps the executive has undertaken to review and oversee the company's activities subject to the applicable order for the preceding calendar year. The executive must then provide an attestation regarding the company's compliance with the order.

The required written statement will assist the Bureau in achieving each of the statutory objectives listed in CFPA section 1024(b)(7)(A)-(C). Therefore, each of those objectives provides a distinct, independently sufficient basis for the final rule's written-statement requirements.

For a more extended discussion of these matters, see part IV(D) and the section-by-section discussion of § 1092.204 below.

First, requiring submission of an annual written statement will facilitate Bureau supervision and the Bureau's assessment and detection of risks to consumers. In particular, as part of the Bureau's risk-based supervision program, the Bureau considers supervised nonbanks' compliance record regarding consumer protection law when prioritizing supervisory resources. The annual written statement, including the steps taken by the executive to review and oversee activity related to the order, will provide the CFPB valuable information in understanding how compliance is managed at the supervised entity. The requirement will also provide valuable information in connection with other aspects of the Bureau's supervisory work and will assist the Bureau's monitoring efforts. For example, in 2022 the Bureau announced that it was increasing its supervisory focus on repeat offenders, particularly those which violate agency or court orders. As part of that focus, it created a Repeat Offender Unit within its supervision program focused on: (i) reviewing and monitoring the activities of repeat offenders; (ii) identifying the root cause of recurring violations; (iii) pursuing and recommending solutions and remedies that hold entities accountable for failing to consistently comply with Federal consumer financial law; and (iv) designing a model for order review and monitoring that reduces the occurrences of repeat offenses. The Repeat Offender Unit is tasked more generally with enhancing detection of repeat offenses, developing processes for rapid review and response designed to address root causes of violations, and recommending corrective actions designed to stop recidivist behavior. The Bureau believes that the annual written statement will greatly facilitate that work, among other things.

See Consumer Fin. Prot. Bureau, Supervisory Highlights: Issue 28, Fall 2022, at 2-3 (Nov. 2022), https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-28_2022-11.pdf.

Id.

Id. at 3.

Second, the final rule's written-statement requirements will help ensure the company providing the statement is a legitimate entity and is able to perform its obligations to consumers. Information regarding a company's compliance with outstanding orders is probative of whether the company is willing and able to satisfy its legal obligations and of whether the company treats potential sanctions for repeat violations of relevant consumer protection laws as a mere cost of doing business. The written-statement requirements will also provide an incentive for supervised nonbanks to perform their obligations to consumers by requiring supervised nonbanks to specify which individual executives are responsible for achieving compliance with particular orders. Publication of the identity of this executive as intended by the Bureau will enhance the incentive.

III. Legal Authority

The Bureau is issuing this final rule pursuant to its authority under the CFPA. This section includes a general discussion of several CFPA provisions on which the Bureau relies in this rulemaking. Additional description of these authorities, and the final rule's reliance on them, is also contained in part II above and part IV below as well as in the section-by-section analysis.

A. CFPA Section 1022(b)

CFPA section 1022(b)(1) authorizes the Bureau to prescribe rules “as may be necessary or appropriate to enable the Bureau to administer and carry out the purposes and objectives of the Federal consumer financial laws, and to prevent evasions thereof.” Among other statutes, the CFPA— i.e., title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act)—is a Federal consumer financial law. Accordingly, in issuing the final rule, the Bureau is exercising its authority under CFPA section 1022(b) to prescribe rules that carry out the purposes and objectives of the CFPA and prevent evasions thereof. CFPA section 1022(b)(2) prescribes certain standards for rulemaking that the Bureau must follow in exercising its authority under section 1022(b)(1). For a discussion of the Bureau's standards for rulemaking under CFPA section 1022(b)(2), see part VIII below.

12 U.S.C. 5512(b)(1).

See12 U.S.C. 5481(14) (defining “Federal consumer financial law” to include the provisions of title X of the Dodd-Frank Act).

See12 U.S.C. 5512(b)(2).

B. CFPA Section 1022(c)(1)-(4) and (7)

The provisions of the final rule that (1) require nonbank covered persons to inform the Bureau that they have an applicable order entered against them, (2) provide basic identifying and administrative information and information regarding the orders (including copies of the orders), and (3) authorize publication of this information, are authorized under CFPA sections 1022(c)(1) through (4) and 1022(c)(7), as well as CFPA section 1022(b).

12 U.S.C. 5512(b), (c)(1)-(4), (c)(7).

CFPA sections 1022(c)(1)-(4) authorize the Bureau to prescribe rules to collect information from covered persons for purposes of monitoring for risks to consumers in the offering or provision of consumer financial products or services. The Bureau is collecting this information to monitor, on an ongoing basis, both individual and market-wide compliance with consumer protection laws and orders for alleged violations of those laws. The Bureau considers violations of consumer protection laws probative of “risks to consumers in the offering and provision of consumer financial products or services.” In particular, the Bureau believes that entities subject to public orders enforcing the law relating to the offering or provision of consumer financial products and services may pose heightened and ongoing risks to consumers in the markets for those products and services. It further believes that monitoring for such orders will allow the Bureau to track specific instances of, and more general developments regarding, potential corporate recidivism, which presents special risks to consumers for reasons discussed in greater detail below. The Bureau also believes that enforcement trends, as shown by public orders enforcing the law across consumer protection laws, jurisdictions, and markets, will potentially shed light on risks to consumers in the offering or provision of consumer financial products or services. Heightened enforcement could indicate areas where numerous regulators have identified risk of harm to consumers. Conversely, the absence of enforcement in other areas could indicate less risk to consumers, or perhaps a lack of attention by regulators that shows a need for further monitoring.

12 U.S.C. 5512(c)(1).

More specifically, in order to support its rulemaking and other functions, section 1022(c)(1) of the CFPA requires the Bureau to monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in the markets for such products or services. As discussed further below at part IV(B), section 1022(c)(2) of the CFPA authorizes the Bureau to allocate resources to perform the monitoring required by section 1022 by considering “likely risks and costs to consumers associated with buying or using a type of consumer financial product or service,” “understanding by consumers of the risks of a type of consumer financial product or service,” “the legal protections applicable to the offering or provision of a consumer financial product or service, including the extent to which the law is likely to adequately protect consumers,” “rates of growth in the offering or provision of a consumer financial product or service,” “the extent, if any, to which the risks of a consumer financial product or service may disproportionately affect traditionally underserved consumers,” and “the types, number, and other pertinent characteristics of covered persons that offer or provide the consumer financial product or service.” Section 1022(c)(4)(A) of the CFPA authorizes the Bureau to conduct the monitoring required by section 1022 by “gather[ing] information from time to time regarding the organization, business conduct, markets, and activities of covered persons and service providers.” The Bureau is authorized to gather this information by, among other things, requiring covered persons participating in consumer financial services markets to file annual or special reports, or answers in writing to specific questions, that furnish information “as necessary for the Bureau to fulfill the monitoring . . . responsibilities imposed by Congress.” The Bureau may require such information to be filed “in such form and within such reasonable period of time as the Bureau may prescribe by rule or order.”

12 U.S.C. 5512(c)(1) (“In order to support its rulemaking and other functions, the Bureau shall monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services.”).

12 U.S.C. 5512(c)(2)(A)-(F).

12 U.S.C. 5512(c)(4)(A).

12 U.S.C. 5512(c)(4)(B)(ii) (“In order to gather information described in subparagraph (A), the Bureau may . . . require covered persons and service providers participating in consumer financial services markets to file with the Bureau, under oath or otherwise, in such form and within such reasonable period of time as the Bureau may prescribe by rule or order, annual or special reports, or answers in writing to specific questions, furnishing information described in paragraph (4), as necessary for the Bureau to fulfill the monitoring, assessment, and reporting responsibilities imposed by Congress.”).

12 U.S.C. 5512(c)(4)(B)(ii).

Section 1022(c)(7)(A) of the CFPA further authorizes the Bureau to “prescribe rules regarding registration requirements applicable to a covered person, other than an insured depository institution, insured credit union, or related person.” Section 1022(c)(7)(B) provides that, “[s]ubject to rules prescribed by the Bureau, the Bureau may publicly disclose registration information to facilitate the ability of consumers to identify covered persons that are registered with the Bureau.” The Bureau interprets section 1022(c)(7)(B) as authorizing it to publish registration information required by Bureau rule under section 1022(c)(7)(A) so that consumers may identify the nonbank covered persons on which the Bureau has imposed registration requirements.

12 U.S.C. 5512(c)(7)(A).

12 U.S.C. 5512(c)(7)(B).

Finally, CFPA section 1022(c)(3) authorizes the Bureau to publicly release information obtained pursuant to CFPA section 1022, subject to limitations specified therein. Specifically, section 1022(c)(3) states that the Bureau “may make public such information obtained by the Bureau under [section 1022] as is in the public interest, through aggregated reports or other appropriate formats designed to protect confidential information in accordance with [specified protections in section 1022].” Information submitted to the Bureau's registry is protected by, among other things, CFPA section 1022(c)(8), which states that “[i]n collecting information from any person, publicly releasing information held by the Bureau, or requiring covered persons to publicly report information, the Bureau shall take steps to ensure that proprietary, personal, or confidential consumer information that is protected from public disclosure under [the Freedom of Information Act, 5 U.S.C. 552(b),] or [the Privacy Act of 1974, 5 U.S.C. 552a,] or any other provision of law, is not made public under [the CFPA].” The Bureau's registry is designed to not collect any protected proprietary, personal, or confidential consumer information, and thus, the Bureau will not publish, or require public reporting of, any such information.

See12 U.S.C. 5512(c)(3).

12 U.S.C. 5512(c)(3)(B).

12 U.S.C. 5512(c)(8). In the remainder of this preamble, the Bureau refers to information protected from disclosure under CFPA section 1022(c)(8) as “protected proprietary, personal, or confidential consumer information.”

See the introduction to the section-by-section analysis of § 1092.202 for a discussion of certain comments received by the Bureau about the discussion in the Bureau's proposed rule of the Bureau's authorities under CFPA section 1022(b)(1)-(4) and (7).

See88 FR 6088 (Jan. 30, 2023). For further discussion of the Bureau's proposed rule, see part V(C) below.

C. CFPA Section 1024(b)

As explained above, section 1024(b) of the CFPA authorizes the Bureau to exercise supervisory authority over certain nonbank covered persons. Section 1024(b)(1) requires the Bureau to periodically require reports and conduct examinations of persons subject to its supervisory authority to assess compliance with Federal consumer financial law, obtain information about the activities and compliance systems or procedures of persons subject to its supervisory authority, and detect and assess risks to consumers and to markets for consumer financial products and services. Section 1024(b)(2) requires that the Bureau exercise its supervisory authority over nonbank covered persons under section 1024(b)(1) based on its assessment of risks posed to consumers in the relevant product markets and geographic markets, and taking into consideration, as applicable: “(A) the asset size of the covered person; (B) the volume of transactions involving consumer financial products or services in which the covered person engages; (C) the risks to consumers created by the provision of such consumer financial products or services; (D) the extent to which such institutions are subject to oversight by State authorities for consumer protection; and (E) any other factors that the Bureau determines to be relevant to a class of covered persons.”

The nonbank covered persons over which the Bureau has supervisory authority are listed in section 1024(a)(1) of the CFPA. They include covered persons that: offer or provide origination, brokerage, or servicing of loans secured by real estate for use by consumers primarily for personal, family, or household purposes, or loan modification or foreclosure relief services in connection with such loans; are larger participants of a market for consumer financial products or services, as defined by Bureau rule; the Bureau has reasonable cause to determine, by order, that the covered person is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services; offer or provide private education loans; or offer or provide payday loans. 12 U.S.C. 5514(a)(1).

12 U.S.C. 5514(b)(1) provides: “The Bureau shall require reports and conduct examinations on a periodic basis of persons described in subsection (a)(1) for purposes of—(A) assessing compliance with the requirements of Federal consumer financial law; (B) obtaining information about the activities and compliance systems or procedures of such person; and (C) detecting and assessing risks to consumers and to markets for consumer financial products and services.”

12 U.S.C. 5514(b)(2).

Section 1024(b)(7) of the CFPA in turn identifies three independent sources of Bureau rulemaking authority. First, section 1024(b)(7)(A) requires the Bureau to prescribe rules to facilitate the supervision of nonbank covered persons subject to the Bureau's supervisory authority and assessment and detection of risks to consumers. Second, section 1024(b)(7)(B) authorizes the Bureau to require nonbank covered persons subject to its supervisory authority to “generate, provide, or retain records for the purposes of facilitating supervision of such persons and assessing and detecting risks to consumers.” As explained below in the introduction to the section-by-section analysis of § 1092.204, the Bureau interprets this section as authorizing it to require nonbank covered persons subject to its supervisory authority to “generate”— i.e., create —reports regarding their activities and then “provide” them to the Bureau.

12 U.S.C. 5514(b)(7)(A) (“The Bureau shall prescribe rules to facilitate supervision of persons described in subsection (a)(1) and assessment and detection of risks to consumers.”).

12 U.S.C. 5514(b)(7)(B) (“The Bureau may require a person described in subsection (a)(1), to generate, provide, or retain records for the purposes of facilitating supervision of such persons and assessing and detecting risks to consumers.”).

See Generate, Webster's Third New International Dictionary (1981) (defining “generate” as “to bring into existence”).

The third source of authority, CFPA section 1024(b)(7)(C), authorizes the Bureau to prescribe rules regarding nonbank covered persons subject to its supervisory authority “to ensure that such persons are legitimate entities and are able to perform their obligations to consumers.” The Bureau interprets this section as authorizing it to prescribe substantive rules to ensure that supervised entities are willing and able to comply with their legal, financial, and other obligations to consumers, including those imposed by Federal consumer financial law. The term “obligations” encompasses “anything that a person is bound to do or forbear from doing,” including duties “imposed by law, contract, [or] promise.” The Bureau construes the phrase “legitimate entities” as encompassing an inquiry into whether an entity takes seriously its duty to “[c]omply[ ] with the law.” Legitimate entities do not presume they will break the law and treat the risk of enforcement actions for violations of legal obligations as a mere cost of doing business. Instead, legitimate entities work in good faith to have protocols in place aimed at ensuring compliance with their legal obligations and detecting and appropriately addressing any legal violations that the entity may commit.

12 U.S.C. 5514(b)(7)(C) (“The Bureau may prescribe rules regarding a person described in subsection (a)(1), to ensure that such persons are legitimate entities and are able to perform their obligations to consumers. Such requirements may include background checks for principals, officers, directors, or key personnel and bonding or other appropriate financial requirements.”).

Obligation, Black's Law Dictionary (11th ed. 2019).

Legitimate, Black's Law Dictionary (11th ed. 2019) (defining “legitimate” as “[c]omplying with the law; lawful”); see also Legitimate, Webster's Second New International Dictionary (1934) (defining “legitimate” as “[a]ccordant with law or with established legal forms and requirements; lawful”); Legitimate, Webster's Third New International Dictionary (1981) (similar).

While each of the three subparagraphs of section 1024(b)(7) discussed above operates as independent sources of rulemaking authority, the subparagraphs also overlap in several respects, such that a particular rule may be (and, in the case of this final rule, is) authorized by more than one of the subparagraphs. For example, rules requiring the generation, provision, or retention of records generally will be authorized under both subparagraphs 1024(b)(7)(A) and (B). That is so because subparagraph 1024(b)(7)(B) makes clear that the Bureau's authority under subparagraph 1024(b)(7)(A) to prescribe rules to facilitate supervision and assessment and detection of risks to consumers extends to requiring covered persons subject to the Bureau's supervisory authority “to generate, provide or retain records for the purposes of facilitating supervision of such persons and assessing and detecting risks to consumers.”

12 U.S.C. 5514(b)(7)(B); see also, e.g., Barton v. Barr, 140 S. Ct. 1442, 1453 (2020) (“redundancies . . . in statutory drafting” may reflect “a congressional effort to be doubly sure”); Atlantic Richfield Co. v. Christian, 140 S. Ct. 1335, 1350 n.5 (2020) (concluding that “Congress employed a belt and suspenders approach” in statute); Marx v. Gen. Revenue Corp., 568 U.S. 371, 383-85 (2013) (statutory language is “not . . . superfluous if Congress included it to remove doubt” about an issue).

See the introduction to the section-by-section analysis of § 1092.204 below for a discussion of certain comments received by the Bureau about the proposal's discussion of the Bureau's authorities under CFPA section 1024(b).

IV. Why the Bureau Is Issuing This Final Rule

A. Overview

The Bureau is issuing this final rule to require nonbanks to report certain public agency and court orders because the Bureau believes that not only the Bureau, but also consumers, the public, and other potential users of the Bureau's registry will benefit from the creation and maintenance of a central public repository for information regarding certain public orders that have been imposed upon nonbank covered persons.

Agency and court orders are not suggestions. They are legally binding orders intended to prevent and remedy violations of the law. When an agency issues such an order, or seeks a court order, it typically has determined that the problems at the applicable entity are sufficiently serious to merit the expenditure of that agency's limited resources and perhaps the attention of the courts.

By establishing an effective registry for collecting public orders enforcing the law across different sectors of entity misconduct, the final rule will allow the Bureau to more effectively monitor for potential risks to consumers arising from both individual instances and broader patterns of recidivism. Persons that are subject to one or more orders that would require registration under the final rule may pose greater risks to consumers than others. And the existence of multiple orders may serve as a particular “red flag” with respect to risks to consumers and as a signal of potential recidivism. The existence of multiple orders may also indicate broader problems at the entity that pose related risks to consumers—including lack of sufficient controls related to the offering and provision of consumer financial products and services, inadequate compliance management systems and processes, and an unwillingness or inability of senior management to comply with laws subject to the Bureau's jurisdiction.

The Bureau also concludes that collecting information regarding public agency and court orders enforcing the law will help it identify broader trends related to risks to consumers in the offering and provision of consumer financial products and services. For example, collecting this information would inform the Bureau about enforcement activity across geographic or product markets with respect to particular consumer protection laws, increases and decreases over time in such activity, and many other relevant matters. Notably, by studying how laws are being enforced across consumer protection laws, jurisdictions, and markets, the Bureau will be able to identify indications of risks to consumers. For example, the existence of enforcement activity in multiple jurisdictions among certain products, services, or features, or related to certain legal requirements, or concerning certain consumer risks, could indicate areas of heightened consumer risk that warrant further attention by regulators. Or such enforcement activity might be an indication of appropriate attention by other regulators, which might be an indication that applicable nonbanks are subject to adequate oversight, or that risk to consumers in certain areas may otherwise be reduced. By contrast, the absence of enforcement activity in certain areas could potentially indicate less risk to consumers or could be evidence of less attention by regulators and a need to increase monitoring activities. The Bureau thus concludes that obtaining information regarding such orders will enable it to better monitor risks to consumers in the offering or provision of consumer financial products and services, including developments in the markets for such products and services, under its authority at CFPA section 1022(c).

12 U.S.C. 5512(c).

As described further below, the Bureau intends to make a registry of these orders publicly available. The Bureau anticipates that publishing such a registry will, among other things, allow other regulators at the Federal, State, and local level tasked with protecting consumers to realize many of the same market-monitoring benefits that the Bureau anticipates obtaining from this rule. Publication will also facilitate the ability of consumers to identify the covered persons that are registered with the Bureau. In addition, publication will enhance the ability of investors, research organizations, firms conducting due diligence, and the media to locate, review, and monitor orders enforcing the law.

The final rule also will assist the Bureau's supervisory work by collecting additional information in the form of a written statement from certain entities that are subject to the Bureau's supervision and examination authority. As explained in greater detail below, requiring certain supervised entities to designate a senior executive officer with knowledge of, and control over, the entity's efforts to comply with each relevant order, and requiring that executive to submit the information required to be contained in the written statement, will facilitate Bureau supervision efforts by providing important information about the entity, helping to prioritize the Bureau's supervisory activities, and otherwise assisting the Bureau's supervisory work. These requirements will also help ensure that the relevant entities are “legitimate” and “are able to perform their obligations to consumers” under CFPA section 1024(b)(7)(C), in part by incentivizing entities who might otherwise not take seriously their obligations to instead endeavor to comply with consumer protection laws and by highlighting the designated senior executive whose duties include ensuring such compliance.

12 U.S.C. 5514(b)(7)(C).

General Comments Received

This section discusses certain general comments received by the Bureau regarding the proposal.

Various industry, consumer advocate, and other commenters generally agreed with the Bureau's statements in the proposal about the need for a new Bureau registry for nonbank entities that are subject to the Bureau's jurisdiction and that are subject to certain agency and court orders. A consumer advocate commenter stated that the registry would be immensely useful for the Bureau and other Federal and State regulators alike, and agreed that the proposed registry would advance a wide variety of statutory objectives, streamline regulatory processes, and create efficiencies that will result in greater consumer protection. An industry commenter stated that the proposed registry would help to compile and track violations and provide a basis from which to initiate risk-based supervision of nonbanks. Industry and consumer advocate commenters stated that the proposed registry would appropriately respond to a dearth of information about nonbank financial companies, including their number and type and the practices they engage in. Consumer advocate commenters stated that the proposal would, among other things, help unify efforts across regulators, help regulators and policymakers develop additional reforms to consumer protection, and help prevent future financial crises.

Other commenters objected to the Bureau's proposal on various grounds, as discussed elsewhere in this preamble. Among other things, commenters stated the proposed registry would be duplicative of the NMLS and overly burdensome for registered entities.

Industry commenters stated that the Bureau should either not finalize the proposal, or should carefully consider not finalizing the proposal, in light of the Fifth Circuit's decision in Consumer Financial Protection Bureau (CFPB) v. Community Financial Services Association of America and the U.S. Supreme Court's grant of the petition for certiorari in that case.

See Cmty. Fin. Servs. Ass'n of Am., Ltd. v. CFPB, 51 F.4th 616 (5th Cir. 2022).

No. 22-448 (U.S. argued Oct. 3, 2023).

A consumer advocate commenter stated that the Bureau should clarify in the final rule the monetary penalties it will seek for each day of non-compliance, and that these penalties should be large. In the commenter's view, the failure to register as required under the final rule also should be an aggravating factor when assessing monetary penalties against the entity for other violations.

Response to General Comments Received

The Bureau agrees with commenters regarding the need for a new Bureau registry for nonbank entities that are subject to the Bureau's jurisdiction and that are subject to certain agency and court orders. The final rule will establish a valuable Bureau registry that will provide the Bureau and other users with important information regarding such companies and the orders they are subject to. Comments objecting to the proposal are addressed elsewhere in this preamble.

With respect to comments addressing the U.S. Court of Appeals for the Fifth Circuit's decision regarding the constitutionality of the Bureau's funding structure, the Supreme Court has reversed that decision, holding that the Bureau's funding structure does not violate the Appropriations Clause.

See CFPB v. Cmty. Fin. Servs. Ass'n of Am., Ltd., 601 U.S. 416 (2024).

The Bureau declines the consumer advocate commenter's suggestion to establish special rules or remedies for violation of the rule. The final rule is a Federal consumer financial law under the CFPA. Violation of the final rule would be an independent violation of Federal consumer financial law subject to enforcement as provided in the CFPA, and applicable remedies under law, including potential civil money penalties.

See12 U.S.C. 5481(14) (defining term “Federal consumer financial law” as including “any rule . . . prescribed by the Bureau” under the CFPA).

Violation of the final rule may also violate 12 U.S.C. 5536(a)(2), which provides that it shall be unlawful for “any covered person or service provider to fail or refuse, as required by Federal consumer financial law, or any rule or order issued by the Bureau thereunder—[¶ ] (A) to permit access to or copying of records; [¶ ] (B) to establish or maintain records; or [¶ ] (C) to make reports or provide information to the Bureau.”

B. Why the Bureau Is Issuing a Rule To Monitor for Risks Associated With Certain Agency and Court Orders

Requiring registration and submissions regarding certain agency and court orders as provided in the final rule will assist the Bureau in monitoring for risks to consumers in the offering or provision of consumer financial products or services, in accordance with CFPA section 1022(c). The final rule's requirements to submit and update information regarding such agency and court orders related to the provision or offering of consumer financial products or services will provide important support for a variety of Bureau functions.

12 U.S.C. 5512(c).

As the principal Federal regulator responsible for administering the Federal consumer financial laws, the Bureau's ability to effectively identify and monitor for potential risks to consumers arising out of apparent violations of core Federal and State consumer laws is important to the Bureau achieving its statutory purposes and objectives. Such information will help the Bureau satisfy its statutory obligation to monitor for risks to consumers in the markets for consumer financial products and services. For example, the registry will enable the Bureau to better identify an increase in the number of orders in a particular product market, in a particular geographic market, addressing similar consumer risks, or with other common features. The Bureau will be able to use this information to identify areas of heightened consumer risk that warrant further attention, as well as areas that are receiving adequate attention from other regulators. By contrast, the absence of enforcement activity in certain areas could indicate less risk to consumers, or it potentially could be evidence of less attention by regulators and a need to increase monitoring and other supervisory or regulatory activities. Over time, the Bureau's collection and review of information under the final rule will better enable the Bureau to evaluate, assess, and understand the relationship between such matters and the consumer risk that is related to covered orders. Thus, this information would help to inform and prioritize the Bureau's other market-monitoring efforts, including research regarding particular markets and the risks to consumers presented in such markets.

See12 U.S.C. 5512(c)(1).

See12 U.S.C. 5511(c)(3) (identifying as one of the “primary functions of the Bureau . . . collecting, researching, monitoring, and publishing information relevant to the functioning of markets for consumer financial products and services to identify risks to consumers and the proper functioning of such markets”).

Likewise, the Bureau's rulemaking efforts will benefit from information about such orders, so that the Bureau might, for example, consider drafting rules to address identified consumer risks. The Bureau's consumer response function will be informed by increased monitoring of risks and trends, as the Bureau could direct resources or investigate risks in a certain area or on a certain topic. And the Bureau may choose to direct its consumer education efforts toward educating consumers about risks identified via the registry.

See12 U.S.C. 5511(c)(5) (identifying as one of the “primary functions of the Bureau . . . issuing rules, orders, and guidance implementing Federal consumer financial law”).

See12 U.S.C. 5511(c)(2) (identifying as one of the “primary functions of the Bureau . . . collecting, investigating, and responding to consumer complaints”); see also Consumer Fin. Prot. Bureau, Consumer Response Annual Report: January 1-December 31, 2021, at 5-8 (Mar. 2022), https://files.consumerfinance.gov/f/documents/cfpb_2021-consumer-response-annual-report_2022-03.pdf (describing the Bureau's consumer-complaint process and how the Bureau uses complaint information).

See12 U.S.C. 5511(c)(1) (identifying as one of the “primary functions of the Bureau . . . conducting financial education programs”).

The information that the Bureau will obtain under the final rule will also be valuable to the Bureau in exercising its supervisory and enforcement functions. Among other things, the information may be informative when the Bureau makes determinations whether a covered person is engaging, or has engaged, in conduct that poses risk to consumers with regard to the offering or provision of consumer financial products or services under CFPA section 1024(a)(1)(C), such that the Bureau may determine to subject the covered person to Bureau supervision under that provision. The information contained in the registry may also be relevant in assessing civil penalties for violations of Federal consumer financial laws, given that Congress has provided that such penalties should take into account an entity's “history of previous violations” and “such other matters as justice may require.”

See12 U.S.C. 5511(c)(4) (identifying as one of the “primary functions of the Bureau . . . supervising covered persons for compliance with Federal consumer financial law, and taking appropriate enforcement action to address violations of Federal consumer financial law”). Part IV(D) and the section-by-section discussion of § 1092.204 below contain additional discussion of how the final rule will facilitate the Bureau's supervisory efforts.

See12 U.S.C. 5514(a)(1)(C) (authorizing Bureau orders subjecting nonbanks to supervision based upon consumer complaints “or information from other sources”); 12 CFR part 1091 (Bureau procedural rule to establish supervisory authority over certain nonbank covered persons based on risk determination).

See12 U.S.C. 5565(c)(3)(D), (E). The Bureau may consider certain matters identified in orders collected under the final rule to be relevant under these provisions.

Furthermore, there is a heightened likelihood that entities that are subject to public orders enforcing the law and relating to the offering or provision of consumer financial products and services may pose risks to consumers in the markets for those products and services, and risk of consumer harm is a significant factor that weighs heavily in the Bureau's decisions regarding the general allocation of its resources. Knowledge of whether a covered person has engaged in previous violations of consumer financial protection laws is valuable information that the Bureau considers when evaluating the risk of consumer harm. In the Bureau's experience, entities that have previously been subject to enforcement actions, including those brought by local, State, and other Federal authorities, present an increased risk of committing violations of laws subject to the Bureau's jurisdiction, and thus causing the additional consumer harm associated with such violations. Prior enforcement actions are also likely to be a good indication of continuing risks to consumers present in a particular market for consumer financial products or services. Because the orders that would be covered by the final rule are regularly issued, modified, and terminated, the Bureau needs to collect this information regularly and on a timely basis in order to stay abreast of developments.

Although referrals from and other information provided by other agencies have been valuable to the Bureau's work, the Bureau currently often relies on other agencies to take proactive steps to contact it. As discussed in part IV(E) below, under the final rule, nonbanks that are subject to agency and court orders that are published on the NMLS Consumer Access website will have an option to notify the Bureau and provide information that will flag the relevant order and nonbank for the Bureau's attention. Having access to targeted information regarding relevant orders entered against nonbanks, whether such orders are listed on the Bureau's own registry or available through the NMLS, will significantly increase the Bureau's ability to monitor markets so that the Bureau can identify, better understand, and ultimately, prevent further consumer harm, particularly from repeat offenders.

Recidivism—whether in the form of a company that repeatedly violates the law and as a result becomes subject to multiple orders, or in the form of a company that violates the orders to which it is subject—poses particular risks to consumers. Companies that repeatedly violate the law do more than just deprive consumers of protections in the marketplace; these companies may also charge their customers more in order to cover the costs of any fines or other costs resulting from the company's legal violations. In other words, consumers may end up subsidizing corporate malfeasance. When government orders fail to deter future misconduct by a company, that company's operations are more likely to present risk to consumers. Thus, the existence of multiple orders may be highly probative of heightened risks to consumers in the markets for consumer financial products and services, including the risk of noncompliance with laws subject to the Bureau's jurisdiction.

Collecting information about such public orders across markets and agencies as provided in the final rule will improve the Bureau's efforts to determine where entities, either as a group or individually, are repeatedly violating the law. The Bureau particularly needs to be made aware of entities that become subject to multiple orders, or that are found to be out of compliance with existing orders, as well as of trends in such developments. Systematic or repeat violations of the law may indicate broader problems within a market for consumer financial products and services. Such problems might include lack of sufficient controls related to the offering and provision of certain consumer financial products and services, inadequate compliance management systems and processes within a set of market participants, and an unwillingness or inability of senior management at certain entities to comply with Federal consumer financial laws. The registry established in the final rule will provide a valuable mechanism to help ensure that the Bureau is rapidly made aware of such repeat offenders across a range of markets and enforcement agencies.

The Bureau believes that the registry will be especially useful with respect to the particular nonbank markets that are subject to the Bureau's supervision and examination authority under CFPA section 1024(a). In those markets, the Bureau will be able to take account of risks identified through the registry in conducting its risk-based supervisory prioritization and enforcement work. The existence of an order that would require registration under the final rule would be probative of a potential need for supervisory examination, to the extent that the nonbank is subject to the Bureau's supervision and examination authorities. Under CFPA section 1024(b)(2), the Bureau is required to exercise its supervisory authority in a manner designed to ensure that such exercise, with respect to persons described in CFPA section 1024(a), is based on the assessment by the Bureau of the risks posed to consumers in the relevant product markets and geographic markets and taking into consideration the factors enumerated at CFPA section 1024(b)(2)(A)-(E).

12 U.S.C. 5514(a), (b)(2).

Depending upon the circumstances, the Bureau may consider the existence of an order requiring registration under the final rule to be a risk factor under these provisions for covered persons subject to the rule. CFPA section 1024(b)(2)(C) refers to “the risks to consumers created by the provision of such consumer financial products or services.” The existence of one or more orders that would require registration under the final rule would be probative of such risks to consumers because it indicates that an entity may not be willing or able to ensure compliance with the law. CFPA section 1024(b)(2)(D) provides that the Bureau shall also take into account “the extent to which such institutions are subject to oversight by State authorities for consumer protection.” The existence of one or more orders issued or obtained by the types of State agencies described in the final rule in connection with violations of law would provide important and directly relevant information regarding the extent to which nonbanks are subject to oversight by State authorities for consumer protection. CFPA section 1024(b)(2)(E) provides that the Bureau shall also take into account “any other factors that the Bureau determines to be relevant to a class of covered persons.” For the classes of covered persons subject to the final rule, the Bureau believes that the existence of an order that would require registration under the final rule would be a relevant factor under this statutory provision for the Bureau to take into consideration when exercising its supervisory authorities under CFPA section 1024. Thus, for the reasons described above, the existence of such orders would be relevant information in prioritizing and scoping the Bureau's supervisory activities under CFPA section 1024(b) with respect to the markets subject to that provision.

12 U.S.C. 5514(b)(2)(C).

12 U.S.C. 5514(b)(2)(D).

12 U.S.C. 5514(b)(2)(E).

In crafting the final rule's requirements to register and submit certain agency and court orders, the Bureau has considered (among others) the factors listed at CFPA section 1022(c)(2), to the extent relevant here to the allocation of Bureau resources to perform market monitoring. For example, the Bureau considered the “likely risks and costs to consumers associated with buying or using a type of consumer financial product or service.” As discussed above, the Bureau believes companies that violate the law, especially repeatedly, generally pose more risk to consumers. The final rule will assist the Bureau in identifying and evaluating such risks—and their associated costs—across companies, industries, products, and regions.

12 U.S.C. 5512(c)(2)(A).

The Bureau also considered the “understanding by consumers of the risks of a type of consumer financial product or service.” The Bureau is concerned that consumers currently may not adequately understand risks posed by certain institutions, including risks arising from recidivism. With a clear window into nationwide trends and gaps in nonbank covered persons' compliance with consumer protection laws, the Bureau can target its various functions—including consumer education—to ensure that consumers understand the risks and associated costs of such conduct on their use of certain consumer financial products or services.

12 U.S.C. 5512(c)(2)(B).

The Bureau further considered “the legal protections applicable to the offering or provision of a consumer financial product or service, including the extent to which the law is likely to adequately protect consumers.” The final rule will enhance the Bureau's ability to effectively assess whether and to what extent the orders themselves, as well as other relevant laws, in practice adequately protect consumers. Information collected in connection with the final rule will aid the Bureau in better understanding how effectively the nation's consumer protection laws operate in practice, which should assist the Bureau in determining (among other things) how best to allocate its resources to ensure consumers are adequately protected from unlawful conduct.

12 U.S.C. 5512(c)(2)(C).

The Bureau also considered “rates of growth in the offering or provision of a consumer financial product or service.” Commenters expressed concern about a dearth of information regarding nonbank financial companies and stated that nonbanks may be obtaining an increased market share in certain markets for consumer financial products and services. The Bureau likewise believes that at least in certain markets, there has been rapid growth in consumer offerings by nonbanks. The Bureau intends to use the information obtained under the final rule in assessing and monitoring the rates of such growth and any associated risks, as evidenced by information regarding relevant consumer protection orders issued against nonbanks.

12 U.S.C. 5512(c)(2)(D).

The Bureau also considered “the extent . . . to which the risks of a consumer financial product or service may disproportionately affect traditionally underserved consumers.” The Bureau generally is concerned that traditionally underserved communities may be disproportionately the target of consumer protection violations—particularly, unfair, deceptive, or abusive acts or practices—in the offering or provision of consumer financial products or services. The information collected should provide the Bureau with robust nationwide data to identify and evaluate the extent to which this is the case.

12 U.S.C. 5512(c)(2)(E).

Finally, the Bureau considered “the types, number, and other pertinent characteristics of covered persons that offer or provide the consumer financial product or service.” For the reasons discussed, law violator status—and especially repeat law violator status—is a highly pertinent characteristic. The Bureau believes that risks to consumers posed by law violators warrant market monitoring. In particular, it will provide greater visibility into nonbank covered persons' compliance with consumer protection laws in the offering or provision of consumer financial products and services, in addition to more generally aiding the Bureau's overall understanding of nonbank covered persons and the products or services they provide.

12 U.S.C. 5512(c)(2)(F).

As discussed further below in part IV(E), the Bureau is adopting a modification to the proposed rule in order to provide an option for one-time registration of orders published on the NMLS Consumer Access website (except for orders issued or obtained by the Bureau). The Bureau will be notified regarding such orders and the nonbank entities that are subject to them, and, using the information provided by the nonbank via the registry, will be able to obtain additional information from applicable Federal, State, and local authorities, including through the NMLS. Thus, the Bureau will have access to a comprehensive collection of relevant orders and entities, accessible either through the Bureau's registry or via the Bureau's existing access to NMLS and its ability to reach out to other agencies.

The Bureau has concluded that alternative means of collecting the information subject to the final rule would be inadequate. For example, the Bureau considered requesting the information on an ad hoc basis from entities that are subject to relevant orders through a Bureau order issued pursuant to CFPA section 1022(c)(4)(B)(ii). However, the Bureau concludes this alternative would be inadequate. There is no existing comprehensive list of covered persons subject to Bureau regulation, so the Bureau would be unable to issue a standing order to such entities to produce information. It is not clear how the Bureau would obtain this information without issuing a rule. Also, the Bureau wishes to collect information that changes over time—for example, information regarding new orders and changes to orders, as well as with respect to changes in registration information. An order that required submission of information at a single point in time—assuming that the Bureau could identify the entities to which such an order should be addressed—would be inadequate to capture such changes in information. While the Bureau might issue frequently recurring orders under its market-monitoring authority, such an approach would be less reliable and predictable for all parties than a rule-based approach.

For additional discussion of comments received in connection with other alternative means of collecting this information, see the section-by-section discussion of §§ 1092.202(b) and 1092.203(a) below.

12 U.S.C. 5512(c)(4)(B)(ii).

The Bureau further considered using its supervisory and examination authority to obtain information solely from entities that are subject to that authority. However, there is no existing comprehensive list of nonbank entities subject to Bureau supervision, so the Bureau would be unable to issue a standing order to such entities to produce such information. Moreover, the Bureau has concluded that collecting information from a wider range of covered persons, including those that are not subject to the Bureau's supervisory and examination authority, is appropriate to achieve its market-monitoring objectives.

C. Why the Bureau Has Identified Orders Issued Under the Types of Laws Described in the Proposal as Posing Particular Risk

The final rule prescribes registration requirements with reference to certain types of “covered laws” that served as the basis for an applicable order. As discussed herein, the Bureau concludes that orders issued under the types of covered laws described in the proposal are likely to be probative of risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services.

See also the discussion of the definition of the term “covered law” in the section-by-section discussion of § 1092.201(c) below.

First, the Bureau is requiring registration in connection with orders issued under the Federal consumer financial laws, to the extent that the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service. As explained above, numerous Federal and State agencies besides the Bureau have authority to enforce Federal consumer financial laws. In matters where an agency other than the Bureau has issued or obtained a final public order concluding that a covered person has violated Federal consumer financial law, the Bureau also will generally have jurisdiction over the conduct that resulted in that order. Requiring registration of such orders will facilitate effective market monitoring by providing the Bureau a tool to identify and understand the nature of the risks to consumers presented by the conduct addressed in those orders, including the risk that the conduct might continue unabated outside of the particular jurisdiction that issued the order. For example, such information may inform the Bureau's supervisory or enforcement activities, as the Bureau may consider bringing its own action in connection with the same or related conduct. Or the conduct may be probative of a more systemic problem with one or more entities' overall willingness or capacity to comply with Federal consumer financial law across different product lines or aspects of their operations. Likewise, requiring registration of orders involving Federal consumer financial law will facilitate effective market monitoring by ensuring that the Bureau can quickly and effectively identify patterns of similar conduct across multiple nonbank covered persons. The identification of such patterns may indicate a problem that the Bureau could best address by engaging in rulemaking to clarify or expand available consumer protections to address emerging consumer risk trends. It may also prompt the Bureau to use other tools, such as consumer education, to address the identified risks.

Second, the Bureau is requiring registration of orders in connection with a violation of any other law as to which the Bureau may exercise enforcement authority, to the extent such violation arises out of conduct in connection with the offering or provision of a consumer financial product or service. The Bureau may enforce certain laws other than Federal consumer financial laws, as that term is defined in CFPA section 1002(14). The Bureau concludes that the registry should collect information regarding orders issued under any law that the Bureau may enforce, where the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service. By definition, the conduct addressed in such orders will generally fall within the scope of the Bureau's enforcement authority. More generally, the Bureau concludes that evidence of such conduct could be probative of a broader risk that the entity has engaged or will engage in conduct that may violate Federal consumer financial law. For example, violations of the Military Lending Act, as to which the Bureau has enforcement authority, may overlap with, or be closely associated with, violations of the CFPA's UDAAP prohibitions or the Truth in Lending Act, among other Federal consumer financial laws. In addition, in the Bureau's experience, a violation of one law within the Bureau's enforcement authority may be indicative of broader inadequacies in an entity's compliance systems that are resulting or could result in other legal violations, including violations of Federal consumer financial laws. Furthermore, including in the registry orders issued under any law that the Bureau may enforce (where the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service) will further the Bureau's objective of creating a cross-market registry that could serve as a reference tool for use in monitoring for risks to consumers, thereby increasing the Bureau's ability to use the registry to monitor for patterns of risky conduct of nonbank covered persons across entities, industries, and product offerings.

See, e.g., 10 U.S.C. 987(f)(6) (authorizing Bureau enforcement of the Military Lending Act). As the Bureau has explained in an interpretive rule, it also has authority to supervise nonbanks subject to its supervision regarding risks to consumers arising from conduct that violates the Military Lending Act. See Bureau Interpretive Rule, Examinations for Risks to Active-Duty Servicemembers and Their Covered Dependents, 86 FR 32723 (June 23, 2021). In this rulemaking, however, the Bureau does not need to rely on the authority described in that interpretive rule. Instead, to the extent that the final rule would collect information regarding orders issued under laws described in § 1092.201(c)(2) for the purpose of facilitating the Bureau's supervisory activities, the Bureau would do so because the Bureau believes such orders may be probative of a broader risk that an entity has engaged or will engage in conduct that may violate Federal consumer financial law.

15 U.S.C. 5531, 5536(a)(1)(B).

15 U.S.C. 1601 et seq.

Third, the Bureau is requiring registration in connection with orders issued under the prohibition on unfair or deceptive acts or practices under section 5 of the FTC Act, 15 U.S.C. 45, or any rule or order issued for the purpose of implementing that prohibition, to the extent that the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service. In matters where a government agency has reached a determination that an entity has violated section 5 of the FTC Act in connection with the offering or provision of a consumer financial product or service, the Bureau has reason to be concerned that the entity poses heightened risks to consumers in financial markets. For one thing, the conduct resulting in the order may have violated Federal consumer financial law. CFPA section 1031, for example, authorizes the Bureau to take action “to prevent a covered person or service provider from committing or engaging in an unfair, deceptive, or abusive act or practice under Federal law in connection with any transaction with a consumer for a consumer financial product or service, or the offering of a consumer financial product or service.” And CFPA section 1036(a)(1)(B) provides that “[i]t shall be unlawful” for a covered person “to engage in any unfair, deceptive, or abusive act or practice.” Congress modeled the CFPA's prohibition of unfair or deceptive acts or practices after the similar prohibition in section 5 of the FTC Act. Therefore, violations of FTC Act section 5 in connection with the provision or offering of a consumer financial product or service are highly probative of a heightened risk that UDAAP violations subject to the Bureau's jurisdiction have occurred or are occurring.

12 U.S.C. 5531(a).

12 U.S.C. 5536(a)(1)(B).

See15 U.S.C. 45; see also, e.g., Consumer Fin. Prot. Bureau v. ITT Educ. Servs., Inc., 219 F. Supp. 3d 878, 902-04 (S.D. Ind. 2015).

Moreover, the high probative value of such orders is not simply a function of the likelihood that underlying conduct could violate Federal consumer financial law. The Bureau concludes that, where an entity has engaged in conduct prohibited under FTC Act section 5 in connection with offering or providing a consumer financial product or service, there is a significant risk that upon closer inspection of the entity's activities it has engaged in other acts or omissions that either violate Federal consumer financial law or otherwise present risks to consumers in the consumer financial markets. For example, inadequacies in compliance systems are not likely limited to a particular Federal or State consumer protection law, and compliance-system inadequacies that result in FTC Act section 5 violations indicate a heightened risk of similar inadequacies related to the prevention of violations of Federal consumer financial laws. And, as described above, a registry of orders is particularly useful because a core purpose of the Bureau's monitoring efforts is to analyze patterns of risky conduct across entities, industries, product offerings, and jurisdictions. Such patterns would help the Bureau identify risks to consumers that warrant further action, such as more monitoring, increased supervisory attention in the case of supervised persons, regulation, or consumer education.

Fourth, the Bureau is requiring registration in connection with orders issued under State laws prohibiting unfair, deceptive, or abusive acts or practices that are identified in appendix A to part 1092, to the extent that the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service. State UDAP/UDAAP laws are generally modeled after—or otherwise prohibit conduct similar to that prohibited by—FTC Act section 5 or CFPA sections 1031 and 1036(a)(1)(B). Therefore, violations of State UDAP/UDAAP law in connection with the provision or offering of a consumer financial product or service are similarly highly probative of a heightened risk that UDAAP violations subject to the Bureau's jurisdiction have occurred or are occurring. In addition, violations of State UDAP/UDAAP law may be probative of the existence of violations of other laws within the Bureau's jurisdiction.

The Bureau is adopting a final version of appendix A to part 1092 with certain changes to the version in the proposal. For a discussion of these changes to the proposal, see the section-by-section discussion of § 1092.201(c) below.

15 U.S.C. 45; 12 U.S.C. 5531. See Request for Information on Payday Loans, Vehicle Title Loans, Installment Loans, and Open-End Lines of Credit, 81 FR 47781, 47783 (July 22, 2016) (“In the 1960s, States began passing their own consumer protection statutes modeled on the [Federal Trade Commission] Act to prohibit unfair and deceptive practices.”); see also Cal. Fin. Code sec. 90009(c)(3) (providing that “the term `abusive' shall be interpreted consistent with Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010”); Michael Greenfield, Unfairness Under Section 5 of the FTC Act and Its Impact on State Law, 46 Wayne L. Rev. 1869, 1899 (2000) (noting that “the state statutes actually were drafted and promoted by the Federal Trade Commission, which, one supposes, had a special interest in uniform, nationwide interpretation of the standards”).

To take just one example, UDAAP violations in connection with debt-collection efforts may also violate the Fair Debt Collection Practices Act's prohibition against unfair, deceptive, or abusive debt-collection practices. See15 U.S.C. 1692d-1692f.

Obtaining a better understanding of entities' compliance with State UDAP/UDAAP laws will assist the Bureau in the assessment and detection of risks for the same general reasons described with respect to alleged or found violations of FTC Act section 5—namely, that (i) conduct that violates State UDAP/UDAAP prohibitions commonly also violates laws under the Bureau's jurisdiction; and (ii) the Bureau believes that evidence of such conduct may be highly probative of a broader risk that the entity has engaged or will engage in similar conduct that may violate laws within the Bureau's jurisdiction, either as a result of a willingness to violate such laws or a lack of sufficient protections in place to prevent violations. Registration of State UDAP/UDAAP orders will facilitate effective market monitoring by ensuring that the Bureau can quickly and effectively identify patterns of risky conduct across entities, industries, consumer financial product or service offerings, and jurisdictions. The Bureau could then decide which Bureau functions are best suited to address the consumer risks raised by the orders.

For discussion of the final rule's requirements with respect to State laws amending or otherwise succeeding a law identified in appendix A, and rules or orders issued by State agencies for the purpose of implementing State UDAP/UDAAP laws, see the section-by-section discussion of § 1092.201(c) below.

D. Why the Bureau Is Requiring Supervised Nonbanks To Designate Attesting Executives and Submit Written Statements

The final rule will also require certain entities that are subject to the Bureau's supervision and examination authority to annually submit a written statement signed by a designated attesting executive regarding each covered order to which they are subject. In the written statement, the attesting executive will be required to (i) generally describe the steps that the executive has undertaken to review and oversee the entity's activities subject to the applicable covered order for the preceding calendar year, and (ii) attest whether, to the executive's knowledge, the entity during the preceding calendar year has identified any violations or other instances of noncompliance with any of the obligations that were imposed in a public provision of the covered order by the applicable agency or court based on a violation of a covered law. The final rule further requires that the entity designate as the attesting executive for each covered order its highest-ranking duly appointed senior executive officer (or, if the entity does not have any duly appointed officers, the highest-ranking individual charged with managerial or oversight responsibility for the entity) whose assigned duties include ensuring the entity's compliance with Federal consumer financial law, who has knowledge of the entity's systems and procedures for achieving compliance with the covered order, and who has control over the entity's efforts to comply with the covered order. The Bureau intends to publish the name and title of that executive in the public registry.

The Bureau concludes these requirements will serve two sets of distinct purposes relating to its exercise of its supervisory and examination authorities under CFPA section 1024.

First, the Bureau concludes the final rule's requirements that certain supervised entities (which are referred to in the rule as “supervised registered entities”) designate attesting executives and provide written statements will facilitate the Bureau's supervision efforts, including its efforts to assess compliance with the requirements of Federal consumer financial law, obtain information about supervised entities' activities and compliance systems or procedures, and detect and assess risks to consumers and to markets for consumer financial products and services. As discussed, the existence of one or more covered orders involving a supervised registered entity already raises red flags regarding the entity's compliance with Federal consumer financial law and the overall risk posed by such entity to consumers in the offering or provision of consumer financial products and services. Submission of a written statement regarding either compliance or noncompliance with such an order will provide the Bureau with important additional information regarding risks to consumers that may be associated with the order and the applicable supervised registered entity's compliance systems and procedures. Covered orders frequently contain provisions aimed at ensuring an entity's future legal compliance, such as reporting requirements, recordkeeping requirements, and provisions requiring the entity to obtain the issuing agency's nonobjection before adopting or amending relevant policies and procedures. An entity's sustained compliance with such provisions may mitigate the continuing risks to consumers presented by the entity and thus reduce the potential need for current supervisory activities. By contrast, an entity's noncompliance with the terms of an order may indicate a heightened need for current supervisory activities. And if an entity is committing significant or repeated violations of a covered order, or it is failing to take appropriate steps to address such violations and prevent their recurrence, that may indicate that the entity lacks the protocols and institutional commitment necessary to ensure compliance with legal obligations aimed at protecting consumers and ultimately with the Federal consumer financial laws. Entities that fail to comply with orders enforcing the law may be at greater risk of violating one or more laws within the Bureau's jurisdiction. Submission of the proposed written statements will enable the Bureau to conduct additional supervisory reviews or to otherwise investigate the matter in order to identify any such violations and related risks.

See12 U.S.C. 5514(b)(1), (7)(A)-(B). As explained in the “legal authority” section, 12 U.S.C. 5514(b)(7)(A) authorizes the Bureau to prescribe rules to facilitate Bureau supervision and the assessment and detection of risks to consumers, and 12 U.S.C. 5514(b)(7)(B) authorizes the Bureau to require supervised registered entities to “generate”— i.e., create—reports regarding their activities (including the required written statements) and then “provide” them to the Bureau.

As a result, the final rule's written statements will be particularly relevant when prioritizing the Bureau's supervisory activities under CFPA section 1024(b). As discussed above at part III(C) and below in the section-by-section discussion of § 1092.204, CFPA section 1024(b)(2) requires that the Bureau exercise its authority under CFPA section 1024(b)(1) in a manner designed to ensure that such exercise, with respect to persons described in section 1024(a), is based on the assessment by the Bureau of certain identified risks. For the reasons discussed above, the final rule's written statements will inform the Bureau's risk-based prioritization of its supervisory program under CFPA section 1024(b)(2). The Bureau anticipates that the written statements would be particularly helpful in assessing, among other things, “the risks to consumers created by the provision of . . . consumer financial products or services” and “the extent to which such institutions are subject to oversight by State authorities for consumer protection.”

12 U.S.C. 5514(a), (b)(2).

12 U.S.C. 5514(b)(2)(C)-(D). See additional discussion of the factors for risk-based supervisory prioritization in part IV(B) above.

The final rule's written-statement requirements also will improve the Bureau's ability to conduct its supervisory and examination activities with respect to the supervised nonbank, when it does choose to exercise its supervisory authority. The Bureau exercises its supervisory authority with respect to supervised nonbanks for certain purposes, including assessing compliance with the requirements of Federal consumer financial law, obtaining information about the activities and compliance systems or procedures of supervised nonbanks, and detecting and assessing risks to consumers and markets for consumer financial products and services. Assessing whether entities have adequate compliance management systems in place is a long-standing and standard component of the Bureau's examination process, and that assessment depends in part on understanding with whom certain responsibilities lie and how a compliance program is carried out. The Bureau concludes a supervised nonbank's written statements as required under the proposal will provide important information relevant to all of these statutory purposes. As explained below, a supervised nonbank's failure to comply with a relevant order under a covered law could indicate that the entity more generally lacks the will or ability to comply with its legal obligations, including its obligations under Federal consumer financial law. Such noncompliance may also indicate that the entity generally lacks adequate compliance systems or procedures, which in turn would create risks to consumers and to the markets for consumer financial products and services that the entity participates in. Conversely, written statements indicating that the entity had not identified any instances of noncompliance with a relevant order would also provide the Bureau with similarly useful information about the entity's efforts to comply with such orders and the entity's compliance systems and procedures related to the entity's offering and provision of consumer financial products and services. Thus, in cases where the Bureau determines to exercise its supervisory authorities with respect to a supervised nonbank required to submit written statements under the proposal, the Bureau would expect those written statements to be of value in conducting its examination work. For example, the Bureau may use the written statements in determining what information to require from a supervised nonbank, in determining the content of supervisory communications and recommendations, or in making other decisions regarding the use of its supervisory authority.

12 U.S.C. 5514(b)(1).

See CFPB Supervision and Examination Manual at CMR 1 (“To maintain legal compliance, an institution must develop and maintain a sound compliance management system . . . that is integrated into the overall framework for product design, delivery, and administration across their entire product and service lifecycle.”).

As explained below in the section-by-section discussion of § 1092.204(e), the Bureau is requiring supervised registered entities to maintain records to support their written statements. That recordkeeping requirement will further facilitate the Bureau's supervisory and examination activities because it will ensure the availability of records for the Bureau to review regarding the matters addressed in the written statements.

Second, the final rule's written-statement requirements will help ensure that supervised registered entities “are legitimate entities and are able to perform their obligations to consumers.” As discussed in part VIII below, the Bureau believes that most supervised registered entities subject to covered orders endeavor in good faith to comply with consumer protection laws and, accordingly, have put in place some manner of systems and procedures to help achieve such compliance. But the Bureau also expects that other supervised registered entities will not take their legal obligations seriously, including their obligations under Federal consumer financial law. The final rule's written-statement requirements will provide information that would help the Bureau assess in which category a particular entity falls. If, after reviewing a written statement, the Bureau concludes that an entity is not working in good faith to comply with its legal obligations, that conclusion might provide grounds for prioritizing the entity for supervisory examinations to assess its compliance with Federal consumer financial law. The Bureau expects that the risk of such increased supervisory scrutiny will provide an incentive for some entities to improve their compliance efforts so that they can submit a written statement that is less likely to result in increased scrutiny from the Bureau. Thus, by making it more difficult to quietly disregard the law, the Bureau concludes that the written-statement requirement will likely motivate at least a few supervised entities with substandard compliance practices to enhance their compliance efforts and comply with their legal obligations, including their obligations under Federal consumer financial law. The Bureau likewise believes that the final rule's requirement to designate an attesting executive with knowledge of the entity's systems and procedures for achieving compliance with the covered order and with control over the efforts to comply with the covered order will likely provide an incentive to pay more attention to the entity's legal obligations.

12 U.S.C. 5514(b)(7)(C). As explained in the “legal authority” section above, 12 U.S.C. 5514(b)(7)(A), (B), and (C) provide independent sources of rulemaking authority.

As explained above, in several cases, the Bureau has found that entities have violated prior orders that the Bureau has issued or obtained. See supra note 7.

To be clear, the final rule does not establish any minimum procedures or otherwise specify the steps the attesting executive must take in order to review and oversee the supervised registered entity's activities. Nor does the final rule establish any minimum level of compliance management or expectation for compliance systems and procedures at such entities, or purport to impose any restrictions on the manner in which supervised registered entities address such matters. However, as explained above, the Bureau expects that most supervised registered entities will be at least somewhat hesitant to repeatedly report the absence of good faith efforts to comply with covered orders. Also, the rule will require supervised registered entities to identify, on an annual basis, a high-level executive with knowledge and responsibility regarding an entity's efforts to comply with a covered order, which will facilitate any Bureau supervisory efforts related to the order or the matters addressed therein.

The Bureau is finalizing its preliminary findings that requiring certain supervised nonbanks to designate attesting executives and to submit written statements relating to compliance with reported orders will facilitate the Bureau's supervisory efforts and better ensure that supervised registered entities are legitimate entities and are able to perform their obligations to consumers.

E. Why the Bureau Is Adopting an Option for One-Time Registration of Orders Published on the NMLS Consumer Access Website

The Bureau received multiple comments on the proposal stating that the proposed registry was redundant with existing registries and other published information, and in particular with the NMLS. See the section-by-section analysis of § 1092.203 below for a discussion of these comments and the Bureau's response. Some consulting parties expressed similar concerns during the Bureau's interagency consultation process, as discussed in part V below. In light of those comments and concerns, the Bureau is adopting a one-time registration option for orders that are published on the NMLS Consumer Access website, which may be exercised at the election of the covered nonbank. Nonbanks that exercise this option may submit a one-time registration regarding certain agency and court orders that are published on the NMLS Consumer Access website maintained at www.NMLSConsumerAccess.org (except for orders issued or obtained by the Bureau), in lieu of complying with other requirements of the rule with respect to the order. Such nonbanks will be required to submit certain limited information to the Bureau's nonbank registry regarding the order to enable the Bureau to identify the relevant nonbank and order and otherwise coordinate the nonbank registry with the NMLS. Upon exercising this option and submitting the required information about the relevant order, a nonbank will have no further obligation under subpart B to provide information to, or update information provided to, the Bureau's nonbank registry regarding the order.

The one-time registration option established in the final rule will ensure that the Bureau is informed regarding risks to consumers in the offering or provision of consumer financial products and services, including developments in markets for such products and services, in a manner that promotes coordination and cooperation with the States while reducing potential burden on the companies that are required to register. This option is not available for orders that are issued or obtained at least in part by the Bureau itself.

The one-time registration option is consistent with § 1092.102(b), which provides that in administering the nonbank registry, the Bureau may rely on information a person previously submitted to the nonbank registry under part 1092 and may coordinate or combine systems in consultation with State agencies as described in CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D). Those statutory provisions provide that the Bureau shall consult with State agencies regarding requirements or systems (including coordinated or combined systems for registration), where appropriate. As § 1092.102(b) makes clear, the Bureau may develop or rely on such systems as part of maintaining the nonbank registry and may also rely on previously submitted information.

F. Why the Bureau Intends To Publish Certain Information Collected Under the Registration Requirements

The Bureau intends to publish a registry that contains certain information about nonbanks and orders collected under the rule. However, the Bureau is reserving the option not to publish information based on operational considerations, such as resource constraints.

For additional discussion regarding the Bureau's discretion not to publish information under § 1092.205(a), see the section-by-section discussion of that provision below.

While the orders subject to the rule will already be public, information about the orders may not be readily accessible in a comprehensive and collected manner, and some of the information submitted to the registry may not be readily available to the public. The Bureau intends to publish this information because it believes publication will provide benefits to the general public, other regulators, and to consumers, and would be consistent with Federal Government efforts to make government data assets publicly available. The Bureau has authority to publish the registration information under CFPA section 1022(c)(3)(B), which authorizes it to publish information obtained under section 1022 “as is in the public interest,” and under CFPA section 1022(c)(7)(B), which authorizes the Bureau to “publicly disclose registration information to facilitate the ability of consumers to identify covered persons that are registered with the Bureau.” As discussed further in the section-by-section discussion of § 1092.205(a) below, the Bureau finds that, except under certain circumstances, it will be in the public interest to publish certain information collected by the nonbank registry.

See also the discussion of these issues in the section-by-section discussion of § 1092.205 below.

12 U.S.C. 5512(c)(3)(B).

12 U.S.C. 5512(c)(7)(B).

A variety of Federal regulators, including the prudential regulators, as well as State attorneys general and other State agencies, all have authority to issue orders to address legal violations in the provision or offering of consumer financial products or services. Consequently, similar conduct may be addressed through separate orders, by separate regulators, or across separate lines of business. Again, the orders that would be published under the proposal would already be public. But such orders, while public, are currently subject to distinct publication regimes. The distinct enforcement and publication regimes for the various agencies with authority over nonbank covered persons make it more difficult for the Bureau, consumers, and other interested parties to identify entities that engage in misconduct and repeatedly violate the law. The final rule will address that issue by creating a registry of orders that relate to offering or providing consumer financial products or services and the nonbanks that are subject to them. The registry will enable users of the nonbank registry to become better informed about those orders and nonbanks and promote transparency in the markets for consumer financial products and services.

The Bureau recognizes that much public information about such orders already exists. In particular, some information is available to potential users through the NMLS Consumer Access website, which is owned and operated by the State Regulatory Registry LLC, which is a wholly owned subsidiary of the Conference of State Bank Supervisors. In addition, the applicable Federal and State regulators generally each publish their own orders enforcing consumer financial law; thus, potential users may be able to access some of this information by means of the various websites and other databases maintained by individual agencies or other multiagency websites. And still other information is published and maintained by private actors.

As discussed in part IV(E) above and in the section-by-section discussion of § 1092.203 below, the Bureau is adopting a one-time registration option with respect to orders that are published on the NMLS Consumer Access website, www.NMLSConsumerAccess.org (except for orders issued or obtained by the Bureau). This option will reduce burden on eligible entities that are subject to the rule, help avoid confusion, and promote coordination with the States in exercising the Bureau's nonbank registration authorities by leveraging information already gathered and published by the States. The Bureau intends to publish certain limited information collected under this one-time registration option for the purposes of informing users of the registry of particular orders published on the NMLS Consumer Access website and the applicable nonbanks subject to them. The Bureau's registry will alert users of the NMLS that orders have been issued against nonbanks subject to the Bureau's jurisdiction in connection with the offering or provision of consumer financial products or services. Where an order has been registered with the Bureau's registry under the option discussed in part IV(E) above, users may also refer to the NMLS for additional information about that order, to the extent consistent with any terms of use or other conditions of access that the NMLS's operator may impose.

The Bureau is authorizing the establishment of its own public registry in order to provide access to a new centralized and publicly available database containing information about applicable nonbanks and the orders to which they are subject, specifically in connection with the offering and provision of consumer financial products and services. While certain State regulators provide information about certain public enforcement actions through the NMLS, including in some cases publishing related orders on the NMLS Consumer Access website, such information does not extend to all of the orders and all of the agencies that are addressed by the final rule, including orders issued by Federal agencies. It is also limited to only certain industry sectors. Therefore, there appears to be limited collective information regarding all of the orders that have been issued by multiple regulators to particular entities across multiple product markets and geographic markets related to consumer financial products and services. To the Bureau's knowledge, there is currently no public government registry at the Federal or State level for the collection of information about such orders across the entities subject to the Bureau's jurisdiction (though privately maintained databases may exist). No government agency appears to maintain a publicly available repository of such orders and other related information with respect to particular entities as they relate to consumer financial products and services. The Bureau believes that consumers would benefit from a registry that is maintained by the Federal Government for the purpose of providing information regarding such orders.

The Bureau believes that there will be significant value in creating a public repository of information related to public agency and court orders that impose obligations based on violations of consumer protection laws, and the nonbanks under the Bureau's jurisdiction that are subject to them. Publication of certain data collected pursuant to this rule is in the public interest in a variety of ways. By improving public transparency, the Bureau intends to mitigate recidivism and more effectively deter unlawful behavior. Providing better tools to monitor repeat law violators and corporate recidivism is in the public interest. Researchers will be able to use published information to better understand the markets regulated by the Bureau and the participants in those markets, and their efforts may result in more thorough understanding and promote compliance with the law. Non-government entities will likewise be able to use published information in conducting their work and in identifying potential issues and risks affecting consumers in the markets for consumer financial protection and services. Industry can use a public registry as a convenient source of information regarding regulator actions and trends across jurisdictions, helping industry actors to better understand legal risks and compliance obligations. A public registry will also provide potential investors, contractual partners, financial firms, and others that are conducting due diligence on a registered nonbank a consolidated source of information regarding public orders. Establishing a source for public data on entity lawbreaking and recidivism will promote tracking and awareness of such matters by consumer groups, trade associations, firms conducting due diligence, the media, and other parties.

See also the discussion of these issues in the section-by-section discussions of §§ 1092.202(b) and 1092.205(a) below.

Government agencies—including, but not limited to, the Bureau—will also benefit from the public registry. While the orders that the Bureau intends to publish under the rule will already be public, every Federal, State, and local agency with jurisdiction over a covered nonbank will benefit from access to a regularly maintained database providing up-to-date information on relevant public orders that have been issued against such entities. Such information will help agencies to detect risks to consumers, and to coordinate and maintain consistency with the Bureau and other agencies in their enforcement strategies and approaches. Agencies can use the published information to better identify registered nonbanks and determine their legal structure and organization, since the registry will (subject to the option for NMLS-published covered orders) require registered nonbanks to submit and maintain up-to-date identifying information, including legal name and principal place of business. Also, publication of registration information and information regarding orders will assist other agencies in assessing the potential risks to consumers that may be posed by registered nonbanks and in making their own determinations regarding whether to conduct examinations or investigations, bring enforcement actions against nonbanks, or engage in other regulatory activities. For example, a State regulator attempting to improve its assessments of consumer risk trends among nonbank payday lenders in its State should be able to use the Bureau's registry to identify what other regulators of the same or similar nonbank providers or products have recently identified in terms of such risks. In addition, the Bureau believes that many agencies would find the published information useful in making other determinations regarding the nonbanks registered under the proposal. For example, an agency may be able to use this information when making determinations regarding an application or license, or to ask relevant questions regarding the information that is published. Thus, the Bureau believes that, with access to a public Bureau registry of these orders, those similarly tasked with protecting consumers in the markets for consumer financial products and services would obtain many of the same powerful market-monitoring benefits that the Bureau anticipates obtaining from this rule.

As described in part V below, certain consulting parties confirmed to the Bureau during the interagency consultation process that they would find the registry useful in conducting their own operations, while certain other consulting parties stated that they would not.

In developing the proposal, the Bureau considered whether it might be better to use confidential channels, or perhaps a private electronic portal, to exchange this information with other government agencies. However, the Bureau believes that such an approach likely would be impractical. Not every agency that would be able to use the information would be aware of the need to request access to the information from the Bureau or would necessarily be able to expend the resources to maintain access. The Bureau would need to expend its own resources to establish and maintain such channels. And the Bureau believes that such a system would not achieve the benefits of disclosure to consumers and the public discussed in this section. Publication also would formally align the proposed registry with Federal Government standards calling for publishing information online as open data.

See, e.g., Open, Public, Electronic, and Necessary Government Data Act, in title II of Public Law 115-435 (Jan. 14, 2019).

Consumers may also benefit from the collection and publication of the information collected by the registry, including information about orders that are already public. At least in certain cases, publishing information about the entity and its applicable orders in a public registry as intended by the Bureau will potentially help certain consumers make informed decisions regarding their choice of consumer financial products or services. As discussed at part VIII below, the Bureau does not necessarily expect a wide group of consumers to rely routinely on the Bureau's registry when selecting consumer financial products or services. However, the Bureau believes that the registry will benefit certain consumers if the information in the registry is recirculated, compiled, or analyzed by other users such as consumer advocacy organizations, researchers, or the media. For example, media outlets can use the registry to report which entities have the most government orders enforcing the law against them, which would inform consumers about such repeat offenders.

Publication of the registry as intended by the Bureau will also facilitate private enforcement of the Federal consumer financial laws by consumers, to the extent those laws provide private rights of action, where consumers have been harmed by a registered nonbank. Such publication will be useful in helping consumers understand the identity of a company that has offered or provided a particular consumer financial product or service, and in determining whether to file suit or otherwise make choices regarding how to assert their legal rights. And availability of this information could lead consumers and other persons to report to the Bureau instances of similar conduct for the Bureau to investigate.

Under the final rule, the Bureau will not publish the written statement submitted by a supervised registered entity but will instead treat the written statement as Bureau confidential supervisory information subject to the provisions of its rule on the disclosure of records and information at 12 CFR part 1070. The Bureau does intend to publish the name and title of the attesting executive(s) submitted by the supervised registered entity. The Bureau intends to disclose this name and title information because it concludes that, except as described in the section-by-section discussion of § 1092.205 below, publication of this information will be in the public interest. In particular, it will help ensure accountability at the entity for noncompliance. The Bureau concludes that the publication of the executive's name and title will provide an incentive to pay more attention to covered orders. The Bureau believes that designating an attesting executive will prompt that executive to focus greater attention on ensuring the entity's compliance with a covered order, and in turn increase the likelihood of compliance. Publication of this designation as intended by the Bureau will increase the likelihood of these effects. Such publication of the designation will identify for other regulators (and the general public) the highest-ranking executive at the supervised registered entity who has control over the entity's efforts to comply with the covered order and otherwise satisfies the rule's designation requirements. Just as the possibility of Bureau scrutiny of the attesting executive's conduct is likely to motivate the executive to devote greater attention to compliance efforts, the additional scrutiny from others outside the Bureau will further promote compliance. Publishing the attesting executive's name and title thus dovetails with the supervisory goals discussed above in part IV(D).

Publishing the name and title of the executive who has knowledge and control of the supervised entity's efforts to comply with the covered order, as intended by the Bureau, will benefit users of the registry in other ways. For example, publishing this information may help certain consumers better understand and monitor the conduct of the entities with whom they do business, including how the company assigns responsibility for compliance with Federal consumer financial law. Researchers, media, and other users of the information may be able to detect trends or patterns associated with such information. Publication as intended by the Bureau may also help whistleblowers and consumers better understand the operations and structure of the supervised entity, such as to which department or division of the company to direct whistleblowing complaints, information about violations, or requests for information with respect to the covered order in order to ensure that their complaint, information, or request is being sent to the appropriate part of the organization. Clients or other companies that do business with the entity will also have a better understanding of which areas of the company are affected by a covered order and who is responsible for compliance with it.

Publishing such name and title information will also facilitate coordination and communication regarding the order between the Bureau, other government agencies, and the nonbank entity. Other regulators, especially those that have issued orders regarding the supervised entity, would likely benefit from understanding which executive(s) have been tasked with ensuring compliance with their orders. And disclosure of this information would increase transparency regarding how the Bureau processes and verifies information submitted as part of the registry.

V. Summary of Rulemaking Process

A. Consultation With Other Agencies in Exercising the Authorities Relied Upon in the Proposal and Final Rule

One of the authorities cited as a basis for components of the Bureau's proposed rule and final rule is CFPA section 1022(c)(7), which provides that the “Bureau may prescribe rules regarding registration requirements applicable to a covered person, other than an insured depository institution, insured credit union, or related person.” Congress provided that “[i]n developing and implementing registration requirements under [section 1022(c)(7)], the Bureau shall consult with State agencies regarding requirements or systems (including coordinated or combined systems for registration), where appropriate.” CFPA section 1024(b)(7)—the statutory basis for the written-statement requirement—includes a similar consultation provision.

12 U.S.C. 5512(c)(7)(A).

12 U.S.C. 5512(c)(7)(C).

12 U.S.C. 5514(b)(7)(D) (“In developing and implementing requirements under this paragraph, the Bureau shall consult with State agencies regarding requirements or systems (including coordinated or combined systems for registration), where appropriate.”).

Accordingly, the Bureau has consulted with State agencies, including State agencies involved in supervision of nonbanks and State agencies charged with law enforcement, in crafting the proposal's and final rule's registration requirements and system. In developing the proposal and this final rule, the Bureau considered the input it received from State agencies, including concerns expressed regarding possible duplication between any registration system the Bureau might build and existing registration systems.

In addition, before proposing a rule under the Federal consumer financial laws, including CFPA sections 1022(b)-(c) and 1024(b), and during the applicable comment process, the Bureau must consult with appropriate prudential regulators or other Federal agencies regarding consistency with prudential, market, or systemic objectives administered by such agencies. In developing the proposal and this final rule, the Bureau consulted with prudential regulators and other Federal agencies and considered the input it received.

12 U.S.C. 5512(b)(2)(B) (“In prescribing a rule under the Federal consumer financial laws . . . the Bureau shall consult with the appropriate prudential regulators or other Federal agencies prior to proposing a rule and during the comment process regarding consistency with prudential, market, or systemic objectives administered by such agencies . . . .”).

The Bureau also consulted with Tribal governments regarding this rulemaking pursuant to CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D). In addition, the Bureau consulted with tribal governments in accordance with applicable Bureau policy. In developing this final rule, the Bureau considered the input of Tribal governments, including concerns tribal governments expressed regarding maintaining Tribal sovereignty.

See12 U.S.C. 5512(c)(7)(C), 5514(b)(7)(D) (requiring consultation with “State agencies”); see also12 U.S.C. 5481(27) (term “State” includes “any federally recognized Indian tribe, as defined by the Secretary of the Interior under” 25 U.S.C. 5131(a)).

See Consumer Fin. Prot. Bureau, Policy for Consultation with Tribal Governments, https://files.consumerfinance.gov/f/201304_cfpb_consultations.pdf.

Each of the Bureau's outreach efforts is discussed in turn below.

B. Pre-Proposal Outreach

The Bureau received feedback from external stakeholders in developing the notice of proposed rulemaking. The following is a summary of that effort.

1. State Agencies and Tribal Governments

As required by CFPA sections 1022(c)(7) and 1024(b)(7), the Bureau consulted with State agencies and Tribal governments, including agencies involved in supervision of nonbanks and agencies charged with law enforcement, in crafting the proposed registration requirements and registry. Among other meetings, the Bureau's consultation efforts included presentations to State and Tribal governments on October 13, October 20, October 27, November 3, November 10, November 17, and November 21, 2022, explaining proposals then under consideration and requesting feedback. In addition, on October 31, 2022, Bureau staff met with State financial regulators and staff of the Conference of State Bank Supervisors to discuss technical questions to better understand whether and how the Bureau could combine or coordinate its proposed registry with the NMLS. In developing its proposed rule, the Bureau considered the input it received from State agencies and Tribal governments. This input included concerns State agencies expressed regarding possible duplication between any registration system the Bureau might build and existing registration systems. This input also included concerns Tribal governments expressed regarding maintaining Tribal sovereignty.

12 U.S.C. 5512(c)(7)(C); 12 U.S.C. 5514(b)(7)(D).

In addition to the listed meetings, the Bureau participated in other meetings with one or more representatives of State financial regulators regarding the Bureau's proposed registry, including meetings in August and September 2022.

2. Federal Regulators

Before proposing a rule under the Federal consumer financial laws, including CFPA sections 1022(c) and 1024(b), the Bureau must consult with appropriate prudential regulators or other Federal agencies regarding consistency with prudential, market, or systemic objectives administered by such agencies. In developing this proposal, the Bureau consulted with prudential regulators and other Federal agencies and considered the input it received.

12 U.S.C. 5512(b)(2)(B).

C. Notice of Proposed Rulemaking

On December 12, 2022, the Bureau issued its proposed rule to establish a public registration system for nonbank covered persons subject to certain agency and court orders. The proposal was published in the Federal Register on January 30, 2023, and the public comment period closed on March 31, 2023. The Bureau received more than 60 comments on the proposal during the comment period. Commenters included individual consumers, consumer advocate commenters, tribes, the U.S. Small Business Administration Office of Advocacy (SBA Office of Advocacy), industry, and others, including a joint comment letter from State regulators.

88 FR 6088 (Jan. 30, 2023).

In addition, the Bureau also received three ex parte communications, one from a journalist commenter, one from a consumer advocate commenter, and another from an industry commenter. Summaries of those ex parte communications are available on the public docket for this rulemaking. The Bureau also received a joint comment letter from Members of Congress related to the proposed rule, which is also available on the public docket.

See CFPB, Policy on Ex Parte Presentations in Rulemaking Proceedings,82 FR 18687 (Apr. 21, 2017).

See https://www.regulations.gov/docket/CFPB-2022-0080 .

Relevant information received via comment letters, as well as ex parte submissions, is discussed above in part IV, as well as the section-by-section analysis and subsequent parts of this document, as applicable. The Bureau considered all comments it received regarding the proposal, made certain modifications, and is adopting the final rule set forth herein. Comments regarding the Bureau's impact analyses are discussed in parts VIII and IX below.

D. Further Outreach

Before finalizing a proposed rule under the Federal consumer financial laws, including CFPA sections 1022(c) and 1024(b), the Bureau must consult with appropriate prudential regulators or other Federal agencies regarding consistency with prudential, market, or systemic objectives administered by such agencies. In developing this final rule, the Bureau consulted with prudential regulators and other Federal agencies and considered the input it received.

12 U.S.C. 5512(b)(2)(B).

As required by CFPA sections 1022(c)(7) and 1024(b)(7), the Bureau also consulted with State agencies and Tribal governments, including agencies involved in supervision of nonbanks and agencies charged with law enforcement, in crafting the registration requirements and system. Among other meetings, the Bureau's consultation efforts included presentations to State agencies and Tribal governments on February 21, 22, and 23, 2024, explaining proposals then under consideration and requesting feedback, as well as a meeting between representatives of the Bureau and State agencies on April 18, 2024. In developing the final rule, the Bureau considered the public comments it received from tribes and via a joint comment letter from State regulators, as well as the input it received from State agencies and Tribal governments during the consultation process.

12 U.S.C. 5512(c)(7)(C); 12 U.S.C. 5514(b)(7)(D).

As explained above, during the rulemaking process for issuing rules under the Federal consumer financial laws, Bureau policy is to consult with appropriate Tribal governments. See https://files.consumerfinance.gov/f/201304_cfpb_consultations.pdf.

In interagency consultations, several consulting parties reasserted issues that had been raised in the comment letters. Those comments are addressed elsewhere in the applicable sections of this preamble.

Consistent with an approach suggested by commenters, including in a joint comment letter submitted by a group of State regulators, the Bureau is adopting a one-time registration option for nonbanks to submit certain information about orders published on the NMLS Consumer Access website (except for orders issued or obtained by the Bureau), in lieu of complying with the other requirements of the rule with respect to such orders.

See part IV(E) and the section-by-section discussion of § 1092.203 below.

Consulting partners also raised certain additional issues that the Bureau addresses in this section. During consultation, some consulting parties expressed concerns with aspects of the final rule and stated that they would not use the information collected by the Bureau and potentially published as provided in the rule. However, other consulting parties expressed general support for the Bureau's adoption of the final rule, and confirmed to the Bureau during the interagency consultation process that they would find the registry useful in conducting their own operations.

For further discussion regarding the final rule's approach to authorizing publication of registry information by the Bureau, including the ability of other agencies to use such information, see part IV(F) and the section-by-section discussion of § 1092.205 below.

The Bureau satisfied all applicable statutory requirements with respect to interagency consultations, including CFPA sections 1022(c)(7) and 1024(b)(7). As described in this section, the Bureau engaged in oral and written discussions with State regulators as it developed the proposal, during the notice-and-comment process, and before finalizing the rule. Throughout the consultation process, it has solicited the views of State regulators regarding the combination and coordination of systems as well as other matters relating to both the proposal and the final rule. Some consulting parties sought further engagement with the Bureau on aspects of the rulemaking, which the Bureau granted.

The Bureau also offered the States an opportunity to give specific, concrete feedback on the proposed registry, including providing feedback regarding how that system might be combined or further coordinated with other registration systems, as contemplated by CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D).

Certain consulting parties raised questions about the one-time registration option for NMLS-published covered orders in § 1092.203, stating that any final rule should strike reporting and registration requirements for any violations of State consumer financial laws, rules, and agency orders. As discussed in part IV(E) above and the section-by-section discussion of § 1092.203 below, the Bureau concluded that the option provided under § 1092.203 is an appropriate means of furthering the purposes of the final rule, including the final rule's provisions restricting the availability of that option to “NMLS-published covered orders” as that term is defined at § 1092.201(k). For discussion of the application of the final rule to State laws and orders, see the section-by-section discussions of § 1092.201(c) and (d) below.

Certain consulting parties urged the Bureau to exempt from its rule any nonbank entity meeting the Small Business Administration's definition of “small business” because, in the consulting parties' view, the rule would be overly expansive and particularly burdensome for small nonbank entities not subject to Bureau supervision. As explained in parts VIII and IX below, however, the Bureau has determined that the rule will not impose significant burdens on a substantial number of small entities. The Bureau thus declines to exempt all small businesses from the rule's requirements. As explained below, however, entities with less than $5 million in annual receipts resulting from offering or providing all consumer financial products and services described in CFPA section 1024(a) are not subject to the requirements imposed in § 1092.204 of the rule.

12 U.S.C. 5514(a).

One consulting party asserted that the final rule's treatment of Tribal instrumentalities or entities wholly owned by tribes was inconsistent with the treatment proposed by the Bureau in its 2023 proposed rule regarding registration of nonbanks that use certain terms and conditions. The Bureau disagrees with the consulting party's characterization of its other proposal. The present final rule does not adopt a different or narrower approach to issues related to tribally affiliated entities than the Bureau proposed in its other proposed rule. That proposed rule, like the present final rule, did not propose to exempt entities that are not part of the tribe itself from its proposed registration requirements. As discussed further in the section-by-section discussion of § 1092.201(d) below, the Bureau declines to provide an express exemption from the final rule for Tribal instrumentalities or entities wholly owned by tribes because the Bureau does not choose to use this rulemaking as the vehicle for determining the circumstances under which tribally affiliated entities qualify as part of the tribe itself. As discussed in the section-by-section discussion of §§ 1092.202(g) and 1092.204(f) below, the Bureau believes that the voluntary good-faith filing option established in those sections of the final rule provides a satisfactory mechanism for tribally affiliated entities to avoid the risk of an enforcement action where they decide not to register an order or submit a written statement based on a good-faith belief that they are not a covered nonbank or a supervised registered entity, such as on the grounds that they qualify as part of a federally recognized tribe and thus as a “State.”

See Registry of Supervised Nonbanks That Use Form Contracts To Impose Terms and Conditions That Seek To Waive or Limit Consumer Legal Protections, 88 FR 6906, 6937-38 (Feb. 1, 2023).

Consulting parties also expressed concerns, including confidentiality and privacy concerns, regarding the notifications of non-registration provided for in §§ 1092.202(g) and 1092.204(f) of the final rule. As discussed in the section-by-section discussion of those sections below, the option to file notifications of non-registration under these provisions is voluntary and does not impose any mandatory process or other obligation on tribes or any other persons. Nor would a decision not to file a voluntary good-faith notification change or enlarge the coverage of the rule. Certain consulting parties stated that the Bureau should adopt a more informal mechanism for submitting such notifications, such as via electronic mail or regular mail to a designated Bureau representative. The Bureau does not believe that eliminating the voluntary option to file notifications of non-registration via the nonbank registry under §§ 1092.202(g) and 1092.204(f), or soliciting separate communications from persons that may wish to notify the Bureau of the type of information that would be submitted to the Bureau under those sections of the final rule, would improve the confidentiality or privacy of those communications. Nor would such an informal approach enhance the efficiency or effectiveness of the nonbank registry. Instead, such an approach would add complexity to the process of notifying the Bureau about issues relevant to the registry and thus deter the submission of relevant information to the Bureau. The Bureau concludes that a system-based approach to such matters will be more efficient and effective in accomplishing the purposes of the final rule. Nor is it clear that it would be less burdensome for either a tribe or the Bureau to engage in such informal and ad hoc communications than it would be for the tribe to submit a succinct electronic notification of non-registration under §§ 1092.202(g) and 1092.204(f) via the nonbank registry.

A consulting party stated that the Bureau should specify whether or not, in what level of detail, and how the Bureau intends to make registry information publicly available. For discussions addressing these matters, see part IV(F) and the section-by-section discussion of § 1092.205(a) regarding the information the Bureau intends to publish under § 1092.205(a) of the final rule.

See the section-by-section discussion of §§ 1092.201(d), 1092.202(g), and 1092.204(f) below for additional discussion of issues related to tribes and the notifications of non-registration provided for in the final rule.

VI. Section-by-Section Analysis

Part 1092

Subpart A—General

Section 1092.100 Authority and Purpose

Proposed Rule

Proposed § 1092.100(a) would have set forth the legal authority for proposed 12 CFR part 1092, including all subparts. Proposed § 1092.100 would have referred to CFPA sections 1022(b) and (c) and 1024(b), which were discussed in section III of the proposal.

12 U.S.C. 5512(b), (c); 12 U.S.C. 5514(b).

Proposed § 1092.100(b) would have explained that the purpose of part 1092 is to prescribe rules regarding nonbank registration requirements, to prescribe rules concerning the collection of information from registered entities, and to provide for public release of that information as appropriate.

Comments Received and Final Rule

The Bureau solicited comment on proposed § 1092.100 and did not receive any comments specifically regarding proposed § 1092.100. See part III above for a general discussion of several CFPA provisions on which the Bureau relies in this rulemaking. The Bureau is finalizing § 1092.100 as proposed, with minor technical changes.

