(a) Administrative enforcement and civil liability. A violation of section 704B of the Act or this subpart is subject to administrative sanctions and civil liability as provided in sections 704 (15 U.S.C. 1691c) and 706 (15 U.S.C. 1691e) of the Act, where applicable.
(b) Bona fide errors. A bona fide error in compiling, maintaining, or reporting data with respect to a covered application is one that was unintentional and occurred despite the maintenance of procedures reasonably adapted to avoid such an error. A bona fide error is not a violation of the Act or this subpart. A financial institution is presumed to maintain procedures reasonably adapted to avoid such errors with respect to a given data field if the number of errors found in a random sample of the financial institution’s submission for the data field does not equal or exceed a threshold specified by the Bureau for this purpose in appendix F to this part. However, an error is not a bona fide error if either there is a reasonable basis to believe the error was intentional or there is evidence that the financial institution does not or has not maintained procedures reasonably adapted to avoid such errors.
1. Tolerances for bona fide errors. Section 1002.112(b) provides that a financial institution is presumed to maintain procedures reasonably adapted to avoid errors with respect to a given data field if the number of errors found in a random sample of the financial institution’s data submission for the data field does not equal or exceed a threshold specified by the Bureau for this purpose. The Bureau’s thresholds appear in column C of the table in appendix F. The size of the random sample, set out in column B, shall depend on the size of the financial institution’s small business lending application register, as shown in column A of the table in appendix F. A financial institution has not maintained procedures reasonably adapted to avoid errors if either there is a reasonable basis to believe the error was intentional or there is evidence that the financial institution has not maintained procedures reasonably adapted to avoid errors.
2. Tolerances and data fields. For purposes of determining whether an error is bona fide under § 1002.112(b), the term “data field” generally refers to individual fields. All required data fields, and valid response options for those fields, are set forth in the Bureau’s Filing Instructions Guide, available at https://www.consumerfinance.gov/data-research/small-business-lending/filing-instructions-guide/. Some data fields may allow for more than one response. For example, with respect to information on the ethnicity and race of an applicant’s principal owner, a data field may identify more than one race or ethnicity. If there are one or more errors within an ethnicity data field, or within a race data field, for a particular principal owner, they would count as one (and only one) error for that data field. For instance, in the ethnicity data field, if an applicant indicates that one of its principal owners is Cuban, but the financial institution reports that the principal owner is Mexican and Puerto Rican, the financial institution has made one error in the ethnicity data field for that principal owner. For purposes of the error threshold table in appendix F, the financial institution is deemed to have made one error, not two.
3. Tolerances and safe harbors. An error that meets the criteria for one of the four safe harbor provisions in § 1002.112(c) is not counted as an error for purposes of determining whether a financial institution has exceeded the relevant error threshold in appendix F for a given data field.
1. Information from a Federal agency—census tract. Section 1002.112(c)(2) provides that an incorrect entry for census tract is not a violation of the Act or subpart B of this part, if the financial institution obtained the census tract using a geocoding tool provided by the FFIEC or the Bureau. However, this safe harbor provision does not extend to a financial institution’s failure to provide the correct census tract number for a covered application on its small business lending application register, as required by § 1002.107(a)(13), because the FFIEC or Bureau geocoding tool did not return a census tract for the address provided by the financial institution. In addition, this safe harbor provision does not extend to a census tract error that results from a financial institution entering an inaccurate address into the FFIEC or Bureau geocoding tool.
2. Applicability of NAICS code safe harbor. The safe harbor in § 1002.112(c)(3) applies to an incorrect entry for the 3-digit NAICS code that financial institutions must collect and report pursuant to § 1002.107(a)(15), provided certain conditions are met. For purposes of § 1002.112(c)(3)(i), a financial institution is permitted to rely on statements made by the applicant, information provided by the applicant, or on other information obtained through its use of appropriate third-party sources, including business information products. See also comments 107(a)(15)- 4 and 107(b)-1.
3. Incorrect determination of small business status, covered credit transaction, or covered application—examples. Section 1002.112(c)(4) provides a safe harbor from violations of the Act or this regulation for a financial institution that initially collects data under § 1002.107(a)(18) and (19) regarding whether an applicant for a covered credit transaction is a minority-owned, a women-owned, or LGBTQI+-owned business, and the ethnicity, race, and sex of the applicant’s principal owners, but later concludes that it should not have collected this data, if certain conditions are met. Specifically, to qualify for this safe harbor, § 1002.112(c)(4) requires that the financial institution have had a reasonable basis at the time it collected data under § 1002.107(a)(18) and (19) for believing that the application was a covered application for a covered credit transaction from a small business pursuant to §§ 1002.103, 1002.104, and 1002.106, respectively. For example, Financial Institution A collected data under § 1002.107(a)(18) and (19) from an applicant for a covered credit transaction that had self-reported its gross annual revenue as $4.8 million. Sometime after Financial Institution A had collected this data from the applicant, the financial institution reviewed the applicant’s tax returns, which indicated the applicant’s gross annual revenue was in fact $5.2 million. Financial Institution A is permitted to rely on representations made by the applicant regarding gross annual revenue in determining whether an applicant is a small business (see § 1002.107(b) and comments 106(b)(1)-3 and 107(a)(14)-1). Thus, Financial Institution A may have had a reasonable basis to believe, at the time it collected data under § 1002.107(a)(18) and (19), that the applicant was a small business pursuant to § 1002.106, in which case Financial Institution A’s collection of such data would not violate the Act or this regulation.
(1) Incorrect entry for application date. A financial institution does not violate the Act or this subpart if it reports on its small business lending application register an application date that is within three business days of the actual application date pursuant to § 1002.107(a)(2).
(2) Incorrect entry for census tract. An incorrect entry for census tract is not a violation of the Act or this subpart if the financial institution obtained the census tract by correctly using a geocoding tool provided by the FFIEC or the Bureau.
(3) Incorrect entry for NAICS code. An incorrect entry for a 3-digit NAICS code is not a violation of the Act or this subpart, provided that the financial institution obtained the 3-digit NAICS code by:
(i) Relying on an applicant’s representations or on an appropriate third-party source, in accordance with § 1002.107(b), regarding the NAICS code; or
(ii) Identifying the NAICS code itself, provided that the financial institution maintains procedures reasonably adapted to correctly identify a 3-digit NAICS code.
(4) Incorrect determination of small business status, covered credit transaction, or covered application. A financial institution that initially collects data regarding whether an applicant for a covered credit transaction is a minority-owned business, a women-owned business, or an LGBTQI+-owned business, and the ethnicity, race, and sex of the applicant’s principal owners pursuant to § 1002.107(a)(18) and (19) but later concludes that it should not have collected such data does not violate the Act or this regulation if the financial institution, at the time it collected this data, had a reasonable basis for believing that the application was a covered application for a covered credit transaction from a small business pursuant to §§ 1002.103, 1002.104, and 1002.106, respectively. A financial institution seeking to avail itself of this safe harbor shall comply with the requirements of this subpart as otherwise required pursuant to §§ 1002.107, 1002.108, and 1002.111 with respect to the collected data.