BILLING CODE: 4810-AM-P
CONSUMER FINANCIAL PROTECTION BUREAU
12 CFR Part 1092
[Docket No. CFPB-2022-0080]
RIN 3170-AB13
Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders
AGENCY: Consumer Financial Protection Bureau.
ACTION: Final rule.
SUMMARY: Under the Consumer Financial Protection Act of 2010 (CFPA), the Consumer
Financial Protection Bureau (Bureau or CFPB) is issuing this final rule to require certain types of
nonbank covered persons subject to certain final public orders obtained or issued by a
government agency in connection with the offering or provision of a consumer financial product
or service to report the existence of the orders and related information to a Bureau registry. The
Bureau is also requiring certain supervised nonbanks to file annual reports regarding compliance
with registered orders.
DATES: Effective date: This rule is effective on September 16, 2024.
Implementation dates: For implementation dates, see § 1092.206.
FOR FURTHER INFORMATION CONTACT: George Karithanom, Regulatory
Implementation and Guidance Program Analyst, Office of Regulations, at 202–435–7700. If you
require this document in an alternative electronic format, please contact
CFPB_Accessibility@cfpb.gov.
SUPPLEMENTARY INFORMATION:
I.

Summary of the Final Rule
The Bureau is adopting this final rule to establish and maintain a registry that will collect

information about certain publicly available agency and court orders and facilitate the Bureau’s
supervision of certain companies. In this way, the Bureau will more effectively be able to

monitor and to reduce the risks to consumers posed by entities that violate consumer protection
laws. The final rule also authorizes the Bureau to consolidate this information in an online
registry for use by the public and other regulators.
The final rule requires certain nonbank covered person entities (with exclusions for
insured depository institutions, insured credit unions, related persons, States, certain other
entities, and natural persons) to register with the Bureau upon becoming subject to a public
written order imposing obligations based on violations of certain consumer protection laws.
Those entities will be required to register in a system established by the Bureau, provide basic
identifying information about the company and the order (including a copy of the order), and
periodically update the registry to ensure its continued accuracy and completeness. The Bureau
intends to publish this information on its website and potentially in other forms.
The Bureau will also require certain nonbanks subject to the Bureau’s supervisory
authority under section 1024(a) of the Consumer Financial Protection Act of 2010 (CFPA)1
annually to identify an executive (or executives) responsible for and knowledgeable of the firm’s
efforts to comply with the orders identified in the registry. The supervised nonbank entity will
also be required to submit on an annual basis a written statement signed by the applicable
executive regarding the entity’s compliance with each order in the registry.
Nonbanks that are subject to an order published on the Nationwide Multistate Licensing
System’s Consumer Access website (except for orders issued or obtained at least in part by the
Bureau) may elect to comply with a one-time registration option in lieu of complying with the
rule’s notification and written-statement requirements with respect to that order.
Nonbank registrants will have to register with the Bureau starting after an applicable
implementation date for the registry specified in the rule. Different implementation dates are

12 U.S.C. 5514(a).

specified for larger participants, other supervised nonbanks, and other nonbanks not subject to
Bureau supervision. Details on how to register will be provided through filing instructions.
II.

Background

A. The Bureau and Other Agencies Take Enforcement Actions Against Nonbanks to Protect
Consumers
The Bureau administers and enforces Federal consumer financial laws against nonbanks
in consumer financial markets. In addition to the Bureau, Congress has authorized multiple other
Federal and State agencies to enforce Federal consumer financial laws, including the CFPA
prohibition against unfair, deceptive, or abusive acts or practices (UDAAP) and enumerated
statutes including the Truth in Lending Act, the Electronic Fund Transfer Act, the Fair Credit
Reporting Act, the Equal Credit Opportunity Act, and other statutes.2 Several Federal agencies,
most notably the Federal Trade Commission, also enforce section 5 of the Federal Trade
Commission Act (FTC Act), which similarly prohibits unfair or deceptive acts or practices
(UDAP).3 The prohibitions against unfair and deceptive acts or practices in the CFPA were
modeled after the same prohibitions in the FTC Act. Furthermore, States across the country
began codifying State UDAP statutes modeled after the FTC Act starting in the 1960s and
1970s.4 Many State UDAP statutes contain rules of construction requiring State courts to use
interpretations of the FTC Act by the Federal courts and the FTC as a guide to interpreting their
State UDAP statutes.5 These laws differ in many respects from each other, but generally they
hail from a common consumer protection tradition originating with the FTC Act, similar to the
CFPA’s prohibition on UDAAP.

See 12 U.S.C. 5481(12), 5552; 12 CFR part 1082; Bureau Interpretive Rule, Authority of States to Enforce the
Consumer Financial Protection Act of 2010, 87 FR 31940 (May 26, 2022).
3

15 U.S.C. 45.

Dee Pridgen, The Dynamic Duo of Consumer Protection: State and Private Enforcement of Unfair and Deceptive
Trade Practices Laws, 81 Antitrust L.J. 911, 912 (2017).
See, e.g., Ariz. Rev. Stat. Ann. sec. 44-1522(C) (courts “may use as a guide” FTC and Federal court interpretations
of the FTC Act); Fla. Stat. sec. 501.204(2) (expressing the intent of the legislature that “due consideration and great
weight” be given to interpretations of the FTC Act when interpreting Florida’s State UDAP statute).
The Bureau was created in the wake of the 2008 financial crisis, which was caused by a
variety of overlapping factors, including systemic malfeasance in the mortgage industry.6 Since
passage of the CFPA, the Bureau has brought nearly 350 enforcement actions against nonbanks.
When the Bureau issues an order against a covered person (often, but not always, as a consent
order), or brings an action in a court of law that results in an order, the Bureau often follows up
with supervisory or enforcement action to ensure the company’s compliance with the order. On
numerous occasions, the Bureau has uncovered companies that failed to comply with consent
orders that the companies entered into with the Bureau voluntarily.7
B. Congress Instructed the Bureau to Monitor Markets for Consumer Financial Products and
Services
Congress established the Bureau to regulate (among other things) the offering and
provision of consumer financial products and services under the Federal consumer financial
laws, and it granted the Bureau authority to ensure that the Bureau could achieve that mission.8
But it also understood that the Bureau could not fully and effectively achieve that mission unless
it developed a clear window into the markets for and persons involved in offering and providing
such products and services. To that end, Congress mandated that the Bureau “shall monitor for
risks to consumers in the offering or provision of consumer financial products or services,
including developments in markets for such products or services.”9

See U.S. Fin. Crisis Inquiry Comm’n, The Financial Crisis Inquiry Report, at 104–11, 113–18 (2011),
https://www.govinfo.gov/content/pkg/GPO-FCIC/pdf/GPO-FCIC.pdf; see also S. Rep. No. 111-176, at 11 (2010)
(“Th[e] financial crisis was precipitated by the proliferation of poorly underwritten mortgages with abusive terms,
followed by a broad fall in housing prices as those mortgages went into default and led to increasing foreclosures.”).
See, e.g., RMK Financial Corp. d/b/a Majestic Home Loan or MHL, CFPB No. 2023-CFPB-0002 (Feb. 27, 2023);
CFPB v. American Advisors Group, No. 21-cv-01674-JLS-JDEx (C.D. Cal. Oct. 25, 2021); Discover Bank, CFPB
No. 2020-BCFP-0026 (Dec. 22, 2020); Bureau of Consumer Fin. Prot. v. Encore Capital Grp., No. 3:20-cv-01750GPC-KSC (S.D. Cal. Oct. 16, 2020); Sec. Nat’l Automotive Acceptance Co., CFPB No. 2017-CFPB-0013 (Apr. 26,
2017); Military Credit Servs., LLC, CFPB No. 2016-CFPB-0029 (Dec. 20, 2016).
8

See 12 U.S.C. 5511.

See 12 U.S.C. 5512(c)(1).

Notably, Congress directed the Bureau to engage in such monitoring “to support its
rulemaking and other functions,”10 instructing the Bureau to use monitoring to inform all of its
work. Congress separately described the Bureau’s “primary functions” as “conducting financial
education programs”; “collecting, investigating, and responding to consumer complaints”;
“collecting, researching, monitoring, and publishing information relevant to the functioning of
markets for consumer financial products and services to identify risks to consumers and the
proper functioning of such markets”; “supervising covered persons for compliance with Federal
consumer financial law, and taking appropriate enforcement action to address violations of
Federal consumer financial law”; “issuing rules, orders, and guidance implementing Federal
consumer financial law”; and “performing such support activities as may be necessary or useful
to facilitate the other functions of the Bureau.”11 Put simply, Congress envisioned that the
Bureau would use its market-monitoring work to inform its activities, all with the express
purpose of “ensuring that all consumers have access to markets for consumer financial products
and services and that markets for consumer financial products and services are fair, transparent,
and competitive.”12
To achieve these ends, Congress took care to ensure that the Bureau had the tools
necessary to effectively monitor for risks in the markets for consumer financial products and
services. It granted the Bureau authority “to gather information from time to time regarding the
organization, business conduct, markets, and activities of covered persons and service
providers.”13 In particular, Congress authorized the Bureau to “require covered persons and
service providers participating in consumer financial services markets to file with the Bureau,
under oath or otherwise, in such form and within such reasonable period of time as the Bureau
may prescribe by rule or order, annual or special reports, or answers in writing to specific
Id. (emphasis added).

12 U.S.C. 5511(c).

12 U.S.C. 5511(a).

12 U.S.C. 5512(c)(4)(A).

questions,” that would furnish the Bureau with such information “as necessary for the Bureau to
fulfill the monitoring . . . responsibilities imposed by Congress.”14
To assist the Bureau in allocating resources to perform its monitoring, Congress also
identified a non-exhaustive list of factors that the Bureau may consider, including “likely risks
and costs to consumers associated with buying or using a type of consumer financial product or
service”;15 “understanding by consumers of the risks of a type of consumer financial product or
service”;16 “the legal protections applicable to the offering or provision of a consumer financial
product or service, including the extent to which the law is likely to adequately protect
consumers”;17 “rates of growth in the offering or provision of a consumer financial product or
service”;18 “the extent, if any, to which the risks of a consumer financial product or service may
disproportionately affect traditionally underserved consumers”;19 and “the types, number, and
other pertinent characteristics of covered persons that offer or provide the consumer financial
product or service.”20
Congress also anticipated that the insights the Bureau would gain from such market
monitoring should at times become available to a wider audience than just Bureau employees.
Not only did Congress mandate that the Bureau “publish not fewer than 1 report of significant
findings of its monitoring . . . in each calendar year,” but it also instructed that the Bureau may
make non-confidential information available to the public “as is in the public interest.”21
Congress gave the Bureau discretion to determine the format of publication, authorizing the
Bureau to make the information available “through aggregated reports or other appropriate

12 U.S.C. 5512(c)(4)(B)(ii) (emphasis added).

12 U.S.C. 5512(c)(2)(A).

12 U.S.C. 5512(c)(2)(B).

12 U.S.C. 5512(c)(2)(C).

12 U.S.C. 5512(c)(2)(D).

12 U.S.C. 5512(c)(2)(E).

12 U.S.C. 5512(c)(2)(F).

12 U.S.C. 5512(c)(3).

formats designed to protect confidential information in accordance with [specified protections in
this section].”22 These instructions regarding public release of market-monitoring information
align with one of the Bureau’s “primary functions” mentioned above—to “publish[] information
relevant to the functioning of markets for consumer financial products and services to identify
risks to consumers and the proper functioning of such markets.”23
The Bureau takes its market-monitoring obligations seriously, and it has incorporated
valuable insights gained to date from such monitoring in conducting the multiple functions
assigned to it under the CFPA, including its supervisory and enforcement efforts, as well as its
rulemaking, consumer education, and other functions.24 As discussed in further detail below,
this final rule seeks to continue and build upon that commitment by creating an order registry to
accomplish a number of goals, with a particular focus on monitoring for risks to consumers
related to repeat offenders of consumer protection law. A public registry of agency and court
orders issued or obtained in connection with violations of law will help the Bureau and the
broader public monitor trends concerning corporate recidivism relating to consumer protection
law, including areas where prior violations of law are indicia of risk to consumers.
More generally, entities subject to such public orders relating to the offering or provision
of consumer financial products and services may pose ongoing risks to consumers in the markets
for those products and services. A broad collection of such public orders will shed light on how
laws are being enforced across consumer protection laws, jurisdictions, and markets, and help

12 U.S.C. 5512(c)(3)(B).

12 U.S.C. 5511(c)(3).

See, e.g., CFPB Semiannual Regulatory Agenda, 87 FR 5326, 5328 (Jan. 31, 2022) (“The Bureau’s market
monitoring work assists in identifying issues for potential future rulemaking work.”); Payday, Vehicle, and Certain
High-Cost Installment Loans, 82 FR 54472, 54475, 54488, 54498 (Nov. 17, 2017) (citing information obtained
through Bureau market-monitoring efforts); Arbitration Agreements, 82 FR 33210, 33220 (July 19, 2017) (same).
See also, e.g., Consumer Fin. Prot. Bureau, Buy Now, Pay Later: Market trends and consumer impacts (Sept. 2022),
https://files.consumerfinance.gov/f/documents/cfpb_buy-now-pay-later-market-trends-consumerimpacts_report_2022-09.pdf (publishing information obtained through Bureau market-monitoring efforts);
Consumer Fin. Prot. Bureau, Consumer Credit Trends: Credit Card Line Decreases (June 2022),
https://files.consumerfinance.gov/f/documents/cfpb_credit-card-line-decreases_report_2022-06.pdf (same);
Consumer Fin. Prot. Bureau, Data Point: Checking Account Overdraft at Financial Institutions Served by Core
Processors (Dec. 2021), https://files.consumerfinance.gov/f/documents/cfpb_overdraft-coreprocessors_report_2021-12.pdf (same).
identify trends and potential gaps in enforcement. Both heightened enforcement and the absence
of enforcement could possibly provide information regarding risks to consumers—the former as
evidence that government agencies with various jurisdictions have identified the need to enforce
consumer protection laws, and the latter as potential evidence of less risk to consumers, or
perhaps of inattention by regulatory agencies. A centralized, up-to-date repository of such public
orders will provide valuable market-based insight that the Bureau could use both to identify
concerning trends in these markets that it otherwise might miss and to decide which of several
different policy tools would best address the consumer risks presented by these trends. In short,
the information sought will significantly increase the Bureau’s ability to identify, understand,
and ultimately prevent harm in the markets for consumer financial products and services. These
and other core goals of the information the Bureau will collect are discussed further below at part
IV.
Consistent with an approach suggested by commenters, the Bureau is adopting a one-time
registration option for nonbanks that are identified by name as a party subject to an order that is
published on the Nationwide Multistate Licensing System (NMLS) Consumer Access website,
www.NMLSConsumerAccess.org (except for orders issued or obtained by the Bureau). Such
nonbanks may choose to submit certain information to the Bureau in lieu of complying with the
other ongoing requirements of the final rule with respect to the order. The information provided
to the Bureau in connection with such orders will notify the Bureau about the nonbank and the
relevant order and will enable the Bureau to follow up with the NMLS’s operator and any
applicable agency as appropriate.
C. Congress Authorized the Bureau to Supervise Certain Nonbank Covered Persons
One of the Bureau’s key responsibilities under the CFPA is the supervision of very large
banks, thrifts, and credit unions, and their affiliates, and certain nonbank covered persons.
Congress has authorized the Bureau to supervise certain categories of nonbank covered persons

under CFPA section 1024.25 Congress provided that the Bureau “shall require reports and
conduct examinations on a periodic basis” of nonbank covered persons subject to its supervisory
authority for purposes of “assessing compliance with the requirements of Federal consumer
financial law”; “obtaining information about the activities and compliance systems or procedures
of such person[s]”; and “detecting and assessing risks to consumers and to markets for consumer
financial products and services.”26 Pursuant to the CFPA, the Bureau implements a risk-based
supervision program under which it prioritizes nonbank covered persons for supervision in
accordance with its assessment of risks posed to consumers.27 In making prioritization
determinations, the Bureau considers several factors, including “the asset size of the covered
person,”28 “the volume of transactions involving consumer financial products or services in
which the covered person engages,”29 “the risks to consumers created by the provision of such
consumer financial products or services,”30 “the extent to which such institutions are subject to
oversight by State authorities for consumer protection,”31 and “any other factors that the Bureau
determines to be relevant to a class of covered persons.”32 CFPA section 1024(b)(7)(A)–(C)
further authorizes the Bureau to prescribe rules to facilitate supervision and assessing and
detecting risks to consumers, as well as to ensure that supervised nonbanks “are legitimate
entities and are able to perform their obligations to consumers.”33
Under CFPA section 1024(b)(7)(A)–(C), the Bureau is requiring that certain supervised
nonbanks annually submit a written statement regarding the company’s compliance with any

12 U.S.C. 5514.

12 U.S.C. 5514(b)(1).

12 U.S.C. 5514(b)(2).

12 U.S.C. 5514(b)(2)(A).

12 U.S.C. 5514(b)(2)(B).

12 U.S.C. 5514(b)(2)(C).

12 U.S.C. 5514(b)(2)(D).

12 U.S.C. 5514(b)(2)(E).

12 U.S.C. 5514(b)(7)(A)–(C).

outstanding registered orders. The statement must be signed by a designated senior executive.
In the written statement, the attesting executive must generally describe the steps the executive
has undertaken to review and oversee the company’s activities subject to the applicable order for
the preceding calendar year. The executive must then provide an attestation regarding the
company’s compliance with the order.
The required written statement will assist the Bureau in achieving each of the statutory
objectives listed in CFPA section 1024(b)(7)(A)–(C). Therefore, each of those objectives
provides a distinct, independently sufficient basis for the final rule’s written-statement
requirements.34
First, requiring submission of an annual written statement will facilitate Bureau
supervision and the Bureau’s assessment and detection of risks to consumers. In particular, as
part of the Bureau’s risk-based supervision program, the Bureau considers supervised nonbanks’
compliance record regarding consumer protection law when prioritizing supervisory resources.
The annual written statement, including the steps taken by the executive to review and oversee
activity related to the order, will provide the CFPB valuable information in understanding how
compliance is managed at the supervised entity. The requirement will also provide valuable
information in connection with other aspects of the Bureau’s supervisory work and will assist the
Bureau’s monitoring efforts. For example, in 2022 the Bureau announced that it was increasing
its supervisory focus on repeat offenders, particularly those which violate agency or court
orders.35 As part of that focus, it created a Repeat Offender Unit within its supervision program
focused on: (i) reviewing and monitoring the activities of repeat offenders; (ii) identifying the
root cause of recurring violations; (iii) pursuing and recommending solutions and remedies that
hold entities accountable for failing to consistently comply with Federal consumer financial law;

For a more extended discussion of these matters, see part IV(D) and the section-by-section discussion of
§ 1092.204 below.
See Consumer Fin. Prot. Bureau, Supervisory Highlights: Issue 28, Fall 2022, at 2–3 (Nov. 2022),
https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-28_2022-11.pdf.
and (iv) designing a model for order review and monitoring that reduces the occurrences of
repeat offenses.36 The Repeat Offender Unit is tasked more generally with enhancing detection
of repeat offenses, developing processes for rapid review and response designed to address root
causes of violations, and recommending corrective actions designed to stop recidivist behavior.37
The Bureau believes that the annual written statement will greatly facilitate that work, among
other things.
Second, the final rule’s written-statement requirements will help ensure the company
providing the statement is a legitimate entity and is able to perform its obligations to consumers.
Information regarding a company’s compliance with outstanding orders is probative of whether
the company is willing and able to satisfy its legal obligations and of whether the company treats
potential sanctions for repeat violations of relevant consumer protection laws as a mere cost of
doing business. The written-statement requirements will also provide an incentive for supervised
nonbanks to perform their obligations to consumers by requiring supervised nonbanks to specify
which individual executives are responsible for achieving compliance with particular orders.
Publication of the identity of this executive as intended by the Bureau will enhance the incentive.
III.

Legal Authority
The Bureau is issuing this final rule pursuant to its authority under the CFPA. This

section includes a general discussion of several CFPA provisions on which the Bureau relies in
this rulemaking. Additional description of these authorities, and the final rule’s reliance on
them, is also contained in part II above and part IV below as well as in the section-by-section
analysis.
A. CFPA Section 1022(b)
CFPA section 1022(b)(1) authorizes the Bureau to prescribe rules “as may be necessary
or appropriate to enable the Bureau to administer and carry out the purposes and objectives of the

Id.

Id. at 3.

Federal consumer financial laws, and to prevent evasions thereof.”38 Among other statutes, the
CFPA—i.e., title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act (DoddFrank Act)—is a Federal consumer financial law.39 Accordingly, in issuing the final rule, the
Bureau is exercising its authority under CFPA section 1022(b) to prescribe rules that carry out
the purposes and objectives of the CFPA and prevent evasions thereof. CFPA section 1022(b)(2)
prescribes certain standards for rulemaking that the Bureau must follow in exercising its
authority under section 1022(b)(1).40 For a discussion of the Bureau’s standards for rulemaking
under CFPA section 1022(b)(2), see part VIII below.
B. CFPA Section 1022(c)(1)–(4) and (7)
The provisions of the final rule that (1) require nonbank covered persons to inform the
Bureau that they have an applicable order entered against them, (2) provide basic identifying and
administrative information and information regarding the orders (including copies of the orders),
and (3) authorize publication of this information, are authorized under CFPA sections 1022(c)(1)
through (4) and 1022(c)(7), as well as CFPA section 1022(b).41
CFPA sections 1022(c)(1)–(4) authorize the Bureau to prescribe rules to collect
information from covered persons for purposes of monitoring for risks to consumers in the
offering or provision of consumer financial products or services. The Bureau is collecting this
information to monitor, on an ongoing basis, both individual and market-wide compliance with
consumer protection laws and orders for alleged violations of those laws. The Bureau considers
violations of consumer protection laws probative of “risks to consumers in the offering and
provision of consumer financial products or services.”42 In particular, the Bureau believes that
entities subject to public orders enforcing the law relating to the offering or provision of
12 U.S.C. 5512(b)(1).

See 12 U.S.C. 5481(14) (defining “Federal consumer financial law” to include the provisions of title X of the
Dodd-Frank Act).
40

See 12 U.S.C. 5512(b)(2).

12 U.S.C. 5512(b), (c)(1)–(4), (c)(7).

12 U.S.C. 5512(c)(1).

consumer financial products and services may pose heightened and ongoing risks to consumers
in the markets for those products and services. It further believes that monitoring for such orders
will allow the Bureau to track specific instances of, and more general developments regarding,
potential corporate recidivism, which presents special risks to consumers for reasons discussed in
greater detail below. The Bureau also believes that enforcement trends, as shown by public
orders enforcing the law across consumer protection laws, jurisdictions, and markets, will
potentially shed light on risks to consumers in the offering or provision of consumer financial
products or services. Heightened enforcement could indicate areas where numerous regulators
have identified risk of harm to consumers. Conversely, the absence of enforcement in other
areas could indicate less risk to consumers, or perhaps a lack of attention by regulators that
shows a need for further monitoring.
More specifically, in order to support its rulemaking and other functions, section
1022(c)(1) of the CFPA requires the Bureau to monitor for risks to consumers in the offering or
provision of consumer financial products or services, including developments in the markets for
such products or services.43 As discussed further below at part IV(B), section 1022(c)(2) of the
CFPA authorizes the Bureau to allocate resources to perform the monitoring required by section
1022 by considering “likely risks and costs to consumers associated with buying or using a type
of consumer financial product or service,” “understanding by consumers of the risks of a type of
consumer financial product or service,” “the legal protections applicable to the offering or
provision of a consumer financial product or service, including the extent to which the law is
likely to adequately protect consumers,” “rates of growth in the offering or provision of a
consumer financial product or service,” “the extent, if any, to which the risks of a consumer
financial product or service may disproportionately affect traditionally underserved consumers,”
and “the types, number, and other pertinent characteristics of covered persons that offer or

12 U.S.C. 5512(c)(1) (“In order to support its rulemaking and other functions, the Bureau shall monitor for risks
to consumers in the offering or provision of consumer financial products or services, including developments in
markets for such products or services.”).
provide the consumer financial product or service.”44 Section 1022(c)(4)(A) of the CFPA
authorizes the Bureau to conduct the monitoring required by section 1022 by “gather[ing]
information from time to time regarding the organization, business conduct, markets, and
activities of covered persons and service providers.”45 The Bureau is authorized to gather this
information by, among other things, requiring covered persons participating in consumer
financial services markets to file annual or special reports, or answers in writing to specific
questions, that furnish information “as necessary for the Bureau to fulfill the monitoring . . .
responsibilities imposed by Congress.”46 The Bureau may require such information to be filed
“in such form and within such reasonable period of time as the Bureau may prescribe by rule or
order.”47
Section 1022(c)(7)(A) of the CFPA further authorizes the Bureau to “prescribe rules
regarding registration requirements applicable to a covered person, other than an insured
depository institution, insured credit union, or related person.”48 Section 1022(c)(7)(B) provides
that, “[s]ubject to rules prescribed by the Bureau, the Bureau may publicly disclose registration
information to facilitate the ability of consumers to identify covered persons that are registered
with the Bureau.”49 The Bureau interprets section 1022(c)(7)(B) as authorizing it to publish
registration information required by Bureau rule under section 1022(c)(7)(A) so that consumers
may identify the nonbank covered persons on which the Bureau has imposed registration
requirements.

12 U.S.C. 5512(c)(2)(A)–(F).

12 U.S.C. 5512(c)(4)(A).

12 U.S.C. 5512(c)(4)(B)(ii) (“In order to gather information described in subparagraph (A), the Bureau may . . .
require covered persons and service providers participating in consumer financial services markets to file with the
Bureau, under oath or otherwise, in such form and within such reasonable period of time as the Bureau may
prescribe by rule or order, annual or special reports, or answers in writing to specific questions, furnishing
information described in paragraph (4), as necessary for the Bureau to fulfill the monitoring, assessment, and
reporting responsibilities imposed by Congress.”).
47

12 U.S.C. 5512(c)(4)(B)(ii).

12 U.S.C. 5512(c)(7)(A).

12 U.S.C. 5512(c)(7)(B).

Finally, CFPA section 1022(c)(3) authorizes the Bureau to publicly release information
obtained pursuant to CFPA section 1022, subject to limitations specified therein.50 Specifically,
section 1022(c)(3) states that the Bureau “may make public such information obtained by the
Bureau under [section 1022] as is in the public interest, through aggregated reports or other
appropriate formats designed to protect confidential information in accordance with [specified
protections in section 1022].”51 Information submitted to the Bureau’s registry is protected by,
among other things, CFPA section 1022(c)(8), which states that “[i]n collecting information from
any person, publicly releasing information held by the Bureau, or requiring covered persons to
publicly report information, the Bureau shall take steps to ensure that proprietary, personal, or
confidential consumer information that is protected from public disclosure under [the Freedom of
Information Act, 5 U.S.C. 552(b),] or [the Privacy Act of 1974, 5 U.S.C. 552a,] or any other
provision of law, is not made public under [the CFPA].”52 The Bureau’s registry is designed to
not collect any protected proprietary, personal, or confidential consumer information, and thus,
the Bureau will not publish, or require public reporting of, any such information.
See the introduction to the section-by-section analysis of § 1092.202 for a discussion of
certain comments received by the Bureau about the discussion in the Bureau’s proposed rule53 of
the Bureau’s authorities under CFPA section 1022(b)(1)-(4) and (7).
C. CFPA Section 1024(b)
As explained above, section 1024(b) of the CFPA authorizes the Bureau to exercise
supervisory authority over certain nonbank covered persons.54 Section 1024(b)(1) requires the
See 12 U.S.C. 5512(c)(3).