Section 1092.101 General Definitions

Section 1092.101(a)

Proposed § 1092.101(a) would have defined the terms “affiliate,” “consumer,” “consumer financial product or service,” “covered person,” “Federal consumer financial law,” “insured credit union,” “person,” “related person,” “service provider,” and “State” as having the meanings set forth in the CFPA, 12 U.S.C. 5481. The Bureau solicited comment on this proposed provision and received no comments. The Bureau is finalizing § 1092.101(a) as proposed.

Section 1092.101(b)

Proposed § 1092.101(b) would have defined the term “Bureau” as a reference to the Consumer Financial Protection Bureau. The Bureau solicited comment on this proposed definition and received no comments on this proposed definition. The Bureau is finalizing § 1092.101(b) as proposed.

Section 1092.101(c)

Proposed § 1092.101(c) would have clarified that the terms “include,” “includes,” and “including” throughout part 1092 would denote non-exhaustive examples covered by the relevant provision. The Bureau solicited comment on proposed § 1092.101(c). No commenters addressed proposed § 1092.101(c). The Bureau is finalizing § 1092.101(c) as proposed. As used in the final rule, these terms should not be construed more restrictively than the ordinary usage of such terms so as to exclude any other thing not referred to or described.

See, e.g., Christopher v. SmithKline Beecham Corp., 567 U.S. 142, 162 (2012) (use of “includes” indicates that “the examples enumerated in the text are intended to be illustrative, not exhaustive”).

See12 U.S.C. 5301(18)(A) (similarly defining the term “including” for purposes of the Dodd-Frank Act by reference to 12 U.S.C. 1813).

Section 1092.101(d)

Proposed § 1092.101(d) would have defined the term “nonbank registration system” to mean the Bureau's electronic registration system identified and maintained by the Bureau for the purposes of part 1092. The Bureau solicited comment on this proposed definition and received no comments on the proposed definition.

The Bureau is finalizing § 1092.101(d) as proposed, with minor revisions to change this term to “nonbank registry,” which as adopted in the final rule means “the Bureau's electronic registry identified and maintained by the Bureau for the purposes of part 1092.” The Bureau is adopting the revised definition for stylistic reasons, with no change in meaning from the term “nonbank registration system” that was used in the proposed rule. The Bureau is also adopting corresponding changes to the proposed rule to use the term “nonbank registry” instead of the term “nonbank registration system” throughout the final rule, including at §§ 1092.102(a) through (c); 1092.201(a); 1092.202(b), (c), (f), (g); 1092.204(d), (f); and 1092.205(a), (c) of the final rule.

Section 1092.101(e)

Proposed § 1092.101(e) would have defined the term “nonbank registration system implementation date” to mean, for a given requirement or subpart of part 1092, the date(s) determined by the Bureau to commence the operations of the nonbank registration (NBR) system in connection with that requirement or subpart. The Bureau anticipated that the nonbank registration system implementation date with respect to proposed subpart B would occur sometime after the effective date of the final rule and no earlier than January 2024. The Bureau explained that the actual nonbank registration system implementation date would depend, in significant part, upon the Bureau's ability to develop and launch the required technical systems that would support the submission and review of applicable filings, and on feedback provided by commenters regarding the time registrants would need to implement proposed part 1092's requirements. The Bureau proposed to provide advance public notice regarding the nonbank registration system implementation date with respect to subpart B to enable entities subject to subpart B to prepare and submit timely filings to the NBR system. No comments addressed this proposal.

The Bureau is finalizing § 1092.101(e) largely as proposed with two revisions as follows.

First, for stylistic reasons, the Bureau is adopting a revision to change this term to “nonbank registry implementation date” (without any change in meaning). This revision corresponds with the Bureau's adoption of the term “nonbank registry” in § 1092.101(d) as discussed above. The Bureau is also adopting corresponding changes to the proposed rule to use the term “nonbank registry implementation date” instead of the term “nonbank registration system implementation date” throughout the final rule, including at §§ 1092.202(b) and 1092.204(a) of the final rule.

Second, the final rule provides that the definition of the term “nonbank registry implementation date” in § 1092.101(e) means, for a given requirement or subpart of part 1092, or a given person or category of persons, the date(s) determined by the Bureau to commence the operations of the nonbank registry in connection with that requirement or subpart. Thus, the final rule clarifies that the nonbank registry implementation date may be different for different persons or categories of persons.

Also, in connection with this change, the Bureau is adopting a new section of the final rule at § 1092.206 that specifies the nonbank registry implementation date in connection with the requirements of subpart B for three different categories of covered persons subject to the final rule. While the proposal would have provided for a separate later determination by the Bureau of the “nonbank registration system implementation date,” the Bureau concludes that specifying the nonbank registry implementation date in the final rule will provide registrants and the Bureau with more information and certainty regarding the timing of the launch of the registry and the requirements imposed under the final rule. Section 1092.206 of subpart B establishes different nonbank registry implementation dates for covered nonbanks that are larger participants in supervised markets, other supervised nonbanks, and other covered nonbanks for registrations under subpart B. For further information, see the section-by-section analysis of § 1092.206 below.

Section 1092.102 Submission and Use of Registration Information

Section 1092.102(a) Filing Instructions

Proposed Rule

Proposed § 1092.102(a) would have provided that the Bureau shall specify the form and manner for electronic filings and submissions to the NBR system that are required or made voluntarily under part 1092. The Bureau explained that it would issue specific guidance for filings and submissions. The Bureau anticipated that its filing instructions may, among other things, specify information that filers must submit to verify that they have authority to act on behalf of the entities for which they are purporting to register. The Bureau proposed to accept electronic filings and submissions to the NBR system only and did not propose to accept paper filings or submissions.

Proposed § 1092.102(a) also would have stated that the Bureau may provide for extensions of deadlines or time periods prescribed by the proposed rule for persons affected by declared disasters or other emergency situations. The Bureau explained in the proposal that such situations could include natural disasters such as hurricanes, fires, or pandemics, and also could include other emergency situations or undue hardships including technical problems involving the NBR system. For example, the Bureau could defer deadlines during a presidentially declared emergency or major disaster under the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5121 et seq.) or a presidentially declared pandemic-related national emergency under the National Emergencies Act (50 U.S.C. 1601 et seq.). The Bureau stated that it would issue guidance regarding such situations.

Comments Received and Final Rule

The Bureau did not receive comments specifically about proposed § 1092.102(a). The Bureau is finalizing § 1092.102(a) as proposed.

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau's adoption of the revised term “nonbank registry.”

Section 1092.102(b) Coordination or Combination of Systems

Proposed Rule

Proposed § 1092.102(b) would have provided that in administering the NBR system, the Bureau may rely on information a person previously submitted to the NBR system under part 1092. This proposed section would have clarified, for example, that the registration process for proposed subpart B may take account of information previously submitted, such as in a prior registration under subpart B or, if applicable, a registration of nonbanks that use certain terms and conditions and related information under subpart C.

Proposed § 1092.102(b) also would have provided that in administering the NBR system, the Bureau may coordinate or combine systems in consultation with State agencies as described in CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D). Those statutory provisions provide that the Bureau shall consult with State agencies regarding requirements or systems (including coordinated or combined systems for registration), where appropriate. The Bureau sought comment on the types of coordinated or combined systems that would be appropriate and the types of information that could be obtained from or provided to State agencies.

Comments Received

In connection with proposed § 1092.102(b), the Bureau sought comment on the types of coordinated or combined systems that would be appropriate under CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D) and the types of information that could be obtained from or provided to State agencies. For a discussion of certain comments related to this topic, and the Bureau's response thereto, see the section-by-section discussion of § 1092.203.

A consumer advocate commenter agreed that the Bureau, in administering the NBR system, should rely on information an entity previously submitted to the registry under part 1092 and coordinate or combine systems with State agencies, as provided in proposed § 1092.102(b). The commenter stated that not only would this provision allow for more efficient implementation of the registry by avoiding duplicative or redundant efforts but would also reflect the importance of this registry to both Federal and State regulators, and that the Bureau should consider coordination with existing State consumer financial protection agencies.

Response to Comments Received

As required by CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D) and described in part V, the Bureau has consulted with State agencies on requirements and systems related to the nonbank registry. The Bureau also intends to continue to consult with State agencies in implementing the nonbank registry. Under § 1092.203, with respect to any NMLS-published covered order, a covered nonbank that is identified by name as a party subject to the order may elect to comply with the one-time registration option described in that section in lieu of complying with the requirements of §§ 1092.202 and 1092.204. As discussed in the section-by-section discussion of § 1092.203, the Bureau is adopting this option partly in recognition of the statutory mandates to consult with State agencies regarding combined or coordinated systems for registration in CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D).

Final Rule

For the reasons discussed above, the Bureau is finalizing § 1092.102(b) as proposed.

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau's adoption of the revised term “nonbank registry.”

Section 1092.102(c) Bureau Use of Information

Proposed Rule

Proposed § 1092.102(c) would have provided that the Bureau may use the information submitted to the NBR system under this part to support its objectives and functions, including in determining when to exercise its authority under CFPA section 1024 to conduct examinations and when to exercise its enforcement powers under subtitle E of the CFPA.

The Bureau proposed to establish the NBR system under its registration and market-monitoring rulemaking authorities under CFPA section 1022(b)(1), (c)(1)-(4) and (c)(7), and under its supervisory rulemaking authorities under CFPA section 1024(b)(7)(A), (B), and (C). The Bureau explained in its proposal that it intended to use the information submitted under the NBR system to monitor for risks to consumers in the offering or provision of consumer financial products or services, and to support all of its functions as appropriate, including its supervisory, rulemaking, enforcement, and other functions. The Bureau stated that it may, among other things, rely on the information submitted under part 1092 as it considers whether to initiate supervisory activity at a particular entity, in determining the frequency and nature of its supervisory activity with respect to particular entities or markets, in prioritizing and scoping its supervisory, examination, and enforcement activities, and otherwise in assessing and detecting risks to consumers. In particular, the Bureau explained that it could consider this information in developing its risk-based supervision program and in assessing the risks posed to consumers in relevant product markets and geographic markets and the factors described in 12 U.S.C. 5514(b)(2) with respect to particular covered persons, and for enforcement purposes.

See, e.g., 12 U.S.C. 5514(b)(2)(C), (D), (E) (providing that in prioritizing examinations the Bureau shall consider “the risks to consumers created by the provision of such consumer financial products or services,” “the extent to which such institutions are subject to oversight by State authorities for consumer protection,” and “any other factors that the Bureau determines to be relevant to a class of covered persons”); see also, e.g., 12 U.S.C. 5565(c)(3)(D), (E) (providing that in determining the amount of civil money penalties the Bureau shall consider “the history of previous violations” and “such other matters as justice shall require”).

Proposed § 1092.102(c) also would have provided that part 1092, and registration under that part, would not alter any applicable process whereby a person may dispute that it qualifies as a person subject to Bureau authority. As an example of such a process, the Bureau cited in the proposal 12 CFR 1090.103, which establishes a Bureau administrative process for assessing a person's status as a larger participant under CFPA section 1024(a)(1)(B) and (2) and 12 CFR part 1090. The Bureau explained that, under proposed § 1092.102(c), a person could dispute its status as a larger participant under 12 CFR 1090.103 notwithstanding any registration or information submitted to the NBR system under part 1092. Submission of such a dispute regarding larger participant status to the Bureau under 12 CFR 1090.103, including the Bureau's processes regarding the treatment of such disputes and the effect of any determinations regarding the person's supervised status, would be governed by the provisions of 12 CFR part 1090. The Bureau explained that it could use the information provided to the NBR system in connection with making any determination regarding a person's supervised status under 12 CFR 1090.103, along with the affidavit submitted by the person and other information as provided in that section. However, the submission of information to the NBR system would not have prevented a person from also submitting other information under 12 CFR 1090.103.

Comments Received and Final Rule

The Bureau received no comments on proposed § 1092.102(c) and is finalizing it as proposed.

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau's adoption of the revised term “nonbank registry.”

Section 1092.102(d) Calculation of Time Periods

The Bureau is finalizing § 1092.102(d), which the Bureau did not propose, to clarify how dates and time periods prescribed in part 1092 are calculated.

In calculating dates and time periods, the day of the event that triggers the time period is excluded. Every day, including intermediate Saturdays, Sundays, and Federal holidays, is included. If any provision of part 1092 would establish a deadline for an action that is a Saturday, Sunday, or Federal holiday, the deadline is extended to the next day that is not a Saturday, Sunday, or Federal holiday. The clarifications for calculation of dates and time periods apply to all such calculations in subpart B.

Section 1092.103 Severability

Proposed Rule

Proposed § 1092.103 would have provided that the provisions of the proposed rule are separate and severable from one another, and that if any provision is stayed or determined to be invalid, the remaining provisions shall continue in effect. As the Bureau stated in the proposal, this is a standard severability clause of the kind that is included in many regulations to clearly express agency intent about the course that is preferred if such events were to occur. The Bureau explained that it carefully considered the requirements of the proposed rule, both individually and in their totality, including their potential costs and benefits to covered persons and consumers. The Bureau further explained that in the event a court were to stay or invalidate one or more provisions of the proposed rule as finalized, the Bureau would have wanted the remaining portions of the rule as finalized to remain in full force and legal effect.

Comments Received and Final Rule

The Bureau received no comments on proposed § 1092.103. It is finalizing proposed § 1092.103 with revisions to clarify that applications of provisions are also severable. The Bureau has carefully considered the requirements of the final rule, both individually and in their totality, including their potential costs and benefits to covered persons and consumers. The Bureau intends that, if any provision of this rule, or any application of a provision, is stayed or determined to be invalid, the remaining provisions or applications are severable and shall continue in effect.

Subpart B—Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders

Section 1092.200 Scope and Purpose

Proposed Rule

Proposed § 1092.200(a) and (b) would have described the scope and purpose of proposed subpart B. Proposed subpart B would have required nonbank covered persons that are subject to certain public agency and court orders enforcing the law to register with the Bureau and to submit copies of the orders to the Bureau. It also would have described the registration information the Bureau would make publicly available. Proposed § 1092.200(a) also explained that subpart B would have required certain nonbank covered persons that are supervised by the Bureau to prepare and submit an annual written statement. The requirements regarding annual written statements were described in proposed § 1092.203.

Proposed § 1092.200(b) would have explained that the purposes of the information collection requirements in proposed subpart B were to support Bureau functions by monitoring for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services, pursuant to CFPA section 1022(c)(1); to prescribe rules regarding registration requirements applicable to nonbank covered persons, pursuant to CFPA section 1022(c)(7); and to facilitate the supervision of persons described in CFPA section 1024(a)(1), to ensure that such persons are legitimate entities and are able to perform their obligations to consumers, and to assess and detect risks to consumers, pursuant to CFPA section 1024(b).

Comments Received and Final Rule

Comments addressing CFPA section 1024(b)(3) and (4) are addressed in the section-by-section discussion of § 1092.202(b). The Bureau received no other comments specifically addressing proposed § 1092.200.

12 U.S.C. 5514(b)(3), (4).

See also the section-by-section discussion of §§ 1092.201(e) and 1092.203(a) below.

The Bureau is finalizing § 1092.200(a) and (b) as proposed, with a revision to reflect the Bureau's adoption of a revised § 1092.205(a) that provides that the Bureau “may” publish the information submitted to the nonbank registry pursuant to §§ 1092.202 and 1092.203.

Section 1092.201 Definitions

In its proposal, the Bureau sought comment on various definitions set forth in proposed subpart B and any suggested clarifications, modifications, or alternatives.

The Bureau is finalizing a number of definitions for terms used in subpart B in § 1092.201. These definitions are each discussed in detail below. These definitions supplement the general definitions for the entirety of part 1092 provided in § 1092.101.

Section 1092.201(a) Administrative Information

Proposed Rule

Proposed § 1092.201(a) would have defined the term “administrative information” to mean contact information regarding persons subject to subpart B and other information submitted or collected to facilitate the administration of the NBR system. The Bureau explained that administrative information would have included information such as date and time stamps of submissions to the NBR system, contact information for nonbank personnel involved in making submissions, filer questions and other communications regarding submissions and submission procedures, reconciliation or correction of errors, information submitted under proposed §§ 1092.202(g) and 1092.203(f), and other information that would be submitted or collected to facilitate the administration of the NBR system. Proposed § 1092.204(a) would have provided that the Bureau may determine not to publish such administrative information. The Bureau sought comment on whether any other information that might be collected through the NBR system should also be treated as administrative information.

See discussion in the section-by-section discussion of these provisions below.

Comments Received

A trade association commenter stated that the proposal's definition of “administrative information” was unclear and thus could include a limitless breadth of information. As a result, the commenter argued, the proposal's estimate of the rule's burden was inaccurate. In particular, the commenter stated that entities would need to hire outside legal counsel in order to determine what constitutes “administrative information.”

Several Tribal commenters commented that good-faith notifications to the Bureau under proposed §§ 1092.202(g) and 1092.204(f) should not be published, as publishing such notifications would invite debate and disagreement on the issues addressed in those notifications, require the utilization of limited Tribal resources to support the tribe's position, and invite frivolous litigation.

Comments addressing the publication of information more generally are addressed in the section-by-section discussion of § 1092.205 below.

Response to Comments Received

The Tribal commenters expressed concern regarding publication of information with respect to good faith notifications submitted under proposed §§ 1092.202(g) and 1092.204(f). Under the final rule, the Bureau will not publish under § 1092.205(a) the administrative information collected under subpart B; for a discussion of this issue see the section-by-section discussion of § 1092.205 below. In addition, in the final rule, the Bureau has codified in the text of § 1092.201(a) its proposal to treat good faith notifications submitted under §§ 1092.202(g) and 1092.204(f) as “administrative information.” Thus, under the final rule, the Bureau will not publish the good faith notification information described in § 1092.201(a) under § 1092.205.

As discussed in the section-by-section discussion of § 1092.202(d) below, the Bureau is finalizing § 1092.202(d)(2) without proposed § 1092.202(d)(2)(v), under which the Bureau would have collected and published the names of a registered entity's affiliates registered under subpart B with respect to the same covered order. Under the final rule, however, the Bureau may still collect such information under § 1092.202(c), which provides for the collection of “administrative information.” Should the Bureau determine to collect such information regarding affiliates, the Bureau's filing instructions under § 1092.102(a) will categorize this information as “administrative information,” meaning that the Bureau will not publish the information under § 1092.205. For more information, see the section-by-section discussions of §§ 1092.202(d) and 1092.205(a) below.

The trade association commenter expresses concern that it will not be clear to covered nonbanks what “administrative information” they are required to submit under the rule. That comment, however, ignores that § 1092.202(c) only requires registered entities to submit the specific “administrative information” that is “required by” the nonbank registry, and the Bureau has made clear that it will “specify the types of . . . administrative information registered entities would be required to submit” in “filing instructions . . . issue[d] under . . . § 1092.102(a).” Therefore, covered nonbanks should have no need to hire outside legal counsel to ascertain what information qualifies as “administrative information” required to be submitted under the rule. Instead, the Bureau's filing instructions will specify what categories of information covered nonbanks must submit as “administrative information.”

88 FR 6088 at 6118.

Further reducing potential uncertainty, the Bureau has identified certain categories of information that it currently intends to categorize as “administrative information” in its filing instructions— e.g., “contact information for nonbank personnel involved in making submissions.” And, as discussed above, the Bureau is also finalizing the definition to expressly treat as “administrative information” good faith notification information submitted under §§ 1092.202(g) and 1092.204(f). Under § 1092.201(a), any new categories of administrative information that the Bureau might address in its filing instructions, and which were not already discussed in the Bureau's notice of proposed rulemaking and this preamble, would include only contact information regarding persons subject to subpart B or other information submitted or collected to facilitate the administration of the nonbank registry. For example, the Bureau may require entities to comply with a login or identity-authentication process, and the Bureau may categorize information submitted in connection with such a process as “administrative information.” Submitting required administrative information should not impose significant substantive burdens on covered nonbanks.

88 FR 6088 at 6104.

The Bureau has retained the discretion to adjust the contents of required administrative information through filing instructions in order to maintain the viability of the nonbank registry over time. For example, if some new form of electronic communication were to replace email as the preferred method for business communications, the Bureau's filing instructions might designate as required administrative information contact information associated with that new medium.

Final Rule

For the reasons discussed above and as follows, the Bureau is finalizing § 1092.201(a) as proposed, with a revision to expressly include “[i]nformation submitted under §§ 1092.202(g) and 1092.203(f)” within the definition of “administrative information.” The Bureau's filing instructions under § 1092.102(a) will also categorize this information as “administrative information.” The Bureau has already identified this information as information that it intended to categorize as “administrative information” in its filing instructions, but is finalizing this provision in the text of the regulation to provide further clarity that the Bureau will treat this information as “administrative information.” In addition to the notifications themselves, the Bureau may also choose to collect information to facilitate the administration of the notification process.

See also the section-by-section discussion of § 1092.101(d) above regarding the Bureau's adoption of the revised term “nonbank registry.”

88 FR 6088 at 6104.

In addition, the Bureau does not intend to publish under § 1092.205(a) any Federal employer identification numbers (EIN) that may be obtained from covered nonbanks. The Bureau will not collect this information from covered nonbanks as “identifying information,” as that term is defined at § 1092.201(g), but may determine to collect this information as “administrative information” under § 1092.202(c). In filing instructions issued under § 1092.102(a), the Bureau will specify whether and how it will collect such information. The Bureau understands that EINs are not commonly used to identify covered nonbanks in covered orders and in related public databases that are maintained by relevant Federal, State, and local agencies. Thus, as with other administrative information, the publication of EINs may not in all instances be especially useful to external users of the registry, although the Bureau may find such information useful in its administration of the nonbank registry.

Section 1092.201(b) Attesting Executive

Proposed Rule

Proposed § 1092.201(b) would have defined the term “attesting executive” to mean, with respect to any covered order regarding a supervised registered entity, the individual designated by the supervised registered entity to perform the supervised registered entity's duties with respect to the covered order under proposed § 1092.203. In the section-by-section discussion of proposed § 1092.203, the Bureau proposed requirements regarding attesting executives.

Comments Received and Final Rule

The Bureau did not receive any comments specifically regarding proposed § 1092.201(b)'s definition of “attesting executive.” Comments addressing the proposal's approach to the written statement, including requirements regarding designation of attesting executives and associated criteria for such a designation, are addressed in the section-by-section discussion of § 1092.204 below.

The Bureau is finalizing § 1092.201(b) as proposed, with a revision to reflect the renumbering of § 1092.204 in the final rule.

Section 1092.201(c) Covered Law

Proposed Rule

Proposed § 1092.201(c) would have defined the term “covered law” to mean one of several types of laws, as described. The proposed term “covered law” would have been central to defining which orders and portions of orders would be subject to the requirements of proposed subpart B. Proposed § 1092.201(e) would have defined the term covered order to include certain orders that impose certain obligations on a covered nonbank based on an alleged violation of a covered law. Thus, the proposed term “covered law” would have helped determine the application of proposed subpart B's registration requirements.

Under the proposal, a law listed in proposed § 1092.201(c)(1) through (6) would have qualified as a covered law only to the extent that the violation of law found or alleged arose out of conduct in connection with the offering or provision of a consumer financial product or service. The Bureau was interested in registering orders that relate to offering or providing consumer financial products or services. The Bureau recognized that the laws listed in proposed § 1092.201(d)(1) through (6) may apply to a wide range of conduct not involving consumer financial products or services. While the Bureau believed that reporting on such violations could still be probative of risks to consumers in the markets for consumer financial products and services—as misconduct in one line of business is not necessarily cabined to that line of business—the Bureau believed that a more limited definition of covered law would strike the right balance between ensuring that the Bureau remains adequately informed of risks to consumers in the offering or provision of consumer financial products and services and minimizing the potential burden of the reporting requirements on nonbank covered persons.

The proposal listed categories of laws that would have constituted “covered laws” to the extent that the violation of law found or alleged arose out of conduct in connection with the offering or provision of a consumer financial product or service. For the reasons discussed in section V(C) of the proposal, the Bureau believed that orders issued under the types of covered laws described in the proposal are likely to be probative of risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services.

First, proposed § 1092.201(c)(1) would have defined the term “covered law” to include a Federal consumer financial law, as that term was defined in proposed § 1092.101(a) and the CFPA. The Bureau explained that it is charged with administering, interpreting, and enforcing the Federal consumer financial laws, which include the CFPA itself, 18 enumerated consumer laws (such as the Fair Credit Reporting Act and the Truth in Lending Act), and the laws for which authorities were transferred to the Bureau under subtitles F and H of the CFPA, as well as rules and orders issued by the Bureau under any of these laws.

See12 U.S.C. 5481(14).

See12 U.S.C. 5481(12).

12 U.S.C. 5481(14).

The Bureau believed that requiring registration of covered nonbanks in connection with certain orders issued under Federal consumer financial laws would further the purposes of proposed subpart B. As the Bureau discussed in section IV of the proposal, “to support [the Bureau's] rulemaking and other functions,” Congress mandated that the Bureau “shall monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services.” The Bureau noted that, in matters where an agency other than the Bureau has issued or obtained a final public order concluding that an entity has violated Federal consumer financial law in connection with the offering or provision of a consumer financial product or service, the Bureau will generally have jurisdiction over the conduct that resulted in that order. The Bureau explained that it therefore has a clear interest in identifying and understanding the nature of the risks to consumers presented by such conduct, including the risk that the conduct continues outside the particular jurisdiction or in connection with other consumer financial products or services that are offered or provided by the covered nonbank. A pattern of similar alleged or found violations of Federal consumer financial law across multiple nonbank covered persons may indicate a problem that the Bureau can best address by engaging in rulemaking to clarify or expand available consumer protection to address emerging consumer risk trends, or by using other tools, such as consumer education, to address the identified risks. And, depending on the facts and circumstances, the Bureau may consider bringing its own supervisory or enforcement action in connection with the same or related conduct. Thus, the Bureau believed that violations of the Federal consumer financial laws, and especially repeat violations of such laws, may be probative of risks to consumers and may indicate more systemic problems at an entity or in the relevant market related to the offering or provision of consumer financial products or services.

12 U.S.C. 5512(c)(1).

The Bureau also proposed to require registration of orders that the Bureau has obtained or issued for violations of Federal consumer financial laws. In the proposal, the Bureau explained that, while it is of course aware of such orders, collecting all orders for violations of covered laws—including those obtained or issued by the Bureau—within the proposed registry would benefit the Bureau, other regulators, and the general public by providing a single point of reference for such orders. The Bureau explained that it would also benefit from receiving the written statements required under proposed § 1092.203 with respect to orders it obtains or issues.

Second, proposed § 1092.201(c)(2) would have defined the term “covered law” to include any other law as to which the Bureau may exercise enforcement authority. As explained in section IV(C) of the proposal, the Bureau may enforce certain laws other than Federal consumer financial laws, such as the Military Lending Act.

10 U.S.C. 987(f)(6) (authorizing Bureau enforcement of the Military Lending Act).

The Bureau believed that the proposed registry should collect information regarding agency and court orders issued under any law that the Bureau may enforce, where the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service. By definition, the conduct addressed in such orders would generally fall within the scope of the Bureau's enforcement authority. More generally, the Bureau noted that in its experience, evidence of such conduct could be highly probative of a broader risk that the entity has engaged or will engage in conduct that may violate Federal consumer financial laws. For example, violations of the Military Lending Act may overlap with, or be closely associated with, violations of the CFPA's UDAAP prohibitions or the Truth in Lending Act, among other Federal consumer financial laws. In addition, the Bureau noted that a violation of one law within the Bureau's enforcement authority may be indicative of broader inadequacies in an entity's compliance systems that are resulting in or could result in other legal violations, including violations of Federal consumer financial laws. Furthermore, the Bureau believed that including in the registry orders issued under any law that the Bureau may enforce (where the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service) would further the Bureau's objective of creating a registry that could serve as a single, consolidated reference tool for use in monitoring for risks to consumers, thereby increasing the Bureau's ability to use the registry to monitor for patterns of risky conduct of nonbank covered persons across entities, industries, and product offerings.

15 U.S.C. 5531, 5536(a)(1)(B).

15 U.S.C. 1601 et seq.

Third, proposed § 1092.201(c)(3) would have defined the term “covered law” to include the prohibition of unfair or deceptive acts or practices under section 5 of the FTC Act, 15 U.S.C. 45, or any rule or order issued for the purpose of implementing that prohibition. The proposal would not have included within the definition of “covered law” FTC Act section 5's prohibition of “[u]nfair methods of competition in or affecting commerce,” or rules or orders issued solely pursuant to that prohibition. The Bureau explained that it expected that entities would be aware in any specific case whether a provision of an applicable order has been issued under FTC Act section 5's prohibition of unfair or deceptive acts or practices (or a rule or order issued for the purpose of implementing that prohibition), as opposed to section 5's prohibition of “[u]nfair methods of competition in or affecting commerce” (or a rule or order issued thereunder), and thus whether the order provision was issued under a “covered law” or not. The Bureau understood that orders issued in connection with violations of FTC Act section 5 routinely distinguish between these two authorities, and that orders issued under FTC Act section 5's prohibition of “[u]nfair methods of competition in or affecting commerce” rarely, if ever, relate to UDAP violations involving the offering or provision of a consumer financial product or service.

15 U.S.C. 45(a)(1).

As discussed further in section IV(C) of the proposal, the Bureau believed that an order issued under FTC Act section 5's prohibition of unfair or deceptive acts or practices may be probative of violations of Federal consumer financial law, including CFPA sections 1031 and 1036(a)(1)(B). Because the CFPA's prohibition of unfair or deceptive acts or practices is modeled after FTC Act section 5's similar prohibition, conduct in connection with the offering or provision of a consumer financial product or service that constitutes a UDAP violation under FTC Act section 5 also likely violates the CFPA's UDAAP provisions. The Bureau also believed that FTC Act section 5 unfairness and deception violations related to the offering or provision of consumer financial products or services may indicate more systemic problems at an entity that may impact the offering or provision of consumer financial products or services other than those issues specifically identified in the order. The Bureau noted that it would need to know about such findings so that it can assess whether the violation is indicative of a larger and potentially more systemic problem at the covered nonbank, or potentially throughout an entire market. And, the Bureau explained, information about such violations would inform the Bureau's exercise of its various rulemaking, supervisory, enforcement, consumer education, and other functions.

12 U.S.C. 5531, 5536(a)(1)(B).

See, e.g., Consumer Fin. Prot. Bureau v. ITT Educ. Servs., 219 F. Supp. 3d at 902-04.

“Covered law” under the proposal would have included not only FTC Act section 5, but also any rules or orders issued for the purpose of implementing FTC Act section 5's UDAP prohibition. Section 18 of the FTC Act, 15 U.S.C. 57a, authorizes the FTC to prescribe “rules which define with specificity acts or practices which are unfair or deceptive acts or practices in or affecting commerce” within the meaning of FTC Act section 5(a)(1). These FTC rules, which are known as “trade regulation rules,” would have been covered laws under the proposed definition to the extent the conduct found or alleged to violate such rules relates to the offering or provision of a consumer financial product or service. Violations of these rules generally constitute violations of FTC Act section 5 itself. And the Bureau believed that, like violations of FTC Act section 5 itself, violations of the rules issued under FTC Act section 5, where they arise out of conduct in connection with the offering or provision of consumer financial products or services, would likely be probative of risks to consumers and warrant attention by the Bureau.

In certain circumstances, the Bureau may enforce a rule prescribed under the FTC Act by the FTC with respect to an unfair or deceptive act or practice. See12 U.S.C. 5581(b)(5)(B)(ii). Such an FTC rule, where issued by the FTC to implement FTC Act section 5, would be a covered law under the proposed definition.

15 U.S.C. 57a(a)(1)(B).

15 U.S.C. 57a(d)(3) (“When any rule under subsection (a)(1)(B) takes effect a subsequent violation thereof shall constitute an unfair or deceptive act or practice in violation of section 45(a)(1) of this title, unless the Commission otherwise expressly provides in such rule.”).

The proposed definition of “covered law” would also have included orders issued by the FTC itself under FTC Act section 5's UDAP prohibition, as well as by other agencies. The Bureau believed that violations of such orders present similar risks to consumers as those presented by violations of FTC Act section 5 and the rules issued thereunder.

Fourth, proposed § 1092.201(c)(4) would have defined the term “covered law” to include a State law prohibiting unfair, deceptive, or abusive acts or practices that is identified in appendix A to part 1092. Proposed appendix A provided a list of State statutes that prohibit unfair, deceptive, or abusive acts or practices and that the Bureau had reviewed and proposed to define as a covered law under this provision. As with the other laws described in proposed § 1092.201(c), a State UDAAP law would only have qualified as a covered law to the extent the conduct found or alleged to violate the State UDAAP law relates to the offering or provision of a consumer financial product or service. The Bureau reviewed the State statutes identified in proposed appendix A, and as explained below, it believed that requiring registration of covered nonbanks that are subject to covered orders issued under such statutes would likely further the purposes of proposed subpart B.

Proposed appendix A included State laws of general applicability that prohibit unfair, deceptive, or abusive acts or practices and that might apply to the offering or provision of consumer financial products or services. Although the scope and content of these State laws may vary at the margin, the Bureau explained that it believed these statutes cover a core concept of unfairness, deception, or abusiveness that makes violations of them likely probative of risks to consumers in the offering or provision of consumer financial products and services. These statutes may commonly be referred to as “UDAP” or “UDAAP” statutes, or “little FTC Acts,” and are often labeled in State statutes as State “consumer protection acts” or as laws addressing “unfair” or “deceptive” “trade practices.” State or local agencies may use these statutes to bring cases or actions with respect to practices that injure consumers. While these State statutes may also authorize private suits by consumers and other persons, the proposal would have only required registration with respect to covered orders issued at least in part in any action or proceeding brought by any Federal agency, State agency, or local agency (as described further below in the section-by-section discussion of § 1092.201(e)(1)(ii)).

The Bureau proposed to list these statutes in appendix A, and thus to include them in the proposed rule's definition of covered law, in part because these statutes are generally analogous to CFPA sections 1031 and 1036(a)(1)(B) and FTC Act section 5. Several of these State statutes specifically provide that “it is the intent of the legislature that in construing [the State statute], the courts will be guided by the interpretations given by the Federal Trade Commission and the Federal courts to section 5(a)(1) of the Federal Trade Commission Act,” or words to this effect. The Bureau noted that obtaining a better understanding of entities' compliance with State UDAP/UDAAP laws would assist the Bureau in the assessment and detection of risks for the same general reasons described with respect to alleged or found violations of FTC Act section 5. The Bureau believed that entities that have violated one of these State statutes, and especially repeat violators of such statutes, may pose heightened risks to consumers in the offering or provision of consumer financial products and services, including the risk that they have engaged, and may continue to engage, in unfair, deceptive, or abusive acts and practices in violation of CFPA section 1031. The Bureau also explained that information identifying patterns of such risky conduct across entities, industries, product offerings, or jurisdictions would be highly informative to the Bureau's monitoring work. The Bureau attempted to identify all of the applicable State UDAP/UDAAP statutes of general applicability in appendix A of the proposal but requested comment on whether it had comprehensively done so. The Bureau proposed to include in appendix A all such State statutes and sought comment on any additions, subtractions, or modifications to the State UDAP/UDAAP statutes of general applicability in appendix A.

12 U.S.C. 5531, 5536(a)(1)(B); 15 U.S.C. 45.

E.g., Mass. Gen. Laws ch. 93A, sec. 2(b); Conn. Gen. Stat. sec. 42-110b(b).

The Bureau also proposed to include in appendix A, and thus to include in the definition of the term covered law, certain other industry-specific State statutes that prevent unfair, deceptive, or abusive conduct in connection with certain specific consumer financial industries or markets. For example, proposed appendix A included New York Banking Law section 719(2), regarding prohibited practices by student loan servicers. This State statutory provision prohibits “[e]ngag[ing] in any unfair, deceptive or predatory act or practice toward any person or misrepresent[ing] or omit[ting] any material information in connection with the servicing of a student loan.” The Bureau proposed to include this New York State law and others like it in appendix A, to the extent that the conduct found or alleged to violate such law relates to the offering or provision of a consumer financial product or service.

New York Banking Law sec. 719(2).

As with State UDAP/UDAAP laws of general applicability, the Bureau believed that violation of such industry-specific State statutes that prohibit unfair, deceptive, or abusive acts or practices in connection with consumer financial industries or markets and in connection with the offering or provision of consumer financial products or services would be probative of potential violations of CFPA sections 1031 and 1036, and also of other related risks to consumers within the scope of the Bureau's jurisdiction. The Bureau believed that omitting these industry-specific statutes from the definition of “covered law” may cause the information submitted to the proposed registry to be incomplete. Among other things, the Bureau understood that many State agencies typically rely upon such industry-specific statutes to enforce prohibitions on conduct by covered nonbanks that is similar to that prohibited under UDAP/UDAAP laws of general applicability. Thus, the Bureau believed registration of orders issued under such State statutes would provide information that is probative of the types of risks the Bureau believed to be associated with orders issued under State UDAP/UDAAP laws of general applicability. The Bureau attempted to identify applicable State UDAP/UDAAP statutes related to applicable consumer financial industries or markets in proposed appendix A but requested comment on whether it had comprehensively done so. The Bureau proposed to include in appendix A all such State statutes.

The Bureau proposed to require registration of all orders issued under State laws listed in appendix A, as long as the conduct at issue related to the offering or provision of a consumer financial product or service, and the order satisfied the definition of “covered order” in proposed § 1092.201(e). The Bureau recognized that some State UDAP/UDAAP statutes listed in appendix A may prohibit conduct that regulated entities might argue is not prohibited under CFPA sections 1031 and 1036(a)(1)(B). For example, State UDAP/UDAAP statutes modeled after FTC Act section 5 may include provisions that, in addition to prohibiting “unfair” and “deceptive” conduct, also prohibit “unfair methods of competition” in connection with antitrust or anticompetition matters. While the Bureau acknowledged that it is possible that such orders might be less probative than other orders, the Bureau believed that limiting the scope of such covered laws to those involving the offering or provision of consumer financial products and services would sufficiently assure that most orders reported would be valuable in effectively monitoring for risks to consumers in the offering or the provision of such products and services. Moreover, the Bureau anticipated that it would not always be the case that an agency or court order will clearly distinguish whether it is issued under State statutory provisions preventing “unfair,” “deceptive,” or “abusive” acts and practices on the one hand, or “anticompetitive” acts or practices on the other—especially in cases where a State statute addresses all of them. Unlike orders issued under FTC Act section 5, it was not clear to the Bureau that orders issued under such State laws routinely distinguish between these two types of authorities. Therefore, the Bureau believed that attempting to carve out portions of State UDAP/UDAAP statutes that extend beyond the conduct prohibited by CFPA sections 1031 and 1036(a)(1)(B) would be impracticable and would risk undermining the effectiveness of the rule. The Bureau thus proposed to define the term “covered law” by listing specific State statutes. Where a State statute was listed in proposed appendix A and otherwise satisfied proposed § 1092.201(c), the Bureau proposed to treat it as a covered law, regardless of whether any specific order issued under that law expressly referred to the State law's prohibition of “unfair,” “deceptive,” or “abusive” acts and practices. In most cases, the Bureau anticipated that violations of the listed State statutes that relate to the offering or provision of a consumer financial product or service would be probative of risks to consumers within the Bureau's jurisdiction.

The Bureau did not include laws of Tribal governments in appendix A of the proposal. While the Bureau believed that many orders issued under such laws may be highly probative of risks to consumers and could assist the Bureau in carrying out its market-monitoring obligations—as well as assist the Bureau in assembling an effective nonbank registry—the Bureau preliminarily concluded that considerations of administrative efficiency favored focusing on other orders.

Fifth, proposed § 1092.201(c)(5) would have included in the definition of the term “covered law” a State law amending or otherwise succeeding a law identified in appendix A, to the extent that such law is materially similar to its predecessor, and the conduct found or alleged to violate such law relates to the offering or provision of a consumer financial product or service.

The Bureau proposed § 1092.201(c)(5) in order to clarify that appendix A is intended to capture certain future changes made by States to the State laws listed therein. As the Bureau explained in the proposal, States may make immaterial changes from time to time, including renumbering or amending the statutes listed in appendix A, in a manner that could cause appendix A to become technically “incorrect” or “obsolete” in the view of some regulated entities. Proposed § 1092.201(c)(5) would have made clear that is not the Bureau's intent. To the extent the amended or otherwise succeeding law is materially similar to its predecessor, proposed § 1092.201(c)(5) would have ensured that it would still qualify as a “covered law.” The proposed definition of covered law thus would have captured a successor to a law listed in appendix A if, for example, the conduct found or alleged to violate the successor law would have constituted a violation of the predecessor law were it still in effect.

Finally, proposed § 1092.201(c)(6) would have included in the definition of the term “covered law” a rule or order issued by a State agency for the purpose of implementing a State law described in proposed § 1092.201(c)(4) or (5), to the extent the conduct found or alleged to violate such regulation relates to the offering or provision of a consumer financial product or service. As the Bureau explained, various State statutes authorize one or more State agencies to issue regulations implementing the terms of those statutes, thereby authorizing the State agency to further define specific unfair, deceptive, or abusive acts or practices. Proposed § 1092.201(c)(6) would have included such State agency regulations within the meaning of the term “covered law.”

See, e.g., Cal. Fin. Code sec. 90009(c).

Comments Received

A consumer advocate commenter stated that the rule should clarify that, under certain specific circumstances, such as those involving certain misrepresentations by schools, orders would “arise out of conduct related to consumer financial products and services” as required under the definition of the term “covered order.”

An industry commenter stated that the registry should not require publication of orders or decisions involving the FTC's authority under FTC Act section 5, on the grounds that such orders are outside the Bureau's authority. Another industry commenter and a consumer advocate commenter supported including orders related to violations of the prohibition of unfair or deceptive acts or practices under FTC Act section 5, on the grounds of similarity to the CFPA's UDAAP prohibitions. The consumer advocate commenter also supported the inclusion of State UDAP laws and the Military Lending Act, stating that violations of the Military Lending Act may overlap with, or be closely associated with, violations of the CFPA's UDAAP prohibitions or the Truth in Lending Act.

15 U.S.C. 5531, 5536(a)(1)(B).

Several commenters stated that the definition of “covered law” should not include State laws. Commenters described the inclusion of such laws, which were included in the definition of “covered law” at proposed § 1092.202(c)(4) through (6), as an improper attempt by the Bureau to enforce laws that it lacks the authority to enforce or otherwise administer. In the opinion of the commenters, requiring covered nonbanks to register and submit information regarding orders issued under State laws would usurp the role of the appropriate State or local agency in issuing, enforcing, publishing, and interpreting its own State laws or its own orders. Commenters stated that the registry would lead to the Bureau adjudicating whether a covered entity was in compliance with an order issued by another independent agency and would violate principles of federalism. Commenters—including an industry commenter, a joint letter from State regulators, and Members of Congress—stated that imposing the written-statement requirements described in proposed § 1092.203 would be particularly inappropriate with respect to orders issued under State laws for these reasons.

Commenters stated that the Bureau's assertions that violations of State law would be probative of risk to consumers were not supported or were highly speculative. An industry commenter stated that the Bureau should consider whether certain State laws are subject to Federal preemption in determining whether those laws should qualify as “covered laws.”

Industry commenters stated that including State or local laws as “covered laws” would improperly distort or shift the focus of compliance programs, which could result in other aspects of compliance programs becoming deprioritized, create unnecessary risks for consumers, or raise costs that would ultimately be passed on to consumers.

Multiple consumer advocate commenters supported including both State and Federal laws because violations of both types of laws are probative of heightened risks to consumers and markets. A consumer advocate commenter stated that violations of the State laws listed in the proposal are almost certainly probative of potential violations of CFPA sections 1031 and 1036, and that the registry would be incomplete without their inclusion.

A joint letter from State regulators commented that the Bureau should clarify whether violations of certain administrative laws might be interpreted by the Bureau to be violations of “covered laws.” The commenters voiced skepticism that this question could be adequately addressed in a final rule to the extent necessary for covered nonbanks to understand their obligations.

The notice of proposed rulemaking sought specific comment on whether to require registration, and to list in appendix A, additional State statutes that prohibit “unconscionable” conduct but do not also contain a specific reference to “unfair,” “deceptive,” or “abusive” conduct. A consumer advocate commenter stated that such “unconscionability” laws should be included, pointing to what it described as the similarity between the standards of “unconscionability” and “unfairness” under UDAP law as recognized by courts. An industry commenter stated that the Bureau should not include State “unconscionability” laws.

A joint comment letter from State regulators stated that proposed appendix A, which lists State laws that are included as “covered laws” under § 1092.201(c)(4), did not adequately represent State consumer protection efforts, and contained laws that may be inapplicable or outdated in certain States. The comment did not specify any inapplicable or outdated State laws, but referred to payday lending laws in States that have recently enacted usury laws that cap rates at 36 percent. A consumer advocate commenter stated that proposed appendix A should be expanded to include other laws, specifically the Federal Racketeer Influenced and Corrupt Organizations Act (“RICO”) and State counterparts. This consumer advocate commenter also stated that the rule should require that the Bureau periodically seek comment and update appendix A. An industry commenter stated that proposed appendix A was unmanageably large.

In the notice of proposed rulemaking the Bureau specifically sought comment on whether Tribal UDAP/UDAAP laws should be included among the list of “covered laws,” and if so, which specific Tribal UDAP/UDAAP laws should be included in the list. A Tribal commenter stated that proposed appendix A should be expanded to include laws that have been enacted or may be enacted by federally recognized Indian tribes on the grounds that doing so would reflect the status of Tribal governments as equals to State governments under the Dodd-Frank Act. The commenter did not state which specific Tribal UDAP/UDAAP laws should be included.

Response to Comments Received

For the reasons given in the description of the proposal above, the Bureau is finalizing § 1092.201(c)'s requirement that a law listed in § 1092.201(c)(1) through (6) would qualify as a covered law only to the extent that the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service. The Bureau does not choose to use the final rule as the vehicle for determining the circumstances under which violations of covered laws arise out of conduct “in connection with the offering or provision of a consumer financial product or service.” The term “consumer financial product or service” has a well-established statutory definition. While the question of whether a legal violation related to the offering or provision of a consumer financial product or service depends on the particular facts and circumstances involved, the answer to that question should be clear in most cases. The Bureau declines to provide further, general guidance on this issue in the context of this rulemaking. If a person has a good faith basis to believe that an order issued against it does not qualify as a “covered order” because it does not arise out of conduct in connection with the offering or provision of a consumer financial product or service, the person could choose not to register that order and instead submit a notification under § 1092.202(g). As explained in the section-by-section analysis of § 1092.202(g), in the event of a non-frivolous filing under that provision, the Bureau would not bring an enforcement action against the person based on the person's failure to register the order unless the Bureau first notifies the person that the Bureau believes registration is required and provides the person with a reasonable opportunity to comply with § 1092.202.

See12 U.S.C. 5481(5); see also12 U.S.C. 5481(15) (defining “financial product or service”).

The Bureau is finalizing a definition of “covered law” at § 1092.201(c)(3) that includes the prohibition on unfair or deceptive acts or practices under FTC Act section 5, as well as any rule or order issued for the purpose of implementing that prohibition. As described in part IV, among other things, such orders may be probative of violations of Federal consumer financial law, including CFPA sections 1031 and 1036(a)(1)(B). Such orders also may indicate more systemic problems at an entity that may impact the offering or provision of consumer financial products or services, and will inform the Bureau's exercise of its various rulemaking, supervisory, enforcement, consumer education, and other functions. The Bureau does not see the force of any argument that including FTC Act section 5 in the definition of “covered law” usurps the role of the FTC in issuing, enforcing, or interpreting the FTC's public orders. Rather, the Bureau's rule is intended to collect and potentially publish information regarding such orders where they are relevant to the Bureau's assessment of risks to consumers within its jurisdiction, as well as information about the covered nonbanks that are subject to such orders. The Bureau will continue to coordinate with the FTC as required by the CFPA, including CFPA sections 1024(c)(3) and 1061(b)(5).

12 U.S.C. 5514(c)(3), 5581(b)(5).

The final rule requires registration in connection with orders issued under State laws prohibiting unfair, deceptive, or abusive acts or practices that are identified in appendix A to part 1092, to the extent that the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service. The Bureau declines to finalize a definition of “covered laws” that does not include State laws. The Bureau concludes, as stated by consumer advocate commenters, that violations of both Federal and State consumer financial laws may be probative of heightened risks for consumers and borrowers. In particular, the Bureau concludes that orders based on violations of the State laws described in § 1092.202(c)(4) through (6) are likely to be probative of risk to consumers.

The final rule will not thereby empower the Bureau to enforce or interpret State laws (or orders). In particular, the Bureau does not intend to assert any jurisdiction to enforce the State laws described in § 1092.201(c)(4) through (6) and appendix A. For the reasons described in more detail in part IV(C), the Bureau concludes orders based on violations of these State laws are probative of the types of risks to consumers that the CFPA authorizes the Bureau to monitor, but the Bureau does not assert that it may directly enforce any of these laws. Rather, the final rule includes these State laws within the definition of “covered law” in order to define the covered orders that will require covered nonbanks to report identifying, administrative, and order information to the nonbank registry.

The Bureau finalizes its conclusion in the notice of proposed rulemaking that collecting and registering public agency and court orders imposing obligations based upon violations of consumer law, including applicable State laws, would assist with monitoring for risks to consumers in the offering or provision of consumer financial products and services. The CFPA does not confine the Bureau to monitoring or supervising for risks related to violations of Federal consumer financial law. Neither the Bureau's authority to monitor for risks to consumers in the offering or provision of consumer financial products or services under 12 U.S.C. 5512(c) nor the Bureau's supervisory authorities under 12 U.S.C. 5514 are limited solely to assessing entities' compliance with Federal consumer financial law. Instead, the Bureau is charged with monitoring for risks to consumers more broadly in the offering or provision of consumer financial products or services, including developments in markets for such products or services. In allocating its resources to perform market monitoring, the Bureau may consider “the legal protections applicable to the offering or provision of a consumer financial product or service, including the extent to which the law is likely to adequately protect consumers.” The types of “legal protections” to be considered by the Bureau are not restricted to protections under Federal law.

88 FR 6088 at 6094-6098.

See12 U.S.C. 5512(c)(1).

12 U.S.C. 5512(c)(2)(C).

Likewise, the CFPA requires that the Bureau prioritize the use of its supervisory authority “in a manner designed to ensure that such exercise . . . is based upon the assessment by the Bureau of the risks posed to consumers in the relevant product markets and geographic markets.” In addition, the Bureau is tasked with requiring reports and conducting examinations under 12 U.S.C. 5514 for purposes not just of “assessing compliance with the requirements of Federal consumer financial law,” but also of “obtaining information about the activities and compliance systems and procedures of” persons described in 12 U.S.C. 5514(a) and “detecting and assessing risks to consumers and to markets for consumer financial products and services.” And the CFPA authorizes the Bureau to issue rules under 12 U.S.C. 5514(b)(7)(A) to “facilitate supervision of persons described in [12 U.S.C. 5514(a)(1)] and assessment and detection of risks to consumers,” and under 12 U.S.C. 5514(b)(7)(B) “for the purposes of facilitating supervision of such persons and assessing and detecting risks to consumers.” None of these provisions state or even imply that the Bureau may not collect information regarding orders issued under State law that are probative of risks to consumers in the offering or provision of consumer financial products and services within the scope of the Bureau's jurisdiction. The Bureau has its own expertise and authorities with respect to such risks. The Bureau needs to collect information regarding such risks as relevant to its own purposes and the exercise of its own powers as provided under Federal law.

12 U.S.C. 5514(b)(2). See the discussion of this provision in parts II, III, and IV(B) above.

12 U.S.C. 5514(b)(1)(A).

12 U.S.C. 5514(b)(1)(B).

12 U.S.C. 5514(b)(1)(C).

The imposition of § 1092.204's written-statement requirements in connection with orders issued under State UDAP/UDAAP laws is similarly appropriate and will further the purposes of those requirements, as described in part IV(D) above and the section-by-section discussion of § 1092.204 below. Violations of such orders may be probative of heightened risks for consumers and borrowers that are relevant to the Bureau's exercise of its supervisory authority; thus, for the reasons discussed in part IV(D) above and the section-by-section discussion of § 1092.204 below, the written-statement requirements will facilitate the Bureau's supervision of supervised registered entities subject to such orders. The information collected under § 1092.204 regarding risks to consumers that may be associated with the orders, including potential violations of CFPA sections 1031 and 1036, and the applicable supervised registered entity's compliance systems and procedures will be relevant to the Bureau's supervisory authority even where those risks are associated with orders issued under State UDAP/UDAAP laws. In addition, for the reasons discussed in part IV(D) above and the section-by-section discussion below, § 1092.204's requirements with respect to orders issued under State UDAP/UDAAP laws will also help ensure that supervised registered entities are legitimate entities and are able to perform their obligations to consumers. Contrary to commenters' suggestions, the Bureau is not adopting the written-statement requirements to administer or enforce State laws or orders issued under such laws, but rather to further its statutory purposes under CFPA section 1024(b)(7)(A)-(C) with respect to risks to consumers that are relevant under Federal law, that are associated with entities that are subject to the Bureau's supervisory and examination authority under CFPA section 1024(a), and that arise in connection with the offering or provision of consumer financial products and services subject to the Bureau's jurisdiction.

The Bureau concludes that the final rule will not result in the Bureau usurping the role of any State or local agency in issuing, enforcing, or interpreting State law or orders issued or obtained by a State or local agency. Nor will the final rule violate principles of federalism or lead to the Bureau supplanting the proper role of State or other regulators with respect to such orders. The final rule requires that covered nonbanks submit identifying information and other specified information related to such orders, but the Bureau's collection of that information via the nonbank registry will not interfere with any State or local agency's own actions related to enforcement of such orders. To the contrary, the Bureau concludes that including the State laws described in § 1092.201(c)(4) through (6) within the definition of “covered law” will promote interagency coordination and cooperation among the various Federal, State, and local agencies that have an interest in financial consumer protection because the Bureau intends to establish under the rule a public, up-to-date, and easily accessible and searchable registry that contains relevant and useful information about covered orders and the covered nonbanks that are subject to them.

See12 U.S.C. 5551(a)(1) (“This title, other than sections 1044 through 1048, may not be construed as annulling, altering, or affecting, or exempting any person subject to the provisions of this title from complying with, the statutes, regulations, orders, or interpretations in effect in any State, except to the extent that any such provision of law is inconsistent with the provisions of this title, and then only to the extent of the inconsistency.”) (emphasis added); see also12 U.S.C. 5552(d)(1) (“No provision of this section shall be construed as altering, limiting, or affecting the authority of a State attorney general or any other regulatory or enforcement agency or authority to bring an action or other regulatory proceeding arising solely under the law in effect in that State.”).

As discussed in part IV and in this section-by-section discussion, violations of covered laws are likely to be probative of the type of risk to consumers the Bureau is tasked with monitoring. The Bureau does not intend to utilize the final rule or the nonbank registry established under subpart B as a mechanism to opine regarding the proper application of any particular State law to covered nonbanks or any legal defenses, such as preemption, that might have been available to a covered nonbank. The Bureau concludes that, where all of the criteria established by the rule for registration of a covered order have been met, including that an applicable agency or court has issued or obtained a final and otherwise covered order against a covered nonbank based on one or more violations by the covered nonbank of a State law described at § 1092.201(c)(4) through (6), registration in connection with that covered order would serve the purposes of the rule. If a covered nonbank believes in good faith that any particular order is not a covered order, it may submit a notification under §§ 1092.202(g) and 1092.204(f).

The Bureau concludes that the final rule will not cause covered nonbanks to pay inappropriate attention to compliance with the types of State laws identified at § 1092.201(c)(4) through (6). First, an entity can (and should) comply with the law whether or not the Bureau is monitoring it, and other agencies also monitor compliance with covered orders issued or obtained under these State laws. Thus, covered nonbanks should already be dedicating appropriate resources to ensure compliance with such State laws, and the Bureau does not agree that the registration components of the rule will distort compliance programs, lead to compliance programs becoming deprioritized, or lead to related additional risks or costs for consumers. Likewise, were the Bureau to publish the information collected as described under § 1092.205, the Bureau does not believe such publication would provide an inappropriate incentive to dedicate unnecessary resources to compliance with these State laws. By definition, the covered orders that would be made available on the registry are already published or required to be published (§ 1092.201(e) and (m)); therefore, republication of those orders on the nonbank registry by the Bureau will not provide a meaningful incentive to covered nonbanks to reallocate their compliance resources.

With respect to one commenter's reference to “local laws,” § 1092.201(c)'s definition of “covered law” refers to specific types of Federal and State laws but does not include any laws issued by local agencies. Therefore, an order that imposes applicable obligations on the covered nonbank based solely on alleged violations of a law issued by a local agency that does not qualify as a “covered law” under § 1092.201(c) would not satisfy § 1092.201(e)(1)(iv), and therefore would not be a “covered order” under the final rule. However, an order issued by a local agency (as that term is defined at § 1092.201(i)) under a State law that did qualify as a “covered law” under § 1092.201(c)(4) through (6) might constitute a “covered order” under § 1092.201(e) if the other elements of that provision were also satisfied.

Second, even if a covered nonbank were to view the final rule as a reason to dedicate additional resources to complying with the State laws described at § 1092.201(c)(4) through (6), so much the better. Enhanced compliance with those State laws, while not a goal of the final rule, will also likely reduce risk to consumers in the offering or provision of consumer financial products and services within the scope of the Bureau's jurisdiction. The Bureau does not agree that it should refrain from collecting or publishing information that may help it monitor for risks to consumers on the grounds that its efforts might also have the ancillary benefit of inducing covered nonbanks to comply with the described State consumer protection laws.

The proposal's requirements to submit information in connection with covered orders were specific to the proposal and were not intended to impose any requirements on a covered nonbank's compliance management system or any of the covered nonbank's internal affairs, or to require any particular approach of allocating responsibility for complying with covered orders or with the law generally. The Bureau understands that compliance management at covered nonbanks will likely be managed differently from entity to entity and that compliance management systems will and should be adapted to a covered nonbank's business strategy and operations. The proposal did not purport to impose any restrictions on the manner in which covered nonbanks address such matters.

The final rule clearly establishes which laws are “covered laws.” The Bureau has reviewed the State laws described in appendix A to part 1092 and has assessed whether they are probative of risk to consumers and otherwise should be included in appendix A at this time. State laws that are not listed in appendix A to part 1092 and not otherwise described at § 1092.201(c)(4) through (6) are not covered laws under the final rule. Therefore, commenters' concerns that the Bureau might treat as covered laws certain State “administrative” or other laws not described in § 1092.201(c)(4) through (6) are misplaced. As provided at § 1092.202(e)(4), an order that does not impose obligations that are described in § 1092.202(e)(3) on the covered nonbank based on an alleged violation of a “covered law” is not a “covered order” under the final rule. But an order that does impose such obligations based on a violation of a covered law may fall under § 1092.202(e)(3), even if the State agency issued its order under authority granted by other provisions of law. Additional discussion regarding when obligations are imposed “based on” violations of a covered law is contained in the section-by-section discussion of § 1092.201(e) below.

Commenters did not provide any citations for specific State laws that should either be added to or deleted from appendix A to part 1092. However, the Bureau has reviewed appendix A as proposed and is finalizing an appendix A to part 1092 that contains both additions and deletions from the version proposed. The Bureau is listing these additional statutes in appendix A, and thus including them in the final rule's definition of covered law, for the reasons discussed in the description of the proposal above with respect to the inclusion of other State laws in the proposed appendix A. As with the State laws that were included in the version of appendix A contained in the proposed rule, the Bureau believes that violation of the additional State UDAP/UDAAP laws included in the final appendix A to part 1092 that prohibit unfair, deceptive, or abusive acts or practices in connection with consumer financial industries or markets and in connection with the offering or provision of consumer financial products or services would be probative of potential violations of CFPA sections 1031 and 1036, and also of other related risks to consumers within the scope of the Bureau's jurisdiction. The Bureau believes that omitting these industry specific statutes from the definition of “covered law” may cause the information submitted to the proposed registry to be incomplete.

The Bureau is also finalizing several minor revisions to appendix A to part 1092 in order to correct several clerical errors in the proposed rule, such as duplicate listings, and to reflect certain changes to the State laws, such as the renumbering and repeal of certain provisions.

Other than these revisions, the Bureau declines to finalize other changes to appendix A at this time. The Bureau concludes appendix A to the final rule, as revised from the proposal in the ways discussed above, is appropriate and is not so large as to be unusable or unwieldy. Covered nonbanks should be able to quickly refer to appendix A in order to help determine whether any particular State law is a “covered law.”

As the Bureau indicated in the notice of proposed rulemaking, orders based on conduct that violates State unconscionability laws may be probative of risk to consumers. But the Bureau declines at this time to include State unconscionability laws in appendix A to the final rule. Likewise, the Bureau declines at this time to include RICO laws in appendix A to the final rule. And the Bureau also declines to include in appendix A State payday lending laws imposing usury limits. Violations of State unconscionability, RICO, and usury laws may be indicative of risk to consumers within the Bureau's jurisdiction, especially in situations where the applicable violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service. But unlike the State UDAP/UDAAP laws included in appendix A, State unconscionability, RICO, and usury laws are generally not modeled after FTC Act section 5 or CFPA sections 1031 and 1036(a)(1)(B), and the Bureau at this time has not determined whether such laws, as a class, are generally sufficiently similar in scope to FTC Act section 5 or CFPA sections 1031 and 1036(a)(1)(B) to warrant inclusion in appendix A. Considering RICO laws in particular, they often prohibit a wide range of criminal activity, including kidnapping, robbery, and dealing in narcotic drugs. The Bureau is concerned that including such laws as “covered laws” would result in an overinclusive and thus less useful and more burdensome registry.

See, e.g., 18 U.S.C. 1961.

Also, as the Bureau indicated in the notice of proposed rulemaking, orders based on conduct that violates certain Tribal laws may be probative of risk to consumers. But the Bureau declines at this time to include such Tribal laws in appendix A to the final rule. The Bureau finalizes its preliminary conclusion in the proposal that considerations of administrative efficiency favor focusing on other orders.

See88 FR 6088 at 6107.

The Bureau intends to monitor the orders submitted under the final rule and may determine at a later date to expand appendix A to include the categories of laws discussed above or other laws. The Bureau also agrees that it may prove useful to periodically review and update appendix A in order to enhance the usefulness and effectiveness of the nonbank registry and the information it collects. However, the Bureau declines to adopt such a requirement in the final rule obligating itself to do so. Among other things, such a requirement is unnecessary and would complicate the Bureau's administration of the nonbank registry.

Comments regarding the scope of the written-statement requirements are addressed in the section-by-section discussion of § 1092.204 below.

Final Rule

For the reasons set forth above, the Bureau is finalizing § 1092.201(c) as proposed, with minor technical edits. In addition, for the reasons described above, the Bureau is finalizing appendix A to part 1092 with several changes from the proposed version. Section 1092.201(c)(4) defines the term “covered law” to include a State law prohibiting unfair, deceptive, or abusive acts or practices that is identified in appendix A.

Section 1092.201(d) Covered Nonbank

Proposed Rule

The proposal would have defined the term “covered nonbank” to mean a covered person that does not fall into one of five categories. First, the Bureau proposed to exclude from the definition insured depository institutions, insured credit unions, or related persons. The Bureau considered proposing to collect information about relevant orders in place against such persons under its authority to issue rules mandating collection of information set forth in CFPA section 1022(c)(4)(B)(ii). While the Bureau noted that it might at some point consider collecting or publishing the information described in the proposal from such persons, the Bureau believed that there is currently greater need to collect this information from the nonbanks under its jurisdiction. Among other things, the identity and size of all insured depository institutions and insured credit unions is known to the Bureau due to registration regimes maintained by the prudential regulators, which track and make public such information. Also, there are only four prudential regulators, and they regularly publish their consumer financial protection orders. In contrast, the Bureau explained that comprehensive, readily accessible information is currently lacking about the identity of, and orders issued against, nonbanks subject either to the Bureau's market-monitoring authority or to its supervisory authority across the various markets for consumer financial products and services. As a result, the Bureau believed that there is a unique need to identify nonbanks subject to orders through this proposed registry. In addition, the proposal would have conformed with the Bureau's registration authority under CFPA section 1022(c)(7), which states that the Bureau may impose registration requirements applicable to a covered person, other than an insured depository institution, insured credit union, or related person.

As provided in proposed § 1092.101(a), the proposal would have defined the term “covered person” to have the same meaning as in 12 U.S.C. 5481(6). The proposal would not have defined “service providers,” as defined in 12 U.S.C. 5481(26), as covered nonbanks per se. Entities that are service providers, however, may nevertheless also be covered persons under the CFPA. Among other things, a person that is a service provider shall be deemed to be a covered person to the extent that such person engages in the offering or provision of its own consumer financial product or service. See12 U.S.C. 5481(26)(C). And a service provider that acts as a service provider to its covered person affiliate is itself deemed to be a covered person as provided in 12 U.S.C. 5481(6)(B).

The Bureau explained that an affiliate of an insured depository institution, insured credit union, or related person could be subject to the proposed rule if it is not itself an insured depository institution, insured credit union, or related person.

Second, the proposal would have excluded from the definition of the term “covered nonbank” a “State,” as defined in CFPA section 1002(27)—a term that includes “any federally recognized Indian tribe, as defined by the Secretary of the Interior” under section 104(a) of the Federal Recognized Indian Tribe List Act of 1994, 25 U.S.C. 5131(a). The Bureau has other avenues of collaborating with State partners (including Tribal partners) and, out of considerations of comity, did not seek to subject them to an information collection requirement in the proposal.

12 U.S.C. 5481(27).

Third, the proposal excluded natural persons from the definition of “covered nonbank.” The Bureau was not proposing to impose subpart B's registration requirements on natural persons, even though natural persons may be covered persons and may be subject to the types of orders described in the proposal. (For example, a sole proprietor not incorporated as a legal entity could qualify as a covered person.) Under the proposed exclusion, for example, natural persons subject to orders issued under FTC Act section 5, removal and prohibition orders or orders assessing civil money penalties issued by an appropriate Federal banking agency under section 8 of the Federal Deposit Insurance Act, or State licensing orders or orders issued under the S.A.F.E. Mortgage Licensing Act of 2008 would not be subject to the proposal's registration requirements. The “natural person” exception in proposed § 1092.201(c)(3) was intended only to exclude individual human beings from the definition of “covered nonbank.” The definition of “covered nonbank” would have included trusts and other entities that meet the definition of “covered person” under CFPA section 1002(6). The Bureau was primarily interested in obtaining information regarding orders that apply to entities because it believed such orders will be most useful in identifying relevant risks to consumers. The Bureau believed that many of the agency and court orders enforcing the law issued against individuals are highly specific to the facts and circumstances relevant to the individual's conduct and are less likely to implicate broader risks to consumers and markets. In addition, the Bureau was primarily interested in obtaining and publishing registration information regarding nonbank entities that are subject to its jurisdiction, which among other things would enable consumers to better identify such entities and would provide information to the public and other regulators. The Bureau was concerned that, if the Bureau should extend the registration requirement to natural persons, the information provided would be less relevant to consumers and the other users of the registry. Therefore, the Bureau believed that the potential benefit of extending the registration requirement to natural persons likely would not justify the additional Bureau resources that would need to be allocated to implement and administer such an expansion of the Bureau's registry. The Bureau also believed that proposed § 1092.203's requirements to designate one or more attesting executives and submit written statements would not be appropriate for natural persons.

12 U.S.C. 1818.

12 U.S.C. 5101 et seq.

See12 U.S.C. 5481(6). See also12 U.S.C. 5481 (defining the term “person” to include, in addition to individuals, any “partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity”).

Fourth, the proposal excluded from the definition of “covered nonbank” a motor vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, within the meaning of 12 U.S.C. 5519(a), except to the extent such a person engages in functions that are excepted from the application of 12 U.S.C. 5519(a) as described in 12 U.S.C. 5519(b). CFPA section 1029 provides an exclusion from the Bureau's rulemaking authority for certain motor vehicle dealers. However, CFPA section 1029(b) exempts certain persons from this exclusion. Persons covered by section 1029(a) would have qualified as “covered nonbanks” under the proposal so long as they engage in the functions described in section 1029(b)—in which case they would be “covered nonbanks.” Proposed § 1092.201(e), discussed below, would have further provided that the only orders issued to such motor vehicle dealers that would require registration would be those issued in connection with the functions that are excepted from the application of 12 U.S.C. 5519(a) as described in 12 U.S.C. 5519(b).

12 U.S.C. 5519 (“Exclusion for Auto Dealers”).

Fifth, the proposal excluded a person from the definition of “covered nonbank” if the person qualifies as a covered person based solely on conduct that is the subject of, and that is not otherwise exempted from, an exclusion from the Bureau's rulemaking authority under 12 U.S.C. 5517. This provision would have clarified that persons whose activities are wholly excluded from the rulemaking authority of the Bureau under one or more of the provisions of section 1027 of the CFPA are not “covered nonbanks.” However, where the CFPA provides that any of the activities engaged in by such persons are subject to the Bureau's rulemaking authority, this limitation would not have excluded the person from qualifying as a “covered nonbank.” For example, the Bureau explained, CFPA section 1027( l )(1) provides an exclusion from the Bureau's rulemaking authority for certain persons engaging in certain activities relating to charitable contributions. Under the proposal, a covered person would not have been deemed a “covered person” if it qualifies for this statutory exclusion and is not otherwise exempt from it. But CFPA section 1027( l)(2) exempts certain activities from this statutory exclusion by providing that “the exclusion in [CFPA section 1027( l)(1)] does not apply to any activities not described in [CFPA section 1027( l )(1)] that are the offering or provision of any consumer financial product or service, or are otherwise subject to any enumerated consumer law or any law for which authorities are transferred under subtitle F or H.” As proposed, persons described in CFPA section 1027( l)(1) engaging in the activities described therein would have qualified as “covered nonbanks” so long as they engage in any of the activities described in CFPA section 1027( l)(2), and they would thus be subject to all of the information-collection requirements of the rule applicable to “covered nonbanks,” regardless of whether the applicable “covered order” addressed the conduct subject to the statutory exclusion.

12 U.S.C. 5517.

12 U.S.C. 5517( l)(1) (“Exclusion for Activities Relating to Charitable Contributions”).

12 U.S.C. 5517( l)(2).

Among other things, the Bureau sought comment regarding the overall scope of the proposed definition of “covered nonbank,” including whether the definition should be expanded or limited in light of the purposes and objectives of subpart B. The Bureau further sought comment on whether a more limited or expanded approach to the registration of covered persons would be appropriate instead of the proposed requirements, whether it should consider any other modifications to the scope of the rule, and how such modifications would match the Bureau's policy goals.

Comments Received

The Bureau specifically sought comment as to whether it should adopt an alternative approach that would limit all of the proposal's registration requirements to covered persons that are subject to the Bureau's supervision and examination authority under CFPA section 1024(a). An industry commenter supported limiting the registration requirements to entities with annual receipts of more than $10 million, which is the Bureau's larger participant threshold for the consumer debt collection market under section 1024(a). While conceding that this approach would limit the number of orders subject to the rule, the commenter stated that it would greatly reduce the compliance burden on small businesses.

See12 U.S.C. 5514(a)(1)(B); 12 CFR 1090.105.

A consumer advocate commenter stated that the proposal should be modified in order to clarify that schools and State-affiliated student loan servicers satisfy the definition of “covered nonbanks.” The commenter stated that such clarification was particularly desirable in light of the exception for States from the definition of “covered nonbank,” as according to the commenter, certain entities accused of illegal conduct often falsely assert that they are agents or appendages of States.

The Bureau specifically requested comment on whether to include natural persons in the term “covered nonbank,” even though natural persons may be covered persons and may be subject to the types of orders described in the proposal. A consumer advocate commenter stated that the proposal should be modified in order to include natural persons who otherwise meet the definition of “covered person.” The commenter stated that including natural persons would provide consumers with an additional resource to identify bad actors in consumer financial services.

Commenters, including the SBA Office of Advocacy, stated that the proposal was insufficiently clear with respect to affiliates of insured depository institutions and insured credit unions. Commenters noted that certain bank holding companies and other nonbank affiliates of such entities meet the CFPA's definition of “covered person,” but they would not have fallen within the exemptions to the term “covered nonbank” provided in proposed § 1092.201(d). Commenters requested clarification as to which affiliates of banks and credit unions would qualify as “covered nonbanks” under the proposal. One industry commenter stated that the Bureau should ensure that the regulatory text expressly clarified the application of this definition to bank affiliates. Industry commenters also stated that the Bureau should exempt some or all of these bank-affiliated “covered persons” from the scope of the definition, and industry commenters stated that if the Bureau were to include affiliates of insured depository institutions and insured credit unions in the definition of the term “covered nonbank,” the Bureau should issue a supplementary proposal in order to provide for additional notice and comment on that approach. A consumer advocate commenter stated that the Bureau should take an expansive approach in addressing this question.

12 U.S.C. 5481(6).

Several industry and consumer advocate commenters approved of the proposal to collect and publish information about nonbanks, stating that the proposed registry would shed light on the large and growing nonbank financial sector. An industry commenter and a consumer advocate commenter stated that the proposed registry would help the Bureau identify nonbanks to bring under Bureau supervision. Industry commenters and a joint comment letter from members of Congress agreed that excepting banks and insured credit unions from the proposal was appropriate, although some commenters objected to the proposal's statement that the Bureau might consider including banks and credit unions in a future registry, stating that the Bureau lacked authority to do so or that collecting information from banks or credit unions would be unduly burdensome and duplicative. On the other hand, several commenters stated that the Bureau should not exempt banks and credit unions from the proposed rule's requirements. Industry commenters stated that this exemption was contrary to the proposal's rationale, and unfairly targeted nonbanks and put them at a competitive disadvantage. A consumer advocate commenter stated that the exemption was inconsistent with the publication of certain orders regarding nonbanks, and that nonbanks might attempt to evade the proposed rule's registration requirements by acquiring a banking charter.

A joint letter from State regulators stated that States have not witnessed widespread issues with or a growing trend of recidivism among nonbanks that would necessitate the creation of the proposed nonbank registry, and stated that previous remarks by the Bureau's Director had not emphasized a recidivism problem among nonbanks. However, consumer advocate commenters stated that recidivism by nonbanks did pose risks to consumers and that the registry would help users identify such risks and would otherwise help prevent recidivism.

While noting the exclusion of federally recognized tribes from the proposed definition, Tribal commenters suggested that the proposal's use of the term “State” to define the exemption from proposed § 1092.201(d)'s definition of “covered nonbank” was inadequate to protect Tribal sovereignty, and stated that the rule should adopt a more specific and clear exclusion for economic arms of the tribe, or for Tribal instrumentalities or entities wholly owned by tribes. These commenters asserted that tribes, as self-determining bodies, are the only ones competent to determine the status of an entity as enjoying Tribal sovereignty. Thus, in their view, U.S. government institutions—whether the Bureau, other U.S. regulators, or U.S. courts—lack competence to make such determinations. Tribal commenters also stated that application of the rule to Tribal instrumentalities would expose Tribal treasuries to unfounded attacks that the registry would generate.

Industry commenters stated that in addition to the exemption in proposed § 1092.201(d)(1) for insured credit unions, the Bureau should also exempt from the definition of “covered nonbank” credit union service organizations (CUSOs). The commenters stated that CUSOs must register with the National Credit Union Administration (NCUA) and report financial activity, with annual affirmations and updates, that NCUA and State regulators regularly exercise established authority to request information regarding CUSO activity, that requiring registration of CUSOs would be duplicative and burdensome, and that consumers would be unlikely to find such registration useful.

An industry commenter stated that the Bureau should exempt institutions that are supervised by the Farm Credit Administration from the definition of “covered nonbank.” The commenter stated that the reasons the proposal gives for excluding depository institutions and credit unions apply equally to Farm Credit institutions, and that such an exemption would be consistent with the unique treatment of such institutions under the CFPA.

An industry commenter stated that the Bureau should exempt attorneys and law firms from the scope of the proposal on the grounds that regulation of lawyers is properly placed not with the Bureau but with the judiciary and State bar associations, because of concerns that covered nonbanks that are attorneys or law firms could be required to divulge privileged communications between the lawyer and their client as well as information regarding their clients' confidential and proprietary business practices, and on the grounds that they are already heavily regulated and should otherwise not be subject to the rule.

Two industry commenters stated that the Bureau should exempt mortgage lenders and mortgage services from the scope of the proposal, or at a minimum, exempt such entities where they have satisfied the existing NMLS requirements for mortgage lenders/servicers to disclose such agency and court orders to the NMLS. These commenters stated that the proposed rule would have a disproportionate burden on such entities and would be largely duplicative of the orders that such entities report to the NMLS.

Response to Comments Received

Under the final rule, the Bureau will collect information under the nonbank registry in order to be informed about risks regarding a wide range of nonbank covered persons, and not just regarding the entities that are subject to its supervisory jurisdiction under CFPA section 1024(a). The Bureau finalizes its conclusion in the proposal that collecting information from a wider range of covered persons is appropriate to achieve its market-monitoring objectives. The Bureau declines to finalize the alternative approach discussed in the notice of proposed rulemaking that would have limited the scope of the definition to covered persons that are subject to the Bureau's supervision and examination authority under CFPA section 1024(a). The Bureau's market-monitoring information collection authority under CFPA section 1022(c)(4)(B)(ii) applies to “covered persons” and “service providers” as defined at CFPA section 1002, and the Bureau's registration authority under CFPA section 1022(c)(7) applies to all covered persons “other than an insured depository institution, insured credit union, or related person.” The Bureau concludes that the information that will be collected under the nonbank registry will be useful for purposes beyond conducting its supervisory work, and that it should collect information in order to inform its regulatory, enforcement, and other functions, where the Bureau's authority extends to numerous entities that are not subject to its supervisory jurisdiction. Even with respect to informing the Bureau's supervisory work, it will be necessary to collect information from entities that are not subject to Bureau supervision under CFPA section 1024(a). For example, the Bureau could use information submitted to the nonbank registry to inform its decisions regarding whether to issue new larger participant rules under CFPA section 1024(a)(2) or whether to exercise its authority to designate a covered person for supervision because the Bureau has reasonable cause to determine that the covered person is engaging or has engaged in conduct that poses risk to consumers. Thus, the Bureau will need to be informed about risks to consumers arising with respect to entities that are not presently supervised.

See88 FR 6088 at 6109.

See12 U.S.C. 5481(6), (26); 12 U.S.C. 5512(c)(4)(B)(ii).

See12 U.S.C. 5512(c)(7).

See12 U.S.C. 5514(a)(1)(B), (C), (a)(2); 12 CFR part 1091.

The Bureau declines to adopt a registration threshold or other exception from the rule's registration requirements based upon annual receipts or other size considerations. That approach would lead to the omission of relevant covered nonbanks from the registry, which would mean that the Bureau would not be notified regarding the existence of such entities and would not learn that they were subject to a covered order. Such an exception would unnecessarily limit the information that is provided to the Bureau and provide the Bureau with only a partial view of related risks. The Bureau concludes that the limited burden that will be imposed on such entities due to such information-collection requirements is warranted in light of the benefits to the Bureau and other users of the nonbank registry.

See also the section-by-section discussion of § 1092.201(q) below.

The Bureau declines to use this rulemaking as an opportunity to finalize a position regarding whether any particular type of entity is a covered person or otherwise falls under the regulatory definition of the term “covered nonbank.” The Bureau expects all entities subject to its jurisdiction to assess their own compliance obligations and to comply with the law. An entity that believes it has a good faith basis that it is not a covered nonbank or supervised registered entity, or that an order is not a covered order, but has concerns about whether the Bureau would agree, may file a good faith notification under § 1092.202(g) or § 1092.204(f).

The Bureau declines at this time to include natural persons in the term “covered nonbank.” For the reasons discussed in the proposal, the Bureau is primarily concerned about the risk to consumers that is presented by entities that are not natural persons, although it may consider expanding the registry in future. As the Bureau discussed in its proposal, the “natural person” exception in § 1092.201(c)(3) is intended only to exclude individual human beings from the definition of “covered nonbank.” The definition of “covered nonbank” would include trusts and other entities that meet the definition of “covered person” under CFPA section 1002(6).

The Bureau declines to finalize an exemption for affiliates of insured depository institutions or insured credit unions from § 1092.201(d)'s definition of the term “covered nonbank.” (As discussed in the section-by-section discussion of § 1092.201(q) below, that section's definition of the term “supervised registered entity” will not apply to an affiliate of an insured depository institution or insured credit union with total assets of more than $10 billion as described in CFPA section 1025(a). Therefore, such affiliates, even if they are “covered nonbanks,” are not subject to the final rule's written-statement requirements.) As the notice of proposed rulemaking indicated, an affiliate of an insured depository institution or insured credit union could be subject to the proposed rule if it is not itself an insured depository institution or insured credit union. While proposed § 1092.201(d)(1) would have excluded from the definition of “covered nonbank” insured depository institutions and insured credit unions (as well as “related persons,” a term defined in CFPA section 1002(25)), the proposal did not contain an exemption from the definition of “covered nonbank” for affiliates of such persons where they otherwise would meet that definition. Like other covered nonbanks, such an affiliate would only be subject to the rule if it qualified as a “covered nonbank” under the criteria established in § 1092.201(d), including the requirement that the affiliate satisfy the CFPA definition of the term “covered person.” With respect to the application of the final rule's written-statement requirements to such an affiliate, see the section-by-section discussion of § 1092.201(q) below.

12 U.S.C. 5515(a).

88 FR 6088 at 6108 n.139.

The Bureau finalizes the approach described in the proposal. The Bureau acknowledges that, like the insured depository institutions and insured credit unions that are exempt from the definition of “covered nonbank” under § 1092.201(d)(1), affiliates of those entities are subject to certain requirements imposed by the prudential regulators. And those regulators make certain information available to the public regarding such affiliates, including information regarding their identity and certain orders to which such affiliates are subject. Nevertheless, the Bureau concludes that requiring such affiliates that otherwise meet the definition of “covered nonbank” to submit information to the nonbank registry as required under § 1092.202 will serve the purposes of the final rule described in part IV above. Covered nonbanks that are affiliates of insured depository institutions and insured credit unions present a different set of risks to consumers than do insured depository institutions and insured credit unions. For example, they are generally neither chartered nor insured by the Federal Government; they are generally subject to a general corporate or business charter as opposed to a more restrictive banking or credit union charter; and they are generally not subject to the same restrictions on corporate form and powers that apply to insured depository institutions and insured credit unions.

See, e.g., 12 U.S.C 24a (authorizing financial subsidiaries of national banks to engage in nonbanking activities); 12 U.S.C. 1843 (authorizing bank holding company interests in nonbanking organizations), 1864 (authorizing bank service companies to engage in nonbanking activities). See also, e.g., Patricia A. McCoy, 1 Banking Law Manual: Federal Regulation of Financial Holding Companies, Banks, and Thrifts (3rd ed. 2023) §§ 5.02-5.03 (discussing powers of national banks, bank holding companies, and financial holding companies). In addition, such affiliates are not subject by statute to the same frequency of examination by a Federal agency as are insured depository institutions. See12 U.S.C. 1820(d) (generally requiring a “full-scope, on-site examination of each insured depository institution” either annually or, for certain small institutions, every 18 months). And certain affiliates are subject to a different system of ratings and supervision by the prudential regulators than are insured depository institutions. See, e.g., Large Financial Institution Rating System; Regulations K and LL, 83 FR 58724 (Nov. 21, 2018) (adopting ratings system for certain holding companies). See also the discussion below regarding credit union service organizations (CUSOs).

The Bureau concludes that it is appropriate to distinguish affiliated nonbanks engaged in the offering or provision of consumer financial products and services from their affiliates that hold a bank or credit union charter, are federally insured, and are engaged directly in the business of banking or providing credit union services, and to register and collect additional information from affiliated nonbanks for the purposes of identifying and assessing risk to consumers.

Furthermore, the approach taken in the final rule is consistent with CFPA section 1022(c)(7), which does not exempt such affiliate covered persons from the nonbank registration requirements that may be imposed by the Bureau under that statutory provision. In this case, Congress made a determination to extend the Bureau's registration authority over such persons, which are nonbanks subject to the Bureau's jurisdiction. Among other things, the Bureau needs to monitor risks to consumers presented by such nonbank affiliates in order to exercise its broad enforcement, supervisory, and regulatory authority over such persons. For example, Congress provided supervisory authority over nonbanks to the Bureau in order to ensure that the Bureau could exercise consistent Federal oversight of nondepository institutions based upon its assessment of the risk they pose to consumers. With respect to the affiliates of very large insured depository institutions and insured credit unions, Congress intended to address the preexisting “fragmented regulatory structure” by creating “one Federal regulator with consolidated consumer protection authority” that would monitor such entities. Consistent with this goal, the final rule will create a unified registry that will identify covered nonbanks that themselves participate in the markets for consumer financial products and services, as well as the orders to which they are subject, whether or not those covered nonbanks happen to be affiliates of banks or credit unions.

12 U.S.C. 5512(c)(7).

See S. Rep. No. 111-176, at 167 (2010) (“The authority provided to the Bureau in this section will establish for the first time consistent Federal oversight of nondepository institutions, based on the Bureau's assessment of the risks posed to consumers and other criteria set forth in this section.”).

See S. Rep. No. 111-176, at 168 (2010).

The Bureau is adopting an exception for insured depository institutions, insured credit unions, and related persons in § 1092.201(d)'s definition of the term “covered nonbank.” For the reasons stated in the proposal, the Bureau concludes that there is currently greater need to collect information from the nonbanks under its jurisdiction than from insured depository institutions, insured credit unions, and related persons, that there is a unique need to identify nonbanks subject to orders through the nonbank registry, and that the final rule will conform with the Bureau's registration authority under CFPA section 1022(c)(7), which states that the Bureau may impose registration requirements applicable to a covered person, other than an insured depository institution, insured credit union, or related person. As discussed at parts III and IV above, the Bureau is issuing this rule under separate authorities under CFPA sections 1022 and 1024. However, for clarity, the final rule will not cover persons who are not subject to the Bureau's CFPA section 1022(c)(7)(A) authority.

