Comment for 1002.111 - Recordkeeping

This version is not the current regulation.

You are viewing a previous version of this regulation with amendments that went into effect on Aug. 29, 2023. View all versions of this regulation

Previous version (effective Aug. 29, 2023 to Sept. 25, 2023)

111(a) Record Retention

1. Evidence of compliance. Section 1002.111(a) requires a financial institution to retain evidence of compliance with subpart B of this part for at least three years after its small business lending application register is required to be submitted to the Bureau pursuant to § 1002.109. In addition to the financial institution’s small business lending application register, such evidence of compliance is likely to include, but is not limited to, the applications for credit from which information in the register is drawn, as well as the files or documents that, under § 1002.111(b), are kept separate from the applications for credit. This three-year record retention requirement applies to any records covered by § 1002.111(a), notwithstanding the more general 12-month retention period for records related to business credit specified in § 1002.12(b).

2. Record retention for creditors under § 1002.5(a)(4)(vii) and (viii). A creditor that is voluntarily, under § 1002.5(a)(4)(vii) and (viii), collecting information pursuant to subpart B of this part complies with § 1002.111(a) by retaining evidence of compliance with subpart B for at least three years after June 1 of the year following the year that data was collected.

111(b) Certain Information Kept Separate From the Rest of the Application

1. Separate from the application. A financial institution may satisfy the requirement in § 1002.111(b) by keeping an applicant’s responses to the financial institution’s request pursuant to § 1002.107(a)(18) and (19) in a file or document that is discrete or distinct from the application and its accompanying information. For example, such information could be collected on a piece of paper that is separate from the rest of the application form. In order to satisfy the requirement in § 1002.111(b), an applicant’s responses to the financial institution’s request pursuant to § 1002.107(a)(18) and (19) need not be maintained in a separate electronic system, nor need they be removed from the physical files containing the application so long as there is some separation between the demographic information and the rest of the application and its accompanying information. However, the financial institution may nonetheless need to keep this information in a different electronic or physical file in order to satisfy the prohibition in § 1002.108(b).

2. Number of principal owners. A financial institution is permitted to maintain information regarding the applicant’s number of principal owners pursuant to § 1002.107(a)(20) with an applicant’s responses to the financial institution’s request pursuant to § 1002.107(a)(18) and (19).

111(c) Limitation on Personally Identifiable Information in Certain Records Retained Under This Section

1. Small business lending application register. The prohibition in § 1002.111(c) applies to data in the small business lending application register submitted by the financial institution to the Bureau under § 1002.109, the version of the register that the financial institution maintains under § 1002.111(a), and the separate record of certain information created pursuant to § 1002.111(b).

2. Examples. Section 1002.111(c) prohibits a financial institution from including any name, specific address (other than the census tract required under § 1002.107(a)(13)), telephone number, or email address of any individual who is, or is connected with, an applicant in the small business lending application register it reports pursuant to § 1002.109, in the copy of the register the financial institution retains under § 1002.111(a), and in the records of certain information it must retain separately from the application pursuant to § 1002.111(b). It likewise prohibits a financial institution from including any other personally identifiable information concerning any individual who is, or is connected with, an applicant, except as required pursuant to § 1002.107 or § 1002.111(b). Examples of such personally identifiable information that a financial institution may not include in its small business lending application register include, but are not limited to, the following: date of birth, Social Security number, official government-issued driver’s license or identification number, alien registration number, government passport number, or employer or taxpayer identification number.

3. Other records. The prohibition in § 1002.111(c) does not extend to an application for credit, or any other records that the financial institution maintains that are not specifically enumerated in § 1002.111(c).

4. Name and business contact information for submission. The prohibition in § 1002.111(c) does not bar financial institutions from providing to the Bureau, pursuant to § 1002.109(b)(3), the name and business contact information of the person who may be contacted by the Bureau or other regulators with questions about the financial institution’s submission under § 1002.109.