12 U.S.C. 5512(c)(3)(B).

12 U.S.C. 5512(c)(8). In the remainder of this preamble, the Bureau refers to information protected from
disclosure under CFPA section 1022(c)(8) as “protected proprietary, personal, or confidential consumer
information.”
53

See 88 FR 6088 (Jan. 30, 2023). For further discussion of the Bureau’s proposed rule, see part V(C) below.

The nonbank covered persons over which the Bureau has supervisory authority are listed in section 1024(a)(1) of
the CFPA. They include covered persons that: offer or provide origination, brokerage, or servicing of loans secured
by real estate for use by consumers primarily for personal, family, or household purposes, or loan modification or
foreclosure relief services in connection with such loans; are larger participants of a market for consumer financial
Bureau to periodically require reports and conduct examinations of persons subject to its
supervisory authority to assess compliance with Federal consumer financial law, obtain
information about the activities and compliance systems or procedures of persons subject to its
supervisory authority, and detect and assess risks to consumers and to markets for consumer
financial products and services.55 Section 1024(b)(2) requires that the Bureau exercise its
supervisory authority over nonbank covered persons under section 1024(b)(1) based on its
assessment of risks posed to consumers in the relevant product markets and geographic markets,
and taking into consideration, as applicable: “(A) the asset size of the covered person; (B) the
volume of transactions involving consumer financial products or services in which the covered
person engages; (C) the risks to consumers created by the provision of such consumer financial
products or services; (D) the extent to which such institutions are subject to oversight by State
authorities for consumer protection; and (E) any other factors that the Bureau determines to be
relevant to a class of covered persons.”56
Section 1024(b)(7) of the CFPA in turn identifies three independent sources of Bureau
rulemaking authority. First, section 1024(b)(7)(A) requires the Bureau to prescribe rules to
facilitate the supervision of nonbank covered persons subject to the Bureau’s supervisory
authority and assessment and detection of risks to consumers.57 Second, section 1024(b)(7)(B)
authorizes the Bureau to require nonbank covered persons subject to its supervisory authority to
“generate, provide, or retain records for the purposes of facilitating supervision of such persons

products or services, as defined by Bureau rule; the Bureau has reasonable cause to determine, by order, that the
covered person is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or
provision of consumer financial products or services; offer or provide private education loans; or offer or provide
payday loans. 12 U.S.C. 5514(a)(1).
12 U.S.C. 5514(b)(1) provides: “The Bureau shall require reports and conduct examinations on a periodic basis of
persons described in subsection (a)(1) for purposes of—(A) assessing compliance with the requirements of Federal
consumer financial law; (B) obtaining information about the activities and compliance systems or procedures of
such person; and (C) detecting and assessing risks to consumers and to markets for consumer financial products and
services.”
56

12 U.S.C. 5514(b)(2).

12 U.S.C. 5514(b)(7)(A) (“The Bureau shall prescribe rules to facilitate supervision of persons described in
subsection (a)(1) and assessment and detection of risks to consumers.”).
and assessing and detecting risks to consumers.”58 As explained below in the introduction to the
section-by-section analysis of § 1092.204, the Bureau interprets this section as authorizing it to
require nonbank covered persons subject to its supervisory authority to “generate”—i.e.,
create59—reports regarding their activities and then “provide” them to the Bureau.
The third source of authority, CFPA section 1024(b)(7)(C), authorizes the Bureau to
prescribe rules regarding nonbank covered persons subject to its supervisory authority “to ensure
that such persons are legitimate entities and are able to perform their obligations to
consumers.”60 The Bureau interprets this section as authorizing it to prescribe substantive rules
to ensure that supervised entities are willing and able to comply with their legal, financial, and
other obligations to consumers, including those imposed by Federal consumer financial law. The
term “obligations” encompasses “anything that a person is bound to do or forbear from doing,”
including duties “imposed by law, contract, [or] promise.”61 The Bureau construes the phrase
“legitimate entities” as encompassing an inquiry into whether an entity takes seriously its duty to
“[c]omply[] with the law.”62 Legitimate entities do not presume they will break the law and treat
the risk of enforcement actions for violations of legal obligations as a mere cost of doing
business. Instead, legitimate entities work in good faith to have protocols in place aimed at
ensuring compliance with their legal obligations and detecting and appropriately addressing any
legal violations that the entity may commit.

12 U.S.C. 5514(b)(7)(B) (“The Bureau may require a person described in subsection (a)(1), to generate, provide,
or retain records for the purposes of facilitating supervision of such persons and assessing and detecting risks to
consumers.”).
See Generate, Webster’s Third New International Dictionary (1981) (defining “generate” as “to bring into
existence”).
12 U.S.C. 5514(b)(7)(C) (“The Bureau may prescribe rules regarding a person described in subsection (a)(1), to
ensure that such persons are legitimate entities and are able to perform their obligations to consumers. Such
requirements may include background checks for principals, officers, directors, or key personnel and bonding or
other appropriate financial requirements.”).
61

Obligation, Black’s Law Dictionary (11th ed. 2019).

Legitimate, Black’s Law Dictionary (11th ed. 2019) (defining “legitimate” as “[c]omplying with the law; lawful”);
see also Legitimate, Webster’s Second New International Dictionary (1934) (defining “legitimate” as “[a]ccordant
with law or with established legal forms and requirements; lawful”); Legitimate, Webster’s Third New International
Dictionary (1981) (similar).
While each of the three subparagraphs of section 1024(b)(7) discussed above operates as
independent sources of rulemaking authority, the subparagraphs also overlap in several respects,
such that a particular rule may be (and, in the case of this final rule, is) authorized by more than
one of the subparagraphs. For example, rules requiring the generation, provision, or retention of
records generally will be authorized under both subparagraphs 1024(b)(7)(A) and (B). That is so
because subparagraph 1024(b)(7)(B) makes clear that the Bureau’s authority under subparagraph
1024(b)(7)(A) to prescribe rules to facilitate supervision and assessment and detection of risks to
consumers extends to requiring covered persons subject to the Bureau’s supervisory authority “to
generate, provide or retain records for the purposes of facilitating supervision of such persons
and assessing and detecting risks to consumers.”63
See the introduction to the section-by-section analysis of § 1092.204 below for a
discussion of certain comments received by the Bureau about the proposal’s discussion of the
Bureau’s authorities under CFPA section 1024(b).
IV.

Why the Bureau Is Issuing This Final Rule

A. Overview
The Bureau is issuing this final rule to require nonbanks to report certain public agency
and court orders because the Bureau believes that not only the Bureau, but also consumers, the
public, and other potential users of the Bureau’s registry will benefit from the creation and
maintenance of a central public repository for information regarding certain public orders that
have been imposed upon nonbank covered persons.
Agency and court orders are not suggestions. They are legally binding orders intended to
prevent and remedy violations of the law. When an agency issues such an order, or seeks a court
order, it typically has determined that the problems at the applicable entity are sufficiently

12 U.S.C. 5514(b)(7)(B); see also, e.g., Barton v. Barr, 140 S. Ct. 1442, 1453 (2020) (“redundancies . . . in
statutory drafting” may reflect “a congressional effort to be doubly sure”); Atlantic Richfield Co. v. Christian, 140
S. Ct. 1335, 1350 n.5 (2020) (concluding that “Congress employed a belt and suspenders approach” in statute);
Marx v. Gen. Revenue Corp., 568 U.S. 371, 383–85 (2013) (statutory language is “not . . . superfluous if Congress
included it to remove doubt” about an issue).
serious to merit the expenditure of that agency’s limited resources and perhaps the attention of
the courts.
By establishing an effective registry for collecting public orders enforcing the law across
different sectors of entity misconduct, the final rule will allow the Bureau to more effectively
monitor for potential risks to consumers arising from both individual instances and broader
patterns of recidivism. Persons that are subject to one or more orders that would require
registration under the final rule may pose greater risks to consumers than others. And the
existence of multiple orders may serve as a particular “red flag” with respect to risks to
consumers and as a signal of potential recidivism. The existence of multiple orders may also
indicate broader problems at the entity that pose related risks to consumers—including lack of
sufficient controls related to the offering and provision of consumer financial products and
services, inadequate compliance management systems and processes, and an unwillingness or
inability of senior management to comply with laws subject to the Bureau’s jurisdiction.
The Bureau also concludes that collecting information regarding public agency and court
orders enforcing the law will help it identify broader trends related to risks to consumers in the
offering and provision of consumer financial products and services. For example, collecting this
information would inform the Bureau about enforcement activity across geographic or product
markets with respect to particular consumer protection laws, increases and decreases over time in
such activity, and many other relevant matters. Notably, by studying how laws are being
enforced across consumer protection laws, jurisdictions, and markets, the Bureau will be able to
identify indications of risks to consumers. For example, the existence of enforcement activity in
multiple jurisdictions among certain products, services, or features, or related to certain legal
requirements, or concerning certain consumer risks, could indicate areas of heightened consumer
risk that warrant further attention by regulators. Or such enforcement activity might be an
indication of appropriate attention by other regulators, which might be an indication that
applicable nonbanks are subject to adequate oversight, or that risk to consumers in certain areas

may otherwise be reduced. By contrast, the absence of enforcement activity in certain areas
could potentially indicate less risk to consumers or could be evidence of less attention by
regulators and a need to increase monitoring activities. The Bureau thus concludes that
obtaining information regarding such orders will enable it to better monitor risks to consumers in
the offering or provision of consumer financial products and services, including developments in
the markets for such products and services, under its authority at CFPA section 1022(c).64
As described further below, the Bureau intends to make a registry of these orders publicly
available. The Bureau anticipates that publishing such a registry will, among other things, allow
other regulators at the Federal, State, and local level tasked with protecting consumers to realize
many of the same market-monitoring benefits that the Bureau anticipates obtaining from this
rule. Publication will also facilitate the ability of consumers to identify the covered persons that
are registered with the Bureau. In addition, publication will enhance the ability of investors,
research organizations, firms conducting due diligence, and the media to locate, review, and
monitor orders enforcing the law.
The final rule also will assist the Bureau’s supervisory work by collecting additional
information in the form of a written statement from certain entities that are subject to the
Bureau’s supervision and examination authority. As explained in greater detail below, requiring
certain supervised entities to designate a senior executive officer with knowledge of, and control
over, the entity’s efforts to comply with each relevant order, and requiring that executive to
submit the information required to be contained in the written statement, will facilitate Bureau
supervision efforts by providing important information about the entity, helping to prioritize the
Bureau’s supervisory activities, and otherwise assisting the Bureau’s supervisory work. These
requirements will also help ensure that the relevant entities are “legitimate” and “are able to
perform their obligations to consumers” under CFPA section 1024(b)(7)(C), in part by

12 U.S.C. 5512(c).

incentivizing entities who might otherwise not take seriously their obligations to instead
endeavor to comply with consumer protection laws and by highlighting the designated senior
executive whose duties include ensuring such compliance.65
General Comments Received
This section discusses certain general comments received by the Bureau regarding the
proposal.
Various industry, consumer advocate, and other commenters generally agreed with the
Bureau’s statements in the proposal about the need for a new Bureau registry for nonbank
entities that are subject to the Bureau’s jurisdiction and that are subject to certain agency and
court orders. A consumer advocate commenter stated that the registry would be immensely
useful for the Bureau and other Federal and State regulators alike, and agreed that the proposed
registry would advance a wide variety of statutory objectives, streamline regulatory processes,
and create efficiencies that will result in greater consumer protection. An industry commenter
stated that the proposed registry would help to compile and track violations and provide a basis
from which to initiate risk-based supervision of nonbanks. Industry and consumer advocate
commenters stated that the proposed registry would appropriately respond to a dearth of
information about nonbank financial companies, including their number and type and the
practices they engage in. Consumer advocate commenters stated that the proposal would, among
other things, help unify efforts across regulators, help regulators and policymakers develop
additional reforms to consumer protection, and help prevent future financial crises.
Other commenters objected to the Bureau’s proposal on various grounds, as discussed
elsewhere in this preamble. Among other things, commenters stated the proposed registry would
be duplicative of the NMLS and overly burdensome for registered entities.

12 U.S.C. 5514(b)(7)(C).

Industry commenters stated that the Bureau should either not finalize the proposal, or
should carefully consider not finalizing the proposal, in light of the Fifth Circuit’s decision in
Consumer Financial Protection Bureau (CFPB) v. Community Financial Services Association of
America66 and the U.S. Supreme Court’s grant of the petition for certiorari in that case.67
A consumer advocate commenter stated that the Bureau should clarify in the final rule the
monetary penalties it will seek for each day of non-compliance, and that these penalties should
be large. In the commenter’s view, the failure to register as required under the final rule also
should be an aggravating factor when assessing monetary penalties against the entity for other
violations.
Response to General Comments Received
The Bureau agrees with commenters regarding the need for a new Bureau registry for
nonbank entities that are subject to the Bureau’s jurisdiction and that are subject to certain
agency and court orders. The final rule will establish a valuable Bureau registry that will provide
the Bureau and other users with important information regarding such companies and the orders
they are subject to. Comments objecting to the proposal are addressed elsewhere in this
preamble.
With respect to comments addressing the U.S. Court of Appeals for the Fifth Circuit’s
decision regarding the constitutionality of the Bureau’s funding structure, the Supreme Court has
reversed that decision, holding that the Bureau’s funding structure does not violate the
Appropriations Clause.68
The Bureau declines the consumer advocate commenter’s suggestion to establish special
rules or remedies for violation of the rule. The final rule is a Federal consumer financial law

See Cmty. Fin. Servs. Ass’n of Am., Ltd. v. CFPB, 51 F.4th 616 (5th Cir. 2022).

No. 22-448 (U.S. argued Oct. 3, 2023).

See CFPB v. Cmty. Fin. Servs. Ass’n of Am., Ltd., 601 U.S. 416 (2024).

under the CFPA.69 Violation of the final rule would be an independent violation of Federal
consumer financial law subject to enforcement as provided in the CFPA, and applicable remedies
under law, including potential civil money penalties.70
B. Why the Bureau Is Issuing a Rule to Monitor for Risks Associated with Certain Agency and
Court Orders
Requiring registration and submissions regarding certain agency and court orders as
provided in the final rule will assist the Bureau in monitoring for risks to consumers in the
offering or provision of consumer financial products or services, in accordance with CFPA
section 1022(c).71 The final rule’s requirements to submit and update information regarding such
agency and court orders related to the provision or offering of consumer financial products or
services will provide important support for a variety of Bureau functions.
As the principal Federal regulator responsible for administering the Federal consumer
financial laws, the Bureau’s ability to effectively identify and monitor for potential risks to
consumers arising out of apparent violations of core Federal and State consumer laws is
important to the Bureau achieving its statutory purposes and objectives. Such information will
help the Bureau satisfy its statutory obligation to monitor for risks to consumers in the markets
for consumer financial products and services.72 For example, the registry will enable the Bureau
to better identify an increase in the number of orders in a particular product market, in a
particular geographic market, addressing similar consumer risks, or with other common features.
The Bureau will be able to use this information to identify areas of heightened consumer risk that
warrant further attention, as well as areas that are receiving adequate attention from other

See 12 U.S.C. 5481(14) (defining term “Federal consumer financial law” as including “any rule … prescribed by
the Bureau” under the CFPA).
Violation of the final rule may also violate 12 U.S.C. 5536(a)(2), which provides that it shall be unlawful for “any
covered person or service provider to fail or refuse, as required by Federal consumer financial law, or any rule or
order issued by the Bureau thereunder—[¶] (A) to permit access to or copying of records; [¶] (B) to establish or
maintain records; or [¶] (C) to make reports or provide information to the Bureau.”
71

12 U.S.C. 5512(c).

See 12 U.S.C. 5512(c)(1).

regulators. By contrast, the absence of enforcement activity in certain areas could indicate less
risk to consumers, or it potentially could be evidence of less attention by regulators and a need to
increase monitoring and other supervisory or regulatory activities. Over time, the Bureau’s
collection and review of information under the final rule will better enable the Bureau to
evaluate, assess, and understand the relationship between such matters and the consumer risk that
is related to covered orders. Thus, this information would help to inform and prioritize the
Bureau’s other market-monitoring efforts, including research regarding particular markets and
the risks to consumers presented in such markets.73
Likewise, the Bureau’s rulemaking efforts will benefit from information about such
orders, so that the Bureau might, for example, consider drafting rules to address identified
consumer risks.74 The Bureau’s consumer response function will be informed by increased
monitoring of risks and trends, as the Bureau could direct resources or investigate risks in a
certain area or on a certain topic.75 And the Bureau may choose to direct its consumer education
efforts toward educating consumers about risks identified via the registry.76
The information that the Bureau will obtain under the final rule will also be valuable to
the Bureau in exercising its supervisory and enforcement functions.77 Among other things, the
information may be informative when the Bureau makes determinations whether a covered

See 12 U.S.C. 5511(c)(3) (identifying as one of the “primary functions of the Bureau . . . collecting, researching,
monitoring, and publishing information relevant to the functioning of markets for consumer financial products and
services to identify risks to consumers and the proper functioning of such markets”).
See 12 U.S.C. 5511(c)(5) (identifying as one of the “primary functions of the Bureau . . . issuing rules, orders, and
guidance implementing Federal consumer financial law”).
See 12 U.S.C. 5511(c)(2) (identifying as one of the “primary functions of the Bureau . . . collecting, investigating,
and responding to consumer complaints”); see also Consumer Fin. Prot. Bureau, Consumer Response Annual
Report: January 1 – December 31, 2021, at 5–8 (Mar. 2022),
https://files.consumerfinance.gov/f/documents/cfpb_2021-consumer-response-annual-report_2022-03.pdf
(describing the Bureau’s consumer-complaint process and how the Bureau uses complaint information).
See 12 U.S.C. 5511(c)(1) (identifying as one of the “primary functions of the Bureau . . . conducting financial
education programs”).
See 12 U.S.C. 5511(c)(4) (identifying as one of the “primary functions of the Bureau . . . supervising covered
persons for compliance with Federal consumer financial law, and taking appropriate enforcement action to address
violations of Federal consumer financial law”). Part IV(D) and the section-by-section discussion of § 1092.204
below contain additional discussion of how the final rule will facilitate the Bureau’s supervisory efforts.
person is engaging, or has engaged, in conduct that poses risk to consumers with regard to the
offering or provision of consumer financial products or services under CFPA section
1024(a)(1)(C), such that the Bureau may determine to subject the covered person to Bureau
supervision under that provision.78 The information contained in the registry may also be
relevant in assessing civil penalties for violations of Federal consumer financial laws, given that
Congress has provided that such penalties should take into account an entity’s “history of
previous violations” and “such other matters as justice may require.”79
Furthermore, there is a heightened likelihood that entities that are subject to public orders
enforcing the law and relating to the offering or provision of consumer financial products and
services may pose risks to consumers in the markets for those products and services, and risk of
consumer harm is a significant factor that weighs heavily in the Bureau’s decisions regarding the
general allocation of its resources. Knowledge of whether a covered person has engaged in
previous violations of consumer financial protection laws is valuable information that the Bureau
considers when evaluating the risk of consumer harm. In the Bureau’s experience, entities that
have previously been subject to enforcement actions, including those brought by local, State, and
other Federal authorities, present an increased risk of committing violations of laws subject to
the Bureau’s jurisdiction, and thus causing the additional consumer harm associated with such
violations. Prior enforcement actions are also likely to be a good indication of continuing risks
to consumers present in a particular market for consumer financial products or services. Because
the orders that would be covered by the final rule are regularly issued, modified, and terminated,
the Bureau needs to collect this information regularly and on a timely basis in order to stay
abreast of developments.

See 12 U.S.C. 5514(a)(1)(C) (authorizing Bureau orders subjecting nonbanks to supervision based upon consumer
complaints “or information from other sources”); 12 CFR part 1091 (Bureau procedural rule to establish supervisory
authority over certain nonbank covered persons based on risk determination).
See 12 U.S.C. 5565(c)(3)(D), (E). The Bureau may consider certain matters identified in orders collected under
the final rule to be relevant under these provisions.
Although referrals from and other information provided by other agencies have been
valuable to the Bureau’s work, the Bureau currently often relies on other agencies to take
proactive steps to contact it. As discussed in part IV(E) below, under the final rule, nonbanks
that are subject to agency and court orders that are published on the NMLS Consumer Access
website will have an option to notify the Bureau and provide information that will flag the
relevant order and nonbank for the Bureau’s attention. Having access to targeted information
regarding relevant orders entered against nonbanks, whether such orders are listed on the
Bureau’s own registry or available through the NMLS, will significantly increase the Bureau’s
ability to monitor markets so that the Bureau can identify, better understand, and ultimately,
prevent further consumer harm, particularly from repeat offenders.
Recidivism—whether in the form of a company that repeatedly violates the law and as a
result becomes subject to multiple orders, or in the form of a company that violates the orders to
which it is subject—poses particular risks to consumers. Companies that repeatedly violate the
law do more than just deprive consumers of protections in the marketplace; these companies may
also charge their customers more in order to cover the costs of any fines or other costs resulting
from the company’s legal violations. In other words, consumers may end up subsidizing
corporate malfeasance. When government orders fail to deter future misconduct by a company,
that company’s operations are more likely to present risk to consumers. Thus, the existence of
multiple orders may be highly probative of heightened risks to consumers in the markets for
consumer financial products and services, including the risk of noncompliance with laws subject
to the Bureau’s jurisdiction.
Collecting information about such public orders across markets and agencies as provided
in the final rule will improve the Bureau’s efforts to determine where entities, either as a group
or individually, are repeatedly violating the law. The Bureau particularly needs to be made
aware of entities that become subject to multiple orders, or that are found to be out of compliance
with existing orders, as well as of trends in such developments. Systematic or repeat violations

of the law may indicate broader problems within a market for consumer financial products and
services. Such problems might include lack of sufficient controls related to the offering and
provision of certain consumer financial products and services, inadequate compliance
management systems and processes within a set of market participants, and an unwillingness or
inability of senior management at certain entities to comply with Federal consumer financial
laws. The registry established in the final rule will provide a valuable mechanism to help ensure
that the Bureau is rapidly made aware of such repeat offenders across a range of markets and
enforcement agencies.
The Bureau believes that the registry will be especially useful with respect to the
particular nonbank markets that are subject to the Bureau’s supervision and examination
authority under CFPA section 1024(a). In those markets, the Bureau will be able to take account
of risks identified through the registry in conducting its risk-based supervisory prioritization and
enforcement work. The existence of an order that would require registration under the final rule
would be probative of a potential need for supervisory examination, to the extent that the
nonbank is subject to the Bureau’s supervision and examination authorities. Under CFPA
section 1024(b)(2), the Bureau is required to exercise its supervisory authority in a manner
designed to ensure that such exercise, with respect to persons described in CFPA section
1024(a), is based on the assessment by the Bureau of the risks posed to consumers in the relevant
product markets and geographic markets and taking into consideration the factors enumerated at
CFPA section 1024(b)(2)(A)–(E).80
Depending upon the circumstances, the Bureau may consider the existence of an order
requiring registration under the final rule to be a risk factor under these provisions for covered
persons subject to the rule. CFPA section 1024(b)(2)(C) refers to “the risks to consumers created
by the provision of such consumer financial products or services.”81 The existence of one or

12 U.S.C. 5514(a), (b)(2).

12 U.S.C. 5514(b)(2)(C).

more orders that would require registration under the final rule would be probative of such risks
to consumers because it indicates that an entity may not be willing or able to ensure compliance
with the law. CFPA section 1024(b)(2)(D) provides that the Bureau shall also take into account
“the extent to which such institutions are subject to oversight by State authorities for consumer
protection.”82 The existence of one or more orders issued or obtained by the types of State
agencies described in the final rule in connection with violations of law would provide important
and directly relevant information regarding the extent to which nonbanks are subject to oversight
by State authorities for consumer protection. CFPA section 1024(b)(2)(E) provides that the
Bureau shall also take into account “any other factors that the Bureau determines to be relevant
to a class of covered persons.”83 For the classes of covered persons subject to the final rule, the
Bureau believes that the existence of an order that would require registration under the final rule
would be a relevant factor under this statutory provision for the Bureau to take into consideration
when exercising its supervisory authorities under CFPA section 1024. Thus, for the reasons
described above, the existence of such orders would be relevant information in prioritizing and
scoping the Bureau’s supervisory activities under CFPA section 1024(b) with respect to the
markets subject to that provision.
In crafting the final rule’s requirements to register and submit certain agency and court
orders, the Bureau has considered (among others) the factors listed at CFPA section 1022(c)(2),
to the extent relevant here to the allocation of Bureau resources to perform market monitoring.
For example, the Bureau considered the “likely risks and costs to consumers associated with
buying or using a type of consumer financial product or service.”84 As discussed above, the
Bureau believes companies that violate the law, especially repeatedly, generally pose more risk

12 U.S.C. 5514(b)(2)(D).

12 U.S.C. 5514(b)(2)(E).

12 U.S.C. 5512(c)(2)(A).

to consumers. The final rule will assist the Bureau in identifying and evaluating such risks—and
their associated costs—across companies, industries, products, and regions.
The Bureau also considered the “understanding by consumers of the risks of a type of
consumer financial product or service.”85 The Bureau is concerned that consumers currently
may not adequately understand risks posed by certain institutions, including risks arising from
recidivism. With a clear window into nationwide trends and gaps in nonbank covered persons’
compliance with consumer protection laws, the Bureau can target its various functions—
including consumer education—to ensure that consumers understand the risks and associated
costs of such conduct on their use of certain consumer financial products or services.
The Bureau further considered “the legal protections applicable to the offering or
provision of a consumer financial product or service, including the extent to which the law is
likely to adequately protect consumers.”86 The final rule will enhance the Bureau’s ability to
effectively assess whether and to what extent the orders themselves, as well as other relevant
laws, in practice adequately protect consumers. Information collected in connection with the
final rule will aid the Bureau in better understanding how effectively the nation’s consumer
protection laws operate in practice, which should assist the Bureau in determining (among other
things) how best to allocate its resources to ensure consumers are adequately protected from
unlawful conduct.
The Bureau also considered “rates of growth in the offering or provision of a consumer
financial product or service.”87 Commenters expressed concern about a dearth of information
regarding nonbank financial companies and stated that nonbanks may be obtaining an increased
market share in certain markets for consumer financial products and services. The Bureau
likewise believes that at least in certain markets, there has been rapid growth in consumer