As explained below, the Bureau has adopted a revision to the proposed rule to clarify that a related person is excluded from the definition of “covered nonbank” only if the person qualifies as a “covered person” solely due to its related-person status.

12 U.S.C. 5512(c)(7).

In addition, the Bureau concludes that the final rule will facilitate the purposes of the nonbank registry described in part IV above even without registering insured depository institutions, insured credit unions, or related persons at this time. In light of the modest obligations imposed under the final rule, the Bureau does not think that the final rule will cause nonbanks to undergo the expense and effort involved in obtaining a banking charter to avoid their registration obligations under the final rule. The Bureau chooses at this time not to collect information from banks not only because orders against insured depository institutions and insured credit unions are public or required to be public—as are all covered orders, as provided at § 1092.201(e)—but also because the insured depository institutions and insured credit unions themselves are already subject to a comprehensive public Federal registration regime that identifies them to the public and is kept up to date. These requirements generally serve to distinguish orders issued against insured depository institutions and insured credit unions from orders issued against the covered nonbanks that the Bureau will register under the final rule.

See, e.g., 12 U.S.C. 1786(s) (insured credit unions), 1818(u) (insured depository institutions).

In addition, for the reasons discussed above and in the section-by-section discussion of § 1092.201(q), affiliates of insured depository institutions and insured credit unions may qualify as “covered nonbanks” subject to the final rule, and affiliates of insured depository institutions and insured credit unions with total assets of $10 billion or less may qualify as “supervised registered entities” subject to § 1092.204. As discussed in those sections, the Bureau is concerned that such affiliates may present different types of risks to consumers than insured depository institutions and insured credit unions do.

As discussed in part IV above, the registry will accomplish a number of goals, with a particular focus on monitoring for risks to consumers related to repeat offenders of consumer protection law. As discussed above, recidivism poses particular risks to consumers, and the Bureau believes that adoption of the final rule is appropriate for the purposes of monitoring for recidivism and publishing information that may help potential users of the nonbank registry identify recidivism by nonbanks. The joint comment letter from State regulators neither asserts nor demonstrates that recidivism by nonbanks does not present risks to consumers, and consumer advocate commenters stated that recidivism by nonbanks does present risks to consumers. The Bureau intends to use the information collected via the nonbank registry to help detect and assess relevant risks to consumers related to recidivism by nonbanks. In addition, the Bureau is adopting the final rule not just to monitor and deter recidivism by nonbanks but also more generally to serve all of the purposes described under part IV, pursuant to its legal authorities as described in part III. For example, as discussed in the section-by-section discussion of § 1092.205(a) below and elsewhere in this preamble, even one covered order may be probative of significant risk to consumers, and the written-statement requirements will serve the purposes described in part IV(D) whether or not an applicable supervised registered entity is subject to multiple covered orders. Thus, the Bureau believes its adoption of the final rule is appropriate even if recidivism among nonbanks currently presents only limited risks to consumers.

Section 1092.201(d)(2) excludes from the definition of the term “covered nonbank” a “State,” as defined in CFPA section 1002(27)—a term that includes “any federally recognized Indian tribe, as defined by the Secretary of the Interior” under section 104(a) of the Federal Recognized Indian Tribe List Act of 1994, 25 U.S.C. 5131(a). The Bureau declines to provide an express exemption from the final rule for Tribal instrumentalities or entities wholly owned by tribes because the Bureau does not choose to use this rulemaking as the vehicle for determining the circumstances under which tribally affiliated entities qualify as part of the tribe itself or are appropriately exempt from covered laws. At a minimum, where a covered nonbank becomes subject to a final court or agency order enforcing a covered law and otherwise satisfies the requirements of the rule, the Bureau believes that it is appropriate to register the entity and the order. The Bureau acknowledges that certain tribally affiliated entities may from time to time believe a court or agency has erred in imposing a covered order on them, based on grounds of sovereign immunity or otherwise. However, the Bureau believes that providing a blanket exemption for all such cases would improperly omit covered orders that are in fact probative of risk to consumers posed by entities subject to the Bureau's jurisdiction and thus should be registered under the final rule.

In requiring registration in connection with such orders, the Bureau takes no position on the merits of the underlying case, proceeding, or order, or any related arguments, including any arguments regarding sovereign immunity or Tribal status. As discussed in the section-by-section discussion of §§ 1092.202(g) and 1092.204(f) below, the Bureau believes that the voluntary good-faith filing option provides a satisfactory mechanism for tribally affiliated entities to avoid the risk of an enforcement action where they decide not to register an order or submit a written statement based on a good-faith belief that they are not a covered nonbank or a supervised registered entity, such as on the grounds that they qualify as part of a federally recognized tribe and thus as a “State,” or that an order is not a covered order. Also as discussed in those sections, an entity may choose whether or not it wishes to submit such a filing, and the Bureau will treat such filings as “administrative information” that it will not publish under § 1092.205(a). Thus, the Bureau does not agree that application of the rule to tribally affiliated entities would expose Tribal treasuries to unfounded attacks.

The Bureau declines to finalize an exemption for CUSOs in § 1092.201(d)'s definition of “covered nonbank.” Unlike insured credit unions, which are exempt from the definition, CUSOs are not directly subject to the NCUA's full examination and enforcement authority, and are not chartered or insured by the NCUA. And while presently the NCUA requires a federally insured credit union investing in or lending to a CUSO to obtain a written agreement requiring the applicable CUSO to “provide the NCUA with complete access to its books and records and the ability to review the CUSO's internal controls” and to supply the NCUA with “operational and financial information” via a CUSO Registry, the NCUA nevertheless has previously emphasized in Congressional testimony that “this does not provide access to examine all of the CUSO's operations.” The Bureau concludes that requiring covered nonbanks that are CUSOs to register will provide valuable information to the Bureau and others regarding risks such covered nonbanks may present to consumers. Among other things, if—as the Bureau intends—the Bureau publishes registry information, requiring CUSOs that qualify as covered nonbanks to register with the nonbank registry will facilitate credit union due diligence in using a CUSO to provide services to the credit union in connection with the offering or provision of consumer financial products and services.

Like other covered nonbanks, a CUSO would only be subject to the rule if it qualified as a “covered nonbank” under the criteria established in § 1092.201(d), including the requirement that the CUSO satisfy the CFPA definition of the term “covered person.” And a CUSO would only be subject to § 1092.204's written-statement requirements if it qualified as a “supervised registered entity” under the criteria established in § 1092.201(q). Under § 1092.201(q)(1), a CUSO that is subject to Bureau examination and supervision solely in its capacity as a service provider and that is not otherwise subject to Bureau supervision and examination will not be deemed to be a “supervised registered entity” under § 1092.201(q).

As discussed above, entities that are service providers may nevertheless also be covered persons under the CFPA. For example, a CUSO, such as a CUSO wholly owned by a credit union, that acts as a service provider under the CFPA to its covered person credit union affiliate would itself be deemed to be a covered person as provided in 12 U.S.C. 5481(6)(B), and thus would qualify as a “covered nonbank” under § 1092.201(d) if the other criteria of that definition are satisfied.

See NCUA Office of Inspector General, Report #OIG-20-07, “Audit of the NCUA's Examination and Oversight Authority Over Credit Union Service Organizations and Vendors” 4 (Sept. 1, 2020), https://ncua.gov/files/audit-reports/oig-audit-cusos-vendors-2020.pdf (OIG Report) (“CUSOs are not directly subject to NCUA regulation or examination and are not chartered or insured by the NCUA.”).

OIG Report at 6-8; see also12 CFR 712.3; CUSO Registry, https://ncua.gov/regulation-supervision/regulatory-reporting/cuso-registry.

OIG Report at 16 (describing NCUA testimony seeking additional statutory authority from Congress).

The Bureau also notes that the credit union exemption provided under § 1092.201(d)(1) applies only to insured credit unions, as that term is defined by § 1092.101(a), which in turn defines the term “insured credit union” to have the meaning given to that term in the CFPA. Thus, this exemption does not apply to credit unions, such as certain uninsured or privately insured credit unions, that do not meet the definition of “insured credit union” under the CFPA and the final rule. Such credit unions must comply with the rule's registration and other provisions with respect to covered nonbanks and supervised registered entities where they would otherwise be applicable.

See12 U.S.C. 5481(17).

Likewise, the exemption at § 1092.201(d)(1) would not apply to any bank or savings association that is not an “insured depository institution” or “insured credit union” as defined in the final rule. See § 1092.101(a), 201(h) of the final rule.

The Bureau declines to adopt an express exemption from the definition of “covered nonbank” for institutions supervised by the Farm Credit Administration. The industry commenter that requested such an exemption has not shown that it is necessary or appropriate. The commenter discusses one category of orders that institutions regulated by the Farm Credit Administration might register under the rule—namely, orders from the Farm Credit Administration enforcing compliance with certain Federal consumer financial laws. Under current Farm Credit Administration policy, however, the agency does not “identify the institution and/or persons involved” when it issues an order enforcing the law against an institution it regulates. An order that does not publicly “[i]dentif[y] a covered nonbank by name as a party subject to the order” would not qualify as a “covered order” required to be registered under the final rule. Moreover, in the event a person regulated by the Farm Credit Administration has concerns that it may be deemed a covered nonbank or that any particular order may be deemed a covered order notwithstanding its good-faith belief to the contrary, it may file one or more good-faith notifications under § 1092.202(g) or § 1092.204(f), as applicable.

The industry commenter states that institutions regulated by the Farm Credit Administration do not fall within other exclusions from the definition of “covered nonbank” in § 1092.202(d), such as the exclusion for a “person that qualifies as a covered person based solely on conduct that is the subject of, and that is not otherwise exempted from, an exclusion from the Bureau's rulemaking authority under 12 U.S.C. 5517.” Cf. 12 U.S.C. 5517(k) (providing that the Bureau “shall have no authority to exercise any power to enforce this title with respect to a person regulated by the Farm Credit Administration,” but not referring to the Bureau's rulemaking authority (emphasis added)).

Farm Credit Administration, Policy Statement: Disclosure of the Issuance and Termination of Enforcement Documents (effective Jan. 27, 2005), https://ww3.fca.gov/readingrm/Handbook/_layouts/15/WopiFrame.aspx?sourcedoc={920F0A1E-1839-493C-BE19-E13751EA460D}&file=Disclosure%20of%20the%20Issuance%20and%20Termination%20of%20Enforcement%20Documents.docx&action=default.

See § 1092.201(e)(1)(i) of the final rule.

The Bureau also does not choose to finalize an express exemption for attorneys or law firms in the final rule. Individual attorneys already fall outside the definition of covered nonbank under the § 1092.201(d)(4) exclusion for natural persons. Where a law firm satisfies the final rule's definition of the term “covered nonbank,” the Bureau concludes that entry of a covered order against such a covered nonbank is likely to be probative of risk to consumers, and that it is appropriate to require registration under such circumstances, consistent with the Bureau's statutory jurisdiction and authority. In addition, the final rule does not require the submission of any information to the nonbank registry that is protected by the attorney-client privilege or any other legal privilege. As stated in part III(B), the Bureau's registry is designed to not collect any protected proprietary, personal, or confidential consumer information, and thus, the Bureau will not publish, or require public reporting of, any such information. Further discussion of the publication provisions of the final rule is provided in the section-by-section discussion of § 1092.205 below.

With respect to commenters' requests for exemptions for mortgage lenders and servicers, the Bureau is finalizing a one-time registration option for NMLS-published covered orders at § 1092.203; this provision is discussed in more detail in part IV(E) and the section-by-section discussion of § 1092.203 below. Under the final rule, with respect to any NMLS-published covered order, a covered nonbank that is identified by name as a party subject to the order may elect to comply with the one-time registration option described in § 1092.203 in lieu of complying with the requirements of §§ 1092.202 and 1092.204. The Bureau is adopting this provision in part to address the concerns of commenters that requiring mortgage lenders and servicers to register orders that are already available on the public NMLS Consumer Access website would be duplicative and burdensome.

The Bureau declines to finalize an additional express exemption from § 1092.202(d) for covered nonbanks that are mortgage lenders or mortgage servicers. The CFPA expressly subjects these entities to the Bureau's supervisory authority, and the legislative history of the CFPA indicates that Congress viewed this authority as integral to the Bureau's mandate. In addition, the Bureau is the only Federal regulator with supervisory and enforcement jurisdiction over all of these entities, which are chartered by the various States. The option provided at § 1092.203 will help eliminate redundant filings by nonbank mortgage lenders and mortgage servicers while notifying the nonbank registry when an applicable order has been issued or obtained against a covered nonbank. Thus, the Bureau believes that requiring such entities to register covered orders, subject to the one-time registration option described in § 1092.203 for NMLS-published covered orders where it applies, would serve the purposes of the final rule described in part IV above.

See12 U.S.C. 5514(a)(1).

See, e.g., S. Rep. No. 111-176 at 11-14 (2010) (discussing the “mortgage crisis” that began in the 2000s), 167 (“Specifically, the Bureau will have the authority to supervise all participants in the consumer mortgage arena, including mortgage originators, brokers, and servicers and consumer mortgage modification and foreclosure relief services. These entities contributed to the housing crisis that led to the near collapse of the financial system.”), 229 (“The CFPB would have been able to head off the subprime mortgage crisis that directly led to the financial crisis, because the CFPB would have been able to see and take action against the proliferation of poorly underwritten mortgages with abusive terms.”). As discussed in part II(A) above, the Bureau was created in the wake of the 2008 financial crisis, which was caused by a variety of overlapping factors including systemic malfeasance in the mortgage industry.

Final Rule

For the reasons set forth above and as follows, the Bureau is finalizing § 1092.201(d) as proposed, with revisions to clarify the treatment of “related persons.” The final rule renumbers the items in § 1092.201(d) accordingly.

The Bureau had proposed to exclude “related persons,” as that term is defined at § 1092.101(a) and CFPA section 1002(25), from the proposed definition of “covered nonbank.” Final § 1091.201(d)(1) and (2) have been revised to retain this exclusion, but to clarify these provisions to provide that the final rule does not include within the definition of “covered nonbank” a person who is a covered person solely by virtue of being a related person as defined in CFPA section 1002(25). Under CFPA section 1002(25), certain persons are “deemed to [be] a covered person for all purposes of any provision of Federal consumer financial law[.]” However, CFPA section 1022(c)(7)(A) excludes related persons from the type of covered persons covered by Bureau rules regarding registration issued under CFPA section 1022(c)(7) authority. As discussed at parts III and IV above, the Bureau is issuing this rule under separate authorities under CFPA sections 1022 and 1024. However, for clarity, the final rule will not cover persons who are not subject to the Bureau's CFPA section 1022(c)(7)(A) authority. Therefore, the final rule excludes related persons from the definition of “covered nonbank,” to the extent that they are not covered persons for any other reason than being deemed covered persons pursuant to CFPA section 1002(25). For example, this exclusion generally would not apply to a nonbank entity that qualifies as a covered person because it offers or provides a consumer financial product or service, even if that entity also happens to be a related person.

88 FR 6088 at 6108.

12 U.S.C. 5481(25)(B).

12 U.S.C. 5512(c)(7)(A).

See12 U.S.C. 5481(6)(A).

Section 1092.201(e) Covered Order

Proposed Rule

The Bureau proposed § 1092.201(e) to define the term “covered order.” The proposal would have defined the term to include only orders that are both public and final. The term “public” was defined at proposed § 1092.201(k). The proposed term “covered order” was intended to cover only final settlement or consent orders, or final agency or court orders resulting from litigation or adjudicated agency proceedings. By “final” order, the proposal meant to exclude such orders as preliminary injunctions, temporary restraining orders, orders partially granting and partially denying motions to dismiss or summary-judgment motions, and other interlocutory orders. The proposed term would also have excluded temporary cease-and-desist orders that come into effect pending the resolution of an underlying contested matter but would have included a related final cease-and-desist or other order resolving the matter. The proposed term would have also excluded notices of charges, accusations, or complaints that are part of disciplinary or enforcement proceedings but do not constitute a final order. The Bureau proposed to include orders that are final by their own terms or under applicable law, even where Federal, State, or local law allows for the appeal of such orders. Proposed § 1092.201(f), defining the term “effective date,” would have addressed situations where an order is subject to a stay following issuance. The Bureau sought comment on whether the term “final” should be further defined in the regulatory text.

See, e.g., Gelboim v. Bank of Am. Corp., 574 U.S. 405, 408-09 (2015) (discussing the meaning of “final decision” under 28 U.S.C. 1291).

The proposed definition included orders issued by either an agency or a court. The proposal would have clarified that the definition would include an otherwise covered order whether or not issued upon consent. Accordingly, under the proposal, “covered orders” could have been issued upon consent or settlement. They could also have been issued after the filing of a lawsuit or complaint and a process of litigation or adjudication. The proposed term would not have included corporate resolutions adopted by an entity and not issued by an agency or court. Nor would the proposed term have generally included licenses, including conditional licenses; but the term would have included an order suspending, conditioning, or revoking a license based on a violation of law. Nor would the proposed term have included related stipulations or consents, where those documents are not incorporated into or otherwise made part of the order.

Proposed § 1092.201(e)(1) would also have included, as a component of the definition of the term “covered order” for a given covered nonbank, a requirement that the order identify the covered nonbank by name as a party subject to the order. Thus, for example, orders that indirectly refer to a covered nonbank as an “affiliate” of a named party, but do not name the covered nonbank as itself a party subject to the order, would not have been covered orders under proposed § 1092.201(e) with respect to the covered nonbank. Nor would orders that apply to a covered nonbank only as a “successor and assign” of a named party, where the order does not expressly identify the covered nonbank by name as a party subject to the order. The proposal would have included in the definition a covered nonbank that is listed by name as a party somewhere within the body of the order, even if the covered nonbank is not listed in the order's title or caption. In other words, to fall within the proposed § 1092.201(e) definition, it would have been sufficient that the order identifies the covered nonbank by name as a party subject to the order even if the covered nonbank is not listed in the title or caption of the order, or as the primary respondent, defendant, or subject of the order. A covered nonbank may have satisfied the proposed definition even if the issuing agency or court did not list the covered nonbank as a party in related press releases or internet links.

Proposed § 1092.201(e)(2) would have included, as a component of the definition of the term “covered order,” a requirement that the order have been issued at least in part in any action or proceeding brought by any Federal agency, State agency, or local agency. The Bureau believed that limiting the registration requirement to orders involving such agencies would provide sufficient information to support Bureau functions. This proposed requirement would have included orders issued by the Bureau itself, the “prudential regulators,” as that term is defined at CFPA section 1002(24), and any “Executive agency,” as that term is defined at 5 U.S.C. 105. The proposed requirement would have also included orders issued by “State agencies” as defined at proposed § 1092.201(n) and “local agencies” as defined at proposed § 1092.201(i). An order issued by a local agency would have satisfied this proposed requirement, but such an order would not have satisfied the requirement set forth in proposed § 1092.201(e)(4) (described below) unless the order imposed the obligations described in proposed § 1092.201(e)(3) on the covered nonbank based on one or more violations of a covered law. While certain Federal and State laws were included in the § 1092.201(c) definition of the term covered law, local laws were not.

12 U.S.C. 5481(24).

Proposed § 1092.201(e)(3) further would have included, as a component of the definition of the term “covered order,” a requirement that the order contain public provisions that impose obligations on the covered nonbank to take certain actions or to refrain from taking certain actions. Such obligations may have included, for example, injunctions or other obligations to cease and desist from violations of the law; to pay civil money penalties, refunds, restitution, disgorgement, or other money; to amend certain policies and procedures, including but not limited to instances where the order requires submission of the proposed amendments to policies and procedures for nonobjection; to maintain records or to provide them upon request; or to take or to refrain from taking other actions. An order suspending, conditioning, or revoking a license based on a violation of law would have met this requirement. An order that lacks any public provision imposing such an obligation on the covered nonbank would not have met the requirement in proposed § 1092.201(e)(3). The Bureau explained that an example of the type of orders that might not have satisfied this requirement would be a declaratory judgment order finding that an entity has violated the law, but not imposing any remedial obligations. Other examples, the Bureau explained, might include orders whose only public provisions are releases and general contractual terms frequently contained in consent orders, such as severability and counterpart signature provisions, but only to the extent these provisions do not impose any other obligations described by proposed § 1092.201(e)(3).

The proposed § 1092.201(e)(3) requirement would have excluded order provisions that are not “public” as that term was defined in proposed § 1092.201(k). For example, obligations imposed by non-public provisions that constitute confidential supervisory information of another agency would not have been considered when determining whether a particular order satisfies this proposed requirement. Proposed § 1092.201(e)(3) would have also excluded orders that lack any public provision imposing an obligation on the covered nonbank to take certain actions or to refrain from taking certain actions. The Bureau explained that, for example, an order that describes unlawful conduct but does not contain any such public provisions imposing obligations described at proposed § 1092.201(e)(3) would not have satisfied this requirement. The Bureau proposed to exclude from the rule's information-collection requirements nonpublic orders and portions of orders in order to help protect the confidential processes of other agencies, including their supervisory processes. The Bureau was concerned that requiring registration of confidential supervisory information might have interfered with the functions and missions of other agencies and did not believe that requiring such registration was necessary to accomplish the purposes of the proposed rule. The Bureau noted that, to the extent that it has a need to review nonpublic orders or nonpublic portions of orders, the Bureau may seek access to relevant information through inter-agency information sharing that protects applicable privileges and confidentiality. In addition, as discussed in the section-by-section discussion of § 1092.201(m) below, the Bureau believed that publication of nonpublic information, including but not limited to confidential supervisory information of the Bureau or other agencies, would be inappropriate.

Proposed § 1092.201(e)(4) would have also included, as a component of the definition of the term covered order, a requirement that the order impose one or more of the obligations described in proposed § 1092.201(e)(3) on the covered nonbank based on an alleged violation of a covered law. The Bureau explained that, under the proposal, a covered order need not have included an admission of liability or any particular factual predicate. The Bureau anticipated that agency and court orders would vary widely in form and content, depending in part on such matters as the relevant individual laws being enforced, the historical practices of the various enforcement agencies, and the negotiations and facts and circumstances underlying specific orders. Because of these expected variations in form and content in the orders that the Bureau expected to be registered under the proposal, the Bureau believed that requiring registration only of orders that contain an admission of liability, or a statement setting forth certain types of findings or other factual predicates underlying the order, would omit relevant orders. The Bureau believed that an order that contains neither an admission of liability nor a statement setting forth the factual predicate underlying the order may nevertheless be probative of risks to consumers of the type that the Bureau is obligated to monitor.

The Bureau explained that, for purposes of this proposed definition, an obligation would have been “based on” an alleged violation where the order identifies the covered law in question, asserts or otherwise indicates that the covered nonbank has violated it, and imposes the obligation on the covered nonbank at least in part as a result of the alleged violation. This would have included, for example, obligations imposed as “fencing-in” or injunctive relief, so long as those obligations were imposed at least in part as a result of the entity's violation of a covered law. This element of the proposed definition would also have been satisfied, for example, by any obligation imposed as part of other legal or equitable relief granted with respect to the violation, as well as by any obligation imposed in order to prevent, remedy, or otherwise address a violation of a covered law, or the conditions resulting from the violation. The Bureau noted, however, that an order that does not identify a covered law as at least one of the legal bases for the obligations it imposes on a covered bank would not satisfy the requirement set forth at proposed § 1092.201(e)(4). The Bureau explained that an order may identify a covered law as a legal basis for the obligations imposed by referencing another document, such as a written opinion, stipulation, or complaint, that shows that a covered law served as the legal basis for the obligations imposed in the order. The Bureau, however, stated that the requirements of proposed § 1092.201(e)(4) would not have been satisfied where the legal basis for the obligations imposed is specified only in extrinsic documents not referenced in the order at issue, such as a press release or blog post.

The Bureau explained that an obligation imposed based on multiple violations, some of covered laws and some of other laws, would qualify as an “obligation[ ] . . . based on an alleged violation of a covered law” within the meaning of proposed § 1092.201(e)(4), even if the violations of the non-covered laws would themselves have sufficed to warrant the imposition of the obligation.

The Bureau explained that the proposed § 1092.201(e)(4) requirement would have included an order issued by an agency exercising any powers conferred on such agency by applicable law to enforce a covered law, so long as the order imposes one or more of the obligations described in proposed § 1092.201(e)(4) on the covered nonbank based on an alleged violation of a covered law. For example, the Bureau noted, certain Federal agencies may issue an order predicated on violation of a Federal consumer financial law under the authority of another enabling enforcement or licensing statute. Among other examples, an appropriate Federal banking agency may issue orders in connection with certain violations of Federal consumer financial law under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), the Administrator of the National Credit Union Administration may issue such orders under the Federal Credit Union Act (12 U.S.C. 1751 et seq.), and the Securities and Exchange Commission may issue such orders under the Federal securities laws. The Bureau noted that such an order issued in connection with violations of Federal consumer financial law would satisfy the requirement set forth in proposed § 1092.201(e)(4) in cases where the order imposes the obligations described in proposed § 1092.201(e)(3) on the covered nonbank based on one or more violations of Federal consumer financial law (or another covered law).

The Bureau noted that other agencies also may rely upon their enforcement authorities under other laws in issuing orders in connection with violations of FTC Act section 5 (and rules and orders issued thereunder). For example, an appropriate Federal banking agency may issue orders in connection with violations of FTC Act section 5 by relying on its enforcement authorities under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818). The Bureau explained that such an appropriate Federal banking agency order would have satisfied the requirement set forth in proposed § 1092.201(e)(4) in cases where the order imposed the obligations described in proposed § 1092.201(e)(3) on the covered nonbank based on one or more violations of the prohibition on unfair or deceptive acts or practices under FTC Act section 5 (or a rule or order issued for the purpose of implementing that prohibition) or another covered law. The order, the Bureau explained, would satisfy the requirement provided in proposed § 1092.201(e)(4) even though the FTC Act does not expressly authorize the Federal banking agencies to enforce FTC Act section 5.

Similarly, the Bureau considered an obligation to be “based on” an alleged violation of a covered law where: (i) a State agency issues an order pursuant to certain State statutes that treat violations of Federal or State laws as violations of the State statute; and (ii) the order (or, as discussed above, an extrinsic document referenced in the order) states that one or more violations of a covered law ( e.g., a Federal consumer financial law) served as the legal basis for imposing the obligations under such statute. In such cases, while the majority of these State laws would not themselves have qualified as covered laws under proposed subpart B—and therefore were not captured in appendix A—the underlying law violation would have so qualified. The Bureau believed including such instances was important, as it understood that State agencies sometimes issue orders in connection with violations of Federal consumer financial law relying on their authorities under these State licensing and other statutes that do not themselves satisfy the definition of covered law. Importantly, however, such an order would not have met the proposed definition of “covered order” unless the order itself (or, as discussed above, an extrinsic document referenced in the order) stated that a covered law served as the legal basis for the obligations imposed in the order. A State order that relied upon such a statute, but that did not identify a covered law as the legal basis for the obligations imposed thereunder, would not have satisfied the requirement set forth in proposed § 1092.201(e)(4). Nor would an order that imposed obligations solely based on violations of other laws, even laws that are analogous to covered laws but do not themselves qualify as covered laws under proposed subpart B. Section 1092.201(e)(4), the Bureau explained, was intended to capture only orders that impose obligations based upon an agency's or court's determination that the applicable covered nonbank has actually violated the covered law itself.

See, e.g., Wash. Rev. Code sec. 19.146.0201(11).

The Bureau explained that the obligations imposed in an order issued or obtained by a State agency under a State law that incorporates Federal law may be “based on” an alleged violation of Federal consumer financial law under proposed § 1092.201(e)(4), even if the Federal consumer financial law itself does not expressly authorize that State agency to enforce it. The Bureau noted that, so long as the State agency states that the relevant order provisions are based on one or more violations of the Federal consumer financial law, it would be a covered order under the proposed definition.

Under proposed § 1092.201(e)(5), the proposal would also have defined “covered order” to mean an order that has an effective date on or later than January 1, 2017. The Bureau believed that limiting the registration requirement to orders with more recent effective dates would provide sufficient information to support Bureau functions. The Bureau explained that many orders issued by Federal, State, and local agencies do not have expiration dates or do not expire until after the passage of many years. While the Bureau believed that many earlier-in-time orders remain highly probative of ongoing risks to consumers and could assist the Bureau in carrying out its market-monitoring obligations—as well as assist the Bureau in assembling an effective nonbank registry—the Bureau preliminarily concluded that considerations of administrative efficiency favored focusing on orders issued within approximately the first several years preceding any final rule. The Bureau sought comment on this proposed approach.

Finally, proposed § 1092.201(e) would have provided that the term “covered order” would not include an order issued to a motor vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, within the meaning of CFPA section 1029(a), except to the extent such order is in connection with the functions that are excepted from the application of CFPA section 1029(a) as described in CFPA section 1029(b). This provision would have excluded certain orders issued to motor vehicle dealers that are described in CFPA section 1029(a), and would have incorporated the definitions provided at CFPA section 1029(f). CFPA section 1029(a) establishes a statutory exclusion from the Bureau's authority; CFPA section 1029(b) excepts certain functions of motor vehicle dealers from that exclusion. The Bureau noted, therefore, that an order that is issued to a motor vehicle dealer that relates to the functions described in section 1029(a)—that is, the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both—generally would not have been a “covered order” under the proposed definition. However, if the order related at least in part to a function excepted from the application of CFPA section 1029(a) as described in CFPA section 1029(b), this limitation would not apply, and the order would have qualified as a “covered order.” The functions described in 1029(b) include: “provid[ing] consumers with any services related to residential or commercial mortgages or self-financing transactions involving real property;” “operat[ing] a line of business—(A) that involves the extension of retail credit or retail leases involving motor vehicles; and (B) in which—(i) the extension of retail credit or retail leases are provided directly to consumers; and (ii) the contract governing such extension of retail credit or retail leases is not routinely assigned to an unaffiliated third party finance or leasing source;” and “offer[ing] or provid[ing] a consumer financial product or service not involving or related to the sale, financing, leasing, rental, repair, refurbishment, maintenance, or other servicing of motor vehicles, motor vehicle parts, or any related or ancillary product or service.”

12 U.S.C. 5519(a).

12 U.S.C. 5519(b).

12 U.S.C. 5519(f).

12 U.S.C. 5519(a), (b).

12 U.S.C. 5519(b).

Comments Received

The Bureau specifically sought comment on whether certain types of orders should be categorically excluded from registration. Commenters stated that the registry should not collect or publish information regarding consent orders. Commenters stated that including consent orders would unfairly include orders that do not involve any adjudication of wrongdoing; that such orders often are based on errors or inaccurate or contested allegations, or result from a change in a regulator's interpretation of the law; and that such orders often contain provisions clearly stating that the entity does not concede or admit liability. Commenters also stated that companies often only settle matters in order not to incur the cost, delay, and uncertainty of litigation, that consent orders often involve matters that might not have been determined to be violations if fully litigated, and that regulators are often uncertain about whether they can prove the violations alleged. Industry commenters stated that consent orders represent only a crude predictor of risk, and including them would provide an inaccurate, inconsistent, or misleading picture of risk to consumers. Industry commenters stated that including consent orders would penalize companies that have agreed to settle matters instead of litigating them, and that including consent orders would be unfair because it would lead to registering only those businesses who are not able to afford defending themselves from government attacks.

See88 FR 6088 at 6110.

Commenters, including the SBA Office of Advocacy, specifically objected to the Bureau's publication of consent orders, stating that such publication would be unfair because it would have negative reputational consequences and lead to a decrease of business; would prejudice the entities involved; would otherwise provide inaccurate information to the Bureau and to consumers; would lead to higher compliance costs; would likely encourage class action lawsuits and spurious litigation claims; and could result in unintended consequences.

Commenters stated that, in particular, publication of consent orders would deter covered nonbanks from consenting to covered orders in future. Commenters stated that the deleterious effects of being identified on the registry would have a chilling effect on consents and would discourage settlement in future proceedings, including those brought by agencies other than the Bureau, and would induce covered nonbanks to litigate enforcement or civil actions instead of settling. Thus, commenters argued, the registry would prolong litigation, raise costs, and worsen outcomes, and could be disruptive to the State and local oversight process, in particular as regulators might become less likely to bring enforcement actions. Commenters stated that these effects would be especially pronounced for smaller settlements. The joint letter from State regulators stated the imposition of the proposed written-statement requirements, in particular, could frustrate a State regulator's ability to effectively resolve supervisory matters or to finalize enforcement matters. An industry commenter stated that the proposed registry would create a disincentive for entities to self-report violations, for fear of becoming subject to the proposed rule's registration requirements. Commenters stated that because of these effects, the registry would lead to additional harm to consumers. But a consumer advocate commenter stated that the argument that the registry will deter entities from being cooperative or forthcoming is an inappropriate threat not to cooperate that should not be rewarded with lax oversight.

Industry commenters stated that the proposed registry would be unfair because other companies are likely engaging in conduct similar to the conduct that resulted in a covered order but are not getting caught.

An industry commenter objected to the Bureau's proposal to register orders issued or obtained by the Bureau itself, stating that an additional registry of such orders would be superfluous.

Commenters objected to the Bureau's proposal to register orders issued by State agencies and local agencies, and by State courts, and to impose written-statement requirements in connection with such orders. Commenters stated that the Bureau lacks authority, expertise, and knowledge of relevant circumstances applicable to such orders, and has no legitimate interest in them. An industry commenter indicated that the proposal would give the Bureau enforcement power over other agencies' orders for violations of State and Federal laws that the Bureau has no jurisdiction to enforce. A Tribal commenter stated that including such orders in a public database would interfere with the other government's sovereign decision regarding whether and how to publish its own orders. An industry commenter stated that orders issued by local agencies should not be included because local regulatory and enforcement agencies may be subject to more local, provincial issues, local control, and local political trends, and be less likely to produce orders that are based on broader consumer financial protection issues.

A Tribal commenter stated that the definition of “covered order” should be amended to require that the order be “enforceable” in addition to final and public. The Tribal commenter also stated that the rule should clarify when an order is issued “at least in part” in an action or proceeding brought by an applicable agency.

An industry commenter stated that it was unclear under the proposed definition whether nonpublic NCUA letters of recommendation would be covered.

An industry commenter stated the Bureau should further clarify the definition of “covered order” because State agencies vary in their approaches to enforcing and interpreting orders. The commenter stated that one State agency may consider a final order that involves a corrected issue to be closed, while another State may not.

The Bureau specifically sought comment on the scope of proposed § 1092.201(e)(1), which included a requirement that the covered order identify a covered nonbank by name as a party subject to the order, and whether proposed § 1092.201(e)(1) should also include affiliates, successors and assigns, or other methods of identifying entities subject to orders, even though they are not expressly named in the order. A consumer advocate commenter stated that the rule should apply to successors and assigns, not just named parties as provided under proposed § 1092.201(e)(1).

Commenters stated generally that the proposed registry was overbroad and too prescriptive. Industry commenters suggested that the Bureau attempt to limit those covered orders that require registration to orders that involve more serious or direct consumer harm, as opposed to those that involve only clerical or administrative errors, or that do not meet a minimum threshold of harm to consumers. Commenters stated that the proposed registry should not lump small orders together with large important orders. Commenters stated that the proposal's approach would result in overreporting of minor infractions that would confuse or mislead the public, overwhelm the nonbank registry, or render the nonbank registry less useful, and would improperly impose reputational harm.

Under proposed § 1092.201(e)(5), the proposal would have defined “covered order” to mean an order that has an effective date on or later than January 1, 2017. A consumer advocate commenter stated that the term “covered order” should include all orders for 10 years prior to the effective date of the final rule. The commenter stated that this change would correspond with proposed § 1092.202(e), which would have provided that a covered order shall cease to be a covered order for purposes of this subpart as of the later of: (1) ten years after its effective date; or (2) if the covered order expressly provides for a termination date more than ten years after its effective date, the expressly provided termination date.

An industry commenter stated that the 2017 date should be moved forward to 2019 or later to better distinguish nonbanks with only a few consent orders, or that have taken appropriate remedial steps related to the order, from actors with a clear record of consistent consumer or other abuse.

Industry commenters stated that the nonbank registry should not apply to prior orders at all, but only to orders issued after the effective date of the rule. An industry commenter stated that the proposal would violate the right to due process, as entities would not have agreed to consent to covered orders if they had been aware of the Bureau's registry. Another commenter stated that the proposal's registration of existing orders contravened legal tradition barring ex post facto laws.

Tribal and industry commenters stated that orders should not be considered “final” as provided under proposed § 1092.201(e) until all avenues of appeal have been exhausted.

A joint letter by State regulators stated that the proposal introduced other complexities and confusion for covered entities and consumers due to ambiguities relating to the rule's registration requirement, and that these ambiguities could not be satisfactorily addressed because most covered orders will not be issued by the Bureau. In particular, the joint comment letter questioned how the same or similar violations across different business lines would be treated, and how the registration requirements would apply if multiple States take unilateral action for a firm's violation of the same consumer financial law. The comment expressed concern that nonbanks would be unable to understand or comply with the obligations of the rule due to questions about if, when, and how a nonbank might be required to report an order to the Bureau.

An industry commenter stated that the Bureau should clarify that an affiliate of a covered person need not register with respect to a covered order unless it is itself named in the covered order.

The Bureau received a question in interagency consultation regarding whether “assurances of voluntary compliance” would be covered orders.

Response to Comments Received

The Bureau is finalizing the definition of “covered order” to include an otherwise covered order whether or not issued upon consent. Accordingly, “covered orders” may be issued upon consent or settlement. The Bureau is adopting this approach for several reasons. First, under § 1092.201(e)(1)(iv), the final rule will only apply to orders in which an agency or court has imposed applicable obligations on the covered nonbank based on an alleged violation of a covered law. Where a court or agency makes a decision to issue an order based on one or more violations of a covered law, such an order is clearly relevant to and probative of risk to consumers (including risks related to developments in markets for consumer financial products and services), whether or not the entity agrees with the issuing agency or court's determination. The Bureau acknowledges that certain covered nonbanks may from time to time believe a court or agency has erred in issuing or obtaining a covered order against them, even in cases where the entity has consented to the imposition of the order. For example, the entity may believe that the order is based on inaccurate or contested allegations of fact or law, or that it resulted from an improper change in a regulator's interpretation of the law. The Bureau concludes that a covered order is likely probative of risk to consumers even in such cases. In most cases, the fact that an agency has devoted its limited resources to an action to enforce a covered law, and a covered nonbank has agreed to take on obligations based on the alleged violation rather than litigate the issue, indicates a heightened likelihood that the covered nonbank may present risks to consumers that may warrant the Bureau's attention, even if the covered nonbank believes that it had arguments for why it was not liable. Excluding consent orders or orders that do not contain an admission of liability from the rule would unduly restrict the information that would be collected regarding many orders that are highly probative of risk to consumers, such as orders based upon clearly established and significant violations of covered laws, and would limit the rule's usefulness. Collecting information about consent orders also will assist the Bureau in identifying and evaluating patterns of risks associated with orders across companies, industries, products, and regions. For example, in conducting its assessments of consumer risk, the Bureau will often find it useful to know whether a covered nonbank, or type of nonbank, has (or has not) become subject to multiple orders across a period of time, or from multiple agencies, or based on violations of multiple covered laws, or across product lines, or in particular geographic regions, even where such orders were entered into upon consent. Thus, it is appropriate to collect information about such orders and the entities subject to such orders, and to publish such information as provided under § 1092.205.

Second, the Bureau's collection of information regarding consent orders, and its potential republication of those consent orders, does not imply any admission of fault or additional liability by the applicable covered nonbank. The Bureau acknowledges that many consent orders do not contain admissions of wrongdoing, and that entities may consent to the imposition of such orders while disagreeing with the findings of the agency or court. Such orders may contain provisions clearly stating that the entity does not concede or admit liability. However, the final rule is intended to provide the Bureau with the ability to monitor relevant orders and to inform relevant nonbank registry users and the public about them. As stated in the notice of proposed rulemaking, the Bureau believes that requiring registration only of orders that contain an admission of liability, or a statement setting forth certain types of findings or other factual predicates underlying the order, would omit relevant orders. The Bureau believes that an order that contains neither an admission of liability nor a statement setting forth the factual predicate underlying the order may nevertheless be probative of risks to consumers of the type that the Bureau is obligated to monitor. Just as entities may consent to an order in order not to incur the cost, delay, and uncertainty of litigation, so to a Federal agency, State agency, or local agency may accept an entity's consent to an order without requiring an admission of liability, for similar reasons. Therefore, the final rule includes as “covered orders” consent orders as well as orders obtained after a contested or litigated hearing, lawsuit, or other process. As discussed in the description of the proposal above, for purposes of this definition, an obligation is “based on” an alleged violation where the order identifies the covered law in question, asserts or otherwise indicates that the covered nonbank has violated it, and imposes the obligation on the covered nonbank at least in part as a result of the alleged violation, even where the order contains provisions clearly stating that the entity does not concede or admit liability. But the Bureau's collection and potential publication of information about a consent order does not somehow imply that the covered nonbank admits liability with respect to the order. Nor does the final rule otherwise affect the entity's obligations under the order or any other liability that may result from the matters addressed by the order.

88 FR 6088 at 6111.

Third, the Bureau concludes that its potential publication of information related to consent orders as described at § 1092.205 will not impose unfair costs on consenting entities. As discussed in part VIII, the final rule will not make public any non-public orders, limiting the likely costs on covered nonbanks of publishing consent orders. Nor will the Bureau's potential publication of information relating to consent orders as described at § 1092.205 provide inaccurate, inconsistent, or misleading information to consumers, as the Bureau will simply be collecting and presenting factual information regarding such orders that are already published (or required to be published) elsewhere. For further discussion of publication, see the section-by-section discussion of § 1092.205 below.

Fourth, the Bureau disagrees with the assertions by commenters that the potential deleterious effects of being listed on the registry will materially deter entities from agreeing to consent orders or otherwise impair the ability of other agencies to administer and enforce the laws subject to their jurisdiction. Covered orders are already public. The Bureau expects that the disincentive effect of the additional visibility for these orders via the nonbank registry would be minimal and would be outweighed by benefits of the registry. Likewise, the Bureau does not believe that the additional burden associated with either the information-collection or the written-statement requirements of the final rule is so great as to deter a covered nonbank from self-reporting, or from entering into a consent agreement or stipulation that would otherwise be in its best interests.

Covered orders are probative of risk to consumers (including risks related to developments in markets for consumer financial products and services), even if it may be true that not all violations of covered laws result in covered orders. The Bureau still has an interest in collecting and publishing information regarding such covered orders, and in imposing the other requirements of the rule in connection with such orders, even if there are other violations of covered laws occurring that the nonbank registry does not detect.

The Bureau is finalizing the definition of the term “covered order” to include orders issued or obtained by the Bureau itself. The Bureau believes the final rule's requirements will provide additional useful information in connection with such orders. The identifying information submitted by covered nonbanks, and the final rule's obligation to update that information in the event of changes, could provide new and useful information to the Bureau and the registry. For example, a company that moves or changes its name will be required to update the registry. Also, § 1092.204's written-statement requirements will provide new information on an annual basis about the Bureau's orders and the applicable supervised registered entity's compliance with them, including the name and title of the supervised registered entity's attesting executive. In addition, including orders issued or obtained by the Bureau will contribute to the registry's comprehensiveness, which in turn will make the registry a more useful resource for the Bureau and others in conducting research regarding general trends in the enforcement of consumer financial protection laws.

See also the section-by-section discussion of § 1092.201(k) below regarding the exclusion of orders issued or obtained by the Bureau from the final rule's definition of the term “NMLS-published covered order.”

Final § 1092.201(e) includes orders issued or obtained by State or local agencies. As also discussed in the section-by-section discussion of § 1092.201(c) above, the final rule will not provide the Bureau with enforcement power over other agencies' orders or with authority with respect to violations of Federal and State laws that the Bureau lacks jurisdiction to enforce. The Bureau defers to other agencies' and courts' interpretations of the orders they have issued or obtained under their own authority against persons subject to their jurisdiction, and to those agencies' and courts' decisions about whether and how to enforce such orders. The Bureau has not and does not assert that it may enforce all covered orders or covered laws, nor is the final rule a mechanism for it to do so. (To be sure, the definition of “covered order” does encompass certain orders that the Bureau may enforce, such as its own orders issued under Federal consumer financial law or the other laws described in § 1092.201(c)(2). But the final rule does not affect the Bureau's authority to do so.)

Excluding orders issued or obtained by State agencies from the definition of “covered order” would also improperly exclude orders issued or obtained by State attorneys general and State regulators under 12 U.S.C. 5552.

Instead, the purposes of the final rule are as described herein, including to inform the Bureau regarding risks related to covered orders issued or obtained by State agencies and local agencies. The Bureau has a legitimate interest in learning about such orders and the entities that are subject to them. Collecting and registering such orders will assist with monitoring for risks to consumers in the offering or provision of consumer financial products and services. The Bureau concludes that the information that will be provided via the nonbank registry regarding orders issued or obtained by State agencies and local agencies will inform the Bureau's functions even though the Bureau may lack jurisdiction to enforce the order and may not be involved in the issuance or implementation of the order. For the reasons described in part IV, covered orders are nevertheless probative of risk to consumers (including risks related to developments in markets for consumer financial products and services) that is of concern to the Bureau, and the Bureau has a legitimate interest in becoming informed regarding such orders even where they have been issued or obtained by State or local agencies (as opposed to Federal agencies). And the identifying information submitted to the nonbank registry will help the Bureau identify and monitor the covered nonbanks that are subject to such orders, which will also inform the Bureau's functions.

For discussion of the purposes of the final rule's written-statement requirements, see part IV(D) and the section-by-section discussion of § 1092.204 below.

Nothing in the CFPA confines the risks to consumers that must be monitored by the Bureau to risks related solely to the Federal Government, or solely to orders issued or obtained by Federal agencies. To the contrary, the Bureau is tasked with monitoring a wide range of sources to inform its assessments of risks to consumers, specifically including matters within the jurisdiction of State agencies and local agencies. For example, as discussed in part IV(B), CFPA section 1024(b)(2)(D) provides that the Bureau, in making risk-based supervisory prioritization determinations, shall take into account “the extent to which . . . institutions are subject to oversight by State authorities for consumer protection.” The existence of one or more orders issued or obtained by the types of State agencies described in the final rule in connection with violations of covered law would provide important and directly relevant information regarding the extent to which nonbanks are subject to oversight by State authorities for consumer protection. Likewise, in allocating its resources to perform market monitoring, the Bureau may consider “the legal protections applicable to the offering or provision of a consumer financial product or service, including the extent to which the law is likely to adequately protect consumers.” As the types of “legal protections” to be considered by the Bureau are not restricted solely to protections related to Federal agencies, the Bureau concludes that it may consider the information that will be obtained under the final rule regarding covered orders issued or obtained by State agencies or local agencies under this provision. Another provision, CFPA section 1024(b)(3), requires coordination with State supervisory authorities with respect to nonbanks supervised by the Bureau. The final rule will enhance the Bureau's ability to stay informed and up to date regarding recent covered orders issued or obtained by State agencies and local agencies against covered nonbanks that are subject to its jurisdiction, and thus will facilitate coordination with relevant State authorities.

12 U.S.C. 5514(b)(2)(D).

In addition, as discussed in part IV(B), the Bureau concludes that the existence of an order issued or obtained by a State agency or a local agency requiring registration under the final rule would be probative of risks to consumers as described in 12 U.S.C. 5514(b)(2)(C) (referring to “the risks to consumers created by the provision of such consumer financial products or services”), and determines that the existence of such an order is a relevant factor for the class of covered persons subject to the final rule under 12 U.S.C. 5514(b)(2)(E) (providing that the Bureau shall also take into account “any other factors that the Bureau determines to be relevant to a class of covered persons”). Thus, knowledge of such orders issued or obtained by State agencies or local agencies will be relevant information in prioritizing and scoping the Bureau's supervisory activities under CFPA section 1024(b) with respect to the covered persons subject to that provision.

12 U.S.C. 5512(c)(2)(C).

12 U.S.C. 5514(b)(3).

For similar reasons, the Bureau concludes that it is appropriate to impose the final rule's written-statement requirements in connection with covered orders issued or obtained by State agencies and local agencies against supervised registered entities. The Bureau disagrees with commenters' assertions that the Bureau lacks authority to impose these requirements with respect to such State agency and local agency orders or that such imposition is otherwise inappropriate. As discussed above, such orders are probative of the risks to consumers that the Bureau is tasked with detecting and assessing as part of its supervisory work. Violations of such orders may be probative of heightened risks for consumers and borrowers that are relevant to the Bureau's exercise of its supervisory authority; thus, for the reasons discussed in part IV(D) above and the section-by-section discussion of § 1092.204 below, the written-statement requirements will facilitate the Bureau's supervision of supervised registered entities subject to such orders. The information collected under § 1092.204 regarding risks to consumers that may be associated with the orders, including potential violations of CFPA sections 1031 and 1036, and the applicable supervised registered entity's compliance systems and procedures will be relevant to the Bureau's supervisory authority even where those risks are associated with State agency and local agency orders. For the reasons discussed in part IV(D) and the section-by-section discussion of § 1092.204, imposing § 1092.204's requirements with respect to orders issued or obtained by State or local agencies also will help ensure that the supervised registered entities subject to such orders are legitimate entities and are able to perform their obligations to consumers. Contrary to commenters' suggestions, the Bureau is not adopting the written-statement requirements to administer or enforce orders issued or obtained by State or local agencies, but rather to further its statutory purposes under CFPA section 1024(b)(7)(A)-(C) with respect to risks to consumers that are relevant under Federal law, that are associated with entities that are subject to the Bureau's supervisory and examination authority under CFPA section 1024(a), and that arise in connection with the offering or provision of consumer financial products and services subject to the Bureau's jurisdiction.

In the proposal, the Bureau described a number of types of orders that would and would not be considered “final” orders under the proposal. The Bureau finalizes these descriptions, which are recounted in the summary of the proposed rule above. The Bureau's discussion of examples of non-final orders, however, was not intended to be exhaustive. Other orders that are not final orders are also excluded from § 1092.201(e)'s definition of the term “covered order.”

The Bureau is finalizing § 1092.201(e) to include orders issued or obtained by local agencies. Even if, as a commenter suggests, such agencies are less likely than are other agencies to issue or obtain relevant consumer protection orders, information about such covered orders as they do issue will be relevant and informative to the Bureau. As stated in the description of the proposal above, some local agencies have authority to enforce State consumer protection laws, and the Bureau believes it is important to include orders issued or obtained by such local agencies in the definition.

The Bureau does not express an opinion on this question. The Bureau intends to use the information it obtains through the final rule to better understand the quantity and content of covered orders and the types of agencies that issue them.

Also, as discussed in part IV(B), it is important for the Bureau to collect information about such public orders across markets and agencies as provided in the final rule, which will improve the Bureau's efforts to determine where entities, either as a group or individually, are repeatedly violating the law. The registry will provide a valuable mechanism to help ensure that the Bureau is rapidly made aware of such repeat offenders across a range of markets and enforcement agencies, including State agencies and local agencies. Confining the orders collected to those issued or obtained only by Federal agencies would unnecessarily limit the information that is provided to the Bureau and provide the Bureau with only a partial view of such risks.

With respect to publication, final § 1092.201(e) requires that a “covered order” be “public” as defined at § 1092.201(m). Thus, the covered orders issued or obtained by a State agency or local agency that may be published by the nonbank registry under § 1092.205 will have already been published, or are required to be published under governing laws, rules, or orders. As a result, the registry will not interfere with but rather reflect the decisions of State or local agencies in that regard.

The Bureau is finalizing the definition of “covered order” without a requirement that the order be “enforceable.” Such a requirement would lead to confusion and imprecision as to the final rule's submission requirements, as it will not always be clear whether any particular covered order is “enforceable.” The Bureau does not wish to invite arguments from covered nonbanks as to whether any particular covered order is or is not actually “enforceable.” For example, an entity may consent to the imposition of an order while privately believing that the order may not properly be enforced against it under the correct understanding of the law. The Bureau concludes that the nonbank registry should collect and potentially publish information about such orders and that they should not be excepted from the final rule's definition of “covered order.” Moreover, as discussed in the section-by-section discussion of § 1092.202(f) below, a covered nonbank must submit a final filing to the nonbank registry if a covered order is terminated, modified, or abrogated (whether by its own terms, by action of the applicable agency, or by a court). Amending the definition of “covered order” to require that the order be “enforceable” would reduce the information provided by these final filings, at least under certain circumstances. For example, where a covered nonbank has registered a covered order with the nonbank registry and the order is subsequently terminated, modified, or abrogated by action of the applicable agency or court, the order would at least theoretically no longer satisfy the “enforceability” requirement and would therefore no longer qualify as a “covered order.” Thus, the covered nonbank would not be required to submit the final filing required by § 1092.202(f), which is a valuable mechanism to clarify the current status of covered orders to the Bureau and other users of the nonbank registry.

Section 1092.201(e)(1)(ii) includes, as a component of the definition of the term “covered order,” a requirement that the order have been issued at least in part in any action or proceeding brought by any Federal agency, State agency, or local agency. By requiring that the order be issued “at least in part” in such an action or proceeding, the Bureau will require registration of orders that may include certain elements that are not directly related to the action or proceeding brought by the agency. For example, an order may impose obligations on a covered nonbank in a lawsuit brought by both an agency and a set of private plaintiffs. So long as the agency brought the action or proceeding, and the order was issued at least in part in that action or proceeding, this component of the definition would be satisfied with respect to the entire order.

The commenter's question about nonpublic NCUA letters of recommendation appears to refer to a type of confidential NCUA supervisory communication. First, “insured credit unions” as that term is defined at § 1092.101(a) are not covered nonbanks and thus are not subject to any of the requirements of the rule. Second, only “public” orders, as the term “public” is defined at § 1092.201(k), are covered orders. To the extent an entity receives a confidential letter or other communication from the NCUA that is not “public” as defined, the communication would not be a covered order. This would include any order (or portion of any order) that constitutes confidential supervisory information of any Federal or State regulator.

One industry commenter stated the definition of “covered order” should be clarified because State agencies vary in their approaches to enforcing and interpreting orders. While the Bureau does not necessarily disagree with the latter statement, the Bureau does not believe these differences among State agencies require modification of the definition. The Bureau does not believe, and does not intend by finalizing the rule to suggest, that all covered orders are somehow equivalent. The Bureau has considered the types of orders that it believes are probative of risk to consumers and require registration. The final rule contains a number of elements, each of which must be satisfied in order to cause an order to require registration. An order that satisfies the definition of the term “covered order” is subject to the final rule's requirements with respect to such orders, to the extent they apply. It is not clear how any differences among State interpretations or approaches would be relevant to determining whether an entity must comply with the rule's requirements. Nor does the Bureau believe that any such differences would render publication of such orders or the other registration information required by the rule to be misleading or inappropriate. Differences among State treatment of when orders are resolved or closed should not affect filing obligations under the final rule. Under § 1092.202(f)(1), if a covered order is terminated, modified, or abrogated (whether by its own terms, by action of the applicable agency, or by a court), the applicable covered nonbank should submit a final filing under that section. The covered nonbank should not submit such a final filing based solely on a State supervisory or other communication that does not result in the termination, modification, or abrogation of the order. Finally, where an entity believes in good faith it is not subject to a covered order, but is not certain the Bureau would agree with its interpretation, it may file a good faith notification under § 1092.202(g).

The Bureau is finalizing § 1092.201(e)(1) (renumbered as § 1092.201(e)(1)(i)) without revisions that would have the effect of requiring successors or assigns who are not named as parties in an order to continue satisfying the rule's requirements with respect to that order. The Bureau finalizes its preliminary conclusion in the proposal that the approach described in the proposed rule will effectively achieve the Bureau's market-monitoring objectives with greater administrative ease. The Bureau is concerned that in many cases the application of covered orders to successors and assigns may be unclear, and that registration of new entities that are not expressly named in the order may cause confusion for the Bureau and other users. Also, the Bureau anticipates that, at least in some cases, the issuing agency or court will modify its order to ensure that a successor or assignee entity will remain subject to the order, and that the new entity would then be required to register under § 1092.202. However, the Bureau notes that while a new successor or assignee entity would not be subject to the rule's requirements with respect to an order that did not expressly identify it by name as a party subject to the order, the Bureau does not intend to exclude entities that simply change their legal name or doing-business-as name following the issuance of the order, so long as the same legal entity remains subject to the order.

88 FR 6088 at 6117.

See also the section-by-section discussion of § 1092.202(b) below.

The Bureau is finalizing § 1092.201(e) without narrowing the definition to encompass only orders that involve direct consumer harm, as opposed to those that involve only clerical or administrative errors. The Bureau also declines to adopt any specific minimum quantitative or other thresholds for consumer harm with respect to the covered orders that require registration under the final rule. While the Bureau agrees that not every covered order will represent an equivalent amount of risk, the Bureau is finalizing the rule in a manner designed to capture relevant risks. As explained above, when an agency issues an order, or seeks a court order, enforcing the law, it typically has determined that the problems at the applicable entity are sufficiently serious to merit the expenditure of that agency's limited resources and perhaps the attention of the courts. Further, in the Bureau's experience, the existence of an order identifying a legal violation is often probative of broader potential inadequacies in an entity's compliance systems, even if the violation addressed in the order might be described as “clerical,” “administrative,” or otherwise technical in nature. The Bureau thus concludes that covered orders as defined at § 1092.201(e) are likely to be probative of relevant risk to consumers. The final rule establishes multiple criteria for an order to be a “covered order” that is subject to the rule's requirements. The Bureau believes these criteria are sufficient to identify and distinguish certain kinds of orders that are likely to be probative of risk to consumers and that the Bureau has the authority to monitor. The Bureau declines to adopt additional criteria that would further narrow this definition.

In addition, the Bureau is concerned that adopting the types of distinctions commenters propose would not be administrable. It is not clear what would constitute a violation of law that only amounted to a “clerical” or “administrative” error, as opposed to a more “serious” violation of a covered law. The Bureau believes that the final rule appropriately describes and encapsulates orders that are likely to be probative of risk to consumers without adding a carveout for “clerical” or “administrative” violations. Thus, the collection and publication of information about such orders, even ones that address matters that could appear to some audiences as comparatively “minor,” will serve the purposes of the final rule described in part IV above. Providing for a minimum threshold would also add undue complexity to the final rule, depending upon the criteria that might be adopted, and could make compliance more difficult or burdensome. For example, if the Bureau were to impose registration only with respect to orders where a minimum dollar threshold of consumer harm or number of consumers affected was related to the order, it is not clear that such dollar amounts or numbers would be calculated in all cases. Even where such an amount might be determined, the full extent of related consumer harm might not be known for some time after the issuance of the order, or might be confidential supervisory information or otherwise confidential (and the Bureau does not intend to reveal such confidential information to the public via the nonbank registry). The Bureau declines to introduce such complexities into the final rule. While such questions might be reasonably answerable with respect to certain types of orders, and many individual orders may be structured to permit calculation and public disclosure of such threshold amounts, the Bureau intends the requirements of the final rule to be sufficiently flexible to collect information regarding a wide range of agency and court orders that may provide evidence regarding risk to consumers. The Bureau also declines to impose materiality requirements as to the type of violations that must be declared in written statements submitted under § 1092.204; see the section-by-section discussion of this section below for additional discussion of these issues.

Publication of information collected by the registry as intended by the Bureau will enable users of the registry to access relevant and accurate information about covered orders, including the violations that may be associated with such orders, and will not cause but rather help prevent confusion and the distribution of misleading information. See the section-by-section discussion of § 1092.205 below for additional discussion of related issues involving the potential publication of registry information.

The Bureau finalizes § 1091.201(e)(5) (renumbered as § 1091.201(e)(1)(v)) as proposed. For the reasons stated in the proposal, the Bureau believes that registering orders with an effective date on or after January 1, 2017, is likely to lead to collecting useful information and otherwise will best serve the purposes of the final rule described in part IV above. The Bureau declines at this time to amend the definition of covered order to include orders with an effective date prior to January 1, 2017. While, as discussed in the proposal, the Bureau believes earlier orders are highly probative of consumer risk, the Bureau finalizes its preliminary conclusion in the proposal that considerations of administrative efficiency favor focusing on orders issued within approximately the first several years preceding the final rule.

88 FR 6088 at 6112.

The Bureau also declines to finalize a later date for this provision. This approach would lead to the omission of covered orders that are recent enough to be relevant to risk to consumers, and would impair the ability of the Bureau and others to identify trends and patterns in the information collected. The Bureau acknowledges that in the intervening time following the issuance of a covered order and before registration, it is possible that many entities will have taken steps to address the violations and other issues identified in the covered order. The Bureau encourages covered nonbanks to take the steps necessary to protect consumers and comply with covered orders and other laws. Nevertheless, the Bureau concludes that registration of such orders will serve the purposes of the final rule described in part IV above. Information regarding the existence of past covered orders will inform the Bureau regarding risk to consumers posed by the applicable covered nonbank. The issuance of a covered order, and the information that will be collected under the final rule about the covered nonbank and the order, such as the violations of covered law and related obligations identified in such an order, are not rendered irrelevant for the purposes of the final rule simply because a covered nonbank has taken steps to address the underlying violations or issues. In some cases, the existence of a past covered order might prompt the Bureau to seek additional information, from the covered nonbank itself or other sources, to assess whether the remedial steps taken by the covered nonbank have been successful. In other cases, the Bureau might include the past covered order in a more general research project aimed at assessing trends in orders enforcing the law over time. See the section-by-section discussion of § 1092.205 below for additional discussion of related issues involving the potential publication of registry information.

The Bureau disagrees with commenters' suggestions that the registry would impose an unlawfully retroactive effect or is incompatible with constitutional principles relating to ex post facto laws. The mere fact that the Bureau is requiring registration based on previously issued public orders does not render that requirement impermissibly retroactive. “[T]he judgment whether a particular [law] acts retroactively should be informed and guided by familiar considerations of fair notice, reasonable reliance, and settled expectations.” Taking into account those considerations, the registration and publication provisions of §§ 1092.202, 1092.203, and 1092.205 do not operate in an impermissibly retroactive manner. The Bureau is requiring covered nonbanks prospectively to register information with the Bureau. Going forward, the Bureau plans to use that information as a source of market intelligence to use in identifying areas of greater—or reduced—risk to consumers, to inform the allocation of the Bureau's own resources, and to better understand the entities' compliance management systems and processes. Further, § 1092.202 merely requires covered nonbanks to report covered orders that are already published (or required by law, rule, or order to be published). Requiring covered nonbanks to submit to the Bureau information about such public orders imposes little meaningful burden, and thus does not present significant concerns regarding fair notice or upsetting reasonable reliance or settled expectations. Nor would any publication by the Bureau of registration information as provided at § 1092.205 impose a meaningful additional burden on entities, given that registered orders would already be a matter of public record. It is therefore highly unlikely that covered nonbanks would have made different decisions with respect to past enforcement actions— e.g., whether to settle or vigorously litigate such actions—had they known that the enforcement actions could one day subject them to such a low-burden registration requirement. As a result, the imposition of the registration requirement does not have impermissible retroactive effect.

See Landgraf v. USI Film Prods., 511 U.S. 244, 269 n.24 (1994) (“[A] statute `is not made retroactive merely because it draws upon antecedent facts for its operation.'” (quoting Cox v. Hart, 260 U.S. 427, 435 (1922)).

INS v. St. Cyr, 533 U.S. 289, 321 (2001) (citation omitted).

Commenters do not appear to argue that § 1092.204's written statement requirements would have impermissible retroactive effect. Nor could they. As discussed in the section-by-section discussion of § 1092.204 below, that section's written statement requirements apply only to covered orders with an effective date after the applicable nonbank registry implementation date (and thus after the final rule's effective date as well). While some covered orders with an effective date after the applicable nonbank registry implementation date might relate to violations of covered laws committed before the final rule's effective date, the Bureau does not believe that the prospect of becoming subject to the written-statement requirements would have had a significant marginal impact on a supervised registered entity's decision whether to engage in conduct that risked violating covered laws, given the negative consequences already associated with committing such legal violations.

Nor does the Bureau believe the U.S. Constitution's prohibition on ex post facto laws would apply to the rule, which is adopted under the Bureau's civil rulemaking authorities in the CFPA. Under longstanding precedent, civil laws generally are not within the protective reach of the Ex Post Facto Clause.

See, e.g., Smith v. Doe, 538 U.S. 84, 92 (2003); Calder v. Bull, 3 U.S. (3 Dall.) 386, 391 (1798); see also U.S. CONST. art. I, sec. 9, cl. 3 (prohibiting Congress from enacting ex post facto laws). While the Bureau believes that the final rule neither is unlawfully retroactive nor violates the Ex Post Facto Clause, if a court were to conclude that the Bureau cannot apply the rule's registration requirements to previously issued covered orders “that remain in effect as of the effective date” of subpart B, as § 1092.202(a) provides, the Bureau intends for that language in § 1092.202(a) to be severable under § 1092.103. Under the remaining language of § 1092.202(a), the rule's registration requirements would apply after severance “only with respect to covered orders with an effective date on or after the effective date” of subpart B.

For the reasons discussed in the proposal, the final rule includes orders that are final by their own terms or under applicable law, even where Federal, State, or local law allows for the appeal of such orders. The Bureau declines to exempt a broader category of orders as to which Federal, State, or local law allows for an appeal. Section 1092.201(f) states, “If the issuing agency or a court stays or otherwise suspends the effectiveness of the covered order, the effective date [of the covered order] shall be delayed until such time as the stay or suspension of effectiveness is lifted.” The requirements set forth in § 1092.202(b)(2) with respect to any applicable covered order are tied to the order's effective date as defined. Thus, § 1092.202 already adequately addresses situations where a reviewing agency or court has issued a stay or has otherwise suspended the effectiveness of a covered order. In such cases, the covered nonbank will not be required to register the covered order until 90 days after its new effective date. In contrast, the Bureau believes that a covered order that has not been stayed by the issuing agency or a court, and has been allowed to come into effect, is likely to be probative of risk to consumers, even if avenues of appeal remain available. For that reason, the Bureau has determined not to exempt such orders from the rule's requirements. A covered nonbank should register such an order within 90 days of its effective date as required by § 1092.202(b)(2)(i). Should the covered order be terminated, modified, or abrogated, including by a reviewing court's decision that renders the order ineffective or void, the covered nonbank should submit a final filing under § 1092.202(f)(1), after which it would have no further obligation to update its registration information. The Bureau is also finalizing a revision to § 1092.204(a) to clarify that a supervised registered nonbank is not required to comply with § 1092.204's written-statement requirements in cases where the applicable covered order has not been registered under § 1092.202 due to a stay or other agency or court action.

The Bureau's determination on this issue accords with the general principle that an unstayed judgment can be enforced even while an appeal is pending. See, e.g., Acevedo-Garcia v. Vera-Monroig, 368 F.3d 49, 58 (1st Cir. 2004) (“The federal rules contemplate that, absent a stay, a victorious plaintiff may execute on the judgment even while an appeal of that judgment is pending.”); 16A Catherine T. Struve, Federal Practice and Procedure § 3949.1 (5th ed. 2023) (“Unless the judgment is stayed, the district court may (pending appeal) act to enforce the judgment . . . .”).

See the section-by-section discussion of § 1092.204(a) below.

The Bureau does not share the concern expressed in the joint letter from State regulators that covered nonbanks will be unable to understand or comply with the final rule. With respect to the comment that ambiguities in the rule's registration requirements could not be satisfactorily addressed because most covered orders will not be issued by the Bureau, the Bureau agrees that covered nonbanks will need to apply § 1092.201(e)'s definition of “covered order” in connection with a wide range of orders, many of which will not be drafted by the Bureau. However, the Bureau believes that, in the vast majority of cases, entities subject to the final rule will be able to clearly discern whether they must comply with the registration and written-statement requirements in connection with any particular order, and that such registration will serve the purposes of the rule as stated. Moreover, in the event a covered nonbank has concerns that any particular order may be deemed a covered order notwithstanding its good-faith belief to the contrary, it may file one or more good-faith notifications under § 1092.202(g) or § 1092.204(f) with respect to that order.

Regarding the comments in the joint letter questioning how the same or similar violations across different business lines would be treated as well as how the registration requirements would apply if multiple States take unilateral action for a firm's violation of the same consumer financial law, a covered nonbank must satisfy the rule's requirements with respect to all applicable covered orders that satisfy § 1092.201(e)'s definition. For a discussion of the final rule's treatment of multiple orders, see the section-by-section discussion of § 1092.201(l) below.

If the public portions of an order do not “identify [the applicable] covered nonbank by name as a party subject to the order” as provided at § 1092.201(e)(1)(i), then the order is not a covered order with respect to that covered nonbank. Thus, under the final rule, an affiliate of a covered person need not register with respect to a covered order unless it is itself named as a party in the public portions of the covered order. As discussed in the proposal, orders that indirectly refer to a covered nonbank as an “affiliate” of a named party, but do not name the covered nonbank as itself a party subject to the order, would not be covered orders under final § 1092.201(e) with respect to the covered nonbank. While § 1092.202(c) provides that the Bureau's filing instructions may require joint or combined submissions to the nonbank registry by covered nonbanks that are affiliates as defined in § 1092.101(a), the final rule will not require an affiliate to submit information to the nonbank registry under this provision in connection with a covered order unless public portions of the order identify the affiliate by name as a party subject to the order.

88 FR 6088 at 6110.

Under § 1092.201(e), the term “covered order” may include legally enforceable written agreements under sections 8 and 50 of the Federal Deposit Insurance Act or any State counterparts, as well as assurances of discontinuances embodied in orders or judgments issued by agencies or courts. Likewise, an “assurance of voluntary compliance” (AVC) accepted by a State agency under State law may qualify as a “covered order” where it satisfies all of the criteria established under § 1092.201(e), including that the AVC contains public provisions that impose obligations on the covered nonbank to take certain actions or to refrain from taking certain actions, and imposes such obligations on the covered nonbank based on an alleged violation of a covered law. As with other orders, an AVC is not excepted from the definition of “covered order” solely because it contains neither an admission of liability nor a statement setting forth the factual predicate underlying the order. A State agency's acceptance of a legally enforceable AVC, as with an agency's acceptance of a legally enforceable written agreement, would generally occur in an “action or proceeding brought by any Federal agency, State agency, or local agency” for purposes of § 1092.201(e)(1)(ii).

12 U.S.C. 1818, 1831aa.

Final Rule

For the reasons discussed above, the Bureau is finalizing § 1092.201(e) as proposed, with minor technical edits. The Bureau finalizes its preliminary conclusion in the proposal that these categories of public orders would assist with monitoring for risks to consumers in the offering or provision of consumer financial products and services.

Section 1092.201(f) Effective Date

Proposed Rule

The proposal would have defined the term “effective date” to mean, in connection with a covered order, the effective date as identified in the covered order; however, if no other effective date is specified, then the date on which the covered order was issued would have been treated as the effective date for purposes of subpart B of the proposal. The Bureau anticipated that the effective date for many covered orders would be evident from the face of the order, and in nearly all cases should be relatively easy to identify.

Proposed § 1092.201(f) would also have provided that if the issuing agency or a court stays or otherwise suspends the effectiveness of the covered order, the effective date shall be delayed until such time as the stay or suspension of effectiveness is lifted. Thus, the registration obligations under proposed subpart B would also have been delayed accordingly. The Bureau anticipated that such situations would be rare and sought comment on whether this proposal would adequately address them.

Comments Received and Final Rule

The Bureau did not receive any comments specifically regarding proposed § 1092.201(f)'s definition of the term “effective date.” See the section-by-section discussion of § 1092.201(e) above for a discussion of comments addressing which orders should be included in the term “covered orders.” For the reasons set forth in the description of the proposed rule above, the Bureau is finalizing § 1092.201(f) as proposed.

Section 1092.201(g) Identifying Information

Proposed Rule

Proposed § 1092.201(g) would have defined the term “identifying information.” This term would have described the scope of identifying information a covered nonbank may be required to submit pursuant to proposed § 1092.202(c). Proposed § 1092.201(g) would have limited this information to information that is already available to the covered nonbank, and which uniquely identifies the covered nonbank. As described in proposed § 1092.201(g), this information would have included, to the extent already available to the covered nonbank, legal name, State of incorporation or organization, principal place of business address, and any unique identifiers issued by a government agency or standards organization. The Bureau explained that examples of the latter identifiers that entities might have been required to provide under proposed § 1092.202(c) would include an NMLS identifier, a Home Mortgage Disclosure Act (HMDA) Reporter's Identification Number, the Legal Entity Identifier (LEI) issued by a utility endorsed by the LEI Regulatory Oversight Committee or endorsed or otherwise governed by the Global LEI Foundation (GLEIF, or any successor of the GLEIF), and a Federal Tax Identification number.

See12 CFR 1003.4(a)(1)(i)(A) (addressing LEIs).

The Bureau believed that this information would help it to identify covered nonbanks with specificity, including ensuring that the Bureau can identify covered nonbanks' submissions to other registries and databases where applicable, such as the NMLS, and HMDA submissions. Furthermore, the Bureau believed that, upon publication, this information would facilitate the ability of consumers to identify covered persons that are registered with the Bureau. The proposal would not have required the entity to obtain an identifier. Thus, for example, if the proposed NBR system were to have asked about a particular type of identifier and that type of identifier had not been assigned to the covered nonbank, then under the proposal, the covered nonbank would have been able to indicate the identifier is not applicable.

Comments Received

A nonprofit commenter supported the inclusion of the legal entity identifier (LEI) in proposed § 1092.201(g) and the inclusion of the LEI as a public data element in the nonbank registry. The commenter suggested that the Bureau, when an LEI is submitted, could also obtain the applicable covered nonbank's legal name, legal address, and headquarters address from the Global LEI System.

Response to Comments Received

In response to the comment about using LEI information, the Bureau may require covered nonbanks to submit such information to the registry and will consider further opportunities to obtain relevant information from other sources including the Global LEI System.

Final Rule

For the reasons set forth above, the Bureau is finalizing § 1092.201(g) as proposed, with revisions as described below.

The proposal would have collected information regarding a covered nonbank's State of incorporation or organization. The Bureau is adopting a revision to provide that the Bureau may require a covered nonbank that is not incorporated or organized in a State to submit to the registry the names of any other jurisdiction in which it is incorporated or organized. For example, a covered nonbank that is incorporated or organized under Federal law or the laws of a foreign government should provide that information. If collected, such information would be categorized as “identifying information” under filing instructions issued under § 1092.102(a). The Bureau concludes that since certain covered nonbanks may not be incorporated or organized under State law, collecting and potentially publishing such information may be useful to the Bureau and to other potential users of the registry information that the Bureau intends to publish under § 1092.205(a). Under the final rule, where applicable, this information will include information regarding the State or other jurisdiction where a covered nonbank that is not organized as a corporation was formed—for example, where a covered nonbank organized as a partnership filed its partnership agreement, where a covered nonbank organized as a limited liability company was organized, or where the covered nonbank was otherwise formed.

As discussed in the section-by-section discussion of § 1092.205(a) below, the Bureau is retaining the discretion not to publish information under § 1092.205 based on operational considerations.

The Bureau is adopting a revision to provide that the Bureau may require a covered nonbank to submit to the registry any doing business as or fictitious business names, which if collected would be categorized as “identifying information” under filing instructions issued under § 1092.102(a). The Bureau concludes that collecting and potentially publishing doing business as or fictitious business names (including trade names or previously-used names) as “identifying information” under § 1092.202(c) may be useful to the Bureau and to other potential users of the registry information that the Bureau intends to publish under § 1092.205(a). Since some companies may use different names in different contexts, and it may not always be obvious whether a particular doing business as or fictitious business name may apply to a covered nonbank, such information may help the Bureau and other potential users identify the covered nonbanks that are registered with the nonbank registry as well as the covered orders to which they are subject.

In filing instructions adopted under § 1092.102(a), the Bureau will specify the “unique identifiers issued by a government agency or standards organization” that will be collected under § 1092.202(c). As discussed in the proposal, examples of the latter identifiers that entities may be required to provide under proposed § 1092.202(c) include an NMLS identifier, a HMDA Reporter's Identification Number, and LEI information. The Bureau may also specify other unique identifiers in filing instructions in addition to the examples discussed in the proposal. The Bureau also may collect, for example, an RSSD ID, a unique identifier assigned to financial institutions by the Federal Reserve System, and an Electronic Data Gathering, Analysis, and Retrieval system (EDGAR) Central Index Key (CIK), a unique identifier assigned by the Securities and Exchange Commission (SEC) to persons that submit filings to the SEC.

Under the final rule, the Bureau will not collect or publish Federal employer identification numbers (EIN) from covered nonbanks as “identifying information” as that term is defined at § 1092.201(g), but may determine to collect this information under § 1092.202(c) as “administrative information” that the nonbank registry will not publish under § 1092.205(a). In filing instructions issued under § 1092.102(a), the Bureau will specify whether and how it will collect such information. In addition, a registered entity should not submit any Social Security numbers, individual taxpayer identification numbers, or other similar personally identifying tax information to the nonbank registry, even if the registered entity uses an individual's Social Security number in tax documents filed by or associated with the entity. As stated in part III(B), the Bureau's registry is designed to not collect any protected proprietary, personal, or confidential consumer information, and thus, the Bureau will not publish, or require public reporting of, any such information.

Section 1092.201(h) Insured Depository Institution

Proposed Rule

The proposal would have defined the term “insured depository institution” to have the same meaning as in 12 U.S.C. 5301(18)(A). Section 5301(18)(A), in turn, incorporates the meaning of “insured depository institution” provided in section 3 of the Federal Deposit Insurance Act, 12 U.S.C. 1813.

See12 U.S.C. 1813(c)(2) (defining “insured depository institution” as “any bank or savings association the deposits of which are insured by the [Federal Deposit Insurance] Corporation pursuant to this chapter”).

Comments Received and Final Rule

The Bureau did not receive any comments specifically regarding proposed § 1092.201(h)'s definition of “insured depository institution.” See the section-by-section discussion of § 1092.201(d) above for a discussion of the final rule's treatment of such institutions and their affiliates. For the reasons set forth above, the Bureau is finalizing § 1092.201(h) as proposed.

Section 1092.201(i) Local Agency

Proposed Rule

The proposal would have defined the term “local agency” to mean a regulatory or enforcement agency or authority of a county, city (whether general law or chartered), city and county, municipal corporation, district, or other political subdivision of a State, other than a State agency. The term would not have included State agencies.

The Bureau proposed to require registration in connection with applicable orders issued or obtained by local agencies. The Bureau understood that local agencies do issue or obtain public orders under covered laws. For the reasons described above with respect to orders issued by Federal and State agencies, the Bureau believed that such orders may indicate risk to consumers, and that obtaining information about these orders would support Bureau functions.

See, e.g., Cal. Bus. & Prof. Code sec. 17204 (authorizing enforcement of Cal. Bus. & Prof. Code sec. 17200 by certain county counsel and city attorneys).

Comments Received and Final Rule

The Bureau did not receive any comments specifically regarding proposed § 1092.201(i)'s definition of “local agency.” For the reasons set forth in the description of the proposed rule above, the Bureau is finalizing § 1092.201(i) as proposed.

Section 1092.201(j) NMLS

Proposed Rule

The proposal did not contain an exemption for covered orders published on the NMLS Consumer Access website.

Comments Received

See the section-by-section discussion of § 1092.203(a) below for a discussion of comments received regarding duplication of the proposed registry with the NMLS and discussing or requesting an exemption for orders that are already published or available via NMLS, and the Bureau's responses thereto.

Final Rule

The Bureau is finalizing a new paragraph (j) to § 1092.201 and is renumbering the remainder of the paragraphs accordingly. Section 1092.201(j) provides that the term “NMLS” means the Nationwide Multistate Licensing System. As the NMLS's website explains, the NMLS is the system of record for non-depository financial services licensing or registration for participating State agencies. The NMLS is overseen and operated by the State Regulatory Registry LLC, which was established by the Conference of State Bank Supervisors in cooperation with the American Association of Residential Mortgage Regulators.

NMLS Resource Center, About NMLS, https://mortgage.nationwidelicensingsystem.org/about/Pages/default.aspx.

Id.

Section 1092.201(k) NMLS-Published Covered Order

Proposed Rule

The proposal did not contain an express alternative registration option for covered orders published on the NMLS Consumer Access website.

Comments Received

See the section-by-section discussion of § 1092.203(a) below for a discussion of comments received regarding duplication of the proposed registry with the NMLS and discussing or requesting an exemption for orders that are already published on NMLS Consumer Access or otherwise available to other regulators via NMLS, and the Bureau's responses thereto.

Final Rule

The Bureau is finalizing a new paragraph (k) to § 1092.201 and is renumbering the remainder of the paragraphs accordingly. Section 1092.201(k) provides that the term NMLS-published covered order generally means a covered order that is published on the NMLS Consumer Access website, www.NMLSConsumerAccess.org.

For the reasons discussed in the section-by-section discussion of § 1092.203 below, this section would further provide that no covered order issued or obtained at least in part by the Bureau shall be an NMLS-published covered order. Thus, where the Bureau has issued a covered order, or has obtained a covered order from a court, that covered order will not be an NMLS-published covered order under the final rule. Covered nonbanks must comply with the requirements of § 1092.202 and (where applicable) § 1092.204 with respect to such Bureau orders, and may not elect to comply with the one-time registration option described in § 1092.203 with respect to such Bureau orders.

Section 1092.201(l) Order

Proposed Rule

The proposal would have defined the term “order” to include any written order or judgment issued by an agency or court in an investigation, matter, or proceeding. The Bureau explained that the term would have included orders or judgments issued after trials or agency hearings. It would also have included default judgments or orders issued after an entity fails to properly respond to charges or claims made against it. In addition, it would have included orders or judgments issued to resolve matters without the need for further litigation, including stipulated or consent orders, decrees, or judgments, as well as settlements, multistate settlements, or assurances of discontinuances embodied in orders or judgments issued by agencies or courts. Furthermore, the term would have included cease-and-desist orders and orders suspending, conditioning, or revoking a license based on a violation of law. The proposed definition would also have included legally enforceable written agreements under sections 8 and 50 of the Federal Deposit Insurance Act or any State counterparts.

12 U.S.C. 1818, 1831aa.

The Bureau explained that the proposed definition of the term “order” would have included an order or judgment issued by one agency or a single order or judgment jointly issued by multiple agencies. However, where more than one agency issues a distinct order under its own authority, or a court issues distinct orders with respect to the different parties in connection with various actions or proceedings, even where the orders involve the same subject matter or laws, each order would have been considered a separate order under the proposed definition.

Comments Received

An industry commenter stated that the Bureau should limit the number of times a single instance of a violation needs to be reported where multiple agencies issue orders based on the same facts. The commenter stated that entities should only need to submit to the NBR system one order per violation to avoid reporting multiple listings for one incident in a multi-State enforcement action, and that this approach would not deprive the public or the Bureau of any information, since under the proposed rule registered entities would already need to identify the government entity that issued the order.

Response to Comments Received

In response to the industry commenter, if multiple agencies join a single order, that order would be the only “covered order” requiring registration under the final rule. However, if multiple agencies issue distinct and different orders in connection with the same facts or matter, each such order (if it satisfies the other criteria established by the final rule) would be a distinct “covered order” that would require separate registration (and, where applicable, designation of an attesting executive and submission of a written statement under § 1092.204).

The Bureau declines to adopt the commenter's suggestion to treat multiple orders as a single order under certain circumstances. As stated in the notice of proposed rulemaking, the Bureau “anticipates that agency and court orders will vary widely in form and content, depending in part on such matters as the relevant individual laws being enforced, the historical practices of the various enforcement agencies, and the negotiations and facts and circumstances underlying specific orders.” The Bureau anticipates that such orders will often contain different findings of fact and law, impose different obligations, and otherwise contain meaningful differences such that requiring registration of each such order would be useful to the Bureau and other users of the nonbank registry. Also, permitting certain orders to be treated as a single order would create unnecessary complexity and confusion for registrants and other users of the nonbank registry. Among other things, the final rule would have to establish which orders would be sufficiently similar to warrant such treatment. The Bureau declines to require such determinations as part of the registration process.

88 FR 6088 at 6111.

Final Rule

For the reasons set forth above, the Bureau is finalizing § 1092.201(j) (renumbered as § 1092.201(l)) as proposed.

Section 1092.201(m) Public

Proposed Rule

The proposal would have defined the term “public” to mean, with respect to a covered order or any portion thereof, published by the issuing agency or court, or required by any provision of Federal or State law, rule, or order to be published by the issuing agency or court. The proposal would have clarified that the term “public” does not include orders or portions of orders that constitute confidential supervisory information of any Federal or State agency.

The Bureau explained that the proposed term would have included orders that are actually published by the issuing agency or court, as well as orders that are required by any provision of Federal or State law, rule, or order to be published by the issuing agency or court. For example, section 8(u) of the Federal Deposit Insurance Act requires the publication of certain types of Federal banking agency orders. The proposed definition was intended to include those orders, as well as those required to be published by any other similar Federal or State law.

12 U.S.C. 1818(u).

The Bureau explained that, under the proposal, an order would only be “public” if it has been released or disseminated (or is required to be released or disseminated) in a manner such that the order is accessible by the general public—for example, by posting the order on a publicly accessible website or by publishing it in a written format generally available to members of the public. The proposed term, however, would not have included documents that are not made generally available but are disclosed to specific persons, such as in response to Federal or State Freedom of Information Act or open records law requests or as part of litigation discovery proceedings. Under the proposal, an order also would have only qualified as “public” if it is published (or required to be published) “by the issuing agency or court.” Therefore, independent publication by a third party, such as publication that may occur in connection with a covered person's securities disclosures, would not make an order “public” within the meaning of the proposal. The Bureau did not anticipate that requiring registration of orders disclosed only through such methods as freedom-of-information requests or securities disclosures would materially improve the quantity and quality of the information provided to the nonbank registry. To the contrary, the Bureau anticipated that third-party disclosures in the securities context, or pursuant to freedom-of-information requests, may sometimes fail to capture all significant aspects of an order. The Bureau was also concerned that if such types of disclosures were included in the final rule, subpart B's registration requirements might affect an entity's decisions regarding securities or litigation disclosures in a manner not intended by the Bureau.