12 U.S.C. 5512(c)(2)(B).

12 U.S.C. 5512(c)(2)(C).

12 U.S.C. 5512(c)(2)(D).

offerings by nonbanks. The Bureau intends to use the information obtained under the final rule
in assessing and monitoring the rates of such growth and any associated risks, as evidenced by
information regarding relevant consumer protection orders issued against nonbanks.
The Bureau also considered “the extent . . . to which the risks of a consumer financial
product or service may disproportionately affect traditionally underserved consumers.”88 The
Bureau generally is concerned that traditionally underserved communities may be
disproportionately the target of consumer protection violations—particularly, unfair, deceptive,
or abusive acts or practices—in the offering or provision of consumer financial products or
services. The information collected should provide the Bureau with robust nationwide data to
identify and evaluate the extent to which this is the case.
Finally, the Bureau considered “the types, number, and other pertinent characteristics of
covered persons that offer or provide the consumer financial product or service.”89 For the
reasons discussed, law violator status—and especially repeat law violator status—is a highly
pertinent characteristic. The Bureau believes that risks to consumers posed by law violators
warrant market monitoring. In particular, it will provide greater visibility into nonbank covered
persons’ compliance with consumer protection laws in the offering or provision of consumer
financial products and services, in addition to more generally aiding the Bureau’s overall
understanding of nonbank covered persons and the products or services they provide.
As discussed further below in part IV(E), the Bureau is adopting a modification to the
proposed rule in order to provide an option for one-time registration of orders published on the
NMLS Consumer Access website (except for orders issued or obtained by the Bureau). The
Bureau will be notified regarding such orders and the nonbank entities that are subject to them,
and, using the information provided by the nonbank via the registry, will be able to obtain
additional information from applicable Federal, State, and local authorities, including through the

12 U.S.C. 5512(c)(2)(E).

12 U.S.C. 5512(c)(2)(F).

NMLS. Thus, the Bureau will have access to a comprehensive collection of relevant orders and
entities, accessible either through the Bureau’s registry or via the Bureau’s existing access to
NMLS and its ability to reach out to other agencies.
The Bureau has concluded that alternative means of collecting the information subject to
the final rule would be inadequate.90 For example, the Bureau considered requesting the
information on an ad hoc basis from entities that are subject to relevant orders through a Bureau
order issued pursuant to CFPA section 1022(c)(4)(B)(ii).91 However, the Bureau concludes this
alternative would be inadequate. There is no existing comprehensive list of covered persons
subject to Bureau regulation, so the Bureau would be unable to issue a standing order to such
entities to produce information. It is not clear how the Bureau would obtain this information
without issuing a rule. Also, the Bureau wishes to collect information that changes over time—
for example, information regarding new orders and changes to orders, as well as with respect to
changes in registration information. An order that required submission of information at a single
point in time—assuming that the Bureau could identify the entities to which such an order should
be addressed—would be inadequate to capture such changes in information. While the Bureau
might issue frequently recurring orders under its market-monitoring authority, such an approach
would be less reliable and predictable for all parties than a rule-based approach.
The Bureau further considered using its supervisory and examination authority to obtain
information solely from entities that are subject to that authority. However, there is no existing
comprehensive list of nonbank entities subject to Bureau supervision, so the Bureau would be
unable to issue a standing order to such entities to produce such information. Moreover, the
Bureau has concluded that collecting information from a wider range of covered persons,

For additional discussion of comments received in connection with other alternative means of collecting this
information, see the section-by-section discussion of §§ 1092.202(b) and 1092.203(a) below.
91

12 U.S.C. 5512(c)(4)(B)(ii).

including those that are not subject to the Bureau’s supervisory and examination authority, is
appropriate to achieve its market-monitoring objectives.
C. Why the Bureau Has Identified Orders Issued Under the Types of Laws Described in the
Proposal as Posing Particular Risk
The final rule prescribes registration requirements with reference to certain types of
“covered laws” that served as the basis for an applicable order. As discussed herein, the Bureau
concludes that orders issued under the types of covered laws described in the proposal are likely
to be probative of risks to consumers in the offering or provision of consumer financial products
or services, including developments in markets for such products or services.92
First, the Bureau is requiring registration in connection with orders issued under the
Federal consumer financial laws, to the extent that the violation of law found or alleged arises
out of conduct in connection with the offering or provision of a consumer financial product or
service. As explained above, numerous Federal and State agencies besides the Bureau have
authority to enforce Federal consumer financial laws. In matters where an agency other than the
Bureau has issued or obtained a final public order concluding that a covered person has violated
Federal consumer financial law, the Bureau also will generally have jurisdiction over the conduct
that resulted in that order. Requiring registration of such orders will facilitate effective market
monitoring by providing the Bureau a tool to identify and understand the nature of the risks to
consumers presented by the conduct addressed in those orders, including the risk that the conduct
might continue unabated outside of the particular jurisdiction that issued the order. For example,
such information may inform the Bureau’s supervisory or enforcement activities, as the Bureau
may consider bringing its own action in connection with the same or related conduct. Or the
conduct may be probative of a more systemic problem with one or more entities’ overall
willingness or capacity to comply with Federal consumer financial law across different product

See also the discussion of the definition of the term “covered law” in the section-by-section discussion of
§ 1092.201(c) below.
lines or aspects of their operations. Likewise, requiring registration of orders involving Federal
consumer financial law will facilitate effective market monitoring by ensuring that the Bureau
can quickly and effectively identify patterns of similar conduct across multiple nonbank covered
persons. The identification of such patterns may indicate a problem that the Bureau could best
address by engaging in rulemaking to clarify or expand available consumer protections to
address emerging consumer risk trends. It may also prompt the Bureau to use other tools, such
as consumer education, to address the identified risks.
Second, the Bureau is requiring registration of orders in connection with a violation of
any other law as to which the Bureau may exercise enforcement authority, to the extent such
violation arises out of conduct in connection with the offering or provision of a consumer
financial product or service. The Bureau may enforce certain laws other than Federal consumer
financial laws, as that term is defined in CFPA section 1002(14).93 The Bureau concludes that
the registry should collect information regarding orders issued under any law that the Bureau
may enforce, where the violation of law found or alleged arises out of conduct in connection
with the offering or provision of a consumer financial product or service. By definition, the
conduct addressed in such orders will generally fall within the scope of the Bureau’s
enforcement authority. More generally, the Bureau concludes that evidence of such conduct
could be probative of a broader risk that the entity has engaged or will engage in conduct that
may violate Federal consumer financial law. For example, violations of the Military Lending
Act, as to which the Bureau has enforcement authority, may overlap with, or be closely

See, e.g., 10 U.S.C. 987(f)(6) (authorizing Bureau enforcement of the Military Lending Act). As the Bureau has
explained in an interpretive rule, it also has authority to supervise nonbanks subject to its supervision regarding risks
to consumers arising from conduct that violates the Military Lending Act. See Bureau Interpretive Rule,
Examinations for Risks to Active-Duty Servicemembers and Their Covered Dependents, 86 FR 32723 (June 23,
2021). In this rulemaking, however, the Bureau does not need to rely on the authority described in that interpretive
rule. Instead, to the extent that the final rule would collect information regarding orders issued under laws described
in § 1092.201(c)(2) for the purpose of facilitating the Bureau’s supervisory activities, the Bureau would do so
because the Bureau believes such orders may be probative of a broader risk that an entity has engaged or will engage
in conduct that may violate Federal consumer financial law.
associated with, violations of the CFPA’s UDAAP prohibitions94 or the Truth in Lending Act,95
among other Federal consumer financial laws. In addition, in the Bureau’s experience, a
violation of one law within the Bureau’s enforcement authority may be indicative of broader
inadequacies in an entity’s compliance systems that are resulting or could result in other legal
violations, including violations of Federal consumer financial laws. Furthermore, including in
the registry orders issued under any law that the Bureau may enforce (where the violation of law
found or alleged arises out of conduct in connection with the offering or provision of a consumer
financial product or service) will further the Bureau’s objective of creating a cross-market
registry that could serve as a reference tool for use in monitoring for risks to consumers, thereby
increasing the Bureau’s ability to use the registry to monitor for patterns of risky conduct of
nonbank covered persons across entities, industries, and product offerings.
Third, the Bureau is requiring registration in connection with orders issued under the
prohibition on unfair or deceptive acts or practices under section 5 of the FTC Act, 15 U.S.C. 45,
or any rule or order issued for the purpose of implementing that prohibition, to the extent that the
violation of law found or alleged arises out of conduct in connection with the offering or
provision of a consumer financial product or service. In matters where a government agency has
reached a determination that an entity has violated section 5 of the FTC Act in connection with
the offering or provision of a consumer financial product or service, the Bureau has reason to be
concerned that the entity poses heightened risks to consumers in financial markets. For one
thing, the conduct resulting in the order may have violated Federal consumer financial law.
CFPA section 1031, for example, authorizes the Bureau to take action “to prevent a covered
person or service provider from committing or engaging in an unfair, deceptive, or abusive act or
practice under Federal law in connection with any transaction with a consumer for a consumer

15 U.S.C. 5531, 5536(a)(1)(B).

15 U.S.C. 1601 et seq.

financial product or service, or the offering of a consumer financial product or service.”96 And
CFPA section 1036(a)(1)(B) provides that “[i]t shall be unlawful” for a covered person “to
engage in any unfair, deceptive, or abusive act or practice.”97 Congress modeled the CFPA’s
prohibition of unfair or deceptive acts or practices after the similar prohibition in section 5 of the
FTC Act.98 Therefore, violations of FTC Act section 5 in connection with the provision or
offering of a consumer financial product or service are highly probative of a heightened risk that
UDAAP violations subject to the Bureau’s jurisdiction have occurred or are occurring.
Moreover, the high probative value of such orders is not simply a function of the
likelihood that underlying conduct could violate Federal consumer financial law. The Bureau
concludes that, where an entity has engaged in conduct prohibited under FTC Act section 5 in
connection with offering or providing a consumer financial product or service, there is a
significant risk that upon closer inspection of the entity’s activities it has engaged in other acts or
omissions that either violate Federal consumer financial law or otherwise present risks to
consumers in the consumer financial markets. For example, inadequacies in compliance systems
are not likely limited to a particular Federal or State consumer protection law, and compliancesystem inadequacies that result in FTC Act section 5 violations indicate a heightened risk of
similar inadequacies related to the prevention of violations of Federal consumer financial laws.
And, as described above, a registry of orders is particularly useful because a core purpose of the
Bureau’s monitoring efforts is to analyze patterns of risky conduct across entities, industries,
product offerings, and jurisdictions. Such patterns would help the Bureau identify risks to
consumers that warrant further action, such as more monitoring, increased supervisory attention
in the case of supervised persons, regulation, or consumer education.

12 U.S.C. 5531(a).

12 U.S.C. 5536(a)(1)(B).

See 15 U.S.C. 45; see also, e.g., Consumer Fin. Prot. Bureau v. ITT Educ. Servs., Inc., 219 F. Supp. 3d 878, 902–
04 (S.D. Ind. 2015).
Fourth, the Bureau is requiring registration in connection with orders issued under State
laws prohibiting unfair, deceptive, or abusive acts or practices that are identified in appendix A
to part 1092, to the extent that the violation of law found or alleged arises out of conduct in
connection with the offering or provision of a consumer financial product or service.99 State
UDAP/UDAAP laws are generally modeled after—or otherwise prohibit conduct similar to that
prohibited by—FTC Act section 5 or CFPA sections 1031 and 1036(a)(1)(B).100 Therefore,
violations of State UDAP/UDAAP law in connection with the provision or offering of a
consumer financial product or service are similarly highly probative of a heightened risk that
UDAAP violations subject to the Bureau’s jurisdiction have occurred or are occurring. In
addition, violations of State UDAP/UDAAP law may be probative of the existence of violations
of other laws within the Bureau’s jurisdiction.101
Obtaining a better understanding of entities’ compliance with State UDAP/UDAAP laws
will assist the Bureau in the assessment and detection of risks for the same general reasons
described with respect to alleged or found violations of FTC Act section 5—namely, that (i)
conduct that violates State UDAP/UDAAP prohibitions commonly also violates laws under the
Bureau’s jurisdiction; and (ii) the Bureau believes that evidence of such conduct may be highly
probative of a broader risk that the entity has engaged or will engage in similar conduct that may
violate laws within the Bureau’s jurisdiction, either as a result of a willingness to violate such
laws or a lack of sufficient protections in place to prevent violations. Registration of State

The Bureau is adopting a final version of appendix A to part 1092 with certain changes to the version in the
proposal. For a discussion of these changes to the proposal, see the section-by-section discussion of § 1092.201(c)
below.
15 U.S.C. 45; 12 U.S.C. 5531. See Request for Information on Payday Loans, Vehicle Title Loans, Installment
Loans, and Open-End Lines of Credit, 81 FR 47781, 47783 (July 22, 2016) (“In the 1960s, States began passing
their own consumer protection statutes modeled on the [Federal Trade Commission] Act to prohibit unfair and
deceptive practices.”); see also Cal. Fin. Code sec. 90009(c)(3) (providing that “the term ‘abusive’ shall be
interpreted consistent with Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010”);
Michael Greenfield, Unfairness Under Section 5 of the FTC Act and Its Impact on State Law, 46 WAYNE L. REV.
1869, 1899 (2000) (noting that “the state statutes actually were drafted and promoted by the Federal Trade
Commission, which, one supposes, had a special interest in uniform, nationwide interpretation of the standards”).
To take just one example, UDAAP violations in connection with debt-collection efforts may also violate the Fair
Debt Collection Practices Act’s prohibition against unfair, deceptive, or abusive debt-collection practices. See 15
U.S.C. 1692d–1692f.
UDAP/UDAAP orders will facilitate effective market monitoring by ensuring that the Bureau
can quickly and effectively identify patterns of risky conduct across entities, industries,
consumer financial product or service offerings, and jurisdictions. The Bureau could then decide
which Bureau functions are best suited to address the consumer risks raised by the orders.102
D. Why the Bureau Is Requiring Supervised Nonbanks to Designate Attesting Executives and
Submit Written Statements
The final rule will also require certain entities that are subject to the Bureau’s supervision
and examination authority to annually submit a written statement signed by a designated
attesting executive regarding each covered order to which they are subject. In the written
statement, the attesting executive will be required to (i) generally describe the steps that the
executive has undertaken to review and oversee the entity’s activities subject to the applicable
covered order for the preceding calendar year, and (ii) attest whether, to the executive’s
knowledge, the entity during the preceding calendar year has identified any violations or other
instances of noncompliance with any of the obligations that were imposed in a public provision
of the covered order by the applicable agency or court based on a violation of a covered law.
The final rule further requires that the entity designate as the attesting executive for each covered
order its highest-ranking duly appointed senior executive officer (or, if the entity does not have
any duly appointed officers, the highest-ranking individual charged with managerial or oversight
responsibility for the entity) whose assigned duties include ensuring the entity’s compliance with
Federal consumer financial law, who has knowledge of the entity’s systems and procedures for
achieving compliance with the covered order, and who has control over the entity’s efforts to
comply with the covered order. The Bureau intends to publish the name and title of that
executive in the public registry.

For discussion of the final rule’s requirements with respect to State laws amending or otherwise succeeding a law
identified in appendix A, and rules or orders issued by State agencies for the purpose of implementing State
UDAP/UDAAP laws, see the section-by-section discussion of § 1092.201(c) below.
The Bureau concludes these requirements will serve two sets of distinct purposes relating
to its exercise of its supervisory and examination authorities under CFPA section 1024.
First, the Bureau concludes the final rule’s requirements that certain supervised entities
(which are referred to in the rule as “supervised registered entities”) designate attesting
executives and provide written statements will facilitate the Bureau’s supervision efforts,
including its efforts to assess compliance with the requirements of Federal consumer financial
law, obtain information about supervised entities’ activities and compliance systems or
procedures, and detect and assess risks to consumers and to markets for consumer financial
products and services.103 As discussed, the existence of one or more covered orders involving a
supervised registered entity already raises red flags regarding the entity’s compliance with
Federal consumer financial law and the overall risk posed by such entity to consumers in the
offering or provision of consumer financial products and services. Submission of a written
statement regarding either compliance or noncompliance with such an order will provide the
Bureau with important additional information regarding risks to consumers that may be
associated with the order and the applicable supervised registered entity’s compliance systems
and procedures. Covered orders frequently contain provisions aimed at ensuring an entity’s
future legal compliance, such as reporting requirements, recordkeeping requirements, and
provisions requiring the entity to obtain the issuing agency’s nonobjection before adopting or
amending relevant policies and procedures. An entity’s sustained compliance with such
provisions may mitigate the continuing risks to consumers presented by the entity and thus
reduce the potential need for current supervisory activities. By contrast, an entity’s
noncompliance with the terms of an order may indicate a heightened need for current supervisory
activities. And if an entity is committing significant or repeated violations of a covered order, or

See 12 U.S.C. 5514(b)(1), (7)(A)–(B). As explained in the “legal authority” section, 12 U.S.C. 5514(b)(7)(A)
authorizes the Bureau to prescribe rules to facilitate Bureau supervision and the assessment and detection of risks to
consumers, and 12 U.S.C. 5514(b)(7)(B) authorizes the Bureau to require supervised registered entities to
“generate”—i.e., create—reports regarding their activities (including the required written statements) and then
“provide” them to the Bureau.
it is failing to take appropriate steps to address such violations and prevent their recurrence, that
may indicate that the entity lacks the protocols and institutional commitment necessary to ensure
compliance with legal obligations aimed at protecting consumers and ultimately with the Federal
consumer financial laws. Entities that fail to comply with orders enforcing the law may be at
greater risk of violating one or more laws within the Bureau’s jurisdiction. Submission of the
proposed written statements will enable the Bureau to conduct additional supervisory reviews or
to otherwise investigate the matter in order to identify any such violations and related risks.
As a result, the final rule’s written statements will be particularly relevant when
prioritizing the Bureau’s supervisory activities under CFPA section 1024(b). As discussed above
at part III(C) and below in the section-by-section discussion of § 1092.204, CFPA section
1024(b)(2) requires that the Bureau exercise its authority under CFPA section 1024(b)(1) in a
manner designed to ensure that such exercise, with respect to persons described in section
1024(a), is based on the assessment by the Bureau of certain identified risks.104 For the reasons
discussed above, the final rule’s written statements will inform the Bureau’s risk-based
prioritization of its supervisory program under CFPA section 1024(b)(2). The Bureau anticipates
that the written statements would be particularly helpful in assessing, among other things, “the
risks to consumers created by the provision of . . . consumer financial products or services” and
“the extent to which such institutions are subject to oversight by State authorities for consumer
protection.”105
The final rule’s written-statement requirements also will improve the Bureau’s ability to
conduct its supervisory and examination activities with respect to the supervised nonbank, when
it does choose to exercise its supervisory authority. The Bureau exercises its supervisory
authority with respect to supervised nonbanks for certain purposes, including assessing

12 U.S.C. 5514(a), (b)(2).

12 U.S.C. 5514(b)(2)(C)–(D). See additional discussion of the factors for risk-based supervisory prioritization in
part IV(B) above.
compliance with the requirements of Federal consumer financial law, obtaining information
about the activities and compliance systems or procedures of supervised nonbanks, and detecting
and assessing risks to consumers and markets for consumer financial products and services.106
Assessing whether entities have adequate compliance management systems in place is a longstanding and standard component of the Bureau’s examination process, and that assessment
depends in part on understanding with whom certain responsibilities lie and how a compliance
program is carried out.107 The Bureau concludes a supervised nonbank’s written statements as
required under the proposal will provide important information relevant to all of these statutory
purposes. As explained below, a supervised nonbank’s failure to comply with a relevant order
under a covered law could indicate that the entity more generally lacks the will or ability to
comply with its legal obligations, including its obligations under Federal consumer financial law.
Such noncompliance may also indicate that the entity generally lacks adequate compliance
systems or procedures, which in turn would create risks to consumers and to the markets for
consumer financial products and services that the entity participates in. Conversely, written
statements indicating that the entity had not identified any instances of noncompliance with a
relevant order would also provide the Bureau with similarly useful information about the entity’s
efforts to comply with such orders and the entity’s compliance systems and procedures related to
the entity’s offering and provision of consumer financial products and services. Thus, in cases
where the Bureau determines to exercise its supervisory authorities with respect to a supervised
nonbank required to submit written statements under the proposal, the Bureau would expect
those written statements to be of value in conducting its examination work. For example, the
Bureau may use the written statements in determining what information to require from a

12 U.S.C. 5514(b)(1).

See CFPB Supervision and Examination Manual at CMR 1 (“To maintain legal compliance, an institution must
develop and maintain a sound compliance management system…that is integrated into the overall framework for
product design, delivery, and administration across their entire product and service lifecycle.”).
supervised nonbank, in determining the content of supervisory communications and
recommendations, or in making other decisions regarding the use of its supervisory authority.108
Second, the final rule’s written-statement requirements will help ensure that supervised
registered entities “are legitimate entities and are able to perform their obligations to
consumers.”109 As discussed in part VIII below, the Bureau believes that most supervised
registered entities subject to covered orders endeavor in good faith to comply with consumer
protection laws and, accordingly, have put in place some manner of systems and procedures to
help achieve such compliance. But the Bureau also expects that other supervised registered
entities will not take their legal obligations seriously, including their obligations under Federal
consumer financial law.110 The final rule’s written-statement requirements will provide
information that would help the Bureau assess in which category a particular entity falls. If, after
reviewing a written statement, the Bureau concludes that an entity is not working in good faith to
comply with its legal obligations, that conclusion might provide grounds for prioritizing the
entity for supervisory examinations to assess its compliance with Federal consumer financial
law. The Bureau expects that the risk of such increased supervisory scrutiny will provide an
incentive for some entities to improve their compliance efforts so that they can submit a written
statement that is less likely to result in increased scrutiny from the Bureau. Thus, by making it
more difficult to quietly disregard the law, the Bureau concludes that the written-statement
requirement will likely motivate at least a few supervised entities with substandard compliance
practices to enhance their compliance efforts and comply with their legal obligations, including
their obligations under Federal consumer financial law. The Bureau likewise believes that the

As explained below in the section-by-section discussion of § 1092.204(e), the Bureau is requiring supervised
registered entities to maintain records to support their written statements. That recordkeeping requirement will
further facilitate the Bureau’s supervisory and examination activities because it will ensure the availability of
records for the Bureau to review regarding the matters addressed in the written statements.
12 U.S.C. 5514(b)(7)(C). As explained in the “legal authority” section above, 12 U.S.C. 5514(b)(7)(A), (B), and
(C) provide independent sources of rulemaking authority.
As explained above, in several cases, the Bureau has found that entities have violated prior orders that the Bureau
has issued or obtained. See supra note 7.
final rule’s requirement to designate an attesting executive with knowledge of the entity’s
systems and procedures for achieving compliance with the covered order and with control over
the efforts to comply with the covered order will likely provide an incentive to pay more
attention to the entity’s legal obligations.
To be clear, the final rule does not establish any minimum procedures or otherwise
specify the steps the attesting executive must take in order to review and oversee the supervised
registered entity’s activities. Nor does the final rule establish any minimum level of compliance
management or expectation for compliance systems and procedures at such entities, or purport to
impose any restrictions on the manner in which supervised registered entities address such
matters. However, as explained above, the Bureau expects that most supervised registered
entities will be at least somewhat hesitant to repeatedly report the absence of good faith efforts to
comply with covered orders. Also, the rule will require supervised registered entities to identify,
on an annual basis, a high-level executive with knowledge and responsibility regarding an
entity’s efforts to comply with a covered order, which will facilitate any Bureau supervisory
efforts related to the order or the matters addressed therein.
The Bureau is finalizing its preliminary findings that requiring certain supervised
nonbanks to designate attesting executives and to submit written statements relating to
compliance with reported orders will facilitate the Bureau’s supervisory efforts and better ensure
that supervised registered entities are legitimate entities and are able to perform their obligations
to consumers.
E. Why the Bureau Is Adopting an Option for One-Time Registration of Orders Published on the
NMLS Consumer Access Website
The Bureau received multiple comments on the proposal stating that the proposed
registry was redundant with existing registries and other published information, and in particular
with the NMLS. See the section-by-section analysis of § 1092.203 below for a discussion of
these comments and the Bureau’s response. Some consulting parties expressed similar concerns

during the Bureau’s interagency consultation process, as discussed in part V below. In light of
those comments and concerns, the Bureau is adopting a one-time registration option for orders
that are published on the NMLS Consumer Access website, which may be exercised at the
election of the covered nonbank. Nonbanks that exercise this option may submit a one-time
registration regarding certain agency and court orders that are published on the NMLS Consumer
Access website maintained at www.NMLSConsumerAccess.org (except for orders issued or
obtained by the Bureau), in lieu of complying with other requirements of the rule with respect to
the order. Such nonbanks will be required to submit certain limited information to the Bureau’s
nonbank registry regarding the order to enable the Bureau to identify the relevant nonbank and
order and otherwise coordinate the nonbank registry with the NMLS. Upon exercising this
option and submitting the required information about the relevant order, a nonbank will have no
further obligation under subpart B to provide information to, or update information provided to,
the Bureau’s nonbank registry regarding the order.
The one-time registration option established in the final rule will ensure that the Bureau is
informed regarding risks to consumers in the offering or provision of consumer financial
products and services, including developments in markets for such products and services, in a
manner that promotes coordination and cooperation with the States while reducing potential
burden on the companies that are required to register. This option is not available for orders that
are issued or obtained at least in part by the Bureau itself.
The one-time registration option is consistent with § 1092.102(b), which provides that in
administering the nonbank registry, the Bureau may rely on information a person previously
submitted to the nonbank registry under part 1092 and may coordinate or combine systems in
consultation with State agencies as described in CFPA sections 1022(c)(7)(C) and
1024(b)(7)(D). Those statutory provisions provide that the Bureau shall consult with State
agencies regarding requirements or systems (including coordinated or combined systems for
registration), where appropriate. As § 1092.102(b) makes clear, the Bureau may develop or rely

on such systems as part of maintaining the nonbank registry and may also rely on previously
submitted information.
F. Why the Bureau Intends to Publish Certain Information Collected Under the Registration
Requirements
The Bureau intends to publish a registry that contains certain information about nonbanks
and orders collected under the rule. However, the Bureau is reserving the option not to publish
information based on operational considerations, such as resource constraints.111
While the orders subject to the rule will already be public, information about the orders
may not be readily accessible in a comprehensive and collected manner, and some of the
information submitted to the registry may not be readily available to the public. The Bureau
intends to publish this information because it believes publication will provide benefits to the
general public, other regulators, and to consumers, and would be consistent with Federal
Government efforts to make government data assets publicly available.112 The Bureau has
authority to publish the registration information under CFPA section 1022(c)(3)(B), which
authorizes it to publish information obtained under section 1022 “as is in the public interest,”113
and under CFPA section 1022(c)(7)(B), which authorizes the Bureau to “publicly disclose
registration information to facilitate the ability of consumers to identify covered persons that are
registered with the Bureau.”114 As discussed further in the section-by-section discussion of
§ 1092.205(a) below, the Bureau finds that, except under certain circumstances, it will be in the
public interest to publish certain information collected by the nonbank registry.
A variety of Federal regulators, including the prudential regulators, as well as State
attorneys general and other State agencies, all have authority to issue orders to address legal

For additional discussion regarding the Bureau’s discretion not to publish information under § 1092.205(a), see
the section-by-section discussion of that provision below.
112

See also the discussion of these issues in the section-by-section discussion of § 1092.205 below.

12 U.S.C. 5512(c)(3)(B).

12 U.S.C. 5512(c)(7)(B).

violations in the provision or offering of consumer financial products or services. Consequently,
similar conduct may be addressed through separate orders, by separate regulators, or across
separate lines of business. Again, the orders that would be published under the proposal would
already be public. But such orders, while public, are currently subject to distinct publication
regimes. The distinct enforcement and publication regimes for the various agencies with
authority over nonbank covered persons make it more difficult for the Bureau, consumers, and
other interested parties to identify entities that engage in misconduct and repeatedly violate the
law. The final rule will address that issue by creating a registry of orders that relate to offering
or providing consumer financial products or services and the nonbanks that are subject to them.
The registry will enable users of the nonbank registry to become better informed about those
orders and nonbanks and promote transparency in the markets for consumer financial products
and services.
The Bureau recognizes that much public information about such orders already exists. In
particular, some information is available to potential users through the NMLS Consumer Access
website, which is owned and operated by the State Regulatory Registry LLC, which is a wholly
owned subsidiary of the Conference of State Bank Supervisors. In addition, the applicable
Federal and State regulators generally each publish their own orders enforcing consumer
financial law; thus, potential users may be able to access some of this information by means of
the various websites and other databases maintained by individual agencies or other multiagency
websites. And still other information is published and maintained by private actors.
As discussed in part IV(E) above and in the section-by-section discussion of § 1092.203
below, the Bureau is adopting a one-time registration option with respect to orders that are
published on the NMLS Consumer Access website, www.NMLSConsumerAccess.org (except
for orders issued or obtained by the Bureau). This option will reduce burden on eligible entities
that are subject to the rule, help avoid confusion, and promote coordination with the States in
exercising the Bureau’s nonbank registration authorities by leveraging information already

gathered and published by the States. The Bureau intends to publish certain limited information
collected under this one-time registration option for the purposes of informing users of the
registry of particular orders published on the NMLS Consumer Access website and the
applicable nonbanks subject to them. The Bureau’s registry will alert users of the NMLS that
orders have been issued against nonbanks subject to the Bureau’s jurisdiction in connection with
the offering or provision of consumer financial products or services. Where an order has been
registered with the Bureau’s registry under the option discussed in part IV(E) above, users may
also refer to the NMLS for additional information about that order, to the extent consistent with
any terms of use or other conditions of access that the NMLS’s operator may impose.
The Bureau is authorizing the establishment of its own public registry in order to provide
access to a new centralized and publicly available database containing information about
applicable nonbanks and the orders to which they are subject, specifically in connection with the
offering and provision of consumer financial products and services. While certain State
regulators provide information about certain public enforcement actions through the NMLS,
including in some cases publishing related orders on the NMLS Consumer Access website, such
information does not extend to all of the orders and all of the agencies that are addressed by the
final rule, including orders issued by Federal agencies. It is also limited to only certain industry
sectors. Therefore, there appears to be limited collective information regarding all of the orders
that have been issued by multiple regulators to particular entities across multiple product markets
and geographic markets related to consumer financial products and services. To the Bureau’s
knowledge, there is currently no public government registry at the Federal or State level for the
collection of information about such orders across the entities subject to the Bureau’s jurisdiction
(though privately maintained databases may exist). No government agency appears to maintain a
publicly available repository of such orders and other related information with respect to
particular entities as they relate to consumer financial products and services. The Bureau

believes that consumers would benefit from a registry that is maintained by the Federal
Government for the purpose of providing information regarding such orders.
The Bureau believes that there will be significant value in creating a public repository of
information related to public agency and court orders that impose obligations based on violations
of consumer protection laws, and the nonbanks under the Bureau’s jurisdiction that are subject to
them.115 Publication of certain data collected pursuant to this rule is in the public interest in a
variety of ways. By improving public transparency, the Bureau intends to mitigate recidivism
and more effectively deter unlawful behavior. Providing better tools to monitor repeat law
violators and corporate recidivism is in the public interest. Researchers will be able to use
published information to better understand the markets regulated by the Bureau and the
participants in those markets, and their efforts may result in more thorough understanding and
promote compliance with the law. Non-government entities will likewise be able to use
published information in conducting their work and in identifying potential issues and risks
affecting consumers in the markets for consumer financial protection and services. Industry can
use a public registry as a convenient source of information regarding regulator actions and trends
across jurisdictions, helping industry actors to better understand legal risks and compliance
obligations. A public registry will also provide potential investors, contractual partners, financial
firms, and others that are conducting due diligence on a registered nonbank a consolidated source
of information regarding public orders. Establishing a source for public data on entity
lawbreaking and recidivism will promote tracking and awareness of such matters by consumer
groups, trade associations, firms conducting due diligence, the media, and other parties.
Government agencies—including, but not limited to, the Bureau—will also benefit from
the public registry. While the orders that the Bureau intends to publish under the rule will
already be public, every Federal, State, and local agency with jurisdiction over a covered

See also the discussion of these issues in the section-by-section discussions of §§ 1092.202(b) and 1092.205(a)
below.
nonbank will benefit from access to a regularly maintained database providing up-to-date
information on relevant public orders that have been issued against such entities. Such
information will help agencies to detect risks to consumers, and to coordinate and maintain
consistency with the Bureau and other agencies in their enforcement strategies and approaches.
Agencies can use the published information to better identify registered nonbanks and determine
their legal structure and organization, since the registry will (subject to the option for NMLSpublished covered orders) require registered nonbanks to submit and maintain up-to-date
identifying information, including legal name and principal place of business. Also, publication
of registration information and information regarding orders will assist other agencies in
assessing the potential risks to consumers that may be posed by registered nonbanks and in
making their own determinations regarding whether to conduct examinations or investigations,
bring enforcement actions against nonbanks, or engage in other regulatory activities. For
example, a State regulator attempting to improve its assessments of consumer risk trends among
nonbank payday lenders in its State should be able to use the Bureau’s registry to identify what
other regulators of the same or similar nonbank providers or products have recently identified in
terms of such risks. In addition, the Bureau believes that many agencies would find the
published information useful in making other determinations regarding the nonbanks registered
under the proposal. For example, an agency may be able to use this information when making
determinations regarding an application or license, or to ask relevant questions regarding the
information that is published. Thus, the Bureau believes that, with access to a public Bureau
registry of these orders, those similarly tasked with protecting consumers in the markets for
consumer financial products and services would obtain many of the same powerful marketmonitoring benefits that the Bureau anticipates obtaining from this rule.116

As described in part V below, certain consulting parties confirmed to the Bureau during the interagency
consultation process that they would find the registry useful in conducting their own operations, while certain other
consulting parties stated that they would not.
In developing the proposal, the Bureau considered whether it might be better to use
confidential channels, or perhaps a private electronic portal, to exchange this information with
other government agencies. However, the Bureau believes that such an approach likely would be
impractical. Not every agency that would be able to use the information would be aware of the
need to request access to the information from the Bureau or would necessarily be able to expend
the resources to maintain access. The Bureau would need to expend its own resources to
establish and maintain such channels. And the Bureau believes that such a system would not
achieve the benefits of disclosure to consumers and the public discussed in this section.
Publication also would formally align the proposed registry with Federal Government standards
calling for publishing information online as open data.117
Consumers may also benefit from the collection and publication of the information
collected by the registry, including information about orders that are already public. At least in
certain cases, publishing information about the entity and its applicable orders in a public
registry as intended by the Bureau will potentially help certain consumers make informed
decisions regarding their choice of consumer financial products or services. As discussed at part
VIII below, the Bureau does not necessarily expect a wide group of consumers to rely routinely
on the Bureau’s registry when selecting consumer financial products or services. However, the
Bureau believes that the registry will benefit certain consumers if the information in the registry
is recirculated, compiled, or analyzed by other users such as consumer advocacy organizations,
researchers, or the media. For example, media outlets can use the registry to report which
entities have the most government orders enforcing the law against them, which would inform
consumers about such repeat offenders.
Publication of the registry as intended by the Bureau will also facilitate private
enforcement of the Federal consumer financial laws by consumers, to the extent those laws

See, e.g., Open, Public, Electronic, and Necessary Government Data Act, in title II of Public Law 115-435
(Jan. 14, 2019).
provide private rights of action, where consumers have been harmed by a registered nonbank.
Such publication will be useful in helping consumers understand the identity of a company that
has offered or provided a particular consumer financial product or service, and in determining
whether to file suit or otherwise make choices regarding how to assert their legal rights. And
availability of this information could lead consumers and other persons to report to the Bureau
instances of similar conduct for the Bureau to investigate.
Under the final rule, the Bureau will not publish the written statement submitted by a
supervised registered entity but will instead treat the written statement as Bureau confidential
supervisory information subject to the provisions of its rule on the disclosure of records and
information at 12 CFR part 1070. The Bureau does intend to publish the name and title of the
attesting executive(s) submitted by the supervised registered entity. The Bureau intends to
disclose this name and title information because it concludes that, except as described in the
section-by-section discussion of § 1092.205 below, publication of this information will be in the
public interest. In particular, it will help ensure accountability at the entity for noncompliance.
The Bureau concludes that the publication of the executive’s name and title will provide an
incentive to pay more attention to covered orders. The Bureau believes that designating an
attesting executive will prompt that executive to focus greater attention on ensuring the entity’s
compliance with a covered order, and in turn increase the likelihood of compliance. Publication
of this designation as intended by the Bureau will increase the likelihood of these effects. Such
publication of the designation will identify for other regulators (and the general public) the
highest-ranking executive at the supervised registered entity who has control over the entity’s
efforts to comply with the covered order and otherwise satisfies the rule’s designation
requirements. Just as the possibility of Bureau scrutiny of the attesting executive’s conduct is
likely to motivate the executive to devote greater attention to compliance efforts, the additional
scrutiny from others outside the Bureau will further promote compliance. Publishing the

attesting executive’s name and title thus dovetails with the supervisory goals discussed above in
part IV(D).
Publishing the name and title of the executive who has knowledge and control of the
supervised entity’s efforts to comply with the covered order, as intended by the Bureau, will
benefit users of the registry in other ways. For example, publishing this information may help
certain consumers better understand and monitor the conduct of the entities with whom they do
business, including how the company assigns responsibility for compliance with Federal
consumer financial law. Researchers, media, and other users of the information may be able to
detect trends or patterns associated with such information. Publication as intended by the Bureau
may also help whistleblowers and consumers better understand the operations and structure of
the supervised entity, such as to which department or division of the company to direct
whistleblowing complaints, information about violations, or requests for information with
respect to the covered order in order to ensure that their complaint, information, or request is
being sent to the appropriate part of the organization. Clients or other companies that do
business with the entity will also have a better understanding of which areas of the company are
affected by a covered order and who is responsible for compliance with it.
Publishing such name and title information will also facilitate coordination and
communication regarding the order between the Bureau, other government agencies, and the
nonbank entity. Other regulators, especially those that have issued orders regarding the
supervised entity, would likely benefit from understanding which executive(s) have been tasked
with ensuring compliance with their orders. And disclosure of this information would increase
transparency regarding how the Bureau processes and verifies information submitted as part of
the registry.

V.

Summary of Rulemaking Process

A. Consultation with Other Agencies in Exercising the Authorities Relied Upon in the Proposal
and Final Rule
One of the authorities cited as a basis for components of the Bureau’s proposed rule and
final rule is CFPA section 1022(c)(7), which provides that the “Bureau may prescribe rules
regarding registration requirements applicable to a covered person, other than an insured
depository institution, insured credit union, or related person.”118 Congress provided that “[i]n
developing and implementing registration requirements under [section 1022(c)(7)], the Bureau
shall consult with State agencies regarding requirements or systems (including coordinated or
combined systems for registration), where appropriate.”119 CFPA section 1024(b)(7)—the
statutory basis for the written-statement requirement—includes a similar consultation
provision.120
Accordingly, the Bureau has consulted with State agencies, including State agencies
involved in supervision of nonbanks and State agencies charged with law enforcement, in
crafting the proposal’s and final rule’s registration requirements and system. In developing the
proposal and this final rule, the Bureau considered the input it received from State agencies,
including concerns expressed regarding possible duplication between any registration system the
Bureau might build and existing registration systems.
In addition, before proposing a rule under the Federal consumer financial laws, including
CFPA sections 1022(b)–(c) and 1024(b), and during the applicable comment process, the Bureau
must consult with appropriate prudential regulators or other Federal agencies regarding

12 U.S.C. 5512(c)(7)(A).

12 U.S.C. 5512(c)(7)(C).

12 U.S.C. 5514(b)(7)(D) (“In developing and implementing requirements under this paragraph, the Bureau shall
consult with State agencies regarding requirements or systems (including coordinated or combined systems for
registration), where appropriate.”).
consistency with prudential, market, or systemic objectives administered by such agencies.121 In
developing the proposal and this final rule, the Bureau consulted with prudential regulators and
other Federal agencies and considered the input it received.
The Bureau also consulted with Tribal governments regarding this rulemaking pursuant
to CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D).122 In addition, the Bureau consulted with
tribal governments in accordance with applicable Bureau policy.123 In developing this final rule,
the Bureau considered the input of Tribal governments, including concerns tribal governments
expressed regarding maintaining Tribal sovereignty.
Each of the Bureau’s outreach efforts is discussed in turn below.
B. Pre-Proposal Outreach
The Bureau received feedback from external stakeholders in developing the notice of
proposed rulemaking. The following is a summary of that effort.
1. State agencies and Tribal governments
As required by CFPA sections 1022(c)(7) and 1024(b)(7),124 the Bureau consulted with
State agencies and Tribal governments, including agencies involved in supervision of nonbanks
and agencies charged with law enforcement, in crafting the proposed registration requirements
and registry. Among other meetings, the Bureau’s consultation efforts included presentations to
State and Tribal governments on October 13, October 20, October 27, November 3, November
10, November 17, and November 21, 2022, explaining proposals then under consideration and
requesting feedback. In addition, on October 31, 2022, Bureau staff met with State financial

12 U.S.C. 5512(b)(2)(B) (“In prescribing a rule under the Federal consumer financial laws . . . the Bureau shall
consult with the appropriate prudential regulators or other Federal agencies prior to proposing a rule and during the
comment process regarding consistency with prudential, market, or systemic objectives administered by such
agencies . . . .”).
See 12 U.S.C. 5512(c)(7)(C), 5514(b)(7)(D) (requiring consultation with “State agencies”); see also 12 U.S.C.
5481(27) (term “State” includes “any federally recognized Indian tribe, as defined by the Secretary of the Interior
under” 25 U.S.C. 5131(a)).
See Consumer Fin. Prot. Bureau, Policy for Consultation with Tribal Governments,
https://files.consumerfinance.gov/f/201304_cfpb_consultations.pdf.
124

12 U.S.C. 5512(c)(7)(C); 12 U.S.C. 5514(b)(7)(D).

regulators and staff of the Conference of State Bank Supervisors to discuss technical questions to
better understand whether and how the Bureau could combine or coordinate its proposed registry
with the NMLS.125 In developing its proposed rule, the Bureau considered the input it received
from State agencies and Tribal governments. This input included concerns State agencies
expressed regarding possible duplication between any registration system the Bureau might build
and existing registration systems. This input also included concerns Tribal governments
expressed regarding maintaining Tribal sovereignty.
2. Federal regulators
Before proposing a rule under the Federal consumer financial laws, including CFPA
sections 1022(c) and 1024(b), the Bureau must consult with appropriate prudential regulators or
other Federal agencies regarding consistency with prudential, market, or systemic objectives
administered by such agencies.126 In developing this proposal, the Bureau consulted with
prudential regulators and other Federal agencies and considered the input it received.
C. Notice of Proposed Rulemaking
On December 12, 2022, the Bureau issued its proposed rule to establish a public
registration system for nonbank covered persons subject to certain agency and court orders. The
proposal was published in the Federal Register on January 30, 2023, and the public comment
period closed on March 31, 2023.127 The Bureau received more than 60 comments on the
proposal during the comment period. Commenters included individual consumers, consumer
advocate commenters, tribes, the U.S. Small Business Administration Office of Advocacy (SBA
Office of Advocacy), industry, and others, including a joint comment letter from State regulators.
In addition, the Bureau also received three ex parte communications, one from a

In addition to the listed meetings, the Bureau participated in other meetings with one or more representatives of
State financial regulators regarding the Bureau’s proposed registry, including meetings in August and September
2022.
126

12 U.S.C. 5512(b)(2)(B).

88 FR 6088 (Jan. 30, 2023).

journalist commenter, one from a consumer advocate commenter, and another from an industry
commenter.128 Summaries of those ex parte communications are available on the public docket
for this rulemaking.129 The Bureau also received a joint comment letter from Members of
Congress related to the proposed rule, which is also available on the public docket.
Relevant information received via comment letters, as well as ex parte submissions, is
discussed above in part IV, as well as the section-by-section analysis and subsequent parts of this
document, as applicable. The Bureau considered all comments it received regarding the
proposal, made certain modifications, and is adopting the final rule set forth herein. Comments
regarding the Bureau’s impact analyses are discussed in parts VIII and IX below.
D. Further Outreach
Before finalizing a proposed rule under the Federal consumer financial laws, including
CFPA sections 1022(c) and 1024(b), the Bureau must consult with appropriate prudential
regulators or other Federal agencies regarding consistency with prudential, market, or systemic
objectives administered by such agencies.130 In developing this final rule, the Bureau consulted
with prudential regulators and other Federal agencies and considered the input it received.
As required by CFPA sections 1022(c)(7) and 1024(b)(7),131 the Bureau also consulted
with State agencies and Tribal governments, including agencies involved in supervision of
nonbanks and agencies charged with law enforcement, in crafting the registration requirements
and system.132 Among other meetings, the Bureau’s consultation efforts included presentations
to State agencies and Tribal governments on February 21, 22, and 23, 2024, explaining proposals
then under consideration and requesting feedback, as well as a meeting between representatives

See CFPB, Policy on Ex Parte Presentations in Rulemaking Proceedings, 82 FR 18687 (Apr. 21, 2017).

See https://www.regulations.gov/docket/CFPB-2022-0080.

12 U.S.C. 5512(b)(2)(B).

12 U.S.C. 5512(c)(7)(C); 12 U.S.C. 5514(b)(7)(D).

As explained above, during the rulemaking process for issuing rules under the Federal consumer financial laws,
Bureau policy is to consult with appropriate Tribal governments. See
https://files.consumerfinance.gov/f/201304_cfpb_consultations.pdf.
of the Bureau and State agencies on April 18, 2024. In developing the final rule, the Bureau
considered the public comments it received from tribes and via a joint comment letter from State
regulators, as well as the input it received from State agencies and Tribal governments during the
consultation process.
In interagency consultations, several consulting parties reasserted issues that had been
raised in the comment letters. Those comments are addressed elsewhere in the applicable
sections of this preamble.
Consistent with an approach suggested by commenters, including in a joint comment
letter submitted by a group of State regulators, the Bureau is adopting a one-time registration
option for nonbanks to submit certain information about orders published on the NMLS
Consumer Access website (except for orders issued or obtained by the Bureau), in lieu of
complying with the other requirements of the rule with respect to such orders.133
Consulting partners also raised certain additional issues that the Bureau addresses in this
section. During consultation, some consulting parties expressed concerns with aspects of the
final rule and stated that they would not use the information collected by the Bureau and
potentially published as provided in the rule.134 However, other consulting parties expressed
general support for the Bureau’s adoption of the final rule, and confirmed to the Bureau during
the interagency consultation process that they would find the registry useful in conducting their
own operations.
The Bureau satisfied all applicable statutory requirements with respect to interagency
consultations, including CFPA sections 1022(c)(7) and 1024(b)(7). As described in this section,
the Bureau engaged in oral and written discussions with State regulators as it developed the
proposal, during the notice-and-comment process, and before finalizing the rule. Throughout the

See part IV(E) and the section-by-section discussion of § 1092.203 below.

For further discussion regarding the final rule’s approach to authorizing publication of registry information by the
Bureau, including the ability of other agencies to use such information, see part IV(F) and the section-by-section
discussion of § 1092.205 below.
consultation process, it has solicited the views of State regulators regarding the combination and
coordination of systems as well as other matters relating to both the proposal and the final rule.
Some consulting parties sought further engagement with the Bureau on aspects of the
rulemaking, which the Bureau granted.
The Bureau also offered the States an opportunity to give specific, concrete feedback on
the proposed registry, including providing feedback regarding how that system might be
combined or further coordinated with other registration systems, as contemplated by CFPA
sections 1022(c)(7)(C) and 1024(b)(7)(D).
Certain consulting parties raised questions about the one-time registration option for
NMLS-published covered orders in § 1092.203, stating that any final rule should strike reporting
and registration requirements for any violations of State consumer financial laws, rules, and
agency orders. As discussed in part IV(E) above and the section-by-section discussion of
§ 1092.203 below, the Bureau concluded that the option provided under § 1092.203 is an
appropriate means of furthering the purposes of the final rule, including the final rule’s
provisions restricting the availability of that option to “NMLS-published covered orders” as that
term is defined at § 1092.201(k). For discussion of the application of the final rule to State laws
and orders, see the section-by-section discussions of § 1092.201(c) and (d) below.
Certain consulting parties urged the Bureau to exempt from its rule any nonbank entity
meeting the Small Business Administration’s definition of “small business” because, in the
consulting parties’ view, the rule would be overly expansive and particularly burdensome for
small nonbank entities not subject to Bureau supervision. As explained in parts VIII and IX
below, however, the Bureau has determined that the rule will not impose significant burdens on a
substantial number of small entities. The Bureau thus declines to exempt all small businesses
from the rule’s requirements. As explained below, however, entities with less than $5 million in
annual receipts resulting from offering or providing all consumer financial products and services

described in CFPA section 1024(a)135 are not subject to the requirements imposed in § 1092.204
of the rule.
One consulting party asserted that the final rule’s treatment of Tribal instrumentalities or
entities wholly owned by tribes was inconsistent with the treatment proposed by the Bureau in its
2023 proposed rule regarding registration of nonbanks that use certain terms and conditions.136
The Bureau disagrees with the consulting party’s characterization of its other proposal. The
present final rule does not adopt a different or narrower approach to issues related to tribally
affiliated entities than the Bureau proposed in its other proposed rule. That proposed rule, like
the present final rule, did not propose to exempt entities that are not part of the tribe itself from
its proposed registration requirements. As discussed further in the section-by-section discussion
of § 1092.201(d) below, the Bureau declines to provide an express exemption from the final rule
for Tribal instrumentalities or entities wholly owned by tribes because the Bureau does not
choose to use this rulemaking as the vehicle for determining the circumstances under which
tribally affiliated entities qualify as part of the tribe itself. As discussed in the section-by-section
discussion of §§ 1092.202(g) and 1092.204(f) below, the Bureau believes that the voluntary
good-faith filing option established in those sections of the final rule provides a satisfactory
mechanism for tribally affiliated entities to avoid the risk of an enforcement action where they
decide not to register an order or submit a written statement based on a good-faith belief that
they are not a covered nonbank or a supervised registered entity, such as on the grounds that they
qualify as part of a federally recognized tribe and thus as a “State.”
Consulting parties also expressed concerns, including confidentiality and privacy
concerns, regarding the notifications of non-registration provided for in §§ 1092.202(g) and
1092.204(f) of the final rule. As discussed in the section-by-section discussion of those sections

12 U.S.C. 5514(a).

See Registry of Supervised Nonbanks That Use Form Contracts To Impose Terms and Conditions That Seek To
Waive or Limit Consumer Legal Protections, 88 FR 6906, 6937-38 (Feb. 1, 2023).
below, the option to file notifications of non-registration under these provisions is voluntary and
does not impose any mandatory process or other obligation on tribes or any other persons. Nor
would a decision not to file a voluntary good-faith notification change or enlarge the coverage of
the rule. Certain consulting parties stated that the Bureau should adopt a more informal
mechanism for submitting such notifications, such as via electronic mail or regular mail to a
designated Bureau representative. The Bureau does not believe that eliminating the voluntary
option to file notifications of non-registration via the nonbank registry under §§ 1092.202(g) and
1092.204(f), or soliciting separate communications from persons that may wish to notify the
Bureau of the type of information that would be submitted to the Bureau under those sections of
the final rule, would improve the confidentiality or privacy of those communications. Nor would
such an informal approach enhance the efficiency or effectiveness of the nonbank registry.
Instead, such an approach would add complexity to the process of notifying the Bureau about
issues relevant to the registry and thus deter the submission of relevant information to the
Bureau. The Bureau concludes that a system-based approach to such matters will be more
efficient and effective in accomplishing the purposes of the final rule. Nor is it clear that it
would be less burdensome for either a tribe or the Bureau to engage in such informal and ad hoc
communications than it would be for the tribe to submit a succinct electronic notification of nonregistration under §§ 1092.202(g) and 1092.204(f) via the nonbank registry.
A consulting party stated that the Bureau should specify whether or not, in what level of
detail, and how the Bureau intends to make registry information publicly available. For
discussions addressing these matters, see part IV(F) and the section-by-section discussion of
§ 1092.205(a) regarding the information the Bureau intends to publish under § 1092.205(a) of
the final rule.
See the section-by-section discussion of §§ 1092.201(d), 1092.202(g), and 1092.204(f)
below for additional discussion of issues related to tribes and the notifications of non-registration
provided for in the final rule.

VI.