By contrast, the Bureau explained, an order would qualify as “public” where the issuing agency or court makes the order available to a third-party printing service or reporter for the purpose of publishing the order in a publicly available format.

The proposed term would have excluded orders or portions of orders that constitute confidential supervisory information of any Federal or State agency. The Bureau was concerned that requiring registration and disclosure of confidential supervisory information might interfere with the functions and missions of other agencies and did not believe that requiring such registration and disclosure was necessary to accomplish the purposes of the proposed rule. The Bureau noted that such agencies may rely on confidential communications with covered nonbanks in order to, for example, foster full cooperation between those institutions and their regulators and to protect those institutions and the public from harm that could result from the disclosure of agency concerns regarding the integrity and security of these institutions. The proposed definition would have therefore expressly excluded confidential supervisory information. Where an order is not clearly marked or otherwise designated by the regulator as confidential supervisory information, the Bureau would have expected the entity to have confirmed the confidential supervisory information status of any order or portion of an order with its regulator before relying on that status in connection with the proposed subpart B's registration requirements.

Comments Received

A Tribal commenter stated that although many State agency orders are publicly available, this is not the case for State court orders, and requested that the Bureau clarify this proposed definition.

An industry commenter stated that the proposal's requirement to submit redacted orders would confuse the public, and that in cases where a portion of a covered order is redacted or confidential, the whole order should stay off the registry.

Response to Comments Received

In response to the Tribal commenter, the Bureau believes that this definition clearly describes the term “public” with respect to orders that are issued by State courts as well as other orders that may be issued or obtained by a Federal agency, State agency, or local agency, as described in § 1092.201(e)(1)(i). As detailed in the above description of the proposal, an order (or a portion of an order) issued by a State court would only be “public” if it has been released or disseminated (or is required to be released or disseminated) in a manner such that the order (or portion thereof) is accessible by the general public—for example, by posting the order (or portion thereof) on a publicly accessible website or by publishing it in a written format generally available to members of the public. If the issuing court (including a State court) or agency does not publish an order (or portion thereof) in this way, and the order (or portion thereof) is not required to be so published, then the order (or portion thereof) is not “public” under the definition. On the other hand, if the issuing court or agency does publish an order (or portion thereof) in this way, or the order (or portion thereof) is required to be so published, then the order (or portion thereof) is “public” under the definition. The Bureau declines to further narrow or otherwise amend this definition, as it concludes the definition as finalized will help ensure that the registry will obtain adequate information regarding relevant orders to achieve the registry's objectives.

Under the final rule, registrants should submit only the public portions of covered orders. The Bureau believes that both submission of and publication of public portions of such orders, and only public portions of such orders, will best serve the purposes of the registry. The Bureau disagrees that either the submission of or the publication of redacted orders will confuse the public or other users of the nonbank registry, especially considering that the unredacted portions of orders submitted to the Bureau will, by definition, already be published (or required to be published) elsewhere. As discussed in the section-by-section discussion of § 1092.201(e) above, the Bureau is excluding from the rule's information collection requirements nonpublic portions of orders in order to help protect the confidential processes of other agencies, including their supervisory processes. But the Bureau believes that the other portions of such orders remain relevant and should be collected and potentially published under the final rule.

In the proposal, the Bureau considered requiring covered nonbanks to submit to the Bureau portions of orders that constitute confidential supervisory information under proposed § 1092.202, but then exempting those confidential portions from publication under proposed § 1092.204. See88 FR 6088 at 6114. The Bureau finalizes its preliminary conclusion in the proposal that the administrative burden associated with implementing such an approach likely outweighs the advantage of collecting such confidential portions of orders under the proposed rule. See id. The Bureau notes that it can use other mechanisms to obtain confidential supervisory information from other regulators in appropriate cases.

Final Rule

For the reasons set forth below above and as follows, the Bureau is finalizing § 1092.201(k) (renumbered as § 1092.201(m)) as proposed, with revisions to provide that the term “public” (1) encompasses covered orders required to be published by the issuing agency or court under any provision of local law, rule, or order, and (2) does not include orders or portions of orders that constitute confidential supervisory information of any local agency. The Bureau is finalizing these revisions to reflect that under § 1092.201(e)(1)(i), covered orders can be issued or obtained by local agencies, which may operate under local laws, rules, or orders regarding publication requirements, and which might claim to have “confidential supervisory information.”

201(n) Registered Entity

Proposed Rule

The proposal would have defined the term “registered entity” to mean any person registered or required to be registered under proposed subpart B. The Bureau explained that, under the proposal, entities that fail to comply with a requirement to register under proposed subpart B would have nonetheless still been subject to all of the requirements applicable to registered entities under proposed subpart B. If such an entity were a supervised registered entity, it would have also been subject to the requirements applicable to a supervised registered entity under proposed subpart B.

Comments Received and Final Rule

The Bureau did not receive any comments specifically regarding proposed § 1092.201(l)'s definition of “registered entity.” For the reasons set forth in the description of the proposed rule above, the Bureau is finalizing § 1092.201(l) (renumbered as § 1092.201(n)) as proposed.

Section 1092.201(o) Remain(s) In Effect

Proposed Rule

The proposal would have defined the terms “remain in effect” and “remains in effect” to mean, with respect to any covered order, that the covered nonbank remains subject to public provisions that impose obligations on the covered nonbank to take certain actions or to refrain from taking certain actions based on an alleged violation of a covered law.

Proposed § 1092.202(a) would have used this proposed term in defining the scope of proposed § 1092.202's registration requirement. Proposed § 1092.202(f) would have used this proposed term in specifying when a covered nonbank would be required to submit a final filing to the NBR system and would be permitted to cease updating its registration information and filing written statements with respect to a covered order.

Comments Received and Final Rule

The Bureau did not receive any comments specifically regarding proposed § 1092.201(m)'s definition of “remain(s) in effect.” For the reasons set forth in the description of the proposed rule above, the Bureau is finalizing § 1092.201(m) (renumbered as § 1092.201(n)) as proposed.

Section 1092.201(p) State Agency

Proposed Rule

The proposal would have defined the term “State agency” to mean the attorney general (or the equivalent thereof) of any State and any other State regulatory or enforcement agency or authority. The Bureau intended this definition to encompass all State government officials and regulators authorized to bring actions to enforce any covered law, including actions to enforce the CFPA's provisions or regulations issued under the CFPA pursuant to CFPA section 1042(a)(1). The term would also have included regulatory or enforcement agencies of certain Tribal governments that are included in the CFPA's definition of the term “State.”

12 U.S.C. 5552(a)(1).

See12 U.S.C. 5481(27) (defining “State” to include “any federally recognized Indian tribe, as defined by the Secretary of the Interior under” 25 U.S.C. 5131(a)).

Comments Received and Final Rule

The Bureau did not receive any comments specifically regarding proposed § 1092.201(n)'s definition of “State agency.” For the reasons set forth in the description of the proposed rule above, the Bureau is finalizing § 1092.201(n) (renumbered as § 1092.201(o)) as proposed.

Section 1092.201(q) Supervised Registered Entity

Proposed Rule

The proposal would have defined the term “supervised registered entity” to mean a registered entity that is subject to supervision and examination by the Bureau pursuant to CFPA section 1024(a), with certain exceptions. The Bureau explained that the CFPA authorizes the Bureau to require reports and conduct examinations of certain persons, as described in CFPA section 1024(a)(1)(A)-(E); the proposed term would have referred to a registered entity that is subject to supervision and examination by the Bureau pursuant to any of those provisions.

12 U.S.C. 5514(a).

The Bureau explained that an affiliate of an insured depository institution that is subject to examination and supervision by the Bureau under 12 U.S.C. 5515(a) would not be included in the proposed definition of supervised registered entity, where the affiliate is not subject to examination and supervision by the Bureau under 12 U.S.C. 5514(a). See12 U.S.C. 5514(a)(3)(A) (providing that 12 U.S.C. 5514 shall not apply to persons described in 12 U.S.C. 5515(a) or 5516(a)).

The Bureau explained that the proposal would not increase the number of entities subject to Bureau examinations or otherwise modify the scope of the Bureau's supervisory jurisdiction.

For purposes of proposed § 1092.201(o), the proposal would have clarified that the term “subject to supervision and examination by the Bureau pursuant to CFPA section 1024(a)” would include an entity that qualifies as a larger participant of a market for consumer financial products or services under any rule issued by the Bureau pursuant to CFPA section 1024(a)(1)(B) and (a)(2) (providing Bureau supervisory authority over larger participants in certain markets as defined by Bureau rule), or that is subject to an order issued by the Bureau pursuant to CFPA section 1024(a)(1)(C) (providing Bureau supervisory authority over certain nonbank covered persons based on risk determination). The Bureau proposed this language only to clarify and make express that such persons would be included in the proposed definition of the term supervised registered entity. The Bureau explained that it was not proposing by means of this language to limit the scope of the term “supervised registered entity.”

Under the proposed definition of “supervised registered entity,” the Bureau explained that it need not have previously exercised its authority to require reports from, or conduct examinations of, a particular registered entity for that entity to qualify as a supervised registered entity. A registered entity would have qualified as a supervised registered entity if the Bureau could require reports from, or conduct examinations of, that entity because it is a person described in CFPA section 1024(a)(1). Such an entity would have been “subject to supervision and examination” within the meaning of the proposal even if the Bureau has never previously exercised its authority to require reports or conduct examinations with respect to that entity.

The Bureau explained that persons would be subject to the proposal's requirements applicable to “supervised registered entities” so long as they satisfy the proposed definition of that term. The Bureau recognized that certain entities may, in certain circumstances, satisfy the definition only for a limited period of time. For example, the Bureau noted that an entity's activity levels may change in such a manner as to cause the entity to cease to qualify as a larger participant of a market for consumer financial products and services as defined by CFPA section 1024(a)(1)(B) and 12 CFR part 1090, or an entity may cease to be a person subject to Bureau supervision under CFPA section 1024(a)(1)(C) and 12 CFR part 1091. An entity would have been required to comply with the proposal's requirements applicable to “supervised registered entities” so long as it qualifies as such an entity, but not once it ceases to so qualify. Thus, for example, the Bureau explained that depending upon the timing of events, a supervised registered entity might be required to register with, and submit information to, the NBR system under proposed § 1092.202 but not subsequently submit a written statement under proposed § 1092.203 if it ceases to qualify as a supervised registered entity before § 1092.203(d)'s submission deadline.

The Bureau explained that such a determination would be made under the provisions of 12 CFR part 1090. See, e.g., 12 CFR 1090.102 (providing that “[a] person qualifying as a larger participant under subpart B of [12 CFR part 1090] shall not cease to be a larger participant under [12 CFR part 1090] until two years from the first day of the tax year in which the person last met the applicable test under subpart B”).

The Bureau explained that such a determination would be made under the provisions of 12 CFR part 1091. See, e.g.,12 CFR 1091.113 (regarding petitions for termination of an order issued under 12 CFR 1091.109).

The Bureau believed that applying proposed § 1092.203's requirements to supervised registered entities so long as they satisfy the proposed definition of that term, even if they do so for limited periods of time, would serve its goals in imposing such requirements, as described in section IV(D) of the proposal. The Bureau did not believe that it should exempt, or otherwise distinguish for purposes of the proposal, entities that are subject to supervision under CFPA section 1024(a) for limited periods of time. The Bureau believed that it is important to obtain reports from such supervised registered entities under proposed § 1092.203 for the reasons discussed in section IV(D) of the proposal, including to ensure they are legitimate entities and able to perform their obligations to consumers, to detect and assess risks to consumers related to entities subject to Bureau supervision, and to facilitate its assessments in connection with its risk-based supervisory program under CFPA section 1024(b)(2). In addition, the Bureau explained that requiring regular submission of written statements from such entities would assist the Bureau in determining whether the entity should continue to be subject to Bureau supervision under CFPA section 1024(a)(1)(C), for example. However, the Bureau preliminarily concluded that obtaining such written statements from entities that are no longer subject to the Bureau's supervision and examination authority under CFPA section 1024(a) is not necessary to serve these purposes.

The Bureau is adopting the proposal's approach to this issue in the final rule and finalizes its preliminary conclusion to this effect.

The Bureau explained that its proposed approach to applying the term “supervised registered entity” would also have extended to the recordkeeping requirements proposed in § 1092.203(e). Proposed § 1092.203(e) would have required a supervised registered entity to maintain certain documents and other records for five years after the submission of a written statement is required, and to make such documents and other records available to the Bureau upon request. The Bureau explained that, once a supervised registered entity ceased to qualify as a supervised registered entity under proposed § 1092.201(o), it would no longer have been subject to § 1092.203(e)'s requirement to maintain and provide such records. (The Bureau noted that the entity may nevertheless be subject to other requirements to maintain and provide such records, where such requirements are imposed by Federal consumer financial law or other applicable law.) The Bureau further explained that if, because of a change in circumstances, the entity later once again qualifies as a supervised registered entity, the entity would once again have become subject to proposed § 1092.203(e)'s recordkeeping requirement, but only as to conduct undertaken to comply with proposed § 1092.203 that occurs after the entity requalifies as a supervised registered entity.

The proposal would have provided that the term “supervised registered entity” would not include a service provider that is subject to Bureau examination and supervision solely in its capacity as a service provider and that is not otherwise subject to Bureau supervision and examination. The Bureau noted that CFPA section 1024(e) authorizes the Bureau to exercise supervisory authority with respect to a service provider to a person described in CFPA section 1024(a)(1). Additionally, CFPA sections 1025(d) and 1026(e) authorize the Bureau to exercise supervisory authority with respect to certain other service providers. The Bureau explained that this provision of the proposed definition clarifies that the term “supervised registered entity” would not have included a registered entity that is subject to Bureau examination and supervision solely in its capacity as a service provider under any of these provisions. However, the Bureau explained, the term supervised registered entity would have included a registered entity if the registered entity is otherwise subject to Bureau supervision and examination under CFPA section 1024(a)— i.e., if the registered entity is a person that is described in CFPA section 1024(a)(1)—even if the registered entity is also a service provider for some purposes under the CFPA. The Bureau preliminarily concluded that, at least in the first instance, the requirements set forth in proposed § 1092.203 are best directed at persons described in CFPA section 1024(a). The Bureau believed that it could achieve the anticipated benefits described above without extending its coverage to service providers subject to supervision under CFPA section 1024.

12 U.S.C. 5514(e).

12 U.S.C. 5515(d), 5516(e).

As discussed above, entities that are service providers may nevertheless also be covered persons under the CFPA.

Proposed § 1092.201(o)(2) would have provided that the term “supervised registered entity” would not include a motor vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, within the meaning of 12 U.S.C. 5519(a), except to the extent such a person engages in functions that are excepted from the application of CFPA section 1029(a) as described in CFPA 1029(b). Proposed § 1092.201(e), discussed above, would have further provided that the only orders issued to such motor vehicle dealers that would subject the dealer to the requirements of proposed §§ 1092.202 and 1092.203 would be those issued in connection with the functions that are excepted from the application of CFPA section 1029(a) as described in CFPA 1029(b).

12 U.S.C. 5519 (“Exclusion for Auto Dealers”). The Bureau explained that, as with other supervised registered entities, the motor vehicle dealer would only qualify as a “supervised registered entity” if it were subject to the Bureau's supervisory jurisdiction under 12 U.S.C. 5514(a). Technically, the Bureau noted, the exclusion in proposed § 1092.201(o)(2) should be unnecessary because it is identical to the proposed exclusion from the definition of “covered nonbank” in proposed § 1092.201(d)(4), and only covered nonbanks can qualify as supervised registered entities. Nevertheless, the Bureau proposed § 1092.201(o)(2) to reiterate that the exclusion described in proposed § 1092.201(d)(4) also limits which entities qualify as “supervised registered entities.”

Proposed § 1092.201(o)(3) would have provided that the term “supervised registered entity” would not include a person that qualifies as a covered person based solely on conduct that is the subject of, and that is not otherwise exempted from, an exclusion from the Bureau's supervisory authority under CFPA section 1027. The Bureau explained that this proposed component of the term “supervised registered entity” would have been similar to a component in the proposed definition of the term “covered nonbank,” as discussed in more detail in the section-by-section discussion of proposed § 1092.201(d), above. However, while proposed § 1092.201(d) would have described exclusions from the Bureau's rulemaking authority, proposed § 1092.201(o)(3) would have described exclusions from the Bureau's supervisory authority. This provision would have clarified that persons excluded from the supervisory authority of the Bureau under one or more of the provisions of section 1027 of the CFPA would not be “supervised registered entities.” However, where the CFPA provides that any of the activities engaged in by such persons are subject to the Bureau's supervisory authority, the Bureau noted that this limitation would not have excluded the person from qualifying as a “supervised registered entity.” For example, the Bureau noted, CFPA section 1027( l )(1) provides an exclusion from the Bureau's supervisory authority for certain persons engaging in certain activities relating to charitable contributions. Under the proposal, a person would not have been deemed a “supervised registered entity” if it qualifies for this statutory exclusion and is not otherwise exempt from it. But CFPA section 1027( l)(2) exempts certain activities from this statutory exclusion by providing that “the exclusion in [CFPA section 1027( l)(1)] does not apply to any activities not described in [CFPA section 1027( l )(1)] that are the offering or provision of any consumer financial product or service, or are otherwise subject to any enumerated consumer law or any law for which authorities are transferred under subtitle F or H.” Under proposed § 1092.201(o), an entity described in CFPA section 1027( l)(1) engaging in the activities described therein would have qualified as a “supervised registered entity” so long as it also engages in any of the activities described in CFPA section 1027( l)(2). And, as a “supervised registered entity” under the proposed § 1092.201(o), such entity would have been subject to all of proposed § 1092.203's requirements applicable to “supervised registered entities” with respect to any “covered order,” regardless of whether the applicable “covered order” addressed conduct subject to the statutory exclusion in CFPA section 1027( l)(1).

12 U.S.C. 5517.

12 U.S.C. 5517( l)(1) (“Exclusion for Activities Relating to Charitable Contributions”).

12 U.S.C. 5517( l)(2).

Finally, proposed § 1092.201(o)(4) would have provided that the term “supervised registered entity” would not include a person with less than $1 million in annual receipts. The exclusion would have been based on the receipts resulting from offering or providing all consumer financial products and services described in CFPA section 1024(a). The Bureau proposed to define the term “annual receipts” to have the same meaning as it has in § 1090.104(a) of the Bureau's regulations, including the provisions of that definition at paragraph (i) regarding receipts, paragraph (ii) regarding period of measurement, and paragraph (iii) regarding annual receipts of affiliated companies. The Bureau proposed the exclusion in proposed § 1092.201(o) for two reasons. First, the Bureau noted that providers of consumer financial products and services with significantly lower levels of receipts generally pose lower risks because they engage with fewer consumers, obtain less money from those consumers, or both. Second, the Bureau explained that the information collection burdens on entities with receipts of $1 million or less, on a relative basis, generally would be higher than for larger entities.

12 U.S.C. 5514(a).

12 CFR 1090.104(a).

The Bureau noted that the proposed exclusion from the definition of “supervised registered entity” based on volume of annual receipts would have also been consistent with the CFPA's requirement that the Bureau take entity size into account as part of its risk-based supervision program. Accordingly, the Bureau proposed to exclude persons with less than $1 million in annual receipts from the proposed annual reporting requirements applicable to supervised registered entities under proposed § 1092.203.

However, the Bureau did not propose to exclude such smaller entities from the information-collection requirements provided in proposed § 1092.202. The Bureau believed that the limited burden that would be imposed on such entities due to such information-collection requirements would be warranted in light of the market-monitoring benefits to the Bureau and other users of the NBR system. The Bureau explained that it could evaluate the need for additional supervisory attention related to a smaller supervised nonbank based on its submissions under proposed § 1092.202 and any additional information at its disposal. As discussed in section IV of the proposal and the section-by-section discussion of proposed § 1092.202, those submissions would have provided additional information relevant to the Bureau's assessments of risk in connection with its prioritization efforts under CFPA section 1024(b)(2).

12 U.S.C. 5514(b)(2).

Comments Received

A consumer advocate commenter objected to proposed § 1092.201(o)(1), which would have provided that the term “supervised registered entity” does not include a service provider that is subject to Bureau examination and supervision solely in its capacity as a service provider and that is not otherwise subject to Bureau supervision and examination. The consumer advocate commenter stated that third party service providers can present risk even when they are not supervised by the Bureau.

Industry commenters stated that the Bureau should raise the $1 million amount described in proposed § 1092.201(o)(4), which would have excluded from the definition of “supervised registered entity” a person with less than $1 million in annual receipts resulting from offering or providing all consumer financial products and services described in 12 U.S.C. 5514(a). Commenters stated that the proposed $1 million annual receipts amount was essentially meaningless because it would not exclude most nonbanks, and in particular that the proposed $1 million annual receipts amount was unlikely to exclude a meaningful number of mortgage lenders and mortgage servicers. An industry commenter also stated that the proposed $1 million annual receipts amount was contrary to CFPA section 1024(b)(2)'s requirements regarding the Bureau's risk-based supervision program for nonbanks.

12 U.S.C. 5514(b)(2).

A consumer advocate commenter stated that the Bureau should eliminate the exception described at proposed § 1092.201(o)(4) and instead require written statements from all entities that otherwise would qualify as “supervised registered entities.” The commenter stated that the Bureau had not explained why the written-statement requirements should not be as expansive as the Bureau's supervisory authority, that smaller companies were likely to present risks to consumers, and that they were less likely to have sophisticated internal controls.

Commenters stated that the proposal was insufficiently clear with respect to the obligations of affiliates of insured depository institutions and insured credit unions to comply with the proposed rule's written-statement requirements. Industry commenters stated that such affiliates should not be required to comply with such requirements, and an industry commenter requested that the text of the final rule include an express exception for affiliates subject to Bureau supervision under CFPA section 1025(a). A consumer advocate commenter stated that the rule should clearly include banks and bank affiliates, including holding companies and the nonbank subsidiaries of bank holding companies, and that the Bureau should take as expansive of a view as possible of the registry's reach.

12 U.S.C. 5515(a).

Response to Comments Received

The Bureau declines to extend the written statement requirement to service providers that are subject to Bureau examination and supervision solely in their capacity as service providers and that are not otherwise subject to Bureau supervision and examination. The Bureau also declines to extend the rule's requirements, including the written statement requirement, to service providers that do not qualify as “covered persons” under CFPA section 1002(6). The Bureau finalizes its preliminary conclusion in the notice of proposed rulemaking that, at least in the first instance, the requirements of the rule are best directed at covered persons, and the written-statement requirements set forth in § 1092.204 are best directed at persons described in CFPA section 1024(a). The Bureau currently believes that it likely can achieve the anticipated benefits detailed in the description of the proposed rule above without extending the final rule's coverage to service providers per se. The Bureau notes that the scope of the final rule would also need to be modified significantly from the proposed rule in order to require service providers that do not qualify as “covered persons” to register with the nonbank registry and file written statements. Among other things, many of the service providers subject to the Bureau's jurisdiction are not “covered persons” as defined by CFPA section 1002(6), and therefore would be neither “covered nonbanks” as defined by § 1092.201(d) nor “supervised registered entities” as defined by § 1092.201(q). Further, the Bureau is likely to obtain information regarding service providers from the information that will be collected under the final rule as well as its supervisory reviews of supervised registered entities. To the extent the Bureau becomes aware of service providers that may present risk to consumers, it may obtain additional information under its existing statutory authorities, including its supervisory authorities with respect to service providers that are subject to the Bureau's supervisory and examination authority under the CFPA.

12 U.S.C. 5481(26) defines the term “service provider” for the purposes of the CFPA.

88 FR 6088 at 6115.

As discussed above, entities that are service providers may nevertheless also be covered persons under the CFPA. For example, a service provider that acts as a service provider to its covered person affiliate would itself be deemed to be a covered person as provided in 12 U.S.C. 5481(6)(B), and thus would qualify as a “covered nonbank” under § 1092.201(d) if the other criteria of that definition are satisfied.

See12 U.S.C. 5514(e), 5515(d), 5516(e).

The Bureau is adopting a revision to proposed § 1092.201(q)(4), which will exclude from the rule's definition of “supervised registered entity,” and thus from the rule's written-statement requirements under § 1092.204, persons with less than $5 million in annual receipts resulting from offering or providing all consumer financial products and services described in 12 U.S.C. 5514(a). This revised $5 million amount described at § 1092.201(q)(4) represents an increase from the $1 million annual receipts amount for this exclusion that was described in the proposed rule. The Bureau concludes that increasing the amount of the exclusion, while still imposing the written-statement requirements described at § 1092.204 on supervised registered entities with $5 million or more in annual receipts as described, will allow the Bureau to achieve the objectives of the written-statement requirements while reducing burden on smaller entities.

The Bureau declines to adopt the consumer advocate commenter's suggestion to eliminate the § 1092.201(q)(4) exception entirely from the definition of “supervised registered entity.” As described above and in the notice of proposed rulemaking, providers of consumer financial products and services with significantly lower levels of receipts generally pose lower risks overall because they engage with fewer consumers, obtain less money from those consumers, or both. And the information-collection burdens on entities with applicable annual receipts of less than $5 million, on a relative basis, generally would be higher than for larger entities. In addition, imposing the annual written-statement requirements on such smaller entities would impose additional administrative costs on the Bureau. The Bureau believes that applying the written-statement requirements to “supervised registered entities” as defined at § 1092.201(q) will strike the appropriate balance in terms of obtaining information that is useful to the Bureau without imposing undue burdens on either industry or the Bureau. However, for the reasons stated in the description of the proposal above and the section-by-section discussion of § 1092.201(d) above, the final rule does not exclude such smaller entities from the information-collection requirements provided in § 1092.202.

88 FR 6088 at 6116.

As described above and in the notice of proposed rulemaking, the Bureau had proposed the § 1092.201(o) exclusion from the definition of “supervised registered entity” based on volume of applicable annual receipts precisely because such an exclusion would also be consistent with the CFPA's requirement that the Bureau take entity size into account as part of its risk-based supervision program under CFPA 1024(b)(2). The $5 million annual receipts amount for the exclusion adopted in the final rule will likewise be consistent with this CFPA requirement.

88 FR 6088 at 6116.

See12 U.S.C. 5514(b)(2)(A), (B) (requiring the Bureau to take into consideration “the asset size of the covered person” and “the volume of transactions involving consumer financial products or services in which the covered person engages”). Furthermore, while the Bureau does not believe that it needs to rely on its authority under 12 U.S.C. 5512(b)(3) to exempt classes of covered persons from rules in proposing this small-entity exclusion, the Bureau believes that the exclusion would be warranted as an exercise of its section 1022(b)(3) exemption authority, to the extent that provision is applicable. See12 U.S.C. 5512(b)(3). As under 12 U.S.C. 5514(b)(2), an entity-size-based exclusion accords with 12 U.S.C. 5512(b)(3)(B)(i) and (ii), which instruct the Bureau to consider “the total assets of the class of covered persons” and “the volume of transactions . . . in which the class of covered persons engage” in issuing exemptions. 12 U.S.C. 5512(b)(3)(B)(i)-(ii). In addition, given the relatively smaller scope of the harm to consumers that entities with annual receipts not exceeding $5 million would generally be able to cause when compared with entities with annual receipts exceeding that threshold, the Bureau does not believe that on balance the factor articulated in 12 U.S.C. 5512(b)(3)(B)(iii) (“existing provisions of law which are applicable to the consumer financial product or service and the extent to which such provisions provide consumers with adequate protection”) weighs against adopting the proposed small-entity exclusion.

With respect to the industry commenters' specific concerns regarding burden on mortgage lenders and mortgage servicers, the Bureau further notes that, under the final rule, such supervised registered entities will no longer be required to file written statements with respect to NMLS-published covered orders as defined at § 1092.201(k) if they elect the one-time registration option set forth in § 1092.203. In addition to the change being adopted to § 1092.201(q)(4), § 1092.203 will further reduce, perhaps substantially, the number of mortgage lenders and mortgage servicers that will be required to comply with the rule's written-statement requirements.

See below for discussion of the application of § 1092.201(q) to affiliates of insured depository institutions and insured credit unions.

Final Rule

For the reasons set forth above and below, the Bureau is finalizing § 1092.201(o) (renumbered as § 1091.201(q)) as proposed, with minor technical edits and a clarification described below regarding the application of this section to affiliates of an insured depository institution or insured credit union with total assets of more than $10,000,000,000 ($10 billion), as well as a revision to clarify how annual receipts are calculated under § 1091.201(q)(4).

In response to comments, the Bureau clarifies the application of § 1092.201(q)'s definition of “supervised registered entity” to affiliates of insured depository institutions and insured credit unions. The final rule defines the term “supervised registered entity” as “a registered entity that is subject to supervision and examination by the Bureau pursuant to 12 U.S.C. 5514(a)” (subject to certain exceptions). CFPA section 1024(a)—which is codified as 12 U.S.C. 5514(a)—encompasses section 1024(a)(3)(A), which provides that “[t]his section shall not apply to persons described” in section 1025(a) or 1026(a). Section 1025(a) grants the Bureau supervisory authority over insured depository institutions and insured credit unions with more than $10 billion in total assets, as well as “any affiliate thereof.” Therefore, because affiliates of such very large insured depository institutions and insured credit unions are included within the scope of section 1025(a), and thus are excluded from the scope of section 1024(a) via section 1024(a)(3)(A), affiliates of insured depository institutions and insured credit unions with more than $10 billion in total assets do not qualify as “supervised registered entities” under the final rule. That is the case even if the affiliate offers or provides consumer financial products and services described in CFPA section 1024(a)(1). For example, a bank holding company, savings and loan holding company, or subsidiary of a bank or savings association that is an affiliate of an insured depository institution or insured credit union with total assets of more than $10 billion is not covered by the definition of “supervised registered entity,” even if it offers or provides consumer financial products or services described in CFPA section 1024(a)(1), such as mortgage lending. Such an affiliate is not subject to the final rule's written-statement requirements even if it is a “covered nonbank.”

12 U.S.C. 5514(a)(3)(A).

12 U.S.C. 5515(a).

Such an affiliate would still be subject to the final rule's other requirements applicable to covered nonbanks, including § 1092.202's requirements to register covered orders. See the section-by-section discussion of § 1092.201(d) above.

By contrast, CFPA section 1026(a), which addresses Bureau authority over insured depository institutions and insured credit unions with $10 billion or less in total assets, makes no mention of “affiliates” of such entities. Section 1024(a)(3)(A) thus does not exclude affiliates of insured depository institutions and insured credit unions with $10 billion or less in total assets from the scope of section 1024(a). As a result, affiliates of such entities may qualify as “supervised registered entities,” unless an exception set forth in § 1092.201(q)(1) through (4) applies. With the above clarification of how the interlocking texts of § 1092.201(q) and CFPA sections 1024(a), 1025(a), and 1026(a) operate with respect to affiliates of insured depository institutions and insured credit unions, the Bureau concludes that no revisions to the text of § 1092.201(q) are required to address this issue.

The Bureau is finalizing this approach to affiliates of insured depository institutions and insured credit unions for several reasons. First, the Bureau is issuing the final rule in part based on its authority under CFPA section 1024(b)(7)(A)-(C). As explained above, CFPA section 1024(a)(3)(A) provides that CFPA section 1024 shall not apply to persons described in CFPA section 1025(a), including affiliates of insured depository institutions or insured credit unions with more than $10 billion in assets. Therefore, excluding such affiliates from the definition of “supervised registered entity” will help ensure that the written statement provisions of the final rule are consistent with the scope of CFPA section 1024. Second, while the Bureau might at some point consider collecting information from covered persons other than those described at CFPA section 1024(a), the Bureau believes that there is currently greater need to collect this information from such persons. The Bureau acknowledges the consumer advocate commenter's concerns regarding risks that may be posed to consumers by affiliates of insured depository institutions and insured credit unions, including affiliates of insured depository institutions and insured credit unions with total assets of more than $10 billion. These affiliate entities remain subject to the Bureau's supervisory and examination authority under CFPA section 1025, as well as other applicable Bureau authorities, and the Bureau may choose to utilize its supervisory and other authorities in monitoring and assessing such risks. Third, the Bureau concludes that exempting the affiliates of such very large insured depository institutions and insured credit unions from the final rule's written-statement requirements is consistent with its rationale for exempting insured depository institutions and insured credit unions from the scope of subpart B at this time.

The Bureau has also added to the final rule the new § 1092.201(q)(4)(ii). That provision clarifies that a person's receipts from offering or providing a consumer financial product or service subject to a larger participant rule under CFPA section 1024(a)(1)(B) count as receipts for purposes of the $5 million exclusion in § 1092.201(q)(4), regardless of whether the person qualifies as a larger participant. As described in the proposal, under § 1092.201(q)(4), the exclusion is based on the receipts resulting from offering or providing all consumer financial products and services described in CFPA section 1024(a). The new provision makes clear that such receipts include the receipts resulting from offering or providing any of the consumer financial products and services subject to a rule defining larger participant covered persons issued under CFPA section 1024(a)(1)(C) and (2), which for purposes of this exclusion are consumer financial products and services described in CFPA section 1024(a). For purposes of this exclusion, receipts that count toward determining larger participant status under a larger participant rule would count toward this exclusion, even if the person ultimately did not qualify as a larger participant. For example, a person may engage in offering or providing both consumer mortgages, private student loans, or payday loans, on the one hand, and consumer financial products or services identified in a larger participant rule, on the other hand. In that example, even if the person did not meet the threshold for larger participant status under the applicable larger participant rule, the receipts from offering or providing the consumer financial product or service covered by the larger participant rule still would count as receipts for purposes of this exclusion.

Section 1092.202 Registration and Submission of Information Regarding Covered Orders

Proposed § 1092.202 would have required covered nonbanks to register with the NBR system by timely submitting information to the NBR system regarding covered orders. The proposed section would have established requirements regarding the timing and content of information to be submitted.

The Bureau believed that requiring covered nonbanks to register with the NBR system would further the objectives of proposed subpart B even in the event the Bureau were not to finalize proposed requirements that supervised registered entities submit written statements as described in proposed § 1092.203. Proposed § 1092.202 would have applied to a broader set of entities than would proposed § 1092.203, and the Bureau believed that requiring registration of entities under proposed § 1092.202 would have provided independent benefit to the Bureau and to consumers.

The Bureau is finalizing § 1092.202 largely as proposed, with certain changes discussed in the analysis of particular paragraphs below. Below, the Bureau first addresses comments regarding the Bureau's legal authority to impose the requirements in § 1092.202 and then discusses § 1092.202's individual paragraphs.

Certain Comments Received Regarding the Bureau's Authority Under CFPA Section 1022 To Impose the Requirements in the Final Rule

Some commenters expressed the view that the Bureau is pursuing a novel and legally impermissible approach to its authorities under CFPA section 1022. Other commenters stated that the Bureau has statutory authority to issue the proposed rule under section 1022. The Bureau finalizes its conclusion that section 1022 authorizes the rule's registration and publication requirements. The Bureau discusses and responds to some of these comments together in this part for ease of reference. For further discussion of the market-monitoring requirements in the final rule and the Bureau's responses to comments received, see the section-by-section analysis below.

Commenters stated that the proposed registry was inconsistent with the Bureau's past practices, and that the Bureau's purported invocation of its CFPA section 1022(c) authority was actually for the purpose of using it to expand its supervisory authority over market participants under CFPA section 1024(a)(1)(C). An industry commenter argued that the proposal represented an attempt to eliminate a clear statutory firewall between the Bureau's market-monitoring authority and its enforcement function, and that it improperly relied upon the Bureau's authority under CFPA section 1022 to support its enforcement functions. The industry commenter stated that the CFPA distinguished the Bureau's enforcement powers under subtitle E of the CFPA from its market-monitoring authority under CFPA section 1022, and that unlike information gathered under CFPA 1022, information collected for enforcement purposes is subject to procedural safeguards under CFPA section 1052 and contemplates the use of civil investigative demands (CIDs) to determine whether there has been a violation of a law.

An industry commenter stated that the proposal did not provide any evidence that covered orders are probative of risk to consumers, stating that the proposal's statements about such risk were conclusory and not backed by documented research and facts, and that companies might actually present less risk because of the scrutiny that comes with being subject to an order. The industry commenter further stated that the proposal would effectively put covered nonbanks in a permanent penalty box, and that the proposal's premise that past violations are evidence of current risk of harm contravenes a fundamental rule of evidence under American law as established at Federal Rule of Evidence 404, which prohibits certain use of evidence of prior crimes.

A joint comment letter from State regulators stated that the proposal did not quantify the potential benefit to the Bureau's consumer education efforts, and suggested that the Bureau's belief that most consumers will not change their behavior due to the publication of the registry was inconsistent with the existence of such a benefit.

The Bureau's Response to Certain Comments Received Regarding the Bureau's Authority Under CFPA Section 1022 To Impose the Requirements in the Final Rule

The Bureau proposed to rely, in part, on its authorities in sections 1022(c)(1)-(4) and (7) for the collection and publication of applicable orders. As the Bureau stated in the notice of proposed rulemaking, the Bureau considers violations of consumer protection laws probative of “risks to consumers in the offering and provision of consumer financial products or services,” and that entities subject to public orders “may pose heightened and ongoing risks to consumers in the markets for those products and services.” More specifically, monitoring for such orders would allow the Bureau “to track specific instances of, and more general developments regarding, potential corporate recidivism,” which poses its own unique risks to consumers, and would improve the Bureau's ability to track enforcement trends by other regulators, enabling it to more efficiently deploy resources vis-à-vis other regulators. Parts III(B) and IV(A)-(C) above discuss in detail how this information will support the allocation of resources and detection of risks to consumers.

88 FR 6088 at 6091-6092.

Id. at 6092.

Some commenters argued for a narrower interpretation of section 1022(c)(4), contending that the Bureau's market-monitoring authorities cannot be used to impose a substantive requirement or are limited to gathering information about particular products, services and practices, or to one-off information gathering. In the view of some commenters, by requiring entities to provide information to the Bureau on an ongoing basis, the registry is inconsistent with past Bureau practice. One commenter pointed to section 1071 to argue that, had Congress wanted the Bureau to create a new database, it would have explicitly and clearly done so.

The narrow view of market-monitoring urged by these commenters is inconsistent with the text and structure of section 1022. First, contrary to commenters' suggestion that the Bureau's market-monitoring authority is limited to gathering information about particular products, services, and practices, nothing in CFPA section 1022(c) confines the Bureau to exercising its market-monitoring authority only on a piecemeal, product-by-product or service-by-service basis. In fact, section 1022 specifically commands the Bureau to monitor “developments in markets for . . . products or services,” not simply developments regarding particular products or services themselves. Further, section 1022(c)(4)(A) explicitly authorizes the Bureau to gather information “regarding the organization, business conduct, markets, and activities of covered persons and service providers.” Commenters rest their argument on the language of section 1022(c)(2), which contains an open-ended list of factors that the Bureau “may consider, among other factors,” when “allocating its resources to perform . . . monitoring.” Although these discretionary considerations are identified by reference to “consumer financial products or services,” this language does not function as a procedural requirement for the Bureau to proceed on a product-by-product, service-by-service, or even market-by-market basis when it uses its market-monitoring authority.

12 U.S.C. 5512(c)(1) (emphasis added).

12 U.S.C. 5512(c)(2).

One commenter argues that the rule exceeds the Bureau's authority under section 1022(c)(4)(A) to gather information “from time to time.” The Bureau, however, is acting in accord with its statutory authority to “prescribe by rule” that covered persons must “from time to time” file “annual or special reports.” The rule here does exactly that: It requires reports “from time to time”— i.e., ninety days after a covered order's effective date (or the applicable nonbank registry implementation date), as well as ninety days after the covered order's amendment, modification, termination, abrogation, or cessation of covered-order status, or after changes to other registration information. There are indications elsewhere in the CFPA that “from time to time” may include regular intervals. For example, section 1014, which establishes the Bureau's Consumer Advisory Board, directs the Board to meet “from time to time . . . but, at a minimum, . . . at least twice in each year.” In addition, in other statutory contexts, courts have recognized that the phrase “from time to time” contemplates “an ongoing process” rather than a one-off action. In section 1022, Congress imposed on the Bureau an obligation to monitor markets; as a practical matter, doing so often requires repeated or periodic information collections in order to understand how the consumer financial marketplace is developing. An atextual reading of section 1022(c)(4) that would limit the Bureau to one-off information gathering efforts would significantly undermine the Bureau's ability to fulfill its congressionally assigned obligations and runs counter to the notion of market monitoring “by rule” under the statute.

12 U.S.C. 5512(c)(4).

12 U.S.C 5494(c).

In re A Community Voice, 878 F.3d 779, 784 (9th Cir. 2017); see also Earth Island Institute v. Wheeler, 464 F. Supp. 3d 1138, 1145 (N.D. Cal. 2020) (concluding that “from time to time” statutory language reflected an “ongoing duty”).

12 U.S.C. 5512(c)(4)(B)(ii).

Contrary to commenters' suggestion, this is not the first time that the Bureau has relied on section 1022(c)(4) to create an ongoing requirement for covered persons to submit information for the purposes of carrying out market monitoring. For example, as part of its final rule to extend consumer protections over prepaid accounts under Regulation E, which implements the Electronic Fund Transfer Act, and Regulation Z, which implements the Truth in Lending Act, the Bureau also utilized its authority under CFPA section 1022(c)(4) to require prepaid card issuers to submit prepaid account agreements to the Bureau. The Bureau initially proposed requiring prepaid card issuers to submit new and amended agreements to the Bureau on a quarterly basis for posting on a website maintained by the Bureau. In the final rule, the Bureau ultimately chose to require submission on a rolling basis to reduce compliance burden. Requiring ongoing submissions in this final rule is not a novel or unique interpretation of the Bureau's authority under section 1022(c)(4).

Prepaid Accounts Under the Electronic Fund Transfer Act (Regulation E) and the Truth in Lending Act (Regulation Z),81 FR 83934 (Nov. 22, 2016).

Id. at 83957.

Id. at 83963.

Commenters appear to be relying on the expressio unius est exclusio alterius canon of statutory interpretation in claiming that the data collection authorized by section 1071 of the CFPA, which amended the Equal Credit Opportunity Act (ECOA), implies limitations on the Bureau's market-monitoring authority in section 1022 of the CFPA. But the Supreme Court has “long held that the expressio unius canon does not apply `unless it is fair to suppose that Congress considered the unnamed possibility and meant to say no to it.' ” Courts have observed that the canon is a “feeble helper in an administrative setting,” where Congress often employs expansive statutory language to leave room for exercises of reasonable agency discretion, and is a “poor indicator” of congressional intent “when countervailed by a broad grant of authority contained within the same statutory scheme.”

15 U.S.C. 1691 et seq.

Marx v. General Rev. Corp., 568 U.S. 371, 381 (2013) (quoting Barnhardt v. Peabody Coal Co., 537 U.S. 149 (2003)).

Adirondack Med. Ctr. v. Sebelius, 740 F.3d 692, 697 (D.C. Cir. 2014) (quoting Cheney R.R. Co. v. I.C.C., 902 F.2d 66, 68-69 (D.C. Cir. 1990)).

Commenters do not point to anything in the legislative history of the CFPA to support their claim that Congress “meant to say no” to requirements like those contemplated by this rule. Indeed, the authority to collect information in section 1022(c)(4) is precisely the kind of broad authority with respect to which courts have found the expressio unius canon to be a “poor indicator” of congressional intent. The Bureau has an extensive obligation, covering the entire marketplace for consumer financial products and services, to monitor for risks to consumers; the information-collection authority at section 1022(c)(4) is necessarily broad in order to satisfy that obligation.

In addition, interpreting section 1071 to imply some limit on the authorities in section 1022 is inappropriate because, among other reasons, section 1071 amends another statute, ECOA, and serves purposes specific to that statute, which are to “facilitate enforcement of fair lending laws” and to “enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.” Sections 1022 and 1071 should be interpreted in light of their distinct and specified purposes.

15 U.S.C. 1691c-2(a).

Regarding the industry commenters' statements that the final rule improperly relies upon section 1022 authority to support the Bureau's determinations under CFPA section 1024(a)(1)(C), or to support the Bureau's enforcement functions, CFPA section 1022(a)(1) provides that the CFPB may use its market-monitoring authority to “support its rulemaking and other functions.” The Bureau understands this provision to mean that all of the Bureau's functions, including supervision and enforcement, can be informed by information it gathers through market monitoring. While the Bureau's market-monitoring authority does not replace its supervision and enforcement authorities (which are established by and subject to other provisions of the CFPA), there is no question that the Bureau can use its market-monitoring work to generally “support” those functions as well as its other functions, such as rulemaking and conducting financial education programs.

See12 U.S.C. 5512(c)(1).

See part IV(B) above.

The Bureau is finalizing its preliminary conclusion in the proposal that collecting and registering public agency and court orders imposing obligations based upon violations of consumer law would assist with monitoring for risks to consumers in the offering or provision of consumer financial products and services. As explained in part IV above, when an agency issues such an order, or seeks a court order, it typically has determined that the problems at the applicable entity are sufficiently serious to merit the expenditure of that agency's limited resources and perhaps the attention of the courts. As discussed in part IV, conduct that constitutes a violation of a covered law may also indicate that the covered nonbank has engaged in violations of laws that the Bureau administers. And, notwithstanding the issuance of the covered order, the violations of covered law or other problems that led the agency to pursue enforcement action may persist after an order has been issued. Such orders may also be indicative of the existence of broader problems at the entity that pose related risks to consumers—including lack of sufficient controls related to the offering and provision of consumer financial products and services, inadequate compliance management systems and processes, and an unwillingness or inability of senior management to comply with laws subject to the Bureau's jurisdiction.

Information regarding the absence of covered orders will also be informative to the Bureau. The existence of covered orders may also in some cases be indicative of lesser, and not greater, risk to consumers. For example, the presence of enforcement activity may indicate that particular risks, markets, or companies are receiving adequate enforcement attention and oversight from regulators. But while less enforcement activity in certain areas could indicate less risk to consumers, it potentially also could be evidence of less attention by regulators and a need to increase monitoring and other supervisory or regulatory activities. Enforcement patterns and trends may vary depending on any number of factors, including the agency issuing or obtaining the order, the type of entity subject to the order, the consumer protection law being enforced, the applicable geographic or product market, and other variables. The Bureau will use the information it collects under the final rule to evaluate, assess, and understand the consumer risk posed by or otherwise related to covered orders, including patterns in such orders and developments in the markets for consumer financial products and services.

See12 U.S.C. 5514(b)(2)(D) (requiring the Bureau to consider in conducting risk-based supervisory prioritization “the extent to which [nonbanks] are subject to oversight by State authorities for consumer protection”).

As discussed in part IV above, collecting and evaluating such market-monitoring information relevant to the offering and provision of consumer financial products and services is appropriate to inform the Bureau's functions, including its supervision and enforcement functions. Thus, the Bureau may consider all of this information regarding enforcement activity, including patterns in such activity, in assessing risks to consumers as part of, among other things, exercising its market-monitoring authority under CFPA section 1022(c), conducting its supervisory prioritization under CFPA section 1024(b)(2), and determining the amount of civil money penalties it may seek or assess under CFPA section 1055(c). However, such use by the Bureau of this information as authorized under the CFPA does not represent an attempt to improperly penalize covered nonbanks for prior acts. Likewise, as discussed in the section-by-section discussion of § 1092.205(a) below, any publication by the Bureau of the information collected through the registry as authorized under § 1092.205 would not be intended to punish companies or individuals for their past acts. Collection and publication of such information as provided in the final rule is authorized by the CFPA and does not violate evidentiary or other fundamental principles of American law.

Industry commenters also stated that the proposed registry's purpose was incompatible with the Bureau's authorities to prescribe rules regarding registration requirements under CFPA section 1022(c)(7). A joint letter from members of Congress stated CFPA section 1022(c)(7) does not grant the Bureau authority to establish such a robust set of registration requirements, nor a database for a particular category of information, and stated that when Congress intends to create a database, it explicitly and clearly does so. One industry commenter also stated that CFPA section 1022(c)(7) does not contemplate the creation of a registration requirement and bespoke database for a particular category of information, but rather outlines a path for registering a covered entity with the Bureau and sharing basic identifying information about the entity with the public. Another industry commenter stated that the proposed registry represented an attempt to obscure the Bureau's failure to create a registry that would identify legitimate companies for the use of consumers and others, as required by law, and that the Bureau should instead develop and publicize an accessible list of legitimate debt collectors.

Commenters do not specify how the final rule's particular registration requirements exceed the authority contained in CFPA section 1022(c)(7), and the Bureau believes that the final rule is consistent with the Bureau's authority under that provision. As discussed in part III(B) above, CFPA section 1022(c)(7)(A) expressly authorizes the Bureau to “prescribe rules regarding registration requirements applicable to a covered person, other than an insured depository institution, insured credit union, or related person.” The registry will provide a mechanism for the Bureau to gather information about the nonbank entities that are subject to its jurisdiction. The CFPB has designed its rule to be consistent with limitations contained in CFPA section 1022(c)(7)(A), including by excluding insured depository institutions, insured credit unions, and related persons from the scope of the rule's registration requirements. As explained in more detail in parts III and IV, the Bureau is adopting the final rule to fulfill the general purposes and objectives established for the Bureau in CFPA sections 1021, 1022(b) and (c), and 1024(b)(7)(A)-(C), as authorized under those sections. The Bureau disagrees that more specific statutory authorization is required.

See § 1092.201(d)(1) and (2) of the final rule.

Section 1022(c)(7)(B) also provides that “[s]ubject to rules prescribed by the Bureau, the Bureau may publicly disclose registration information to facilitate the ability of consumers to identify covered persons that are registered with the Bureau.” The Bureau interprets CFPA section 1022(c)(7)(B) as authorizing it to publish registration information required by Bureau rule under CFPA section 1022(c)(7)(A) so that consumers may identify the nonbank covered persons on which the Bureau has imposed registration requirements. Contrary to a commenter's suggestion, this provision does not imply that the Bureau is precluded from publishing registration information in database or other searchable form, or from publishing identifying information or other registration information in a manner that highlights specific information or categories of information. As further explained in part IV(F) and the section-by-section discussion of § 1092.205(a), publication of registry information under § 1092.205 in an online public registry will implement the provisions of Federal consumer financial law in a manner fully consistent with the Bureau's obligations under the CFPA.

12 U.S.C. 5512(c)(7)(B).

An industry commenter questioned the Bureau's authority to make the market-monitoring data public under CFPA section 1022(c)(3). Section 1022(c)(3)(B), however, authorizes the Bureau to release information through aggregated reports or “other appropriate formats.” The only limitations on “format” that section 1022 imposes are that the format be “appropriate” and that it be “designed to protect confidential information in accordance with paragraphs (4), (6), (8), and (9).” The proposed registry complies with these restrictions.

Section 1022(c)(3)(B) is not limited by section 1022(c)(3)(A), on which the industry commenter focused. Section 1022(c)(3)(A) requires the Bureau to, at minimum, publish one “report of significant findings of its monitoring required by this subsection [ i.e., subsection 1022(c)] in each calendar year.” It sets a floor, not a ceiling, and it does not restrict the Bureau to only publishing “report[s] of significant findings” related to its market-monitoring work.

In addition, section 1022(c)(3)(B) authorizes the Bureau to publish information obtained “under this section [ i.e., section 1022]” in “appropriate formats.” By its own terms, this provision applies to any category of information collected under section 1022 ( see, e.g., CFPA sections 1022(c)(6)(C), 1022(c)(7), 1022(d)), and so cannot reasonably be limited by section 1022(c)(3)(A), which only concerns the Bureau's “monitoring” work under “subsection” (c).

The commenter's assertion is also in tension with laws requiring Federal agencies to make data and information available to the public. The Foundations for Evidence-Based Policymaking Act requires agencies to disclose data if it would otherwise be made available under the Freedom of Information Act. Similarly, the Freedom of Information Act imposes proactive disclosure requirements when records are likely to be requested by the public.

44 U.S.C. 3504(b)(6)(F).

5 U.S.C. 552(a)(2)(D).

As discussed in part IV(B) above, the information collected under the final rule will inform the Bureau's exercise of its consumer education functions, among other functions. For example, the Bureau may consider the information it has collected in determining what harmful practices may be prevalent in the markets for consumer financial products and services, in monitoring and assessing the enforcement actions that are being issued in connection with such harmful practices and the content of covered orders, and in identifying patterns of similar alleged or found violations of Federal consumer financial law across multiple nonbank covered persons. Such information about risk to consumers in the offering and provision of consumer financial products and services will help the Bureau determine how to conduct its own consumer education efforts. The Bureau may choose to direct its consumer education efforts toward educating consumers about risks identified via the registry, and can help consumers understand the risks and associated costs of such conduct with respect to their use of certain consumer financial products or services. While, as discussed in parts VIII and IX below, the Bureau believes that most consumers will not change their behavior due to the publication of the registry as authorized under § 1092.205(a), the Bureau will be able to utilize the information collected under the final rule to inform its own consumer education functions.

See12 U.S.C. 5493(d) (establishing the Bureau's Office of Financial Education); 12 U.S.C. 5511(b)(1) (“The Bureau is authorized to exercise its authorities under Federal consumer financial law for the purposes of ensuring that, with respect to consumer financial products and services . . . consumers are provided with timely and understandable information to make responsible decisions about financial transactions”); 12 U.S.C. 5511(c)(1) (“The primary functions of the Bureau are . . . conducting financial education programs”).

Section 1092.202(a) Scope of Registration Requirement

Proposed Rule

Proposed § 1092.202(a) would have defined the scope of the registration requirement. To maximize the value of subpart B's registration requirements, while taking into consideration administrative costs to the Bureau and covered nonbanks in keeping the registry updated, the Bureau proposed to limit § 1092.202 to covered orders (as that term is defined at proposed § 1092.201(e)) that have an effective date (as that term is defined at proposed § 1092.201(f)) on or after the effective date of subpart B, or that remain in effect (as that term is defined at proposed § 1092.201(m)) as of the effective date of subpart B. The Bureau preliminarily concluded that this limitation of the registration requirement's scope would help ensure that the most relevant orders are submitted into the NBR system. The Bureau recognized in its proposal that there is potential value in requiring registration with respect to older orders that no longer remain in effect. Among other things, the Bureau believed that such registration would have helped inform the Bureau and consumers regarding older orders and help to identify an even larger number of repeat offenders than could be identified through the registration requirement as proposed in § 1092.202. On the other hand, the Bureau recognized that requiring covered nonbanks to identify and register older orders to which they were once subject, but that no longer impose any present obligations, may be burdensome. In addition, extending the registration requirement to older orders would have imposed additional administrative costs on the Bureau. The Bureau believed that limiting the registration requirement to covered orders with an effective date on or after the effective date of subpart B, or that remain in effect as of subpart B's effective date, would strike the appropriate balance in terms of establishing an informative and useful registry without imposing undue burdens on either industry or the Bureau. To maximize the value of subpart B's registration requirements, while taking into consideration administrative costs to the Bureau and covered nonbanks in keeping the registry updated, the Bureau therefore proposed to limit § 1092.202 to covered orders (as that term is defined at proposed § 1092.201(e)) that have an effective date (as that term is defined at proposed § 1092.201(f)) on or after the effective date of subpart B, or that remain in effect (as that term is defined at proposed § 1092.201(m)) as of the effective date of subpart B.

The Bureau is adopting the proposal's approach to this issue in the final rule and finalizes its preliminary conclusion to this effect; see the discussion of § 1092.202(a) of the final rule below.

Comments Received and Final Rule

The Bureau did not receive any comments specifically regarding proposed § 1092.202(a). For the reasons set forth in the description of the proposed rule above, the Bureau is finalizing § 1092.202(a) as proposed.

Section 1092.202(b) Requirement To Register and Submit Information Regarding Covered Orders

Proposed Rule

Proposed § 1092.202(b) would have established subpart B's requirements for covered nonbanks to register with the NBR system and to provide and maintain certain registration information.

Proposed § 1092.202(b)(1) would have provided that each covered nonbank that is identified by name as a party subject to a covered order described in paragraph (a) shall register as a registered entity with the NBR system in accordance with proposed § 1092.202(b) if it is not already so registered, and shall provide or update, as applicable, the information described in subpart B in the form and manner specified by the Bureau. As discussed in connection with proposed § 1092.201(e)(1), a covered nonbank that is identified by name as a party subject to the order would have been required to register under this paragraph even if the covered nonbank is not listed in the title or caption of the order, or as the primary respondent, defendant, or subject of the order. A covered nonbank may have been subject to the requirements of proposed § 1092.202 even if the issuing agency or court does not list the covered nonbank as a party in related press releases or internet links.

The Bureau considered but did not propose alternative approaches, including applying the requirements of this section to any covered nonbank alleged or found in a covered order to have violated a covered law, even if such party were not expressly named. This alternative would have captured circumstances where, for instance, a covered order applies to a category of entities, such as all affiliates of a particular named covered nonbank, but the order does not specifically name all of the entities that fall within that category ( e.g., does not specifically list the names of all of the affiliates of the named covered nonbank). While this alternative would have potentially widened the scope of information the Bureau would have obtained relevant to its market-monitoring objectives, it preliminarily concluded that the proposed approach would effectively achieve those objectives with greater administrative ease.

As provided at § 1092.102(a), the Bureau proposed to specify the form and manner for electronic filings and submissions to the NBR system that are required or made voluntarily under part 1092, including §§ 1092.202 and 1092.204. The Bureau would have issued specific guidance for filings and submissions.

Proposed § 1092.202(b)(2)(i) would have required each covered nonbank that is required to register under proposed § 1092.202 to submit a filing containing the information described in proposed § 1092.202(c) and (d) to the NBR system within the later of 90 days after the applicable nonbank registration system implementation date or 90 days after the effective date of any applicable covered order. Thus, a covered nonbank would not have been required under proposed subpart B to register any covered orders to which it may be subject until 90 days after the nonbank registration system implementation date for this provision. For covered orders with effective dates after the nonbank registration system implementation date, an applicable covered nonbank would have been required to register the covered order within 90 days after the covered order's effective date, as that term is defined at proposed § 1092.201(f). The Bureau believed the 90-day period would give sufficient time for a covered nonbank to collect and submit the applicable information to the NBR system and would also generally permit a sufficient length of time for any relevant agency or court stays to take effect.

As discussed above regarding proposed § 1092.101(e), the Bureau estimated that the nonbank registration system implementation date for proposed §§ 1092.202 and 1092.203 would have been no earlier than January 2024 and may be substantially later. The Bureau explained in its proposal that the exact nonbank registration system implementation date would depend upon, among other things, the comments received to this proposal and the Bureau's ability to launch the registration system.

Proposed § 1092.202(b)(2)(ii) would have required each covered nonbank that is required to register under proposed § 1092.202 to submit a revised filing amending any information described in paragraphs (c) and (d) to the NBR system within 90 days after any amendments are made to the covered order or any of the information described in paragraphs (c) or (d) changes. The Bureau believed that requiring entities to maintain up-to-date information with the NBR system would significantly enhance the usefulness of the NBR system for the Bureau, consumers, and other users of the NBR system.

Comments Received

Commenters stated that the Bureau is pursuing a novel and legally impermissible approach to its authorities under CFPA section 1022. For a discussion of these issues, see the Bureau's response above to comments received regarding the Bureau's authority under CFPA section 1022.

Commenters also stated that the proposal was not compatible with CFPA section 1024. Industry commenters stated that the proposed registry would conflict with the requirement at CFPA section 1024(b)(4) for the Bureau, in exercising its nonbank supervisory authority, to use reports that have already been provided to Federal and State agencies and information that has been reported publicly. An industry commenter also stated that the proposed registry would conflict with the requirement at CFPA section 1024(b)(3) for the Bureau, in exercising its nonbank supervisory authority, to “coordinate its supervisory activities with the supervisory activities conducted by prudential regulators, the State bank regulatory authorities, and the State agencies that license, supervise, or examine the offering of consumer financial products or services, including . . . requirements regarding reports to be submitted by such persons.”

12 U.S.C. 5514(b)(4); see also12 U.S.C. 5515(b)(3), 5516(b)(1).

12 U.S.C. 5514(b)(3).

See id.

The joint comment from State regulators stated that, because in the commenters' view the discrepancy between the number of nonbank entities licensed by States through NMLS and the number of firms subject to Bureau supervisory authority appears negligible, the proposed Bureau registry would likely be largely duplicative of NMLS and provide little new insight for risk-based supervision purposes, particularly for the mortgage and money services business industries.

An industry commenter stated the proposal did not comply with CFPA section 1024(b)(2) and did not properly assess the impact of the rule on attorneys and law firms under that statutory provision. The commenter stated that creditors' rights attorneys and law firms already are heavily regulated at the State level, the Bureau should have considered the unique characteristics of creditors' rights law firms, and such firms should be exempt from the proposed rule. Another industry commenter stated that the proposed written-statement requirements were inconsistent with section 1024(b)(2) since the $1 million amount in proposed § 1092.201(q)'s definition of “supervisory registered entity” should be increased.

Consumer advocate commenters generally supported the Bureau's proposal to collect information as described in the proposal. A consumer advocate commenter stated that in light of the large number of nonbanks subject to Bureau oversight, the self-reporting requirements in the proposed rule would assist the Bureau's supervisory prioritization efforts and would help the Bureau identify wider trends in relevant markets. A consumer advocate commenter stated that it would not be a substantial burden for companies to identify covered orders, since they would presumably have these orders on hand for their own in-house compliance purposes.

An industry commenter stated that the Bureau should establish a minimum threshold of five non-expired covered orders before requiring registration, in order to better distinguish nonbanks with only a few consent orders from “repeat offenders” and reduce consumer confusion.

The SBA Office of Advocacy stated that the Bureau should issue clear guidance to assist small entities with compliance with the rule's submission and other requirements.

See the section-by-section discussion of § 1092.201(e) regarding a comment related to the final rule's treatment of parties not expressly named in the covered order.

Response to Comments Received

The Bureau is finalizing a new section at § 1092.203 that will provide that, with respect to any covered order that is published on the NMLS Consumer Access website, a covered nonbank that is identified by name as a party subject to the order may elect to comply with the one-time registration option described in that section in lieu of complying with the requirements of §§ 1092.202 and 1092.204. To the extent that CFPA section 1024(b)(4) may apply to Bureau rulemakings under section 1024(b)(7), § 1092.203 will ensure that the requirements in the Bureau's rule reflect, to the fullest extent possible, “reports pertaining to persons described in [section 1024(a)(1)] that have been provided or required to have been provided to a Federal or State agency” and “information that has been reported publicly.” In particular, covered nonbanks with NMLS-published covered orders can opt for a streamlined registration process designed to provide notice that information regarding such covered orders is available through the NMLS. After the existence of NMLS-published covered orders has been directed to the Bureau's attention through a streamlined registration under § 1092.203, the Bureau can use any information available through the NMLS to help inform its risk-based supervisory prioritization determinations under CFPA section 1024(b)(2) and its supervisory activities under section 1024(b)(1).

12 U.S.C. 5514(b)(4).

To the extent these industry commenters suggest that additional changes would be required in order to satisfy the Bureau's obligations under CFPA section 1024(b)(4)—for example, by not collecting information that is also published by an individual State agency—the Bureau declines to make such changes. First, a central purpose of the rule's registration requirements is to ensure that the Bureau is made aware and provided with copies of “information that has been reported publicly”— i.e., information related to public enforcement orders—in a manner that is usefully associated with covered nonbanks. Second, the Bureau views the registry as a means to increase its ability to obtain and use such information and thus promote Congress's intent in adopting these statutory provisions. CFPA section 1024(b)(4) requires that the Bureau use such information “to the fullest extent possible,” and collecting this information makes it more “possible” for the Bureau to use this information.

Likewise, to the extent that CFPA section 1024(b)(3) may apply to Bureau rulemakings under section 1024(b)(7), the Bureau has satisfied any obligation to coordinate with prudential regulators and relevant State authorities through the consultations described in part V of this preamble. Further, the Bureau is finalizing § 1092.203 in part to facilitate coordination with the State authorities described in CFPA section 1024(b)(3), as well as to facilitate adoption of the “coordinated or combined systems for registration” with State agencies discussed in CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D).

One of the authorities cited as a basis for components of the final rule is 12 U.S.C. 5512(c)(7), which provides that the “Bureau may prescribe rules regarding registration requirements applicable to a covered person, other than an insured depository institution, insured credit union, or related person.” Congress provided that “[i]n developing and implementing registration requirements under [12 U.S.C. 5512(c)(7)], the Bureau shall consult with State agencies regarding requirements or systems (including coordinated or combined systems for registration), where appropriate.” 12 U.S.C. 5514(b)(7)—the proposed statutory basis for the written-statement requirement—includes a similar consultation provision.

As discussed further in part IV(E) above and the section-by-section discussion of § 1092.203 below, the Bureau does not believe that the existence of the NMLS renders the new Bureau registry unnecessary, including with respect to supervised registered entities. However, the Bureau is finalizing § 1092.203 to provide that applicable entities may comply with the one-time limited registration option described in that section in lieu of complying with the requirements of §§ 1092.202 and 1092.204. The information obtained by the Bureau under the final rule, including § 1092.203, will inform the Bureau's risk-based supervisory prioritization efforts as well as its other functions.

The Bureau does not agree that the final rule is inconsistent with CFPA section 1024(b)(2), whether with respect to attorneys and law firms or any other broad category of covered nonbanks that can be identified in advance of collecting information under the final rule. As an initial matter, CFPA section 1024(b)(2) does not govern this rulemaking. As the Bureau has explained, it relies on CFPA sections 1022(b), 1022(c), and 1024(b)(7) in issuing this rule. By its own terms, CFPA section 1024(b)(2) applies only to exercises of the Bureau's supervisory authority under a different provision, CFPA section 1024(b)(1). Section 1024(b)(2) does not govern rulemakings; instead, it governs the Bureau's prioritization of entities for examinations and other supervisory activities under section 1024(b)(1). Therefore, the Bureau is not required to account for the risk-based prioritization factors set forth in section 1024(b)(2) in determining this rulemaking's scope. Moreover, as the Bureau discussed in the proposed rule, one of the purposes of this registry is to provide the Bureau with additional information to use for its prioritization of examinations and other supervisory activities under section 1024(b)(2). Requiring an assessment under section 1024(b)(2) for rulemakings under section 1024(b)(7) would, in fact, limit the Bureau's ability to make informed assessments of individual entities for supervisory activities.

See, e.g., 88 FR 6088 at 6103 (“The Bureau proposes to establish the NBR system under its registration and market-monitoring rulemaking authorities under CFPA section 1022(b)(1), (c)(1)-(4), and (c)(7), and under its supervisory rulemaking authorities under CFPA section 1024(b)(7)(A), (B), and (C).”).

Id. at 6095 (“The Bureau believes that the proposed registry would be especially useful with respect to the particular nonbank markets that are subject to the Bureau's supervision and examination authority under CFPA section 1024(a). In those markets, the Bureau would be able to take account of risks identified through the proposed registry in conducting its risk-based supervisory prioritization and enforcement work.”).

In any event, even if the Bureau were exercising authority under section 1024(b)(1) here, and thus section 1024(b)(2) applied, that would not affect the rulemaking's outcome. The Bureau believes that the risk associated with covered orders is significant and that a consideration of the factors set forth in section 1024(b)(2) supports imposing the rule's requirements. As discussed in part IV(B), depending upon the circumstances, the Bureau may consider the existence of an order requiring registration under the final rule to be a risk factor under these provisions for covered persons subject to the final rule—in particular, under CFPA section 1024(b)(2)(C)-(E). Moreover, the information that the Bureau obtains under the rule will inform its supervisory prioritization efforts with respect to individual entities and will otherwise facilitate its supervision of covered nonbanks that are described in CFPA section 1024(a)(1). In addition, consistent with CFPA sections 1024(b)(2)(A)-(B), the Bureau has effectively accounted for asset size and transaction volume by excluding persons with less than $5 million in annual receipts (as described in § 1092.201(q)(4)) from § 1092.204's annual reporting requirements. For additional discussion of that exclusion, see the section-by-section discussion of § 1092.201(q).

The Bureau is finalizing § 1092.202(b)(2)(i)'s requirement for covered nonbanks to register each covered order within 90 days of the order's effective date (or, in the initial phase of the registry, the applicable nonbank registry implementation date). The Bureau declines to establish a minimum number of covered orders to which a covered nonbank must be subject before requiring registration. That approach would lead to the omission of many covered orders that are relevant to risk to consumers, and would impair the ability of the Bureau and others to identify trends and patterns in the information collected. It would also lead to the omission of relevant covered nonbanks and supervised registered entities from the registry, which would mean that the Bureau would not be notified regarding the existence of such entities and would not learn that they were subject to a covered order. The approach would limit the Bureau's ability to seek additional information about the covered order and the covered nonbank and otherwise monitor risks to consumers as appropriate to inform the Bureau's functions. While, as discussed elsewhere in this preamble, the Bureau is very concerned about the risks to consumers presented by repeat offenders, even one covered order may be probative of significant risk to consumers. In addition, the Bureau would be less able to understand where covered orders are not being issued or obtained, depriving it of important information regarding the absence of covered orders. And supervised registered entities would not be subject to the rule's written-statement requirements until the threshold had been reached, unduly limiting the effectiveness of those requirements. The Bureau concludes that registration of each covered order will serve the purposes of the final rule described in part IV above. The Bureau disagrees that requiring registration of each covered order will lead to consumer confusion, as consumers and other users of the registry will have access to accurate information about the orders and nonbank. See the section-by-section discussion of § 1092.205(a) below for additional discussion of related issues involving the potential publication of registry information.

As provided in § 1092.102(a), the Bureau will issue filing instructions that will provide covered nonbanks with specific information regarding their filing obligations under the final rule. The Bureau may consider issuing additional rules and guidance as may be necessary or appropriate.

Final Rule

For the reasons discussed above and in the proposal, the Bureau is finalizing § 1092.202(b) as proposed, with minor technical edits and a minor revision to reflect the renumbering of § 1092.206 in the final rule.

See also the section-by-section discussions of § 1092.101(d) and (e) above regarding the Bureau's adoption of the revised terms “nonbank registry” and “nonbank registry implementation date.”

Section 1092.202(c) Required Identifying Information and Administrative Information

Proposed Rule

Proposed § 1092.202(c) would have required a registered entity to provide all identifying information and administrative information required by the NBR system. In filing instructions the Bureau would have issued under proposed § 1092.102(a), the Bureau would have specified the types of identifying information and administrative information registered entities would be required to submit. Proposed § 1092.201(a) would have defined the term “administrative information,” and proposed § 1092.201(g) would have defined the term “identifying information.” Proposed § 1092.202(c) also would have clarified that the Bureau's filing instructions may require joint or combined submissions to the NBR system by covered nonbanks that are affiliates as defined in proposed § 1092.101(a).

The Bureau requested comment on the general requirements of proposed § 1092.202(c), including the requirement to register and update identifying information and administrative information within the timeframes described in proposed § 1092.202(b). The Bureau requested comment on whether registration of updates with respect to this information should be required more or less often, and if so, why and in what circumstances. The Bureau also sought comment on the proposed distinctions between identifying information and administrative information, and whether collection of other types of information would help in the administration of the NBR system or benefit its users.

Comments Received

An industry commenter asked that the Bureau clarify that entities would only be required to report, and only be publicly affiliated with, orders wherein they are named.

Comments addressing the proposal's approach to the written statement, including requirements to designate and submit the names and titles of attesting executives and associated criteria for such a designation, are addressed in the section-by-section discussion of § 1092.204 below.

Response to Comments Received

As provided in § 1092.201(e)(1)(i), in order to qualify as a “covered order” under the final rule, an order must among other things “[i]dentif[y] a covered nonbank by name as a party subject to the order.” Where a covered nonbank is not identified by name as a party subject to an order, the order will not be a covered order with respect to that covered nonbank, and the covered nonbank will not be subject to any of the requirements of the final rule with respect to the covered order. A covered nonbank is not subject to the requirements of the rule with respect to a covered order on the sole grounds that its affiliated covered nonbank is subject to those requirements. However, as provided at § 1092.202(c), the Bureau may require, via filing instructions issued pursuant to § 1092.102(a), two or more affiliated covered nonbanks to submit a joint or combined filing statement with respect to a covered order, where those affiliated covered nonbanks are each subject to the requirements of § 1092.202 with respect to such covered order. Also, as discussed in the section-by-section discussion of §§ 1092.201(a) and 1092.202(d) above, for any covered order that a covered nonbank must register under § 1092.202, the Bureau may via filing instructions require the registered covered nonbank to identify to the Bureau, as administrative information required under § 1092.202(c), the names of any of the registered covered nonbank's affiliates registered under subpart B with respect to the same covered order.

Final Rule

For the reasons set forth above, the Bureau is finalizing § 1092.202(c) as proposed.

See also the section-by-section discussions of § 1092.101(d) and (e) above regarding the Bureau's adoption of the revised terms “nonbank registry” and “nonbank registry implementation date.”

See also the discussion regarding the final rule's treatment of affiliates of insured depository institutions and insured credit unions in the section-by-section discussions of § 1092.201(d) and (q) above.

Section 109.202(d) Information Regarding Covered Orders

Proposed Rule

Proposed § 1092.202(d) would have required a registered entity to provide additional types of information more specifically related to each covered order subject to proposed § 1092.202. First, proposed § 1092.202(d)(1) would have required a registered entity to provide a fully executed, accurate, and complete copy of the covered order, in a format specified by the Bureau. This information would have helped the Bureau more clearly identify the covered orders to which the registered entity is subject, as well as the terms of those orders, and would provide access to updated copies of those orders. The information would have provided similar benefits to other regulators, consumers, and other users of the NBR system upon publication.

This proposed section would have also provided that any portions of a covered order that are not public must not be submitted. These nonpublic portions would have been required to be clearly marked on the copy submitted, to promote ease of use. For example, a nonpublic section could have been redacted and marked as nonpublic. As discussed above regarding proposed § 1092.201(e)(3) and (k), the Bureau was concerned that requiring registration and disclosure of confidential supervisory information or other nonpublic information might interfere with the functions and missions of other agencies and did not believe that requiring such registration and disclosure is necessary to accomplish the purposes of the proposed rule. The Bureau sought comment on this aspect of the proposed rule. The Bureau also sought comment on whether it should permit covered nonbanks to submit only select portions of covered orders, and if so, what portions of such orders should be submitted, and which should be excluded from the submission requirement.

Proposed § 1092.202(d)(2) would have required a registered entity to provide five additional types of data regarding each covered order subject to § 1092.202. The Bureau believed all of the described data fields would be useful to the Bureau in locating, understanding, organizing, and using the information submitted. The Bureau also explained in its proposal that upon publication, the data fields would be similarly useful to other users of the NBR system as well. In addition, the Bureau believed that requiring covered nonbanks to identify and submit these fields would help ensure accuracy and lower administrative costs for the Bureau.

First, proposed § 1092.202(d)(2)(i) would have required a registered entity to identify the government entity that issued the covered order. Second, proposed § 1092.202(d)(2)(ii) would have required a registered entity to provide the covered order's effective date, as that term is defined at proposed § 1092.201(f). Third, proposed § 1092.202(d)(2)(iii) would have required a registered entity to provide the date of expiration, if any, of the covered order, or a statement that there is none. The Bureau explained in its proposal, for example, where a covered order expires by its own terms after perhaps five or some other term of years, the registered entity would be required to provide that information. The Bureau requested comment on whether the date of expiration of covered orders would be sufficiently clear to comply with this provision or whether additional specification on this point from the Bureau would be useful. Fourth, proposed § 1092.202(d)(2)(iv) would have required a registered entity to identify all covered laws found to have been violated or, for orders issued upon the parties' consent, alleged to have been violated, in the covered order. The Bureau would have expected that registered entities would satisfy this requirement by providing accurate Federal or State citations for the applicable covered laws. The Bureau believed this information would increase the usefulness of the NBR system. It would have better enabled the Bureau to identify and assess any risks to consumers relating to the violations, and once published would have also enabled users of the registry to more easily search and review filings.

Fifth, proposed § 1092.202(d)(2)(v) would have required a registered entity to provide the names of any of the registered entity's affiliates registered under subpart B with respect to the same covered order. The Bureau anticipated that this information would be useful in identifying affiliate relationships between registered entities that are registered with the NBR system, which might not otherwise be obvious or apparent. Proposed § 1092.101(a) would have defined the term “affiliate” to have the meaning given to that term in the CFPA, which would have included any person that controls, is controlled by, or is under common control with another person.

See12 U.S.C. 5481(1).

Proposed § 1092.202(d)(3) would have required a registered entity, if the registered entity is a supervised registered entity, also to file the name and title of its attesting executive for purposes of proposed § 1092.203 with respect to the covered order. The benefits of designating an attesting executive were discussed in detail in proposed section IV(D). In addition, the Bureau believed that its collection (and ultimate publication) in the registry of the name and title of a supervised registered entity's attesting executive would be important to the Bureau and other users of the NBR system. The Bureau believed that requiring the entity to identify the name and title of the attesting executive designated in connection with each covered order would assist the Bureau in administering the requirements in proposed § 1092.203 regarding annual written statements. In addition, as discussed below regarding proposed § 1092.203(b), the Bureau explained that collecting information regarding the name and title of the attesting executive for a given covered order would provide the Bureau with insight into the entity's organization, business conduct, and activities, and would inform the Bureau's supervisory work, including its risk-based prioritization process. The Bureau also believed that publishing this information would have also provided benefits to the public and other users of the proposed NBR system, as discussed further below in connection with proposed § 1092.204(a).

The Bureau would have relied on two separate statutory grants of authority in collecting the attesting executive's name and title, each of which would provide an independent statutory basis for proposed § 1092.202(d)(3). The Bureau would have collected this information under its market-monitoring authority under CFPA section 1022(c)(1) and (4) to “gather information regarding the organization, business conduct, markets, and activities” of supervised registered entities. The Bureau would have also collected this information under its CFPA section 1024(b)(7) authority to prescribe rules regarding registration, recordkeeping, and other requirements for covered persons subject to Bureau supervision under CFPA section 1024.

12 U.S.C. 5512(c)(1), (4).

12 U.S.C. 5514(b)(7).

The Bureau requested comment on whether proposed § 1092.202(d) should identify additional or different categories of information collected by the NBR system, including but not limited to information regarding covered orders or the registered entity.

Comments Received

A consumer advocate commenter stated that the treatment of nonpublic information under proposed § 1092.202(d) demonstrated that the Bureau was taking steps to protect confidential and otherwise nonpublic information relevant to orders.

Response to Comments Received

See the section-by-section discussion of § 1092.201(m) above regarding the treatment of nonpublic portions of orders under the final rule.

See the section-by-section discussion of § 1092.201(l) above regarding an industry commenter's suggestion to treat multiple orders as a single order under certain circumstances.

See the section-by-section discussion of §§ 1092.204(b) and 1092.205(a) below for discussions regarding the final rule's requirements to designate an attesting executive for each covered order and the Bureau's reasons for collecting and potentially publishing that information.

Final Rule

For the reasons set forth below and in the description of the proposed rule above, the Bureau is finalizing § 1092.202(d) as proposed, with several revisions.

First, as discussed further below in the section-by-section discussion of § 1092.205(a), the Bureau has determined not to mandate with respect to every covered order the collection of information regarding the names of the person's affiliates registered under subpart B with respect to the same covered order in the final rule. Under the final rule, § 1092.202(d)(2)(v) as proposed has been deleted, but the Bureau may determine to collect this information as “administrative information” under § 1092.202(c). In filing instructions issued under § 1092.102(a), the Bureau will specify whether and how it will collect such information. As described in the section-by-section discussion of § 1092.205(a) below, the Bureau will not publish such information under § 1092.205(a) if it is collected.

Second, the Bureau is finalizing a clarification at § 1092.202(d)(2)(i) to provide that a registered entity shall provide to the nonbank registry, for each covered order subject to § 1092.202, information regarding the agency (or agencies) and court(s) that issued or obtained the covered order, as applicable. The Bureau is finalizing this change to the proposed rule in order to clarify that covered orders may be issued or obtained by more than one agency or court, and to collect more accurate and comprehensive information about covered orders. In general, for covered orders that are issued by a court of law, the nonbank registry will collect information regarding the court that issued the order as well as the agency or agencies that brought the applicable proceeding and obtained the order. For covered orders issued directly by agencies in an administrative action or other agency proceeding, the nonbank registry generally will collect information regarding the issuing agency or agencies.

Third, the Bureau is finalizing a new provision at § 1092.202(d)(2)(v) to provide that a registered entity shall provide to the nonbank registry, for each covered order subject to § 1092.202, information regarding any docket, case, tracking, or other similar identifying number(s) assigned to the covered order by the applicable agency(ies) or court(s). Collecting and potentially publishing this information will better enable the Bureau and other users of the registry to identify the applicable covered order, to distinguish it from other orders, and to understand any connections between the order and the covered nonbank with other information about the covered order and covered nonbank that the Bureau may possess or that may be otherwise available. As with the other required data fields, this information will be useful to the Bureau in locating, understanding, organizing, and using the information submitted and will be similarly useful to other users of the nonbank registry as well. In addition, requiring covered nonbanks to identify and submit such information will help ensure accuracy and lower administrative costs for the Bureau.

Fourth, the Bureau is finalizing a minor revision at § 1092.202(d)(3) to reflect the renumbering of § 1092.204.

Section 1092.202(e) Expiration of Covered Order Status

Proposed Rule

Proposed § 1092.202(e) would have provided for an outer limit on the time period during which the existence of a covered order would subject a registered entity to the requirements of proposed subpart B. The Bureau explained in its proposal that in circumstances where a covered order terminates (or otherwise ceases to remain in effect) within ten years after the order's effective date, the registered entity's obligations to update its filing under proposed § 1092.202 or to file written statements with respect to the covered order under proposed § 1092.203 would cease after its final filing under proposed § 1092.202(f)(1). The Bureau, however, recognized that some covered orders may not terminate (or otherwise cease to remain in effect) within ten years of the orders' effective dates. In such circumstances, proposed § 1092.202(e) would have provided that a covered order shall cease to be a covered order for purposes of subpart B as of the later of: (1) ten years after its effective date; or (2) if the covered order expressly provides for a termination date more than ten years after its effective date, the expressly provided termination date.

See the discussion of § 1092.202(f) below.

The Bureau preliminarily concluded that, in most cases, it may be less likely to obtain meaningful information in connection with existing orders after ten years have passed since their effective dates. The Bureau also preliminarily concluded that maintaining the proposal's registration and written-statement requirements for at least ten years after the effective date of covered orders that remain in effect would have provided useful information to the Bureau and other uses of the registry, as described in this proposal. Among other things, the Bureau believed that maintaining the obligation to update registration information for ten years would better enable the Bureau to identify covered nonbanks in the event a subsequent covered order requires additional registration. The Bureau also believed that limiting registration obligations to more recent orders would also help limit the burden imposed by proposed subpart B's requirements on covered nonbanks. However, where a covered order expressly provides for a later termination date, the Bureau believed that it should continue to collect and publish information on the order under the provisions of proposed §§ 1092.202 through 1092.204. The Bureau sought comment on all aspects of proposed § 1092.202(e). In particular, the Bureau sought comment on whether to adopt a different approach to setting and determining the sunset period for orders, and on whether the proposed baseline ten-year period should be longer or shorter. The Bureau also sought comment on whether registered entities would benefit from additional guidance in determining whether a covered order expressly provides for a termination date more than ten years after its effective date, and what constitutes the expressly provided termination date of such a covered order.

The Bureau also sought comment on whether the applicable sunset period should depend upon the content of the order. The Bureau explained in its proposal that, for example, it considered whether the sunset period for a covered order should be shorter where the only obligations based on alleged violations of covered laws and imposed in the public provisions of such order were to pay money (such as payment of a civil money penalty or fine, or payment of refunds, restitution, or disgorgement). Under this alternative approach, for such covered orders without express termination dates, the orders would have ceased being covered orders for purposes of subpart B after some period shorter than the ten-year sunset proposed here. The Bureau did not propose this approach for reasons of simplicity and administrative efficiency, and because the Bureau believes that the sunset provision in proposed § 1092.202(e) would generally be preferable for most such covered orders. However, the Bureau sought comment on this proposed alternative and, more generally, on whether and why it should adopt a shorter sunset period for these orders. The Bureau also sought comment on other approaches that would establish different sunset periods depending on the content of the order, and other types of orders that might have different sunset periods.

The Bureau further considered requiring registered entities to continue treating an order that would otherwise sunset under the proposal as a covered order for purposes of the proposed rule if the Bureau determined, after providing the entity notice and an opportunity to respond, that continuing to do so was necessary for the Bureau to fulfill its monitoring or supervisory responsibilities. For example, as the Bureau explained in the proposal, based on information supplied by another agency or otherwise in its possession, the Bureau may have cause to believe that the nonbank continued to be in violation of the order. For such cases, the Bureau considered requiring continued compliance with the requirements of proposed subpart B beyond the expiration period if the Bureau ultimately concluded doing so was necessary for the Bureau to fulfill its monitoring or supervisory responsibilities. The Bureau did not propose this approach for reasons of simplicity and administrative efficiency, and because the Bureau believed that the proposed sunset provision would be likely to provide sufficient information regarding most covered orders. However, the Bureau sought comment on whether it should include this additional requirement in the final rule and whether any additions or subtractions to it would better achieve its intended purpose. The Bureau also sought comment on whether, if it included this additional requirement in a final rule, it should specify any alternative or additional criteria that the Bureau might consider in reaching its determination whether a particular covered order should remain subject to the requirements of subpart B.

Comments Received

Some comments incorrectly referred to proposed § 1092.202(e)'s sunset provisions as specifying when information regarding covered orders or covered nonbanks would be removed from the registry.

An industry commenter agreed with the proposal's establishment of a sunset date for registration of covered orders under § 1092.202(e). Another industry commenter stated that the Bureau should establish a process for entities to be removed from the public registry after a specific set of criteria is met, and that the Bureau should also establish an appeals process that would permit entities to contest their inclusion on the registry.

Industry commenters also stated the text of 1092.202(e)(1) was unclear and proposed specific revisions. Commenters stated that information regarding covered orders (and related covered nonbanks) should be removed from the registry earlier than after ten years after its effective date. One industry commenter stated that most regulatory and supervisory agencies are reluctant to agree to termination dates. Another industry commenter stated that there would be few instances in which a consent order does not contain an expiration date, thereby making the timing set out in § 1092.202(e)(1) almost entirely irrelevant. This commenter stated that the sunset period established under proposed § 1092.201(e) should be the later of five years or the express termination period of the covered order. Another industry commenter stated that covered orders that have no termination date should be subject to the proposed registry for a period of three years, not ten, in part because information contained in the proposed registry associated with older covered orders would be inaccurate, outdated or obviated and would pollute the registry. This commenter also stated that proposed § 1092.202(e) could be interpreted to mean that all covered orders are subject to updates or written statements for ten years, and proposed a revision that would state that if a covered order expressly provides for a termination date ten (or five) years or less after its effective date, § 1092.201(e)'s sunset provision would apply on the expressly provided termination date. Another industry commenter proposed an alternative timeframes of two years after an order's effective date. The SBA Office of Advocacy expressed concern that requiring an order to be a covered order for ten years after its effective date was overly punitive and stated that such an order should no longer be considered a covered order when it is no longer in effect.

Response to Comments Received

The Bureau is adopting § 1092.202(e) of the final rule, which provides for an outer limit on the time period during which the existence of a covered order would subject a registered entity to the registration requirements. In circumstances where a covered order terminates (or otherwise ceases to remain in effect) within ten years after the order's effective date, the registered entity's obligations to update its filing or to file written statements with respect to the covered order would cease after its final filing under § 1092.202(f). Where a covered order does not terminate (or otherwise cease to remain in effect) within ten years of the order's effective date, the covered order would no longer require registration as of the later of: (1) ten years after its effective date; or (2) if the covered order expressly provides for a termination date more than ten years after its effective date, the expressly provided termination date. The Bureau finalizes its preliminary conclusions in the proposal that, in most cases, it may be less likely to obtain meaningful information in connection with existing orders after ten years have passed since their effective dates, and that maintaining the proposal's registration and written-statement requirements for at least ten years after the effective date of covered orders that remain in effect will provide useful information to the Bureau and other uses of the registry, as described in part IV.

88 FR 6088 at 6119.

In response to comments incorrectly suggesting that proposed § 1092.202(e)'s sunset provisions would have specified when information regarding covered orders or covered nonbanks would be removed from the Bureau's registry, the Bureau clarifies that, under the final rule, § 1092.202(e) and (f) together establish when, with respect to a particular covered order, a covered entity's obligations to submit updated filings under § 1092.202(b)(2)(ii) and to comply with § 1092.204's written-statement requirements expire. These provisions of the final rule do not address when the Bureau intends to remove information from the nonbank registry or otherwise to cease publication of such information as provided at § 1092.205. Under the final rule, the Bureau may maintain any information about covered orders and the covered nonbanks that are subject to them that may be published under the nonbank registry on a public website indefinitely, subject to the Bureau's discretion and pursuant to § 1092.205 and other applicable law.

With respect to the industry commenter's suggestion to establish a process to allow covered nonbanks to petition for removal from the registry before the sunset date established in § 1092.201(e), the Bureau declines to adopt this suggestion. The Bureau believes that it is important to collect information regarding covered orders, including the annual written statement described in § 1092.204 where applicable, on an ongoing basis for the periods of time described in the final rule. The Bureau declines to adopt criteria for determining whether covered nonbanks would no longer need to comply with these obligations with respect to particular covered orders. While the Bureau agrees that many covered nonbanks are likely to take steps to address issues relating to covered orders, such orders are nevertheless likely to remain probative of risk to consumers (including risks related to developments in markets for consumer financial products and services), and the Bureau concludes they should continue to be subject to these requirements. Also, the Bureau believes that engaging in an ongoing case-by-case assessment of entities' compliance efforts with respect to covered orders in order to determine whether particular covered orders are deserving of an exemption from registration requirements would invite frivolous petitions, increase the complexity involved in maintaining the nonbank registry, and would not be a good use of the Bureau's resources. Likewise, the Bureau disagrees that an appeals process for the nonbank registry is necessary. As with any other Federal consumer financial law, the Bureau expects covered nonbanks themselves to identify their responsibilities under the final rule and to comply with those obligations. Where an entity believes in good faith the final rule does not require registration, but is not certain the Bureau would agree with its interpretation, it may file an applicable good faith notification under § 1092.202(g) or § 1092.204(f).

The Bureau believes that the final rule is sufficiently clear for entities to comply with the final rule's requirements and that a modification to the proposed text is unnecessary. Section 1092.202(e) and (f) together address the variety of situations that may arise where a covered order does or does not expressly provide for a termination date, as well as situations where a covered order is modified or otherwise does not actually terminate according to its original terms. Under the final rule, a covered order that does not expressly provide for a termination date will cease to be a covered order ten years after its effective date pursuant to § 1092.202(e), and the applicable covered nonbank must submit a final filing under § 1092.202(f)(1) at that time—unless the order terminates earlier, in which case the covered nonbank must submit its final filing at that earlier time. Under § 1092.201(e), a covered order that expressly provides for a termination date of ten years or less after its effective date will remain a covered order for a period of ten years from its effective date. Such an order may in fact terminate before the expiration of the ten-year period, in which case the applicable covered nonbank would submit a final filing under § 1092.202(f)(1) upon termination of the order, whenever it occurs, and would have no further obligation to update its registration information or to file written statements with respect to the order. If, however, the order is extended or for some other reason does not terminate as originally provided, those obligations will continue until the order actually terminates or the ten-year period expires. And a covered order that expressly provides for a termination date more than ten years after its effective date will remain a covered order, and thus subject to the rule's registration and (if applicable) written-statement requirements, until it terminates, at which time the covered nonbank must submit a final filing notice under § 1092.202(f)(1).

Where a covered order terminates under its own terms or otherwise, under § 1092.202(f)(2), such obligations (including the obligation to submit an annual written statement) with respect to such a covered order will terminate following the filing of the final submission described in § 1092.202(f)(1). Thus, although the Bureau is not finalizing a modification to the sunset period established under proposed § 1092.201(e) to directly reflect the termination of a covered order as requested by the industry commenters and the SBA Office of Advocacy, § 1092.202(f)(1) and (2) provide that upon termination of the order a covered nonbank may submit a final filing and be relieved of its further obligations under appropriate circumstances, which essentially accomplishes the same result.

The Bureau is adopting the proposal's approach to the amount of time for which such requirements are imposed for non-terminated orders under § 1092.202(e). The Bureau finalizes its preliminary conclusions in the proposal that, in most cases, it may be less likely to obtain meaningful information in connection with existing orders after ten years have passed since their effective dates, and that maintaining the proposal's registration and written-statement requirements for at least ten years after the effective date of covered orders that remain in effect will provide useful information to the Bureau and other uses of the registry.

88 FR 6088 at 6119.

The Bureau believes that, on average, covered orders that have not been terminated are likely to remain probative of risk to consumers for at least the period of time specified in § 1092.202(e). While the Bureau agrees that it is possible that entities that are subject to such covered orders may have taken significant steps to address violations of law or other problems identified in the order, or otherwise taken steps to prevent or remedy related issues, the Bureau believes that the existence of such covered orders remains probative of risk to consumers (including risks related to developments in markets for consumer financial products and services) notwithstanding such subsequent developments and merits continued imposition of the related registration and written- statement requirements. The final rule's obligations for registered entities to update their identifying and other information will help ensure that the information contained in the registry remains accurate and up to date. When such an order terminates, the covered nonbank may submit a final filing under § 1092.202(f)(1).

Final Rule

For the reasons set forth above and in the description of the proposal, the Bureau is finalizing § 1092.202(e) as proposed.

Section 1092.202(f) Requirement To Submit Revised and Final Filings With Respect to Certain Covered Orders

Proposed Rule

Proposed § 1092.202(f) would have addressed situations where a covered order is terminated, modified, or abrogated (whether by its own terms, by action of the applicable agency, or by a court). It would have also addressed situations where an order ceases to be a covered order for purposes of subpart B by operation of proposed § 1092.202(e). In all such cases, proposed § 1092.202(f)(1) would have required the registered entity to submit a revised filing to the NBR system within 90 days after the effective date of the order's termination, modification, or abrogation, or after the date the order ceases to be a covered order. The Bureau believed that this requirement would help in administering the registry, and supporting the Bureau's monitoring work by ensuring that the registry is up to date.

Proposed § 1092.202(f)(2) would have addressed situations where a covered order no longer remains in effect or no longer qualifies as a covered order due to the covered order's termination, modification, or abrogation, or the application of § 1092.202(e). In such cases, proposed § 1092.202(f)(2) would have clarified that following its final filing under paragraph (f)(1) with respect to the covered order, the registered entity would have no further obligation to update its filing or to file written statements with respect to such covered order under proposed subpart B. However, the Bureau explained that it expected to make historical information publicly available via the NBR registration system. As provided at proposed § 1092.201(m), the proposal would have defined the term “remains in effect” to mean that the covered nonbank remains subject to public provisions of the order that impose obligations on the covered nonbank to take certain actions or to refrain from taking certain actions based on an alleged violation of a covered law. The Bureau explained that, once a covered nonbank no longer remains subject to such public provisions, proposed § 1092.202(f)(2) would permit the covered nonbank to cease updating its registration information and filing written statements with respect to the order.

Comments Received and Final Rule

An industry commenter expressed support for proposed § 1092.202(f)'s treatment of covered orders containing termination dates. The Bureau did not receive any other comments specifically regarding § 1092.202(f). Comments addressing the proposal's approach to the sunset period established in § 1092.202(e) are addressed in the section-by-section discussion of § 1092.202(e) above.

For the reasons set forth in the description of the proposed rule above, the Bureau is finalizing § 1092.202(f) as proposed, with minor technical edits.

See also the section-by-section discussions of § 1092.101(d) and (e) above regarding the Bureau's adoption of the revised terms “nonbank registry” and “nonbank registry implementation date.”

Section 1092.202(g) Notification by Certain Persons of Non-Registration Under This Section

Proposed Rule

Proposed § 1092.202(g) would have provided that a person may submit a notice to the NBR system stating that it is not registering pursuant to this section because it has a good-faith basis to believe that it is not a covered nonbank or that an order in question does not qualify as a covered order. The Bureau explained that such a filing could be combined with any similar filing under proposed § 1092.203(f). Proposed § 1092.202(g) would have also required the person to promptly comply with § 1092.202 upon becoming aware of facts or circumstances that would not permit it to continue representing that it has a good-faith basis to believe that it is not a covered nonbank or that an order in question does not qualify as a covered order. The Bureau proposed to treat information submitted under this paragraph as “administrative information” as defined by proposed § 1092.201(a).

See also the section-by-section discussion of § 1092.204(f), which provides a similar option with respect to § 1092.204.

While the Bureau believed the reporting and registration requirements under proposed § 1092.202 would impose very minimal burden on nonbank covered persons, and that determining an entity's status as a covered nonbank (or an order's status as a covered order) should be a straightforward task for the vast majority of relevant persons, the Bureau proposed § 1092.202(g) as an additional means of providing flexibility to those few entities where uncertainty in some respect raises good-faith concerns that they do not meet the definition of a covered nonbank (or an order does not meet the definition of a covered order). Under the proposal, such persons could elect to file a notice under proposed § 1092.202(g). The Bureau explained in its proposal that when a person makes a non-frivolous filing under proposed § 1092.202(g) stating that it has a good faith basis to believe that it is not a covered nonbank (or that an order is not a covered order), the Bureau would not bring an enforcement action against that person based on the person's failure to comply with proposed § 1092.202 unless the Bureau has first notified the person that the Bureau believes the person does in fact qualify as a covered nonbank (or that an order does qualify as a covered order) and has subsequently provided the person with a reasonable opportunity to comply with proposed § 1092.202.

Among other things, the Bureau would have permitted entities to file notifications under proposed § 1092.202(g) when they have a good-faith basis to believe that they do not qualify as a “covered nonbank” because they constitute part of a “State,” as that term is defined in CFPA section 1001(27). Under proposed § 1092.102(c), the filing of such a notification would not have affected the entity's ability to dispute more generally that it qualifies as a person subject to Bureau authority.

12 U.S.C. 5481(27). As discussed above, § 1092.201(d)(3) of the final rule excludes States from the definition of “covered nonbank.”

The Bureau noted that, as an alternative to filing a notification under proposed § 1092.202(g), an entity could simply choose to register under the proposal, even though it has a good faith basis for believing that it does not qualify as a covered nonbank (or that its order does not qualify as a covered order). Under proposed § 1092.102(c), such registration would not prejudice the entity's ability to dispute the Bureau's authority over it.

The Bureau anticipated that, in most cases, it would not respond to § 1092.202(g) notices with the Bureau's views on whether filers in fact qualify as covered nonbanks (or whether orders in fact qualify as covered orders). The Bureau also emphasized that a non-response from the Bureau should not be misapprehended as Bureau acquiescence in the filer's assertions in the notice (or in the legitimacy of the filer's assertion of good faith). The Bureau, however, preliminarily concluded that obtaining these notifications may assist the Bureau in better understanding how potentially regulated entities interpret the scope of proposed § 1092.202.

The Bureau considered alternatives to proposed § 1092.202(g), including an alternative whereby entities would not file a notice of non-registration with the Bureau, but could avoid penalties for non-registration if in fact they could establish a good-faith belief that they did not qualify as covered nonbanks subject to § 1092.202 (or their orders did not qualify as covered orders). The Bureau explained in its proposal that under this alternative, entities would maintain such good-faith belief so long as the Bureau had not made clear that § 1092.202 would apply to them (or their orders). Although the Bureau preliminarily concluded that this alternative was not preferable to requiring entities to actually file a notice of non-registration, the Bureau sought comment on whether it should finalize this alternative instead. It also sought comment on whether, if it finalized this alternative, entities would require additional guidance on the circumstances pursuant to which an entity could no longer legitimately assert a good-faith belief that § 1092.202 would not apply to its conduct. While the Bureau anticipated that such circumstances would certainly include entity-specific notice from the Bureau that § 1092.202 applies, the Bureau did not believe such notice should be required to terminate a good-faith defense to registration. Among other circumstances, the Bureau anticipated that at least formal Bureau interpretations of (for example) the definition of a “covered person” under the CFPA, or published Bureau interpretations specific to the scope of the proposed registration requirements, would generally suffice to terminate such belief.

Comments Received

Tribes commenting on the proposal generally opposed proposed §§ 1092.202(g) and 1092.203(f) as unworkable or inappropriate in the context of determining the rule's coverage of entities affiliated or potentially affiliated with tribes. These commenters asserted that tribes, as self-determining bodies, are the only ones competent to determine the status of an entity as enjoying Tribal sovereignty. Thus, in their view, U.S. government institutions—whether the Bureau, other U.S. regulators, or U.S. courts—lack competence to make such determinations. For these reasons, these commenters generally opposed the notion that the Bureau would be evaluating the legal foundation for good-faith notifications under proposed §§ 1092.202(g) and 1092.203(f) by entities affiliated with tribes. In their view, rather than collecting and reviewing such notifications, the Bureau should consult with relevant tribes if it has questions about the relationship of a particular entity with a tribe. Tribal commenters also stated that requiring tribe-affiliated entities to submit good-faith notifications was itself a violation of Tribal sovereignty.

Tribal commenters stated that these good-faith notification provisions confuse the issue as to whether tribes are exempt, and that they were unnecessary and should be removed.

As described above, the Bureau specifically sought comment on an alternative to proposed § 1092.202(g) whereby entities would not file a notice of non-registration with the Bureau, but could avoid penalties for non-registration if in fact they could establish a good-faith belief that they did not qualify as covered nonbanks subject to § 1092.202 (or their orders did not qualify as covered orders). Tribal commenters stated that the Bureau should adopt this alternative.

Several Tribal commenters also stated that publication of §§ 1092.202(g) and 1092.203(f) notifications could expose the tribe to costly, frivolous private litigation, as well as force the Bureau to take a position in connection with third-party claims regarding the sovereign status of a tribe-affiliated entity.

Proposed §§ 1092.202(g) and 1092.203(f) would have required a person to promptly comply with applicable requirements upon becoming aware of facts or circumstances that would not permit it to continue representing that it has a good-faith basis to believe that it is not a covered nonbank or supervised registered entity, as applicable, or that an order in question does not qualify as a covered order. A Tribal commenter stated that this requirement's reference to unspecified facts and circumstances was vague and overbroad, and stated that the last sentence of proposed §§ 1092.202(g) and 1092.203(f) should be deleted.

Response to Comments Received

The Bureau disagrees with the tribes' comments to the extent they suggest the Bureau cannot evaluate the legal significance of relationships that nonbank covered persons providing consumer financial products or services claim to have with tribes. The Bureau also notes that if an entity is a federally recognized Indian tribe, it is excluded from the definition of the term “covered nonbank” under § 1092.201(d)(3) and thus from the requirements of the final rule. Thus, the Bureau disagrees with commenters' conclusion that proposed § 1092.202(g) or § 1092.203(f) would be unworkable or inappropriate in the context of determining coverage of entities affiliated or potentially affiliated with tribes. In any event, if entities are excluded from the definition of “covered nonbank” because they are part of a State and thus not subject to the rule, they are not required to file notifications of that status under either good-faith notification provision in the final rule (§ 1092.202(g) or renumbered § 1092.204(f)). Nor would a decision not to file a voluntary good-faith notification change or enlarge the coverage of the rule. The entity has the choice to file such a notice, knowing that if its filing is not frivolous, then, as described above, it will not be subject to enforcement action on a retroactive basis if the Bureau later disagrees with the entity's good-faith position.

See, e.g., CFPB v. Cash Call, 35 F.4th 734, 743-45 (9th Cir. 2022) (upholding district court decision in agreement with Bureau determination that lender did not have requisite relationship with a tribe for Tribal law to apply).

This section of the final rule excludes from the definition of the term “covered nonbank” a “State,” as defined in 12 U.S.C. 5481(27)—a term that includes “any federally recognized Indian tribe, as defined by the Secretary of the Interior” under section 104(a) of the Federal Recognized Indian Tribe List Act of 1994, 25 U.S.C. 5131(a).

As described in the proposal (88 FR 6088 at 6120) with respect to § 1092.202(g), the Bureau would permit entities to file notifications of non-registration under that section when they have a good faith basis to believe that they do not qualify as a “covered nonbank” because they constitute part of a “State,” as that term is defined in CFPA section 1001(27). Entities could similarly file good faith notifications under final § 1092.204(f) for the same reason.

Under the final rule, when an entity makes a non-frivolous filing under § 1092.202(g) or § 1092.204(f), the Bureau will not bring an enforcement action based on the entity's failure to comply with § 1092.202 or § 1092.204 unless the Bureau has first notified the person that the Bureau believes the person does in fact qualify as a covered nonbank or supervised registered entity (as applicable), or the order is a covered order, and has subsequently provided the person with a reasonable opportunity to comply with § 1092.202 or § 1092.204, as applicable.

Moreover, the Bureau disagrees that this rulemaking is the appropriate context in which to issue a determination as to the scope of sovereign immunity or as to what type of ownership or association with a Tribal government will cause an entity to fall within the scope of the categories established by Congress in the CFPA. The Bureau will reach determinations in any particular case upon review of the information before it at that time. As stated in the notice of proposed rulemaking, the Bureau's failure to respond to a good-faith notice “should not be misapprehended as Bureau acquiescence in the filer's assertions in the notice.”

88 FR 6088 at 6120.

The Tribal commenters expressed concern regarding publication of information with respect to good-faith notifications submitted under proposed §§ 1092.202(g) and 1092.203(f). The Bureau is finalizing the definition of “administrative information” at § 1092.201(a) to expressly provide for the treatment of good-faith notifications as administrative information. As discussed in the section-by-section analysis of that definition above, good-faith notifications qualify as administrative information, which is excluded from the publication provisions in § 1092.205. Thus, contrary to commenters' concerns, the Bureau disagrees that filing a § 1092.202(g) or § 1092.204(f) notification in good faith will lead to publication of the notification under the final rule, exposing a tribe to frivolous private litigation or improperly involving the Bureau in third-party claims regarding Tribal sovereignty.

The Bureau finalizes its preliminary conclusion in the proposal that obtaining good-faith notifications may assist the Bureau in better understanding how potentially regulated entities interpret the scope of § 1092.202, and concludes the same with respect to § 1092.204. The Bureau wishes to be informed about entities' interpretations of §§ 1092.202 and 1092.204. The Bureau declines to adopt the proposed alternative recommended by Tribal commenters, which would allow entities to claim a good-faith defense to any action enforcing the rule's requirements without needing to file a good-faith notification. The proposed alternative would not provide the Bureau with information regarding the number of entities that might be asserting such a good-faith exemption or provide the means for the Bureau to follow up with any questions. It would fail to notify the Bureau of the existence of the entity, its views of whether it is a covered nonbank or supervised registered entity, or how to contact it. The Bureau finalizes its preliminary conclusion in the proposal that this alternative is not preferable to the good-faith notification option set forth in §§ 1092.202(g) and 1092.204(f).

88 FR 6088 at 6120-21.

The Bureau concludes that it is appropriate to include provisions in the final rule requiring a person to promptly comply with the rule's requirements upon becoming aware of facts or circumstances that would not permit it to continue representing that it has a good-faith basis to believe that it is not a covered nonbank or supervised registered entity, as applicable, or that an order in question is not a covered order. The Bureau concludes that it is necessary to include these provisions in order to account for changing or previously unknown facts or circumstances that might render previously filed good-faith notifications incorrect or obsolete, and to maintain the ongoing accuracy of the information maintained in the nonbank registry. The Bureau does not believe that these requirements are vague, unclear, or impose on Tribal sovereign immunity. Notifications may be filed only where the entity has the applicable good-faith belief. The Bureau believes it is appropriate to require the entity to consider whether any subsequent cases, regulatory orders, complaints, or other matters may affect the accuracy of its notifications to the Bureau.

Final Rule

For the reasons set forth above and in the description of the proposal, the Bureau is finalizing § 1092.202(g) as proposed, with two minor revisions for clarification. Proposed § 1092.202(g) had referred to a person's good-faith basis to believe that “an order in question does not qualify as a covered order,” whereas proposed § 1092.203(f) had referred to a person's good-faith basis to believe that “an order in question is not a covered order.” The Bureau does not intend these two slightly different phrases to mean different things. The Bureau is adopting revisions to § 1092.202(g) in the two places where this phrase had occurred to refer to a person's good-faith basis to believe that “an order in question is not a covered order.”

See also the section-by-section discussions of § 1092.101(d) and (e) above regarding the Bureau's adoption of the revised terms “nonbank registry” and “nonbank registry implementation date.”

Section 1092.203 Optional One-Time Registration of NMLS-Published Covered Orders

Section 1092.203(a) One-Time Registration Option

Proposed Rule

The proposal would have required each covered nonbank that is identified by name as a party subject to a covered order described in proposed § 1092.202(a) to register as a registered entity with the NBR system in accordance with proposed § 1092.202 if it is not already so registered, and to provide or update, as applicable, the information described in subpart B in the form and manner specified by the Bureau. The proposal would also have required submission of written statements by supervised registered entities in connection with such covered orders as provided in proposed § 1092.203. Proposed § 1092.204 would have required the Bureau to make certain information submitted to the NBR system available to the public by means that would have included publishing it on the Bureau's publicly available internet site within a timeframe determined by the Bureau in its discretion.

Comments Received

Multiple commenters stated that the proposed registry was redundant with existing registries and other published information, while several consumer advocate commenters stated that the proposed registry would not be redundant because no existing registry would be equivalent. For ease of reference, the Bureau is describing these comments and the Bureau's responses thereto in this part. Most of these commenters, including the SBA Office of Advocacy, stated or suggested that the collection and publication of the information described in the proposal was particularly duplicative of the requirements imposed upon covered nonbanks that are registered under the NMLS. Commenters stated that, in light of the redundancy with existing registries and other sources of information, the Bureau should not finalize the proposal or at least should reconsider the creation of the proposed registry.

Industry and consumer advocate commenters agreed with the Bureau's statements in the proposal about the need for a new Bureau registry for nonbank entities that are subject to the Bureau's jurisdiction and that are subject to certain agency and court orders. Commenters urged the Bureau to register various specific types of nonbanks, including nonbank mortgage lenders, fintech companies, and student financing companies. Commenters also stated that the registry was particularly important since nonbanks are increasing their market share and otherwise becoming increasingly relevant in the markets for consumer financial products and services. Industry and consumer advocate commenters stated that there was a dearth of information about nonbank financial companies, including their number and type and the practices they engage in. An industry commenter stressed the importance of ensuring consumers are protected when they engage with both banks and nonbanks in seeking consumer financial products and services.

A consumer advocate commenter agreed that the Bureau, in administering the nonbank registry, should rely on information an entity previously submitted to the registry under part 1092 and coordinate or combine systems with State agencies, as provided in proposed § 1092.102(b). The commenter stated that not only would this provision allow for more efficient implementation of the registry by avoiding duplicative or redundant efforts but would also reflect the importance of this registry to both Federal and State regulators, and that the Bureau should consider coordination with existing State consumer financial protection agencies.

A joint comment from State regulators stated that a significant share of covered orders on the proposed registry are currently reported in NMLS, which the comment described as currently the most comprehensive registry of nonbank financial services providers. The joint comment stated that in particular there was reason to believe a significant share of the covered order information captured by the proposed registry for supervised registered entities was likely already available in NMLS Consumer Access. The comment expressed particular concern with respect to the confusion that might be generated when consumers compared the information on the proposed registry with the information available on the NMLS Consumer Access website. The joint comment stated that consumers visiting either the proposed Bureau registry or NMLS Consumer Access might be confused as to why they were unable to locate information on certain companies on one site and not the other. The joint comment also voiced concern that identical or similar information on the same company published in different formats by different online tools may frustrate consumers looking for critical financial services information.

The joint comment also stated that NMLS Consumer Access includes information on actions related to violations of covered consumer protection laws as well as actions related to licensing or administrative violations that would not be covered under the proposal. Therefore, the comment stated, NMLS provides consumers with a more complete picture of nonbank enforcement actions than would be provided by the proposed Bureau registry. The joint comment stated that if the Bureau chose to proceed, the Bureau should exempt companies from the requirement of filing a public order if the order is already published on the NMLS Consumer Access website. Other commenters similarly stated that the Bureau should consider exempting companies from the rule's requirements for orders that are already published or available via NMLS or should otherwise create a safe harbor for entities that comply with NMLS reporting requirements.

Commenters also made various other arguments and observations related to the NMLS, including that the proposed registry would be largely duplicative of the NMLS or not necessary in light of the existence of the NMLS, that NMLS operates in much the same way as the proposed registry, that the NMLS includes most of the data the Bureau would be looking to collect in the nonbank registry about covered orders, that the Bureau should more closely tailor the rule to the NMLS's requirements to avoid duplication, or that, by failing to use or rely on the information on the public-facing NMLS website, the Bureau was not coordinating with State bank regulatory authorities to minimize regulatory burden. In particular, industry commenters discussed the NMLS Company Form (Form MU1) submitted by nonbanks under the NMLS, which commenters stated includes a requirement to provide information regarding enforcement actions within the past 10 years. One industry commenter pointed out that the Form MU1 requires the submission of an attestation by an employee or officer and stated that, although the language of this attestation is different from the Bureau's proposal, the intent and purpose are similar, and the Bureau could rely on the attestation in the Form MU1 rather than the proposed written statement; another industry commenter similarly stated that the Bureau should be able to rely on the attestations provided through NMLS filings.

In addition, during the Bureau's interagency consultations on the proposed and final rule as described in part V above, certain consulting parties expressed similar concerns regarding overlap and duplication between the proposed NBR system and NMLS Consumer Access.

Commenters also identified other registries or sources of information regarding agency or court orders that they stated made the Bureau's proposal redundant or unnecessary, or stated that the Bureau should not finalize the proposal in light of the existence of such other sources of information. Commenters pointed to the websites and registries maintained by individual Federal and State agencies, the Federal Trade Commission's Sentinel database and Banned Debt Collectors list, information maintained by the Better Business Bureau, the Bureau's own Consumer Response portal and database, information posted by the U.S. Department of Housing and Urban Development, information published in connection with lawsuits, and databases listing public reprimands of credit unions associated with credit union service organizations (CUSOs). Commenters also stated that the Bureau would be able to obtain adequate information from other regulators under its information-sharing memorandums of understanding (MOUs) with those regulators.

Response to Comments Received

Description of Option Adopted Under § 1092.203

After considering the arguments by commenters, the Bureau is adopting a one-time registration option excepting entities from other requirements of the rule, including the proposed written-statement requirements, for orders that are published on the NMLS Consumer Access website. The NMLS Consumer Access website currently makes available for public viewing, subject to certain terms and conditions of access, certain information regarding companies that are regulated by State agencies in connection with a variety of financial services industries, including information regarding administrative and enforcement actions against such companies.

See NMLS, “Information About NMLS Consumer Access” (September 9, 2016), at https://mortgage.nationwidelicensingsystem.org/about/Documents/InformationAboutNMLSConsumerAccess.pdf.

The Bureau agrees with commenters that it is consistent with the purposes of the final rule to adopt such a limited exception. This exception will reduce burden on entities that are subject to the rule, help avoid confusion, and promote coordination with the States in exercising the Bureau's nonbank registration authorities by leveraging information already gathered and published by the States. Section 1092.203 of the final rule provides an option for covered nonbanks to submit limited information regarding such covered orders in substitution of submitting filings about such covered orders to the Bureau-maintained nonbank registry under the rule's other provisions. To provide for this option, the Bureau is adopting new § 1092.203 as well as related new definitions for the terms “NMLS” and “NMLS-published covered order.”

Covered nonbanks will have the option to either register under § 1092.203 with respect to any applicable NMLS-published covered order(s) or to comply with the general registration requirements of subpart B with respect to such order(s). Covered nonbanks may opt to register under the one-time registration provision for all, some, or none of the applicable NMLS-published covered orders to which they are subject. Covered nonbanks that exercise this option with respect to an NMLS-published covered order will be required to submit certain limited information to the nonbank registry regarding the covered order to enable the Bureau to coordinate the nonbank registry with the NMLS. Upon exercising this option and submitting the required information about the NMLS-published covered order, the covered nonbank will have no further obligation under subpart B to provide information to, or update information provided to, the nonbank registry regarding the NMLS-published covered order.

An entity that wishes to confirm that any particular covered order is published on the NMLS Consumer Access website may either review the information on the NMLS Consumer Access website in a manner consistent with any terms of use or other conditions on access that may be imposed by the NMLS's operator, or verify that information by contacting the State regulator that issued the order or the NMLS's operator directly.

The Bureau intends to notify users of the nonbank registry regarding the existence of NMLS-published covered orders and the covered nonbanks that are subject to them by publishing under § 1092.205 relevant information about the applicable covered nonbank and covered order that the Bureau collects under § 1092.203. Such users may then, subject to any terms of use or other conditions of access that the NMLS's operator may impose, view a copy of the order on the NMLS Consumer Access website, as well as any information about the applicable covered nonbank that may be maintained and published there.

Continued Need for Bureau's Nonbank Registry That Applies to All Covered Orders and Covered Nonbanks

The one-time registration option in § 1092.203 will complement the nonbank registry. The Bureau agrees with the commenters asserting that there is a need for a new Bureau registry with respect to covered orders issued against nonbank covered persons. As described in part IV above, the final rule will assist the Bureau in monitoring for risks to consumers in the offering or provision of a wide range of consumer financial products or services and will impose registration requirements on a wide range of nonbank covered persons subject to the Bureau's jurisdiction. The nonbank registry will accomplish this goal by assisting the Bureau in having access to relevant information regarding applicable covered nonbanks and covered orders even where information regarding those entities and orders is not available through the NMLS. The Bureau's registry will also help ensure that the Bureau is provided with information about such covered orders as they are issued across multiple product markets and geographies and in connection with the wide range of consumer financial products and services regulated by the Bureau. Thus, there remains a need for the Bureau to adopt its own new nonbank registry in order to provide the Bureau with information necessary to support its functions under the CFPA. In addition, for the reasons discussed in part IV(F) and the section-by-section discussion of § 1092.205 below, the Bureau intends to publish certain information submitted to its new nonbank registry.

The Adopted Exception for NMLS-Published Covered Orders Will Reduce Burden on Registered Entities and Implement the CFPA and § 1092.102(b) by Coordinating With State Agencies

The Bureau is adopting the option set forth in § 1092.203 in part to reduce burden on entities that are subject to the final rule. The Bureau's adoption of § 1092.203 lowers the cost to firms of the final rule relative to the proposed rule. For entities with NMLS-published covered orders, exercising this option should take even less employee time than registering under the other provisions of the rule. As described further below, the Bureau believes that this option will advance the purposes described herein while imposing less cost on entities subject to the final rule.

The Bureau is also finalizing this option in part to implement the approach described in the proposal in discussing proposed § 1092.102(b). There, the Bureau proposed that in administering the NBR system, the Bureau may coordinate or combine systems in consultation with State agencies as described in CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D). Section 1092.203 is consistent with the Bureau's statutory mandates under these provisions to consult with State agencies regarding requirements or systems (including coordinated or combined systems for registration) in developing and implementing registration requirements under CFPA sections 1022(c)(7)(C) and with respect to supervisory requirements adopted under CFPA section 1024(b)(7)(D). CFPA section 1022(c)(7)(C) states: “In developing and implementing registration requirements under [CFPA section 1022(c)(7)], the Bureau shall consult with State agencies regarding requirements or systems (including coordinated or combined systems for registration), where appropriate.” Similarly, CFPA section 1024(b)(7)(D) states: “In developing and implementing requirements under [CFPA section 1022(b)(7)], the Bureau shall consult with State agencies regarding requirements or systems (including coordinated or combined systems for registration), where appropriate.” Section 1092.203 will enable the Bureau to develop and implement the registration requirements of the rule adopted in part under CFPA section 1022(c)(7), as well as the written-statement requirements adopted under CFPA section 1024(b)(7), in a manner that allows for “coordinated” and “combined” systems for registration as indicated under these statutory provisions. As indicated by the consumer advocate commenter with respect to proposed § 1092.102(b), coordinating or combining systems with State agencies as provided in § 1092.102(b) of the final rule not only allows for more efficient implementation of the registry by avoiding duplicative or redundant efforts but also reflects the importance of this registry to both Federal and State regulators. In addition, § 1092.203's option for one-time registration in lieu of filing annual written statements is consistent with § 1092.102(b) and with the Bureau's statutory mandate to consult with State agencies in developing and implementing requirements adopted under CFPA section 1024(b)(7), including § 1092.204's written-statement requirements.

88 FR 6088 at 6103.

12 U.S.C. 5512(c)(7)(C).

Notifications submitted by covered nonbanks under § 1092.203(b) will alert the Bureau to the existence of the order and the relevant covered nonbank, and to the publication of the order on the NMLS Consumer Access website. Should the Bureau desire to learn more about any particular NMLS-published covered order, including information about violations identified by State agencies, it may do so through the NMLS or by contacting relevant State agencies for additional information, including under the relevant provisions of the CFPA and applicable information-sharing agreements. Thus, the option adopted at § 1092.203 will promote coordination with State agencies in connection with the nonbank registry.

The Adopted Exception for NMLS-Published Orders Appropriately Addresses the Bureau's Current Need for Information Regarding Applicable Orders and Companies

The Bureau is also providing this option for covered nonbanks in recognition of the Bureau's extensive experience with the NMLS, the information that currently is collected under the NMLS, the Bureau's access to the NMLS, and the public's access to the NMLS Consumer Access website (subject to any applicable terms of use or other conditions). The Bureau concludes that at this time it currently needs to collect only limited information from covered nonbanks about covered orders that are published by State agencies on the NMLS Consumer Access website. Under the final rule, a covered nonbank subject to a covered order that is published on the NMLS Consumer Access website will have the option to instead notify the Bureau's nonbank registry that the order is so published and to provide certain limited information about itself and the covered order to the Bureau's nonbank registry. In general, applicable State regulators submit certain information to the NMLS and keep that information updated, which will help to ensure the information's accuracy and timeliness. Furthermore, as argued by commenters, covered nonbanks are generally subject to legal obligations to provide truthful and accurate submissions to their State regulators, and the States regularly post information to NMLS and help ensure the accuracy of the information published there. In light of these considerations, the Bureau concludes that the information about covered orders that is available via the NMLS is relatively more likely to be reliable and up to date than information maintained on systems that are not similarly used, maintained, and monitored by State agencies.

Adopting the one-time registration option will provide the Bureau with much of the information about covered orders and the nonbank entities that are subject to them that the Bureau proposed to collect under the proposed rule. The Bureau acknowledges that, by providing this option, the nonbank registry will not contain all of the information about covered orders that it would have contained under the Bureau's registry as described in the proposed rule. However, the Bureau believes that the adoption of § 1092.203 will provide a number of significant benefits to the Bureau and to covered nonbanks. While this approach under the final rule means that the Bureau will likely need to review two different systems in order to obtain complete information regarding all covered orders, the additional option adopted under the final rule will facilitate those efforts. Importantly, the information collected under § 1092.203 will notify the Bureau regarding the existence of covered orders and the covered nonbanks that are subject to them. This limited filing will notify the Bureau regarding the covered nonbank's existence and the existence of the covered order, and will enable the Bureau to obtain more information about the covered nonbank and the covered order, should it so choose, through other means, including through the Bureau's own access to the information stored on NMLS as well as through other direct communications with applicable State agencies.

The Bureau also concludes that it does not need to impose § 1092.204's annual written statement requirements in connection with NMLS-published covered orders in cases where the applicable covered nonbank has filed a one-time registration under § 1092.203. By submitting information under § 1092.203, the supervised registered entity will notify the Bureau regarding the covered nonbank's existence and the existence of the covered order. The Bureau, based on its extensive experience with the NMLS, has determined for purposes of this final rule that once it has been so notified of the existence of a covered nonbank and an applicable NMLS-published covered order, it generally will be able to obtain sufficient information through the NMLS and the State authorities participating in that system so as to render annual written statements under this final rule in connection with such an order unnecessary. Under the CFPA provisions that provide for sharing of supervisory information among the Bureau and State agencies, as well as under its standing information-sharing agreements with the Conference of State Bank Supervisors (CSBS) and individual State agencies, the Bureau anticipates that it will be able to obtain information to inform its supervisory prioritizations and activities.

See12 U.S.C. 1022(c)(6), 1024(b)(3).

In particular, as discussed by several commenters, many covered nonbanks that are licensed by State regulators through the NMLS submit the NMLS Company Form MU1 in connection with various matters relating to their State licenses. The NMLS currently uses the Form MU1 as its universal licensing form for companies to apply for and maintain nondepository, financial services licenses from State agencies participating on NMLS. As discussed by commenters, the current version of Form MU1 requires licensed entities to provide information to State regulators about a variety of matters, including information about orders entered against the entity in connection with a financial services-related activity and about violations of financial services-related regulations or statutes. Also as discussed by commenters, Form MU1 requires the submission of an attestation by an authorized representative regarding the accuracy of the information submitted. If the Bureau wants information relevant to the covered nonbank's compliance with covered orders identified on the Form MU1, the Bureau generally can obtain such information for its internal use through its statutory authorities and its information-sharing agreements with CSBS and the relevant State authorities. Although Form MU1 itself may not provide the Bureau with information about compliance with a covered order, the Bureau is willing to accept some reduced convenience in order to reduce regulatory burden and promote coordination with the States with respect to NMLS-published covered orders. Thus, it is not necessary at this time for the nonbank registry to collect annual statements under § 1092.204 with respect to an NMLS-published covered order from a supervised registered entity that opts to submit a filing under § 1092.203 in connection with that NMLS-published covered order.

See NMLS Resource Center, https://mortgage.nationwidelicensingsystem.org/slr/common/policy/Pages/default.aspx. A commenter noted that entities must promptly file updates to their MU1 disclosures as needed.

The Adopted Exception for NMLS-Published Covered Orders Appropriately Addresses the Current Need To Provide Relevant Information to Other Users of the Bureau's Registry

In addition, as described in part IV(F) above and in the section-by-section discussion of § 1092.205 below, the Bureau intends to publish certain limited information about the entity and the order as obtained under § 1092.203, for the purpose of notifying other regulators and other users of the nonbank registry about the entity's existence and the existence of the covered order. Users of the information published under § 1092.203 will then have the option, where doing so is consistent with any NMLS Consumer Access terms of use or other applicable conditions, to review the information that is published on the NMLS Consumer Access website about the covered order and the covered nonbank.

While the NMLS does not contain registration information regarding all of the covered nonbanks that are likely to be subject to the final rule, and does not publish all of the information that the Bureau will collect and intends to publish under the rule, the Bureau believes that, on the whole, the information about NMLS-published covered orders made available to the public on the NMLS Consumer Access website (subject to any applicable terms of use or other conditions) currently satisfies many of the goals of publication that the Bureau described in its proposal. These goals include making information about covered nonbanks and the covered orders to which they are subject readily accessible in a comprehensive and collected manner. As stated by commenters, the NMLS Consumer Access website currently publishes a wide range of information regarding those covered nonbanks that are subject to applicable State licensing and registration requirements, including much of the identifying information that would be collected under the proposal, such as the entity's legal name, business address, and NMLS identifier. The NMLS Consumer Access website is currently searchable by name, company, city, State, ZIP code, NMLS identification, and/or license number (subject to any applicable terms of use or other conditions). The NMLS Consumer Access website also currently publishes much of the same information that would have been collected and published under the proposal with respect to covered orders—in particular, a copy of the order and relevant information about the agency that issued or obtained the order. Therefore, where the Bureau publishes information on its nonbank registry informing users of that system about the existence of a covered nonbank and the issuance of an applicable order against that nonbank, users can (subject to NMLS Consumer Access's terms of use or other applicable conditions) obtain related information from the NMLS Consumer Access website, including much of the same information about the covered nonbank and covered order that would have otherwise been available via the proposed nonbank registry. In addition, many users of the nonbank registry—in particular, many State regulators—have their own access to the NMLS system and may use that access to obtain additional information about the company, beyond what is available through the NMLS Consumer Access website.

As stated in the joint comment by State regulators, the one-time registration option provided in the final rule will also help minimize company, consumer, and other public user confusion when utilizing both NMLS Consumer Access and the nonbank registry. First, consumers and other users of the nonbank registry will have the ability to review any information about the order that is published in the nonbank registry (whether from the limited filing under § 1092.203 or a more detailed filing under § 1092.202) as well as any information published on the NMLS Consumer Access website (subject to any applicable terms of use or other conditions of access), and will be able to associate the NMLS Consumer Access website and the Bureau's nonbank registry. Thus, users will have a mechanism to identify and associate the information provided in both the NMLS Consumer Access website and the Bureau's nonbank registry about that company and any relevant covered orders. Second, publication of the limited information obtained under § 1092.203 as provided under § 1092.205 will help clarify the identity of the applicable covered nonbanks and the covered orders they are subject to, and otherwise reduce confusion about the information published on the NMLS Consumer Access website and the Bureau's nonbank registry. Thus, the option provided under § 1092.203 will help reduce the redundancies identified by commenters while maintaining the integrity and usefulness of the nonbank registry.

Response to Comments Received Regarding Redundancies With Other Registries and Sources of Information

The Bureau believes that the NMLS represents a uniquely useful complement to the nonbank registry. The Bureau disagrees with commenters that the other sources of information identified by commenters diminish the need for the nonbank registry, or that the rule should accept registration of covered orders under those sources in lieu of registration with the nonbank registry. As stated above in part IV(B), although referrals from and other information provided by other agencies have been valuable to the Bureau's work, the Bureau currently often relies on other agencies to take proactive steps to contact it. Having access to a centralized list of orders entered against nonbanks will significantly increase the Bureau's ability to monitor the market so that the Bureau can identify, better understand, and ultimately, prevent further consumer harm. The Bureau disagrees that the indirect method proposed by commenters would be as efficient or effective as requiring covered nonbanks to directly submit information to the Bureau. Similarly, requiring the Bureau to proactively reach out and obtain information under its information-sharing memorandums of understanding with other regulators without creating its own registry would be an inadequate substitute for the final rule.

The Bureau disagrees that simply steering users to the various other public-facing websites and registries maintained by other Federal agencies, State regulators, State attorneys general, and local agencies would serve the purposes of the final rule. First, such an approach would be confusing and inefficient for the Bureau and for other users of the public registry the Bureau intends to establish, who would need to become proficient at searching and otherwise using the various websites maintained by multiple Federal agencies, State regulators, State attorneys general, and local agencies in order to locate applicable information about covered orders and covered nonbanks. The sheer number of such websites would present an obstacle to obtaining full information about all of the covered orders that have been issued against the covered nonbank. Collecting, keeping track of, and verifying information maintained on a wide range of uncoordinated Federal, State, and local agency websites would be highly inefficient for the Bureau and other users of the nonbank registry. Such an approach would also impair the accuracy of the information maintained by the nonbank registry. The various websites publishing such orders would be subject to various approaches to maintaining and updating information about the applicable entities and orders listed on them, including the frequency at which such information is published and updated. In addition, the external web page(s) to which the Bureau directs users for more information regarding an order might be changed or otherwise become outdated. By contrast, currently the NMLS Consumer Access website generally maintains updated and consolidated information about entities and orders that are listed on it.

The Bureau also disagrees that the Bureau's own Consumer Response portal renders the nonbank registry unnecessary. To the contrary, the Bureau's consumer response function will be informed by the increased monitoring of risks and trends provided by the nonbank registry.

Second, because the information maintained by such a variety of agencies would necessarily vary in format and presentation, it would be very challenging for the Bureau to regularly monitor, search, and link to the appropriate selection of orders on the registry that the Bureau would deem relevant to its jurisdiction. Such websites may not provide information about nonbanks and orders in a uniform manner that will enable the Bureau to easily locate and access that information.

Third, the final rule, unlike the alternative information sources suggested by commenters, is calibrated to collect information relevant to the Bureau's exercise of its authorities. Even where another agency publishes a particular order against a covered nonbank, it may not be self-evident to the Bureau that the covered nonbank is a covered nonbank—information that would be provided in the nonbank registry. The Bureau currently lacks access to any comprehensive list of covered nonbanks, and thus may not even be aware of such entities or that it should monitor orders issued against them. Also, neither the orders themselves nor the relevant website publishing those orders would necessarily provide sufficient information to permit the Bureau to recognize that the order was a covered order. For example, it may not be clear from the face of the order the extent to which the violations of law found or alleged in the order arose out of conduct in connection with the offering or provision of a consumer financial product or service. Thus, the information that would be collected by the Bureau either by solely linking to a host of multiple other websites or by reaching out under its information-sharing memorandums of understanding, or both, would always necessarily be incomplete. Under such an approach, the Bureau would be required to attempt to discern on an ongoing basis which entities listed on another agency's website were subject to its jurisdiction and when they had become subject to a covered order. Therefore, at a minimum, the Bureau will need to be notified when a covered order is issued against a covered nonbank, and will need to be notified about the existence of the covered nonbank and the relevant covered order. The Bureau concludes that imposing a registration requirement on the covered nonbank itself to register with and notify the Bureau regarding such matters, as authorized under the CFPA, is the most effective and efficient mechanism for collecting this information.

Fourth, the Bureau has concluded that it will often be difficult to obtain an adequate substitute for the information contained in the written statement with respect to covered orders that are not available through the NMLS. The Bureau is not currently aware of other regularized and consolidated official sources of information about covered orders that would provide the information about order violations that would be contained in the written statement.

As an alternative to the approach taken in the final rule, the Bureau considered requiring covered nonbanks to notify the Bureau when they become subject to a covered order—even one not published on the NMLS Consumer Access website—in a manner similar to that adopted under § 1092.203 of the final rule. Under such an alternative system, the Bureau might have used such notifications to attempt to obtain additional information about the covered nonbank and the covered order directly under its information-sharing memorandums of understanding with relevant regulators. However, such a requirement would not have adequately accomplished the purposes of the registry for the reasons explained above. Because the Bureau could not be assured that the other Federal, State, and local systems would routinely collect and make available the types of relevant identifying information about covered nonbanks subject to covered orders that are currently collected under the NMLS with respect to companies registered with the NMLS, the nonbank registry would therefore still need to collect such identifying information directly from registering nonbanks. Moreover, such an approach would require the Bureau to comb through a large number of different websites maintained by various Federal agencies, State regulators, State attorneys general, and local agencies, all using their own organization, formats, naming conventions, frequency of posting and updating, and other matters. Such an approach would be cumbersome at best not only for the Bureau but also for registering entities themselves. Such an approach would therefore represent a less efficient and effective means of accomplishing the purposes of the final rule, including registering applicable covered nonbanks and supporting the objectives and functions of the Bureau through monitoring markets for consumer financial products and services, than the approach being adopted by the Bureau under § 1092.203.

That approach is comparatively much more useful both for the Bureau and for other potential users of the registry. As discussed above, filings submitted under § 1092.203 will notify both the Bureau and such other potential users when a covered order is issued against a covered person. Then the Bureau and other users will be able to use the NMLS to access additional information about the covered nonbank and covered order (subject to any applicable terms of use or other conditions). The NMLS and applicable State regulators generally collect identifying information about most of the companies that have applicable orders published on the NMLS Consumer Access website. For example, the NMLS Form MU1 requires companies to provide information regarding their legal name, address, NMLS number, and State licensing information. The Bureau will generally be able to obtain this information from NMLS and directly from State regulators. (While the Bureau understands that some covered nonbanks that are subject to an NMLS-published covered order may not have created an NMLS account—for example, where a covered order is issued against a company that is not appropriately licensed by an applicable State—the Bureau also understands that the number of such covered nonbanks is comparatively small. The Bureau intends to use the information collected through the nonbank registry to better understand the number of such companies, and intends to continue to consult with State agencies and the NMLS's operator regarding coordination of the nonbank registry and the NMLS.) Thus, the Bureau believes it will more readily be able to identify most covered nonbanks that register an NMLS- published covered order than it would be able to identify covered nonbanks subject to other types of covered orders.

In addition, the NMLS, which is maintained through the coordinated action of the States, will be relatively simple for the Bureau to monitor and to coordinate with. The NMLS provides a valuable coordination function by organizing information about registered nonbank companies, generally by assigning an NMLS identification number for the company and assembling relevant identifying and licensing information together in an accessible manner. Limiting the number of places where the Bureau will need to search in order to obtain information about covered nonbanks and covered orders to two—the nonbank registry and the NMLS—will help limit the Bureau's search costs, and conserve resources that it could apply elsewhere, including to monitor for risk to consumers in other ways. By minimizing the number of places such information will be located, the final rule will also help minimize variation in the steps that would be required to obtain access to the information or any controls that may be placed on access to the information, and the ways or formats in which that information may be posted. Thus, the final rule will help ensure access by the Bureau to more uniform and consistent reporting about covered nonbanks and covered orders.

In addition to providing a consolidated source of information to the Bureau, the NMLS is also comparatively a more useful resource for other users of the public registry the Bureau intends to establish than a collection of other websites would be. As discussed above, where the Bureau publishes information on its nonbank registry informing users of that registry about the existence of a covered nonbank and the issuance of an applicable order against that nonbank, State regulators will generally be able to obtain related information from the NMLS pursuant to their arrangements with NMLS. In addition, as discussed above, the NMLS Consumer Access website currently publishes a wide range of information regarding those covered nonbanks that are subject to applicable State licensing and registration requirements, including much of the identifying information that would be collected under the proposal, such as the entity's legal name, business address, and NMLS identifier. Other users of the nonbank registry may use the NMLS Consumer Access website to access copies of, and other information about, NMLS-published covered orders and covered nonbanks that are registered with the NMLS, so long as that access is consistent with any terms of use or other conditions of access that NMLS may impose. Thus, the NMLS Consumer Access website provides a centralized point of access (subject to NMLS Consumer Access's applicable terms of use or other conditions of access) for persons seeking to learn more about NMLS-published covered orders and covered nonbanks. Moreover, publication on the NMLS Consumer Access website will help ensure that such orders are presented in a format that is uniform and consistent, which will reduce the opportunity for confusion for persons who are attempting to locate and learn about NMLS-published covered orders.

Therefore, the Bureau has determined that maintaining its own registry, with the alternative option for one-time registration of NMLS-published covered orders provided in § 1092.203, will best serve the purposes of the final rule as described herein.

Final Rule

For the reasons described above and as follows in this section-by-section analysis, the Bureau is finalizing a new § 1092.203, and is renumbering the remainder of the sections of subpart B to part 1092 accordingly. Consistent with the approach suggested by commenters, this section will provide an express exception from some of the requirements of the rule as proposed (including the proposed written-statement requirements) for orders that are published on the NMLS Consumer Access website, which may be exercised at the option of the covered nonbank in lieu of registering under subpart B generally with respect to such orders.

The Bureau is adopting corresponding definitions of the terms “NMLS” and “NMLS-published covered order” at § 1092.201(j) and (k). See the discussion of these definitions in the section-by-section discussion of these sections above.

With respect to any NMLS-published covered order, a covered nonbank that is identified by name as a party subject to the order may elect to comply with the one-time registration option described in this section in lieu of complying with the requirements of §§ 1092.202 and 1092.204. Section 1092.203(c) provides that, once a covered nonbank avails itself of this option, and chooses to file the information required under § 1092.203(b) with respect to an NMLS-published covered order, the covered nonbank shall have no further obligation under subpart B to provide information to, or update information provided to, the nonbank registry regarding the NMLS-published covered order.

As discussed above, by collecting and potentially publishing limited information for the purpose of coordinating the nonbank registry with NMLS, the final rule will also promote coordination with States in accordance with CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D).

As provided in § 1092.201(k), no covered order issued or obtained at least in part by the Bureau shall be an NMLS-published covered order. Thus, a covered nonbank must comply with the requirements of § 1092.202 and (where applicable) § 1092.204 with respect to a covered order that has been issued or obtained at least in part by the Bureau and may not elect to comply with the one-time registration option described in § 1092.203 with respect to such a covered order whether or not the order has been published on the NMLS Consumer Access website. This restriction applies whether the applicable covered order was issued either by a court or by the Bureau itself, so long as the order was issued in any action or proceeding brought at least in part by the Bureau. The Bureau has a special interest in monitoring its own orders, and in obtaining updated information under § 1092.202 regarding them. The identifying information submitted under § 1092.202, and the final rule's obligation to update that information in the event of changes, could provide new and useful information to the Bureau in monitoring and enforcing its own orders. For example, a covered nonbank subject to a Bureau covered order that moves its principal place of business or changes its name will be required to notify the Bureau. Also, the Bureau has a special interest in obtaining annual written statements under § 1092.204 from supervised registered entities regarding such Bureau orders. The written statements will provide information regarding ongoing compliance with the Bureau order and the name and title of the attesting executive, will otherwise facilitate the Bureau's supervision of entities subject to its orders, and will help the Bureau detect and assess risks to consumers in connection with the orders it has issued or obtained. The Bureau also concludes that the rule's written-statement requirements should be imposed on supervised registered entities subject to covered orders that have been issued or obtained by the Bureau to ensure that such entities are legitimate entities and are able to perform their obligations to consumers. Thus, the final rule requires covered nonbanks to comply with § 1092.202 and (where applicable) § 1092.204 with respect to such covered orders whether or not they are published on the NMLS Consumer Access website.

Section 1092.203(b) Information To Be Provided

Proposed Rule

See the section-by-section discussion of § 1092.203(a) above for a discussion of the proposal's requirements regarding submission of information and written statements and publication of information relating to covered orders.

Comments Received

See the section-by-section discussion of § 1092.203(a) above for a summary of comments received requesting an exception for NMLS-published covered orders as well as comments received regarding alleged redundancies with other registries and sources of information.

Final Rule

For the reasons described above and as follows in this section-by-section analysis, the Bureau is adopting a new § 1092.203(b) requiring a covered nonbank that chooses to exercise the option described in § 1092.203(a), in the form and manner specified by the Bureau, to provide such information that the Bureau determines is appropriate for the purpose of identifying the covered nonbank and the NMLS-published covered order, and otherwise for the purpose of coordinating the nonbank registry with the NMLS. The Bureau will provide instructions regarding the submission of such information in filing instructions issued under § 1092.102(a).

The Bureau is finalizing this requirement in order to help ensure that it obtains adequate information regarding NMLS-published covered orders to maintain the usefulness of the nonbank registry with respect to such orders. Without such a requirement, the Bureau may not learn about the existence of such orders or the applicable covered nonbank, or may not be informed that the covered nonbank is a covered nonbank subject to its jurisdiction or that the covered order is a covered order. Such matters are critical for the Bureau to be informed about so that it may understand when information regarding such matters that is of interest to the Bureau and relevant to its jurisdiction may be available from State agencies. The Bureau will also need this information in order to help coordinate the nonbank registry with the NMLS, including to verify that an applicable NMLS-published covered order is in fact published on the NMLS Consumer Access website and to obtain information regarding the applicable covered nonbank and the NMLS-published covered order.

Under § 1092.205 of the final rule, the Bureau intends to publish certain information that the nonbank registry collects under § 1092.203. As described above and in the section-by-section discussion of § 1092.205 below, and except as provided therein, the Bureau believes the publication of certain information collected under § 1092.203 will be in the public interest, in order to allow users of the Bureau's public registry to identify that a covered nonbank has become subject to a covered order and (consistent with any applicable terms of use or other conditions of access) to be able to locate information about that covered nonbank and covered order on the NMLS Consumer Access website. The Bureau may also collect additional information under § 1092.203 for the purpose of coordinating the nonbank registry with the NMLS that it may choose not to publish. In administering the nonbank registry, the Bureau will implement § 1092.203 along with § 1092.102(b) as part of coordinating or combining systems in consultation with State agencies.

203(c) No Further Obligation To Provide or Update Information

Proposed Rule

Comments Received

Final Rule

For the reasons described above and as follows in this section-by-section analysis, the Bureau is adopting a new § 1092.203(c) stating that, upon providing the information described in § 1092.203(b), the covered nonbank shall have no further obligation under subpart B to provide information to, or update information provided to, the nonbank registry regarding the NMLS-published covered order. Thus, once a covered nonbank has submitted the information specified in the filing instructions adopted under § 1092.102(a) for an applicable NMLS-published covered order, the covered nonbank will have no further obligation to provide information to, or update information provided to, the nonbank registry regarding the NMLS-published covered order. Thus, among other things, following such a submission, the covered nonbank need not submit either an initial or a revised filing under § 1092.202(b)(2) with respect to the NMLS-published covered order. (However, if the covered nonbank is also subject to at least one other covered order that is registered or required to be registered under § 1092.202, and such other order(s) is not eligible for registration under § 1092.203 or the covered nonbank has not opted to register the order(s) under that provision, the covered nonbank will remain subject to § 1092.202(b)(2)'s requirements with respect to such other covered order(s), including the ongoing obligation to update its identifying information.) If the covered nonbank is a supervised registered entity, then, following such a submission under § 1092.203, it will not be required to submit an annual written statement under § 1092.204 or otherwise comply with the requirements of that section in connection with the applicable NMLS-published covered order.

As described in the section-by-section analysis of § 1092.203(a) above, the Bureau believes that this exception to the requirements of the final rule with respect to NMLS-published covered orders is consistent with the purposes of the final rule described in part IV above. This exception will reduce burden on entities that are subject to the rule, help avoid confusion, and promote coordination with the States in exercising the Bureau's nonbank registration authorities by leveraging information already gathered and published by the States.

Section 1092.204 Annual Reporting Requirements for Supervised Registered Entities

Proposed § 1092.203, which is renumbered in the final rule as § 1092.204, would have required supervised registered entities annually to identify an executive (or executives) who is responsible for and knowledgeable of the firm's efforts to comply with orders identified in the registry. The proposal would also have required supervised registered entities to submit on an annual basis a written statement signed by that executive (or executives) regarding the entity's compliance with orders in the registry.

The Bureau is finalizing this component of the proposal, with certain changes to the proposed regulatory text that are discussed below. Below, the Bureau first addresses comments regarding the Bureau's legal authority to impose the requirements in § 1092.204 and then discusses § 1092.204's individual paragraphs.

Proposed Rule's Discussion of the Bureau's Legal Authority To Impose Written-Statement Requirements

The Bureau relied on its rulemaking authority under CFPA section 1024(b)(7)(A)-(C) in requiring supervised registered entities to submit written statements. The Bureau explained that each of those paragraphs provides independent authority for the requirement to submit written statements. First, the Bureau explained, CFPA section 1024(b)(7)(A) and (B) authorize these written-statement requirements because the statements would facilitate the Bureau's supervision efforts and its assessment and detection of risks to consumers. The Bureau believed the proposed written statement would facilitate the Bureau's supervision efforts, including by providing the Bureau with important additional information regarding risks to consumers that may be associated with the covered order; informing the Bureau's risk-based prioritization of its supervisory activities under CFPA section 1024(b); and improving the Bureau's ability to conduct its supervisory and examination activities with respect to the supervised nonbank, when it does choose to exercise its supervisory authority. The Bureau noted that submission of a written statement that identifies noncompliance with reported orders would provide the Bureau with important information regarding risks to consumers that may be associated with the order. The Bureau further noted that such orders themselves frequently contain provisions aimed at ensuring an entity's future legal compliance with the covered laws violated. The Bureau believed that an entity's compliance with such provisions may mitigate the continuing risks to consumers presented by the entity and thus the potential need for current supervisory activities. By contrast, the Bureau also believed that evidence of noncompliance with an order requiring registration under the proposal would be probative of a potential need for supervisory examination of the supervised nonbank and would be a relevant factor for the Bureau to consider in conducting its risk-based prioritization of its supervisory program under CFPA section 1024(b)(2), including (b)(2)(C), (D), and (E). Likewise, in cases where the Bureau determined to exercise its supervisory authorities with respect to a supervised nonbank required to submit written statements under the proposal, the Bureau expected that those written statements would provide important information relevant to conducting examination work. For example, the Bureau explained that it might use the written statements in determining what information to require from a supervised nonbank, in determining the content of supervisory communications and recommendations, or in making other decisions regarding the use of its supervisory authority.

12 U.S.C. 5514(b)(7)(A)-(C).

Second, the Bureau explained in the proposal that it has authority to require preparation of the written statements under CFPA section 1024(b)(7)(C) because the written statements will help ensure that supervised registered entities “are legitimate entities and are able to perform their obligations to consumers.” The Bureau interpreted CFPA section 1024(b)(7)(C) as authorizing it to prescribe substantive rules to ensure that supervised entities are willing and able to comply with their legal obligations to consumers, including those imposed by Federal consumer financial law. The Bureau believed that the proposed requirement to submit an annual written statement would help ensure that the supervised registered entity takes its legal duties seriously, and that it is not treating the risk of enforcement actions for violations of legal obligations as a mere cost of doing business. If an entity reported under proposed § 1092.203(d)(2) that it violated its obligations under covered orders, the Bureau noted that may indicate that the entity lacks the willingness or ability more generally to comply with its legal obligations, including its obligations under the Federal consumer financial laws that the Bureau enforces. The Bureau believed that that would especially be the case if an entity reported violations under proposed § 1092.203(d)(2) in multiple years or with respect to multiple covered orders, or if the violation amounted to a repeat of the conduct that initially gave rise to the covered order. The Bureau noted that, under CFPA section 1024(b)(2), the Bureau may prioritize such an entity for supervisory examination to determine whether the entity has worked in good faith to maintain protocols aimed at ensuring compliance with its legal obligations and detecting and appropriately addressing any legal violations that the entity may commit. In this way, the Bureau explained that the written statement required by proposed § 1092.203(d)(2) would assist the Bureau in ensuring that supervised registered entities are legitimate entities and are able to perform their obligations to consumers.

12 U.S.C. 5514(b)(7)(C).

12 U.S.C. 5514(b)(2).

Certain Comments Received Regarding the Bureau's Legal Authority To Impose Written-Statement Requirements

Some industry commenters questioned the Bureau's authority to impose the written-statement requirements, while some consumer advocate commenters stated that the Bureau was authorized to impose the written-statement requirements. The Bureau finalizes its conclusion set forth in the proposal that CFPA section 1024(b)(7) authorizes the rule's written-statement requirements. The Bureau discusses and responds to some of these comments together in this part for ease of reference. For further discussion of the written-statement requirements in the final rule and the Bureau's responses to comments received, see the section-by-section analysis of § 1092.204 below.

See, e.g., 88 FR 6088 at 6091-93, 6125.

Commenters focused primarily on the meaning of CFPA section 1024(b)(7)(B) and 1024(b)(7)(C). Industry commenters commented that the proposed written statement would not qualify as a “record” within the meaning of CFPA section 1024(b)(7)(B). They also argued that section 1024(b)(7)(B) only allows the Bureau to require a supervised entity to produce records, not to compel an individual executive to provide the required written statement. Further, an industry commenter stated that the written-statement requirement is not the type of rule contemplated by CFPA section 1024(b)(7)(C) because, in the group's view, the requirement does not address the competency of management or financial requirements to ensure an entity's solvency. Finally, commenters contended that Congress's express provision for certification or attestation requirements in other statutory provisions implies that the Bureau lacks the authority to impose the proposed written-statement requirement under CFPA section 1024(b)(7) because that provision does not expressly address such a requirement.

Commenters cited 7 U.S.C. 6s(k)(3)(B)(ii), 12 U.S.C. 1851(f)(3)(A)(ii), 15 U.S.C. 7241(a), and 15 U.S.C. 7262(b).

The Bureau's Response to Certain Comments Received Regarding the Bureau's Legal Authority To Impose Written-Statement Requirements

The Bureau finalizes its conclusion that CFPA section 1024(b)(7) authorizes the Bureau to impose the written-statement requirements contained in § 1092.204. As an initial matter, commenters are wrong in suggesting that Congress's express provision for certification or attestation requirements in provisions like 7 U.S.C. 6s(k)(3)(B)(ii), 12 U.S.C. 1851(f)(3)(A)(ii), 15 U.S.C. 7241(a), and 15 U.S.C. 7262(b) implies that the Bureau lacks authority to impose the written-statement requirement under section 1024(b)(7). The commenters appear to be relying on the principle articulated in Russello v. United States that Congress generally “acts intentionally and purposely in the disparate inclusion or exclusion” of statutory language. That principle, however, only applies when “Congress includes particular language in one section of a statute but omits it in another section of the same Act.” By contrast, “[l]anguage in one statute usually sheds little light upon the meaning of different language in another statute.” Therefore, 15 U.S.C. 7241(a) and 7262(b), which Congress enacted in the Sarbanes-Oxley Act of 2002, have little bearing on the proper interpretation of CFPA section 1024(b)(7).

Russello v. United States, 464 U.S. 16, 23 (1983) (citation omitted).

Id.

Id. at 25.

Public Law 107-204, 116 Stat. 745.

While 7 U.S.C. 6s(k)(3)(B)(ii) and 12 U.S.C. 1851(f)(3)(A)(ii), like section 1024(b)(7), were enacted in the Dodd-Frank Act (albeit in different titles than section 1024(b)(7)), those provisions are also insufficient to invoke the Russello principle. That principle infers meaning from differences in language between statutory provisions that are otherwise similarly worded. Accordingly, the inference “grows weaker with each difference in the formulation of the provisions under inspection.” Also, the Russello principle “applies with limited force” to broadly worded statutes. The Russello principle is founded on the premise that “the absence of the words used in [a separate statutory provision] could indicate an intention to exclude their application” in the principal provision at issue. It, however, “makes less sense to draw that inference when . . . the provision at issue uses broader language that encompasses the meaning of the absent words and thus did not need to expressly include them.”

City of Columbus v. Ours Garage & Wrecker Serv., Inc., 536 U.S. 424, 435-36 (2002); accord Clay v. United States, 537 U.S. 522, 532 (2003); see also Nat'l Postal Policy Council v. Postal Regulatory Comm'n, 17 F.4th 1184, 1191 (D.C. Cir. 2021) ( Russello presumption “has limited force” when “two provisions use different words and are not otherwise parallel”); United States v. Councilman, 418 F.3d 67, 74 (1st Cir. 2005) (“[I]f the language of the two provisions at issue is not parallel, then Congress may not have envisioned that the two provisions would be closely compared in search of terms present in one and absent from the other.”).

See United States v. O'Donnell, 608 F.3d 546, 552 (9th Cir. 2010).

Id.

Id.; see also Adirondack Med. Ctr. v. Sebelius, 740 F.3d 692, 697 (D.C. Cir. 2014) (explaining that the “ expressio unius canon” is a “poor indicator of Congress' intent” to limit the scope of an otherwise “broad grant of authority”); Councilman, 418 F.3d at 74 (“The Russello maxim . . . is simply a particular application of the classic principle expressio unius est exclusio alterius. . . .”).

Applying those considerations here, 7 U.S.C. 6s(k)(3)(B)(ii) and 12 U.S.C. 1851(f)(3)(A)(ii) provide no basis for reading into CFPA section 1024(b)(7) an atextual limitation that would prevent the Bureau from imposing the written-statement requirement. The provisions do not use parallel wording. While 7 U.S.C. 6s(k)(3)(B)(ii) and 12 U.S.C. 1851(f)(3)(A)(ii) focus on particular reporting requirements, CFPA section 1024(b)(7) provides a general grant of rulemaking authority to facilitate supervision, assessment, and detection of risks to consumers, and to ensure that supervised entities are legitimate and are able to perform their obligations to consumers. Further, as explained in greater detail below, Congress used expansive language in section 1024(b)(7) that encompasses the authority to impose the written-statement requirements. The contrast that the commenters attempt to draw between section 1024(b)(7) and other, more limited provisions imposing certification or attestation requirements does not support restricting section 1024(b)(7)'s breadth.

Turning to the specific subparagraphs of CFPA section 1024(b)(7), no commenter specifically addressed the Bureau's statements in the notice of proposed rulemaking that CFPA section 1024(b)(7)(A) provides a “distinct, independently sufficient basis for the proposed written-statement requirements.” In the absence of any comments specifically challenging the proposition that CFPA section 1024(b)(7)(A) authorizes the written-statement requirements, the Bureau finalizes its conclusion that section 1024(b)(7)(A) supports those requirements. The written-statement requirements will “facilitate [the Bureau's] supervision” efforts and its “assessment and detection of risks to consumers” within the meaning of section 1024(b)(7)(A). In particular, the written-statement requirements will provide the Bureau with important additional information regarding risks to consumers that may be associated with the covered order; inform the Bureau's risk-based prioritization of its supervisory activities under CFPA section 1024(b); and improve the Bureau's ability to conduct its supervisory and examination activities with respect to the supervised nonbank, when it chooses to exercise its supervisory authority. Because CFPA section 1024(b)(7)(A) provides a distinct grant of authority separate from CFPA section 1024(b)(7)(B) or 1024(b)(7)(C)—a proposition not disputed by any commenter—section 1024(b)(7)(A) suffices to support the written-statement requirements, even if (as the commenters argue) the written statement did not qualify as a “record” that the Bureau could require under section 1024(b)(7)(B) and also was not authorized by section 1024(b)(7)(C).

88 FR 6088 at 6090; see also id. at 6093 (“Section 1024(b)(7) of the CFPA . . . identifies three independent sources of Bureau rulemaking authority.”); id. at 6125 (“Each of th[e] paragraphs [in CFPA section 1024(b)(7)(A)-(C)] provides independent authority for the requirement to submit written statements.”).

Although not necessary to support the written-statement requirements, the Bureau also concludes that section 1024(b)(7)(B) authorizes those requirements as well. Section 1024(b)(7)(B) authorizes the Bureau to require entities subject to its supervisory authority “to generate, provide, or retain records for the purposes of facilitating supervision . . . and assessing and detecting risks to consumers.” As the Bureau has explained, the term “records” in section 1024(b)(7)(B) is broad. It includes any “[i]nformation that is inscribed on a tangible medium or that, having been stored in an electronic or other medium, is retrievable in perceivable form,” or any “documentary account of past events.” The written statement required by § 1092.204 easily qualifies as a “record” under that definition. The written statement provides “[i]nformation” or a “documentary account” of past events—namely, the fact of “whether, to the attesting executive's knowledge, the supervised registered entity during the preceding calendar year identified any violations or other instances of noncompliance” with an applicable covered order, as well as the steps the attesting executive undertook to review and oversee the supervised registered entity's activities with respect to the covered order. Even under commenters' preferred definitions of “record,” the written statement fits the bill. It “set[s] down in writing,” “furnish[es] written evidence” of, and “gives evidence of” the matters required to be addressed in the written statement. It also “recalls or relates past events.” Put another way, the written statement provides “a description of actions taken by the business,” which commenters recognize “might constitute a `record.' ” Because the written statement qualifies as a “record,” section 1024(b)(7)(B) authorizes the Bureau to require supervised nonbanks to “generate”— i.e., create —such written statements and “provide” them to the Bureau.

12 U.S.C. 5514(b)(7)(B).

See88 FR 6088 at 6093.

Record, Black's Law Dictionary (11th ed. 2019); accord Record, Webster's Third New International Dictionary (1981) (“an account in writing or print (as in a document) . . . intended to perpetuate a knowledge of acts or events”; “a piece of writing that recounts or attests to something”); Record, American Heritage Dictionary of the English Language, https://www.ahdictionary.com/word/search.html?q=record (“[a]n account, as of information or facts, set down especially in writing as a means of preserving knowledge”).

See Generate, Webster's Third New International Dictionary (1981) (defining “generate” as “to bring into existence”).

12 U.S.C. 5514(b)(7)(B).

Contrary to commenters' assertions, § 1092.204(d) does not require the entity to comply with covered orders, or to engage in, or to refrain from, other specific non-recordkeeping conduct. Rather, the two elements of the written statement required under § 1092.204(d)(1) and (2) are statements about facts that will already exist at the time the written statement is submitted—namely, the steps the executive took, and whether or not the entity identified any applicable violations. Section 1092.204(d) merely requires that the supervised registered entity generate and submit a record (signed by the attesting executive) about those existing facts.

The commenters suggest that, because the Bureau uses the term “attest” in describing the statements required to be included in the written statement, the document cannot qualify as a “record.” But nothing about the use of the term “attest” changes the substance of the written-statement requirements or takes the written statement outside the realm of the term “records.” “Attest” means to “affirm to be true or genuine.” It is common to refer to the maker of a record as having “attest[ed]” to the information contained in that record. Indeed, Webster's Third New International Dictionary uses the word “attest” in defining the word “record”: The definition of “record” includes “a piece of writing that recounts or attests to something.”

Attest, Webster's Third New International Dictionary (1981); accord Attest, Black's Law Dictionary (11th ed. 2019) (“[t]o affirm to be true or genuine”); Attest, American Heritage Dictionary of the English Language, https://www.ahdictionary.com/word/search.html?q=attest (“[t]o affirm to be correct, true, or genuine”).

Record, Webster's Third New International Dictionary (1981) (emphasis added).

Further, contrary to commenters' suggestion, the fact that § 1092.204(e) requires the supervised entity to “maintain documents and other records sufficient to provide reasonable support” for its written statement does not transform the written statement into something other than a “record.” Information contained in documents that constitute “records” is often supported by other “records.” For example, accounting journals or ledgers are “records,” even though they are often based on other “records,” such as receipts or invoices. Similarly, § 1092.204(e)'s recordkeeping requirement does not render the written statement a non-“record.”

See, e.g., 2 Robert P. Mosteller et al., McCormick on Evidence § 287 (8th ed. 2022) (explaining that accounting journals or ledgers may be admissible under the hearsay exception for records of regularly conducted activities, even though the journals or ledgers are based on other records).

Commenters also contend that the Bureau is exceeding its authority under section 1024(b)(7)(B) by imposing the requirement to submit written statements on individual executives. According to commenters, section 1024(b)(7)(B) only allows the Bureau to require a supervised entity to produce records; it does not allow the Bureau to require an executive of a supervised entity to provide any such certification. The commenters, however, do not accurately describe the nature of the requirements imposed by § 1092.204 of the Bureau's rule. Section 1092.204 imposes requirements on supervised registered entities, not on any particular individuals. Supervised registered entities with applicable covered orders must designate attesting executives who satisfy certain criteria, and they must submit a written statement that is signed by the attesting executive “on behalf of the supervised registered entity.” Those obligations belong to the supervised registered entity, not to any individual. If a supervised registered entity failed to designate an attesting executive or to submit a written statement when required to do so, the supervised registered entity—not a particular individual—would potentially be subject to an enforcement action. It is thus simply incorrect to suggest that § 1092.204 imposes requirements on corporate executives in their personal capacities. To be sure, as with any other regulatory obligation, supervised registered entities, like any legal entity, must take steps to comply with § 1092.204 through their agents. But the obligations under § 1092.204 belong to supervised registered entities, not to particular individuals acting in their personal capacities.

Section 1092.204(b), (d).

For the reasons discussed above, the Bureau does not find the comments challenging its reliance on section 1024(b)(7)(B) persuasive. The Bureau thus finalizes its conclusion that section 1024(b)(7)(B) authorizes § 1092.204's written-statement requirements.

In addition, the Bureau finalizes its conclusion that CFPA section 1024(b)(7)(C) provides a distinct, independent statutory basis for § 1092.204's written-statement requirements. Section 1024(b)(7)(C) authorizes the Bureau to prescribe rules to ensure that nonbanks subject to its supervisory authority “are legitimate entities and are able to perform their obligations to consumers.” As the Bureau has explained, § 1092.204's written-statement requirements further the statutory purposes specified in section 1024(b)(7)(C) because those requirements will facilitate the Bureau's assessment of whether a company is willing and able to satisfy its legal obligations, including those set forth in covered orders.

12 U.S.C. 5514(b)(7)(C).

See88 FR 6088 at 6091, 6093, 6125.

In response, commenters assert that the types of requirements contemplated by section 1024(b)(7)(C) address the competency of management and financial requirements to ensure the entity's solvency, and according to commenters, the written-statement requirements do “not further either of those statutory purposes.” As an initial matter, the commenters' argument fails on its own terms because § 1092.204's written-statement requirements “address the competency of management.” If an entity is violating its obligations under a covered order, or its executives are not taking sufficient steps to effectively oversee the entity's compliance with its obligations under such an order, that would raise concerns regarding “the competency of [the entity's] management.”

The commenters also fail to account for the full breadth of the language Congress used in section 1024(b)(7)(C). As the Bureau has explained, the term “obligations” in section 1024(b)(7)(C) encompasses “anything that a person is bound to do or forbear from doing,” including duties “imposed by law, contract, [or] promise.” Contrary to commenters' suggestion, the term “obligations” is not limited to financial requirements related to solvency. Similarly, “legitimate entities” is a broad phrase encompassing an inquiry into whether an entity takes seriously its duty to “[c]omply[ ] with the law.”

See88 FR 6088 at 6093.

Obligation, Black's Law Dictionary (11th ed. 2019).

Legitimate, Black's Law Dictionary (11th ed. 2019) (“[c]omplying with the law; lawful”); accord Legitimate, Webster's Second New International Dictionary (1934 ) (defining “legitimate” as “[a]ccordant with law or with established legal forms and requirements; lawful”); Legitimate, Webster's Third New International Dictionary (1981) (similar).

Commenters also lose sight of the purposes of the Bureau's supervisory program, which are “assessing compliance with the requirements of Federal consumer financial law”; “obtaining information about the activities and compliance systems or procedures” of entities subject to Bureau supervision; and “detecting and assessing risks to consumers and to markets for consumer financial products and services.” The authority that Congress granted to the Bureau in CFPA section 1024(b)(7) must at least be sufficiently expansive to allow the Bureau to issue rules aimed at achieving the supervisory objectives listed in CFPA section 1024(b)(1). According the terms “obligations” and “legitimate entities” in section 1024(b)(7)(C) their full breadth—rather than artificially restricting them, as commenters propose, to addressing limited issues like solvency—is most consistent with achieving the congressionally stated purposes of supervision, including “assessing compliance with the requirements of Federal consumer financial law.”

12 U.S.C. 5514(b)(1).

12 U.S.C. 5514(b)(1)(A).

In accordance with the expansive language that Congress used in section 1024(b)(7)(C), the Bureau finalizes its conclusion that section 1024(b)(7)(C) provides authority for § 1092.204.

Section 1092.204(a) Scope of Annual Reporting Requirements

Proposed Rule

Proposed § 1092.203(a) would have provided that the proposed section would apply only with respect to covered orders with an effective date (as that term was defined at proposed § 1092.201(f)) on or after the nonbank registration system implementation date for proposed § 1092.203.

This section would have applied only to certain larger supervised entities. The Bureau preliminarily concluded that the reporting requirements set forth in the section—which focused specifically on larger supervised entities' compliance with the orders registered pursuant to § 1092.202—should apply only prospectively to those covered orders with an effective date on or after the NBR implementation date for proposed § 1092.203. The Bureau explained that the prospective application of § 1092.203 would have ensured that entities faced with enforcement actions that might result in covered orders could take § 1092.203's requirements into account in their decision-making. While the Bureau did not believe that compliance with proposed § 1092.203's requirements would materially affect an entity's decision-making about how to respond to a prospective enforcement action—as discussed in further detail in section VII of the proposal, for the vast majority of entities, the Bureau generally did not anticipate any of the proposed rule's reporting and publication requirements imposing meaningful burden either operationally or on their bottom line—the Bureau proposed this provision out of an abundance of caution. In addition, the Bureau explained that this limitation would have helped ensure that supervised registered entities would be required to submit reports only after the nonbank registration system implementation date.

The proposal would have excluded from the term “supervised registered entity” persons with less than $1 million in annual receipts resulting from offering or providing all consumer financial products and services described in 12 U.S.C. 5514(a). As discussed in the section-by-section discussion of § 1092.201(q) above, in a revision to the proposed rule, the Bureau is adopting an exclusion for persons with less than $5 million in annual receipts (as defined) resulting from offering or providing all consumer financial products and services described in 12 U.S.C. 5514(a), as well as a clarification to this provision.

Comments Received

Commenters did not specifically address proposed § 1092.203(a). For comments regarding the proposed written-statement requirements generally, including comments stating that the Bureau lacks authority to impose such requirements and otherwise commenting on the nature and scope of the requirements, see the discussion elsewhere in this section-by-section discussion of § 1092.204.

Final Rule

For the reasons discussed in the description of the proposal above, the Bureau adopts § 1092.203(a) as proposed (renumbered as § 1092.204(a)), with certain changes for the reasons described below. See the section-by-section discussion of § 1092.201(q) above for a discussion of revisions to the definition of “supervised registered entity.”

See also the section-by-section discussion of § 1092.101(e) above regarding the Bureau's adoption of the revised term “nonbank registry implementation date.”

Section 1092.204(a) describes the covered orders that are subject to § 1092.204's written-statement requirements. The Bureau is finalizing three revisions to this paragraph (a). First, the Bureau is finalizing an amendment to the proposal at § 1092.204(a)(1) that clarifies that § 1092.204 applies only with respect to covered orders with an effective date on or after the “applicable” nonbank registry implementation date. This amendment reflects the addition of § 1092.206 to the final rule, which establishes nonbank implementation dates for different categories of covered nonbanks subject to the final rule. As discussed in the section-by-section discussion of § 1092.206 below, the Bureau is specifying the annual registration date in § 1092.206 of the final rule for each category of covered nonbank in order to provide greater certainty and clarity to covered nonbanks as of the issuance of the final rule. Section 1092.204's written-statement requirements apply only with respect to covered orders with an effective date on or after the nonbank registry implementation date that applies to the supervised registered nonbank subject to the covered order, as provided in § 1092.206.

Second, the Bureau is finalizing an amendment to the proposal at § 1092.204(a)(1) that provides that final § 1092.204 shall apply only with respect to covered orders “as to which information is provided or required to be provided under § 1092.202” (and that also have an effective date on or after the applicable nonbank registry implementation date for § 1092.204). This amendment clarifies that only covered orders that have been registered (or are required to be registered) under § 1092.202 are subject to § 1092.204's written-statement requirements. For example, a supervised registered nonbank would not be required to comply with § 1092.204's written-statement requirements in cases where the applicable covered order has not been registered (and was not required to be registered) under § 1092.202: (1) due to a stay or other agency or court action; (2) because the later of the 90-day period following its applicable nonbank registry implementation date or the effective date of the covered order as provided under § 1092.202 had not yet expired; or (3) where the supervised registered nonbank has exercised the option to register an NMLS-published covered order under § 1092.203 instead of § 1092.202. However, once the covered order is registered (or required to be registered) under § 1092.202, the supervised nonbank must comply with § 1092.204 as applicable, subject to the other provisions of the rule, including § 1092.202(f)'s provisions regarding submitting a final filing upon termination of the covered order. See the section-by-section discussion of § 1092.204(d) below regarding the scope of the written statements required by that section.

Third, the Bureau is finalizing a new paragraph at § 1092.204(a)(2) that provides that a supervised registered entity is not required to comply with § 1092.204's written-statement requirements with respect to any NMLS-published covered order for which it chooses to comply with the one-time registration option described in § 1092.203. This provision complements the related provisions at § 1092.203(a) and (c), which also provide that a covered nonbank that is identified by name as a party subject to a covered order may elect to comply with the one-time registration option described in that section in lieu of complying with the requirements of § 1092.204.