Section-by-Section Analysis

Part 1092
Subpart A—General
Section 1092.100 Authority and Purpose
Proposed Rule
Proposed § 1092.100(a) would have set forth the legal authority for proposed
12 CFR part 1092, including all subparts. Proposed § 1092.100 would have referred to CFPA
sections 1022(b) and (c) and 1024(b),137 which were discussed in section III of the proposal.
Proposed § 1092.100(b) would have explained that the purpose of part 1092 is to
prescribe rules regarding nonbank registration requirements, to prescribe rules concerning the
collection of information from registered entities, and to provide for public release of that
information as appropriate.
Comments Received and Final Rule
The Bureau solicited comment on proposed § 1092.100 and did not receive any
comments specifically regarding proposed § 1092.100. See part III above for a general
discussion of several CFPA provisions on which the Bureau relies in this rulemaking. The
Bureau is finalizing § 1092.100 as proposed, with minor technical changes.
Section 1092.101 General Definitions
Section 1092.101(a)
Proposed § 1092.101(a) would have defined the terms “affiliate,” “consumer,”
“consumer financial product or service,” “covered person,” “Federal consumer financial law,”
“insured credit union,” “person,” “related person,” “service provider,” and “State” as having the
meanings set forth in the CFPA, 12 U.S.C. 5481. The Bureau solicited comment on this

12 U.S.C. 5512(b), (c); 12 U.S.C. 5514(b).

proposed provision and received no comments. The Bureau is finalizing § 1092.101(a) as
proposed.
Section 1092.101(b)
Proposed § 1092.101(b) would have defined the term “Bureau” as a reference to the
Consumer Financial Protection Bureau. The Bureau solicited comment on this proposed
definition and received no comments on this proposed definition. The Bureau is finalizing
§ 1092.101(b) as proposed.
Section 1092.101(c)
Proposed § 1092.101(c) would have clarified that the terms “include,” “includes,” and
“including” throughout part 1092 would denote non-exhaustive examples covered by the
relevant provision.138 The Bureau solicited comment on proposed § 1092.101(c). No
commenters addressed proposed § 1092.101(c). The Bureau is finalizing § 1092.101(c) as
proposed. As used in the final rule, these terms should not be construed more restrictively than
the ordinary usage of such terms so as to exclude any other thing not referred to or described.139
Section 1092.101(d)
Proposed § 1092.101(d) would have defined the term “nonbank registration system” to
mean the Bureau’s electronic registration system identified and maintained by the Bureau for the
purposes of part 1092. The Bureau solicited comment on this proposed definition and received
no comments on the proposed definition.
The Bureau is finalizing § 1092.101(d) as proposed, with minor revisions to change this
term to “nonbank registry,” which as adopted in the final rule means “the Bureau’s electronic
registry identified and maintained by the Bureau for the purposes of part 1092.” The Bureau is
adopting the revised definition for stylistic reasons, with no change in meaning from the term

See, e.g., Christopher v. SmithKline Beecham Corp., 567 U.S. 142, 162 (2012) (use of “includes” indicates that
“the examples enumerated in the text are intended to be illustrative, not exhaustive”).
See 12 U.S.C. 5301(18)(A) (similarly defining the term “including” for purposes of the Dodd-Frank Act by
reference to 12 U.S.C. 1813).
“nonbank registration system” that was used in the proposed rule. The Bureau is also adopting
corresponding changes to the proposed rule to use the term “nonbank registry” instead of the
term “nonbank registration system” throughout the final rule, including at §§ 1092.102(a)
through (c); 1092.201(a); 1092.202(b), (c), (f), (g); 1092.204(d), (f); and 1092.205(a), (c) of the
final rule.
Section 1092.101(e)
Proposed § 1092.101(e) would have defined the term “nonbank registration system
implementation date” to mean, for a given requirement or subpart of part 1092, the date(s)
determined by the Bureau to commence the operations of the nonbank registration (NBR) system
in connection with that requirement or subpart. The Bureau anticipated that the nonbank
registration system implementation date with respect to proposed subpart B would occur
sometime after the effective date of the final rule and no earlier than January 2024. The Bureau
explained that the actual nonbank registration system implementation date would depend, in
significant part, upon the Bureau’s ability to develop and launch the required technical systems
that would support the submission and review of applicable filings, and on feedback provided by
commenters regarding the time registrants would need to implement proposed part 1092’s
requirements. The Bureau proposed to provide advance public notice regarding the nonbank
registration system implementation date with respect to subpart B to enable entities subject to
subpart B to prepare and submit timely filings to the NBR system. No comments addressed this
proposal.
The Bureau is finalizing § 1092.101(e) largely as proposed with two revisions as follows.
First, for stylistic reasons, the Bureau is adopting a revision to change this term to
“nonbank registry implementation date” (without any change in meaning). This revision
corresponds with the Bureau’s adoption of the term “nonbank registry” in § 1092.101(d) as
discussed above. The Bureau is also adopting corresponding changes to the proposed rule to use
the term “nonbank registry implementation date” instead of the term “nonbank registration

system implementation date” throughout the final rule, including at §§ 1092.202(b) and
1092.204(a) of the final rule.
Second, the final rule provides that the definition of the term “nonbank registry
implementation date” in § 1092.101(e) means, for a given requirement or subpart of part 1092, or
a given person or category of persons, the date(s) determined by the Bureau to commence the
operations of the nonbank registry in connection with that requirement or subpart. Thus, the
final rule clarifies that the nonbank registry implementation date may be different for different
persons or categories of persons.
Also, in connection with this change, the Bureau is adopting a new section of the final
rule at § 1092.206 that specifies the nonbank registry implementation date in connection with the
requirements of subpart B for three different categories of covered persons subject to the final
rule. While the proposal would have provided for a separate later determination by the Bureau
of the “nonbank registration system implementation date,” the Bureau concludes that specifying
the nonbank registry implementation date in the final rule will provide registrants and the Bureau
with more information and certainty regarding the timing of the launch of the registry and the
requirements imposed under the final rule. Section 1092.206 of subpart B establishes different
nonbank registry implementation dates for covered nonbanks that are larger participants in
supervised markets, other supervised nonbanks, and other covered nonbanks for registrations
under subpart B. For further information, see the section-by-section analysis of § 1092.206
below.
Section 1092.102 Submission and use of registration information
Section 1092.102(a) Filing Instructions
Proposed Rule
Proposed § 1092.102(a) would have provided that the Bureau shall specify the form and
manner for electronic filings and submissions to the NBR system that are required or made
voluntarily under part 1092. The Bureau explained that it would issue specific guidance for

filings and submissions. The Bureau anticipated that its filing instructions may, among other
things, specify information that filers must submit to verify that they have authority to act on
behalf of the entities for which they are purporting to register. The Bureau proposed to accept
electronic filings and submissions to the NBR system only and did not propose to accept paper
filings or submissions.
Proposed § 1092.102(a) also would have stated that the Bureau may provide for
extensions of deadlines or time periods prescribed by the proposed rule for persons affected by
declared disasters or other emergency situations. The Bureau explained in the proposal that such
situations could include natural disasters such as hurricanes, fires, or pandemics, and also could
include other emergency situations or undue hardships including technical problems involving
the NBR system. For example, the Bureau could defer deadlines during a presidentially declared
emergency or major disaster under the Robert T. Stafford Disaster Relief and Emergency
Assistance Act (42 U.S.C. 5121 et seq.) or a presidentially declared pandemic-related national
emergency under the National Emergencies Act (50 U.S.C. 1601 et seq.). The Bureau stated that
it would issue guidance regarding such situations.
Comments Received and Final Rule
The Bureau did not receive comments specifically about proposed § 1092.102(a). The
Bureau is finalizing § 1092.102(a) as proposed.140
Section 1092.102(b) Coordination or Combination of Systems
Proposed Rule
Proposed § 1092.102(b) would have provided that in administering the NBR system, the
Bureau may rely on information a person previously submitted to the NBR system under part
1092. This proposed section would have clarified, for example, that the registration process for
proposed subpart B may take account of information previously submitted, such as in a prior

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau’s adoption of the revised term
“nonbank registry.”
registration under subpart B or, if applicable, a registration of nonbanks that use certain terms
and conditions and related information under subpart C.
Proposed § 1092.102(b) also would have provided that in administering the NBR system,
the Bureau may coordinate or combine systems in consultation with State agencies as described
in CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D). Those statutory provisions provide that the
Bureau shall consult with State agencies regarding requirements or systems (including
coordinated or combined systems for registration), where appropriate. The Bureau sought
comment on the types of coordinated or combined systems that would be appropriate and the
types of information that could be obtained from or provided to State agencies.
Comments Received
In connection with proposed § 1092.102(b), the Bureau sought comment on the types of
coordinated or combined systems that would be appropriate under CFPA sections 1022(c)(7)(C)
and 1024(b)(7)(D) and the types of information that could be obtained from or provided to State
agencies. For a discussion of certain comments related to this topic, and the Bureau’s response
thereto, see the section-by-section discussion of § 1092.203.
A consumer advocate commenter agreed that the Bureau, in administering the NBR
system, should rely on information an entity previously submitted to the registry under part 1092
and coordinate or combine systems with State agencies, as provided in proposed § 1092.102(b).
The commenter stated that not only would this provision allow for more efficient implementation
of the registry by avoiding duplicative or redundant efforts but would also reflect the importance
of this registry to both Federal and State regulators, and that the Bureau should consider
coordination with existing State consumer financial protection agencies.
Response to Comments Received
As required by CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D) and described in part V,
the Bureau has consulted with State agencies on requirements and systems related to the nonbank
registry. The Bureau also intends to continue to consult with State agencies in implementing the

nonbank registry. Under § 1092.203, with respect to any NMLS-published covered order, a
covered nonbank that is identified by name as a party subject to the order may elect to comply
with the one-time registration option described in that section in lieu of complying with the
requirements of §§ 1092.202 and 1092.204. As discussed in the section-by-section discussion of
§ 1092.203, the Bureau is adopting this option partly in recognition of the statutory mandates to
consult with State agencies regarding combined or coordinated systems for registration in CFPA
sections 1022(c)(7)(C) and 1024(b)(7)(D).
Final Rule
For the reasons discussed above, the Bureau is finalizing § 1092.102(b) as proposed.141
Section 1092.102(c) Bureau Use of Information
Proposed Rule
Proposed § 1092.102(c) would have provided that the Bureau may use the information
submitted to the NBR system under this part to support its objectives and functions, including in
determining when to exercise its authority under CFPA section 1024 to conduct examinations
and when to exercise its enforcement powers under subtitle E of the CFPA.
The Bureau proposed to establish the NBR system under its registration and marketmonitoring rulemaking authorities under CFPA section 1022(b)(1), (c)(1)-(4) and (c)(7), and
under its supervisory rulemaking authorities under CFPA section 1024(b)(7)(A), (B), and (C).
The Bureau explained in its proposal that it intended to use the information submitted under the
NBR system to monitor for risks to consumers in the offering or provision of consumer financial
products or services, and to support all of its functions as appropriate, including its supervisory,
rulemaking, enforcement, and other functions. The Bureau stated that it may, among other
things, rely on the information submitted under part 1092 as it considers whether to initiate
supervisory activity at a particular entity, in determining the frequency and nature of its

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau’s adoption of the revised term
“nonbank registry.”
supervisory activity with respect to particular entities or markets, in prioritizing and scoping its
supervisory, examination, and enforcement activities, and otherwise in assessing and detecting
risks to consumers. In particular, the Bureau explained that it could consider this information in
developing its risk-based supervision program and in assessing the risks posed to consumers in
relevant product markets and geographic markets and the factors described in
12 U.S.C. 5514(b)(2) with respect to particular covered persons, and for enforcement
purposes.142
Proposed § 1092.102(c) also would have provided that part 1092, and registration under
that part, would not alter any applicable process whereby a person may dispute that it qualifies as
a person subject to Bureau authority. As an example of such a process, the Bureau cited in the
proposal 12 CFR 1090.103, which establishes a Bureau administrative process for assessing a
person’s status as a larger participant under CFPA section 1024(a)(1)(B) and (2) and 12 CFR
part 1090. The Bureau explained that, under proposed § 1092.102(c), a person could dispute its
status as a larger participant under 12 CFR 1090.103 notwithstanding any registration or
information submitted to the NBR system under part 1092. Submission of such a dispute
regarding larger participant status to the Bureau under 12 CFR 1090.103, including the Bureau’s
processes regarding the treatment of such disputes and the effect of any determinations regarding
the person’s supervised status, would be governed by the provisions of 12 CFR part 1090. The
Bureau explained that it could use the information provided to the NBR system in connection
with making any determination regarding a person’s supervised status under 12 CFR 1090.103,
along with the affidavit submitted by the person and other information as provided in that

See, e.g., 12 U.S.C. 5514(b)(2)(C), (D), (E) (providing that in prioritizing examinations the Bureau shall consider
“the risks to consumers created by the provision of such consumer financial products or services,” “the extent to
which such institutions are subject to oversight by State authorities for consumer protection,” and “any other factors
that the Bureau determines to be relevant to a class of covered persons”); see also, e.g., 12 U.S.C. 5565(c)(3)(D), (E)
(providing that in determining the amount of civil money penalties the Bureau shall consider “the history of previous
violations” and “such other matters as justice shall require”).
section. However, the submission of information to the NBR system would not have prevented a
person from also submitting other information under 12 CFR 1090.103.
Comments Received and Final Rule
The Bureau received no comments on proposed § 1092.102(c) and is finalizing it as
proposed.143
Section 1092.102(d) Calculation of Time Periods
The Bureau is finalizing § 1092.102(d), which the Bureau did not propose, to clarify how
dates and time periods prescribed in part 1092 are calculated.
In calculating dates and time periods, the day of the event that triggers the time period is
excluded. Every day, including intermediate Saturdays, Sundays, and Federal holidays, is
included. If any provision of part 1092 would establish a deadline for an action that is a
Saturday, Sunday, or Federal holiday, the deadline is extended to the next day that is not a
Saturday, Sunday, or Federal holiday. The clarifications for calculation of dates and time
periods apply to all such calculations in subpart B.
Section 1092.103 Severability
Proposed Rule
Proposed § 1092.103 would have provided that the provisions of the proposed rule are
separate and severable from one another, and that if any provision is stayed or determined to be
invalid, the remaining provisions shall continue in effect. As the Bureau stated in the proposal,
this is a standard severability clause of the kind that is included in many regulations to clearly
express agency intent about the course that is preferred if such events were to occur. The Bureau
explained that it carefully considered the requirements of the proposed rule, both individually
and in their totality, including their potential costs and benefits to covered persons and
consumers. The Bureau further explained that in the event a court were to stay or invalidate one

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau’s adoption of the revised term
“nonbank registry.”
or more provisions of the proposed rule as finalized, the Bureau would have wanted the
remaining portions of the rule as finalized to remain in full force and legal effect.
Comments Received and Final Rule
The Bureau received no comments on proposed § 1092.103. It is finalizing proposed
§ 1092.103 with revisions to clarify that applications of provisions are also severable. The
Bureau has carefully considered the requirements of the final rule, both individually and in their
totality, including their potential costs and benefits to covered persons and consumers. The
Bureau intends that, if any provision of this rule, or any application of a provision, is stayed or
determined to be invalid, the remaining provisions or applications are severable and shall
continue in effect.
Subpart B—Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders
Section 1092.200 Scope and Purpose
Proposed Rule
Proposed § 1092.200(a) and (b) would have described the scope and purpose of proposed
subpart B. Proposed subpart B would have required nonbank covered persons that are subject to
certain public agency and court orders enforcing the law to register with the Bureau and to
submit copies of the orders to the Bureau. It also would have described the registration
information the Bureau would make publicly available. Proposed § 1092.200(a) also explained
that subpart B would have required certain nonbank covered persons that are supervised by the
Bureau to prepare and submit an annual written statement. The requirements regarding annual
written statements were described in proposed § 1092.203.
Proposed § 1092.200(b) would have explained that the purposes of the information
collection requirements in proposed subpart B were to support Bureau functions by monitoring
for risks to consumers in the offering or provision of consumer financial products or services,
including developments in markets for such products or services, pursuant to CFPA section
1022(c)(1); to prescribe rules regarding registration requirements applicable to nonbank covered

persons, pursuant to CFPA section 1022(c)(7); and to facilitate the supervision of persons
described in CFPA section 1024(a)(1), to ensure that such persons are legitimate entities and are
able to perform their obligations to consumers, and to assess and detect risks to consumers,
pursuant to CFPA section 1024(b).
Comments Received and Final Rule
Comments addressing CFPA section 1024(b)(3) and (4)144 are addressed in the sectionby-section discussion of § 1092.202(b).145 The Bureau received no other comments specifically
addressing proposed § 1092.200.
The Bureau is finalizing § 1092.200(a) and (b) as proposed, with a revision to reflect the
Bureau’s adoption of a revised § 1092.205(a) that provides that the Bureau “may” publish the
information submitted to the nonbank registry pursuant to §§ 1092.202 and 1092.203.
Section 1092.201 Definitions
In its proposal, the Bureau sought comment on various definitions set forth in proposed
subpart B and any suggested clarifications, modifications, or alternatives.
The Bureau is finalizing a number of definitions for terms used in subpart B in
§ 1092.201. These definitions are each discussed in detail below. These definitions supplement
the general definitions for the entirety of part 1092 provided in § 1092.101.
Section 1092.201(a) Administrative Information
Proposed Rule
Proposed § 1092.201(a) would have defined the term “administrative information” to
mean contact information regarding persons subject to subpart B and other information
submitted or collected to facilitate the administration of the NBR system. The Bureau explained
that administrative information would have included information such as date and time stamps of
submissions to the NBR system, contact information for nonbank personnel involved in making

12 U.S.C. 5514(b)(3), (4).

See also the section-by-section discussion of §§ 1092.201(e) and 1092.203(a) below.

submissions, filer questions and other communications regarding submissions and submission
procedures, reconciliation or correction of errors, information submitted under proposed
§§ 1092.202(g) and 1092.203(f),146 and other information that would be submitted or collected to
facilitate the administration of the NBR system. Proposed § 1092.204(a) would have provided
that the Bureau may determine not to publish such administrative information. The Bureau
sought comment on whether any other information that might be collected through the NBR
system should also be treated as administrative information.
Comments Received
A trade association commenter stated that the proposal’s definition of “administrative
information” was unclear and thus could include a limitless breadth of information. As a result,
the commenter argued, the proposal’s estimate of the rule’s burden was inaccurate. In particular,
the commenter stated that entities would need to hire outside legal counsel in order to determine
what constitutes “administrative information.”
Several Tribal commenters commented that good-faith notifications to the Bureau under
proposed §§ 1092.202(g) and 1092.204(f) should not be published, as publishing such
notifications would invite debate and disagreement on the issues addressed in those notifications,
require the utilization of limited Tribal resources to support the tribe’s position, and invite
frivolous litigation.
Comments addressing the publication of information more generally are addressed in the
section-by-section discussion of § 1092.205 below.
Response to Comments Received
The Tribal commenters expressed concern regarding publication of information with
respect to good faith notifications submitted under proposed §§ 1092.202(g) and 1092.204(f).
Under the final rule, the Bureau will not publish under § 1092.205(a) the administrative

See discussion in the section-by-section discussion of these provisions below.

information collected under subpart B; for a discussion of this issue see the section-by-section
discussion of § 1092.205 below. In addition, in the final rule, the Bureau has codified in the text
of § 1092.201(a) its proposal to treat good faith notifications submitted under §§ 1092.202(g)
and 1092.204(f) as “administrative information.” Thus, under the final rule, the Bureau will not
publish the good faith notification information described in § 1092.201(a) under § 1092.205.
As discussed in the section-by-section discussion of § 1092.202(d) below, the Bureau is
finalizing § 1092.202(d)(2) without proposed § 1092.202(d)(2)(v), under which the Bureau
would have collected and published the names of a registered entity’s affiliates registered under
subpart B with respect to the same covered order. Under the final rule, however, the Bureau may
still collect such information under § 1092.202(c), which provides for the collection of
“administrative information.” Should the Bureau determine to collect such information
regarding affiliates, the Bureau’s filing instructions under § 1092.102(a) will categorize this
information as “administrative information,” meaning that the Bureau will not publish the
information under § 1092.205. For more information, see the section-by-section discussions of
§§ 1092.202(d) and 1092.205(a) below.
The trade association commenter expresses concern that it will not be clear to covered
nonbanks what “administrative information” they are required to submit under the rule. That
comment, however, ignores that § 1092.202(c) only requires registered entities to submit the
specific “administrative information” that is “required by” the nonbank registry, and the Bureau
has made clear that it will “specify the types of … administrative information registered entities
would be required to submit” in “filing instructions … issue[d] under … § 1092.102(a).”147
Therefore, covered nonbanks should have no need to hire outside legal counsel to ascertain what
information qualifies as “administrative information” required to be submitted under the rule.

88 FR 6088 at 6118.

Instead, the Bureau’s filing instructions will specify what categories of information covered
nonbanks must submit as “administrative information.”
Further reducing potential uncertainty, the Bureau has identified certain categories of
information that it currently intends to categorize as “administrative information” in its filing
instructions—e.g., “contact information for nonbank personnel involved in making
submissions.”148 And, as discussed above, the Bureau is also finalizing the definition to
expressly treat as “administrative information” good faith notification information submitted
under §§ 1092.202(g) and 1092.204(f). Under § 1092.201(a), any new categories of
administrative information that the Bureau might address in its filing instructions, and which
were not already discussed in the Bureau’s notice of proposed rulemaking and this preamble,
would include only contact information regarding persons subject to subpart B or other
information submitted or collected to facilitate the administration of the nonbank registry. For
example, the Bureau may require entities to comply with a login or identity-authentication
process, and the Bureau may categorize information submitted in connection with such a process
as “administrative information.”149 Submitting required administrative information should not
impose significant substantive burdens on covered nonbanks.
Final Rule
For the reasons discussed above and as follows, the Bureau is finalizing § 1092.201(a) as
proposed, with a revision to expressly include “[i]nformation submitted under §§ 1092.202(g)
and 1092.203(f)” within the definition of “administrative information.”150 The Bureau’s filing
instructions under § 1092.102(a) will also categorize this information as “administrative

88 FR 6088 at 6104.

The Bureau has retained the discretion to adjust the contents of required administrative information through filing
instructions in order to maintain the viability of the nonbank registry over time. For example, if some new form of
electronic communication were to replace email as the preferred method for business communications, the Bureau’s
filing instructions might designate as required administrative information contact information associated with that
new medium.
See also the section-by-section discussion of § 1092.101(d) above regarding the Bureau’s adoption of the revised
term “nonbank registry.”
information.” The Bureau has already identified this information as information that it intended
to categorize as “administrative information” in its filing instructions,151 but is finalizing this
provision in the text of the regulation to provide further clarity that the Bureau will treat this
information as “administrative information.” In addition to the notifications themselves, the
Bureau may also choose to collect information to facilitate the administration of the notification
process.
In addition, the Bureau does not intend to publish under § 1092.205(a) any Federal
employer identification numbers (EIN) that may be obtained from covered nonbanks. The
Bureau will not collect this information from covered nonbanks as “identifying information,” as
that term is defined at § 1092.201(g), but may determine to collect this information as
“administrative information” under § 1092.202(c). In filing instructions issued under
§ 1092.102(a), the Bureau will specify whether and how it will collect such information. The
Bureau understands that EINs are not commonly used to identify covered nonbanks in covered
orders and in related public databases that are maintained by relevant Federal, State, and local
agencies. Thus, as with other administrative information, the publication of EINs may not in all
instances be especially useful to external users of the registry, although the Bureau may find such
information useful in its administration of the nonbank registry.
Section 1092.201(b) Attesting Executive
Proposed Rule
Proposed § 1092.201(b) would have defined the term “attesting executive” to mean, with
respect to any covered order regarding a supervised registered entity, the individual designated
by the supervised registered entity to perform the supervised registered entity’s duties with
respect to the covered order under proposed § 1092.203. In the section-by-section discussion of
proposed § 1092.203, the Bureau proposed requirements regarding attesting executives.

88 FR 6088 at 6104.

Comments Received and Final Rule
The Bureau did not receive any comments specifically regarding proposed
§ 1092.201(b)’s definition of “attesting executive.” Comments addressing the proposal’s
approach to the written statement, including requirements regarding designation of attesting
executives and associated criteria for such a designation, are addressed in the section-by-section
discussion of § 1092.204 below.
The Bureau is finalizing § 1092.201(b) as proposed, with a revision to reflect the
renumbering of § 1092.204 in the final rule.
Section 1092.201(c) Covered Law
Proposed Rule
Proposed § 1092.201(c) would have defined the term “covered law” to mean one of
several types of laws, as described. The proposed term “covered law” would have been central
to defining which orders and portions of orders would be subject to the requirements of proposed
subpart B. Proposed § 1092.201(e) would have defined the term covered order to include certain
orders that impose certain obligations on a covered nonbank based on an alleged violation of a
covered law. Thus, the proposed term “covered law” would have helped determine the
application of proposed subpart B’s registration requirements.
Under the proposal, a law listed in proposed § 1092.201(c)(1) through (6) would have
qualified as a covered law only to the extent that the violation of law found or alleged arose out
of conduct in connection with the offering or provision of a consumer financial product or
service. The Bureau was interested in registering orders that relate to offering or providing
consumer financial products or services. The Bureau recognized that the laws listed in proposed
§ 1092.201(d)(1) through (6) may apply to a wide range of conduct not involving consumer
financial products or services. While the Bureau believed that reporting on such violations could
still be probative of risks to consumers in the markets for consumer financial products and
services—as misconduct in one line of business is not necessarily cabined to that line of

business—the Bureau believed that a more limited definition of covered law would strike the
right balance between ensuring that the Bureau remains adequately informed of risks to
consumers in the offering or provision of consumer financial products and services and
minimizing the potential burden of the reporting requirements on nonbank covered persons.
The proposal listed categories of laws that would have constituted “covered laws” to the
extent that the violation of law found or alleged arose out of conduct in connection with the
offering or provision of a consumer financial product or service. For the reasons discussed in
section V(C) of the proposal, the Bureau believed that orders issued under the types of covered
laws described in the proposal are likely to be probative of risks to consumers in the offering or
provision of consumer financial products or services, including developments in markets for
such products or services.
First, proposed § 1092.201(c)(1) would have defined the term “covered law” to include a
Federal consumer financial law, as that term was defined in proposed § 1092.101(a) and the
CFPA.152 The Bureau explained that it is charged with administering, interpreting, and enforcing
the Federal consumer financial laws, which include the CFPA itself, 18 enumerated consumer
laws (such as the Fair Credit Reporting Act and the Truth in Lending Act),153 and the laws for
which authorities were transferred to the Bureau under subtitles F and H of the CFPA, as well as
rules and orders issued by the Bureau under any of these laws.154
The Bureau believed that requiring registration of covered nonbanks in connection with
certain orders issued under Federal consumer financial laws would further the purposes of
proposed subpart B. As the Bureau discussed in section IV of the proposal, “to support [the
Bureau’s] rulemaking and other functions,” Congress mandated that the Bureau “shall monitor
for risks to consumers in the offering or provision of consumer financial products or services,

See 12 U.S.C. 5481(14).

See 12 U.S.C. 5481(12).

12 U.S.C. 5481(14).

including developments in markets for such products or services.”155 The Bureau noted that, in
matters where an agency other than the Bureau has issued or obtained a final public order
concluding that an entity has violated Federal consumer financial law in connection with the
offering or provision of a consumer financial product or service, the Bureau will generally have
jurisdiction over the conduct that resulted in that order. The Bureau explained that it therefore
has a clear interest in identifying and understanding the nature of the risks to consumers
presented by such conduct, including the risk that the conduct continues outside the particular
jurisdiction or in connection with other consumer financial products or services that are offered
or provided by the covered nonbank. A pattern of similar alleged or found violations of Federal
consumer financial law across multiple nonbank covered persons may indicate a problem that the
Bureau can best address by engaging in rulemaking to clarify or expand available consumer
protection to address emerging consumer risk trends, or by using other tools, such as consumer
education, to address the identified risks. And, depending on the facts and circumstances, the
Bureau may consider bringing its own supervisory or enforcement action in connection with the
same or related conduct.156 Thus, the Bureau believed that violations of the Federal consumer
financial laws, and especially repeat violations of such laws, may be probative of risks to
consumers and may indicate more systemic problems at an entity or in the relevant market
related to the offering or provision of consumer financial products or services.
Second, proposed § 1092.201(c)(2) would have defined the term “covered law” to
include any other law as to which the Bureau may exercise enforcement authority. As explained

12 U.S.C. 5512(c)(1).

The Bureau also proposed to require registration of orders that the Bureau has obtained or issued for violations of
Federal consumer financial laws. In the proposal, the Bureau explained that, while it is of course aware of such
orders, collecting all orders for violations of covered laws—including those obtained or issued by the Bureau—
within the proposed registry would benefit the Bureau, other regulators, and the general public by providing a single
point of reference for such orders. The Bureau explained that it would also benefit from receiving the written
statements required under proposed § 1092.203 with respect to orders it obtains or issues.
in section IV(C) of the proposal, the Bureau may enforce certain laws other than Federal
consumer financial laws, such as the Military Lending Act.157
The Bureau believed that the proposed registry should collect information regarding
agency and court orders issued under any law that the Bureau may enforce, where the violation
of law found or alleged arises out of conduct in connection with the offering or provision of a
consumer financial product or service. By definition, the conduct addressed in such orders
would generally fall within the scope of the Bureau’s enforcement authority. More generally, the
Bureau noted that in its experience, evidence of such conduct could be highly probative of a
broader risk that the entity has engaged or will engage in conduct that may violate Federal
consumer financial laws. For example, violations of the Military Lending Act may overlap with,
or be closely associated with, violations of the CFPA’s UDAAP prohibitions158 or the Truth in
Lending Act,159 among other Federal consumer financial laws. In addition, the Bureau noted that
a violation of one law within the Bureau’s enforcement authority may be indicative of broader
inadequacies in an entity’s compliance systems that are resulting in or could result in other legal
violations, including violations of Federal consumer financial laws. Furthermore, the Bureau
believed that including in the registry orders issued under any law that the Bureau may enforce
(where the violation of law found or alleged arises out of conduct in connection with the offering
or provision of a consumer financial product or service) would further the Bureau’s objective of
creating a registry that could serve as a single, consolidated reference tool for use in monitoring
for risks to consumers, thereby increasing the Bureau’s ability to use the registry to monitor for
patterns of risky conduct of nonbank covered persons across entities, industries, and product
offerings.