Section 1092.204(b) Requirement To Designate Attesting Executive

Proposed Rule

Proposed § 1092.203(b) would have required a supervised registered entity subject to an applicable covered order to annually designate as its attesting executive for purposes of proposed subpart B its highest-ranking duly appointed senior executive officer (or, if the supervised registered entity does not have any duly appointed officers, the highest-ranking individual charged with managerial or oversight responsibility for the supervised registered entity) whose assigned duties include ensuring the supervised registered entity's compliance with Federal consumer financial law, who has knowledge of the entity's systems and procedures for achieving compliance with the covered order, and who has control over the entity's efforts to comply with the covered order. The supervised registered entity would have been required annually to designate one attesting executive for each covered order to which it is subject and for all submissions and other purposes related to that covered order under proposed subpart B. The supervised registered entity would have also been required to authorize the attesting executive to perform the duties of an attesting executive on behalf of the supervised registered entity with respect to the covered order as required in proposed § 1092.203, including submitting the written statement described in proposed § 1092.203(d).

Criteria That an Attesting Executive Must Satisfy

For the reasons described in section IV(D) of the proposal, proposed § 1092.203(b) would have provided that a supervised registered entity subject to a covered order described in proposed § 1092.203(a) would generally be required to designate as its attesting executive for purposes of proposed subpart B its highest-ranking duly appointed senior executive officer (i) whose assigned duties include ensuring the supervised registered entity's compliance with Federal consumer financial law, (ii) who has knowledge of the entity's systems and procedures for achieving compliance with the covered order, and (iii) who has control over the entity's efforts to comply with the covered order. If the supervised registered entity has no duly appointed officers, proposed § 1092.203(b) would have required the entity to designate as its attesting executive the highest-ranking individual charged with managerial or oversight responsibility for the supervised registered entity who meets those three criteria.

As explained below in the discussion of proposed § 1092.203(d), the Bureau proposed that the attesting executive would sign a written statement submitted by the supervised registered entity regarding the entity's compliance with covered orders. The Bureau believed that proposal would have the benefit of ensuring that the supervised registered entity's reporting obligations under proposed § 1092.203 have received attention from the highest applicable level of a supervised registered entity's management. The Bureau proposed the criteria in proposed § 1092.203(b) in order to ensure that the person who attests and signs the written statement has sufficient authority and access to all the relevant company stakeholders to ensure that the report is as complete and accurate as possible. The Bureau believed that the language of proposed § 1092.203(b) would have ensured that the supervised registered entity designates an appropriately high-ranking employee as its attesting executive. The Bureau believed that such a person will be in the best position to know all relevant information with respect to the order, and to provide a reliable attestation in the written statement regarding the entity's compliance with the covered order.

The Bureau anticipated that this individual will in most cases likely be a top senior executive of the entity. For entities that are not organized as corporations, and thus may not have duly appointed officers, proposed § 1092.203(b) would have clarified that the attesting executive may be another individual who is charged with managerial or oversight responsibility for the supervised registered entity. The Bureau anticipated that this individual would in most cases serve in a capacity equivalent to a high-ranking senior executive at a corporation. For example, the Bureau noted, a supervised registered entity organized as a limited liability company that is run by an individual managing member and lacks executive officers may designate the managing member as its “attesting executive,” where the managing member's assigned duties include ensuring the supervised registered entity's compliance with Federal consumer financial law and the managing member has the requisite knowledge and control as described in proposed § 1092.203(b). Likewise, the Bureau further noted, a supervised registered entity organized as a general or limited partnership may designate an individual partner who otherwise satisfies the requirements set forth in proposed § 1092.203(b). The use of the term “executive” was not intended to preclude the designation of such persons as “attesting executives” where the supervised registered entity otherwise lacks a senior executive officer who satisfies proposed § 1092.203(b)'s requirements.

The Bureau anticipated that entities would take appropriate steps to ensure compliance with the proposed rule in the event that an executive leaves employment or changes duties, or a higher-ranking executive is put in place. For example, the Bureau explained, a supervised registered entity might consider designating an alternate attesting executive for each covered order to address such possibilities, including by ensuring that they have sufficient knowledge of the entity's systems and procedures for achieving compliance with the applicable covered order(s) and control over the entity's efforts to comply with the covered order(s).

The proposal would have also required that the supervised registered entity designate as its attesting executive for a covered order a person who has knowledge of the entity's systems and procedures for achieving compliance with the covered order. The Bureau anticipated that this requirement would help ensure that the annual written statement is completed by an individual with sufficient knowledge of the entity's systems and procedures for achieving compliance to make the written statement required by proposed § 1092.203(d). The Bureau expected that an executive who lacked knowledge of those compliance systems and procedures would not be in the best position to identify violations of the order. Therefore, the Bureau believed that without the proposed knowledge requirement, the attestation proposed at § 1092.203(d)(2) would lose much of its usefulness.

Proposed § 1092.203(b) would have also required that the attesting executive be required to have control over the entity's efforts to comply with the covered order. By this requirement, the Bureau meant to require that the executive have the ability, under the entity's existing compliance systems and procedures, to direct and supervise the entity's efforts to comply with the applicable covered order. The Bureau explained that this proposed requirement would complement the knowledge requirement discussed above, since the Bureau believed an executive with control over the entity's efforts to comply with the covered order would be more likely also to have (and to demand) the requisite knowledge regarding the entity's related compliance systems and procedures. The Bureau noted that it is possible that an executive with knowledge of an entity's related compliance systems and procedures, but who does not have control over the entity's efforts to comply with an applicable covered order, would not have been fully informed regarding violations of the order. The Bureau further explained that it would also be able to use information regarding which executives have control of the entity's efforts to comply with specific covered orders in connection with its supervisory reviews of the entity's compliance systems and procedures, compliance with Federal consumer financial law, and risks to consumers and markets.

In addition, the Bureau expected that the proposal's requirements to designate an attesting executive who has knowledge of the entity's systems and procedures for achieving compliance with its covered orders, and who has control over the entity's efforts to comply with its covered orders, would create an additional incentive for certain entities to comply with their obligations to consumers. The Bureau believed that most supervised registered entities would comply with covered orders even without the proposal. However, the Bureau believed that these requirements would motivate additional compliance efforts at certain entities that have failed to take adequate steps to comply with the order. The Bureau also believed that if a particular executive is identified to the Bureau as the person ultimately accountable for ensuring compliance with a covered order, the clear delineation of that executive's responsibility would prompt the executive to focus greater attention on ensuring compliance, which in turn would increase the likelihood of compliance.

In addition, the Bureau anticipated that obtaining information about which senior executive officer(s) at a supervised registered entity have knowledge of the entity's systems and procedures for achieving compliance with specific covered orders, and who have control over the entity's efforts to comply with those covered orders, would facilitate the Bureau's ability to identify situations in which individual executives have recklessly disregarded, or have actual knowledge of, the entity's violations of covered orders. The Bureau believed that this information would better enable the Bureau to identify risks to consumers related to such orders and the entity's compliance systems and procedures, and to take steps to address such risks through its supervisory or other authorities. Where the applicable covered order is a Bureau order, the Bureau believed such information will also facilitate the Bureau's efforts to assess compliance with the order and to make determinations regarding any potential related Bureau supervisory or enforcement actions. For example, the Bureau noted, where information obtained under proposed § 1092.203 indicates that a high-ranking executive has knowledge of (or has recklessly disregarded) violations of legal obligations falling within the scope of the Bureau's jurisdiction, and has authority to control the violative conduct, the Bureau could use that information in assessing whether an enforcement action should be brought not only against the nonbank covered person, but also against the individual executive.

The Bureau noted that in developing this proposal, it considered various options other than requiring entities to designate a senior executive officer as an attesting executive. The Bureau considered permitting entities to designate lower ranking individuals whose assigned duties include ensuring the supervised registered entity's compliance with Federal consumer financial law and who possessed sufficient knowledge and control to provide a written statement under proposed § 1092.203. However, the Bureau believed that requiring entities to designate their highest-ranking executive officer would better help ensure that all relevant information was considered when submitting the written statement. In addition, because the attestation that would have been provided under proposed § 1092.203(d)(2) would be subject to the knowledge of the attesting executive, the Bureau believed this requirement would help enhance the reliability of that attestation, and thus the accuracy of the written statement. The Bureau noted that lower-ranking managers at the entity might not be aware of all relevant facts. Also, the Bureau believed that the designation requirement would provide an important piece of information regarding the organizational structure of an entity's compliance management system—namely, the identity of the entity's highest-ranking executive whose assigned duties include ensuring the supervised registered entity's compliance with Federal consumer financial law, and who has the requisite level of knowledge and control. The Bureau believed that this information would be valuable to the Bureau's understanding of the supervised registered entity's compliance systems and procedures and its organization, business conduct, and activities subject to the covered order. The Bureau concluded that such information would have informed the Bureau's functions, including its use of its supervisory and enforcement authorities.

As another alternative to imposing this requirement, the Bureau noted that it might instead require the entity to appoint an individual with a given title—for example, the entity's Chief Compliance Officer (CCO), or equivalent. However, the Bureau observed that it did not have comprehensive information regarding the organizational structures of the entities it supervises, and the Bureau expected that many supervised registered entities may have organizational structures that do not provide for a CCO or other officer title. The Bureau believed that the proposed requirement to designate the entity's highest-ranking executive who satisfies the specified criteria would help ensure that an appropriately high-level individual was designated but would retain flexibility to accommodate a range of entity organizational structures. And as discussed above, the Bureau believed that requiring the entity to designate its attesting executive for each covered order would provide the Bureau with information regarding the entity, including its compliance systems and procedures and its organization, business conduct, and activities subject to the covered order.

As another alternative to the approach proposed in § 1092.203(b), the Bureau explained that it might require supervised registered entities to obtain a review or audit by an independent third-party consultant of the entities' written statements and the facts underlying the written statements. However, the Bureau believed that this alternative would impose costs on the entity that would largely be avoided by the proposal's requirement to designate an attesting executive already providing services to the entity and would require the Bureau to impose controls on such reviews in order to ensure their usefulness. In addition, this alternative would not have provided the Bureau with the information regarding the entity described above.

Requirement To Designate an Attesting Executive for Each Covered Order on an Annual Basis

Proposed § 1092.203(b) would have required a supervised registered entity to annually designate one attesting executive for each applicable covered order to which it is subject and for all submissions and other purposes related to that covered order under proposed subpart B. The Bureau believed that requiring a supervised registered entity to designate an attesting executive for each covered order would facilitate the Bureau's supervision of the supervised registered entity by, among other things, facilitating the Bureau's supervisory communications with the supervised registered entity regarding the covered order, including any related supervisory concerns. The Bureau would have also been able to contact the attesting executive with questions and to understand how the executive's responsibilities relate to the entity's obligations under its covered orders. The Bureau also believed that by requiring the entity to designate its attesting executive(s) on an annual basis, the proposal would have better enabled the Bureau to understand the reporting relationships within the entity and the entity's compliance systems and procedures. The Bureau thus believed that this proposed designation requirement would help ensure compliance with the proposed rule, facilitate the Bureau's supervision of the supervised registered entity, help the Bureau assess and detect risks to consumers, and help ensure that the entity is legitimate and able to perform its obligations to consumers.

The Bureau expected that under most circumstances, a supervised registered entity would designate one single individual as its attesting executive for all of the covered orders to which it is subject. However, the Bureau noted, there may be situations in which there is no one senior executive officer with the requisite knowledge of the entity's systems and procedures for achieving compliance with all of the covered orders to which the entity is subject, and who has control over the entity's efforts to comply with those orders. In such a case, the Bureau proposed that the entity could designate different attesting executives for the covered orders. By requiring a supervised registered entity to designate one attesting executive for each covered order described in proposed § 1092.203(a) to which it is subject, proposed § 1092.203(b) would have enabled the Bureau to better identify such situations.

Comments Received

See the beginning of the section-by-section discussion of § 1092.204 for a discussion of certain comments received regarding the Bureau's legal authority to impose the final rule's written-statement requirements.

Industry commenters and the joint comment from State regulators generally opposed the imposition of the rule's written-statement requirements. Commenters stated that the proposed requirements were unnecessary, onerous, and vague, would add little to no value to the Bureau fulfilling its objectives, and would be unlawful and drive up compliance costs. An industry commenter stated that the proposed requirements were extreme and an attempt to trap and embarrass companies and their executives. Industry commenters stated that the proposed written-statement requirements would not further the purpose of the proposal.

Industry commenters stated that the proposed written statements were more burdensome than described, and that the proposal did not adequately explain the benefits of the written-statement requirements. Industry commenters expressed concern that the written-statement requirements would harm consumers by discouraging qualified individuals from seeking employment with nonbanks, and stated that the Bureau should reconsider the cost and impact that would be associated with the written-statement requirements in harming hiring by supervised registered entities and in discouraging applicants. The SBA Office of Advocacy stated that the Bureau had failed to support its claims that few entities would lack a qualified executive, and to provide information about the costs that would be incurred to obtain a qualified executive to perform the duties required.

Industry commenters stated that proposed § 1092.203(b)'s requirements to designate an attesting executive for each covered order were unfair, because the proposed designation requirement served only as a shaming tool and appeared to place sole responsibility for compliance on the attesting executive. However, a consumer advocate commenter stated that the Bureau would be able to make clear that the attesting executive is not necessarily an at-fault individual. An industry commenter stated that no other industry seeks to impose liability upon corporate executives acting in a corporate capacity, and that under the proposal such liability would be unlimited. Industry commenters stated that the proposed requirement to designate an attesting executive for each covered order did not reflect real-world situations and how companies actually manage risk, and would inappropriately signal that other persons are less responsible for the supervised registered entity's compliance with the covered order. Industry commenters also stated that proposed § 1092.203(b)'s requirements to designate an attesting executive for each covered order were in conflict with the Bureau's existing guidance stating that an institution's board of directors or other principals are ultimately responsible for the institution's compliance management, and that designation of an attesting executive would encourage the mistaken notion that compliance is the sole responsibility of that individual.

The proposal indicated that the Bureau was considering adopting a requirement that the attesting executive attest that, in the executive's professional judgment, the entity's compliance systems and procedures are reasonably designed to detect violations of the applicable covered order and ensure that such violations are reported to the attesting executive. An industry commenter stated that this alternative requirement would contribute to the impression that the compliance burden rests solely with the attesting executive.

88 FR 6088 at 6126.

An industry commenter stated that designation of an attesting executive would serve no purpose for closely held entities.

Industry commenters stated that the rule, including the proposed written-statement requirements, should apply prospectively only.

Response to Comments Received

See the beginning of the section-by-section discussion of § 1092.204 for a discussion of the Bureau's response to certain comments received regarding the Bureau's legal authority to impose the final rule's written-statement requirements. As explained in that discussion, § 1092.204's written-statement requirements are appropriate and lawful and will serve the purposes identified in CFPA section 1024(b)(7)(A)-(C) and the goals of the final rule.

See part VIII for discussion of comments related to the economic costs and benefits associated with § 1092.204's written-statement requirements, including costs related to hiring and discouraging qualified applicants from seeking employment with supervised registered entities. As described in that analysis, the Bureau concludes that the requirements imposed by the final rule's written-statement requirements will impose only modest costs on entities beyond the costs entities are already incurring to ensure compliance with covered orders. The Bureau is finalizing an exception to the written-statement requirements for NMLS-published covered orders, as discussed in part IV(E) and the section-by-section discussion of § 1092.203, which will reduce overall costs to industry as discussed in part VIII.

As part of its mandate to ensure that markets for consumer financial products are fair, transparent, and competitive, the Bureau is committed to applying the law and regulations fairly and equitably across all persons subject to its authority. The Bureau believes the written statement is a fair approach to obtaining important information about covered orders from supervised registered entities. The Bureau disagrees with the industry commenters that § 1092.204(a)'s requirement to designate an attesting executive for each covered order represents an unfair attempt to place responsibility on individual attesting executives for violations of covered orders, or to impose unlimited accountability on individual executives in an unprecedented manner. The final rule does not establish any new standards, or alter any existing standards, regarding individuals' liability for supervised registered entities' violations of covered orders or other legal obligations. Nor does the final rule alter which agencies have jurisdiction to enforce the obligations imposed in covered orders or the scope of agencies' discretion to determine whether to bring such enforcement actions. Any individual accountability in connection with violations of covered orders shall continue to be determined in accordance with existing law. The final rule also does not affect the Bureau's existing approach to its supervisory responsibilities, including the manner in which the Bureau assesses board and management oversight at supervised registered entities.

See12 U.S.C. 5511(a).

See, e.g., Federal Financial Institutions Examination Council, Uniform Interagency Consumer Compliance Rating System, 81 FR 79473, 79478 (Nov. 14, 2016) (discussing assessment by agency examiners of Board and management oversight).

As described in the proposal, § 1092.204(b) establishes requirements for the supervised registered entity's designation of its attesting executive(s) to ensure that the person who signs the written statement has sufficient authority and access to all the relevant company stakeholders to ensure that the report is as complete and accurate as possible. Those requirements are intended to serve the information-collection purposes of the rule by helping to ensure the accuracy and usefulness of the written statement. As stated in the proposal, the Bureau also believes these requirements will create an additional incentive for certain entities to comply with their obligations to consumers. These requirements are specific to the rule. As the Bureau explained in the proposal, the final rule does not establish any minimum level of compliance management or expectation for compliance systems and procedures. Further, aside from the targeted designation, written-statement, and recordkeeping requirements in § 1092.204(b) through (e), the final rule does not impose any requirements on any of the entity's internal affairs, or require any particular approach of allocating responsibility for complying with covered orders or with the law generally. The Bureau understands that compliance management at supervised registered entities will likely be managed differently from entity to entity and that compliance management systems will and should be adapted to a supervised registered entity's business strategy and operations. The final rule does not purport to impose any restrictions on the manner in which supervised registered entities address such matters.

88 FR 6088 at 6121-22.

Id. at 6122.

Id. at 6100.

In the proposal, the Bureau explained that, because—in the Bureau's experience—most supervised entities take active steps to comply with covered orders, they would likely already have in place an officer or employee who could satisfy the § 1092.204(b) criteria. For similar reasons, the Bureau believed that most supervised entities would have in place systems and procedures to help them achieve compliance with covered orders to which they are subject. Therefore, the Bureau believed that few supervised entities would need to make significant changes to their compliance systems to comply with § 1092.204. Despite the Bureau's request for comment on the issue, no commenter provided persuasive evidence that § 1092.204(b)'s designation requirement likely would impose material additional costs on a substantial number of supervised registered entities, beyond the costs those entities are already likely to incur as part of fulfilling their obligations under the covered orders to which they are subject. For additional discussion about these and other potential costs associated with this provision, see parts VIII and IX.

See88 FR 6088 at 6132.

See id. at 6133.

See id. at 6132-33.

In the proposal, the Bureau described the attesting executive as “identified to the Bureau as the person ultimately accountable for ensuring compliance with a covered order.” This description was merely intended to reflect § 1092.203(b)'s requirements regarding the designation of the highest-ranking individual charged with managerial or oversight responsibility for the supervised registered entity who meets the three criteria established in that section. To be clear, the final rule does not affect the Bureau's long-standing guidance for supervised registered entities organized as corporations that the board of directors is ultimately responsible for developing and administering a compliance management system that ensures compliance with Federal consumer financial laws and addresses and minimizes associated risks of harm to consumers. In a supervised registered entity organized under a non-corporate form, that ultimate responsibility may rest with a controlling person or some other arrangement. The Bureau understands that compliance management at supervised registered entities will likely be managed differently from entity to entity and that compliance management systems will and should be adapted to a supervised registered entity's business strategy and operations. Consistent with FFIEC guidance, Bureau examiners evaluate Board and management oversight factors commensurate with the institution's size, complexity, and risk profile. The Bureau agrees that compliance is often the responsibility of many, and not just a single executive. The final rule does not attempt to place such responsibility entirely on the shoulders of the entity's attesting executive.

Id. at 6122.

See CFPB Supervision and Examination Manual at CMR 3.

See, e.g., Uniform Interagency Consumer Compliance Rating System, 81 FR 79473 at 79480.

Nevertheless, as stated in the proposal, the Bureau does believe that § 1092.204(b)'s designation requirement will create an additional incentive for certain entities to comply with their obligations to consumers. The Bureau expects the requirement to designate a single attesting executive for the covered order will prompt the executive to focus greater attention on ensuring compliance, which in turn will increase the likelihood of compliance. Also, as stated in the proposal, the Bureau intends to use the information submitted under § 1092.204 to facilitate its efforts to assess compliance with any covered orders that may be enforced by the Bureau, and to make determinations regarding any potential Bureau supervisory or enforcement actions related to the covered order or any other identified risks to consumers. For example, where information obtained under proposed § 1092.204 indicates that a high-ranking executive has knowledge of (or has recklessly disregarded) violations of legal obligations falling within the scope of the Bureau's jurisdiction, and has authority to control the violative conduct, the Bureau may use that information in assessing whether an enforcement action should be brought not only against the nonbank covered person, but also against the individual executive. However, the final rule itself does not impose any legal obligation on the attesting executive to ensure compliance with any covered order.

88 FR 6088 at 6122.

Id.

The Bureau declines to finalize the proposed additional requirement described in the proposal that would have required the attesting executive to attest that the entity's compliance systems and procedures are reasonably designed to detect violations of the applicable covered order and ensure that such violations are reported to the attesting executive. The Bureau disagrees with the industry commenter that a requirement that the executive attest to such matters would contribute to the impression that the compliance burden rests solely with the attesting executive. But the Bureau does not believe it is necessary at this time to require supervised registered entities to submit such information on an annual basis, or to dedicate staff and other Bureau resources to reviewing such submissions.

88 FR 6088 at 6126.

The Bureau believes it is appropriate even for closely held entities annually to designate an attesting executive for each covered order. The designation requirement will serve the information-collection purposes of the rule by ensuring that the person who signs the written statement has sufficient authority and access to all the relevant company stakeholders to ensure that the report is as complete and accurate as possible. These requirements are necessary even for closely held entities. The Bureau may not regularly examine such entities, may not be aware of the entity's existence, and may not have adequate information about the entity's structure or operations; the designation requirement will help inform the Bureau regarding such matters. In addition, the designation requirement will facilitate the Bureau's efforts to assess compliance with any covered orders that may be enforced by the Bureau, and to make determinations regarding any potential Bureau supervisory or enforcement actions related to the covered order or any other identified risks to consumers.

See88 FR 6088 at 6121-22.

As for commenters' requests that the rule's written-statement requirements apply only prospectively, they are in fact so limited. Section 1092.204's written statement requirements apply only prospectively to covered orders with an effective date after the nonbank registry implementation date that is applicable to the supervised registered entity under § 1092.206. Thus, a supervised registered entity will not be required to file written statements for any covered order issued before late 2024, at the earliest. Moreover, as explained above, while some covered orders with an effective date after the applicable nonbank registry implementation date might relate to violations of covered laws committed before the final rule's effective date, the Bureau does not believe that the prospect of becoming subject to the written-statement requirements would have had a significant marginal impact on a supervised registered entity's decision whether to engage in conduct that risked violating covered laws, given the negative consequences already associated with committing such legal violations.

See additional discussion of retroactivity concerns in the section-by-section discussion of § 1092.202(d) above.

Final Rule

The Bureau adopts § 1092.203(b) as proposed (renumbered as § 1092.204(b)) for the reasons described above, with minor technical edits and certain changes and clarifications for the reasons discussed below.

The first sentence of § 1092.204(b) in the final rule has been revised from the proposed version to provide that the requirement to designate an attesting executive applies only as to covered orders that are described in § 1092.204(a). The first sentence of § 1092.204(b) in the final rule has also been revised from the proposed version to clarify, consistent with the approach described in the proposal and the final rule, that under § 1092.204(b) a supervised registered entity subject to a covered order described in § 1092.204(a) is required to designate an attesting executive for each covered order to which it is subject.

Section 1092.204(c) Requirement To Provide Attesting Executive(s) With Access to Documents and Information

Proposed Rule

Proposed § 1092.203(c) would have required a supervised registered entity subject to proposed § 1092.203 to provide its attesting executive(s) with prompt access to all documents and information related to the supervised registered entity's compliance with all applicable covered order(s) as necessary to make the written statement(s) required in proposed § 1092.203(d).

The Bureau believed that this proposed requirement would help ensure that the attesting executive for an applicable covered order has timely access to the documents and information needed to submit an informed and accurate written statement under proposed § 1092.203(d). A supervised registered entity would not have been permitted to refuse or deny to its attesting executive access to documents or information related to the supervised registered entity's compliance with the covered order. Under the proposed requirement, the Bureau would have expected the attesting executive to have prompt access to all such documents and information, notwithstanding, for example, any privileges that may apply to the documents and information, or where or how the documents and information are stored.

The Bureau believed that this requirement would enhance the accuracy and usefulness of the written statement, which in turn would enhance the Bureau's ability to supervise the entity effectively, assess and detect risks to consumers, and ensure the entity is legitimate and able to perform its obligations to consumers. The Bureau requested comment on the need for this requirement and whether other requirements, modifications, or amendments to proposed § 1092.203(c) should be considered in order to ensure the accuracy and usefulness of the written statement.

Comments Received

Commenters did not specifically address proposed § 1092.204(c).

Final Rule

For the reasons set forth in the description of the proposal above, the Bureau adopts § 1092.203(c) as proposed (renumbered as § 1092.204(c)).

Section 1092.204(d) Annual Requirement To Submit Written Statement to the Bureau for Each Covered Order

Proposed Rule

Proposed § 1092.203(d) would have required, on or before March 31 of each calendar year, that the supervised registered entity submit to the NBR system, in the form and manner specified by the Bureau, a written statement with respect to each covered order described in proposed § 1092.203(a). In the written statement, the attesting executive would have been required to provide a summary description of the executive's efforts to review and oversee compliance with the applicable order, and to attest regarding the entity's compliance with the order. Proposed § 1092.203(d) would have required the written statement to be signed by the supervised registered entity's attesting executive.

Proposed § 1092.203(d)(1) would have required the written statement to contain a general summary description of the steps, if any, the attesting executive has undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order for the preceding calendar year. This proposal was intended to provide information to the Bureau regarding the compliance monitoring efforts that have been undertaken by the executive during the applicable time period in connection with the order. The proposed rule would not have established any minimum procedures or otherwise specified the steps the executive must take to review and oversee the entity's activities. Instead, the proposed rule would have required only that the executive provide the Bureau with a general description of the steps the executive has already taken in this regard. The Bureau believed that this information would enhance the usefulness of the written statement by providing valuable context regarding the basis of the attesting executive's knowledge and by assisting the Bureau with determining the degree to which the Bureau may rely on the written statement. The Bureau believed that this information would be useful because the proposal would not by itself establish minimum requirements regarding the attesting executive's review and oversight of the entity's activities.

Proposed § 1092.203(d)(2) would have required the attesting executive to attest whether, to the attesting executive's knowledge, the supervised registered entity during the preceding calendar year identified any violations or other instances of noncompliance with any obligations that were imposed in a public provision of the covered order by the applicable agency or court based on a violation of a covered law. The attestation would have been provided subject to the attesting executive's knowledge. As discussed above with respect to proposed § 1092.203(b) and proposed § 1092.203(c), the Bureau anticipated that the attesting executive would have adequate knowledge of the entity's systems and procedures for achieving compliance with the covered order to provide a useful attestation.

The written statement described in the proposal would have addressed violations and other instances of noncompliance with obligations that are “based on” a violation of a covered law. For purposes of this proposed requirement, the Bureau explained that an obligation would have been “based on” an alleged violation where the order identifies the covered law in question, asserts or otherwise indicates that the covered nonbank has violated it, and imposes the obligation on the covered nonbank as a result of the alleged violation. This would have included, for example, obligations imposed as “fencing-in” or injunctive relief, so long as those obligations were imposed at least in part as a result of the entity's violation of a covered law. The proposed written statement would have also needed to address, for example, any obligation imposed as part of other legal or equitable relief granted with respect to the violation of a covered law, as well as any obligation imposed in order to prevent, remedy, or otherwise address a violation of a covered law, or the conditions resulting from such violation. The Bureau explained that, as discussed elsewhere in the proposal, an order may identify a covered law as the legal basis for the obligations imposed by referencing another document, such as a written opinion, stipulation, or complaint, that shows that a covered law served as the legal basis for the obligations imposed in the order. The Bureau proposed this approach because an order may satisfy the proposed definition of “covered order” but nonetheless contain provisions that are entirely unrelated to covered laws. This element of the requirement in proposed § 1092.203(d)(2) was intended to exclude such provisions that are entirely unrelated to violations of covered laws.

As in the context of proposed § 1092.201(e)(4), the Bureau explained that an obligation imposed based on multiple violations, some of covered laws and some of other laws, would qualify as an “obligation[ ] . . . based on an alleged violation of a covered law” within the meaning of proposed § 1092.203(d)(1), even if the violations of the non-covered laws would themselves have sufficed to warrant the imposition of the obligation.

The supervised registered entity would have been required to state whether it has or has not identified instances of noncompliance with respect to each covered order. If no such instances of noncompliance have been identified, the supervised registered entity would have been required to so state. The proposed rule would not have established any minimum procedures or otherwise imposed or specified steps a supervised registered entity must take in order to review or monitor compliance with each covered order. Instead, the proposed rule would merely have required supervised registered entities to report violations and noncompliance that they had already identified in the course of their own compliance reviews and assessments. The Bureau believed that supervised registered entities likely already conduct reviews to determine their compliance with covered orders, and those reviews would assist in completing the required written statements. The Bureau did not expect the proposal to amend or affect any review, reporting, or recordkeeping requirement contained in any covered order or other provision of law.

As discussed elsewhere in the proposal, the Bureau expected that some supervised registered entities might bolster their compliance efforts in response to the proposal.

While proposed § 1092.203(d) would have required the written statement to be signed by the supervised registered entity's attesting executive, it would not have required the attesting executive to submit a statement subject to the penalty of perjury. Nevertheless, the Bureau noted that knowingly and willfully filing a false attestation or report with the Bureau may be subject to criminal penalties. The Bureau believed that the signature requirement, and the consequent potential for criminal liability where a knowingly false attestation is made, would be likely to deter attesting executives from submitting written statements that are incorrect or based on incomplete or otherwise inadequate information. The Bureau explained that this requirement should significantly enhance the accuracy and usefulness of the written statement.

See18 U.S.C. 1001.

Comments Received

Commenters objected to the proposed annual requirement to submit a written statement to the Bureau for each covered order, and to the type of information that the proposal would require a supervised registered entity to submit. Industry commenters stated that the written statement to be submitted under proposed § 1092.204(d) would require proving to the Bureau that the entity had complied with applicable law. Industry commenters expressed concern with the Bureau's statement in the notice of proposed rulemaking that the proposed requirement for the attesting executive to sign the written statement, and the consequent potential for criminal liability where a knowingly false attestation is made, would be likely to deter attesting executives from submitting written statements that are incorrect or based on incomplete or otherwise inadequate information. Commenters referred or alluded to this statement in the proposal in expressing concern that an incorrect or false written statement would be punishable, and stated that a single individual could not hold first-hand knowledge sufficient to ensure compliance with a covered order. An industry commenter stated that the proposal seemed to conflate “knowingly and willfully” with the making of an incorrect statement or a statement based on incomplete or otherwise inadequate information, and stated that the Bureau's discussion of 18 U.S.C. 1001 was misleading and caused confusion as to what standard would apply to the attestation.

See88 FR 6088 at 6125.

Commenters stated that the proposed written-statement requirements were vague and unclear, so executives and supervised registered entities would be required to guess what the Bureau expects in terms of compliance. Commenters stated that the Bureau must unambiguously articulate the obligations of supervised registered entities and attesting executives under the rule, including the potential liability and intent standards. Industry commenters further suggested that such assertedly vague requirements represented an attempt at “regulation by enforcement” by the Bureau.

An industry commenter stated that the proposed requirement to attest regarding past violations was incompatible with constitutional due process, since a court might subsequently determine, after the executive had submitted a written statement, that an applicable violation had in fact occurred. The commenter expressed concern that such a development would lead to retroactive liability for the attesting executive.

An industry commenter stated that the proposal would have required the submission of an absolute statement, which in the commenter's view would be unreasonable, and stated that the required written statement should include materiality and reasonableness standards—for example, to provide that the entity had not identified any material violations, and that the statement was based on a reasonable and good-faith review of the material information.

Industry commenters and a joint comment by State regulators stated that the proposed written statement requirement was jurisdictional overreach by the Bureau and an unauthorized attempt to enforce laws that the Bureau does not enforce. Commenters also stated that the issuing agency (or court), and not the Bureau, should monitor and establish compliance guidelines related to the covered order.

A joint comment by State regulators asserted that the proposed written-statement requirements would complicate and frustrate attempts by the States to enforce Federal consumer financial law, and stated that such requirements would be onerous, duplicative, and unnecessary, and may ultimately weaken the original regulatory action and order. This comment and industry commenters also stated that the proposed written-statement requirements would create contradictory reporting obligations, since covered orders themselves contain reporting provisions and the agencies that issue or obtain such orders will also be monitoring compliance.

Commenters stated that in lieu of the proposed written-statement requirements, the Bureau should rely on similar attestations submitted to the NMLS, including the NMLS Form MU1, where applicable. The joint comment letter from State regulators stated that established information-sharing memorandums of understanding and supervisory coordination protocols provide the most effective and straightforward means for the Bureau and State regulators to raise concerns and identify potential instances of recidivism at supervised registered nonbanks.

An industry commenter stated that the registry should provide supervised registered entities with an opportunity to supplement their written statements with relevant ameliorating information, such as remediation paid or steps taken.

A joint comment by industry commenters stated that the proposal failed to consider downsides to the written-statement requirements, and that the Bureau had failed to provide an adequate explanation of the basis of its belief that those requirements would achieve their claimed benefits or the scale of any benefit to consumers.

An industry commenter stated that the requirement that would have been imposed under proposed § 1092.203(d)(1) to “[g]enerally describe the steps that the attesting executive has undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order for the preceding calendar year” may exceed the reporting requirements of the underlying covered order, multiplying the burden imposed by that order. Another industry commenter stated that this requirement would not provide an adequate, accurate description of the compliance framework and that the Bureau could instead simply obtain this information through its normal supervisory process. This commenter also stated that obtaining this information via the proposed registry would put confidential supervisory information at risk. Other industry commenters stated the Bureau should detail how it will safeguard written statement information against data breach.

An industry commenter stated that the proposed registry should not require disclosure of information protected by the attorney-client privilege.

Commenters stated that the proposed written-statement requirements would have a significant chilling effect on the hiring and retention of senior executives and could discourage competent individuals from serving in such roles, raising costs and potentially harming consumers.

An industry commenter suggested that the proposed written-statement requirements would raise First Amendment concerns related to compelled speech, and an individual commenter expressed concerns regarding the proposal's implications for free speech.

An industry commenter stated that the proposed written statements would be redundant because the applicable covered order, if issued under consent, would already have been signed by a company officer.

An industry commenter stated that the attestation described at proposed § 1092.203(d)(2) should not be made by an executive but by the supervised registered entity itself. An industry commenter stated that the proposed written statement would inappropriately substitute individual liability for the company's liability, contrary to longstanding corporate legal tenets regarding piercing the corporate veil.

Industry commenters stated that the proposed written statements would cause supervised registered entities to place undue emphasis on compliance with covered orders to the detriment of their other compliance responsibilities, distorting compliance programs at such entities, imposing unwarranted burden, and harming consumers.

Industry commenters stated that the proposed written-statement requirements should not include any representations about compliance with covered orders issued under State laws. In particular, these commenters suggested that because many covered orders require ongoing compliance with State UDAP laws, and because those laws are very broad and cover a wide range of activities, it would be impossible for attesting executives to be certain that the supervised registered entity had not violated such a covered order. Commenters stated that the Bureau has no legitimate interest in requiring written statements regarding compliance with such laws.

More generally, commenters stated that the proposed written-statement requirements were unfair because it would be impossible for an executive to attest that the supervised registered entity had not committed any violations of the applicable covered order, especially since such orders often cover a wide range of broad laws, including UDAAP laws.

In the proposal, the Bureau stated that it was “also considering adopting a requirement that the written statement contain a short description of the entity's compliance systems and procedures relating to the covered order, including a description of the processes for notifying the attesting executive regarding violations or other instances of noncompliance with the order.” The Bureau stated that it “expects that many executives may choose to provide such information in the summary narrative portion of the written statement required in proposed § 1092.203(d)(1), as part of describing the steps that the attesting executive has undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order,” but it sought “comment on whether to expressly require submission of such information in the final rule.” One industry commenter, while stating that the Bureau should remove the written-statement requirements altogether, argued in the alternative that if the Bureau did choose to require a written statement it should take an approach similar to this proposed alternative. Under the approach suggested by the industry commenter, the entity would be required to submit a written statement to the effect that the entity's overall compliance program is reasonably designed to detect and prevent violations of all orders, and not just a particular covered order. Another industry commenter stated that this proposed alternative would not alleviate the industry commenter's concerns about the proposal, would not provide an adequate, accurate description of the compliance framework, and could risk revealing confidential information about the entity or its compliance system or procedures.

88 FR 6088 at 6126.

Id.

Industry commenters stated that the proposal failed to identify benefits of the proposed written-statement requirements that could not readily be achieved through the Bureau's exercise of its existing supervisory authorities with fewer negative consequences. These commenters stated that the Bureau could gather sufficient information through its normal supervisory process. A commenter stated that the Bureau could obtain more detailed and comprehensive information about the entity's compliance systems and procedures for complying with the order through the supervisory process.

Tribe and industry commenters stated that for purposes of the written statement, orders should not be considered “final” as provided under proposed § 1092.201(e) until all avenues of appeal have been exhausted.

Response to Comments Received

Section 1092.204(d) does not require that the supervised registered entity demonstrate its compliance with the covered order to the Bureau. The provision requires only that the supervised registered entity indicate whether or not, to the knowledge of the attesting executive, the supervised registered entity has identified any violations of applicable provisions of the covered order. As stated in the proposal, knowingly and willfully filing a false attestation or report with the Bureau may be subject to criminal penalties under other provisions of law outside the final rule. But neither the final rule nor the existing legal obligations of individuals and entities to be truthful in their attestations to the Bureau require attesting executives to demonstrate compliance with covered orders. Section 1092.204(d)(2) requires only that the executive attest (truthfully), to the executive's knowledge, regarding whether the entity has identified any applicable violations (or other instances of noncompliance). For example, an attesting executive might attest truthfully that the entity has not identified a violation even if the entity has in fact violated the order, so long as the entity has not identified that violation.

See, e.g., 18 U.S.C. 1001. One industry commenter asserted, incorrectly, that the proposal would have required the attesting executive to submit the annual written statement subject to the penalty of perjury. As stated in the proposal, and as acknowledged by other commenters, proposed § 1092.203(d) would not have required the attesting executive to submit a statement subject to the penalty of perjury. See88 FR 6088 at 6125. The Bureau sought comment on its proposal to require the attesting executive's signature on the statement but not to require a statement subject to the penalty of perjury. Commenters did not provide arguments in support of changing this approach, and the Bureau finalizes § 1092.204(d) without requiring the attesting executive to submit a statement subject to the penalty of perjury.

The proposal's statement regarding the possibility of criminal penalties did not purport to expand or otherwise affect the scope of an executive's potential liability under existing criminal law for submitting false statements to the Bureau. Nor does the final rule impose any requirements regarding steps that an executive must take to review and oversee the supervised registered entity's activities subject to the applicable covered order. While the Bureau expects attesting executives to submit truthful statements under the final rule and believes that the existence of other laws like 18 U.S.C. 1001 provides incentives in that regard, the final rule does not purport to interpret provisions of criminal law (which are administered by agencies other than the Bureau) or to identify particular circumstances under which an attesting executive would become criminally liable for false statements.

Note, however, that a supervised registered entity's failure or refusal to make reports or provide information as required under the final rule may violate civil laws administered by the Bureau, including not just the rule itself but also 12 U.S.C. 5536(a)(2).

Nor, as discussed in the description of the proposal above, does the final rule itself establish any minimum procedures or otherwise specify the steps the executive must take in order to review and oversee the entity's activities. Instead, § 1092.204(d)(1) requires only that the executive provide the Bureau with a general description of the steps the executive has already taken in this regard; this information will provide valuable context regarding the basis of the attesting executive's knowledge and will assist the Bureau with determining the degree to which the Bureau may rely on the written statement. The attestation submitted under § 1092.204(d)(2) is made subject to the attesting executive's knowledge, as that knowledge exists. As discussed above, based in part on the other written-statement requirements contained in § 1092.204, the Bureau anticipates that the attesting executive will have adequate knowledge of the entity's systems and procedures for achieving compliance with the covered order to provide a useful attestation.

The Bureau declines to modify the required contents of the written statement as provided at § 1092.204(d)(1) and (2). The Bureau believes these provisions are sufficiently clear to inform registered supervised entities and their attesting executives regarding their responsibilities under the final rule. Section 1092.204(d)(1) requires that the attesting executive generally describe the steps that the attesting executive has undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order for the preceding calendar year. Section 1092.204(d)(2) requires that the attesting executive attest whether, to the attesting executive's knowledge, the supervised registered entity during the preceding calendar year identified any violations or other instances of noncompliance with any obligations that were imposed in a public provision of the covered order by the applicable agency or court based on a violation of a covered law. If the executive knows of such identified violations, the executive should so state; conversely, if the executive does not know of such identified violations, the executive should so state. That is all these provisions of the final rule require.

The final rule does not require that the supervised registered entity prove its compliance with the applicable covered order to the Bureau. Instead, the rule requires the attesting executive to state whether the entity has identified applicable violations of the covered order. If an agency or court were to subsequently determine that, contrary to the entity's determination at the time of the written statement, the supervised registered entity had in fact violated the covered order during the relevant year, that determination would not establish that the entity's attestation was false. Thus, the rule does not impose a retroactive liability on supervised registered entities or their attesting executives.

The Bureau believes that the written statement requirement is reasonable and declines to impose materiality requirements as to the type of violations that must be declared. There is value to the Bureau in knowing about any violation of existing orders, even violations that might be characterized as “minor.” The covered order is in place because an agency or court has already determined that issuing the order, and each of the provisions thereof, was appropriate to address a violation by the supervised registered entity of a covered law. A subsequent violation of the covered order is therefore a “second strike” that is probative of risk to consumers. The Bureau believes that obtaining information about such matters through the written statement will facilitate its supervisory activities and its assessment and detection of risks to consumers. In addition, violation of any legally binding obligation may indicate that the entity lacks the willingness or ability more generally to comply with its legal obligations, including its obligations under the Federal consumer financial laws that the Bureau enforces. Thus, the submission of information about such violations, even allegedly minor ones, will assist the Bureau in ensuring that supervised registered entities are legitimate entities and are able to perform their obligations to consumers.

The Bureau also declines to impose a reasonableness, good faith, or other standard regarding the steps that the attesting executive has undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order. The final rule does not impose any substantive requirements on supervised registered entities or attesting executives regarding such steps. Thus, there is no need for the final rule to establish a standard against which the Bureau will assess compliance with any such requirements. The Bureau intends to review the summary narrative portion of the written statement required in § 1092.204(d)(1) for information regarding the executive's review. In addition, § 1092.204(e) imposes related recordkeeping requirements with respect to the preparation of the written statement. The Bureau anticipates that these requirements will assist the Bureau in assessing the reliability of the written statement.

For similar reasons, the Bureau declines to impose reasonableness or other standards with respect to the entity's efforts to identify applicable violations of covered orders. The final rule does not impose any substantive requirements on supervised registered entities with respect to such matters. For example, the final rule does not establish any minimum procedures or otherwise impose or specify steps a supervised registered entity must take in order to review or monitor compliance with any covered order. The Bureau will continue to assess such matters as part of its normal supervisory process where applicable.

The Bureau disagrees that the written-statement requirements represent an attempt to enforce the orders or laws that are administered by other agencies (or by courts). The written-statement requirements are intended to promote the Bureau's own work by facilitating the Bureau's supervisory activities and its assessment and detection of risks to consumers, and by ensuring that supervised registered entities are legitimate entities and are able to perform their obligations to consumers. The Bureau is adopting these requirements for the purposes established by Congress. The Bureau does not agree with commenters' assertions that written-statement requirements to provide information about violations of a covered order constitute an effort to enforce that order. The written statement required under § 1092.204(d) is not intended to monitor compliance by supervised registered entities with covered orders for the purpose of enforcing those orders. This part of the written statement is intended to provide the Bureau with information regarding whether or not the entity violated the covered order during the preceding year. As described at part IV, that information will facilitate the Bureau's supervision of the supervised registered entity, help the Bureau detect and assess risks to consumers, and help ensure that supervised registered entities are legitimate entities and are able to perform their obligations to consumers. However, the Bureau does not intend to, and does not assert any authority to, enforce covered orders merely because of their covered order status. While certain covered orders—such as the Bureau's own orders—will be enforceable by the Bureau, others will not be. The final rule will not affect whether the Bureau may enforce the terms of any covered order.

Some commenters expressed concern that the Bureau is overextending its authority by using the written-statement requirements in an effort to enforce State law. The written-statement requirement, however, does not seek to compel compliance with orders issued under State law. Instead, the written-statement requirement is an aid to assessing risks to consumers arising under Federal consumer financial law, including by considering the extent to which an entity is subject to oversight by State authorities. Although it is possible that, in some instances, the Bureau may review information submitted through the registry, including the written statements from attesting executives, and determine that supervisory action under Federal consumer financial law is necessary, the Bureau's review may also indicate that action under Federal law is unnecessary or should be a lower supervisory priority.

See12 U.S.C. 5514(b)(2)(D) (providing that, in prioritizing entities for supervision, the Bureau should consider “the extent to which such institutions are subject to oversight by State authorities for consumer protection”). As discussed in the section-by-section discussion of § 1092.201(c) above, the Bureau declines to remove State laws from the final rule's definition of “covered law” or to exempt covered orders issued under such laws from the scope of the written-statement requirements. As discussed in that section and in the proposal, the Bureau has determined that agency and court orders stemming from violations of these State laws will likely be probative of risk to consumers. The Bureau believes that it is important to impose the annual written-statement requirements on supervised registered entities that are subject to such covered orders.

The Bureau believes it is important to obtain the information described in the final rule about supervised registered entities' ongoing compliance with relevant provisions of covered orders, including covered orders issued or obtained by State and local agencies. The Bureau believes that the written statement obligations in the final rule will not complicate or frustrate State enforcement efforts. The Bureau will not undermine the efforts of other regulators by collecting such information from entities subject to its jurisdiction related to the offering or provision of consumer financial products and services. As discussed above, the Bureau does not intend to, and does not assert any authority to, enforce covered orders not issued or obtained by the Bureau merely because of their covered order status. As stated in the proposal, evidence regarding a supervised registered entity's compliance with a covered order will provide the Bureau with important information regarding risks to consumers that may be associated with the order and will be highly relevant to the Bureau's own supervisory and enforcement efforts. State regulators conduct enhanced supervision and ongoing monitoring of companies that are subject to covered orders precisely because of the increased risk such orders represent. The Bureau agrees with the joint comment from State regulators that increased coordination and information sharing with the States regarding such orders will also facilitate the work of all regulators concerned, and the Bureau intends to use the information provided under the registry, including the written statement, so that it may be better informed about such orders and thus be in a better position to communicate with other regulators about them.

See88 FR 6088 at 6125.

The additional reporting obligation in the final rule will not prevent or interfere with the efforts of supervised registered entities to comply with their other reporting obligations. Supervised registered entities can comply with their reporting requirements under § 1092.204(d) and other sources of law, much as supervised registered entities currently comply with Bureau supervisory requests for information under CFPA section 1024(b)(1) while also complying with other reporting requirements.

See12 U.S.C. 5514(b)(1).

The Bureau agrees with the industry commenter that registration under the NMLS system will provide information that may help lessen the need to submit an annual written statement to the Bureau under this section. As discussed in the section-by-section discussion of final § 1092.203, the Bureau is adopting a provision that will provide an option for a supervised registered entity to file a one-time statement to the Bureau in lieu of complying with § 1092.204's requirements with respect to a NMLS-published covered order.

The Bureau declines to supplement the written-statement requirements beyond the requirements in the final rule. However, any supervised registered entity that wishes to discuss any matter relevant to Bureau supervision should contact the appropriate Bureau supervisory representative. To the extent that the supervised registered entity believes that the submission of such information would be useful or informative to the Bureau, it may use other channels to do so.

The Bureau has considered alternative approaches to adopting the written-statement requirements for supervised registered entities. However, as discussed herein and in part IV(D), the Bureau finalizes its preliminary findings contained in the proposal that requiring supervised nonbanks to designate attesting executives and to submit certain written statements relating to compliance with reported orders will facilitate the Bureau's supervisory efforts and better ensure that supervised registered entities are legitimate entities and are able to perform their obligations to consumers. Among other things, as discussed herein and in part IV(D), the Bureau concludes that the adoption of the written-statement requirements will provide valuable information regarding the entities subject to Bureau supervision. The Bureau may use that information, including whether supervised registered entities have identified violations of covered orders registered under § 1092.202, in conducting its supervisory prioritization efforts, assessing compliance systems and procedures, and detecting and assessing risk to consumers and to markets for consumer financial products and services. As described in parts VIII and IX, the Bureau has considered the potential benefits, costs, and impacts of the written-statement requirements in the final rule, including the potential benefit to consumers.

88 FR 6088 at 6100.

Under the final rule, as proposed, § 1092.204(d)(1) requires the written statement to contain only a general summary description of the attesting executive's actions, and thus does not impose a substantial new reporting requirement. This provision does not affirmatively require the executive to take any actions related to compliance with the covered order; it only requires the executive to provide the Bureau with a general description of what applicable steps, if any, the executive has taken. The Bureau anticipates that this general description will generally be short and summary in nature. The Bureau concludes that such a statement will generally be sufficient to serve the purposes of this requirement and provide the information sought by the Bureau. This requirement will provide valuable context regarding the basis of the attesting executive's knowledge and assist the Bureau with determining the degree to which the Bureau may rely on the written statement.

Final § 1092.204(d)(1) is not intended to provide the Bureau with a comprehensive understanding of a supervised registered entity's compliance systems or procedures. Instead, it is intended to enhance the usefulness of the written statement by providing valuable context regarding the basis of the attesting executive's knowledge and by assisting the Bureau with determining the degree to which the Bureau may relay on the written statement. To the extent the Bureau desires additional information regarding the supervised registered entity's activities or practices, the Bureau may utilize its other supervisory authorities.

As expressly provided at final § 1092.205(b), the written statement submitted under final § 1092.204(d) will be treated as CFPB confidential supervisory information subject to the provisions of 12 CFR part 1070. The Bureau disagrees that requiring submission of this confidential supervisory information via the nonbank registry will put the information at risk. The Bureau has adequate data safeguards to protect the written statement information that supervised registered entities provide to the Bureau under § 1092.204(d). Such information will be protected by the Bureau's confidentiality regulations at 12 CFR part 1070, the Federal Trade Secrets Act, 18 U.S.C. 1905, and other laws. In addition, the Bureau is subject to data breach requirements provided in the Federal Information Security Management Act (FISMA), applicable Office of Management and Budget (OMB) Memoranda, U.S. Department of Homeland Security (DHS) Binding Operational Directives, National Institute of Standards and Technology (NIST) Federal Information Processing Standards and documents, and other applicable guidance.

To the extent that certain comments might be read as expressing concern that § 1092.204(d) might require the submission of information protected by the attorney-client privilege or another legal privilege, the commenters do not identify any particular scenarios under which submission of privileged information might be required to comply with § 1092.204(d), and as discussed in the section-by-section discussion of § 1092.201(d), the Bureau does not intend for the final rule to require the submission of privileged information to the nonbank registry.

As discussed in part VIII below, the Bureau acknowledges that certain firms that are subject to covered orders and that lack adequate compliance systems may be forced to pay attesting executives a salary premium because of the written-statement requirements, but believes that there will be few such firms. The Bureau also disagrees with commenters' assertions that, for most covered nonbanks, the requirement for covered nonbanks to designate attesting executives for covered orders will discourage competent compliance and risk management personnel from serving in such roles. Neither § 1092.204(b)'s designation requirements nor the publication of the name and title of the attesting executive as provided at § 1092.205 will materially increase the legal obligations of such executives. As discussed elsewhere in this section, § 1092.204(d) requires the submission only of certain limited statements on behalf of the supervised registered entity to the executive's knowledge. For most companies, this statement should be straightforward and noncontroversial. Thus, for most supervised registered entities, the Bureau does not agree with commenters' assertions that the proposed requirements would have a significant chilling effect on the hiring and retention of senior executives.

The written-statement requirement does not violate the First Amendment. The final rule merely requires a factual disclosure regarding (1) the steps the attesting executive has taken to review and oversee the supervised registered entity's activities subject to the applicable covered order, and (2) whether, to the attesting executive's knowledge, the supervised registered entity during the preceding calendar year identified violations or other instances of noncompliance with the entity's obligations under such a covered order. It only requires that the written statement be made to the Bureau, not to the general public. The rule excludes the written statement from its publication requirements and expressly provides that the written statement “will be treated as Bureau confidential supervisory information.” The written-statement requirement will facilitate Bureau supervisory efforts. It bears no resemblance to the type of “Government-mandated pledge or motto” that has been held to violate the First Amendment. Such a limited reporting requirement, especially one connected to extant conduct regulations, complies with the First Amendment.

Rumsfeld v. Forum for Academic & Institutional Rights, Inc., 547 U.S. 47, 61-62 (2006) (discussing W. Va. State Bd. of Educ. v. Barnette, 319 U.S. 624 (1943), and Wooley v. Maynard, 430 U.S. 705 (1977)).

See, e.g., Arkansas Times LP v. Waldrip, 37 F.4th 1386, 1394 (8th Cir. 2022) (en banc) (holding that requirement that government contractors certify compliance with conduct-based regulations did not unconstitutionally compel speech); United States v. Arnold, 740 F.3d 1032, 1033-35 (5th Cir. 2014) (rejecting “compelled speech” challenge to Federal sex-offender registration requirements); United States v. Conces, 507 F.3d 1028, 1040 (6th Cir. 2007) (holding that requiring responses to discovery requests did not violate First Amendment); United States v. Sindel, 53 F.3d 874, 878 (8th Cir. 1995) (rejecting “compelled speech” challenge to providing information required by an IRS form).

The Bureau disagrees with the industry commenter that the written-statement requirements would be redundant because the applicable covered order, if issued under consent, would already have been signed by a company officer. A signature of a supervised registered entity's officer with respect to a covered consent order (such as on a stipulation or consent agreement) would not serve the purposes of § 1092.204's written-statement requirements. Among other things, there generally would be no requirement that such an executive would satisfy the criteria established under § 1092.204(b); such an executive generally would not be designated on an annual basis, depriving the Bureau of relevant up-to-date information; an executive signature consenting to a covered order generally would not provide any of the information that would be submitted in the annual written statement required under § 1092.204(d); and the other requirements established in § 1092.204, including § 1092.204(c) and (e), generally would not be imposed with respect to the covered order.

Regarding the comment that the attestation described at § 1092.203(d)(2) should not be made by an executive but by the supervised registered entity itself, the written statement—as discussed above — is a statement by the supervised registered entity. To be sure, § 1092.204(d) requires the written statement to be made and signed “on behalf of the supervised registered entity” by a particular individual agent, the attesting executive. Section 1092.204(b) establishes requirements for the entity's designation of its attesting executive(s) to ensure that the person who signs the written statement has sufficient authority and access to all the relevant company stakeholders to ensure that the report—which is filed on behalf of the entity, not the individual executive—is as complete and accurate as possible. But the obligations under § 1092.204 belong to supervised registered entities, not to particular individuals acting in their personal capacities.

See the Bureau's response to certain comments regarding the Bureau's legal authority to impose written-statement requirements above.

See88 FR 6088 at 6121-22.

The Bureau disagrees that § 1092.204(d)(2) represents an inappropriate attempt to substitute the individual liability of the attesting executives for the liability of the supervised registered entities they represent. As discussed above, even for those covered orders that the Bureau is authorized to enforce, § 1092.204(b)'s requirement to designate an attesting executive does not mean that the Bureau intends to hold that executive solely responsible for the entity's compliance with those covered orders. The final rule does not impose any additional requirements to take steps to address any covered order, nor does it establish any standards for imposing liability on any individual in connection with any covered order. Any individual accountability in connection with violations of such orders shall continue to be determined in accordance with existing law, which the final rule does not purport to change. Nor does the final rule affect the Bureau's existing approach to assessing board and management oversight at supervised registered entities.

The Bureau disagrees that § 1092.203(d)(2) would cause a supervised registered entity to place undue emphasis on compliance with covered orders, to the detriment of its other compliance responsibilities. As stated in part IV(A) above, agency and court orders are not suggestions. It is incumbent on supervised registered entities to comply with such orders and also manage their other responsibilities. As explained in the proposal, the Bureau believes, based on its experience and expertise, that most entities subject to covered orders endeavor in good faith to comply with them and will already have in place systems and procedures to help achieve such compliance. The Bureau thus believes that few entities would significantly alter their compliance systems, procedures, or priorities in response to § 1092.204. Further, the risk of legal sanctions will likely deter entities from neglecting other legal obligations not associated with covered orders. The Bureau thus does not believe that § 1092.204 will cause supervised registered entities to ignore other legal requirements not set forth in covered orders.

See88 FR 6088 at 6133.

The final rule does not obligate supervised registered entities to spend an inordinate amount of time, or indeed any time at all, on compliance with covered orders. The final rule does not establish any minimum level of compliance management or expectations for compliance systems and procedures at supervised registered entities. It only requires such entities to report information about their compliance to the Bureau.

For the reasons discussed in part IV and the section-by-section discussions of § 1092.201(c) and (e) above, the Bureau concludes that the term “covered order” should include orders issued or obtained by agencies other than the Bureau. As discussed in part IV(D) and this section-by-section discussion of § 1092.204, submission of a written statement regarding either compliance or noncompliance with covered orders will provide the Bureau with important additional information regarding risks to consumers that may be associated with the orders and the applicable supervised registered entities' compliance systems and procedures, and will otherwise facilitate the Bureau's supervision of such entities. The Bureau disagrees with commenters' assertions that the Bureau lacks a legitimate interest in obtaining such information from entities that are subject to its supervisory and examination jurisdiction under CFPA section 1024.

With respect to the comments stating that it would be impossible for an executive to attest that a supervised entity had complied with a broadly drafted covered order, including orders based on violations or alleged violations of Federal or State UDAP/UDAAP laws, final § 1092.204(d) does not require that the supervised registered entity prove its compliance with the covered order to the Bureau, as discussed above. Section 1092.204(d)(1) requires the executive to generally describe the steps that the attesting executive has undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order for the preceding calendar year, but imposes no minimum standards or other requirements regarding those steps. And all the entity need disclose under § 1092.204(d)(2) is whether, to the attesting executive's knowledge, the supervised registered entity during the preceding calendar year identified any violations or other instances of noncompliance with any obligations that were imposed in a public provision of the covered order by the applicable agency or court based on a violation of a covered law. Such matters are within the power of the supervised registered entity and its attesting executive to know and describe to the Bureau, and will provide important information that is useful to the Bureau. Should the Bureau desire additional information relating to the covered order or the supervised registered entity's compliance with the covered order, the Bureau may choose to follow up on the information provided by the supervised registered entity in its written statement, including via its supervisory and examination authority or by communicating with the appropriate agency.

The Bureau declines to adopt the alternative approach proposed in the notice of proposed rulemaking that the written statement contain a short description of the entity's compliance systems and procedures relating to the covered order. The Bureau concludes the written-statement requirements included in the final rule will provide sufficient information to the Bureau to serve the purposes of the written-statement requirement. The written statement will provide valuable information to the Bureau regarding the entity's attesting executive for each applicable covered order, the steps undertaken by that executive to review and oversee compliance with the covered order, and any applicable recent violations of the order identified by the supervised registered entity. To the extent the Bureau desires to obtain more information about the entity's compliance systems or procedures than is provided in the written statement, the Bureau may choose to follow up directly with the supervised registered entity through its supervisory authority or through other means. The Bureau does not believe it is necessary at this time to require all supervised registered entities to submit a description of the entity's relevant compliance systems and procedures on an annual basis, or to dedicate staff and other Bureau resources to reviewing such submissions.

See88 FR 6088 at 6126.

Likewise, the Bureau declines to adopt the alternative approach proposed by the commenter to obtain a single representation about all covered orders to which the entity is subject. The Bureau believes that requiring a separate written statement for each covered order will be more likely to provide the Bureau with meaningful and useful information regarding the covered order, the entity's compliance with that covered order, other risks to consumers that are related to that covered order, and other matters. The Bureau also believes this proposed alternative is inconsistent with the approach to designation of attesting executives taken under § 1092.204(b). As described in the proposal, the Bureau believes it is desirable to require a supervised registered entity to annually designate one attesting executive for each applicable covered order to which it is subject and for all submissions and other purposes related to that covered order under subpart B. If an entity has designated multiple attesting executives under the rule, the Bureau would not necessarily expect each such executive to be able to provide a meaningful attestation with respect to all covered orders. See part IV above for additional discussion of these issues.

See88 FR 6088 at 6123.

With respect to the comment opposing the adoption of this proposed alternative, while the Bureau does not necessarily agree with the industry commenter's assertion that the proposed alternative would fail to provide adequate or accurate information to the Bureau, the Bureau believes the written-statement requirements included in the final rule will provide sufficient information to the Bureau to serve the purposes of the written-statement requirement. Regarding the inclusion of confidential information in the written statement, the Bureau expects that the written statement may contain certain confidential information about the entity and its compliance system or procedures. Anticipating this issue, the final rule treats the written statement as Bureau confidential supervisory information (§ 1092.205(b)) and would not publish it. As discussed in the section-by-section discussion of § 1092.205(b), this approach will enhance the usefulness of submissions under final § 1092.204(d)(1) and (2), increase the Bureau's ability to detect and assess potential noncompliance and emerging risks to consumers, and promote compliance with the law.

With respect to the comments stating that the Bureau should use its existing supervisory authorities instead of imposing the written-statement requirements, the Bureau disagrees to the extent the comments suggest that the Bureau should collect written statements only in connection with particular examinations via direct communication with supervised registered entities. Such an approach would not be more reliable and predictable for all parties than a rule-based approach, and would be less administrable for the Bureau. The approach adopted in the final rule will structure the information collected and establish a regular cadence for collecting it. This approach also will enable the Bureau to more readily utilize this information, as it will be linked via the nonbank registry to the other information submitted by the relevant supervised registered entity regarding the applicable covered order.

See also part IV(D) above.

In addition, there is no existing comprehensive list of nonbank entities subject to Bureau supervision, so the Bureau would be unable to issue a standing order to such entities to produce such information. The final rule requires supervised registered entities, within the timeframes established by the rule, to identify themselves to the Bureau and to provide information that is relevant to the Bureau's assessment and detection of risks to consumers related to such entities. As discussed in part IV(D) above, the collection of this information will facilitate Bureau supervision by, among other things, helping the Bureau identify when a nonbank entity subject to its supervisory authority is subject to a covered order, and by annually collecting information about the entity's compliance with the covered orders to which it is subject. This information will in turn help the Bureau prioritize its nonbank examinations under CFPA section 1024(b)(2) and otherwise inform how the Bureau supervises and examines the entity. As appropriate, the Bureau may also, as one commenter suggests, obtain more detailed and comprehensive information about the entity's compliance systems and procedures for complying with the order via direct communication with the entity through the supervisory process.

See the section-by-section discussion of § 1092.201(e) above regarding the final rule's treatment of covered orders that may be subject to appeal.

Final Rule

The Bureau adopts § 1092.203(d) as proposed (renumbered as § 1092.204(d)) for the reasons discussed above and in the description of the proposal, with changes to the wording of the paragraph's first sentence. That sentence now reads (with additions marked with italics): “On or before March 31 of each calendar year, the supervised registered entity shall, in the form and manner specified by the Bureau, submit to the nonbank registry a written statement with respect to each covered order described in paragraph (a) (1) of this section to which it is subject.” The changes reflect revisions to § 1092.204(a) that are discussed in the section-by-section analysis of that subsection (as well as the Bureau's adoption of the term “nonbank registry” described in the section-by-section discussion of § 1092.101(d) above).

See also the section-by-section discussion of § 1092.101(d) above regarding the Bureau's adoption of the revised term “nonbank registry.”

Under § 1092.204(a)(2), a supervised registered entity is not required to comply with § 1092.204—including the requirements of § 1092.204(d)(2)—with respect to any NMLS-published covered order for which it has chosen to comply with the one-time registration option described in § 1092.203.

Under § 1092.204(d) of the final rule, written statements only need to address periods during which covered nonbanks qualify as supervised registered entities. Therefore, if a covered nonbank did not qualify as a supervised registered entity at any point during the preceding calendar year, it does not need to file a written statement in the current calendar year, even if the covered nonbank becomes a supervised registered entity by March 31 of the current calendar year.

Section 1092.204(e) Requirement To Maintain and Make Available Related Records

Proposed Rule

Proposed § 1092.203(e) would have imposed recordkeeping requirements with respect to the preparation of the written statement. These requirements were designed to promote effective and efficient enforcement and supervision of proposed § 1092.203. The Bureau would have relied on its rulemaking authorities under CFPA section 1024(b)(7)(A)-(C) in imposing proposed § 1092.203(e)'s recordkeeping requirements.

Proposed § 1092.203(e) would have required a supervised registered entity to maintain documents and other records sufficient to document the entity's preparation of the written statement, to provide reasonable support for the written statement, and to otherwise demonstrate compliance with the requirements of proposed § 1092.203 with respect to any submission under that section. The proposed section would have required the supervised registered entity to maintain those documents and records for five years after such submission was required. The proposal would have also required the supervised registered entity to make such documents and other records available to the Bureau upon the Bureau's request. The Bureau explained that the purpose of this requirement would be to enable the Bureau to assess, as part of its normal supervisory process, the supervised registered entity's compliance with proposed § 1092.203. The Bureau explained that it expected such documents and other records to be in a form sufficient to enable the Bureau to conduct this assessment. The Bureau believed that the five-year time period would appropriately facilitate the Bureau's examination and enforcement capabilities with respect to compliance with proposed § 1092.203's requirements.

Comments Received

One industry commenter stated that the requirement to “provide reasonable support” for the written statement was vague and overly broad, and that it could extend to every record that a company has. Relatedly, the commenter stated that the costs associated with this requirement could not be quantified as a result of this uncertainty.

The commenter also stated that the proposed recordkeeping requirement would be unduly burdensome because it would require a supervised registered entity to maintain evidence of compliance with covered orders. And the commenter objected to the duration of the recordkeeping requirement, as the five-year obligation imposed under proposed § 1092.203(e) might exceed the duration of the requirements imposed by the other provisions of the proposal (such as where the order terminates earlier). The commenter also stated the Bureau should have considered obtaining documents from other regulators as an alternative to proposed § 1092.203.

Response to Comments Received

The Bureau disagrees with the industry commenter's statement that the requirements of § 1092.204(e) (which was initially proposed as § 1092.203(e)) are vague and overly broad, and that an estimate of the costs associated with those requirements cannot be quantified. Section 1092.204(e) does not require a supervised registered entity to comply with any covered order, nor does it require the entity to prove that it is in compliance with any covered order. Instead, § 1092.204(e) requires the entity to maintain documents sufficient to allow the Bureau, through its normal supervisory process, to review the entity's compliance with the requirements of § 1092.204 with respect to a submission under that section. Thus, § 1092.204(e) requires a supervised registered entity to maintain documents that demonstrate compliance with the various paragraphs of § 1092.204.

Specifically, a supervised registered entity would satisfy § 1092.204(e) with respect to the requirements of § 1092.204(b) regarding the designation of an attesting executive for a particular covered order by maintaining records that reasonably support the entity's designation, including records that demonstrate that the attesting executive satisfies the criteria established by § 1092.204(b).

Section 1092.204(d)(1) requires the attesting executive to “[g]enerally describe the steps that the attesting executive has undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order for the preceding calendar year.” A supervised registered entity would satisfy § 1092.204(e) with respect to a statement submitted under § 1092.204(d)(1) by maintaining documents that reasonably support the description submitted. If the entity chooses to submit a statement under § 1092.204(d)(1) that describes specific steps undertaken by the attesting executive to review and oversee the entity's applicable activities, § 1092.204(e) would require that the entity maintain documents that demonstrate that the executive undertook the steps described. For example, the entity could preserve relevant reports provided to the executive regarding compliance with the relevant order, or emails that demonstrate the questions asked by the executive as part of the executive's review.

Section 1092.204(d)(2) requires the attesting executive to “[a]ttest whether, to the attesting executive's knowledge, the supervised registered entity during the preceding calendar year identified any violations or other instances of noncompliance with any obligations that were imposed in a public provision of the covered order by the applicable agency or court based on a violation of a covered law.” If, to the executive's knowledge, the entity did identify such a violation, the executive should so attest under § 1092.204(d)(2), and the entity should maintain records sufficient to provide reasonable support for the executive's statement. For example, the entity could preserve relevant documents that caused the executive to know that a violation had occurred, such as a report or email sent to the executive. On the other hand, if the executive attests that he or she does not know of any such violation, the Bureau anticipates that attestation will generally be based upon the executive's review and oversight as described in the portion of the written statement submitted under § 1092.204(d)(1). By demonstrating what steps (if any) the executive had undertaken to review and oversee the activities subject to the covered order, the entity generally would also provide support for the statement that the executive was not aware of applicable violations. Thus, in such cases the Bureau would generally expect the documentation that supports the portion of the written statement submitted under § 1092.204(d)(1) also to adequately support the portion submitted under § 1092.204(d)(2), and § 1092.204(e) would generally not require the entity to maintain any other additional records specifically in connection with the portion of the written statement submitted under § 1092.204(d)(2).

With respect to the comment regarding potential burden associated with § 1092.204(e)'s recordkeeping requirements, this provision would not require a supervised registered entity to maintain documents to enable the Bureau to assess whether the entity is in compliance with any covered order. Instead, this provision would require a supervised registered entity to maintain documents that demonstrate compliance with § 1092.204 itself. Section 1092.204 imposes a set of requirements regarding the designation of one or more attesting executives and submission of one or more annual reports. It requires neither that the entity comply with any covered order nor that it demonstrate to the Bureau that it is in compliance with any covered order. Documents that demonstrate the entity's compliance with § 1092.204 will not generally be available from other regulators or from sources other than the entity itself.

The Bureau acknowledges that in some cases, a supervised registered entity's obligation to maintain documents under § 1092.204(e) may extend, perhaps by several years, past the time required for the entity's final filing under § 1092.202(f)(1). While, as provided in § 1092.202(f)(2), a supervised registered entity's final filing under § 1092.202(f)(1) relieves the entity of its obligations to update its filing or to file written statements with respect to the applicable covered order under subpart B, the entity would remain subject to § 1092.204(e)'s requirements to maintain and make available applicable records. Nevertheless, the Bureau believes § 1092.204(e)'s five-year recordkeeping requirement is consistent with the final rule's approach to final filings in § 1092.202(f). The purpose of § 1092.204(e)'s recordkeeping requirement is to promote effective and efficient enforcement and supervision of § 1092.204. The Bureau may wish to review a supervised registered entity's past compliance with § 1092.204 even after the entity has been released, as provided under § 1092.202(f)(2), from its ongoing obligations to update information under § 1092.202 and to file annual written statements under § 1092.204. The Bureau believes the five-year period is an appropriate length of time to require preservation of records in order to facilitate any review that may occur. For a discussion of the economic costs and benefits associated with this provision, see part VIII.

Final Rule

The Bureau adopts § 1092.203(e) as proposed (renumbered as § 1092.204(e)) for the reasons discussed above and in the description of the proposal.

Section 1092.204(f) Notification of Entity's Good-Faith Belief That Requirements Do Not Apply

Proposed Rule

Proposed § 1092.203(f) would have provided that a person may submit a notice to the NBR system stating that it is neither designating an attesting executive nor submitting a written statement pursuant to proposed § 1092.203 because it has a good-faith basis to believe that it is not a supervised registered entity or that an order in question is not a covered order. Such a filing may be combined with any similar filing under proposed § 1092.202(g). Proposed § 1092.203(f) would have also required the person to promptly comply with § 1092.203 upon becoming aware of facts or circumstances that would not permit it to continue representing that it has a good-faith basis to believe that it is not a supervised registered entity or that an order in question is not a covered order. The Bureau proposed to treat information submitted under § 1092.203(f) as “administrative information” as defined by proposed § 1092.201(a).

See also the section-by-section discussion of § 1092.202(g), which provides a similar option with respect to § 1092.202.

The Bureau proposed § 1092.203(f) for several reasons. First, while the Bureau believed that determining whether a company qualifies as a “supervised registered entity” (or whether an order is a covered order) should be straightforward in most cases, some persons may be uncertain about whether they are a supervised registered entity (or whether an order is a covered order). The Bureau acknowledged in its proposal that even when they have a good-faith basis to believe they are not a supervised registered entity (or an order is not a covered order), they could annually designate an attesting executive and file annual written statements if they did not want to incur the risk of violating the requirements of proposed § 1092.203. But the Bureau believed that that approach could impose burden on persons who ultimately are not supervised registered entities (or whose orders are not covered orders). The Bureau therefore proposed an alternative option for these persons. Rather than facing the burden of designating an attesting executive and filing written statements, such an entity could have elected to file a notice under proposed § 1092.203(f). The Bureau explained that, when a person makes a non-frivolous filing under proposed § 1092.203(f) stating that it has a good-faith basis to believe that it is not a supervised registered entity (or an order is not a covered order), the Bureau would not bring an enforcement action against that person based on the person's failure to comply with proposed § 1092.203 unless the Bureau has first notified the person that the Bureau believes the person does in fact qualify as a supervised registered entity (or the order in question qualifies as a covered order) and has subsequently provided the person with a reasonable opportunity to comply with proposed § 1092.203.

The Bureau explained that, under proposed § 1092.102(c), the filing of a notification under proposed § 1092.203(f) would not affect the entity's ability to dispute more generally that it qualifies as a person subject to Bureau authority.

The Bureau also believed that filings under proposed § 1092.203(f) may reduce uncertainty by the Bureau about why certain entities are not designating an attesting executive or providing a written statement under proposed § 1092.203. In addition, the Bureau believed that these notifications might provide the Bureau with information about how market participants are interpreting the scope of proposed § 1092.203, about the potential need for the Bureau to instruct certain persons to designate an attesting executive and provide written statements, and about the potential need for guidance or rulemaking clarifying the scope of proposed § 1092.203.

As in the case of proposed § 1092.202(g), the Bureau considered an alternative to proposed § 1092.203(f) under which entities would not file a notice with the Bureau, but they could avoid penalties for non-compliance with § 1092.203 if in fact they could establish a good-faith belief that they did not qualify as supervised registered entities subject to § 1092.203 (or their order was not a covered order). Under this alternative, entities would have maintained such good-faith belief so long as the Bureau had not made clear that § 1092.203 would apply to them. Although the Bureau preliminarily concluded that this alternative was not preferable to requiring entities to actually file notices under proposed § 1092.203(f), the Bureau sought comment on whether it should finalize this alternative instead. It also sought comment on whether, if it finalized this alternative, entities would require additional guidance on the circumstances pursuant to which an entity could no longer legitimately assert a good-faith belief that § 1092.203 would not apply to its conduct. While the Bureau anticipated that such circumstances would certainly include entity-specific notice from the Bureau that § 1092.203 applies, the Bureau did not believe such notice should be required to terminate a good faith defense to registration. Among other circumstances, the Bureau anticipated that at least formal Bureau interpretations of (for example) the provisions of CFPA section 1024(a)(1) would generally suffice to terminate such belief.

12 U.S.C. 5514(a)(1).

Comments Received

As discussed in the section-by-section discussion of § 1092.202(g) above, the Bureau received a number of comments from tribes regarding proposed §§ 1092.202(g) and 1092.203(f). The tribes commenting on the proposal generally opposed proposed §§ 1092.202(g) and 1092.203(f) and submitted specific objections to aspects of the proposal.

Response to Comments Received

See the section-by-section discussion of § 1092.202(g) above for a description of the Bureau's responses to comments received regarding proposed § 1092.203(f).

Final Rule

The Bureau adopts § 1092.203(f) as proposed (renumbered as § 1092.204(f)) for the reasons discussed above and in the description of the proposal.

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau's adoption of the revised term “nonbank registry.”

Section 1092.205 Publication and Correction of Registration Information

Section 1092.205(a) Internet Posting of Registration Information

Proposed Rule

Proposed § 1092.204(a)

Proposed § 1092.204(a) would have required the Bureau to make available to the public the information submitted to it by persons pursuant to proposed § 1092.202, except that the Bureau could choose not to publish certain administrative information or other information that the Bureau determined may be inaccurate, not required to be submitted under subpart B, or otherwise not in compliance with part 1092 and any accompanying guidance. Proposed § 1092.204(a) would have further provided that the Bureau may make registration information available to the public by means that include publishing it on the Bureau's publicly available internet site within a timeframe determined by the Bureau in its discretion. However, as discussed below regarding proposed § 1092.204(b), the proposal would have specifically provided that the Bureau would not disclose the written statement submitted under proposed § 1092.203.

The Bureau explained that publication of registered entities' identifying information would facilitate the ability of consumers to identify covered persons that are registered with the Bureau. And the Bureau believed that publication of additional information about registered entities and covered orders would be in the public interest. Namely, as discussed in more detail in section IV(E) of the proposal's preamble, proposed § 1092.204(a) would have provided information of use to consumers, other regulators, industry, nongovernment organizations, and the general public. Proposed § 1092.204(a) also would have formally aligned the proposed NBR system with Federal Government emphasis on making government data available to and usable by the public, by default, to the greatest extent possible.

12 U.S.C. 5512(c)(7)(B).

12 U.S.C. 5512(c)(3)(B).

See, e.g., Open, Public, Electronic, and Necessary Government Data Act, in title II of Public Law 115-435 (Jan. 14, 2019); Office of Management and Budget, M-19-18, Federal Data Strategy—A Framework for Consistency (June 4, 2019), https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-18.pdf.

The Bureau explained that making the data collected publicly available would further the rationale of the proposal—that is, enhancing oversight and awareness of covered orders and the covered nonbanks that are subject to them. The Bureau believed that regulators and other agencies at all levels of government (not just the Bureau) could use the information the Bureau would make publicly available to set priorities. The Bureau believed publication was also in the public interest because researchers could analyze the information the Bureau would make publicly available to gain valuable insight into the issues addressed in the NBR system. For example, as the Bureau explained in its proposal, they could produce reports that may inform consumers and the public more broadly of potential risks related to covered orders, or otherwise use the public data to promote private innovation. The Bureau also believed that organizations representing consumer interests could use the information to assist with their consumer protection efforts. The Bureau further explained in its proposal that publication can also help inform the public, including industry actors, about how regulators are enforcing Federal consumer financial laws and other similar laws. The Bureau cited, for example, that industry actors could use the registry as a convenient source of information regarding regulator actions and trends across jurisdictions, helping them to better understand legal risks and compliance obligations. The Bureau believed that at least in certain cases, consumers may be able to use the information in the registry to make informed choices regarding consumer financial products and services, including potentially using the information to assist with the assertion of private rights of action that might be available under the Federal consumer financial laws. Finally, the Bureau believed that publication would help promote Bureau accountability by helping the public better see and understand the results of the nonbank registry initiative, and helping the public gain greater insight into Bureau decision-making. As discussed in section IV(E) of the proposal, the Bureau believed that identifying the executive who has knowledge and control of the supervised entity's efforts to comply with the covered order would provide particular benefits to the Bureau, the public, and other users of the registry.

Proposed § 1092.204(a) would have provided that the Bureau may choose not to publish certain administrative information or other information that the Bureau determines may be inaccurate, not required to be submitted under proposed subpart B, or otherwise not in compliance with part 1092 and any accompanying guidance. The Bureau proposed to exclude administrative information, as defined at proposed § 1092.201(a), from the proposed publication requirement because it believed the publication of such information may not in all instances be especially useful to external users of the registry. The Bureau explained that administrative information is likely to include information such as time and date stamps, contact information, and administrative questions. The Bureau anticipated that it may need such information to work with personnel at nonbanks and in order to administer the NBR system. The Bureau believed that publishing such information would not be in the public interest because publication would be unnecessary and likely would be counterproductive to the goals of ensuring compliance with the proposal and publishing usable information.

The Bureau would have also reserved the right not to publish any information that it determines may be inaccurate, not required to be submitted under proposed subpart B, or otherwise not in compliance with part 1092 and any accompanying guidance. For example, the Bureau explained, persons may submit unauthorized or inadvertent filings, or filings regarding orders that would not require registration under the proposal, or other inaccurate or inappropriate filings. The Bureau believed it would require flexibility not to publish such information in order to maintain the accuracy and integrity of the NBR system and the data that would be published by the Bureau. And publication of information that the Bureau determines is, or may be, inaccurate, not required to be submitted under proposed subpart B, or that is otherwise not appropriately submitted under the proposal and accompanying guidance, would not further the goals of the proposal.

Furthermore, consistent with CFPA section 1022(c)(8), the Bureau explained that it would not publish information protected from public disclosure under 5 U.S.C. 552(b) or 552a or any other provision of law. The Bureau, however, did not believe that any of the information proposed to be collected under proposed § 1092.202 would be protected from public disclosure by law. The Bureau requested comments on this question, and whether any other steps should be taken to protect this information from public disclosure.

12 U.S.C. 5512(c)(8) (“In . . . publicly releasing information held by the Bureau, or requiring covered persons to publicly report information, the Bureau shall take steps to ensure that proprietary, personal, or confidential consumer information that is protected from public disclosure under [the FOIA] or [the Privacy Act of 1974, 5 U.S.C. 552a,] or any other provision of law, is not made public under [the CFPA].”).

The Bureau recognized that by relying in part on its supervisory authority in section 1024 of the CFPA to require submission of information to the nonbank registry, registry information could be construed to be “confidential supervisory information” as defined in the Bureau's confidentiality rules at 12 CFR 1070.2(i). The Bureau stated that, under the proposal, public release of information pursuant to § 1092.204(a) would have been authorized by the Bureau's confidentiality rules at 12 CFR 1070.45(a)(7), which permits the Bureau to disclose confidential information “[a]s required under any other applicable law.” The Bureau did not believe that the information proposed to be published under § 1092.204(a) would have raised the concerns generally addressed by the Bureau's restrictions on disclosure of confidential supervisory information. For example, the Bureau anticipated that the information collected pursuant to § 1092.202 would otherwise be subject to disclosure under the Freedom of Information Act and would not be particularly sensitive to financial institutions or compromise any substantial privacy interest; that disclosure of the information would not impede the confidential supervisory process; and that disclosure would not present risks to the financial system writ large.

Proposed § 1092.204(b)

Proposed § 1092.204(b) would have provided that the publication described in proposed § 1092.204(a) would not have included the written statement submitted under proposed § 1092.203, and that such information would be treated as confidential supervisory information subject to the provisions of part 1070. The Bureau proposed to require the submission of the written statement pursuant to CFPA section 1024(b)(7), which authorizes the Bureau to prescribe rules regarding registration, recordkeeping, and other requirements for covered persons subject to its supervisory authority under CFPA section 1024. The Bureau believed that treating the written statements that it would receive under proposed § 1092.203 as confidential, and not publishing them under proposed § 1092.204, would facilitate the Bureau's supervision of supervised registered entities by enabling the Bureau to obtain frank and candid assessments and other information from supervised registered entities regarding violations and noncompliance in connection with covered orders. The Bureau believed this information in turn would better enable the Bureau to spot emerging risks, focus its supervisory efforts, and address underlying issues regarding noncompliance, compliance systems and processes, and risks to consumers.

The Bureau recognized that there may have been some benefit to other users of the NBR system from publishing the written statements that it would receive under proposed § 1092.203, including enhancing the ability of other agencies and affected consumers to monitor compliance. However, the Bureau believed that these potential benefits were likely to be outweighed by increased candor and compliance with proposed § 1092.203. The Bureau noted that its supervision program depends upon the full and frank exchange of information with the institutions it supervises. The Bureau explained that, consistent with the policies of the prudential regulators, the Bureau's policy is to treat information obtained in the supervisory process as confidential and privileged. For example, the Bureau explained in its proposal that it would treat all such information as exempt from disclosure under exemption 8 of the Freedom of Information Act. The Bureau believed that these considerations would also underlie supervisory communications with supervised registered entities under proposed § 1092.203, and that the proposed approach would enhance the usefulness of submissions under proposed § 1092.203, increase the Bureau's ability to detect and assess potential noncompliance and emerging risks to consumers, and promote compliance with the law.

See CFPB Compliance Bulletin 2015-01 (Jan. 27, 2015), https://files.consumerfinance.gov/f/201501_cfpb_compliance-bulletin_treatment-of-confidential-supervisory-information.pdf; CFPB Bulletin 2012-01 (Jan. 4, 2012), https://files.consumerfinance.gov/f/2012/01/GC_bulletin_12-01.pdf. Also consistent with the policies of the prudential regulators, the Bureau recognized that the sharing of confidential supervisory information with other government agencies may in some circumstances be appropriate, and in some cases, required. See id. For example, in accordance with the scheme of coordinated supervision established by Congress, the Bureau's policy is to share confidential supervisory information with the prudential regulators and State regulators that share supervisory jurisdiction over an institution supervised by the Bureau. See id.

See5 U.S.C. 552(b)(8).