10 U.S.C. 987(f)(6) (authorizing Bureau enforcement of the Military Lending Act).

15 U.S.C. 5531, 5536(a)(1)(B).

15 U.S.C. 1601 et seq.

Third, proposed § 1092.201(c)(3) would have defined the term “covered law” to include
the prohibition of unfair or deceptive acts or practices under section 5 of the FTC Act, 15 U.S.C.
45, or any rule or order issued for the purpose of implementing that prohibition. The proposal
would not have included within the definition of “covered law” FTC Act section 5’s prohibition
of “[u]nfair methods of competition in or affecting commerce,” or rules or orders issued solely
pursuant to that prohibition.160 The Bureau explained that it expected that entities would be
aware in any specific case whether a provision of an applicable order has been issued under FTC
Act section 5’s prohibition of unfair or deceptive acts or practices (or a rule or order issued for
the purpose of implementing that prohibition), as opposed to section 5’s prohibition of “[u]nfair
methods of competition in or affecting commerce” (or a rule or order issued thereunder), and
thus whether the order provision was issued under a “covered law” or not. The Bureau
understood that orders issued in connection with violations of FTC Act section 5 routinely
distinguish between these two authorities, and that orders issued under FTC Act section 5’s
prohibition of “[u]nfair methods of competition in or affecting commerce” rarely, if ever, relate
to UDAP violations involving the offering or provision of a consumer financial product or
service.
As discussed further in section IV(C) of the proposal, the Bureau believed that an order
issued under FTC Act section 5’s prohibition of unfair or deceptive acts or practices may be
probative of violations of Federal consumer financial law, including CFPA sections 1031 and
1036(a)(1)(B).161 Because the CFPA’s prohibition of unfair or deceptive acts or practices is
modeled after FTC Act section 5’s similar prohibition,162 conduct in connection with the offering
or provision of a consumer financial product or service that constitutes a UDAP violation under
FTC Act section 5 also likely violates the CFPA’s UDAAP provisions. The Bureau also

15 U.S.C. 45(a)(1).

12 U.S.C. 5531, 5536(a)(1)(B).

See, e.g., Consumer Fin. Prot. Bureau v. ITT Educ. Servs., 219 F. Supp. 3d at 902–04.

believed that FTC Act section 5 unfairness and deception violations related to the offering or
provision of consumer financial products or services may indicate more systemic problems at an
entity that may impact the offering or provision of consumer financial products or services other
than those issues specifically identified in the order. The Bureau noted that it would need to
know about such findings so that it can assess whether the violation is indicative of a larger and
potentially more systemic problem at the covered nonbank, or potentially throughout an entire
market. And, the Bureau explained, information about such violations would inform the
Bureau’s exercise of its various rulemaking, supervisory, enforcement, consumer education, and
other functions.
“Covered law” under the proposal would have included not only FTC Act section 5, but
also any rules or orders issued for the purpose of implementing FTC Act section 5’s UDAP
prohibition.163 Section 18 of the FTC Act, 15 U.S.C. 57a, authorizes the FTC to prescribe “rules
which define with specificity acts or practices which are unfair or deceptive acts or practices in
or affecting commerce” within the meaning of FTC Act section 5(a)(1).164 These FTC rules,
which are known as “trade regulation rules,” would have been covered laws under the proposed
definition to the extent the conduct found or alleged to violate such rules relates to the offering or
provision of a consumer financial product or service. Violations of these rules generally
constitute violations of FTC Act section 5 itself.165 And the Bureau believed that, like violations
of FTC Act section 5 itself, violations of the rules issued under FTC Act section 5, where they
arise out of conduct in connection with the offering or provision of consumer financial products
or services, would likely be probative of risks to consumers and warrant attention by the Bureau.

In certain circumstances, the Bureau may enforce a rule prescribed under the FTC Act by the FTC with respect to
an unfair or deceptive act or practice. See 12 U.S.C. 5581(b)(5)(B)(ii). Such an FTC rule, where issued by the FTC
to implement FTC Act section 5, would be a covered law under the proposed definition.
164

15 U.S.C. 57a(a)(1)(B).

15 U.S.C. 57a(d)(3) (“When any rule under subsection (a)(1)(B) takes effect a subsequent violation thereof shall
constitute an unfair or deceptive act or practice in violation of section 45(a)(1) of this title, unless the Commission
otherwise expressly provides in such rule.”).
The proposed definition of “covered law” would also have included orders issued by the
FTC itself under FTC Act section 5’s UDAP prohibition, as well as by other agencies. The
Bureau believed that violations of such orders present similar risks to consumers as those
presented by violations of FTC Act section 5 and the rules issued thereunder.
Fourth, proposed § 1092.201(c)(4) would have defined the term “covered law” to include
a State law prohibiting unfair, deceptive, or abusive acts or practices that is identified in
appendix A to part 1092. Proposed appendix A provided a list of State statutes that prohibit
unfair, deceptive, or abusive acts or practices and that the Bureau had reviewed and proposed to
define as a covered law under this provision. As with the other laws described in proposed
§ 1092.201(c), a State UDAAP law would only have qualified as a covered law to the extent the
conduct found or alleged to violate the State UDAAP law relates to the offering or provision of a
consumer financial product or service. The Bureau reviewed the State statutes identified in
proposed appendix A, and as explained below, it believed that requiring registration of covered
nonbanks that are subject to covered orders issued under such statutes would likely further the
purposes of proposed subpart B.
Proposed appendix A included State laws of general applicability that prohibit unfair,
deceptive, or abusive acts or practices and that might apply to the offering or provision of
consumer financial products or services. Although the scope and content of these State laws may
vary at the margin, the Bureau explained that it believed these statutes cover a core concept of
unfairness, deception, or abusiveness that makes violations of them likely probative of risks to
consumers in the offering or provision of consumer financial products and services. These
statutes may commonly be referred to as “UDAP” or “UDAAP” statutes, or “little FTC Acts,”
and are often labeled in State statutes as State “consumer protection acts” or as laws addressing
“unfair” or “deceptive” “trade practices.” State or local agencies may use these statutes to bring
cases or actions with respect to practices that injure consumers. While these State statutes may
also authorize private suits by consumers and other persons, the proposal would have only

required registration with respect to covered orders issued at least in part in any action or
proceeding brought by any Federal agency, State agency, or local agency (as described further
below in the section-by-section discussion of § 1092.201(e)(1)(ii)).
The Bureau proposed to list these statutes in appendix A, and thus to include them in the
proposed rule’s definition of covered law, in part because these statutes are generally analogous
to CFPA sections 1031 and 1036(a)(1)(B) and FTC Act section 5.166 Several of these State
statutes specifically provide that “it is the intent of the legislature that in construing [the State
statute], the courts will be guided by the interpretations given by the Federal Trade Commission
and the Federal courts to section 5(a)(1) of the Federal Trade Commission Act,” or words to this
effect.167 The Bureau noted that obtaining a better understanding of entities’ compliance with
State UDAP/UDAAP laws would assist the Bureau in the assessment and detection of risks for
the same general reasons described with respect to alleged or found violations of FTC Act
section 5. The Bureau believed that entities that have violated one of these State statutes, and
especially repeat violators of such statutes, may pose heightened risks to consumers in the
offering or provision of consumer financial products and services, including the risk that they
have engaged, and may continue to engage, in unfair, deceptive, or abusive acts and practices in
violation of CFPA section 1031. The Bureau also explained that information identifying patterns
of such risky conduct across entities, industries, product offerings, or jurisdictions would be
highly informative to the Bureau’s monitoring work. The Bureau attempted to identify all of the
applicable State UDAP/UDAAP statutes of general applicability in appendix A of the proposal
but requested comment on whether it had comprehensively done so. The Bureau proposed to
include in appendix A all such State statutes and sought comment on any additions, subtractions,
or modifications to the State UDAP/UDAAP statutes of general applicability in appendix A.

12 U.S.C. 5531, 5536(a)(1)(B); 15 U.S.C. 45.

E.g., Mass. Gen. Laws ch. 93A, sec. 2(b); Conn. Gen. Stat. sec. 42-110b(b).

The Bureau also proposed to include in appendix A, and thus to include in the definition
of the term covered law, certain other industry-specific State statutes that prevent unfair,
deceptive, or abusive conduct in connection with certain specific consumer financial industries
or markets. For example, proposed appendix A included New York Banking Law
section 719(2), regarding prohibited practices by student loan servicers. This State statutory
provision prohibits “[e]ngag[ing] in any unfair, deceptive or predatory act or practice toward any
person or misrepresent[ing] or omit[ting] any material information in connection with the
servicing of a student loan.”168 The Bureau proposed to include this New York State law and
others like it in appendix A, to the extent that the conduct found or alleged to violate such law
relates to the offering or provision of a consumer financial product or service.
As with State UDAP/UDAAP laws of general applicability, the Bureau believed that
violation of such industry-specific State statutes that prohibit unfair, deceptive, or abusive acts or
practices in connection with consumer financial industries or markets and in connection with the
offering or provision of consumer financial products or services would be probative of potential
violations of CFPA sections 1031 and 1036, and also of other related risks to consumers within
the scope of the Bureau’s jurisdiction. The Bureau believed that omitting these industry-specific
statutes from the definition of “covered law” may cause the information submitted to the
proposed registry to be incomplete. Among other things, the Bureau understood that many State
agencies typically rely upon such industry-specific statutes to enforce prohibitions on conduct by
covered nonbanks that is similar to that prohibited under UDAP/UDAAP laws of general
applicability. Thus, the Bureau believed registration of orders issued under such State statutes
would provide information that is probative of the types of risks the Bureau believed to be
associated with orders issued under State UDAP/UDAAP laws of general applicability. The
Bureau attempted to identify applicable State UDAP/UDAAP statutes related to applicable

New York Banking Law sec. 719(2).

consumer financial industries or markets in proposed appendix A but requested comment on
whether it had comprehensively done so. The Bureau proposed to include in appendix A all such
State statutes.
The Bureau proposed to require registration of all orders issued under State laws listed in
appendix A, as long as the conduct at issue related to the offering or provision of a consumer
financial product or service, and the order satisfied the definition of “covered order” in proposed
§ 1092.201(e). The Bureau recognized that some State UDAP/UDAAP statutes listed in
appendix A may prohibit conduct that regulated entities might argue is not prohibited under
CFPA sections 1031 and 1036(a)(1)(B). For example, State UDAP/UDAAP statutes modeled
after FTC Act section 5 may include provisions that, in addition to prohibiting “unfair” and
“deceptive” conduct, also prohibit “unfair methods of competition” in connection with antitrust
or anticompetition matters. While the Bureau acknowledged that it is possible that such orders
might be less probative than other orders, the Bureau believed that limiting the scope of such
covered laws to those involving the offering or provision of consumer financial products and
services would sufficiently assure that most orders reported would be valuable in effectively
monitoring for risks to consumers in the offering or the provision of such products and services.
Moreover, the Bureau anticipated that it would not always be the case that an agency or court
order will clearly distinguish whether it is issued under State statutory provisions preventing
“unfair,” “deceptive,” or “abusive” acts and practices on the one hand, or “anticompetitive” acts
or practices on the other—especially in cases where a State statute addresses all of them. Unlike
orders issued under FTC Act section 5, it was not clear to the Bureau that orders issued under
such State laws routinely distinguish between these two types of authorities. Therefore, the
Bureau believed that attempting to carve out portions of State UDAP/UDAAP statutes that
extend beyond the conduct prohibited by CFPA sections 1031 and 1036(a)(1)(B) would be
impracticable and would risk undermining the effectiveness of the rule. The Bureau thus
proposed to define the term “covered law” by listing specific State statutes. Where a State

statute was listed in proposed appendix A and otherwise satisfied proposed § 1092.201(c), the
Bureau proposed to treat it as a covered law, regardless of whether any specific order issued
under that law expressly referred to the State law’s prohibition of “unfair,” “deceptive,” or
“abusive” acts and practices. In most cases, the Bureau anticipated that violations of the listed
State statutes that relate to the offering or provision of a consumer financial product or service
would be probative of risks to consumers within the Bureau’s jurisdiction.
The Bureau did not include laws of Tribal governments in appendix A of the proposal.
While the Bureau believed that many orders issued under such laws may be highly probative of
risks to consumers and could assist the Bureau in carrying out its market-monitoring
obligations—as well as assist the Bureau in assembling an effective nonbank registry—the
Bureau preliminarily concluded that considerations of administrative efficiency favored focusing
on other orders.
Fifth, proposed § 1092.201(c)(5) would have included in the definition of the term
“covered law” a State law amending or otherwise succeeding a law identified in appendix A, to
the extent that such law is materially similar to its predecessor, and the conduct found or alleged
to violate such law relates to the offering or provision of a consumer financial product or service.
The Bureau proposed § 1092.201(c)(5) in order to clarify that appendix A is intended to
capture certain future changes made by States to the State laws listed therein. As the Bureau
explained in the proposal, States may make immaterial changes from time to time, including
renumbering or amending the statutes listed in appendix A, in a manner that could cause
appendix A to become technically “incorrect” or “obsolete” in the view of some regulated
entities. Proposed § 1092.201(c)(5) would have made clear that is not the Bureau’s intent. To
the extent the amended or otherwise succeeding law is materially similar to its predecessor,
proposed § 1092.201(c)(5) would have ensured that it would still qualify as a “covered law.”
The proposed definition of covered law thus would have captured a successor to a law listed in

appendix A if, for example, the conduct found or alleged to violate the successor law would have
constituted a violation of the predecessor law were it still in effect.
Finally, proposed § 1092.201(c)(6) would have included in the definition of the term
“covered law” a rule or order issued by a State agency for the purpose of implementing a State
law described in proposed § 1092.201(c)(4) or (5), to the extent the conduct found or alleged to
violate such regulation relates to the offering or provision of a consumer financial product or
service. As the Bureau explained, various State statutes authorize one or more State agencies to
issue regulations implementing the terms of those statutes, thereby authorizing the State agency
to further define specific unfair, deceptive, or abusive acts or practices.169 Proposed
§ 1092.201(c)(6) would have included such State agency regulations within the meaning of the
term “covered law.”
Comments Received
A consumer advocate commenter stated that the rule should clarify that, under certain
specific circumstances, such as those involving certain misrepresentations by schools, orders
would “arise out of conduct related to consumer financial products and services” as required
under the definition of the term “covered order.”
An industry commenter stated that the registry should not require publication of orders or
decisions involving the FTC’s authority under FTC Act section 5, on the grounds that such
orders are outside the Bureau’s authority. Another industry commenter and a consumer advocate
commenter supported including orders related to violations of the prohibition of unfair or
deceptive acts or practices under FTC Act section 5, on the grounds of similarity to the CFPA’s
UDAAP prohibitions. The consumer advocate commenter also supported the inclusion of State
UDAP laws and the Military Lending Act, stating that violations of the Military Lending Act

See, e.g., Cal. Fin. Code sec. 90009(c).

may overlap with, or be closely associated with, violations of the CFPA’s UDAAP
prohibitions170 or the Truth in Lending Act.
Several commenters stated that the definition of “covered law” should not include State
laws. Commenters described the inclusion of such laws, which were included in the definition of
“covered law” at proposed § 1092.202(c)(4) through (6), as an improper attempt by the Bureau
to enforce laws that it lacks the authority to enforce or otherwise administer. In the opinion of
the commenters, requiring covered nonbanks to register and submit information regarding orders
issued under State laws would usurp the role of the appropriate State or local agency in issuing,
enforcing, publishing, and interpreting its own State laws or its own orders. Commenters stated
that the registry would lead to the Bureau adjudicating whether a covered entity was in
compliance with an order issued by another independent agency and would violate principles of
federalism. Commenters—including an industry commenter, a joint letter from State regulators,
and Members of Congress—stated that imposing the written-statement requirements described in
proposed § 1092.203 would be particularly inappropriate with respect to orders issued under
State laws for these reasons.
Commenters stated that the Bureau’s assertions that violations of State law would be
probative of risk to consumers were not supported or were highly speculative. An industry
commenter stated that the Bureau should consider whether certain State laws are subject to
Federal preemption in determining whether those laws should qualify as “covered laws.”
Industry commenters stated that including State or local laws as “covered laws” would
improperly distort or shift the focus of compliance programs, which could result in other aspects
of compliance programs becoming deprioritized, create unnecessary risks for consumers, or raise
costs that would ultimately be passed on to consumers.

15 U.S.C. 5531, 5536(a)(1)(B).

Multiple consumer advocate commenters supported including both State and Federal
laws because violations of both types of laws are probative of heightened risks to consumers and
markets. A consumer advocate commenter stated that violations of the State laws listed in the
proposal are almost certainly probative of potential violations of CFPA sections 1031 and 1036,
and that the registry would be incomplete without their inclusion.
A joint letter from State regulators commented that the Bureau should clarify whether
violations of certain administrative laws might be interpreted by the Bureau to be violations of
“covered laws.” The commenters voiced skepticism that this question could be adequately
addressed in a final rule to the extent necessary for covered nonbanks to understand their
obligations.
The notice of proposed rulemaking sought specific comment on whether to require
registration, and to list in appendix A, additional State statutes that prohibit “unconscionable”
conduct but do not also contain a specific reference to “unfair,” “deceptive,” or “abusive”
conduct. A consumer advocate commenter stated that such “unconscionability” laws should be
included, pointing to what it described as the similarity between the standards of
“unconscionability” and “unfairness” under UDAP law as recognized by courts. An industry
commenter stated that the Bureau should not include State “unconscionability” laws.
A joint comment letter from State regulators stated that proposed appendix A, which lists
State laws that are included as “covered laws” under § 1092.201(c)(4), did not adequately
represent State consumer protection efforts, and contained laws that may be inapplicable or
outdated in certain States. The comment did not specify any inapplicable or outdated State laws,
but referred to payday lending laws in States that have recently enacted usury laws that cap rates
at 36 percent. A consumer advocate commenter stated that proposed appendix A should be
expanded to include other laws, specifically the Federal Racketeer Influenced and Corrupt
Organizations Act (“RICO”) and State counterparts. This consumer advocate commenter also

stated that the rule should require that the Bureau periodically seek comment and update
appendix A. An industry commenter stated that proposed appendix A was unmanageably large.
In the notice of proposed rulemaking the Bureau specifically sought comment on whether
Tribal UDAP/UDAAP laws should be included among the list of “covered laws,” and if so,
which specific Tribal UDAP/UDAAP laws should be included in the list. A Tribal commenter
stated that proposed appendix A should be expanded to include laws that have been enacted or
may be enacted by federally recognized Indian tribes on the grounds that doing so would reflect
the status of Tribal governments as equals to State governments under the Dodd-Frank Act. The
commenter did not state which specific Tribal UDAP/UDAAP laws should be included.
Response to Comments Received
For the reasons given in the description of the proposal above, the Bureau is finalizing
§ 1092.201(c)’s requirement that a law listed in § 1092.201(c)(1) through (6) would qualify as a
covered law only to the extent that the violation of law found or alleged arises out of conduct in
connection with the offering or provision of a consumer financial product or service. The
Bureau does not choose to use the final rule as the vehicle for determining the circumstances
under which violations of covered laws arise out of conduct “in connection with the offering or
provision of a consumer financial product or service.” The term “consumer financial product or
service” has a well-established statutory definition.171 While the question of whether a legal
violation related to the offering or provision of a consumer financial product or service depends
on the particular facts and circumstances involved, the answer to that question should be clear in
most cases. The Bureau declines to provide further, general guidance on this issue in the context
of this rulemaking. If a person has a good faith basis to believe that an order issued against it
does not qualify as a “covered order” because it does not arise out of conduct in connection with
the offering or provision of a consumer financial product or service, the person could choose not

See 12 U.S.C. 5481(5); see also 12 U.S.C. 5481(15) (defining “financial product or service”).

to register that order and instead submit a notification under § 1092.202(g). As explained in the
section-by-section analysis of § 1092.202(g), in the event of a non-frivolous filing under that
provision, the Bureau would not bring an enforcement action against the person based on the
person’s failure to register the order unless the Bureau first notifies the person that the Bureau
believes registration is required and provides the person with a reasonable opportunity to comply
with § 1092.202.
The Bureau is finalizing a definition of “covered law” at § 1092.201(c)(3) that includes
the prohibition on unfair or deceptive acts or practices under FTC Act section 5, as well as any
rule or order issued for the purpose of implementing that prohibition. As described in part IV,
among other things, such orders may be probative of violations of Federal consumer financial
law, including CFPA sections 1031 and 1036(a)(1)(B). Such orders also may indicate more
systemic problems at an entity that may impact the offering or provision of consumer financial
products or services, and will inform the Bureau’s exercise of its various rulemaking,
supervisory, enforcement, consumer education, and other functions. The Bureau does not see the
force of any argument that including FTC Act section 5 in the definition of “covered law” usurps
the role of the FTC in issuing, enforcing, or interpreting the FTC’s public orders. Rather, the
Bureau’s rule is intended to collect and potentially publish information regarding such orders
where they are relevant to the Bureau’s assessment of risks to consumers within its jurisdiction,
as well as information about the covered nonbanks that are subject to such orders. The Bureau
will continue to coordinate with the FTC as required by the CFPA, including CFPA sections
1024(c)(3) and 1061(b)(5).172
The final rule requires registration in connection with orders issued under State laws
prohibiting unfair, deceptive, or abusive acts or practices that are identified in appendix A to part
1092, to the extent that the violation of law found or alleged arises out of conduct in connection

12 U.S.C. 5514(c)(3), 5581(b)(5).

with the offering or provision of a consumer financial product or service. The Bureau declines to
finalize a definition of “covered laws” that does not include State laws. The Bureau concludes,
as stated by consumer advocate commenters, that violations of both Federal and State consumer
financial laws may be probative of heightened risks for consumers and borrowers. In particular,
the Bureau concludes that orders based on violations of the State laws described in
§ 1092.202(c)(4) through (6) are likely to be probative of risk to consumers.
The final rule will not thereby empower the Bureau to enforce or interpret State laws (or
orders). In particular, the Bureau does not intend to assert any jurisdiction to enforce the State
laws described in § 1092.201(c)(4) through (6) and appendix A. For the reasons described in
more detail in part IV(C), the Bureau concludes orders based on violations of these State laws
are probative of the types of risks to consumers that the CFPA authorizes the Bureau to monitor,
but the Bureau does not assert that it may directly enforce any of these laws. Rather, the final
rule includes these State laws within the definition of “covered law” in order to define the
covered orders that will require covered nonbanks to report identifying, administrative, and order
information to the nonbank registry.
The Bureau finalizes its conclusion in the notice of proposed rulemaking173 that
collecting and registering public agency and court orders imposing obligations based upon
violations of consumer law, including applicable State laws, would assist with monitoring for
risks to consumers in the offering or provision of consumer financial products and services. The
CFPA does not confine the Bureau to monitoring or supervising for risks related to violations of
Federal consumer financial law. Neither the Bureau’s authority to monitor for risks to
consumers in the offering or provision of consumer financial products or services under 12
U.S.C. 5512(c) nor the Bureau’s supervisory authorities under 12 U.S.C. 5514 are limited solely
to assessing entities’ compliance with Federal consumer financial law. Instead, the Bureau is

88 FR 6088 at 6094-6098.

charged with monitoring for risks to consumers more broadly in the offering or provision of
consumer financial products or services, including developments in markets for such products or
services.174 In allocating its resources to perform market monitoring, the Bureau may consider
“the legal protections applicable to the offering or provision of a consumer financial product or
service, including the extent to which the law is likely to adequately protect consumers.”175 The
types of “legal protections” to be considered by the Bureau are not restricted to protections under
Federal law.
Likewise, the CFPA requires that the Bureau prioritize the use of its supervisory authority
“in a manner designed to ensure that such exercise … is based upon the assessment by the
Bureau of the risks posed to consumers in the relevant product markets and geographic
markets.”176 In addition, the Bureau is tasked with requiring reports and conducting
examinations under 12 U.S.C. 5514 for purposes not just of “assessing compliance with the
requirements of Federal consumer financial law,”177 but also of “obtaining information about the
activities and compliance systems and procedures of” persons described in 12 U.S.C. 5514(a)178
and “detecting and assessing risks to consumers and to markets for consumer financial products
and services.”179 And the CFPA authorizes the Bureau to issue rules under 12 U.S.C.
5514(b)(7)(A) to “facilitate supervision of persons described in [12 U.S.C. 5514(a)(1)] and
assessment and detection of risks to consumers,” and under 12 U.S.C. 5514(b)(7)(B) “for the
purposes of facilitating supervision of such persons and assessing and detecting risks to
consumers.” None of these provisions state or even imply that the Bureau may not collect
information regarding orders issued under State law that are probative of risks to consumers in

See 12 U.S.C. 5512(c)(1).

12 U.S.C. 5512(c)(2)(C).

12 U.S.C. 5514(b)(2). See the discussion of this provision in parts II, III, and IV(B) above.

12 U.S.C. 5514(b)(1)(A).

12 U.S.C. 5514(b)(1)(B).

12 U.S.C. 5514(b)(1)(C).

the offering or provision of consumer financial products and services within the scope of the
Bureau’s jurisdiction. The Bureau has its own expertise and authorities with respect to such
risks. The Bureau needs to collect information regarding such risks as relevant to its own
purposes and the exercise of its own powers as provided under Federal law.
The imposition of § 1092.204’s written-statement requirements in connection with orders
issued under State UDAP/UDAAP laws is similarly appropriate and will further the purposes of
those requirements, as described in part IV(D) above and the section-by-section discussion of
§ 1092.204 below. Violations of such orders may be probative of heightened risks for
consumers and borrowers that are relevant to the Bureau’s exercise of its supervisory authority;
thus, for the reasons discussed in part IV(D) above and the section-by-section discussion of
§ 1092.204 below, the written-statement requirements will facilitate the Bureau’s supervision of
supervised registered entities subject to such orders. The information collected under § 1092.204
regarding risks to consumers that may be associated with the orders, including potential
violations of CFPA sections 1031 and 1036, and the applicable supervised registered entity’s
compliance systems and procedures will be relevant to the Bureau’s supervisory authority even
where those risks are associated with orders issued under State UDAP/UDAAP laws. In
addition, for the reasons discussed in part IV(D) above and the section-by-section discussion
below, § 1092.204’s requirements with respect to orders issued under State UDAP/UDAAP laws
will also help ensure that supervised registered entities are legitimate entities and are able to
perform their obligations to consumers. Contrary to commenters’ suggestions, the Bureau is not
adopting the written-statement requirements to administer or enforce State laws or orders issued
under such laws, but rather to further its statutory purposes under CFPA section 1024(b)(7)(A)(C) with respect to risks to consumers that are relevant under Federal law, that are associated
with entities that are subject to the Bureau’s supervisory and examination authority under CFPA
section 1024(a), and that arise in connection with the offering or provision of consumer financial
products and services subject to the Bureau’s jurisdiction.

The Bureau concludes that the final rule will not result in the Bureau usurping the role of
any State or local agency in issuing, enforcing, or interpreting State law or orders issued or
obtained by a State or local agency. Nor will the final rule violate principles of federalism or
lead to the Bureau supplanting the proper role of State or other regulators with respect to such
orders. The final rule requires that covered nonbanks submit identifying information and other
specified information related to such orders, but the Bureau’s collection of that information via
the nonbank registry will not interfere with any State or local agency’s own actions related to
enforcement of such orders.180 To the contrary, the Bureau concludes that including the State
laws described in § 1092.201(c)(4) through (6) within the definition of “covered law” will
promote interagency coordination and cooperation among the various Federal, State, and local
agencies that have an interest in financial consumer protection because the Bureau intends to
establish under the rule a public, up-to-date, and easily accessible and searchable registry that
contains relevant and useful information about covered orders and the covered nonbanks that are
subject to them.
As discussed in part IV and in this section-by-section discussion, violations of covered
laws are likely to be probative of the type of risk to consumers the Bureau is tasked with
monitoring. The Bureau does not intend to utilize the final rule or the nonbank registry
established under subpart B as a mechanism to opine regarding the proper application of any
particular State law to covered nonbanks or any legal defenses, such as preemption, that might
have been available to a covered nonbank. The Bureau concludes that, where all of the criteria
established by the rule for registration of a covered order have been met, including that an
applicable agency or court has issued or obtained a final and otherwise covered order against a

See 12 U.S.C. 5551(a)(1) (“This title, other than sections 1044 through 1048, may not be construed as annulling,
altering, or affecting, or exempting any person subject to the provisions of this title from complying with, the
statutes, regulations, orders, or interpretations in effect in any State, except to the extent that any such provision of
law is inconsistent with the provisions of this title, and then only to the extent of the inconsistency.”) (emphasis
added); see also 12 U.S.C. 5552(d)(1) (“No provision of this section shall be construed as altering, limiting, or
affecting the authority of a State attorney general or any other regulatory or enforcement agency or authority to
bring an action or other regulatory proceeding arising solely under the law in effect in that State.”).
covered nonbank based on one or more violations by the covered nonbank of a State law
described at § 1092.201(c)(4) through (6), registration in connection with that covered order
would serve the purposes of the rule. If a covered nonbank believes in good faith that any
particular order is not a covered order, it may submit a notification under §§ 1092.202(g) and
1092.204(f).
The Bureau concludes that the final rule will not cause covered nonbanks to pay
inappropriate attention to compliance with the types of State laws identified at § 1092.201(c)(4)
through (6).181 First, an entity can (and should) comply with the law whether or not the Bureau
is monitoring it, and other agencies also monitor compliance with covered orders issued or
obtained under these State laws. Thus, covered nonbanks should already be dedicating
appropriate resources to ensure compliance with such State laws, and the Bureau does not agree
that the registration components of the rule will distort compliance programs, lead to compliance
programs becoming deprioritized, or lead to related additional risks or costs for consumers.
Likewise, were the Bureau to publish the information collected as described under § 1092.205,
the Bureau does not believe such publication would provide an inappropriate incentive to
dedicate unnecessary resources to compliance with these State laws. By definition, the covered
orders that would be made available on the registry are already published or required to be
published (§ 1092.201(e) and (m)); therefore, republication of those orders on the nonbank
registry by the Bureau will not provide a meaningful incentive to covered nonbanks to reallocate
their compliance resources.
Second, even if a covered nonbank were to view the final rule as a reason to dedicate
additional resources to complying with the State laws described at § 1092.201(c)(4) through (6),
With respect to one commenter’s reference to “local laws,” § 1092.201(c)’s definition of “covered law” refers to
specific types of Federal and State laws but does not include any laws issued by local agencies. Therefore, an order
that imposes applicable obligations on the covered nonbank based solely on alleged violations of a law issued by a
local agency that does not qualify as a “covered law” under § 1092.201(c) would not satisfy § 1092.201(e)(1)(iv),
and therefore would not be a “covered order” under the final rule. However, an order issued by a local agency (as
that term is defined at § 1092.201(i)) under a State law that did qualify as a “covered law” under § 1092.201(c)(4)
through (6) might constitute a “covered order” under § 1092.201(e) if the other elements of that provision were also
satisfied.
so much the better. Enhanced compliance with those State laws, while not a goal of the final
rule, will also likely reduce risk to consumers in the offering or provision of consumer financial
products and services within the scope of the Bureau’s jurisdiction. The Bureau does not agree
that it should refrain from collecting or publishing information that may help it monitor for risks
to consumers on the grounds that its efforts might also have the ancillary benefit of inducing
covered nonbanks to comply with the described State consumer protection laws.
The proposal’s requirements to submit information in connection with covered orders
were specific to the proposal and were not intended to impose any requirements on a covered
nonbank’s compliance management system or any of the covered nonbank’s internal affairs, or
to require any particular approach of allocating responsibility for complying with covered orders
or with the law generally. The Bureau understands that compliance management at covered
nonbanks will likely be managed differently from entity to entity and that compliance
management systems will and should be adapted to a covered nonbank’s business strategy and
operations. The proposal did not purport to impose any restrictions on the manner in which
covered nonbanks address such matters.
The final rule clearly establishes which laws are “covered laws.” The Bureau has
reviewed the State laws described in appendix A to part 1092 and has assessed whether they are
probative of risk to consumers and otherwise should be included in appendix A at this time.
State laws that are not listed in appendix A to part 1092 and not otherwise described at
§ 1092.201(c)(4) through (6) are not covered laws under the final rule. Therefore, commenters’
concerns that the Bureau might treat as covered laws certain State “administrative” or other laws
not described in § 1092.201(c)(4) through (6) are misplaced. As provided at § 1092.202(e)(4),
an order that does not impose obligations that are described in § 1092.202(e)(3) on the covered
nonbank based on an alleged violation of a “covered law” is not a “covered order” under the
final rule. But an order that does impose such obligations based on a violation of a covered law
may fall under § 1092.202(e)(3), even if the State agency issued its order under authority granted

by other provisions of law. Additional discussion regarding when obligations are imposed
“based on” violations of a covered law is contained in the section-by-section discussion of
§ 1092.201(e) below.
Commenters did not provide any citations for specific State laws that should either be
added to or deleted from appendix A to part 1092. However, the Bureau has reviewed appendix
A as proposed and is finalizing an appendix A to part 1092 that contains both additions and
deletions from the version proposed. The Bureau is listing these additional statutes in appendix
A, and thus including them in the final rule’s definition of covered law, for the reasons discussed
in the description of the proposal above with respect to the inclusion of other State laws in the
proposed appendix A. As with the State laws that were included in the version of appendix A
contained in the proposed rule, the Bureau believes that violation of the additional State
UDAP/UDAAP laws included in the final appendix A to part 1092 that prohibit unfair,
deceptive, or abusive acts or practices in connection with consumer financial industries or
markets and in connection with the offering or provision of consumer financial products or
services would be probative of potential violations of CFPA sections 1031 and 1036, and also of
other related risks to consumers within the scope of the Bureau’s jurisdiction. The Bureau
believes that omitting these industry specific statutes from the definition of “covered law” may
cause the information submitted to the proposed registry to be incomplete.
The Bureau is also finalizing several minor revisions to appendix A to part 1092 in order
to correct several clerical errors in the proposed rule, such as duplicate listings, and to reflect
certain changes to the State laws, such as the renumbering and repeal of certain provisions.
Other than these revisions, the Bureau declines to finalize other changes to appendix A at
this time. The Bureau concludes appendix A to the final rule, as revised from the proposal in the
ways discussed above, is appropriate and is not so large as to be unusable or unwieldy. Covered
nonbanks should be able to quickly refer to appendix A in order to help determine whether any
particular State law is a “covered law.”

As the Bureau indicated in the notice of proposed rulemaking, orders based on conduct
that violates State unconscionability laws may be probative of risk to consumers. But the Bureau
declines at this time to include State unconscionability laws in appendix A to the final rule.
Likewise, the Bureau declines at this time to include RICO laws in appendix A to the final rule.
And the Bureau also declines to include in appendix A State payday lending laws imposing
usury limits. Violations of State unconscionability, RICO, and usury laws may be indicative of
risk to consumers within the Bureau’s jurisdiction, especially in situations where the applicable
violation of law found or alleged arises out of conduct in connection with the offering or
provision of a consumer financial product or service. But unlike the State UDAP/UDAAP laws
included in appendix A, State unconscionability, RICO, and usury laws are generally not
modeled after FTC Act section 5 or CFPA sections 1031 and 1036(a)(1)(B), and the Bureau at
this time has not determined whether such laws, as a class, are generally sufficiently similar in
scope to FTC Act section 5 or CFPA sections 1031 and 1036(a)(1)(B) to warrant inclusion in
appendix A. Considering RICO laws in particular, they often prohibit a wide range of criminal
activity, including kidnapping, robbery, and dealing in narcotic drugs.182 The Bureau is
concerned that including such laws as “covered laws” would result in an overinclusive and thus
less useful and more burdensome registry.
Also, as the Bureau indicated in the notice of proposed rulemaking, orders based on
conduct that violates certain Tribal laws may be probative of risk to consumers. But the Bureau
declines at this time to include such Tribal laws in appendix A to the final rule. The Bureau
finalizes its preliminary conclusion in the proposal183 that considerations of administrative
efficiency favor focusing on other orders.
The Bureau intends to monitor the orders submitted under the final rule and may
determine at a later date to expand appendix A to include the categories of laws discussed above

See, e.g., 18 U.S.C. 1961.

See 88 FR 6088 at 6107.

or other laws. The Bureau also agrees that it may prove useful to periodically review and update
appendix A in order to enhance the usefulness and effectiveness of the nonbank registry and the
information it collects. However, the Bureau declines to adopt such a requirement in the final
rule obligating itself to do so. Among other things, such a requirement is unnecessary and would
complicate the Bureau’s administration of the nonbank registry.
Comments regarding the scope of the written-statement requirements are addressed in the
section-by-section discussion of § 1092.204 below.
Final Rule
For the reasons set forth above, the Bureau is finalizing § 1092.201(c) as proposed, with
minor technical edits. In addition, for the reasons described above, the Bureau is finalizing
appendix A to part 1092 with several changes from the proposed version. Section
1092.201(c)(4) defines the term “covered law” to include a State law prohibiting unfair,
deceptive, or abusive acts or practices that is identified in appendix A.
Section 1092.201(d) Covered Nonbank
Proposed Rule
The proposal would have defined the term “covered nonbank” to mean a covered
person184 that does not fall into one of five categories. First, the Bureau proposed to exclude
from the definition insured depository institutions, insured credit unions, or related persons. The
Bureau considered proposing to collect information about relevant orders in place against such
persons under its authority to issue rules mandating collection of information set forth in CFPA
section 1022(c)(4)(B)(ii). While the Bureau noted that it might at some point consider collecting
or publishing the information described in the proposal from such persons, the Bureau believed

As provided in proposed § 1092.101(a), the proposal would have defined the term “covered person” to have the
same meaning as in 12 U.S.C. 5481(6). The proposal would not have defined “service providers,” as defined in
12 U.S.C. 5481(26), as covered nonbanks per se. Entities that are service providers, however, may nevertheless also
be covered persons under the CFPA. Among other things, a person that is a service provider shall be deemed to be a
covered person to the extent that such person engages in the offering or provision of its own consumer financial
product or service. See 12 U.S.C. 5481(26)(C). And a service provider that acts as a service provider to its covered
person affiliate is itself deemed to be a covered person as provided in 12 U.S.C. 5481(6)(B).
that there is currently greater need to collect this information from the nonbanks under its
jurisdiction. Among other things, the identity and size of all insured depository institutions and
insured credit unions is known to the Bureau due to registration regimes maintained by the
prudential regulators, which track and make public such information. Also, there are only four
prudential regulators, and they regularly publish their consumer financial protection orders. In
contrast, the Bureau explained that comprehensive, readily accessible information is currently
lacking about the identity of, and orders issued against, nonbanks subject either to the Bureau’s
market-monitoring authority or to its supervisory authority across the various markets for
consumer financial products and services. As a result, the Bureau believed that there is a unique
need to identify nonbanks subject to orders through this proposed registry. In addition, the
proposal would have conformed with the Bureau’s registration authority under CFPA section
1022(c)(7), which states that the Bureau may impose registration requirements applicable to a
covered person, other than an insured depository institution, insured credit union, or related
person.185
Second, the proposal would have excluded from the definition of the term “covered
nonbank” a “State,” as defined in CFPA section 1002(27)—a term that includes “any federally
recognized Indian tribe, as defined by the Secretary of the Interior” under section 104(a) of the
Federal Recognized Indian Tribe List Act of 1994, 25 U.S.C. 5131(a).186 The Bureau has other
avenues of collaborating with State partners (including Tribal partners) and, out of
considerations of comity, did not seek to subject them to an information collection requirement
in the proposal.
Third, the proposal excluded natural persons from the definition of “covered nonbank.”
The Bureau was not proposing to impose subpart B’s registration requirements on natural

The Bureau explained that an affiliate of an insured depository institution, insured credit union, or related person
could be subject to the proposed rule if it is not itself an insured depository institution, insured credit union, or
related person.
186

12 U.S.C. 5481(27).

persons, even though natural persons may be covered persons and may be subject to the types of
orders described in the proposal. (For example, a sole proprietor not incorporated as a legal
entity could qualify as a covered person.) Under the proposed exclusion, for example, natural
persons subject to orders issued under FTC Act section 5, removal and prohibition orders or
orders assessing civil money penalties issued by an appropriate Federal banking agency under
section 8 of the Federal Deposit Insurance Act,187 or State licensing orders or orders issued under
the S.A.F.E. Mortgage Licensing Act of 2008188 would not be subject to the proposal’s
registration requirements. The “natural person” exception in proposed § 1092.201(c)(3) was
intended only to exclude individual human beings from the definition of “covered nonbank.”
The definition of “covered nonbank” would have included trusts and other entities that meet the
definition of “covered person” under CFPA section 1002(6).189 The Bureau was primarily
interested in obtaining information regarding orders that apply to entities because it believed
such orders will be most useful in identifying relevant risks to consumers. The Bureau believed
that many of the agency and court orders enforcing the law issued against individuals are highly
specific to the facts and circumstances relevant to the individual’s conduct and are less likely to
implicate broader risks to consumers and markets. In addition, the Bureau was primarily
interested in obtaining and publishing registration information regarding nonbank entities that
are subject to its jurisdiction, which among other things would enable consumers to better
identify such entities and would provide information to the public and other regulators. The
Bureau was concerned that, if the Bureau should extend the registration requirement to natural
persons, the information provided would be less relevant to consumers and the other users of the
registry. Therefore, the Bureau believed that the potential benefit of extending the registration

12 U.S.C. 1818.

12 U.S.C. 5101 et seq.

See 12 U.S.C. 5481(6). See also 12 U.S.C. 5481 (defining the term “person” to include, in addition to
individuals, any “partnership, company, corporation, association (incorporated or unincorporated), trust, estate,
cooperative organization, or other entity”).
requirement to natural persons likely would not justify the additional Bureau resources that
would need to be allocated to implement and administer such an expansion of the Bureau’s
registry. The Bureau also believed that proposed § 1092.203’s requirements to designate one or
more attesting executives and submit written statements would not be appropriate for natural
persons.
Fourth, the proposal excluded from the definition of “covered nonbank” a motor vehicle
dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and
servicing of motor vehicles, or both, within the meaning of 12 U.S.C. 5519(a), except to the
extent such a person engages in functions that are excepted from the application of 12 U.S.C.
5519(a) as described in 12 U.S.C. 5519(b). CFPA section 1029 provides an exclusion from the
Bureau’s rulemaking authority for certain motor vehicle dealers.190 However, CFPA section
1029(b) exempts certain persons from this exclusion. Persons covered by section 1029(a) would
have qualified as “covered nonbanks” under the proposal so long as they engage in the functions
described in section 1029(b)—in which case they would be “covered nonbanks.” Proposed
§ 1092.201(e), discussed below, would have further provided that the only orders issued to such
motor vehicle dealers that would require registration would be those issued in connection with
the functions that are excepted from the application of 12 U.S.C. 5519(a) as described in 12
U.S.C. 5519(b).
Fifth, the proposal excluded a person from the definition of “covered nonbank” if the
person qualifies as a covered person based solely on conduct that is the subject of, and that is not
otherwise exempted from, an exclusion from the Bureau’s rulemaking authority under 12 U.S.C.
5517.191 This provision would have clarified that persons whose activities are wholly excluded
from the rulemaking authority of the Bureau under one or more of the provisions of section 1027
of the CFPA are not “covered nonbanks.” However, where the CFPA provides that any of the

12 U.S.C. 5519 (“Exclusion for Auto Dealers”).

12 U.S.C. 5517.

activities engaged in by such persons are subject to the Bureau’s rulemaking authority, this
limitation would not have excluded the person from qualifying as a “covered nonbank.” For
example, the Bureau explained, CFPA section 1027(l)(1) provides an exclusion from the
Bureau’s rulemaking authority for certain persons engaging in certain activities relating to
charitable contributions.192 Under the proposal, a covered person would not have been deemed a
“covered person” if it qualifies for this statutory exclusion and is not otherwise exempt from it.
But CFPA section 1027(l)(2) exempts certain activities from this statutory exclusion by
providing that “the exclusion in [CFPA section 1027(l)(1)] does not apply to any activities not
described in [CFPA section 1027(l)(1)] that are the offering or provision of any consumer
financial product or service, or are otherwise subject to any enumerated consumer law or any law
for which authorities are transferred under subtitle F or H.”193 As proposed, persons described in
CFPA section 1027(l)(1) engaging in the activities described therein would have qualified as
“covered nonbanks” so long as they engage in any of the activities described in CFPA section
1027(l)(2), and they would thus be subject to all of the information-collection requirements of
the rule applicable to “covered nonbanks,” regardless of whether the applicable “covered order”
addressed the conduct subject to the statutory exclusion.
Among other things, the Bureau sought comment regarding the overall scope of the
proposed definition of “covered nonbank,” including whether the definition should be expanded
or limited in light of the purposes and objectives of subpart B. The Bureau further sought
comment on whether a more limited or expanded approach to the registration of covered persons
would be appropriate instead of the proposed requirements, whether it should consider any other
modifications to the scope of the rule, and how such modifications would match the Bureau’s
policy goals.
Comments Received

12 U.S.C. 5517(l)(1) (“Exclusion for Activities Relating to Charitable Contributions”).

12 U.S.C. 5517(l)(2).

The Bureau specifically sought comment as to whether it should adopt an alternative
approach that would limit all of the proposal’s registration requirements to covered persons that
are subject to the Bureau’s supervision and examination authority under CFPA section 1024(a).
An industry commenter supported limiting the registration requirements to entities with annual
receipts of more than $10 million, which is the Bureau’s larger participant threshold for the
consumer debt collection market under section 1024(a).194 While conceding that this approach
would limit the number of orders subject to the rule, the commenter stated that it would greatly
reduce the compliance burden on small businesses.
A consumer advocate commenter stated that the proposal should be modified in order to
clarify that schools and State-affiliated student loan servicers satisfy the definition of “covered
nonbanks.” The commenter stated that such clarification was particularly desirable in light of
the exception for States from the definition of “covered nonbank,” as according to the
commenter, certain entities accused of illegal conduct often falsely assert that they are agents or
appendages of States.
The Bureau specifically requested comment on whether to include natural persons in the
term “covered nonbank,” even though natural persons may be covered persons and may be
subject to the types of orders described in the proposal. A consumer advocate commenter stated
that the proposal should be modified in order to include natural persons who otherwise meet the
definition of “covered person.” The commenter stated that including natural persons would
provide consumers with an additional resource to identify bad actors in consumer financial
services.
Commenters, including the SBA Office of Advocacy, stated that the proposal was
insufficiently clear with respect to affiliates of insured depository institutions and insured credit
unions. Commenters noted that certain bank holding companies and other nonbank affiliates of

See 12 U.S.C. 5514(a)(1)(B); 12 CFR 1090.105.

such entities meet the CFPA’s definition of “covered person,”195 but they would not have fallen
within the exemptions to the term “covered nonbank” provided in proposed § 1092.201(d).
Commenters requested clarification as to which affiliates of banks and credit unions would
qualify as “covered nonbanks” under the proposal. One industry commenter stated that the
Bureau should ensure that the regulatory text expressly clarified the application of this definition
to bank affiliates. Industry commenters also stated that the Bureau should exempt some or all of
these bank-affiliated “covered persons” from the scope of the definition, and industry
commenters stated that if the Bureau were to include affiliates of insured depository institutions
and insured credit unions in the definition of the term “covered nonbank,” the Bureau should
issue a supplementary proposal in order to provide for additional notice and comment on that
approach. A consumer advocate commenter stated that the Bureau should take an expansive
approach in addressing this question.
Several industry and consumer advocate commenters approved of the proposal to collect
and publish information about nonbanks, stating that the proposed registry would shed light on
the large and growing nonbank financial sector. An industry commenter and a consumer
advocate commenter stated that the proposed registry would help the Bureau identify nonbanks
to bring under Bureau supervision. Industry commenters and a joint comment letter from
members of Congress agreed that excepting banks and insured credit unions from the proposal
was appropriate, although some commenters objected to the proposal’s statement that the Bureau
might consider including banks and credit unions in a future registry, stating that the Bureau
lacked authority to do so or that collecting information from banks or credit unions would be
unduly burdensome and duplicative. On the other hand, several commenters stated that the
Bureau should not exempt banks and credit unions from the proposed rule’s requirements.
Industry commenters stated that this exemption was contrary to the proposal’s rationale, and

12 U.S.C. 5481(6).

unfairly targeted nonbanks and put them at a competitive disadvantage. A consumer advocate
commenter stated that the exemption was inconsistent with the publication of certain orders
regarding nonbanks, and that nonbanks might attempt to evade the proposed rule’s registration
requirements by acquiring a banking charter.
A joint letter from State regulators stated that States have not witnessed widespread
issues with or a growing trend of recidivism among nonbanks that would necessitate the creation
of the proposed nonbank registry, and stated that previous remarks by the Bureau’s Director had
not emphasized a recidivism problem among nonbanks. However, consumer advocate
commenters stated that recidivism by nonbanks did pose risks to consumers and that the registry
would help users identify such risks and would otherwise help prevent recidivism.
While noting the exclusion of federally recognized tribes from the proposed definition,
Tribal commenters suggested that the proposal’s use of the term “State” to define the exemption
from proposed § 1092.201(d)’s definition of “covered nonbank” was inadequate to protect Tribal
sovereignty, and stated that the rule should adopt a more specific and clear exclusion for
economic arms of the tribe, or for Tribal instrumentalities or entities wholly owned by tribes.
These commenters asserted that tribes, as self-determining bodies, are the only ones competent
to determine the status of an entity as enjoying Tribal sovereignty. Thus, in their view, U.S.
government institutions—whether the Bureau, other U.S. regulators, or U.S. courts—lack
competence to make such determinations. Tribal commenters also stated that application of the
rule to Tribal instrumentalities would expose Tribal treasuries to unfounded attacks that the
registry would generate.
Industry commenters stated that in addition to the exemption in proposed
§ 1092.201(d)(1) for insured credit unions, the Bureau should also exempt from the definition of
“covered nonbank” credit union service organizations (CUSOs). The commenters stated that
CUSOs must register with the National Credit Union Administration (NCUA) and report
financial activity, with annual affirmations and updates, that NCUA and State regulators

regularly exercise established authority to request information regarding CUSO activity, that
requiring registration of CUSOs would be duplicative and burdensome, and that consumers
would be unlikely to find such registration useful.
An industry commenter stated that the Bureau should exempt institutions that are
supervised by the Farm Credit Administration from the definition of “covered nonbank.” The
commenter stated that the reasons the proposal gives for excluding depository institutions and
credit unions apply equally to Farm Credit institutions, and that such an exemption would be
consistent with the unique treatment of such institutions under the CFPA.
An industry commenter stated that the Bureau should exempt attorneys and law firms
from the scope of the proposal on the grounds that regulation of lawyers is properly placed not
with the Bureau but with the judiciary and State bar associations, because of concerns that
covered nonbanks that are attorneys or law firms could be required to divulge privileged
communications between the lawyer and their client as well as information regarding their
clients’ confidential and proprietary business practices, and on the grounds that they are already
heavily regulated and should otherwise not be subject to the rule.
Two industry commenters stated that the Bureau should exempt mortgage lenders and
mortgage services from the scope of the proposal, or at a minimum, exempt such entities where
they have satisfied the existing NMLS requirements for mortgage lenders/servicers to disclose
such agency and court orders to the NMLS. These commenters stated that the proposed rule
would have a disproportionate burden on such entities and would be largely duplicative of the
orders that such entities report to the NMLS.
Response to Comments Received
Under the final rule, the Bureau will collect information under the nonbank registry in
order to be informed about risks regarding a wide range of nonbank covered persons, and not just
regarding the entities that are subject to its supervisory jurisdiction under CFPA section 1024(a).

The Bureau finalizes its conclusion in the proposal196 that collecting information from a wider
range of covered persons is appropriate to achieve its market-monitoring objectives. The Bureau
declines to finalize the alternative approach discussed in the notice of proposed rulemaking that
would have limited the scope of the definition to covered persons that are subject to the Bureau’s
supervision and examination authority under CFPA section 1024(a). The Bureau’s marketmonitoring information collection authority under CFPA section 1022(c)(4)(B)(ii) applies to
“covered persons” and “service providers” as defined at CFPA section 1002,197 and the Bureau’s
registration authority under CFPA section 1022(c)(7) applies to all covered persons “other than
an insured depository institution, insured credit union, or related person.”198 The Bureau
concludes that the information that will be collected under the nonbank registry will be useful for
purposes beyond conducting its supervisory work, and that it should collect information in order
to inform its regulatory, enforcement, and other functions, where the Bureau’s authority extends
to numerous entities that are not subject to its supervisory jurisdiction. Even with respect to
informing the Bureau’s supervisory work, it will be necessary to collect information from entities
that are not subject to Bureau supervision under CFPA section 1024(a). For example, the Bureau
could use information submitted to the nonbank registry to inform its decisions regarding
whether to issue new larger participant rules under CFPA section 1024(a)(2) or whether to
exercise its authority to designate a covered person for supervision because the Bureau has
reasonable cause to determine that the covered person is engaging or has engaged in conduct that
poses risk to consumers.199 Thus, the Bureau will need to be informed about risks to consumers
arising with respect to entities that are not presently supervised.
The Bureau declines to adopt a registration threshold or other exception from the rule’s
registration requirements based upon annual receipts or other size considerations. That approach
See 88 FR 6088 at 6109.

See 12 U.S.C. 5481(6), (26); 12 U.S.C. 5512(c)(4)(B)(ii).

See 12 U.S.C. 5512(c)(7).