Proposed § 1092.102(c) would have provided that proposed part 1092 would not alter applicable processes whereby a person may dispute that it qualifies as a person subject to Bureau authority. The Bureau believed written statements submitted to the NBR system under § 1092.203 of the proposed rule (renumbered to § 1092.204 of the final rule) would constitute Bureau confidential supervisory information under the regulatory definition of that term even if the submitter later disputed that it qualified as a person subject to the Bureau's supervisory authority. See12 CFR 1070.2(i) (defining Bureau confidential supervisory information), (q) (“Supervised financial institution means a financial institution that is or that may become subject to the Bureau's supervisory authority.”).

Comments Received

Comments Received Regarding Proposed § 1092.204(a)

General comments received regarding publication.

Many commenters opposed the proposal's approach to publication of registry information, and either questioned whether the proposed public registry was necessary or opposed publication of the registry. Commenters stated that the proposed publication of the registry information would create a much more elevated level of scrutiny and risk for covered nonbanks subject to covered orders.

Consumer advocate commenters and some industry and individual commenters generally supported the publication of the registry, stating that it would provide a valuable resource to help regulators and consumers. A consumer advocate commenter stated that the public registry would be immensely useful for the Bureau and other Federal and State regulators alike, and another consumer advocate commenter stated that it would unify the efforts of the various enforcers of consumer protection laws. A consumer advocate commenter stated that the public registry would be particularly beneficial for low-income consumers. A consumer advocate commenter agreed that making the proposed registry public would enhance the ability of consumer advocacy organizations conducting due diligence, and would better equip organizations to warn consumers against companies with patterns or practices of illegal or otherwise harmful behaviors. The consumer advocate commenter also stated that searchable public databases like the proposed registry empower consumers, regulators, and consumer advocates, and that the registry would help protect older Americans and all consumers as well as benefit Bureau supervision. Consumer advocate commenters stated the information obtained from the public registry would also assist the Bureau and other regulators in developing new regulations and other reforms for consumer protection. Consumer advocate and industry commenters stated that the public registry would create heightened accountability and have a deterrent effect on violations. Consumer advocate commenters stated that the public registry would promote compliance with orders. An industry commenter stated that the public registry would help entities conduct due diligence and choose their service providers, would motivate nonbanks to comply with the law, and would provide financial institutions with examples of the types of acts and practices that constitute violations of consumer financial protection laws.

See part V above for a discussion of comments regarding publication received from other agencies during the Bureau's interagency consultation process.

Comments received regarding alternatives to the proposal's approach to publication.

Many commenters proposed alternatives to the proposal's approach to publication of registry information. An industry commenter stated that the Bureau could just provide links on a web page instead. An industry commenter stated that the additional benefit of publication to consumers was unclear in light of the existence of other, more user-friendly registries. Another industry commenter stated that the Bureau should instead work with State and other Federal agencies to create a unified database. An industry commenter stated that the Bureau should use its other tools instead to provide transparency and public guidance, including the Bureau's Supervisory Highlights publication, advisory opinions, and other rulemakings such as larger participant rules. A consumer advocate commenter stated the Bureau should work with the Federal Deposit Insurance Corporation (FDIC) and other regulators to establish other similar registries in addition to establishing the proposed Bureau registry. An industry commenter stated that the publication of registry information might deter other regulators from maintaining their own sites containing information about covered orders.

An industry commenter stated that publication of information about covered orders would lack context and be unfair and misleading because entities are precluded from similarly publicly disclosing outcomes of successful audits and examinations.

An industry commenter stated that the Bureau should permit a covered nonbank to publish its own accompanying statement or explanation in connection with information published in the registry so that other financial institutions in the market and consumers can better understand the reason for the covered order.

Comments received stating publication of registry information would further improper purposes.

Commenters stated that the true purpose of publishing the registry was to name and shame the entities that were registered as well as their executives, to impose a “scarlet letter” on such persons, or to punish such entities, and not the purposes stated in the Bureau's proposal.

Industry commenters also stated that the Bureau's true purpose in publishing registry information was to benefit plaintiffs' lawyers and class action lawsuits against industry participants. Industry commenters stated that the information published in the proposed registry would be used against the covered nonbank in other litigation, and that increased litigation and risk of litigation against covered nonbanks will hurt consumers by raising costs.

Commenters stated that the references in the proposal and in related Bureau statements identifying the proposed registry as relating to “repeat offenders” indicated that the registry was being adopted for an improper purpose. Commenters stated that the Bureau should not call the proposed registry a “repeat offender registry.” Commenters also questioned what it might mean to be a “repeat offender” as the Bureau used that term, and what the consequences of such a designation might be. An industry commenter stated that such a designation would imply wrongdoing, even though the entity might not have admitted liability. An industry commenter stated that such a designation would mislead consumers by indicating that less significant violations listed on the registry were comparable to more serious ones. An industry commenter stated that the term “repeat offenders” was inflammatory, and expressed concern that the Bureau would impose “repeat offender penalties” based on non-CFPB orders. An industry commenter stated that the use of such language demonstrated a belief on the part of the Bureau that past violations are an indication of potential future violations. And an industry commenter stated that the proposal did not truly address “repeat offenders” but rather perhaps those businesses who are not able to afford defending themselves from government attacks.

Comments received regarding the publication of the name and title of attesting executives.

The Bureau specifically requested comment on whether the requirement to submit the name and title of the attesting executive “would assist users of the NBR system and whether it would unduly interfere with the privacy interests of the attesting executive or other interests of the supervised entity.” A consumer advocate commenter stated that it would be appropriate to publish the name and title of the attesting executive, and that the Bureau would be able to make clear that the executive is not necessarily an at-fault individual. Other commenters objected to the proposal's provisions regarding the publication of the name and title of the attesting executive. Commenters stated that publishing the name and title of the attesting executive would impose reputational harm or would violate due process and the presumption of innocence by shaming the executive and the company. An industry commenter stated that the proposed requirement to designate a current executive as an attesting executive would unfairly implicate executives in previous wrongdoing, and that the rule should only require designation of an attesting executive where the executive had been serving at the time of the violations underlying the order. Some industry commenters expressed privacy concerns about this aspect of the Bureau's proposal. Most of the commenters generally expressed this concern without added explanation, but one industry commenter asserted that it was highly likely publishing this information would result in these individuals being subject to unfair and unjust harassment.

88 FR 6088 at 6102.

Other comments received regarding publication.

An individual commenter stated that the proposed publication of registry information would focus on larger companies, leading consumers to smaller but possibly more harmful entities. Other commenters asserted that smaller entities will be disproportionately affected. A joint comment from industry groups stated that the proposed registry would risk public trust in new and emerging companies. An industry commenter stated that the proposed registry would deter consumers from working with legitimate companies, including debt collection businesses.

A consumer advocate commenter urged the Bureau to make the proposed public database searchable, sortable, and downloadable.

Industry commenters and another commenter stated that the proposal was contrary to the public policy behind the Fair Debt Collection Practices Act (FDCPA). A commenter stated that the proposal would publish the names of covered nonbanks in order to punish and harm them in a manner precluded by the FDCPA. An industry commenter stated that while the proposal might not directly conflict with the FDCPA, it could prompt additional interest in public information in court records and other materials that might embarrass consumers.

15 U.S.C. 1692 et seq. The FDCPA is an enumerated consumer law and a Federal consumer financial law, as provided at 12 U.S.C. 5481(12)(H) and (14).

Commenters disagreed with the Bureau's statements in the proposal that publication of registry information would benefit other regulators and agencies. An industry commenter stated that publication would be of small or no benefit to other agencies because the orders published under the proposal would already be public and because the relevant State regulators already have adequate information about covered orders.

Commenters stated that publication of the proposed registry would confuse consumers and other public users, thus itself leading to risk and harm to consumers.

Commenters stated that the proposal would present all orders as the same, which would be misleading. An industry commenter stated that one State's orders may not appropriately compare to other States, and expressed concern that companies with covered orders addressing other matters not related to consumer products, data, or market harm could still inadvertently be included with companies that have an actual track record of consumer harm. The commenter also asserted that orders with effective dates before 2019 were less relevant to the registry because covered nonbanks were more likely to have taken remedial steps in connection with the order, and expressed concern that the publication of such earlier orders together with orders issued later would unfairly characterize the earlier orders as having the same relevance as later ones. And the commenter stated that the registry should only require registration once a nonbank became subject to at least five non-expired covered orders.

Comments Received Regarding Proposed § 1092.204(b)

The Bureau specifically sought comment on the proposed approach with respect to treatment of the written statement, whether treatment of written statement submissions as Bureau confidential supervisory information was warranted, and whether the Bureau should consider taking other steps to facilitate the submission of written statements. An industry commenter expressed concern about proposed § 1092.203(b) and the Bureau's treatment of the written statements submitted under proposed § 1092.203, stating that the Bureau might change its mind about protecting written statements as confidential supervisory information.

88 FR 6088 at 6129.

Response to Comments Received

Response to Comments Received Regarding Proposed § 1092.204(a)

Response to general comments received regarding publication.

For the reasons given in the description of the proposal above and further addressed below, the Bureau intends to publish a registry that contains the identifying information for covered nonbanks that the nonbank registry collects under § 1092.202(c) and the information regarding covered orders collected under § 1092.202(d), as well as certain information collected under § 1092.203 for the purposes of enabling users of the registry to identify NMLS-published covered orders and the applicable covered nonbanks subject to them. Except as described further below, the Bureau concludes that publication of such information will be in the public interest. However, as described further below, the Bureau is modifying the proposal to provide that the Bureau may choose, in its sole discretion, not to publish such information based on operational considerations.

The Bureau agrees with commenters that the nonbank registry's centralization and republication of covered orders that are already public may make them easier to locate and access, and thus somewhat increase their visibility. That is part of the point of publishing them. The Bureau believes that publication of registry information as described in § 1092.205 will serve the purposes described in part IV.

Response to comments received regarding alternatives to the proposal's approach to publication.

The Bureau does not agree that the proposed alternative approaches to publication suggested by commenters would serve the purposes for which the Bureau is adopting the final rule. Among other things, these alternative approaches would be more resource intensive for Federal and State agencies, including the Bureau, and would make it more difficult to identify covered orders and the covered nonbanks that are subject to them.

As discussed in part IV and the section-by-section discussion of § 1092.203 above, the Bureau is finalizing a new § 1092.203 that provides, with respect to any NMLS-published covered order, a covered nonbank that is identified by name as a party subject to the order may elect to comply with the one-time registration option described in that section in lieu of complying with the requirements of §§ 1092.202 and 1092.204. Also as discussed in part IV and the section-by-section discussion of § 1092.203 above, the Bureau disagrees with commenters that the other sources of information identified by commenters diminish the need for the nonbank registry, or that the rule should accept registration of covered orders under those sources in lieu of registration with the nonbank registry. While the Bureau intends to continue using all of its available tools to promote transparency and provide guidance as appropriate, the Bureau concludes that it is also appropriate to adopt the final rule to accomplish the purposes described herein.

With respect to the industry commenter's assertion that the publication of registry information might deter other regulators from maintaining their own sites containing information about covered orders, first, the Bureau believes establishing the registry accomplishes the goals established for it under the CFPA, and would do so even if the effect described by this commenter were to occur. The Bureau does not believe this consideration should outweigh the benefits resulting from the final rule. Second, it is not clear this described effect would occur, and whether it does or not depends upon many factors outside the Bureau's control. Other agencies must make their own decisions regarding how best to utilize their own resources to meet their own goals and priorities. As described at part V, the Bureau engaged in consultations with many Federal, State, and Tribal agencies with respect to both the proposal and the final rule, as required by the CFPA. No other agency, in those discussions or otherwise, has indicated to the Bureau that it was considering ceasing the publication of any of its own published orders in light of the final rule. Third, even if the Bureau were to consider this potential effect, the Bureau would expect it to be a very small one, since the Bureau expects agencies would generally continue to maintain their current approach to publishing their own orders. Many agencies are under an existing legal obligation to publish their orders. For agencies that have discretion over whether to publish their orders enforcing the law, the Bureau does not anticipate that the Bureau's rule would cause many, if any, agencies to change their practices regarding publication. The orders defined as “covered orders” under the final rule represent only a portion of the orders issued or obtained by most, if not all, agencies other than the Bureau. For example, covered orders do not include orders against individuals, or that do not relate to covered laws. Likewise, other agencies may have jurisdiction over entities that do not qualify as covered nonbanks and thus are not subject to the final rule. The Bureau thus expects that few, if any, agencies would modify their general practices regarding publication to avoid a subset of their orders from appearing in the Bureau's public registry. Therefore, the Bureau does not expect the final rule to have much, if any, effect on the publication decisions made by other agencies.

See, e.g., 12 U.S.C. 1818(u) (requiring appropriate Federal banking agencies to publish certain final orders and agreements); 5 U.S.C. 552(a)(2)(A) (“[E]ach agency, in accordance with published rules, shall make available for public inspection in an electronic format . . . final opinions, including concurring and dissenting opinions, as well as orders, made in the adjudication of cases”).

As explained above, an industry commenter expressed concern that the Bureau's public registry would be unfair and misleading because it would not contain information regarding successful audits and examinations of registered entities. The Bureau disagrees. The existence of prior successful audits or examinations does not render the information that would be published in the registry inaccurate, inconsistent, or misleading.

The consumer advocate commenter's suggestion to establish other similar registries in addition to establishing the proposed Bureau registry is outside the scope of the proposal, but the Bureau may consider related action at a later date.

The Bureau declines to create a mechanism for a covered nonbank to publish its own accompanying statement or explanation on the nonbank registry in connection with information published in the registry. The Bureau believes requiring the nonbank registry to publish such statements would increase the complexity and costs associated with the nonbank registry and may confuse users. The Bureau declines to republish on its own registry statements provided by covered nonbanks regarding either the Bureau's own orders or orders issued or obtained by other agencies, especially as those statements may contain factual or legal errors. The Bureau also declines to utilize its resources to review and screen such statements for materials that may not be appropriate to publish, such as personally identifiable information about consumers. Such statements are not generally included with orders published by the Bureau or by other agencies. Subject to other applicable law, covered nonbanks would be free to issue their own statements about a covered order or the matters underlying it.

Response to comments received stating publication of registry information would further improper purposes.

The Bureau disagrees with the commenters stating publication of registry information would further improper purposes. The Bureau reiterates that its purposes in publishing registry information are described in part IV and in the description of the Bureau's proposal above, and include informing the public, other regulators, academic researchers, consumer advocacy organizations, and public education efforts regarding covered orders and the covered nonbanks that are subject to them. Any publication by the Bureau of the information collected through the registry is not intended to punish companies or individuals for their past acts. As discussed in part IV(F) above, consumers may benefit from the publication of the information collected by the registry, including information about orders that are already public. For example, the Bureau believes that, at least in certain cases, publishing information about the entity and its applicable orders in a public registry will help certain consumers make informed decisions regarding their choice of consumer financial products or services, especially if the information in the registry is recirculated, compiled, or analyzed by other users such as consumer advocacy organizations, researchers, or the media. And publication of covered orders in the registry may also facilitate private enforcement of the Federal consumer financial laws by consumers, to the extent those laws provide private rights of action, where consumers have been harmed by a registered nonbank. These purposes are consistent with the public interest, with the Bureau's other purposes in publishing registry information, and with the Bureau's statutory authorities. The Bureau disagrees that its purpose in publishing such information is to shame companies or executives that are listed in the registry.

With respect to the industry comments regarding use of published orders in litigation, and potential additional costs that may be associated, the covered orders subject to publication under § 1092.205 are already public, which will limit the costs imposed on firms by the final rule's publication provisions. As discussed in part IV(F) above, the Bureau believes that users who have access to information published in the registry may potentially use that information to assist with the assertion of private rights of action that might be available under the Federal consumer financial laws. That is part of the reason the Bureau is issuing the final rule. The Bureau disagrees that litigation brought by other agencies or consumers to enforce rights under Federal consumer financial law, as applicable, is necessarily inappropriate. While the registry information published under the final rule may include plaintiffs' lawyers among its users, or help inform class action lawsuits against industry participants, it is not the purpose of the registry to encourage or promote lawsuits purely for the sake of litigation. Rather, the Bureau is finalizing § 1092.205 for the purposes described in part IV and in the description of final § 1092.205 below. For additional discussion about these and other potential costs associated with this provision, see part VIII.

With respect to the comments regarding the statements in the proposal and other related Bureau statements about “repeat offenders,” one of the purposes of the rule is to help the Bureau identify persons that repeatedly violate the law. The information that the Bureau intends to publish under § 1092.205 will help the Bureau and other users identify entities that have violated the law, including those that have become subject to more than one covered order. Such entities would be more difficult to identify without the existence of the registry because the information about these entities and orders is scattered across multiple sources, and may no longer be accurate or updated in a timely fashion. However, the proposal did not purport to comprehensively define the term “repeat offender” or to establish any specific legal consequences of any such designation, and the Bureau declines to do so in the final rule. The Bureau will use the information supplied by the registry in accordance with relevant law, including to inform its supervisory and enforcement functions. For example, as stated in part IV(B) above, the information contained in the proposed registry may be relevant in assessing civil penalties for violations of Federal consumer financial laws, given that Congress has provided that such penalties should take into account an entity's “history of previous violations” and “such other matters as justice may require.” As stated in part IV(B) above, the Bureau may consider certain matters identified in previous enforcement actions published in the nonbank registry to be relevant under these provisions. But the final rule does not establish new requirements or guidelines for such determinations, which will be made in accordance with existing law.

But see88 FR 6088 at 6095 (“Recidivism—whether in the form of a company that repeatedly violates the law and as a result becomes subject to multiple orders, or in the form of a company that violates the orders to which it is subject—poses particular risks to consumers.”).

See, e.g., 12 U.S.C. 5565(c)(3)(D), (E).

Response to comments received regarding the publication of the name and title of attesting executives.

The Bureau intends to publish the names and titles of attesting executives designated under § 1092.204(b). Publishing this name and title information will provide information of use to consumers, other regulators, industry, nongovernment organizations, and the general public.

As discussed further below, the Bureau is retaining the discretion not to publish this information based on operational considerations.

As explained elsewhere in this preamble, collecting information regarding the name and title of the attesting executive for a given covered order will provide the Bureau with insight into the entity's organization, business conduct, and activities, and will inform the Bureau's supervisory work, including its risk-based prioritization process. As discussed in part IV(F) above, the Bureau believes this information will be similarly valuable to other users of the nonbank registry, and thus intends to publish it in connection with covered orders registered by supervised registered entities. Disclosure of this information would increase transparency regarding how the Bureau processes and verifies information submitted as part of the nonbank registry. Thus, publication would further the rationale of the proposal—that is, enhancing oversight and awareness of covered orders and the covered nonbanks that are subject to them. Publishing the name and title of attesting executives for the covered orders listed on the registry will bring specificity and concreteness to the information that is available to users of the nonbank registry allowing users to better understand the nature of particular covered orders, which activities of the applicable supervised registered entity they relate to, and who at the entity has control over the entity's efforts to comply with a particular covered order. Publishing name and title information for attesting executives could help consumers and consumer advocacy organizations better understand and monitor the conduct of the entities with whom consumers do business.

While the Bureau will treat the contents of the written statements as CFPB confidential supervisory information (§ 1092.204(b)), publishing the name and title of each supervised registered entity's attesting executive(s) for each covered order will provide transparency to users of the registry and the general public regarding important matters connected with the applicable covered order. The entity will be identified as potentially subject to Bureau supervision under CFPA section 1024, the officers will be designated as satisfying the criteria established in § 1092.204(b) with respect to each covered order, and registry users will be able to quickly and efficiently identify which officer is responsible for filing the annual written statement with respect to the covered order. Thus, the registry will provide users with an up-to-date and accessible source of information about supervised registered entities, the covered orders to which they are subject, and the senior officers who are responsible for filing annual written statements about those orders.

12 U.S.C. 5514. While, under § 1092.102(c) of the final rule, an entity's compliance with § 1092.204 would not prevent the entity from disputing that it is subject to Bureau supervision under 12 U.S.C. 5514, publication of the fact that an entity has designated an attesting executive under § 1092.204 would indicate to users of the nonbank registry that the entity may be subject to Bureau supervision.

The Bureau does not intend, in publishing the name and title of the attesting executive, to convey the impression that the executive is solely responsible for compliance at the entity, or that problems with the entity's compliance with the covered order should be directed solely to the attention of the attesting executive, or that the executive was necessarily in any way responsible for the entity's violations of law or other actions or omissions that resulted in the imposition of the covered order. The Bureau also disagrees with commenters' assertions that the designation requirement will unfairly implicate the attesting executive in previous wrongdoing, and declines to adopt the industry commenter's suggestion that the rule should only require designation of an executive where the executive had been serving at the time of the violations underlying the order. As discussed in the section-by-section discussion of § 1092.204(b), even for those covered orders that the Bureau is authorized to enforce, § 1092.204(b)'s requirement to designate an attesting executive does not mean that the Bureau intends to hold that executive solely responsible for the entity's compliance with those covered orders. For example, § 1092.204(b)'s requirements for the entity's designation of its attesting executive(s) do not imply that the attesting executive is, merely by dint of that individual's designation under the final rule, more responsible or accountable than is a supervised registered entity's board of directors for any of the entity's acts or omissions. The Bureau acknowledges that some nonbank registry users may be susceptible of misimpressions on these matters, and may misunderstand the Bureau's publication of the executive's name and title as a statement about the executive's culpability or responsibility. Nevertheless, the Bureau does not believe this misconception will be widespread, and believes the publication of the name and title of attesting executives will generally be in the public interest for the reasons discussed. As discussed in the section-by-section discussion of § 1092.204(b) above, the final rule does not establish any new standards, or alter any existing standards, regarding individuals' liability for supervised registered entities' violations of covered orders or other legal obligations.

Likewise, publishing the name and title of the attesting executive will not violate due process or the presumption of innocence. As discussed above, such publication as provided in § 1092.205 is consistent with the public interest, with the Bureau's other purposes in publishing registry information, and with the Bureau's statutory authorities. The Bureau disagrees that publishing such information will shame executives that are listed in the registry. Publishing such information also does not impose criminal penalties on or otherwise punish such executives. Publication will inform potential users of the registry that the supervised registered entity has designated the individual named on the grounds that the individual satisfies the criteria established under § 1092.204(b) with respect to the particular covered order. Those criteria do not carry any connotation of shame or wrongdoing, and publication of such information is not a punishment or penalty.

The Bureau believes that the publication of the name and title of the attesting executive associated with each covered order who satisfies the criteria of § 1092.204(b) with respect to that order will be useful to users of the nonbank registry, and disagrees that it will only cause reputational harm. For example, such information will facilitate coordination and communication regarding the order between the Bureau, other government agencies, and the supervised registered entity. Other regulators, especially those that have issued covered orders regarding the supervised entity, would likely benefit from understanding which executive(s) have been tasked with ensuring compliance with their orders. Clients or other companies that do business with the entity would have a better understanding of which areas of the company are affected by a covered order and who is responsible for compliance with it. And researchers, media, and other users of the information may be able to detect trends or patterns associated with such information.

Such additional regulatory and public scrutiny of the individuals who are so designated, and the awareness on the part of the executive and supervised registered entity that other parties may associate the executive's name with the entity's efforts to comply with the order, will promote identification and assessment of risks to consumers and compliance with the laws that the Bureau administers. In particular, with respect to covered orders enforced by the Bureau, publication as authorized under the final rule will help ensure accountability at the entity for noncompliance and provide an incentive to pay more attention to such covered orders.

One industry commenter challenged the Bureau's assertion that the publication of name and title information would promote compliance, asserting that because this information is already public in some other form, it is difficult in the commenter's view to see how this requirement creates an enhanced incentive other than creating negative reputational costs. Since the requirement to designate an attesting executive specific to each covered order stems from the rule itself and is not a preexisting requirement, information about the name and title of any particular attesting executive associated under the rule with a particular covered order would not already be public information. The Bureau believes that many attesting executives will already be publicly identified as employees of these entities in some other way ( e.g., on the company's website or in filings, licenses, or registrations required under applicable Federal or State securities or corporate law). However, such sources would not generally provide information regarding the entity's designation of attesting executives in the manner prescribed by the final rule. Also, not all public sources of information about the names and titles of executives may be as accurate or reliable, or as frequently updated, as the Bureau's registry. Publishing the name and title information in the nonbank registry itself will enhance users' ability to identify accurate and up-to-date information about such matters quickly, and to associate it with the correct covered order and supervised registered entity. By enabling enhanced monitoring of such matters, publication of the name and title information will promote compliance and the identification and assessment of risks to consumers.

One industry commenter asserted that publishing an attesting executive's name and title would disrupt supervised registered entities' normal complaint-handling procedures by creating a false perception that reaching out to a particular executive would be more effective. The Bureau agrees with the commenter that consumers generally should not rely on the name and title of the attesting executive as a tool for identifying where to direct their complaints or inquiries. Section 1092.203(b) does not identify an executive's role in the entity's complaint-handling process as one of the criteria for designating an attesting executive, and consumers should not rely on this designation for such a purpose. The Bureau acknowledges that the notice of proposed rulemaking stated that publishing the attesting executive's name and title would “inform consumers of a person to whom they could direct escalated complaints.” However, in this final rule, the Bureau is not adopting this rationale for publishing the name and title of the attesting executive. The Bureau agrees with the commenter that a supervised registered entity's normal complaint-handling procedures may not always involve the designated executive in the entity's complaint-handling process, and that consumers' escalating of complaints or inquires to officers whom the entity has not designated as responsible for fielding complaints or inquiries directly from the public may not always be effective or appropriate. Nor should consumers or other users of the nonbank registry utilize this information for the purposes of harassment, badgering, or intimidation of the entity's officers.

88 FR 6088 at 6102.

However, as described in the proposal, it is possible that at least under certain scenarios, consumers who are affected by a supervised registered entity's compliance (or failure to comply) with a covered order may benefit from knowing the name and title of the executive who has knowledge and control of the supervised entity's efforts to comply with the covered order. Publishing this information will enable consumers to better understand the operations and structure of the supervised registered entity—for example, which of the entity's lines of business or business names has responsibility for the matters addressed by the order, how their complaints or inquiries regarding matters relating to the order may be addressed, and how the entity's compliance efforts with respect to any one covered order may relate to its efforts with respect to other such orders.

Id.

Likewise, as stated in the proposal, publication of executive name and title information will enable employee whistleblowers, or other consumers who have knowledge and information about violations of the applicable order, to ensure that such information gets to the appropriate department or office within the supervised registered entity. Again, the Bureau agrees with commenters that whistleblowers and consumers generally should not rely on the name and title of the attesting executive as a tool for identifying the individual to whom to direct this information. The final rule is not intended to require supervised registered entities to establish different processes for such matters or to require attesting executives to become responsible for all whistleblower complaints. Nevertheless, publishing this information will help whistleblowers and consumers better understand the operations and structure of the supervised registered entity, including where—using any applicable processes established by the entity for obtaining information about such matters—to direct whistleblowing complaints or information about violations of the covered order in order to ensure that their complaint or information is being sent to the appropriate part of the organization.

Id.

One commenter asserted that publication of the name and title of attesting executives would not ensure that supervised registered entities are legitimate entities and are able to perform their obligations to consumers under CFPA section 1024(b)(7)(C). First, to the extent this comment is intended to assert that § 1092.204(b)'s designation requirement is unlawful, the Bureau disagrees; see parts III and IV and the section-by-section discussion of § 1092.204(b). Second, this concern is not relevant to the Bureau's legal authority to publish this information. While the Bureau is promulgating the written-statement requirements, including the requirement to designate attesting executive(s) and submit written statements, under its authority under CFPA section 1024(b)(7)(A)-(C), the Bureau is also collecting attesting executives' names and titles under its market-monitoring authorities in CFPA section 1022(c), and it intends to publish such information under its authority at CFPA section 1022(c)(3), not under CFPA section 1024(b)(7)(A)-(C). Nevertheless, the Bureau believes that publication of the name and title information will in fact independently help ensure that supervised registered entities are legitimate entities and are able to perform their obligations to consumers. Publishing this information will promote accountability and compliance at the supervised registered entity, helping to ensure that the supervised registered entity takes its legal duties seriously, and that it is not treating the risk of enforcement actions for violations of legal obligations as a mere cost of doing business. While the commenter questioned why an illegitimate entity would register at all, the Bureau believes that not all entities that register in compliance with the final rule will necessarily be perfectly willing and able to comply with their other legal obligations to consumers, including those imposed by Federal consumer financial law. Collecting and publishing name and title information for attesting executives will help ensure these entities are legitimate.

See id. at 6119.

As discussed in the proposed rule, see88 FR 6088 at 6128, the Bureau recognizes that the attesting executives' names and titles could be construed as “confidential supervisory information” as defined in the Bureau's confidentiality rules at 12 CFR 1070.2(i) because the Bureau is relying in part on its supervisory authority in 12 U.S.C. 5514 to collect the information. In the proposal, the Bureau explained that public release of information pursuant to proposed § 1092.204(a) would have been authorized by the Bureau's confidentiality rules at 12 CFR 1070.45(a)(7), which permits the Bureau to disclose confidential information “[a]s required under any other applicable law.” The Bureau recognizes that 12 CFR 1070.45(a)(7) is no longer applicable because publication under the final rule is discretionary. As such, if the Bureau publishes the above-described information, it would do so pursuant to an authorization from the Director in accordance with 12 CFR 1070.46.

With respect to commenters' privacy concerns, the only information collected under § 1092.204 related to the written statement that would be published under § 1092.205 is the attesting executive's name and title. The Bureau would not publish any contact information required to be submitted through the registry, which the Bureau intends to obtain as “administrative information” pursuant to filing instructions issued under § 1092.102(a). It is not clear how publication of this limited name and title information would result in any harassment of the attesting executives. Moreover, under the Freedom of Information Act, an individual's expectation of privacy is diminished concerning matters where the individual is acting in a business capacity. Finally, the rule requires that the attesting executive be a high-ranking senior executive officer at the entity. As such, the Bureau believes that many attesting executives will already be publicly identified as employees of these entities in some other way ( e.g., on the company's website or in filings, licenses, or registrations required under applicable Federal or State securities or corporate law). The Bureau does not believe publishing the name and title of the attesting executives implicates any more than a de minimis privacy interest.

5 U.S.C. 552.

See, e.g., Brown v. Perez, 835 F.3d 1223, 1234-37 (10th Cir. 2016); King & Spalding, LLP v. U.S. Dep't of Health & Human Servs., 395 F. Supp. 3d 116, 119-23 (D.D.C. 2019).

Response to other comments received regarding publication.

Commenters did not provide any data supporting their claims about the likely size of covered nonbanks that would be subject to covered orders. Likewise, the industry commenter provided no evidence that new and emerging covered nonbanks are more likely to be subject to covered orders, or that the proposed registry would impose an unfair burden on them. While the Bureau does not expect the final rule to impose unfair or disproportionate effects on either small or large covered nonbanks, or based upon their new or emerging status, in any case the rule's requirements do not depend upon such matters. The Bureau intends to use the information it obtains through the rule to better understand the size and other characteristics of entities that are subject to covered orders. This information will be highly relevant and useful not just to the Bureau but to all government regulators of covered nonbanks as well as the other potential users of the registry discussed above. With respect to potential costs associated with this provision on smaller entities, see parts VIII and IX.

As part of the purpose of the Bureau's publication of registry information under § 1092.205 is to make the information available and easily usable for a range of potential users, including the general public, the Bureau intends to develop a nonbank registry with the goal of making registry information searchable, sortable, and downloadable, among other things.

The Bureau believes the registry is authorized by the CFPA and does not conflict with other laws, including the FDCPA or its implementing Regulation F. The Bureau disagrees with commenters' suggestion that the Bureau's publication of information about covered orders and covered nonbanks as described in § 1092.205 is likely to lead to the disclosure of embarrassing information about consumers. As stated in part III(B), the Bureau's registry is designed to not collect any protected proprietary, personal, or confidential consumer information, and thus, the Bureau will not publish, or require public reporting of, any such information under § 1092.205.

See12 CFR part 1006.

Notwithstanding commenters' assertions, the Bureau believes that collection and publication of information will benefit other agencies, for the reasons provided in the description of the proposed rule above. The Bureau's publication of identifying information, which may not have been previously made public, will enable other agencies, as well as consumers and other users, to more readily identify companies that are subject to covered orders and otherwise obtain relevant information about them, such as their legal name and principal place of business. While certain identifying information about covered nonbanks, especially those that are subject to other disclosure obligations under Federal and State securities laws or other laws, may already be available, information about many covered nonbanks may not be publicly available. Nor will all covered nonbanks necessarily be subject to licensing regimes or, even if they are so subject, be duly licensed and registered in every jurisdiction where it is required. Publication by the Bureau of identifying information under § 1092.205 also will present such information in a consistent and readable format and will otherwise assist other agencies as well as other registry users in locating and using this information. In addition, Bureau publication of information regarding covered orders as described under § 1092.205 will collect and organize that information and make it easier to find and use. By requiring covered nonbanks to provide and maintain information about the orders under § 1092.202(d), the final rule will help ensure that other agencies and other users have ready access to collected and updated information about covered orders that may be relevant to their jurisdiction. As described in part V above, during interagency consultation some agencies stated they would use the information published in the registry, while others stated they would not.

See the section-by-section discussion of § 1092.203 above with respect to comments received regarding potential consumer confusion that commenters stated could be caused by the publication of information in the proposed registry in connection with the NMLS Consumer Access website, and the Bureau's adoption of optional one-time registration of NMLS-published covered orders under that section. As to other types of consumer confusion addressed by commenters, in the proposal, the Bureau acknowledged there may be some uncertainty over the degree to which consumers would use the publicized information and, when they do, over how consumers could interpret such information. The Bureau stated that it would continue to evaluate the possibility that publishing information collected under subpart B has the potential to create confusion, which, to the extent it occurs, is unlikely to serve the public interest. And the Bureau stated that, if it finalized the proposed provision on publishing registry information, it would consider options for publishing the information in a manner that mitigates this risk. No commenter submitted specific suggestions.

88 FR 6088 at 6128.

To be clear, registration of any covered person under the final rule does not constitute endorsement by the Bureau or any other agency of the Federal Government. Registered entities may also be subject to orders that are not published in the registry.

The Bureau does not believe, and does not intend by finalizing the rule or publishing information under § 1092.205 to suggest, that all covered orders are somehow equivalent. To the contrary, the Bureau understands that covered orders are likely to vary widely in many ways, including in the types of covered nonbanks they are issued against, the types of covered laws they enforce, the type and magnitude of the harm to consumers they address, the types of remedies they impose, their duration, and any number of other matters. One of the reasons the Bureau is adopting the final rule is so that it may collect and review covered orders, including from covered nonbanks that it may not know about, in order to better understand such issues. As discussed in the section-by-section discussion of § 1092.201(e), the Bureau does not believe these differences among covered orders require modification of the proposal. An order that satisfies the definition of the term “covered order” is subject to the rule's requirements with respect to such orders, to the extent they apply.

Nor does the Bureau believe that any differences among covered orders would render publication of such orders or the other registration information required by the rule to be misleading or inappropriate. To the contrary, publication of the information collected through the registry will better enable users to review and understand such covered orders directly for themselves, and thus to better appreciate any differences among them that may exist. Thus, publication of registry information as intended by the Bureau will accord with the Bureau's objectives and functions under the CFPA of, among other things, ensuring that “markets for consumer financial products and services are fair, transparent, and competitive,” and “publishing information relevant to the functioning of markets for consumer financial products and services” to facilitate “identify[ing] risks to consumers and the proper functioning of such markets.” Publication of the copies of covered orders obtained under § 1092.202(d)(1) will provide users with the opportunity to review the differences among covered orders.

See12 U.S.C. 5511(a).

See12 U.S.C. 5511(c)(3).

The Bureau's potential publication of information relating to consent orders as described at § 1092.205 will not provide inaccurate, inconsistent, or misleading information to consumers, as the Bureau will simply be collecting and presenting factual information regarding orders that are already published (or required to be published) elsewhere. As discussed in parts VIII and IX below, the Bureau concludes that the publication provisions of the rule will impose only minor costs on affected entities resulting from changes in consumer behavior. Publication of information as intended by the Bureau will enable users of the registry to access relevant factual information about covered nonbanks and covered orders and will not cause, but rather help prevent, confusion and the distribution of misleading information.

With respect to the commenter's objection to the publication of older orders, as discussed in the section-by-section discussion of § 1092.201(e) above, the Bureau acknowledges that in the intervening time following the issuance of a covered order and before registration, it is possible that many entities will have taken steps to address the violations and other issues identified in the covered order. But information regarding the issuance of such a covered order, and the information that will be collected under the final rule about the covered nonbank and the order, will still be useful to users of the registry. With respect to the comment that the Bureau should only require registration once a covered order has become subject to a minimum of five covered orders, the Bureau concludes that such an approach would omit useful information about both covered nonbanks and covered orders and would otherwise not further the purposes of the final rule. The Bureau also concludes that such an approach is not necessary in order to limit confusion for users of the registry. As discussed above, while the Bureau may publish information about covered nonbanks and covered orders as authorized under § 1092.205 in part to facilitate identification of entities that repeatedly break the law, the Bureau in this final rule does not purport to comprehensively define the term “repeat offender” or to establish any specific legal consequences of any such designation.

For further discussion of these and other comments regarding potential confusion related to the publication of information about covered orders, see the section-by-section discussion of § 1092.201(e) above.

The Bureau concludes that publication of the information collected under the registry with respect to such covered orders as described in § 1092.205 will serve the purposes described herein.

Response to Comments Received Regarding Proposed § 1092.204(b)

For the reasons given in the description of proposed § 1092.204(b) above, the Bureau concludes that treating the written statements that it receives under § 1092.204 of the final rule as CFPB confidential supervisory information, and not publishing them under § 1092.205 of the final rule, would facilitate the Bureau's supervision of supervised registered entities by enabling the Bureau to obtain frank and candid assessments and other information from supervised registered entities regarding violations and noncompliance in connection with covered orders. This information in turn would better enable the Bureau to spot emerging risks, focus its supervisory efforts, and address underlying issues regarding noncompliance, compliance systems and processes, and risks to consumers. The final rule adopts the proposal's approach and identifies the written statement as CFPB confidential supervisory information under § 1092.204(a)(1). The Bureau believes its existing regulations under part 1070 are adequate to establish safeguards for protecting the confidentiality of such information.

Final Rule

For the reasons described in parts III(B), IV(F), the section-by-section discussion of § 1092.205(a) above, and as follows, the Bureau is not finalizing § 1092.204(a) as proposed, but is instead adopting a revised § 1092.205(a) that provides that the Bureau “may” publish the information submitted to the nonbank registry pursuant to §§ 1092.202 and 1092.203. As described below, this provision will preserve the Bureau's discretion not to publish information based on operational considerations, such as resource constraints. The Bureau is also adopting proposed § 1092.204(b), which would have provided that the Bureau would not publish the annual written statement and would treat it as Bureau confidential supervisory information, largely as proposed but with revisions to reflect the renumbering of this provision as § 1092.205(a)(1) of the final rule. The Bureau is also adopting a provision at § 1092.205(a)(2) that expressly provides that the Bureau will not publish administrative information collected pursuant to subpart B.

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau's adoption of the revised term “nonbank registry.”

Except as described below, the Bureau intends to publish a registry that contains the identifying information for covered nonbanks that the nonbank registry collects under § 1092.202(c) and the information regarding covered orders collected under § 1092.202(d) and (f), as well as certain information collected under § 1092.203 for the purposes of enabling users of the registry to identify NMLS-published covered orders and the applicable covered nonbanks subject to them. Under CFPA section 1022(c)(3), the Bureau “shall publish not fewer than 1 report of significant findings of its monitoring required by this subsection in each calendar year,” and “may make public such information obtained by the Bureau under this section as is in the public interest.” Except as described below, the Bureau finds that it would be in the public interest to publish information (other than “administrative information,” which the final rule provides the Bureau will not publish) that has been appropriately submitted to the nonbank registry as required under § 1092.202. In addition, except as described below, the Bureau finds that the publication of certain information submitted under § 1092.203 will be in the public interest where publication would serve the purposes of allowing users of the Bureau's public registry to identify that a covered nonbank has become subject to a covered order and to be able to locate information about that covered nonbank and covered order on the NMLS Consumer Access website. The Bureau may also collect additional information under § 1092.203 for the purpose of coordinating the nonbank registry with the NMLS that it may choose not to publish. The Bureau concludes that such publication of the above-described information will be in the public interest for the reasons provided in parts III(B) and IV(F) and this section-by-section discussion of § 1092.205(a).

12 U.S.C. 5512(c)(3).

However, and notwithstanding the conclusions in the paragraph above, the Bureau reserves discretion not to publish information based on operational considerations, including resource constraints.

In light of the adopted provision providing the Bureau with discretion not to publish any or all of the information collected, the Bureau is not finalizing the provision in the proposed rule that would have expressly reserved the right not to publish any information that it determines may be inaccurate, not required to be submitted under subpart B, or otherwise not consistent with part 1092 and any accompanying guidance. However, under the final rule, the Bureau retains the discretion not to publish any information that it determines may be inaccurate, not required to be submitted under subpart B, or otherwise not consistent with part 1092 and any accompanying guidance.

The final rule provides that the publication described in § 1092.205(a) will not include the annual written statement submitted by supervised registered entities under § 1092.204. The Bureau adopts § 1092.204(b) as proposed (renumbered as § 1092.205(a)(1)) for the reasons described above, with minor revisions to reflect the renumbering of § 1092.204 and this provision.

The Bureau is also adopting a provision at § 1092.205(a)(2) that expressly provides that the publication described in § 1092.205(a) will not include “administrative information,” as that term is defined at § 1092.201(a). The proposed rule had reserved the Bureau's right not to publish administrative information, but did not expressly prohibit its publication under proposed § 1092.204(a). However, the Bureau concludes that administrative information should not be made publicly available under § 1092.205(a). The identifying information collected under § 1092.202(c) already will facilitate the ability of consumers to identify covered persons for purposes of the Bureau's authority in CFPA section 1022(c)(7)(B) to publicly disclose registration information. Further, including administrative information with other information the Bureau publishes pursuant to § 1092.205(a) is unlikely to serve the public interest for purposes of the Bureau's authority to publish information under CFPA section 1022(c)(3). The publication of information collected for a purely administrative purpose generally will not be useful to external users of the registry. Administrative information is likely to include information such as time and date stamps, contact information, and administrative questions. The Bureau may need such information to work with personnel at nonbanks and in order to administer the nonbank registry. As discussed in the section-by-section discussion of § 1092.201(a) above, the Bureau will also treat as administrative information the notifications of nonregistration submitted under §§ 1092.202(g) and 1092.204(f). Publishing such information would not be in the public interest because it is unclear what use the public would have for such information. In addition, publishing such information likely would be counterproductive to the goals of ensuring compliance with the proposal.

Also, as discussed in the section-by-section discussion of § 1092.202(d) above, under the final rule, the Bureau will treat as “administrative information” and not publish information collected under the nonbank registry regarding the names of the person's affiliates registered under subpart B with respect to the same covered order. The proposal would have collected this information under proposed § 1092.202(d)(1)(v) and published it under § 1092.204(a). Under the final rule, § 1092.201(d)(1)(v) has been deleted, but the Bureau may determine to collect this information as “administrative information” under § 1092.202(c). In filing instructions issued under § 1092.102(a), the Bureau will specify whether and how it will collect such information. The Bureau anticipates that collecting such affiliate information may be useful in administering the nonbank registry including in connection with administering any joint or combined submissions by affiliates under § 1092.202. However, while such affiliate information will generally be obvious from the face of the relevant covered order or otherwise from information that has been reported publicly, it may not always be, and the Bureau at this time does not believe that there would be a significant public benefit associated with publishing this information through its registry. Therefore, the Bureau has determined not to mandate the collection of such information in the final rule, and not to publish such information under § 1092.205 if it is collected.

Section 1092.205(b) Other Publications of Information

Proposed Rule

Proposed § 1092.204(c) would have provided that the Bureau may, at its discretion, compile and aggregate data submitted by persons under proposed subpart B and may publish such compilations or aggregations (in addition to any other publication under proposed § 1092.204(a)). The Bureau explained that any such publication that relates to annual written statements submitted under proposed § 1092.203 would be in a form that is consistent with the Bureau's treatment of those annual written statements as Bureau confidential supervisory information.

See, e.g., 12 CFR 1070.41(c).

Comments Received

Commenters did not specifically address proposed § 1092.204(c).

Final Rule

For the reasons set forth in the above description of the proposal, the Bureau adopts § 1092.204(c) as proposed (renumbered as § 1092.205(b)), with minor technical edits. Any publication under § 1092.205(b) that relates to administrative information submitted to the nonbank registry under § 1092.202 will be in an aggregated or other appropriate format that is designed not to disclose that particular administrative information relates to a particular covered nonbank.

Section 1092.205(c) Correction of Submissions to the Nonbank Registry

Proposed Rule

Proposed § 1092.204(d) would have clarified that a covered nonbank must correct an information submission within 30 days of when it becomes aware or has reason to know the submitted information was and remains inaccurate. Proposed § 1092.204(d) would have clarified that the process for making corrections will be described in the filing instructions the Bureau issues pursuant to proposed § 1092.102(a). Proposed § 1092.204(d) also would have clarified that the Bureau may direct a covered nonbank to correct errors or other non-compliant submissions to the NBR system. Under proposed § 1092.204(d), the Bureau could have directed corrections at any time and in its sole discretion.

Comments Received

Commenters did not specifically address proposed § 1092.204(d).

Final Rule

For the reasons set forth in the above description of the proposal, the Bureau adopts § 1092.204(d) as proposed (renumbered as § 1092.205(c)), with minor technical changes.

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau's adoption of the revised term “nonbank registry.”

Section 1092.206 Nonbank Registry Implementation Dates

Proposed Rule

Comments Received

Commenters did not specifically address the definition of “nonbank registration system implementation date” in proposed § 1092.101(e). For a discussion of comments addressing the timing of the effective date of the Bureau's proposed rule, see part VII below.

Final Rule

For the reasons discussed below and in the section-by-section discussion of § 1092.101(e) above and part VII below, the Bureau is adopting the revised term “nonbank registry implementation date” instead of the term “nonbank registration system implementation date” used in the proposed rule and is adopting a revised definition of this term to provide that the Bureau may specify a nonbank registry implementation date with respect to a given person or category of persons. The Bureau is also adopting § 1092.206 to specify the nonbank registry implementation date for given categories of covered nonbanks. The Bureau is not adopting the proposal to provide in the rule that the Bureau would specify the “nonbank registration system implementation date” for subpart B following the issuance of the final rule. Instead, to provide greater certainty and clarity to covered nonbanks as of the issuance of the final rule, the Bureau is specifying nonbank registry implementation dates for subpart B in § 1092.206 of the final rule.

The nonbank registry implementation date established under § 1092.206 is relevant to two provisions of the final rule. As provided in § 1092.202(b)(2)(i), each covered nonbank required to register under § 1092.202 must submit a filing containing the information described in § 1092.202(c) and (d) to the nonbank registry within the later of 90 days after the applicable nonbank registry implementation date under § 1092.206 or 90 days after the effective date of any applicable covered order. And as provided in § 1092.204(a)(1), § 1092.204 applies only with respect to covered orders with an effective date on or after the applicable nonbank registry implementation date. Thus, this provision will affect the timeframe for submission of covered orders during the initial rollout of the nonbank registry and the covered orders that will be subject to § 1092.204's written-statement requirements.

Section 1092.206 establishes the nonbank registry implementation date for purposes of subpart B as follows. Under § 1092.206(a)(1), for a covered nonbank that (as of the effective date of subpart B) is a larger participant of a market for consumer financial products or services described under CFPA section 1024(a)(1)(B) as defined by one or more rules issued by the Bureau, the nonbank registry implementation date for subpart B is 30 days after subpart B takes effect with respect to that covered nonbank. Under § 1092.206(a)(2), for a covered nonbank that (as of the effective date of subpart B) is described under any other provision of CFPA section 1024(a)(1), the nonbank registry implementation date for subpart B is 120 days after subpart B takes effect with respect to that covered nonbank. Under § 1092.206(a)(3), for any other covered nonbank, the nonbank registry implementation date for subpart B is 210 days after subpart B takes effect with respect to that covered nonbank. (Section 1092.206(a)(3) shall apply to a covered nonbank that for the first time becomes subject to the Bureau's supervision and examination authority under CFPA section 1024(a)(1) after the effective date of subpart B.)

For the administrability of the nonbank registry, which has numerous potential registrants, the Bureau has determined that registering different categories of nonbank covered persons in different phases will be appropriate. The phased implementation approach will also alleviate potential confusion in complying with the requirements of the final rule and promote greater stability and certainty for registered entities. This phased implementation approach will better enable the Bureau to learn from the information collected and its experience in maintaining the registry, and to enhance its processes before information from a wider universe of covered nonbanks is collected. As described above, the first phase under subpart B will register larger participants, the second phase will register other supervised nonbanks, and the third phase will register other covered nonbanks. Larger participants generally have greater resources to comply with the rule's requirements than do smaller business concerns. Other supervised markets may include smaller business concerns that are affected by the rule to the extent they are not excluded, such as by the exclusion for entities with less than $5 million in relevant receipts described in § 1092.201(q) discussed in the section-by-section discussion of that paragraph above. As a result, the phased registration groupings described above (registering larger participants first, then other covered nonbanks supervised under any other provision of CFPA section 1024(a)(1), then other covered nonbanks) would leave more time for most supervised registrants that are not larger enterprises to comply with the registration requirements. In addition, the Bureau believes it is appropriate to begin collecting information from covered nonbanks that are subject to the Bureau's supervision and examination authority first before extending the rule's registration requirements to other covered nonbanks, as such information will generally be more relevant to the Bureau's supervisory prioritization efforts and its supervision program.

The Bureau is also adopting § 1092.206(b), which clarifies that if paragraph (a) would establish a nonbank registry implementation date on a date that is a Saturday, Sunday, or Federal holiday, the applicable nonbank registry implementation date will be the next day that is not a Saturday, Sunday, or Federal holiday. Therefore, given an effective date for the final rule of September 16, 2024, for purposes of subpart B the nonbank registry implementation date established under § 1092.206(a)(1) will be Wednesday, October 16, 2024; under § 1092.206(a)(2), the date will be Tuesday, January 14, 2025; and under § 1092.206(a)(3), the date will be Monday, April 14, 2025.

VII. Effective Date of Final Rule

Proposed Rule

The Administrative Procedure Act generally requires that rules be published not less than 30 days before their effective dates. The Bureau proposed that, once issued, the final rule would be effective 30 days after it is published in the Federal Register . However, it proposed that registrants would only need to submit information once the Bureau launched and announced a registration system, which the proposal noted was likely to be no earlier than January 2024.

5 U.S.C. 553(d).

Comments Received

An industry commenter stated that the effective date of the rule should be at least a year from the date it is promulgated, in order to provide adequate time to establish the suggested processes, procedures, and reports in addition to adding additional staff to support the process that would be required under the proposal.

Response to Comments Received

The final rule will take effect on September 16, 2024. The Bureau disagrees with the commenter that additional time will be needed for entities to comply with the final rule. The final rule's effective date is more than three months from the issuance of the rule, and more than 60 days after anticipated publication in the Federal Register . This is a longer time period than the 30 days in the proposed rule. This longer period will provide additional time for covered nonbanks to prepare to comply with their obligations under the final rule. In addition, as discussed in the section-by-section analysis of § 1092.206 above, for the administrability of the nonbank registry the Bureau has determined that registering different nonbank covered persons in different phases will be appropriate. This phased implementation approach will better enable the Bureau to learn from the information collected and its experience in maintaining the registry, and to enhance its processes before information from a wider universe of covered nonbanks is collected. The Bureau is also specifying nonbank registry implementation dates for subpart B in § 1092.206 of the final rule to provide greater certainty and clarity to covered nonbanks as of the issuance of the final rule. Given an effective date of September 16, 2024, the earliest nonbank registry implementation date is Wednesday, October 16, 2024, or 30 days after the final rule's effective date, and no entity will be required to submit any information to the nonbank registry before Tuesday, January 14, 2025.

In addition, the reporting obligations imposed by the rule are modest. As discussed further in part VIII, the impact of the registration provisions of the rule on affected firms would be limited, and, relative to the baseline, the written-statement requirements should impose only modest costs on most covered entities. The Bureau disagrees with the industry commenter that covered nonbanks will be required to adopt costly new processes or hire a significant number of additional staff in order to achieve compliance with the final rule.

Final Rule

The effective date of the final rule is September 16, 2024. This date is more than three months after the issuance of the rule, and more than 60 days after anticipated publication in the Federal Register . This is a longer time period than the 30 days in the proposed rule. This longer time period will provide additional time for covered nonbanks to prepare to comply with their obligations under the final rule.

VIII. Dodd-Frank Act Section 1022(b)(2) Analysis

A. Overview

In developing this final rule, the Bureau has considered the rule's potential benefits, costs, and impacts. In developing this final rule, the Bureau has consulted with, or offered to consult with, the appropriate prudential regulators and other Federal agencies, including regarding consistency with any prudential, market, or systemic objectives administered by such agencies. Under CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D), the Bureau has also consulted with State agencies regarding this final rule's requirements and registry.

Specifically, section 1022(b)(2)(A) of the CFPA requires the Bureau to consider the potential benefits and costs of the regulation to consumers and covered persons, including the potential reduction of access by consumers to consumer financial products and services; the impact of the proposed rule on insured depository institutions and insured credit unions with $10 billion or less in total assets as described in section 1026 of the CFPA; and the impact on consumers in rural areas. 12 U.S.C. 5512(b)(2)(A).

12 U.S.C. 5512(c)(7)(C), 5514(b)(7)(D).

The Bureau is issuing this final rule to require nonbanks to report certain public agency and court orders imposing obligations based on violations of consumer protection laws because the creation and maintenance of a central repository for information regarding such public orders that have been imposed upon nonbank covered persons will support Bureau functions in a variety of ways and thus ultimately benefit consumers. The Bureau also believes that consumers, the public, and other potential users of the proposed registry would benefit if the Bureau publishes certain information from the registry, as it intends to do. In addition, the Bureau's receipt of annual supervisory reports from its supervised nonbanks regarding their compliance with such orders would facilitate the Bureau's supervisory efforts and assessment and detection of risks to consumers and help ensure that supervised nonbanks are legitimate entities and are able to perform their obligations to consumers.

For more information on the issue of publication, see the section-by-section discussion of § 1092.205.

This final rule has three principal sets of substantive provisions, which are separately analyzed below. The first set of provisions (hereinafter referred to as the “Registration Provisions”) will require nonbank covered persons that are subject to certain public orders to register with the Bureau and to submit certain information related to those public orders to the Bureau. The second set of provisions (hereinafter referred to as the “Supervisory Reports Provisions”) will require nonbank covered persons that are subject to supervision and examination by the Bureau to prepare and submit an annual written statement, signed by a designated individual, regarding compliance with each covered public order. The third set of provisions (hereinafter referred to as the “Publication Provisions”) describes the registration information the Bureau may make publicly available.

The Bureau received multiple comments on the proposal stating that the proposed registry was redundant with existing registries and other published information, and in particular with the NMLS. See the section-by-section analysis of § 1092.203 above for a discussion of these comments and the Bureau's response. Consistent with an approach suggested by commenters, the Bureau is adopting an express exception from the requirements of the rule for orders that are published on the NMLS Consumer Access website, except for orders issued or obtained at least in part by the Bureau; that exception may be exercised at the option of the covered nonbank. Nonbanks that exercise this option may submit a one-time registration regarding certain agency and court orders that are published on the NMLS Consumer Access website maintained at www.NMLSConsumerAccess.org, in lieu of complying with the other requirements of the rule with respect to the order. Such nonbanks will be required to submit certain limited information to the nonbank registry to enable the Bureau to identify the relevant nonbank and order and otherwise coordinate the nonbank registry with the NMLS. Upon exercising this option and submitting the required information about the relevant order, a nonbank will have no further obligation under subpart B to provide information to, or update information provided to, the nonbank registry regarding the order. By allowing this option, this final rule addresses many comments received and lowers the cost to firms of the final rule relative to the proposed rule.

B. Data Limitations and Quantification of Benefits, Costs, and Impacts

The discussion below relies in part on information that the Bureau has obtained from commenters, other regulatory agencies, and publicly available sources. The Bureau has performed outreach with other regulatory agencies on many of the issues addressed by this final rule. However, as discussed further below, the data are generally limited with which to quantify the costs, benefits, and impacts of the final provisions. In light of these data limitations, the analysis below generally provides a qualitative discussion of the benefits, costs, and impacts of the final provisions. General economic principles and the Bureau's experience and expertise in consumer financial markets, together with the limited data that are available, provide insight into these benefits, costs, and impacts.

C. Baseline for Analysis

In evaluating the benefits, costs, and impacts of the final rule, the Bureau takes as a baseline the current legal framework regarding orders that will be covered under the final rule. Therefore, the baseline for the analysis of the final rule is that nonbank covered persons are not required to register with the Bureau, nonbank covered persons subject to Bureau supervision and examination generally are not required to prepare and submit annual reports regarding compliance with public orders enforcing the law, and information on the nonbank covered persons and most corresponding covered orders is generally not published by the Bureau in the manner contemplated by the final rule.

The final rule should affect the market as described below for as long as it is in effect. However, the costs, benefits, and impacts of any rule are difficult to predict far into the future. Therefore, the analysis below of the benefits, costs, and impacts of the final rule is most likely to be accurate for the first several years following implementation of the final rule.

D. Potential Benefits and Costs of the Final Rule to Consumers and Covered Persons

With certain exceptions, the final rule will apply to covered persons as defined in the CFPA, including persons that engage in offering or providing a consumer financial product or service. Among others, these products and services generally include those listed below, at least to the extent they are offered or provided for use by consumers primarily for personal, family, or household purposes:

For the full scope of the term “covered person,” see12 U.S.C. 5481(6).

For the full scope of the term “consumer financial product or service,” see12 U.S.C. 5481(5).

Extending credit and servicing loans;
Extending or brokering certain leases of personal or real property;
Providing real estate settlement services;
Engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise acting as a custodian of funds;
Selling, providing, or issuing stored value or payment instruments;
Providing check cashing, check collection, or check guaranty services;
Providing payments or other financial data processing products or services to a consumer by any technological means;
Providing financial advisory services;
Collecting, analyzing, maintaining, or providing consumer report information or certain other account information; and
Collecting debt related to any consumer financial product or service.

The Registration and Publication Provisions will affect such covered persons (as that term is defined in 12 U.S.C. 5481(6)) that (1) do not fall within any of the listed exclusions in § 1092.201(d), such as those for insured depository institutions, insured credit unions, and related persons (as that term is defined in 12 U.S.C. 5481(25)), and (2) have had covered orders issued against them. The Supervisory Reports Provisions will affect such covered persons that (1) are subject to supervision and examination by the Bureau pursuant to CFPA section 1024(a), (2) have had covered orders issued against them, (3) are at or above the $5 million annual receipt threshold, unless such covered persons are subject to certain exclusions, and (4) are not registering covered orders under the one-time registration option for NMLS-published covered orders under § 1092.203.

12 U.S.C. 5514(a).

A major benefit of the final rule is that it will give the Bureau comparatively high-quality data on the number and type of covered orders. Currently, the Bureau does not have high-quality data on the number of covered orders, nor does it have high-quality data on the number of nonbank covered persons that are subject to covered orders.

To derive an estimate of the number of affected entities under the final rule using publicly available data, the Bureau used data from the most recent available Economic Census. Table 1 below presents entity counts for the North American Industry Classification System (NAICS) codes that generally align with the financial services and products listed above. The markets defined by NAICS codes in some cases include entities that will not qualify as covered nonbanks under the final rule. It is also possible that some covered nonbanks may not be counted in the table below, because, for example, the financial services they provide are not their primary line of business. The Bureau sought comment on NAICS codes not included in table 1 that include a significant number of entities that will be affected by the final rule, and no commenters recommended that other NAICS codes be included.

Table 1—Potential Scope of Final Rule

NAICS name(s)	NAICS code(s)	Number of NAICS entities
Nondepository Credit Intermediation	5222	14,330
Activities Related to Credit Intermediation	5223	13,618
Portfolio Management	523920	24,430
Investment Advice	523930	17,510
Passenger Car Leasing	532112	449
Truck, Utility Trailer, and Recreational Vehicle Rental and Leasing	532120	1,612
Activities Related to Real Estate	5313	79,563
Consumer Reporting	561450	307
Debt Collection	561440	3,224
Total		155,043

Therefore, for purposes of its analysis of the final rule, the Bureau estimates that there are roughly 155,043 covered nonbanks. As noted above, covered nonbanks will only be affected by the rule if they are subject to covered orders. Based on its experience and expertise, the Bureau estimates that perhaps one percent, and at most five percent, of covered nonbanks are subject to covered orders. Therefore, the Bureau estimates that the rule would likely affect between 1,550 and 7,752 covered nonbanks. The Bureau sought comment and submissions of data concerning the number and characteristics of covered nonbanks subject to covered orders but did not receive data contradicting its estimate. The Bureau also sought input on this subject during its consultation process with other Federal, State, and Tribal regulators. Notably, a coalition of State-regulator commenters with access to data from NMLS did not question the Bureau's estimate. Moreover, this coalition used the Bureau's estimate in combination with NMLS data to make arguments, which are discussed below, regarding the rule's potential impact on small entities and covered nonbanks subject to supervision and examination by the Bureau.

However, a different commenter appeared to disapprove of the Bureau's estimates, asserting that the CFPB was merely guessing on the potential scope of its rule. This commenter did not provide other analytical approaches or data for the CFPB to consider when estimating the number of affected nonbanks, nor did the commenter provide a different estimate. In response to this comment, the Bureau sought to check the reasonableness of its estimate by obtaining data from a database titled “Violation Tracker,” maintained by Washington, DC-based nonprofit Good Jobs First ( https://violationtracker.goodjobsfirst.org/ ). The database collects reports of orders entered against companies for violating a wide range of laws. From the database, the Bureau obtained data on agency actions identified in the database as involving “consumer-protection related offenses” or “financial offenses” with penalty announcement dates between 2017 and April 2024. This data set includes roughly 13,200 orders. The Bureau further limited the data to orders identified by the database as involving a “primary offense type” related to “consumer protection,” “discriminatory practices (non-employment),” “privacy,” “banking,” “mortgage abuses,” or “payday lending,” which resulted in a collection of roughly 4,500 orders. Of these, some orders apply to the same entity. Taking those orders into account, the Bureau estimates that this set of orders applies to roughly 3,700-4,000 unique entities. The Bureau notes that these numbers are consistent with its estimate of the number of entities likely to be affected by the final rule (1,550 to 7,752 covered nonbanks), which the Bureau provided in the proposal and reaffirms here.

The Bureau's analysis of the Violation Tracker data may exclude some covered nonbanks subject to covered orders. The Violation Tracker database excludes orders with penalties of less than $5,000, so the estimates above do not account for them. In addition, the filters that the Bureau has applied may have excluded some orders that would qualify as “covered orders” subject to the rule's requirements. Moreover, the Bureau has not verified the accuracy or completeness of the Violation Tracker data, so it is possible the data do not include some covered orders that would need to be registered under the rule.

The estimates derived above also likely include some entities that are not covered nonbanks subject to covered orders. The Violation Tracker database does not purport to identify “covered orders” that would be subject to the final rule's registration requirements, and the “primary offense types” identified in the data may be highly overinclusive. Further, among the orders in the data set, the rule's registration requirements would apply only to those orders that remain in effect as of the rule's effective date, but the Bureau lacks data to exclude from its analysis of the Violation Tracker data orders that are no longer in effect. Indeed, the written statement provisions apply only to orders with an effective date on or after the applicable nonbank registry implementation date, so none of the orders described above will implicate the written statement provisions. The data include orders that may not be “public” as defined in the final rule; see § 1092.201(m) of the final rule. And many entities subject to the identified orders are insured depository institutions or insured credit unions and so will not be “covered nonbanks” under the final rule; see § 1092.201(d)(1) of the final rule. Thus, many, and perhaps most, of the orders included in the estimates above are likely not “covered orders” under the final rule.

Because of these caveats, the Bureau does not view the 3,700-4,000 numbers derived above from the Violation Tracker database as a highly accurate estimate of the number of entities likely to be affected by the final rule. However, the Bureau finds that these data further confirm the reasonableness of the Bureau's estimate in the proposed rule of the number of entities that the rule will likely affect.

The Bureau sought comment and submissions of data concerning the number and characteristics (such as annual revenues, number of employees, and main area of business) of covered nonbanks subject to covered orders. However, commenters generally did not provide, and the Bureau does not have, this kind of quantitative data to analyze the costs, benefits, and impacts of the final rule. In light of the limited data available to the Bureau on the number of covered nonbanks subject to covered orders, the analysis below focuses on the potential benefits and costs of the proposed rule for affected consumers and covered nonbanks.

1. Registration Provisions

Under these final provisions, affected entities will have to provide: (1) identifying information and administrative information and (2) information regarding covered orders. The Bureau believes this information should be readily available to affected firms. Therefore, the cost of complying with the Registration Provisions for most affected firms should be on the order of a few hours of an employee's time. The cost would likely be even lower for firms that have and exercise the option to register NMLS-published covered orders under § 1092.203. The cost may be higher for firms with several covered orders, or with covered orders that are frequently modified and are not registered under § 1092.203's one-time-registration provisions.

The Bureau generally expects that firms will know whether they are covered persons or are subject to covered orders. If a firm is unsure of its obligations under the Registration Provisions, one option would be to hire outside legal counsel to advise them on these issues. However, another option for such firms would be to register using the nonbank registry, even if doing so is not legally required. As explained above, the cost associated with registering an order is likely low—a few hours of an employee's time. In addition, if firms have a good-faith basis to believe they are not covered nonbanks (or that their orders are not covered orders), they may submit a notice to the nonbank registry stating such under § 1092.202(g). Preparing and submitting such notices would take at most a few hours of an employee's time. The Bureau further notes that the mere act of registering an order or submitting a § 1092.202(g) notice is unlikely to have significant indirect costs because § 1092.102(c) would provide that the rule “does not alter any applicable process whereby a person may dispute that it qualifies as a person subject to Bureau authority.” Firms should generally choose the lowest-cost option available to them, and low-cost options—either registering under the nonbank registry or filing a notice under proposed § 1092.202(g)—are options available to firms.

To obtain a quantitative estimate of the cost of this final provision, the Bureau assesses the average hourly base wage rate for the reporting requirement at $49.29 per hour. This is the mean hourly wage for employees in four major occupational groups assessed to be most likely responsible for the registration process: Management ($66.23/hr); Legal Occupations ($64.34/hr); Business and Financial Operations ($43.55/hr); and Office and Administrative Support ($23.05/hr). We multiply the average hourly wage of $49.29 by the private industry benefits factor of 1.42 to get a fully loaded wage rate of $70.00/hr. The Bureau includes these four occupational groups in order to account for the mix of specialized employees that may assist in the registration process. The Bureau assesses that the registration process will generally be completed by office and administrative support employees that are generally responsible for the registrant's paperwork and other administrative tasks. Employees specialized in business and financial operations or in legal occupations are likely to provide information and assistance with the registration process. Senior officers and other managers are likely to review the registration information before it is submitted and may provide additional information. Assuming as outlined above a fully loaded wage rate of roughly $70, and that complying with this provision would take around five hours of employees' time, yields a cost impact of around $350 per firm. Again, the cost would likely be even lower for firms that have and exercise the option to register NMLS-published covered orders under § 1092.203. Because § 1092.203 requires less information from covered nonbanks than § 1092.202, exercising the option made available in § 1092.203 should take even less employee time. Therefore, the impact of this final provision on affected firms will be limited.

See U.S. Bureau of Labor Statistics, National Occupational Employment and Wage Estimates United States (May 2023), https://www.bls.gov/oes/current/oes_nat.htm. The hourly wage estimates used in the proposed rule were slightly different because they were drawn from 2021 data.

As of December 2023, the ratio between total compensation and wages for private industry workers is 1.42. See U.S. Bureau of Labor Statistics, Employer Costs for Employee Compensation: Private industry dataset (December 2023), https://www.bls.gov/web/ecec/ecec-private-dataset.xlsx.

In the unlikely event that a covered nonbank concluded that registering an NMLS-published covered order under § 1092.203 would be more costly than registering it under § 1092.202, the covered nonbank could forgo the option presented in § 1092.203 and register the order under § 1092.202 instead.

One commenter appeared to disagree with the Bureau's cost estimate, objecting to the proposed rule because of the expense of submitting, monitoring, and updating the “vast” amount of information under the rule. As discussed in more detail above, the Bureau does not agree that the Registration Provisions require entities to submit “vast” amounts of information. The commenter did not elaborate on this point or provide alternative data or analysis to produce an alternative cost estimate of the Registration Provisions. However, the Bureau agrees that entities registering orders under § 1092.202 may incur ongoing costs to comply with § 1092.202(b)(2)(ii), which requires that covered nonbanks submit revised registration filings within 90 days after any amendment to a registered covered order or information required under § 1092.202(c) or (d). Similarly, § 1092.202(f) requires a registered entity to submit a revised filing within 90 days if a covered order is terminated, modified, or abrogated, or if it ceases to be a covered order by operation of § 1092.202(e). The Bureau believes that the cost of those subsequent filings would generally be less than the cost of preparing and submitting the initial registration.

Covered nonbanks registering NMLS-published covered orders under § 1092.203 are not required to submit revised filings under § 1092.202(b)(2)(ii) or (f).

These final provisions will likely not provide any benefits for affected firms.

These final provisions will give the CFPB comparatively high-quality information on outstanding covered orders and the entities subject to those orders. That information will assist the Bureau in monitoring for risks to consumers in the offering or provision of consumer financial products or services. The registry will allow the Bureau to more effectively monitor for potential risks to consumers arising from both individual violations of consumer protection laws and broader patterns in such violations and enforcement actions intended to address them. Such monitoring, in turn, will help inform the Bureau's exercise of its other authorities. It will assist the Bureau in determining whether to prioritize certain entities for risk-based supervision, or to investigate whether certain entities have committed violations that warrant Bureau enforcement actions. The Bureau also anticipates that the Registration Provisions will give it more information on important gaps in existing consumer financial protection laws and will therefore improve future Bureau regulations. In addition, by providing the Bureau with more information on consumer harms in various markets, the Registration Provisions will improve the Bureau's consumer education efforts. All of these effects would benefit consumers. The Bureau does not have any data to quantify these benefits.

The Bureau will achieve these benefits even for NMLS-published covered orders registered under § 1092.203 of the final rule. Although registrations under § 1092.203 will include less information than under § 1092.202, registrations under § 1092.203 will notify the Bureau about the existence of the covered nonbank and the issuance of an applicable order against it. The Bureau will then generally be able to obtain further information about the order and the covered nonbank through the NMLS and the agency that issued or obtained the order.

A joint letter by State regulators argued that the notice of proposed rulemaking overstated the benefits to the Bureau of the proposed rule. The letter asserted that the Bureau has not proven that there is a recidivism problem among nonbanks that would necessitate the creation of the Bureau's registry and that State regulators are effectively protecting consumers from repeat offenders through existing mechanisms and authorities. To substantiate this claim, the letter provided examples of instances in which agencies have brought actions against entities that have repeatedly violated the law. The Bureau agrees with the point that it and other regulators have at times successfully brought enforcement actions against entities that have repeatedly violated the law. But the Bureau disagrees with the commenter's view that this implies the Bureau and other regulators could not or should not improve their regulatory, supervisory, and enforcement activity. As described in the paragraph above, the registry will assist the Bureau in monitoring for risks to consumers in the offering or provision of consumer financial products or services. Among other things, the registry will assist the Bureau in analyzing trends in enforcement actions against covered nonbanks, including trends regarding nonbank recidivism. Notably the State regulators' joint letter provides no concrete data on such trends and instead only provides anecdotal examples of individual enforcement actions; providing data on such trends will be one benefit of the rule.

The Registration Provisions will likely not impose any significant costs on consumers. As noted above, the final provisions would impose limited costs on a minority of firms in consumer finance markets. Firms are unlikely to raise prices as a consequence, given the minimal size of the cost increase and the fact that it is borne by a small portion of the overall market.

2. Supervisory Reports Provisions

These final provisions will only affect covered nonbanks subject to Bureau supervision and examination. Furthermore, such covered nonbanks that have opted to register NMLS-published covered orders under § 1092.203 will not be subject to these final provisions with respect to such orders. Therefore, they will affect fewer covered nonbanks and fewer consumers than the Registration Provisions analyzed above.

Some firms may be unsure whether they are supervised covered persons not otherwise excluded from the requirements of the final Supervisory Reports Provisions, or whether they are subject to covered orders, so they may be unsure whether they will have to comply with these final provisions. The Bureau notes that complying with these final provisions if it is legally unnecessary is unlikely to have greater costs than if it is legally necessary, because § 1092.102(c) provides that the rule does not alter applicable processes whereby a person may dispute that it qualifies as a person subject to Bureau authority. Also, under § 1092.204(f), if a firm has a good-faith basis to believe that it is not a supervised registered entity subject to the Supervisory Reports Provisions (or that its order is not a covered order), it may submit a notice to the nonbank registry stating as such. Preparing and submitting such a notice would take at most a few hours of an employee's time. Firms should generally choose the lowest-cost option available to them. Therefore, firms are unlikely to spend more to determine whether they need to comply with the Supervisory Reports Provisions than the cost to the firms of complying with the provisions or, for firms with a good-faith basis to believe they are not supervised registered entities (or their orders are not covered orders), of filing a § 1092.203(f) notice.

These provisions will require that affected supervised entities designate an attesting executive for each applicable covered order. The attesting executive will be a duly appointed senior executive officer (or, if no such officer exists, the highest-ranking individual at the entity charged with managerial or oversight responsibilities) (i) whose assigned duties include ensuring the supervised registered entity's compliance with Federal consumer financial law, (ii) who possesses knowledge of the supervised entity's systems and procedures for achieving compliance with the covered order, and (iii) who has control over the supervised entity's efforts to comply with the covered order. The Bureau believes that, even under the baseline scenario, most supervised entities would take active steps to comply with covered orders, and therefore would already have such an officer or individual in place to oversee the entity's compliance with its obligations under the covered order. Therefore, the Bureau anticipates that this designation requirement would impose little or no additional cost on most supervised registered entities. The Bureau notes that the cost may be higher for supervised entities that lack a high-ranking officer or other employee with the requisite qualifications to serve as an attesting executive. But the Bureau believes that there would be few such entities because the Bureau expects most supervised registered entities maintain adequate board and management oversight consistent with an appropriate compliance management system.

The Supervisory Reports Provisions will also require that the supervised registered entity submit a written statement signed by the applicable attesting executive for each covered order to which it is subject. In the written statement, the attesting executive will: (i) generally describe the steps that the attesting executive has undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order for the preceding calendar year; and (ii) attest whether, to the attesting executive's knowledge, the supervised registered entity during the preceding calendar year identified any violations or other instances of noncompliance with any obligations that were imposed in a public provision of the covered order by the applicable agency or court based on a violation of a covered law.

The Bureau cannot precisely quantify the impact of the written-statement requirement on impacted firms. But based on its experience and expertise, the Bureau believes that most entities subject to covered orders endeavor in good faith to comply with them and will already have in place some manner of systems and procedures to help achieve such compliance. For these entities, the written-statement requirement will require little more than submitting a written statement from the attesting executive that generally describes the steps the executive took consistent with the established systems and procedures to reach conclusions regarding entity compliance with the orders. Thus, relative to the baseline, the written-statement requirement will impose only modest costs on most covered entities, related primarily to the time and effort needed to (i) memorialize the attesting executive's existing oversight of compliance and (ii) determine whether the supervised registered entity during the preceding calendar year identified any violations or other instances of noncompliance with any obligations that were imposed in a public provision of the covered order by the applicable agency or court based on a violation of a covered law.

While the attesting executive would sign the written statement, the Bureau expects that other employees in other major occupational groups (Legal Occupations, Business and Financial Operations, and Office and Administrative Support) would support the attesting executive in preparing the statement. Assuming that satisfying the written-statement requirement would take twenty hours of employees' time, and that the average cost to entities of an employee's time is roughly $70 an hour as discussed above, yields an estimate that the cost of this requirement on covered entities would be roughly $1,400 per firm.

The Bureau acknowledges that, under the baseline, some supervised registered entities may not have in place systems and procedures to allow them to confidently identify violations or other instances of noncompliance with any obligations that were imposed in a public provision of the covered order. As discussed elsewhere in this preamble, the Supervisory Reports Provisions will likely prompt some such entities to adopt new or additional compliance systems and procedures, imposing a greater cost on them. However, as noted above, based on its experience and expertise, the Bureau believes that most entities subject to covered orders endeavor in good faith to comply with them and will already have in place some manner of systems and procedures to help achieve such compliance. Therefore, the Bureau believes that the number of supervised registered entities that will put in place significant new compliance systems and procedures as a result of the rule will be relatively small.

In addition, the Supervisory Reports Provisions will require entities to maintain records related to the written statement for five years. Conservatively assuming that ensuring the necessary documents are properly stored also requires ten hours of employee time adds $700 to the costs to affected entities of these final provisions. One commenter stated that entities would have to pay for document retention and storage to comply with the proposed rule, but did not suggest that the Supervisory Reports Provisions' recordkeeping requirements would impose more than $700 in costs on affected entities.

The Bureau notes that, for the purposes of the final rule, the term “supervised registered entity” excludes persons with less than $5 million in annual receipts resulting from offering or providing consumer financial products and services described in CFPA section 1024(a). Relative to this final rule, the proposed rule further included in the term “supervised registered entity” persons with more than $1 million in annual receipts. Therefore, this final rule should impact fewer firms, with higher average annual receipts, than anticipated by the proposed rule. The combined costs of around $2,100 imposed by the Supervisory Reports Provisions on the majority of affected entities should be roughly 0.04 percent or less of annual receipts.

12 U.S.C. 5514(a). See the section-by-section discussion of § 1092.201(q)(4) for more information regarding how annual receipts are calculated.

The costs of the Supervisory Reports Provisions may be higher in absolute terms at larger entities because identifying instances of noncompliance with obligations imposed in a public provision of a covered order may be more complex at larger entities. But because larger entities will generally have greater annual receipts, the applicable compliance costs as a percentage of annual receipts will likely remain nominal even for larger entities. The costs of the Supervisory Reports Provisions will also likely be higher at entities with multiple instances of noncompliance with public provisions of covered orders, or with multiple covered orders.

Some commenters argued either that the Supervisory Reports Provisions would impose an undue burden or that the analysis in the proposed rule underestimated the costs imposed by the Supervisory Reports Provisions. Those commenters, however, did not provide data, information, or analysis to support their claims. Another commenter suggested a higher employee cost estimate of $118 per hour for work to prepare the written statement, based on the commenter's members' experience. The Bureau notes that, as discussed above, in data from the Bureau of Labor Statistics the highest wage rate among all occupations considered (for Management) is $66.23 per hour; multiplied by a benefits factor of 1.42 as discussed above, this yields an employee cost estimate of $94.05 per hour. Still, using the commenter's preferred hourly cost estimate yields a total cost estimate of roughly $2,400 per firm for the twenty hours of employees' time estimated to be required to prepare a written statement. This represents roughly .05 percent of the annual revenue of an entity with annual revenue of $5 million per year. Another commenter argued that the proposed rule's requirements were vague and so would take more staff time, at a higher average hourly rate, than analyzed in the proposed rule; this commenter instead favored compliance cost estimates of $4,200-$7,200 for internal employees plus roughly $4,000 for outside counsel, for a total cost of $8,200-$12,200. The Bureau disagrees with this commenter's view that the rule's requirements are vague and will generally impose costs this high. Still, to put the commenter's estimates in perspective, the Bureau notes that $12,200 would still constitute less than .25 percent of annual receipts for firms with average annual receipts of at least $5 million.

Similarly, another commenter argued the Bureau significantly underestimated the amount of time involved with complying with the written-statement requirement; this commenter estimated that the time involved would be akin to the time spent by public companies preparing CEO and CFO certifications of Securities and Exchange Commission (SEC) filings under section 302 of the Sarbanes-Oxley Act and 18 U.S.C. 1350, which was enacted in section 906 of that Act. The Bureau disagrees that the time and internal verification processes associated with the CEO and CFO certifications under those provisions of the Sarbanes-Oxley Act are comparable to what is required to fulfill a supervised registered entity's obligations under the Supervisory Reports Provisions. Section 302 of the Sarbanes-Oxley Act required the SEC to issue a rule requiring CEOs and CFOs to certify in annual and quarterly reports that the reports do not contain material misstatements or misleading omissions and that they fairly present in all material respects the entity's financial condition and results of operations. Section 302 also required the SEC's rule to mandate that CEOs and CFOs make certain certifications regarding the entity's internal controls and disclosures to auditors. Similarly, under 18 U.S.C. 1350, when an issuer files a periodic report containing financial statements with the SEC, that report must be accompanied by a written statement from the CEO and CFO certifying that the periodic report fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act of 1934 and that the information contained in the report “fairly presents, in all material respects, the financial condition and results of operations of the issuer.” The commenter stated that these certifications typically require hundreds of hours and the involvement of a disclosure committee comprised of other professionals who, in addition to providing the CEO and CFO necessary assurances to support their certifications, may also provide their own sub-certifications.

See Sarbanes-Oxley Act of 2002, Public Law 107-204, secs. 302, 906, 116 Stat. 745, 777-78, 806.

18 U.S.C. 1350(b).

The contents of the written statement required under the final rule here, by contrast, are of a more general, non-technical character and can be derived from the executive's own knowledge, with reference as needed to documents and information related to the entity's compliance with the covered order. The written statement merely requires a general description of the steps the executive has personally undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order, and a statement, “to the attesting executive's knowledge,” of whether the supervised registered entity identified any violations or instances of noncompliance with applicable obligations under the order during the preceding calendar year. Because the written statement is far more limited than the certifications required under the cited provisions of the Sarbanes-Oxley Act, the Bureau does not believe that the costs of complying with those Sarbanes-Oxley Act provisions provide an appropriate benchmark for estimating the costs of the written-statement requirements. Indeed, as noted elsewhere in this preamble, this final rule does not establish any minimum procedures or otherwise specify the steps the attesting executive must take in order to review and oversee the supervised registered entity's activities. Nor does the final rule establish any minimum level of compliance management or expectation for compliance systems and procedures at supervised registered entities, or purport to impose any restrictions on the manner in which supervised registered entities address such matters. Therefore, the Bureau reaffirms its conclusion that, for most supervised registered entities, the written-statement provisions will impose only modest costs beyond the costs entities are already incurring to ensure compliance with covered orders.

See § 1092.204(c) of the final rule (requiring supervised registered entities to provide attesting executives access to documents and information necessary to make the written statement).

§ 1092.204(d) of the final rule.

As explained in greater detail in part IV(D) and the section-by-section discussion of § 1092.204 above, the Supervisory Reports Provisions will facilitate the Bureau's risk-based supervision efforts, including its efforts to assess compliance with the requirements of Federal consumer financial law, obtain information about the supervised entities' activities and compliance systems or procedures, and detect and assess risks to consumers and to markets for consumer financial products and services. All of these effects would benefit consumers. Moreover, while as noted above the Bureau believes that most entities subject to covered orders endeavor in good faith to comply with them and will already have in place some manner of systems and procedures to help achieve such compliance, it is also likely that these final provisions will cause a few entities without such systems and procedures to develop them. This will also benefit consumers. The Bureau does not have any data to quantify this benefit.

One commenter agreed with the analysis above that most entities subject to covered orders already endeavor in good faith to comply with them, and so the number of supervised registered entities that will put in place significant new compliance systems and procedures as a result of the rule will be relatively small. However, this commenter argued that this in turn implies that the rule will have little compliance benefits. The Bureau agrees with this commenter that the final rule is unlikely to have a significant effect on the compliance efforts of the entities already endeavoring in good faith to comply with covered orders. But the Bureau also notes that the final rule will likely improve the compliance efforts of a smaller number of entities that under the baseline would not endeavor in good faith to comply with covered orders. As discussed in both the proposed rule and this preamble, this should have a number of beneficial effects for consumers.

One commenter argued that the attestation requirement would divert entities' limited resources away from serving consumers. Similarly, another commenter argued the requirement would lead entities to prioritize compliance with covered orders over other compliance obligations, creating compliance risks for consumers. As stated above, the Bureau believes that no more than 5 percent of all covered nonbanks are subject to covered orders; of these many may have less than $5 million in relevant annual receipts, otherwise not be supervised registered entities, or exercise their option to register NMLS-published covered orders under § 1092.203, so the number of firms impacted by the Supervisory Reports Provisions should be limited. Finally, as argued above the Bureau expects that even entities subject to the Supervisory Reports Provisions will generally incur minor costs because of it. For these reasons the Bureau disagrees with these commenters that the Supervisory Reports Provisions would have any meaningful costs for consumers. Indeed, as described in the paragraph above, the Bureau believes this provision will benefit consumers, including through providing a further incentive for entities to comply with their legal obligations.

3. Publication Provisions

For affected covered nonbanks, the main effect of these provisions will be that (1) their identifying information, (2) information regarding covered orders that they provide to the Bureau, and (3) for supervised registered entities, the name and title of the attesting executive, may be posted on the internet by the Bureau. Much of this information would be public even under the baseline, so the additional direct effect of this information being posted on the Bureau's website should be small. While as detailed below there will be indirect benefits and costs associated with improving accountability, general public awareness, and enforcement of consumer protection law, the Bureau does not anticipate publishing its registry would have a significant direct impact on consumer shopping decisions.

As explained elsewhere in this preamble, the Bureau intends to publish this information but is retaining the discretion not to publish the information based on operational considerations, such as resource constraints. The analysis here assumes that the Bureau will effectuate its intended approach of publishing the stated information. If the Bureau were not to publish any of the information it collects under the final rule, the potential benefits and costs discussed in this section largely would not be realized, except that, to a more limited extent, some of the benefits and costs associated with the Publication Provisions could result from the Bureau's sharing of registry information with other government agencies under memorandums of understanding or other interagency arrangements. Similarly, if the Bureau were to publish only a portion of the information that it currently intends to publish, the benefits and costs of the Publication Provisions likely would be more limited than the benefits and costs associated with the Bureau's current publication plans.

Because covered nonbanks will provide the required registry information only if they are subject to covered orders, consumers might interpret the presence of a covered nonbank on the Bureau's website as negative information about that covered nonbank. Therefore, these provisions may have negative reputational costs for covered nonbanks whose information is published on the Bureau website. Yet covered orders would be public information even under the baseline with no rule. Therefore, these provisions will not make public any non-public orders. This will limit the likely costs to covered nonbanks of these provisions.

These final provisions will allow certain information related to covered orders that is already public to be centralized on the Bureau's website. This will make the information more readily accessible than it would otherwise be. One commenter argued that the proposed rule did not give any weight to this effect, but it was explicitly acknowledged in the proposed rule. A large body of research has studied the circumstances under which providing consumers better access to information does, and does not, improve consumer outcomes. One consensus from this research is that well-designed information disclosures can be effective at directing consumer attention. For example, one study found that providing certain borrowers with information about the costs of their loans reduced borrowing. However, another consensus from this research is that information disclosures do not always materially affect consumer decision-making, and that the impact of information disclosures on consumer decision-making depends on their design and implementation. Impactful information disclosures are typically more direct ( e.g., disclosing the costs of a particular type of loan to prospective borrowers) and more timely ( e.g., disclosed to prospective borrowers at the time they are obtaining a loan) than the information that will be centralized and published under this final provision. Therefore, the Bureau believes that most consumers will not change their behavior directly because of this final provision, so the impact of this final provision on most affected entities will likely not be significant.

For one review of this research, see Thomas A. Durkin and Gregory E. Elliehausen, Truth in Lending: Theory, History, and a Way Forward (2011).

See Marianne Bertrand and Adair Morse, Information Disclosure, Cognitive Biases, and Payday Borrowing, 66 The Journal of Finance 1865, 1865-93 (2011).

Many commenters agreed with this analysis, although one mischaracterized the proposed rule as arguing that consumers would be likely to use the public registry. In response to these comments, the Bureau notes that as discussed in the proposed rule the registry may benefit consumers in a number of ways beyond directly influencing their behavior. As discussed in the proposed rule, the Publication Provisions are likely to help government agencies, including the Bureau, enforce consumer protection laws. As noted by some commenters, the Publication Provisions may also help provide valuable information to other individuals or organizations, such as researchers, investors and business partners of covered persons, and media and advocacy organizations. Providing additional information to these entities through publication will also benefit consumers. Moreover, although the Bureau expects that a fraction of consumers may use the registry to make informed decisions in the market for consumer financial products and services, directly informing consumers of covered orders was not the exclusive purpose of the Publication Provisions in either the proposed or final rules.

See part IV(F) and the section-by-section discussion of § 1092.205 above.

Commenters also argued that publishing the registry information will have a small effect on consumer behavior because the registered orders will already be public and available for consumers to review. While these comments appear to disagree with the comments discussed in the previous paragraph regarding the reasons why the Bureau's registry likely will have a small direct effect on consumer behavior, these commenters appear to agree with those in the previous paragraph, and with the Bureau, that the direct effect on consumer behavior will in fact be small. Again, this would imply that the Publication Provisions would impose only minor costs on affected entities resulting from changes in consumer behavior. And again, in response to these comments, the Bureau notes that directly informing consumers of covered orders was not the exclusive purpose of the Publication Provisions in either the proposed or final rules.

Conversely, other commenters argued that the Bureau's analysis understates the reputational costs of publication, including to new and emerging financial institutions. These commenters, however, did not provide any support for this claim or provide an alternative estimate of the Publication Provisions' costs.

Commenters also argued that the public registry would misinform consumers because consumers would not have the legal context to understand the orders. Similarly, another commenter argued that impacted entities would need to invest resources into combatting the reputational harm imposed by the Publication Provisions. These arguments, however, appear to suppose that many consumers will themselves see, and change their behavior based on, the public orders, which as argued above (by both the Bureau and other commenters) is likely incorrect. While the Bureau agrees that some consumers, if they saw the covered orders, would find them to be complex and challenging to interpret, that is one reason the Bureau has concluded that the public registry would have less direct impact on consumers than other kinds of information disclosures that are generally found to be effective. The Bureau also reiterates its belief that few consumers would likely see these covered orders themselves, even under the final Publication Provisions.

The Bureau acknowledges that the issues disclosed by a few covered orders may be so controversial among consumers that their publication on the Bureau's website could impose a substantial impact on the firms affected by those orders. However, as noted above, covered orders would be public information even under the baseline with no rule. Therefore, covered orders that disclose particularly controversial practices would likely be well known among consumers even under the baseline.

Commenters also expressed concern that the Publication Provisions would result in increased litigation for covered nonbanks, both through enforcement actions by government agencies and through class action and other lawsuits by private litigants. The Bureau agrees that the public registry could provide some informational benefits to government enforcement agencies and private attorneys and would therefore impose corresponding enforcement, litigation, and insurance costs on some entities. As discussed above, the Publication Provisions may also help provide valuable information to other individuals or organizations, such as researchers, investors and business partners of covered persons, and media and advocacy organizations; providing information to these individuals or organizations may impose corresponding costs on entities affected by the Publication Provisions, such as costs to respond to publications based on information obtained from the Bureau's registry. The Bureau does not have any data with which to quantify these costs. However, as discussed above the Bureau believes that perhaps 1 percent and at most 5 percent of covered entities are subject to covered orders, and that among entities subject to covered orders, most endeavor in good faith to comply with them. Therefore, the Bureau expects that the Publication Provisions will only expose a small number of entities to increased costs. Moreover, the Bureau does not share the commenters' belief that providing information to government enforcement agencies and attorneys provides no benefit to consumers. To the contrary, as explained above, the Bureau views facilitating public and private enforcement of the Federal consumer financial laws as a benefit of this registry. The Bureau thus agrees with different commenters that the registry will help the CFPB, law enforcement community, and the public limit the harms from repeat violators of their legal obligations.

See the section-by-section discussion of § 1092.205 above.

One commenter noted that these final provisions could put affected entities at a competitive disadvantage relative to other entities in the market, by making information about them and the covered orders to which they are subject more accessible. The Bureau acknowledges that public awareness that an entity has been subjected to liability for violating a covered law may disadvantage that entity relative to other entities that have not been subjected to similar liability. However, the Publication Provisions would not make public any covered orders that were not already published (or required to be published). This in turn mitigates the direct effects of this final provision on marketplace competition.

These final provisions could benefit firms in affected markets, even those without covered orders, by centralizing certain information on covered orders. This could give firms a clearer picture of how consumer financial protection laws are enforced across agencies and jurisdictions, and could reduce costs for firms that would conduct research into this question under the baseline. As noted by one commenter, these provisions may have benefits to other market participants, such as potential investors, contractual partners, financial firms, and others that are conducting due diligence on a registered nonbank. Providing the public, including firms, with information on the extent and nature of covered orders is consistent with the Bureau's congressionally assigned purpose of ensuring that consumer financial markets are fair, transparent, and competitive. The Bureau does not have any data with which to quantify these benefits.

See discussion at part IV(F) above.

12 U.S.C. 5511(a).

For consumers, one effect of the final provision will be improved access to information about covered nonbanks with covered orders. However, as noted above, this information would be public even under the baseline. Moreover, as discussed in more detail above, impactful information disclosures are typically more direct and more timely than the information that would be centralized and published under this provision. Therefore, the Bureau believes that most consumers will not change their behavior due to this final provision. As discussed in more detail above, many commenters agreed with this conclusion.

By centralizing certain information on covered orders, another effect of the Publication Provisions will be to improve the ability of regulatory agencies besides the Bureau to conduct their activities, including supervision, enforcement, regulation, market monitoring, research, and consumer education. One commenter argued that the benefits of the rule for enforcement agencies were overstated in the proposed rule because covered orders are already public and because certain regulators are already aware of certain covered orders. However, the Bureau noted these points in the proposed rule. The Bureau argued in the proposed rule, and finds here, that the Publication Provisions would indirectly benefit consumers by centralizing certain information that is already public, which will assist agencies charged with enforcing Federal consumer financial laws with carrying out their responsibilities. Several commenters and consulting parties agreed that the proposed rule would help regulators and law enforcement. The Bureau does not have any data to quantify this benefit.

The Publication Provisions will likely not impose any significant costs on consumers. As noted above, the provisions may impose some costs on some firms, and it is possible that those firms may respond to these increased costs by increasing prices for consumers. But as discussed above, the costs of these provisions on affected firms will be limited, so any cost increases caused by the rule will be limited at affected firms. Moreover, many firms will not be affected at all by these provisions and so will not raise prices because of these provisions.

Finally, a number of commenters argued that the proposed rule, by increasing the costs to entities of consent orders, would discourage settlements in regulatory proceedings and so impose further costs on affected entities. The Bureau acknowledges that the final rule will increase the costs to entities of covered orders, and so may have a marginal effect on the decision of some entities to settle. However, as argued above, the Bureau believes that the costs imposed by the final rule on entities subject to covered orders will be quite limited, so relative to the baseline, the final rule should increase the expected costs of settlement by little. Therefore, the Bureau believes that, among entities deciding whether to settle an enforcement action, it would be rare for costs imposed by this final rule to make a difference in the decision. Moreover, as noted above, the Bureau believes that perhaps one percent, and at most five percent, of covered nonbank entities are subject to covered orders. The small number of covered entities subject to covered orders strongly suggests that only a small percentage of such entities become subject to covered orders each year, and so could arguably be deciding whether to settle an enforcement matter that might result in a covered order. Therefore, the final rule should have only a small effect on the decisions of a small number of firms contemplating whether or not to settle.

E. Potential Specific Impacts of the Final Rule

1. Insured Depository Institutions and Insured Credit Unions With $10 Billion or Less in Total Assets, as Described in Section 1026

This final rule will only apply to nonbanks. Therefore, it will have no direct impacts on any insured depository institution or insured credit union. The rule may have some indirect effects on some insured depository institutions and insured credit unions with $10 billion or less in total assets. For example, insured depository institutions and insured credit unions that are affiliated with affected entities might experience indirect costs because the final rule may impose some costs on their nonbank affiliates. Insured depository institutions and insured credit unions that compete with affected entities might experience indirect benefits because of the proposed rule because the proposed rule may impose some costs on their competitors. But as noted above, even for nonbanks that are directly affected by the final rule, the Bureau does not anticipate that the rule's impact will be significant in most cases. Therefore, the Bureau anticipates that any indirect effects on insured depository institutions or insured credit unions with $10 billion or less in total assets will be even less significant.

2. Impact of the Proposed Rule on Access to Consumer Financial Products and Services and on Consumers in Rural Areas

By imposing some costs on affected covered nonbanks, the final rule may cause affected covered nonbanks to provide fewer financial products and services (or financial products and services at higher cost) to consumers. However, as noted above, the final rule will likely impose only limited costs on a limited number of covered nonbanks. Therefore, the impact of the final rule on consumer access to financial products and services will be limited even at affected covered nonbanks. Moreover, bank and nonbank entities that will not be directly affected by the final rule could provide financial products and services to consumers that would otherwise obtain these financial products and services from affected covered nonbanks. Therefore, the negative impact of the final rule on consumer access to financial products and services would be limited. By improving the ability of the CFPB to conduct its activities, including supervision, enforcement, regulation, market monitoring, and consumer education, the final rule will likely improve the functioning of the broader market and so may also have positive effects on consumer access to consumer financial products or services provided in conformity with applicable legal obligations designed to protect consumers.

Broadly, the Bureau believes that the analysis above of the impact of the final rule on consumers in general provides an accurate analysis of the impact of the final rule on consumers in rural areas. The impact of the final rule on consumers in rural areas will likely be relatively smaller if the proposed rule affects fewer entities in rural areas. High-quality data on the rural market share of entities that will be affected by the final rule does not exist, so the Bureau cannot judge with certainty the relative impact of the rule on rural areas. However, for certain large and well-studied markets, there is evidence that nonbanks have larger market shares in urban areas and smaller market shares in rural areas. Based on this limited evidence, the Bureau expects that the impact of the final rule will be smaller in rural areas.

For evidence on the mortgage market, see Julapa Jagtiani, Lauren Lambie-Hanson, and Timothy Lambie-Hanson, Fintech Lending and Mortgage Credit Access, 1 The Journal of FinTech (2021). For evidence on the auto loan market, see Donghoon Lee, Michael Lee, and Reed Orchinik, Market Structure and the Availability of Credit: Evidence from Auto Credit, MIT Sloan Research Paper (2022), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3966710.

IX. Regulatory Flexibility Act Analysis

A. Overview

The Regulatory Flexibility Act (RFA) generally requires an agency to conduct an initial regulatory flexibility analysis (IRFA) and a final regulatory flexibility analysis (FRFA) of any rule subject to notice-and-comment rulemaking requirements, unless the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities. The Bureau also is subject to certain additional procedures under the RFA involving the convening of a panel to consult with small business representatives before proposing a rule for which an IRFA is required.

5 U.S.C. 601 et seq.

5 U.S.C. 609.

A FRFA is not required for this final rule because it will not have a significant economic impact on a substantial number of small entities.

B. Impact of Final Provisions on Small Entities

The final rule has three principal sets of substantive provisions, which are separately analyzed below. The first set of provisions (hereinafter referred to as the “Registration Provisions”) will require nonbank covered persons that are subject to certain public agency and court orders enforcing the law to register with the Bureau and to submit certain information related to those public orders to the Bureau. The second set of provisions (hereinafter referred to as the “Supervisory Reports Provisions”) will require nonbank covered persons that are supervised by the Bureau to prepare and submit an annual written statement, signed by a designated individual, regarding compliance with each covered public order. The third set of provisions (hereinafter referred to as the “Publication Provisions”) describes the registration information the Bureau may make publicly available.

The analysis below evaluates the economic impact of the final provisions on small entities as defined by the RFA. The RFA's definition of “small” varies by type of entity.

For purposes of assessing the impacts of the proposed rule on small entities, “small entities” is defined in the RFA to include small businesses, small not-for-profit organizations, and small government jurisdictions. 5 U.S.C. 601(6). A “small business” is determined by application of Small Business Administration regulations and reference to the North American Industry Classification System (NAICS) classifications and size standards. 5 U.S.C. 601(3). A “small organization” is any “not-for-profit enterprise which is independently owned and operated and is not dominant in its field.” 5 U.S.C. 601(4). A “small governmental jurisdiction” is the government of a city, county, town, township, village, school district, or special district with a population of less than 50,000. 5 U.S.C. 601(5).

U.S. Small Bus. Admin., Table of Small Business Size Standards Matched to North American Industry Classification System Codes, https://www.sba.gov/sites/default/files/2022-09/Table%20of%20Size%20Standards_NAICS%202022%20Final%20Rule_Effective%20October%201%2C%202022.pdf (current SBA size standards).

With certain exceptions, the final rule will apply to covered persons as defined in the CFPA, including persons that engage in offering or providing a consumer financial product or service. Among others, these products and services would generally include those listed below, at least to the extent they are offered or provided for use by consumers primarily for personal, family, or household purposes.

For the full scope of the term “covered person,” see12 U.S.C. 5481(6).

For the full scope of the term “consumer financial product or service,” see12 U.S.C. 5481(5).

Extending credit and servicing loans;
Extending or brokering certain leases of personal or real property;
Providing real estate settlement services;
Engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise acting as a custodian of funds;
Selling, providing, or issuing stored value or payment instruments;
Providing check cashing, check collection, or check guaranty services;
Providing payments or other financial data processing products or services to a consumer by any technological means;
Providing financial advisory services;
Collecting, analyzing, maintaining, or providing consumer report information or certain other account information; and
Collecting debt related to any consumer financial product or service.

The Registration and Publication Provisions will affect such covered persons (as that term is defined in 12 U.S.C. 5481(6)) that (1) do not fall within any of the listed exclusions in § 1092.201(d), such as those for insured depository institutions, insured credit unions, and related persons (as that term is defined in 12 U.S.C. 5481(25)), and (2) have had covered orders issued against them. The Supervisory Reports Provisions will affect such covered persons that (1) are subject to supervision and examination by the Bureau pursuant to CFPA section 1024(a), (2) have had covered orders issued against them, (3) are at or above the $5 million annual receipts threshold, unless such covered persons are subject to certain exclusions, and (4) are not registering covered orders under the one-time registration option for NMLS-published covered orders under § 1092.203.

12 U.S.C. 5514(a).

A major benefit of the final rule is that it will give the Bureau comparatively high-quality data on covered orders. Currently, the Bureau does not have high-quality data on the number of covered orders, nor does it have reliable information on the number of small, covered firms that are subject to covered orders. Therefore, the Bureau cannot reliably estimate the precise number of small entities that would be impacted by the final rule.

One commenter argued that the Bureau could not explain why its rule would not have a significant economic impact on a substantial number of small entities because the Bureau had not provided clear information about the number of small entities that would be impacted by the rule. Other commenters asserted that the Bureau's rule would affect a substantial number of small entities, although they did not provide evidence to support this assertion. One commenter argued that the proposed rule would increase burdens for smaller financial technology companies in particular. In response to these comments, the Bureau notes that its certification under 5 U.S.C. 605(b) does not depend on the total number of small entities that would be affected by the rule. That is because the Bureau has concluded that, regardless of the number of affected small entities, the economic impact of the rule for the vast majority of affected small entities would not be significant. Therefore, even if a substantial number of small entities were affected by the rule, the rule still would not have a significant economic impact on a substantial number of small entities within the meaning of 5 U.S.C. 605(b).

To be clear, commenters have not presented data establishing that the final rule will in fact affect a substantial number of small entities. The Bureau here simply notes that, even if it were assumed that the final rule has some economic effect on a substantial number of small entities, that impact will not be significant for the vast majority of affected small entities.

The SBA Office of Advocacy asked if it would be possible for the Bureau to obtain information on the number of small entities subject to covered orders from States or Federal agencies that have issued these covered orders. The Bureau indeed asked for similar information from Federal agencies, State regulators, State attorneys general, and tribes in interagency consultations for the proposed rule. The specific question asked was: “Approximately how many public final orders are issued each year by agencies or courts in enforcement actions brought by Federal, State, Tribal governments, or local government agencies against covered person entities for violations of laws prohibiting unfair, deceptive, or abusive acts or practices, in cases involving consumer financial products or services? (In addition to the number of such orders, the CFPB is interested in information regarding the particular statutes or regulations prohibiting unfair, deceptive, or abusive acts or practices that are cited in such enforcement actions.) Approximately how many such orders are issued each year for violations of Federal consumer financial laws?” The Bureau also asked a similar question in consultations for the final rule, as follows: “Approximately how many orders issued or obtained by your agency during the past seven years would qualify as `covered orders' as defined in the draft final rule?” While not definitive, the responses the Bureau obtained to this question were consistent with its estimate above that perhaps one percent, and at most five percent, of covered entities are subject to covered orders. However, the Bureau concluded for several reasons that this information was still not sufficient to provide a rigorous quantitative estimate of the number of small entities subject to covered orders. First, most agencies with whom the Bureau consulted did not provide this requested information to the Bureau. Second, many of these agencies do not track the number of covered orders they have outstanding. Third, many of these agencies cannot reliably determine whether entities subject to covered orders qualify as “small entities” within the meaning of the RFA.

The SBA Office of Advocacy also asked if it would be possible for the CFPB to use economic data from the Census Bureau's Statistics of U.S. Businesses to extrapolate the number of affected small entities. These data indicate that, of entities listed in table 1 above, roughly 96 percent are small. In the notice of proposed rulemaking, the Bureau did not estimate the number of small entities that will be affected by the final rule because, even with an estimate of the number of small entities in an industry, the Bureau could not provide a precise estimate of the number of such entities subject to covered orders. However, the Bureau notes that a conservative upper bound estimate of the number of small entities that will be affected by the final rule can be obtained if one assumes that all entities subject to covered orders are small. In this case, if at most 5 percent of all covered nonbanks are subject to covered orders and so will be affected by the final rule, all such affected entities are small, and roughly 96 percent of covered nonbanks in affected markets are small, then at most 5.2 percent of small covered nonbanks are subject to covered orders and so will be affected by the final rule. The Bureau reiterates that this 5.2 percent number provides a conservative upper bound on the fraction of small entities in relevant markets that will be affected by the final rule, and the actual fraction of small entities that will be affected by the final rule is likely to be smaller. Nonetheless, this analysis indicates that the rule will not in fact impact a substantial number of small entities. As explained above, however, the Bureau's certification under 5 U.S.C. 605(b) does not depend on the number of small entities affected by the rule.

To be clear, it is not the case that all entities subject to covered orders are small entities. In response to comments, the Bureau here is merely using a simplifying assumption to derive a conservative upper bound estimate of the rule's potential impact on small entities.

As explained above, the estimate that perhaps 1 percent, and at most 5 percent, of covered nonbanks are subject to covered orders is based on the Bureau's experience and expertise and is not disputed by commenters.

Dividing 5% by 96% yields 5.2%.

A joint letter from State regulators misinterpreted the proposed rule as arguing that because only 1 percent to 5 percent of covered nonbanks would need to comply with the proposed rule's registration and reporting requirements, the proposed rule would not have a significant economic impact on a substantial number of small entities. In the context of its discussion of the rule's impacts under CFPA section 1022(b)(2)(A), the Bureau indeed estimated that between 1 percent and 5 percent of all covered nonbanks (including both small entities and larger entities) might be impacted by the proposed rule. In its RFA analysis in the proposed rule, however, the Bureau did not estimate the percentage of covered-nonbank small entities that might be affected by the proposed rule. The Bureau's RFA analysis in the proposed rule thus did not rely on that 1-to-5 percent estimate, and the Bureau's RFA analysis here does not depend on that estimate, either. It is, however, notable that the State-regulator commenters, which have significant experience with enforcement actions against small entities and access to a substantial amount of information about such actions through the NMLS, do not argue that the percentage of covered-nonbank small entities with covered orders is substantially higher than 1 percent to 5 percent. As noted above, if no more than approximately 5 percent of covered-nonbank small entities will have covered orders subject to the rule's requirements, then the rule will not impact a substantial number of small entities.

The same state-regulator commenters cited NMLS data to argue that the proposed rule would predominantly impact small nonbank entities, because nearly 96 percent of state-licensed nonbank NMLS Call Report filers are small. As explained above, the Bureau's analysis of the Census Bureau's Statistics of U.S. Businesses data indicates that roughly 96 percent of entities listed in table 1 are small, so the Bureau agrees with these state-regulator commenters that a large majority of entities in affected markets are small. The Bureau notes that this does not necessarily imply that a large majority of affected entities are small, since among entities in affected markets, it is possible that large entities will disproportionately be subject to covered orders and thus will be disproportionately affected by the final rule. However, if one further assumes, as these commenters do, that small entities will be impacted by the rule in roughly the same proportion as other entities, the Bureau agrees that this indeed implies that a large majority of affected entities will be small. This finding merely reflects the fact that most nonbanks are likely small businesses under the Small Business Administration's regulations. Since most nonbanks likely qualify as small businesses, it is not surprising that a rule addressing orders entered against nonbanks would predominantly affect small businesses if small businesses were impacted in proportion to their representation among all businesses. This fact, however, does not affect the Bureau's assessment that the final rule here will not have a significant economic impact on a substantial number of small entities. As explained above, the final rule will not have a significant economic impact on the vast majority of affected entities, including affected small entities. Further, as also noted above, the state-regulator commenters do not argue that the percentage of covered-nonbank small entities with covered orders is substantially higher than 1 percent to 5 percent. Again, if no more than 5 percent of all covered nonbanks are subject to covered orders (as the commenters do not dispute), and roughly 96 percent of all covered nonbanks in affected markets are small (as the commenters and the Bureau agree), then no more than 5.2 percent of small covered nonbanks can possibly be subject to covered orders and so be affected by the final rule. This implies that the rule will not impact a substantial number of small entities (although, to reiterate, the Bureau's 5 U.S.C. 605(b) certification does not depend on that fact).

1. Registration Provisions

The first set of provisions will require covered firms to register using the nonbank registry and submit certain required information. Required information includes identifying and administrative information, as well as information regarding covered orders. This information should be readily accessible to almost all entities affected, and providing it through the nonbank registry should be straightforward. Firms would not have to purchase new hardware or software, or train specialized personnel, to comply with these final provisions.

To obtain a quantitative estimate of the cost of these provisions, the Bureau assesses the average hourly base wage rate for the reporting requirement at $49.29 per hour. This is the mean hourly wage for employees in four major occupational groups assessed to be most likely responsible for the registration process: Management ($66.23/hr); Legal Occupations ($64.34/hr); Business and Financial Operations ($43.55/hr); and Office and Administrative Support ($23.05/hr). We multiply the average hourly wage of $49.29 by the private industry benefits factor of 1.42 to get a fully loaded wage rate of $70.00/hr. The Bureau includes these four occupational groups in order to account for the mix of specialized employees that may assist in the registration process. The Bureau assesses that the registration process will generally be completed by office and administrative support employees that are generally responsible for the registrant's paperwork and other administrative tasks. Employees specialized in business and financial operations or in legal occupations are likely to provide information and assistance with the registration process. Senior officers and other managers are likely to review the registration information before it is submitted and may provide additional information. Assuming as outlined above a fully loaded wage rate of roughly $70, and that complying with this final provision would take around five hours of employees' time, yields a cost impact of around $350 per firm. The cost would likely be even lower for firms that have and exercise the option to register NMLS-published covered orders under § 1092.203. Because § 1092.203 requires less information from covered nonbanks than § 1092.202, exercising the option made available in § 1092.203 should take even less employee time. Therefore, the impact of this final provision on affected firms will be limited.

Several commenters disagreed with this cost assessment. One preferred a higher estimate of $5,000 per year, based in part on the argument that the scope of administrative information is “wholly unknown” and can encompass a “limitless breadth” of information. The Bureau disagrees with these claims. As explained above, § 1092.202(c) only requires registered entities to submit the specific “administrative information” that is “required by the nonbank registry,” and the Bureau has made clear that it will “specify the types of . . . administrative information registered entities would be required to submit” in “filing instructions . . . issue[d] under . . . § 1092.102(a).” Therefore, covered nonbanks should have no need to hire outside legal counsel to ascertain what information qualifies as “administrative information” required to be submitted under the rule. Instead, the Bureau's filing instructions will specify what categories of information covered nonbanks must submit as “administrative information.”

In this section, the Bureau discusses comments that focused primarily on the rule's potential effects on small entities. To the extent that these comments address the potential benefits and costs of the rule for covered persons, the Bureau recognizes that the comments are also relevant to its analysis under CFPA section 1022(b)(2)(A); it did not duplicate its responses to those comments in its section 1022(b)(2)(A) discussion above simply to avoid unnecessary repetition. Similarly, the Bureau has not repeated here responses to comments about general impacts on covered persons that are adequately addressed in its section 1022(b)(2)(A) discussion above.

See the section-by-section discussion of § 1092.201(a) above.

88 FR 6088 at 6118.

Another commenter based their disagreement on this cost assessment on the operational cost of developing new technologies and databases to satisfy the registration requirements. However, the Bureau does not believe many, if any, entities will have to develop new technologies and databases to comply with the Registration Provisions. Therefore, the Bureau believes its $350 estimate is reasonable.

A joint letter from State regulators argued qualitatively that, because many small entities subject to covered orders are not subject to CFPB supervision, the costs imposed on them by the proposed rule would be larger than the Bureau estimated. However, the cost analysis performed both in the proposed rule and in this final rule does not presuppose supervision by the CFPB. Further, even if a covered nonbank is not subject to CFPB supervision, it would even under the baseline generally be expected to have systems in place to comply with its obligations under Federal consumer financial laws and other consumer-protection laws, and the rule's registration requirements do not significantly add to the legal obligations to which covered nonbanks are already subject. Therefore, the Bureau again concludes that its $350 estimate is reasonable.

Commenters also noted that the rule will impose ongoing costs on entities after initial registration. The Bureau agrees that entities registering orders under § 1092.202 may incur ongoing costs to comply with § 1092.202(b)(2)(ii), which requires that covered nonbanks submit revised registration filings within 90 days after any amendment to a registered covered order or information required under § 1092.202(c) or (d). Similarly, § 1092.202(f) requires a registered entity to submit a revised filing within 90 days if a covered order is terminated, modified, or abrogated, or if it ceases to be a covered order by operation of § 1092.202(e). The Bureau believes that the cost of those subsequent filings would generally be less than the cost of preparing and submitting the initial registration. The Bureau also believes that most revised filings under § 1092.202(b)(2)(ii) or (f) would be submitted after the initial year in which an entity first registers an order. In determining whether a significant economic impact on a substantial number of small entities (SISNOSE) exists, the Bureau calculates impacts on a periodic (usually annual) basis that is relative to firm revenue. If the analysis were extended past the initial year, calculated costs would increase with time, but so would calculated firm revenue. The Bureau believes that, in the case of the Registration Provisions, the ratio of the two—which is the relevant number for SISNOSE analysis—likely would not increase significantly over time, and in fact would very likely decrease, because the cost of submissions under § 1092.202(b)(2)(ii) or (f) would generally be less than the cost of preparing and submitting the initial registration.

Covered nonbanks registering NMLS-published covered orders under § 1092.203 are not required to submit revised filings with respect to such orders under § 1092.202(b)(2)(ii) or (f).

The same commenters also noted that firms with multiple orders will face higher costs. The Bureau agrees and noted this point in the proposed rule. The Bureau also notes that there are even fewer entities subject to multiple covered orders than there are entities subject to any covered order. The Bureau further notes that the average cost per order of registering orders is likely to be lower for firms with more covered orders, in part because some of the costs involved with registering orders (such as identifying and supplying the required administrative information) would generally only need to be incurred once.

See88 FR 6088 at 6131.

Two commenters noted that even some entities not subject to covered orders would still be impacted by the proposed rule, if they were subject to orders they viewed as potentially covered, because they may have to determine if the potentially covered orders are actually covered. As it stated in the proposed rule, the Bureau agrees that some firms may be unsure whether they are covered persons not otherwise excluded from the rule, or whether they are subject to covered orders. As stated in the proposed rule, for firms unsure of their obligations under the Registration Provisions, one option would be to hire outside legal counsel to advise them on these issues, which the Bureau agrees could be costly for small firms. However, another option for such firms would be to register using the nonbank registry, even if doing so is not legally required. As explained above and in the proposed rule, the cost associated with registering an order is likely low—a few hours of an employee's time. In addition, if firms have a good-faith basis to believe they are not covered nonbanks (or that their orders are not covered orders), they may submit a notice to the nonbank registry stating as such under § 1092.202(g). Preparing and submitting such notices would take at most a few hours of an employee's time. The Bureau further notes that the mere act of registering an order or submitting a § 1092.202(g) notice is unlikely to have significant indirect costs because § 1092.102(c) would provide that the rule “does not alter any applicable process whereby a person may dispute that it qualifies as a person subject to Bureau authority.” Firms should generally choose the lowest cost option available to them, and low-cost options—either registering under the nonbank registry or filing a notice under proposed § 1092.202(g)—are options available to firms.

2. Supervisory Reports Provisions

This second set of provisions will require that affected supervised entities designate an attesting executive for each applicable covered order. The attesting executive will be a duly appointed senior executive officer (or, if no such officer exists, the highest-ranking individual at the entity charged with managerial or oversight responsibilities) (i) whose assigned duties include ensuring the supervised registered entity's compliance with Federal consumer financial law, (ii) who possesses knowledge of the supervised entity's systems and procedures for achieving compliance with the covered order, and (iii) who has control over the supervised entity's efforts to comply with the covered order. The Bureau believes that, even under the baseline scenario, most supervised entities would take active steps to comply with covered orders, and therefore would already have such an officer or individual in place to oversee the entity's compliance with its obligations under the covered order. Therefore, the Bureau anticipates that this designation requirement will impose little or no additional impact on most supervised registered entities. The Bureau notes that the impacts may be higher for supervised entities that lack a high-ranking officer or other employee with the requisite qualifications to serve as an attesting executive, but the Bureau believes that there are few such entities because the Bureau expects most supervised registered entities maintain adequate board and management oversight consistent with an appropriate compliance management system. Furthermore, covered nonbanks that have opted to register NMLS-published covered orders under § 1092.203 will not be subject to the Supervisory Reports Provisions with respect to such orders.

The Bureau sought comment on whether proposed section 203(b)'s designation requirement is likely to impose material additional impacts on supervised registered entities, beyond the impacts those entities are already likely to incur as part of fulfilling their obligations under the covered orders to which they are subject. The SBA Office of Advocacy claimed that, in the proposed rule, the Bureau provided no basis for its claim that most supervised entities would already have such an officer or individual in place. This claim is incorrect. In the proposed rule, as in this final rule, the Bureau explained its reasoning. The Bureau anticipates that most supervised entities will take active steps to comply with covered orders, as the law requires. Therefore, the Bureau believes that, even under the baseline scenario, most supervised entities would already have an officer or individual satisfying § 1092.204(b)'s requirements in place to oversee the entity's compliance with its obligations under the covered order. This belief is supported by the Bureau's experience with supervising nonbanks, which includes examining their compliance systems. Based on its supervision experience, the Bureau believes it is unlikely that many entities subject to its supervision would have difficulty designating an individual who satisfies the criteria identified in § 1092.204(b).

Thus, relative to the baseline, the written-statement requirement will impose only modest costs on most covered entities, related primarily to the time and effort needed to (i) memorialize the attesting executive's existing oversight of compliance and (ii) determine whether the supervised registered entity during the preceding calendar year identified any violations or other instances of noncompliance with any obligations that were imposed in a public provision of the covered order by the applicable agency or court based on a violation of a covered law. While the attesting executive will sign the written statement and generally describe the steps the executive has taken to oversee the supervised registered entity's activities subject to the applicable order, the Bureau expects that other employees in other major occupational groups (Legal Occupations, Business and Financial Operations, and Office and Administrative Support) will support the attesting executive in preparing the statement. Assuming that satisfying the written-statement requirement would take twenty hours of employees' time, and that the average cost to entities of an employee's time is roughly $70 an hour as discussed above, yields an estimate that the cost of this requirement on covered entities would be roughly $1,400 per entity.

One commenter criticized this estimate, arguing that many small entities do not have employees in the various occupational groups assumed above and in particular would have to contract with outside legal counsel to comply with the Supervisory Reports Provisions. However, the Bureau notes that the Supervisory Reports Provisions only requires that the attesting executive generally describe the steps the executive has taken to oversee compliance and state whether or not the company has identified a violation; it does not require the company to conduct any new analysis, legal or otherwise, in order to make that determination. The Supervisory Reports Provisions would not require, for example, an entity to hire counsel to conduct an assessment of past conduct for violations of orders it has not already identified. Therefore, for a sufficiently small entity that would be forced to employ management only (at a fully loaded wage rate of $66.23 times 1.42 or $94.05 per hour as discussed above) to satisfy the written-statement requirements, assuming again that compliance takes twenty hours of employee time, yields a cost estimate of approximately $1,881 for such firms. This is substantially lower than the $3,000 to $6,000 estimate provided by the commenter.

Several commenters argued that employees would be reluctant to act as attesting executives because of the Supervisory Reports Provisions and would require a salary premium to do so, raising costs for affected entities. The Bureau acknowledges that, among entities subject to covered orders that lack adequate compliance systems, employees could indeed be reluctant to act as attesting executives under these provisions and might require a salary premium to do so. However, as discussed above, the Bureau believes that most entities that are subject to covered orders endeavor in good faith to comply with them. Therefore, the Bureau believes that most entities will already have in place some manner of systems and procedures to help achieve such compliance. As a result, attesting executives for most entities should not require a salary premium in order to comply with the written-statement requirements. The Bureau acknowledges that some firms without sufficient systems and procedures in place to comply with covered orders may be forced to pay attesting executives a salary premium because of the Supervisory Reports Provisions, but believes that there will be few such firms. Furthermore, while the Bureau cannot precisely quantify the salary premium that would be required by attesting executives at such firms, the Bureau notes that an estimate of $25,000 provided by one commenter represents less than .5 percent of annual receipts of entities with more than $5 million per year in annual receipts.

One commenter appeared to disagree with this cost assessment and argued, in reference to the recordkeeping requirements of the Supervisory Reports Provisions, that the added costs of compliance would be significant enough to cause small entities in the debt-collection industry material financial hardship, if not cause them to cease operations. However, this commenter did not directly dispute the Bureau's cost estimate of ten hours of employee time, nor did the commenter provide data or analysis to dispute this estimate, which as noted above implies a cost of compliance of roughly $700.

The Bureau notes that, for the purposes of this final rule, the term “supervised registered entity” excludes persons with less than $5 million in annual receipts resulting from offering or providing consumer financial products and services described in CFPA section 1024(a). Relative to this final rule, the proposed rule further included in the term “supervised registered entity” persons with more than $1 million in annual receipts. Therefore, relative to the proposed rule that was discussed by commenters, the Supervisory Reports Provisions will affect fewer small entities, and the entities they will affect will have higher annual receipts on average. The estimated combined costs of around $2,100 imposed by the Supervisory Reports Provisions as discussed above on most affected entities should be roughly 0.04 percent or less of annual receipts. Therefore, the impact of this final provision on most affected small entities will be limited.

The costs of the Supervisory Reports Provisions may be higher at larger entities because identifying instances of noncompliance with obligations imposed in a public provision of a covered order may be more complex at larger entities. But because larger entities will generally have greater annual receipts, the applicable compliance costs as a percentage of annual receipts will likely remain nominal for larger entities, even if the absolute value of those compliance costs tends to increase as entity size increases. The costs will also likely be higher at entities with multiple instances of noncompliance with public provisions of covered orders, or with multiple covered orders. However, there are fewer entities subject to multiple covered orders than there are entities subject to any covered order.

Two commenters claimed that the proposed rule did not contain any assessment of the burden of the rule on entities large enough to be both not exempt and supervised (and so subject to the Supervisory Reports Provisions) but small enough to satisfy the SBA's definition of “small.” This claim is not correct. The proposed rule contained analysis, comparable to the analysis in this final rule above, on the effect of the Supervisory Reports Provisions on small entities. This means that the proposed rule analyzed the effect of the Supervisory Reports Provisions on small entities large enough to be impacted by it. The final rule here does the same.

3. Publication Provisions

For affected covered nonbanks, the main effect of the third set of provisions will be that (1) their identifying information, (2) information regarding covered orders that they provide to the Bureau, and (3) for supervised registered entities, the name and title of the attesting executive, may be posted on the internet by the Bureau. Much of this information would be public even under the baseline, so the additional direct effect of this information being posted on the Bureau's website should be small.

As explained elsewhere in this preamble, the Bureau intends to publish this information but is retaining the discretion not to publish the information based on operational considerations, such as resource constraints. The analysis here assumes that the Bureau will effectuate its intended approach of publishing the stated information. If, however, the Bureau were not to publish any of the information it collects under the final rule, the potential impacts on small entities discussed in this section largely would not be realized—except that, to a more limited extent, some of the impacts associated with the Publication Provisions could result from the Bureau's sharing of registry information with other government agencies under memorandums of understanding or other inter-agency arrangements. Similarly, if the Bureau were to publish only a portion of the information that it currently intends to publish, the Publication Provisions' impacts on small entities likely would be more limited than the impacts associated with the Bureau's current publication plans.

However, because covered nonbanks will provide this information only if they are subject to covered orders, consumers might interpret the presence of a covered nonbank on the Bureau's website as negative information about that covered nonbank. Therefore, these provisions may have negative reputational costs for the covered nonbanks whose information is published on the Bureau's website. Yet covered orders would be public information even under the baseline with no rule. Therefore, these provisions will not make public any non-public orders. This will limit the likely costs on covered nonbanks of these provisions.

These provisions will allow certain information related to covered orders that is already available to the general public to be centralized on the Bureau's website. This will make the information more readily accessible than it would otherwise be. A large body of research has studied the circumstances under which providing consumers better access to information does, and does not, improve consumer outcomes. One consensus from this research is that well-designed information disclosures can be effective at directing consumer attention. For example, one study found that providing certain borrowers with information about the costs of their loans reduced borrowing. However, another consensus from this research is that information disclosures do not always materially affect consumer decision-making, and that the impact of information disclosures on consumer decision-making depends on their design and implementation. Impactful information disclosures are typically more direct ( e.g., disclosing the costs of a particular type of loan to prospective borrowers) and more timely ( e.g., disclosed to prospective borrowers at the time they are obtaining a loan) than the information that will be centralized and published under this final provision. Therefore, the Bureau believes that most consumers will not change their behavior due to this final provision, so the impact of this final provision on most affected entities will likely not be significant. The Bureau acknowledges that the issues disclosed by a few covered orders may be so controversial among consumers that their publication on the Bureau website could impose a substantial impact on the firms affected by those orders. However, as noted above, covered orders would be public information even under the baseline with no rule. Therefore, covered orders that disclose particularly controversial practices would likely be well-known among consumers even under the baseline. As a result, the Bureau believes that these final provisions are unlikely to have a significant economic impact on a substantial number of small entities.

For one review of this research, see Thomas A. Durkin and Gregory Elliehausen, Truth in Lending: Theory, History, and a Way Forward (2011).

See Marianne Bertrand and Adair Morse, Information Disclosure, Cognitive Biases, and Payday Borrowing, 66 The Journal of Finance 1865, 1865-93 (2011).

The SBA Office of Advocacy critiqued the analysis of the Publication Provisions in the proposed rule as “confusing and contradictory” because it concluded that the Publication Provisions could have a significant impact on a few small entities but would not have a significant impact on a substantial number of small entities. But the possibility that a provision may have a significant economic impact on a limited number of small entities does not mean that the provision will have a significant economic impact on a substantial number of small entities. Because the Bureau has found that few small entities would be significantly affected by the Bureau's re-publication through its registry of orders that are already public, the Bureau has concluded that the possibility of such significant impacts in relatively rare cases does not indicate that a SISNOSE exists. The Bureau's conclusion about the impact of the Publication Provisions is therefore neither confusing nor contradictory.

Another commenter argued that larger firms are more likely to have public relations funding to counteract the negative publicity of appearing on the Bureau's website, and so this provision would have an especially large relative effect on small firms. The Bureau acknowledges that larger firms are more likely to have more funding for public relations. However, the Bureau also notes that larger firms are also more likely to attract attention from consumers, regulators, the media, and other public parties. Hence the Bureau does not necessarily agree that this provision would have an especially large relative cost for small firms. Furthermore, even if a provision may have a somewhat larger effect on smaller firms, that does not mean that the provision has a significant economic impact on a substantial number of small entities. A relevant consideration in determining whether the provision here will have a significant economic impact on a substantial number of small entities is the fraction of small nonbank entities that will be significantly impacted by the provision. The commenter did not provide such estimates.

For the reasons described above, the Bureau believes that no provision of the final rule will have a significant economic impact on a substantial number of small entities. Moreover, the impact of each provision is sufficiently small that the three provisions together will not have a significant economic impact on a substantial number of small entities.

Accordingly, the Director certifies that this final rule will not have a significant economic impact on a substantial number of small entities. Thus, a FRFA is not required for this final rule.

X. Paperwork Reduction Act

Under the Paperwork Reduction Act of 1995 (PRA), Federal agencies are generally required to seek approval from the Office of Management and Budget (OMB) for information collection requirements prior to implementation. Under the PRA, the Bureau may not conduct nor sponsor, and, notwithstanding any other provision of law, a person is not required to respond to, an information collection unless the information collection displays a valid control number assigned by OMB. The information collection requirements in this final rule are mandatory. Certain information collected under these requirements may be made available to the public, while other information would not be made available to the public, in accordance with applicable law.

44 U.S.C. 3501 et seq.

The collections of information contained in this rule, and identified as such, have been submitted to OMB for review under section 3507(d) of the PRA. A complete description of the information collection requirements (including the burden estimate methods) is provided in the information collection request that the Bureau has submitted to OMB under the requirements of the PRA. The information collection request submitted to OMB requesting approval under the PRA for the information collection requirements contained herein is available at www.regulations.gov as well as on OMB's public-facing docket at www.reginfo.gov.

Title of Collection: Nonbank Registration—Agency and Court Orders Registration.

OMB Control Number: 3170-0076.

Type of Review: Request for approval of a new information collection.

Affected Public: Private sector.

Estimated Number of Respondents: 7,752.

Estimated Total Annual Burden Hours: 35 hours.

In the notice of proposed rulemaking, the Bureau invited comments on: (a) Whether the collection of information is necessary for the proper performance of the functions of the Bureau, including whether the information will have practical utility; (b) the accuracy of the Bureau's estimate of the burden of the collection of information, including the validity of the methods and the assumptions used; (c) ways to enhance the quality, utility, and clarity of the information to be collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology. The comments on the rule generally, and those relating to its burdens and utility, are summarized above. The Bureau is always interested in comments on its information collections, and how to improve their utility and reduce their burdens. These may be made at PRA_Comments@CFPB.gov.

XI. Congressional Review Act

Pursuant to the Congressional Review Act, the Bureau will submit a report containing this rule and other required information to the U.S. Senate, the U.S. House of Representatives, and the Comptroller General of the United States at least 60 days prior to the rule's published effective date. The Office of Information and Regulatory Affairs has designated this rule as a “major rule” as defined by 5 U.S.C. 804(2).

5 U.S.C. 801 et seq.

List of Subjects in 12 CFR Part 1092

Administrative practice and procedure
Consumer protection
Credit
Intergovernmental relations
Law enforcement
Nonbank registration
Registration
Reporting and recordkeeping requirements
Trade practices

Authority and Issuance

For the reasons set forth above, the Bureau amends 12 CFR chapter X by adding part 1092 to read as follows:

PART 1092—NONBANK REGISTRATION

1092.100: Authority and purpose.
1092.101: General definitions.
1092.102: Submission and use of registration information.
1092.103: Severability.
1092.200: Scope and purpose.
1092.201: Definitions.
1092.202: Registration and submission of information regarding covered orders.
1092.203: Optional one-time registration of NMLS-published covered orders.
1092.204: Annual reporting requirements for supervised registered entities.
1092.205: Publication and correction of registration information.
1092.206: Nonbank registry implementation dates.

Authority: 12 U.S.C. 5512(b) and (c); 12 U.S.C. 5514(b).

Subpart A—General

§ 1092.100

Authority and purpose.

(a) Authority. The regulation in this part is issued by the Bureau pursuant to section 1022(b) and (c) and section 1024(b) of the Consumer Financial Protection Act of 2010, codified at 12 U.S.C. 5512(b) and (c), and 12 U.S.C. 5514(b).

(b) Purpose. The purpose of this part is to prescribe rules governing the registration of nonbanks, and the collection and submission of registration information by such persons, and for public release of the collected information as appropriate.

(1) This subpart contains general provisions and definitions used in this part.

(2) Subpart B of this part sets forth requirements regarding the registration of nonbanks subject to certain agency and court orders.

§ 1092.101

General definitions.

For the purposes of this part, unless the context indicates otherwise, the following definitions apply:

(a) Affiliate, consumer, consumer financial product or service, covered person, Federal consumer financial law, insured credit union, person, related person, service provider, and State have the same meanings as in 12 U.S.C. 5481.

(b) Bureau means the Consumer Financial Protection Bureau.

(c) Include, includes, and including mean that the items named may not encompass all possible items that are covered, whether like or unlike the items named.

(d) Nonbank registry means the Bureau's electronic registry identified and maintained by the Bureau for the purposes of this part.

(e) Nonbank registry implementation date means, for a given requirement or subpart of this part, or a given person or category of persons, the date(s) determined by the Bureau to commence the operations of the nonbank registry in connection with that requirement or subpart.

§ 1092.102

Submission and use of registration information.

(a) Filing instructions. The Bureau shall specify the form and manner for electronic filings and submissions to the nonbank registry that are required or made voluntarily under this part. The Bureau also may provide for extensions of deadlines or time periods prescribed by this part for persons affected by declared disasters or other emergency situations.

(b) Coordination or combination of systems. In administering the nonbank registry, the Bureau may rely on information a person previously submitted to the nonbank registry under this part and may coordinate or combine systems in consultation with State agencies as described in 12 U.S.C. 5512(c)(7)(C) and 12 U.S.C. 5514(b)(7)(D).

(c) Bureau use of registration information. The Bureau may use the information submitted to the nonbank registry under this part to support its objectives and functions, including in determining when to exercise its authority under 12 U.S.C. 5514 to conduct examinations and when to exercise its enforcement powers under subtitle E of the Consumer Financial Protection Act of 2010. However, this part does not alter any applicable process whereby a person may dispute that it qualifies as a person subject to Bureau authority.

(d) Calculation of time periods. In computing any date or period of time prescribed by this part, exclude the day of the event that triggers the period; count every day, including intermediate Saturdays, Sundays, and Federal holidays; and include the last day of the period. If any provision of this part would establish a deadline for an action that is a Saturday, Sunday, or Federal holiday, the deadline is extended to the next day that is not a Saturday, Sunday, or Federal holiday.

§ 1092.103

Severability.

If any provision of this part, or any application of a provision, is stayed or determined to be invalid, the remaining provisions or applications are severable and shall continue in effect.

Subpart B—Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders

§ 1092.200

Scope and purpose.

(a) Scope. This subpart requires nonbank covered persons that are subject to certain public agency and court orders to register with the Bureau and to submit a copy of each such public order to the Bureau. This subpart also requires certain nonbank covered persons that are supervised by the Bureau to prepare and submit an annual written statement, signed by a designated individual, regarding compliance with each such public order. Finally, this subpart also describes the registration information the Bureau may make publicly available.

(b) Purpose. The purposes of the information collection requirements contained in this subpart are:

(1) To support Bureau functions by monitoring for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services, pursuant to 12 U.S.C. 5512(c)(1);

(2) To prescribe rules regarding registration requirements applicable to nonbank covered persons, pursuant to 12 U.S.C. 5512(c)(7);

(3) To facilitate the supervision of persons described in 12 U.S.C. 5514(a)(1), pursuant to 12 U.S.C. 5514(b);

(4) To assess and detect risks to consumers, pursuant to 12 U.S.C. 5514(b); and

(5) To ensure that persons described in 12 U.S.C. 5514(a)(1) are legitimate entities and are able to perform their obligations to consumers, pursuant to 12 U.S.C. 5514(b).

§ 1092.201

Definitions.

For the purposes of this subpart, unless the context indicates otherwise, the following definitions apply:

(a) Administrative information means contact information regarding persons subject to this subpart and other information submitted or collected to facilitate the administration of the nonbank registry including information submitted under §§ 1092.202(g) and 1092.204(f).

(b) Attesting executive means, with respect to any covered order regarding a supervised registered entity, the individual designated by the supervised registered entity to perform the supervised registered entity's duties with respect to the covered order under § 1092.204.

(c) Covered law means a law listed in paragraphs (c)(1) through (6) of this section, to the extent that the violation of law found or alleged arises out of conduct in connection with the offering or provision of a consumer financial product or service:

(1) A Federal consumer financial law;

(2) Any other law as to which the Bureau may exercise enforcement authority;

(3) The prohibition on unfair or deceptive acts or practices under section 5 of the Federal Trade Commission Act, 15 U.S.C. 45, or any rule or order issued for the purpose of implementing that prohibition;

(4) A State law prohibiting unfair, deceptive, or abusive acts or practices that is identified in appendix A to this part;

(5) A State law amending or otherwise succeeding a law identified in appendix A to this part, to the extent that such law is materially similar to its predecessor; or

(6) A rule or order issued by a State agency for the purpose of implementing a prohibition on unfair, deceptive, or abusive acts or practices contained in a State law described in paragraph (c)(4) or (5) of this section.

(d) Covered nonbank means a covered person that is not any of the following:

(1) An insured depository institution or insured credit union;

(2) A person who is a covered person solely due to being a related person;

(3) A State;

(4) A natural person;

(5) A motor vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, within the meaning of 12 U.S.C. 5519(a), except to the extent such a person engages in functions that are excepted from the application of 12 U.S.C. 5519(a) as described in 12 U.S.C. 5519(b); or

(6) A person that qualifies as a covered person based solely on conduct that is the subject of, and that is not otherwise exempted from, an exclusion from the Bureau's rulemaking authority under 12 U.S.C. 5517.

(e) Covered order —(1) In general. Covered order means a final public order issued by an agency or court, whether or not issued upon consent, that:

(i) Identifies a covered nonbank by name as a party subject to the order;

(ii) Was issued at least in part in any action or proceeding brought by any Federal agency, State agency, or local agency;

(iii) Contains public provisions that impose obligations on the covered nonbank to take certain actions or to refrain from taking certain actions;

(iv) Imposes such obligations on the covered nonbank based on an alleged violation of a covered law; and

(v) Has an effective date on or later than January 1, 2017.

(2) Exception. The term “covered order” does not include an order issued to a motor vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, within the meaning of 12 U.S.C. 5519(a), except to the extent such order is in connection with the functions that are excepted from the application of 12 U.S.C. 5519(a) as described in 12 U.S.C. 5519(b).

(f) Effective date means, in connection with a covered order, the effective date as identified in the covered order; provided that if no other effective date is specified, then the date on which the covered order was issued shall be treated as the effective date for purposes of this subpart. If the issuing agency or a court stays or otherwise suspends the effectiveness of the covered order, the effective date shall be delayed until such time as the stay or suspension of effectiveness is lifted.

(g) Identifying information means existing information available to the covered nonbank that uniquely identifies the covered nonbank, including the entity's legal name, State (or other jurisdiction) of incorporation or organization, principal place of business address, any doing business as or fictitious business names, and any unique identifiers issued by a government agency or standards organization.

(h) Insured depository institution has the same meaning as in 12 U.S.C. 5301(18)(A).

(i) Local agency means a regulatory or enforcement agency or authority of a county, city (whether general law or chartered), city and county, municipal corporation, district, or other political subdivision of a State, other than a State agency.

(j) NMLS means the Nationwide Multistate Licensing System.

(k) NMLS-published covered order means a covered order that is published on the NMLS Consumer Access website, www.NMLSConsumerAccess.org, except that no covered order issued or obtained at least in part by the Bureau shall be an NMLS-published covered order.

(l) Order includes any written order or judgment issued by an agency or court in an investigation, matter, or proceeding.

(m) Public means, with respect to a covered order or any portion thereof, published by the issuing agency or court, or required by any provision of Federal, State, or local law, rule, or order to be published by the issuing agency or court. The term does not include orders or portions of orders that constitute confidential supervisory information of any Federal, State, or local agency.

(n) Registered entity means any person registered or required to be registered under this subpart.

(o) Remain(s) in effect means, with respect to any covered order, that the covered nonbank remains subject to public provisions that impose obligations on the covered nonbank to take certain actions or to refrain from taking certain actions based on an alleged violation of a covered law.

(p) State agency means the attorney general (or the equivalent thereof) of any State and any other State regulatory or enforcement agency or authority.

(q) Supervised registered entity means a registered entity that is subject to supervision and examination by the Bureau pursuant to 12 U.S.C. 5514(a) except as provided in paragraphs (q)(1) through (4) of this section. For purposes of this definition, the term “subject to supervision and examination by the Bureau pursuant to 12 U.S.C. 5514(a)” includes an entity that qualifies as a larger participant of a market for consumer financial products or services under any rule issued by the Bureau pursuant to 12 U.S.C. 5514(a)(1)(B) and (a)(2), or that is subject to an order issued by the Bureau pursuant to 12 U.S.C. 5514(a)(1)(C). The term “supervised registered entity” does not include:

(1) A service provider that is subject to Bureau examination and supervision solely in its capacity as a service provider and that is not otherwise subject to Bureau supervision and examination;

(2) A motor vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, within the meaning of 12 U.S.C. 5519(a), except to the extent such a person engages in functions that are excepted from the application of 12 U.S.C. 5519(a) as described in 12 U.S.C. 5519(b);

(3) A person that qualifies as a covered person based solely on conduct that is the subject of, and that is not otherwise exempted from, an exclusion from the Bureau's supervisory authority under 12 U.S.C. 5517; or

(4) A person with less than $5 million in annual receipts resulting from offering or providing all consumer financial products and services described in 12 U.S.C. 5514(a). For purposes of this exclusion:

(i) The term “annual receipts” has the same meaning as that term has in 12 CFR 1090.104(a); and

(ii) A person's receipts from offering or providing a consumer financial product or service subject to a larger participant rule under 12 U.S.C. 5514(a)(1)(B) count as receipts for purposes of the exclusion in this paragraph (q)(4) regardless of whether the person qualifies as a larger participant.

§ 1092.202

Registration and submission of information regarding covered orders.

(a) Scope of registration requirement. This section shall apply only with respect to covered orders with an effective date on or after the effective date of this subpart, or that remain in effect as of the effective date of this subpart.

(b) Requirement to register and submit information regarding covered orders. (1) Each covered nonbank that is identified by name as a party subject to a covered order described in paragraph (a) of this section shall register as a registered entity with the nonbank registry in accordance with this section if it is not already so registered, and shall provide or update, as applicable, the information described in this subpart in the form and manner specified by the Bureau.

(2) Each covered nonbank required to register under this section shall:

(i) Submit a filing containing the information described in paragraphs (c) and (d) of this section to the nonbank registry within the later of 90 days after the applicable nonbank registry implementation date under § 1092.206 or 90 days after the effective date of any applicable covered order; and

(ii) Submit a revised filing amending any information described in paragraphs (c) and (d) of this section to the nonbank registry within 90 days after any amendments are made to the covered order or any of the information described in paragraph (c) or (d) of this section changes.

(c) Required identifying information and administrative information. A registered entity shall provide all identifying information and administrative information required by the nonbank registry. In filing instructions issued pursuant to § 1092.102(a), the Bureau may require that covered nonbanks that are affiliates make joint or combined submissions under this section.

(d) Information regarding covered orders. A registered entity shall provide the following information for each covered order subject to this section:

(1) A fully executed, accurate, and complete copy of the covered order, in a format specified by the Bureau; provided that any portions of a covered order that are not public shall not be submitted, and these portions shall be clearly marked on the copy submitted;

(2) In connection with each applicable covered order, information identifying:

(i) The agency(ies) and court(s) that issued or obtained the covered order, as applicable;

(ii) The effective date of the covered order;

(iii) The date of expiration, if any, of the covered order, or a statement that there is none;

(iv) All covered laws found to have been violated or, for orders issued upon the parties' consent, alleged to have been violated; and

(v) Any docket, case, tracking, or other similar identifying number(s) assigned to the covered order by the applicable agency(ies) or court(s).

(3) If the registered entity is a supervised registered entity, the name and title of its attesting executive for purposes of § 1092.204 with respect to the covered order.

(e) Expiration of covered order status. A covered order shall cease to be a covered order for purposes of this subpart as of the later of:

(1) Ten years after its effective date; or

(2) If the covered order expressly provides for a termination date more than ten years after its effective date, the expressly provided termination date.

(f) Requirement to submit revised and final filings with respect to certain covered orders. (1) If a covered order is terminated, modified, or abrogated (whether by its own terms, by action of the applicable agency, or by a court), or if an order ceases to be a covered order for purposes of this subpart by operation of paragraph (e) of this section, the registered entity shall submit a revised filing to the nonbank registry within 90 days after the effective date of such termination, modification, or abrogation, or the date such order ceases to be a covered order.

(2) If, due to such termination, modification, or abrogation of a covered order, or due to the application of paragraph (e) of this section, the order no longer remains in effect or is no longer a covered order, then, following its final filing under paragraph (f)(1) of this section with respect to such covered order, the registered entity will have no further obligation to update its filing or to file written statements with respect to such covered order under this subpart.

(g) Notification by certain persons of non-registration under this section. A person may submit a notice to the nonbank registry stating that it is not registering pursuant to this section because it has a good-faith basis to believe that it is not a covered nonbank or that an order in question is not a covered order. Such person shall promptly comply with this section upon becoming aware of facts or circumstances that would not permit it to continue representing that it has a good-faith basis to believe that it is not a covered nonbank or that an order in question is not a covered order.

§ 1092.203

Optional one-time registration of NMLS-published covered orders.

(a) One-time registration option with respect to an NMLS-published covered order. With respect to any NMLS-published covered order, a covered nonbank that is identified by name as a party subject to the order may elect to comply with the one-time registration option described in this section in lieu of complying with the requirements of §§ 1092.202 and 1092.204.

(b) Information to be provided. The covered nonbank, in the form and manner specified by the Bureau, shall provide such information that the Bureau determines is appropriate for the purpose of identifying the covered nonbank and the NMLS-published covered order, and otherwise for the purpose of coordinating the nonbank registry with the NMLS.

(c) No further obligation to provide or update information with respect to the NMLS-published covered order. Upon providing such information, the covered nonbank shall have no further obligation under this subpart to provide information to, or update information provided to, the nonbank registry regarding the NMLS-published covered order.

§ 1092.204

Annual reporting requirements for supervised registered entities.

(a) Scope of annual reporting requirements. (1) This section shall apply only with respect to covered orders with an effective date on or after the applicable nonbank registry implementation date under § 1092.206 and as to which information is provided or required to be provided under § 1092.202.

(2) A supervised registered entity is not required to comply with this section with respect to any NMLS-published covered order for which it chooses to comply with the one-time registration option described in § 1092.203.

(b) Requirement to designate attesting executive. Subject to paragraph (a) of this section, a supervised registered entity subject to a covered order shall designate as its attesting executive for the covered order for purposes of this subpart its highest-ranking duly appointed senior executive officer (or, if the supervised registered entity does not have any duly appointed officers, the highest-ranking individual charged with managerial or oversight responsibility for the supervised registered entity) whose assigned duties include ensuring the supervised registered entity's compliance with Federal consumer financial law, who has knowledge of the entity's systems and procedures for achieving compliance with the covered order, and who has control over the entity's efforts to comply with the covered order. The supervised registered entity shall annually designate one attesting executive for each such covered order to which it is subject and for all submissions and other purposes related to that covered order under this subpart. The supervised registered entity shall authorize the attesting executive to perform the duties of an attesting executive on behalf of the supervised registered entity with respect to the covered order as required in this section, including submitting the written statement described in paragraph (d) of this section.

(c) Requirement to provide attesting executive(s) with access to documents and information. A supervised registered entity subject to this section shall provide its attesting executive(s) with prompt access to all documents and information related to the supervised registered entity's compliance with all applicable covered order(s) as necessary to make the written statement(s) required in paragraph (d) of this section.

(d) Annual requirement to submit written statement to the Bureau for each covered order. On or before March 31 of each calendar year, the supervised registered entity shall, in the form and manner specified by the Bureau, submit to the nonbank registry a written statement with respect to each covered order described in paragraph (a)(1) of this section to which it is subject. The written statement shall be signed by the attesting executive on behalf of the supervised registered entity. In the written statement, the attesting executive shall:

(1) Generally describe the steps that the attesting executive has undertaken to review and oversee the supervised registered entity's activities subject to the applicable covered order for the preceding calendar year; and

(2) Attest whether, to the attesting executive's knowledge, the supervised registered entity during the preceding calendar year identified any violations or other instances of noncompliance with any obligations that were imposed in a public provision of the covered order by the applicable agency or court based on a violation of a covered law.

(e) Requirement to maintain and make available related records. A supervised registered entity shall maintain documents and other records sufficient to provide reasonable support for its written statement under paragraph (d) of this section and to otherwise demonstrate compliance with the requirements of this section with respect to any submission under this section, for five years after such submission is required. The supervised registered entity shall make such documents and other records available to the Bureau upon request.

(f) Notification of entity's good-faith belief that requirements do not apply. A person may submit a notice to the nonbank registry stating that it is neither designating an attesting executive nor submitting a written statement pursuant to this section because it has a good-faith basis to believe that it is not a supervised registered entity or that an order in question is not a covered order. Such person shall promptly comply with this section upon becoming aware of facts or circumstances that would not permit it to continue representing that it has a good-faith basis to believe that it is not a supervised registered entity or that an order in question is not a covered order.

§ 1092.205

Publication and correction of registration information.

(a) Internet publication of registration information. The Bureau may make available to the public the information submitted to the nonbank registry pursuant to §§ 1092.202 and 1092.203 by means that include publishing such information on the Bureau's publicly available internet site within a timeframe determined by the Bureau in its discretion, except that:

(1) The publication described in this paragraph (a) will not include the written statement submitted under § 1092.204, which will be treated as Bureau confidential supervisory information subject to the provisions of 12 CFR part 1070 of this chapter; and

(2) The publication described in this paragraph (a) will not include administrative information.

(b) Other publications of information. In addition to the publication described in paragraph (a) of this section, the Bureau may, at its discretion, compile and aggregate information submitted by persons pursuant to this subpart and make any compilations or aggregations of such information publicly available as the Bureau deems appropriate.

(c) Correction of submissions to the nonbank registry. If any information submitted to the nonbank registry under this subpart was inaccurate when submitted and remains inaccurate, the covered nonbank shall file a corrected report in the form and manner specified by the Bureau within 30 days after the date on which such covered nonbank becomes aware or has reason to know of the inaccuracy. In addition, the Bureau may at any time and in its discretion direct a covered nonbank to correct errors or other non-compliant submissions to the nonbank registry made under this subpart.

§ 1092.206

Nonbank registry implementation dates.

(a) Applicable dates. The applicable nonbank registry implementation date for purposes of this subpart shall be as follows:

(1) For a covered nonbank that is a larger participant of a market for consumer financial products or services described under 12 U.S.C. 5514(a)(1)(B) as defined by one or more rules issued by the Bureau, 30 days after this subpart takes effect with respect to that covered nonbank;

(2) For a covered nonbank described under any other provision of 12 U.S.C. 5514(a)(1), 120 days after this subpart takes effect with respect to that covered nonbank; and

(3) For any other covered nonbank, 210 days after this subpart takes effect with respect to that covered nonbank.

(b) Calculation of dates. If paragraph (a) of this section would establish a nonbank registry implementation date on a date that is a Saturday, Sunday, or Federal holiday, the applicable nonbank registry implementation date will be the next day that is not a Saturday, Sunday, or Federal holiday.

Subpart C—[Reserved]

Appendix A to Part 1092—List of State Covered Laws

Alabama

Ala. Code sec. 5-18A-13(j).
Ala. Code sec. 8-19-5.

Alaska

Alaska Stat. sec. 06.20.200.
Alaska Stat. sec. 06.40.090.
Alaska Stat. sec. 06.60.320.
Alaska Stat. sec. 06.60.340.
Alaska Stat. sec. 45.50.471.

Arizona

Ariz. Rev. Stat. sec. 6-611.
Ariz. Rev. Stat. sec. 6-710(8).
Ariz. Rev. Stat. sec. 6-909(C).
Ariz. Rev. Stat. sec. 6-947(D).
Ariz. Rev. Stat. sec. 6-984(D).
Ariz. Rev. Stat. sec. 6-1309(A).
Ariz. Rev. Stat. sec. 44-1522(A).
Ariz. Rev. Stat. sec. 44-1703(4).

Arkansas

Ark. Code Ann. sec. 4-75-208(a).
Ark. Code Ann. sec. 4-88-107.
Ark. Code Ann. sec. 4-88-108(a)(1).
Ark. Code Ann. sec. 4-88-304(a).
Ark. Code Ann. sec. 4-90-705.
Ark. Code Ann. sec. 4-107-203.
Ark. Code Ann. sec. 4-112-101 to 4-112-114.
Ark. Code Ann. sec. 4-115-102.
Ark. Code Ann. sec. 23-39-405.

California

Cal. Bus. & Prof. Code sec. 17200 to 17209.
Cal. Bus. & Prof. Code sec. 17500.
Cal. Civ. Code sec. 1770.
Cal. Civ. Code sec. 1788.101(a), (b)(1), (7), (8), (9), (10).
Cal. Fin. Code sec. 4995.3(b).
Cal. Fin. Code sec. 22755(b), (i).
Cal. Fin. Code sec. 90003.

Colorado

Colo. Rev. Stat. sec. 5-3.1-121.
Colo. Rev. Stat. sec. 5-20-109(b).
Colo. Rev. Stat. sec. 6-1-105.

Connecticut

Conn. Gen. Stat. sec. 36a-267.
Conn. Gen. Stat. sec. 36a-498(g)(2).
Conn. Gen. Stat. sec. 36a-539(d)(2), (6).
Conn. Gen. Stat. sec. 36a-561(3), (4).
Conn. Gen. Stat. sec. 36a-580 to 36a-589.
Conn. Gen. Stat. sec. 36a-607(c)(2)(5).
Conn. Gen. Stat. sec. 36a-646.
Conn. Gen. Stat. sec. 36a-700.
Conn. Gen. Stat. sec. 42-110b.
Conn. Gen. Stat. sec. 42-240 to 42-253.

Delaware

Del. Code Ann. tit. 5, sec. 2114.
Del. Code Ann. tit. 5, sec. 2209(a)(3).
Del. Code Ann. tit. 5, sec. 2315(a)(3).
Del. Code Ann. tit. 5, sec. 2418(2), (9).
Del. Code Ann. tit. 5, sec. 2904(a)(3).
Del. Code Ann. tit. 6, sec. 2513.
Del. Code Ann. tit. 6, sec. 2532, 2533.

District of Columbia

D.C. Code sec. 26-1114(d)(2), (9).
D.C. Code sec. 28-3814.
D.C. Code sec. 28-3904.

Florida

Fla. Stat. sec. 501.97.
Fla. Stat. sec. 501.204.
Fla. Stat. sec. 560.114(1)(d).
Fla. Stat. sec. 560.309(10).
Fla. Stat. sec. 560.406(2).
Fla. Stat. sec. 687.141(2), (3).
Fla. Stat. sec. 817.801 to 817.806.

Georgia

Ga. Code Ann. sec. 7-7-2(1), (3), (4).
Ga. Code Ann. sec. 10-1-372.
Ga. Code Ann. sec. 10-1-393.

Hawaii

Haw. Rev. Stat. sec. 443B-18.
Haw. Rev. Stat. sec. 454F-17(2), (9), (14).
Haw. Rev. Stat. sec. 477E-1 to 477E-6.
Haw. Rev. Stat. sec. 480-2.
Haw. Rev. Stat. sec. 480J-45(7), (10).
Haw. Rev. Stat. sec. 481A-3.
Haw. Rev. Stat. sec. 489D-23(2), (4).

Idaho

Idaho Code sec. 26-31-317(2), (9).
Idaho Code sec. 26-2505(2).
Idaho Code sec. 28-46-413(8).
Idaho Code sec. 48-603.
Idaho Code sec. 48-603A.

Illinois

815 Ill. Comp. Stat. sec. 122/4-5(3), (8).
815 Ill. Comp. Stat. sec. 505/2 to 505/2AAAA.
815 Ill. Comp. Stat. sec. 510/2.
815 Ill. Comp. Stat. sec. 635/7-13(2), (9).

Indiana

Ind. Code sec. 24-4.4-3-104.6(b), (i).
Ind. Code sec. 24-4.5-7-410(c), (g).
Ind. Code sec. 24-5-0.5-3.
Ind. Code sec. 24-5-0.5-10.

Iowa

Iowa Code sec. 535D.17(2), (9).
Iowa Code sec. 537.3209(1).
Iowa Code sec. 538A.3(4).
Iowa Code sec. 714.16(2)(a).
Iowa Code sec. 714H.3.

Kansas

Kan. Stat. Ann. sec. 50-626.
Kan. Stat. Ann. sec. 50-1017(2), (3).

Kentucky

Ky. Rev. Stat. Ann. sec. 286.9-100(7).
Ky. Rev. Stat. Ann. sec. 286.11-039(f).
Ky. Rev. Stat. Ann. sec. 286.12-110(1)(a)(4).
Ky. Rev. Stat. Ann. sec. 365.050.
Ky. Rev. Stat. Ann. sec. 367.170.
Ky. Rev. Stat. Ann. sec. 367.381(2).
Ky. Rev. Stat. Ann. sec. 380.010 to 380.990.

Louisiana

La. Rev. Stat. Ann. sec. 6:1055.
La. Rev. Stat. Ann. sec. 6:1092(D)(2), (9).
La. Rev. Stat. Ann. sec. 6:1393(A)(3)(b).
La. Rev. Stat. Ann. sec. 6:1412(A)(2).
La. Rev. Stat. Ann. sec. 9:3574.3(2), (3).
La. Rev. Stat. Ann. sec. 51:1405.
La. Rev. Stat. Ann. sec. 51:1915.

Maine

Me. Rev. Stat. tit. 5, sec. 207.
Me. Rev. Stat. tit. 9-A, sec. 5-118(2), (3), (4).
Me. Rev. Stat. tit. 9-B, sec. 242.
Me. Rev. Stat. tit. 10, sec. 1212.
Me. Rev. Stat. tit. 32, sec. 6155(1).
Me. Rev. Stat. tit. 32, sec. 6198(5).

Maryland

Md. Code Ann., Com. Law sec. 12-1208(2).
Md. Code Ann., Com. Law sec. 13-303.
Md. Code Ann., Com. Law sec. 14-1302(b).
Md. Code Ann., Com. Law sec. 14-1323.
Md. Code Ann., Com. Law sec. 14-1914(a).
Md. Code Ann., Com. Law sec. 14-3807.
Md. Code Ann., Educ. sec. 26-601 to 26-604.
Md. Code Ann., Fin. Inst. sec. 12-1001 to 12-1017.
Md. Code Ann., Real Prop. sec. 7-501 to 7-511.

Massachusetts

Mass. Gen. Laws ch. 93, sec. 105(d).
Mass. Gen. Laws ch. 93A, sec. 2.
Mass. Gen. Laws ch. 93L, sec. 8.

Michigan

Mich. Comp. Laws sec. 445.903.
Mich. Comp. Laws sec. 445.1823(e).

Minnesota

Minn. Stat. sec. 58B.07(2).
Minn. Stat. sec. 325D.09.
Minn. Stat. sec. 325D.44.
Minn. Stat. sec. 325F.67.
Minn. Stat. sec. 325F.69.
Minn. Stat. sec. 332A.02-332A.19.

Mississippi

Miss. Code Ann. sec. 75-24-5.
Miss. Code Ann. sec. 75-67-109.
Miss. Code Ann. sec. 75-67-445.
Miss. Code Ann. sec. 75-67-516.
Miss. Code Ann. sec. 75-67-617.
Miss. Code Ann. sec. 81-18-27(h).
Miss. Code Ann. sec. 81-19-23(b)(i).

Missouri

Mo. Rev. Stat. sec. 407.020.
Mo. Rev. Stat. sec. 443.737(2), (9).

Montana

Mont. Code Ann. sec. 30-14-103.
Mont. Code Ann. sec. 30-14-2001 to 30-14-2015.
Mont. Code Ann. sec. 30-14-2103(1)(f).
Mont. Code Ann. sec. 31-1-723(5), (7), (18).
Mont. Code Ann. sec. 31-1-724(2).
Mont. Code Ann. sec. 32-5-309.

Nebraska

Neb. Rev. Stat. sec. 45-804(5).
Neb. Rev. Stat. sec. 45-812.
Neb. Rev. Stat. sec. 45-919(1)(j).
Neb. Rev. Stat. sec. 59-1602.
Neb. Rev. Stat. sec. 87-302.

Nevada

Nev. Rev. Stat. sec. 598.746(5).
Nev. Rev. Stat. sec. 598.787.
Nev. Rev. Stat. sec. 598.0915 to 598.0925.
Nev. Rev. Stat. sec. 604A.5021(5), (6).
Nev. Rev. Stat. sec. 604A.5049(5), (6).
Nev. Rev. Stat. sec. 604A.5072(5), (6).
Nev. Rev. Stat. sec. 604A.582.
Nev. Rev. Stat. sec. 604A.592.
Nev. Rev. Stat. sec. 675.280.

New Hampshire

N.H. Rev. Stat. Ann. sec. 358-A:2.
N.H. Rev. Stat. Ann. sec. 383:10-h.
N.H. Rev. Stat. Ann. sec. 397-A:14(g), (n).
N.H. Rev. Stat. Ann. sec. 399-A:14(I).
N.H. Rev. Stat. Ann. sec. 399-F:4(III).

New Jersey

N.J. Stat. Ann. sec. 17:11C-41(g).
N.J. Stat. Ann. sec. 17:16F-39(b).
N.J. Stat. Ann. sec. 17:16ZZ-9(b).
N.J. Stat. Ann. sec. 56:8-2.

New Mexico

N.M. Stat. Ann. sec. 57-12-3.
N.M. Stat. Ann. sec. 58-7-8(C).
N.M. Stat. Ann. sec. 58-15-3(G).
N.M. Stat. Ann. sec. 58-21-21.
N.M. Stat. Ann. sec. 58-21A-12.
N.M. Stat. Ann. sec. 58-21B-13(C)(2), (9).

New York

N.Y. Banking Law sec. 719(2), (9).
N.Y. Exec. Law sec. 63(12).
N.Y. Fin. Serv. sec. 702(i).
N.Y. Gen. Bus. Law sec. 349.
N.Y. Gen. Bus. Law sec. 458-e.
N.Y. Gen. Bus. Law sec. 458-h.
N.Y. Gen. Bus. Law sec. 521-d.
N.Y. Gen. Bus. Law sec. 741.
N.Y. Real Prop. Law sec. 280-b(2).

North Carolina

N.C. Gen. Stat. sec. 25A-44(4).
N.C. Gen. Stat. sec. 53-180(g).
N.C. Gen. Stat. sec. 53-270(4).
N.C. Gen. Stat. sec. 66-106 to 66-112.
N.C. Gen. Stat. sec. 75-1.1.
N.C. Gen. Stat. sec. 75-121.
N.C. Gen. Stat. sec. 75-122.

North Dakota

N.D. Cent. Code sec. 13-04.1-09(4), (10).
N.D. Cent. Code sec. 13-08-12(9).
N.D. Cent. Code sec. 13-10-17(2).
N.D. Cent. Code sec. 13-11-23(1)(p).
N.D. Cent. Code sec. 51-15-02.
N.D. Cent. Code sec. 51-15-02.3.

Ohio

Ohio Rev. Code Ann. sec. 1321.11.
Ohio Rev. Code Ann. sec. 1321.41(N).
Ohio Rev. Code Ann. sec. 1321.44.
Ohio Rev. Code Ann. sec. 1321.60(A).
Ohio Rev. Code Ann. sec. 1321.651(B).
Ohio Rev. Code Ann. sec. 1322.40(I).
Ohio Rev. Code Ann. sec. 1345.02.
Ohio Rev. Code Ann. sec. 1345.21 to 1345.28.
Ohio Rev. Code Ann. sec. 4165.02.
Ohio Rev. Code Ann. sec. 4710.02(F)(1).
Ohio Rev. Code Ann. sec. 4710.04.

Oklahoma

Okla. Stat. Ann. tit. 15, sec. 753(21), (29).
Okla. Stat. Ann. tit. 59, sec. 2095.18(2), (9).
Okla. Stat. Ann. tit. 59, sec. 3111.
Okla. Stat. Ann. tit. 78, sec. 53.

Oregon

Or. Rev. Stat. sec. 86A.163.
Or. Rev. Stat. sec. 86A.236(3), (5), (13).
Or. Rev. Stat. sec. 646.607.
Or. Rev. Stat. sec. 646.608(1)(d), (u).
Or. Rev. Stat. sec. 646A.720(10).
Or. Rev. Stat. sec. 725.060.
Or. Rev. Stat. sec. 725A.058.

Pennsylvania

7 PA. Cons. Stat. sec. 6123(a)(3).
18 PA. Cons. Stat. sec. 7311(b.1).
73 PA. Cons. Stat. sec. 201-3.
73 PA. Cons. Stat. sec. 2183(4).
73 PA. Cons. Stat. sec. 2188(c)(2).
73 PA. Cons. Stat. sec. 2270.4.
73 PA. Cons. Stat. sec. 2270.5.
73 PA. Cons. Stat. sec. 2501 to 2511.

Rhode Island

R.I. Gen. Laws sec. 5-80-8(5).
R.I. Gen. Laws sec. 6-13.1-2.
R.I. Gen. Laws sec. 6-13.1-21 to 6-13.1-23.
R.I. Gen. Laws sec. 6-13.1-25.
R.I. Gen. Laws sec. 6-13.1-30.
R.I. Gen. Laws sec. 19-14-21(a).
R.I. Gen. Laws sec. 19-14.3-3.8(8), (9).
R.I. Gen. Laws sec. 19-14.8-28(a)(16).
R.I. Gen. Laws sec. 19-14.10-17(2), (9).
R.I. Gen. Laws sec. 19-14.11-4(2).
R.I. Gen. Laws sec. 19-33-12(2).

South Carolina

S.C. Code Ann. sec. 34-29-120.
S.C. Code Ann. sec. 34-36-10 to 34-36-80.
S.C. Code Ann. sec. 34-39-200(3), (5).
S.C. Code Ann. sec. 34-41-80(3), (5).
S.C. Code Ann. sec. 37-2-304(1).
S.C. Code Ann. sec. 37-3-304(1).
S.C. Code Ann. sec. 37-6-118.
S.C. Code Ann. sec. 37-7-101 to 37-7-122.
S.C. Code Ann. sec. 39-5-20.

South Dakota

S.D. Codified Laws sec. 37-24-6.
S.D. Codified Laws sec. 37-25A-43.
S.D. Codified Laws sec. 54-4-63.

Tennessee

Tenn. Code Ann. sec. 45-13-401(8).
Tenn. Code Ann. sec. 45-17-112(k).
Tenn. Code Ann. sec. 45-18-121(g).
Tenn. Code Ann. sec. 47-16-101 to 47-16-110.
Tenn. Code Ann. sec. 47-18-104.
Tenn. Code Ann. sec. 47-18-120.
Tenn. Code Ann. sec. 47-18-1003(4).
Tenn. Code Ann. sec. 47-18-5402(a)(1).

Texas

Tex. Bus. & Com. Code Ann. sec. 17.46.
Tex. Bus. & Com. Code Ann. sec. 17.50.
Tex. Bus. & Com. Code Ann. sec. 17.501.
Tex. Fin. Code Ann. sec. 180.153(2), (11).
Tex. Fin. Code Ann. sec. 308.002.
Tex. Fin. Code Ann. sec. 341.403.
Tex. Fin. Code Ann. sec. 392.303 to 392.304.
Tex. Fin. Code Ann. sec. 393.305.
Tex. Fin. Code Ann. sec. 394.207.
Tex. Fin. Code Ann. sec. 394.212(a)(9).

Utah

Utah Code Ann. sec. 13-11-4.
Utah Code Ann. sec. 13-11-4.1.
Utah Code Ann. sec. 13-11a-4.
Utah Code Ann. sec. 13-21-3(1)(g).

Vermont

Vt. Stat. Ann. tit. 8, sec. 2121.
Vt. Stat. Ann. tit. 8, sec. 2241(2), (9).
Vt. Stat. Ann. tit. 8, sec. 2251 to 2260.
Vt. Stat. Ann. tit. 8, sec. 2760b(b).
Vt. Stat. Ann. tit. 8, sec. 2922.
Vt. Stat. Ann. tit. 9, sec. 2453.
Vt. Stat. Ann. tit. 9, sec. 2481w(b), (c), (d).

Virginia

Va. Code. Ann. sec. 6.2-1524(B).
Va. Code. Ann. sec. 6.2-1614(8)(a).
Va. Code. Ann. sec. 6.2-1629(A).
Va. Code. Ann. sec. 6.2-1715(A)(1).
Va. Code. Ann. sec. 6.2-1816(26).
Va. Code. Ann. sec. 6.2-1819(A).
Va. Code. Ann. sec. 6.2-2017.
Va. Code. Ann. sec. 6.2-2107(3), (4).
Va. Code. Ann. sec. 6.2-2610(A)(2), (C).
Va. Code. Ann. sec. 59.1-200(A).
Va. Code. Ann. sec. 59.1-335.5(4).

Washington

Wash. Rev. Code sec. 18.28.120(6).
Wash. Rev. Code sec. 18.44.301(2), (4).
Wash. Rev. Code sec. 19.16.110.
Wash. Rev. Code sec. 19.16.250.
Wash. Rev. Code sec. 19.16.260.
Wash. Rev. Code sec. 19.16.440.
Wash. Rev. Code sec. 19.86.020.
Wash. Rev. Code sec. 19.134.020(1)(e).
Wash. Rev. Code sec. 19.146.0201(2), (7).
Wash. Rev. Code sec. 19.144.080(1)(a)(ii).
Wash. Rev. Code sec. 19.146.100.
Wash. Rev. Code sec. 19.230.340(2), (4).
Wash. Rev. Code sec. 19.265.050(3).
Wash. Rev. Code sec. 31.04.027.
Wash. Rev. Code sec. 31.45.105(1)(a), (b).

West Virginia

W. Va. Code sec. 31-17-10.
W. Va. Code sec. 31-17A-16(2), (9).
W. Va. Code sec. 32A-2-26.
W. Va. Code sec. 46A-6-104.
W. Va. Code sec. 46A-6C-3(4).

Wisconsin

Wis. Stat. sec. 100.18.
Wis. Stat. sec. 100.20.
Wis. Stat. sec. 100.55(3).
Wis. Stat. sec. 138.14(12)(e).
Wis. Stat. sec. 224.77(1)(b), (c).
Wis. Stat. sec. 422.503(c).
Wis. Stat. sec. 423.301.
Wis. Stat. sec. 427.104(1)(m).

Wyoming

Wyo. Stat. Ann. sec. 40-12-105.

Rohit Chopra,

Director, Consumer Financial Protection Bureau.

[FR Doc. 2024-12689 Filed 7-5-24; 8:45 am]

BILLING CODE 4810-AM-P