See 12 U.S.C. 5514(a)(1)(B), (C), (a)(2); 12 CFR part 1091.

would lead to the omission of relevant covered nonbanks from the registry, which would mean
that the Bureau would not be notified regarding the existence of such entities and would not learn
that they were subject to a covered order. Such an exception would unnecessarily limit the
information that is provided to the Bureau and provide the Bureau with only a partial view of
related risks. The Bureau concludes that the limited burden that will be imposed on such entities
due to such information-collection requirements is warranted in light of the benefits to the
Bureau and other users of the nonbank registry.200
The Bureau declines to use this rulemaking as an opportunity to finalize a position
regarding whether any particular type of entity is a covered person or otherwise falls under the
regulatory definition of the term “covered nonbank.” The Bureau expects all entities subject to
its jurisdiction to assess their own compliance obligations and to comply with the law. An entity
that believes it has a good faith basis that it is not a covered nonbank or supervised registered
entity, or that an order is not a covered order, but has concerns about whether the Bureau would
agree, may file a good faith notification under § 1092.202(g) or § 1092.204(f).
The Bureau declines at this time to include natural persons in the term “covered
nonbank.” For the reasons discussed in the proposal, the Bureau is primarily concerned about
the risk to consumers that is presented by entities that are not natural persons, although it may
consider expanding the registry in future. As the Bureau discussed in its proposal, the “natural
person” exception in § 1092.201(c)(3) is intended only to exclude individual human beings from
the definition of “covered nonbank.” The definition of “covered nonbank” would include trusts
and other entities that meet the definition of “covered person” under CFPA section 1002(6).
The Bureau declines to finalize an exemption for affiliates of insured depository
institutions or insured credit unions from § 1092.201(d)’s definition of the term “covered
nonbank.” (As discussed in the section-by-section discussion of § 1092.201(q) below, that

See also the section-by-section discussion of § 1092.201(q) below.

section’s definition of the term “supervised registered entity” will not apply to an affiliate of an
insured depository institution or insured credit union with total assets of more than $10 billion as
described in CFPA section 1025(a).201 Therefore, such affiliates, even if they are “covered
nonbanks,” are not subject to the final rule’s written-statement requirements.) As the notice of
proposed rulemaking indicated,202 an affiliate of an insured depository institution or insured
credit union could be subject to the proposed rule if it is not itself an insured depository
institution or insured credit union. While proposed § 1092.201(d)(1) would have excluded from
the definition of “covered nonbank” insured depository institutions and insured credit unions (as
well as “related persons,” a term defined in CFPA section 1002(25)), the proposal did not
contain an exemption from the definition of “covered nonbank” for affiliates of such persons
where they otherwise would meet that definition. Like other covered nonbanks, such an affiliate
would only be subject to the rule if it qualified as a “covered nonbank” under the criteria
established in § 1092.201(d), including the requirement that the affiliate satisfy the CFPA
definition of the term “covered person.” With respect to the application of the final rule’s
written-statement requirements to such an affiliate, see the section-by-section discussion of
§ 1092.201(q) below.
The Bureau finalizes the approach described in the proposal. The Bureau acknowledges
that, like the insured depository institutions and insured credit unions that are exempt from the
definition of “covered nonbank” under § 1092.201(d)(1), affiliates of those entities are subject to
certain requirements imposed by the prudential regulators. And those regulators make certain
information available to the public regarding such affiliates, including information regarding
their identity and certain orders to which such affiliates are subject. Nevertheless, the Bureau
concludes that requiring such affiliates that otherwise meet the definition of “covered nonbank”
to submit information to the nonbank registry as required under § 1092.202 will serve the

12 U.S.C. 5515(a).

88 FR 6088 at 6108 n.139.

purposes of the final rule described in part IV above. Covered nonbanks that are affiliates of
insured depository institutions and insured credit unions present a different set of risks to
consumers than do insured depository institutions and insured credit unions. For example, they
are generally neither chartered nor insured by the Federal Government; they are generally subject
to a general corporate or business charter as opposed to a more restrictive banking or credit union
charter; and they are generally not subject to the same restrictions on corporate form and powers
that apply to insured depository institutions and insured credit unions.203
The Bureau concludes that it is appropriate to distinguish affiliated nonbanks engaged in
the offering or provision of consumer financial products and services from their affiliates that
hold a bank or credit union charter, are federally insured, and are engaged directly in the business
of banking or providing credit union services, and to register and collect additional information
from affiliated nonbanks for the purposes of identifying and assessing risk to consumers.
Furthermore, the approach taken in the final rule is consistent with CFPA section
1022(c)(7),204 which does not exempt such affiliate covered persons from the nonbank
registration requirements that may be imposed by the Bureau under that statutory provision. In
this case, Congress made a determination to extend the Bureau’s registration authority over such
persons, which are nonbanks subject to the Bureau’s jurisdiction. Among other things, the
Bureau needs to monitor risks to consumers presented by such nonbank affiliates in order to
exercise its broad enforcement, supervisory, and regulatory authority over such persons. For

See, e.g., 12 U.S.C 24a (authorizing financial subsidiaries of national banks to engage in nonbanking activities);
12 U.S.C. 1843 (authorizing bank holding company interests in nonbanking organizations), 1864 (authorizing bank
service companies to engage in nonbanking activities). See also, e.g., Patricia A. McCoy, 1 Banking Law Manual:
Federal Regulation of Financial Holding Companies, Banks, and Thrifts (3rd ed. 2023) §§ 5.02-5.03 (discussing
powers of national banks, bank holding companies, and financial holding companies). In addition, such affiliates
are not subject by statute to the same frequency of examination by a Federal agency as are insured depository
institutions. See 12 U.S.C. 1820(d) (generally requiring a “full-scope, on-site examination of each insured
depository institution” either annually or, for certain small institutions, every 18 months). And certain affiliates are
subject to a different system of ratings and supervision by the prudential regulators than are insured depository
institutions. See, e.g., Large Financial Institution Rating System; Regulations K and LL, 83 FR 58724 (Nov. 21,
2018) (adopting ratings system for certain holding companies). See also the discussion below regarding credit union
service organizations (CUSOs).
204

12 U.S.C. 5512(c)(7).

example, Congress provided supervisory authority over nonbanks to the Bureau in order to
ensure that the Bureau could exercise consistent Federal oversight of nondepository institutions
based upon its assessment of the risk they pose to consumers.205 With respect to the affiliates of
very large insured depository institutions and insured credit unions, Congress intended to address
the preexisting “fragmented regulatory structure” by creating “one Federal regulator with
consolidated consumer protection authority” that would monitor such entities.206 Consistent with
this goal, the final rule will create a unified registry that will identify covered nonbanks that
themselves participate in the markets for consumer financial products and services, as well as the
orders to which they are subject, whether or not those covered nonbanks happen to be affiliates
of banks or credit unions.
The Bureau is adopting an exception for insured depository institutions, insured credit
unions, and related persons in § 1092.201(d)’s definition of the term “covered nonbank.”207 For
the reasons stated in the proposal, the Bureau concludes that there is currently greater need to
collect information from the nonbanks under its jurisdiction than from insured depository
institutions, insured credit unions, and related persons, that there is a unique need to identify
nonbanks subject to orders through the nonbank registry, and that the final rule will conform
with the Bureau’s registration authority under CFPA section 1022(c)(7), which states that the
Bureau may impose registration requirements applicable to a covered person, other than an
insured depository institution, insured credit union, or related person.208 As discussed at parts III
and IV above, the Bureau is issuing this rule under separate authorities under CFPA sections

See S. Rep. No. 111-176, at 167 (2010) (“The authority provided to the Bureau in this section will establish for
the first time consistent Federal oversight of nondepository institutions, based on the Bureau’s assessment of the
risks posed to consumers and other criteria set forth in this section.”).
206

See S. Rep. No. 111-176, at 168 (2010).

As explained below, the Bureau has adopted a revision to the proposed rule to clarify that a related person is
excluded from the definition of “covered nonbank” only if the person qualifies as a “covered person” solely due to
its related-person status.
208

12 U.S.C. 5512(c)(7).

1022 and 1024. However, for clarity, the final rule will not cover persons who are not subject to
the Bureau’s CFPA section 1022(c)(7)(A) authority.
In addition, the Bureau concludes that the final rule will facilitate the purposes of the
nonbank registry described in part IV above even without registering insured depository
institutions, insured credit unions, or related persons at this time. In light of the modest
obligations imposed under the final rule, the Bureau does not think that the final rule will cause
nonbanks to undergo the expense and effort involved in obtaining a banking charter to avoid
their registration obligations under the final rule. The Bureau chooses at this time not to collect
information from banks not only because orders against insured depository institutions and
insured credit unions are public or required to be public—as are all covered orders, as provided
at § 1092.201(e)—but also because the insured depository institutions and insured credit unions
themselves are already subject to a comprehensive public Federal registration regime that
identifies them to the public and is kept up to date.209 These requirements generally serve to
distinguish orders issued against insured depository institutions and insured credit unions from
orders issued against the covered nonbanks that the Bureau will register under the final rule.210
As discussed in part IV above, the registry will accomplish a number of goals, with a
particular focus on monitoring for risks to consumers related to repeat offenders of consumer
protection law. As discussed above, recidivism poses particular risks to consumers, and the
Bureau believes that adoption of the final rule is appropriate for the purposes of monitoring for
recidivism and publishing information that may help potential users of the nonbank registry
identify recidivism by nonbanks. The joint comment letter from State regulators neither asserts
nor demonstrates that recidivism by nonbanks does not present risks to consumers, and consumer

See, e.g., 12 U.S.C. 1786(s) (insured credit unions), 1818(u) (insured depository institutions).

In addition, for the reasons discussed above and in the section-by-section discussion of § 1092.201(q), affiliates
of insured depository institutions and insured credit unions may qualify as “covered nonbanks” subject to the final
rule, and affiliates of insured depository institutions and insured credit unions with total assets of $10 billion or less
may qualify as “supervised registered entities” subject to § 1092.204. As discussed in those sections, the Bureau is
concerned that such affiliates may present different types of risks to consumers than insured depository institutions
and insured credit unions do.
advocate commenters stated that recidivism by nonbanks does present risks to consumers. The
Bureau intends to use the information collected via the nonbank registry to help detect and assess
relevant risks to consumers related to recidivism by nonbanks. In addition, the Bureau is
adopting the final rule not just to monitor and deter recidivism by nonbanks but also more
generally to serve all of the purposes described under part IV, pursuant to its legal authorities as
described in part III. For example, as discussed in the section-by-section discussion of
§ 1092.205(a) below and elsewhere in this preamble, even one covered order may be probative
of significant risk to consumers, and the written-statement requirements will serve the purposes
described in part IV(D) whether or not an applicable supervised registered entity is subject to
multiple covered orders. Thus, the Bureau believes its adoption of the final rule is appropriate
even if recidivism among nonbanks currently presents only limited risks to consumers.
Section 1092.201(d)(2) excludes from the definition of the term “covered nonbank” a
“State,” as defined in CFPA section 1002(27)—a term that includes “any federally recognized
Indian tribe, as defined by the Secretary of the Interior” under section 104(a) of the Federal
Recognized Indian Tribe List Act of 1994, 25 U.S.C. 5131(a). The Bureau declines to provide
an express exemption from the final rule for Tribal instrumentalities or entities wholly owned by
tribes because the Bureau does not choose to use this rulemaking as the vehicle for determining
the circumstances under which tribally affiliated entities qualify as part of the tribe itself or are
appropriately exempt from covered laws. At a minimum, where a covered nonbank becomes
subject to a final court or agency order enforcing a covered law and otherwise satisfies the
requirements of the rule, the Bureau believes that it is appropriate to register the entity and the
order. The Bureau acknowledges that certain tribally affiliated entities may from time to time
believe a court or agency has erred in imposing a covered order on them, based on grounds of
sovereign immunity or otherwise. However, the Bureau believes that providing a blanket
exemption for all such cases would improperly omit covered orders that are in fact probative of

risk to consumers posed by entities subject to the Bureau’s jurisdiction and thus should be
registered under the final rule.
In requiring registration in connection with such orders, the Bureau takes no position on
the merits of the underlying case, proceeding, or order, or any related arguments, including any
arguments regarding sovereign immunity or Tribal status. As discussed in the section-by-section
discussion of §§ 1092.202(g) and 1092.204(f) below, the Bureau believes that the voluntary
good-faith filing option provides a satisfactory mechanism for tribally affiliated entities to avoid
the risk of an enforcement action where they decide not to register an order or submit a written
statement based on a good-faith belief that they are not a covered nonbank or a supervised
registered entity, such as on the grounds that they qualify as part of a federally recognized tribe
and thus as a “State,” or that an order is not a covered order. Also as discussed in those sections,
an entity may choose whether or not it wishes to submit such a filing, and the Bureau will treat
such filings as “administrative information” that it will not publish under § 1092.205(a). Thus,
the Bureau does not agree that application of the rule to tribally affiliated entities would expose
Tribal treasuries to unfounded attacks.
The Bureau declines to finalize an exemption for CUSOs in § 1092.201(d)’s definition of
“covered nonbank.”211 Unlike insured credit unions, which are exempt from the definition,
CUSOs are not directly subject to the NCUA’s full examination and enforcement authority, and

Like other covered nonbanks, a CUSO would only be subject to the rule if it qualified as a “covered nonbank”
under the criteria established in § 1092.201(d), including the requirement that the CUSO satisfy the CFPA definition
of the term “covered person.” And a CUSO would only be subject to § 1092.204’s written-statement requirements
if it qualified as a “supervised registered entity” under the criteria established in § 1092.201(q). Under
§ 1092.201(q)(1), a CUSO that is subject to Bureau examination and supervision solely in its capacity as a service
provider and that is not otherwise subject to Bureau supervision and examination will not be deemed to be a
“supervised registered entity” under § 1092.201(q).
As discussed above, entities that are service providers may nevertheless also be covered persons under the CFPA.
For example, a CUSO, such as a CUSO wholly owned by a credit union, that acts as a service provider under the
CFPA to its covered person credit union affiliate would itself be deemed to be a covered person as provided in
12 U.S.C. 5481(6)(B), and thus would qualify as a “covered nonbank” under § 1092.201(d) if the other criteria of
that definition are satisfied.

are not chartered or insured by the NCUA.212 And while presently the NCUA requires a
federally insured credit union investing in or lending to a CUSO to obtain a written agreement
requiring the applicable CUSO to “provide the NCUA with complete access to its books and
records and the ability to review the CUSO’s internal controls” and to supply the NCUA with
“operational and financial information” via a CUSO Registry,213 the NCUA nevertheless has
previously emphasized in Congressional testimony that “this does not provide access to examine
all of the CUSO’s operations.”214 The Bureau concludes that requiring covered nonbanks that
are CUSOs to register will provide valuable information to the Bureau and others regarding risks
such covered nonbanks may present to consumers. Among other things, if—as the Bureau
intends—the Bureau publishes registry information, requiring CUSOs that qualify as covered
nonbanks to register with the nonbank registry will facilitate credit union due diligence in using a
CUSO to provide services to the credit union in connection with the offering or provision of
consumer financial products and services.
The Bureau also notes that the credit union exemption provided under § 1092.201(d)(1)
applies only to insured credit unions, as that term is defined by § 1092.101(a), which in turn
defines the term “insured credit union” to have the meaning given to that term in the CFPA.215
Thus, this exemption does not apply to credit unions, such as certain uninsured or privately
insured credit unions, that do not meet the definition of “insured credit union” under the CFPA
and the final rule. Such credit unions must comply with the rule’s registration and other

See NCUA Office of Inspector General, Report #OIG-20-07, “Audit of the NCUA’s Examination and Oversight
Authority Over Credit Union Service Organizations and Vendors” 4 (Sept. 1, 2020), https://ncua.gov/files/auditreports/oig-audit-cusos-vendors-2020.pdf (OIG Report) (“CUSOs are not directly subject to NCUA regulation or
examination and are not chartered or insured by the NCUA.”).
OIG Report at 6-8; see also 12 CFR 712.3; CUSO Registry, https://ncua.gov/regulation-supervision/regulatoryreporting/cuso-registry.
214

OIG Report at 16 (describing NCUA testimony seeking additional statutory authority from Congress).

See 12 U.S.C. 5481(17).

provisions with respect to covered nonbanks and supervised registered entities where they would
otherwise be applicable.216
The Bureau declines to adopt an express exemption from the definition of “covered
nonbank” for institutions supervised by the Farm Credit Administration. The industry
commenter that requested such an exemption has not shown that it is necessary or appropriate.217
The commenter discusses one category of orders that institutions regulated by the Farm Credit
Administration might register under the rule—namely, orders from the Farm Credit
Administration enforcing compliance with certain Federal consumer financial laws. Under
current Farm Credit Administration policy, however, the agency does not “identify the institution
and/or persons involved” when it issues an order enforcing the law against an institution it
regulates.218 An order that does not publicly “[i]dentif[y] a covered nonbank by name as a party
subject to the order” would not qualify as a “covered order” required to be registered under the
final rule.219 Moreover, in the event a person regulated by the Farm Credit Administration has
concerns that it may be deemed a covered nonbank or that any particular order may be deemed a
covered order notwithstanding its good-faith belief to the contrary, it may file one or more goodfaith notifications under § 1092.202(g) or § 1092.204(f), as applicable.
The Bureau also does not choose to finalize an express exemption for attorneys or law
firms in the final rule. Individual attorneys already fall outside the definition of covered nonbank

Likewise, the exemption at § 1092.201(d)(1) would not apply to any bank or savings association that is not an
“insured depository institution” or “insured credit union” as defined in the final rule. See § 1092.101(a), 201(h) of
the final rule.
The industry commenter states that institutions regulated by the Farm Credit Administration do not fall within
other exclusions from the definition of “covered nonbank” in § 1092.202(d), such as the exclusion for a “person that
qualifies as a covered person based solely on conduct that is the subject of, and that is not otherwise exempted from,
an exclusion from the Bureau’s rulemaking authority under 12 U.S.C. 5517.” Cf. 12 U.S.C. 5517(k) (providing that
the Bureau “shall have no authority to exercise any power to enforce this title with respect to a person regulated by
the Farm Credit Administration,” but not referring to the Bureau’s rulemaking authority (emphasis added)).
Farm Credit Administration, Policy Statement: Disclosure of the Issuance and Termination of Enforcement
Documents (effective Jan. 27, 2005),
https://ww3.fca.gov/readingrm/Handbook/_layouts/15/WopiFrame.aspx?sourcedoc={920F0A1E-1839-493C-BE19E13751EA460D}&file=Disclosure%20of%20the%20Issuance%20and%20Termination%20of%20Enforcement%20
Documents.docx&action=default.
219

See § 1092.201(e)(1)(i) of the final rule.

under the § 1092.201(d)(4) exclusion for natural persons. Where a law firm satisfies the final
rule’s definition of the term “covered nonbank,” the Bureau concludes that entry of a covered
order against such a covered nonbank is likely to be probative of risk to consumers, and that it is
appropriate to require registration under such circumstances, consistent with the Bureau’s
statutory jurisdiction and authority. In addition, the final rule does not require the submission of
any information to the nonbank registry that is protected by the attorney-client privilege or any
other legal privilege. As stated in part III(B), the Bureau’s registry is designed to not collect any
protected proprietary, personal, or confidential consumer information, and thus, the Bureau will
not publish, or require public reporting of, any such information. Further discussion of the
publication provisions of the final rule is provided in the section-by-section discussion of
§ 1092.205 below.
With respect to commenters’ requests for exemptions for mortgage lenders and servicers,
the Bureau is finalizing a one-time registration option for NMLS-published covered orders at
§ 1092.203; this provision is discussed in more detail in part IV(E) and the section-by-section
discussion of § 1092.203 below. Under the final rule, with respect to any NMLS-published
covered order, a covered nonbank that is identified by name as a party subject to the order may
elect to comply with the one-time registration option described in § 1092.203 in lieu of
complying with the requirements of §§ 1092.202 and 1092.204. The Bureau is adopting this
provision in part to address the concerns of commenters that requiring mortgage lenders and
servicers to register orders that are already available on the public NMLS Consumer Access
website would be duplicative and burdensome.
The Bureau declines to finalize an additional express exemption from § 1092.202(d) for
covered nonbanks that are mortgage lenders or mortgage servicers. The CFPA expressly
subjects these entities to the Bureau’s supervisory authority,220 and the legislative history of the

See 12 U.S.C. 5514(a)(1).

CFPA indicates that Congress viewed this authority as integral to the Bureau’s mandate.221 In
addition, the Bureau is the only Federal regulator with supervisory and enforcement jurisdiction
over all of these entities, which are chartered by the various States. The option provided at
§ 1092.203 will help eliminate redundant filings by nonbank mortgage lenders and mortgage
servicers while notifying the nonbank registry when an applicable order has been issued or
obtained against a covered nonbank. Thus, the Bureau believes that requiring such entities to
register covered orders, subject to the one-time registration option described in § 1092.203 for
NMLS-published covered orders where it applies, would serve the purposes of the final rule
described in part IV above.
Final Rule
For the reasons set forth above and as follows, the Bureau is finalizing § 1092.201(d) as
proposed, with revisions to clarify the treatment of “related persons.” The final rule renumbers
the items in § 1092.201(d) accordingly.
The Bureau had proposed to exclude “related persons,” as that term is defined at
§ 1092.101(a) and CFPA section 1002(25), from the proposed definition of “covered
nonbank.”222 Final § 1091.201(d)(1) and (2) have been revised to retain this exclusion, but to
clarify these provisions to provide that the final rule does not include within the definition of
“covered nonbank” a person who is a covered person solely by virtue of being a related person as
defined in CFPA section 1002(25). Under CFPA section 1002(25), certain persons are “deemed
to [be] a covered person for all purposes of any provision of Federal consumer financial

See, e.g., S. Rep. No. 111–176 at 11-14 (2010) (discussing the “mortgage crisis” that began in the 2000s), 167
(“Specifically, the Bureau will have the authority to supervise all participants in the consumer mortgage arena,
including mortgage originators, brokers, and servicers and consumer mortgage modification and foreclosure relief
services. These entities contributed to the housing crisis that led to the near collapse of the financial system.”), 229
(“The CFPB would have been able to head off the subprime mortgage crisis that directly led to the financial crisis,
because the CFPB would have been able to see and take action against the proliferation of poorly underwritten
mortgages with abusive terms.”). As discussed in part II(A) above, the Bureau was created in the wake of the 2008
financial crisis, which was caused by a variety of overlapping factors including systemic malfeasance in the
mortgage industry.
222

88 FR 6088 at 6108.

law[.]”223 However, CFPA section 1022(c)(7)(A) excludes related persons from the type of
covered persons covered by Bureau rules regarding registration issued under CFPA section
1022(c)(7) authority.224 As discussed at parts III and IV above, the Bureau is issuing this rule
under separate authorities under CFPA sections 1022 and 1024. However, for clarity, the final
rule will not cover persons who are not subject to the Bureau’s CFPA section 1022(c)(7)(A)
authority. Therefore, the final rule excludes related persons from the definition of “covered
nonbank,” to the extent that they are not covered persons for any other reason than being deemed
covered persons pursuant to CFPA section 1002(25). For example, this exclusion generally
would not apply to a nonbank entity that qualifies as a covered person because it offers or
provides a consumer financial product or service,225 even if that entity also happens to be a
related person.
Section 1092.201(e) Covered Order
Proposed Rule
The Bureau proposed § 1092.201(e) to define the term “covered order.” The proposal
would have defined the term to include only orders that are both public and final. The term
“public” was defined at proposed § 1092.201(k). The proposed term “covered order” was
intended to cover only final settlement or consent orders, or final agency or court orders resulting
from litigation or adjudicated agency proceedings. By “final” order, the proposal meant to
exclude such orders as preliminary injunctions, temporary restraining orders, orders partially
granting and partially denying motions to dismiss or summary-judgment motions, and other
interlocutory orders.226 The proposed term would also have excluded temporary cease-and-desist
orders that come into effect pending the resolution of an underlying contested matter but would

12 U.S.C. 5481(25)(B).

12 U.S.C. 5512(c)(7)(A).

See 12 U.S.C. 5481(6)(A).

See, e.g., Gelboim v. Bank of Am. Corp., 574 U.S. 405, 408–09 (2015) (discussing the meaning of “final
decision” under 28 U.S.C. 1291).
have included a related final cease-and-desist or other order resolving the matter. The proposed
term would have also excluded notices of charges, accusations, or complaints that are part of
disciplinary or enforcement proceedings but do not constitute a final order. The Bureau
proposed to include orders that are final by their own terms or under applicable law, even where
Federal, State, or local law allows for the appeal of such orders. Proposed § 1092.201(f),
defining the term “effective date,” would have addressed situations where an order is subject to a
stay following issuance. The Bureau sought comment on whether the term “final” should be
further defined in the regulatory text.
The proposed definition included orders issued by either an agency or a court. The
proposal would have clarified that the definition would include an otherwise covered order
whether or not issued upon consent. Accordingly, under the proposal, “covered orders” could
have been issued upon consent or settlement. They could also have been issued after the filing of
a lawsuit or complaint and a process of litigation or adjudication. The proposed term would not
have included corporate resolutions adopted by an entity and not issued by an agency or court.
Nor would the proposed term have generally included licenses, including conditional licenses;
but the term would have included an order suspending, conditioning, or revoking a license based
on a violation of law. Nor would the proposed term have included related stipulations or
consents, where those documents are not incorporated into or otherwise made part of the order.
Proposed § 1092.201(e)(1) would also have included, as a component of the definition of
the term “covered order” for a given covered nonbank, a requirement that the order identify the
covered nonbank by name as a party subject to the order. Thus, for example, orders that
indirectly refer to a covered nonbank as an “affiliate” of a named party, but do not name the
covered nonbank as itself a party subject to the order, would not have been covered orders under
proposed § 1092.201(e) with respect to the covered nonbank. Nor would orders that apply to a
covered nonbank only as a “successor and assign” of a named party, where the order does not
expressly identify the covered nonbank by name as a party subject to the order. The proposal

would have included in the definition a covered nonbank that is listed by name as a party
somewhere within the body of the order, even if the covered nonbank is not listed in the order’s
title or caption. In other words, to fall within the proposed § 1092.201(e) definition, it would
have been sufficient that the order identifies the covered nonbank by name as a party subject to
the order even if the covered nonbank is not listed in the title or caption of the order, or as the
primary respondent, defendant, or subject of the order. A covered nonbank may have satisfied
the proposed definition even if the issuing agency or court did not list the covered nonbank as a
party in related press releases or Internet links.
Proposed § 1092.201(e)(2) would have included, as a component of the definition of the
term “covered order,” a requirement that the order have been issued at least in part in any action
or proceeding brought by any Federal agency, State agency, or local agency. The Bureau
believed that limiting the registration requirement to orders involving such agencies would
provide sufficient information to support Bureau functions. This proposed requirement would
have included orders issued by the Bureau itself, the “prudential regulators,” as that term is
defined at CFPA section 1002(24),227 and any “Executive agency,” as that term is defined at 5
U.S.C. 105. The proposed requirement would have also included orders issued by “State
agencies” as defined at proposed § 1092.201(n) and “local agencies” as defined at proposed
§ 1092.201(i). An order issued by a local agency would have satisfied this proposed
requirement, but such an order would not have satisfied the requirement set forth in proposed
§ 1092.201(e)(4) (described below) unless the order imposed the obligations described in
proposed § 1092.201(e)(3) on the covered nonbank based on one or more violations of a covered
law. While certain Federal and State laws were included in the § 1092.201(c) definition of the
term covered law, local laws were not.

12 U.S.C. 5481(24).

Proposed § 1092.201(e)(3) further would have included, as a component of the definition
of the term “covered order,” a requirement that the order contain public provisions that impose
obligations on the covered nonbank to take certain actions or to refrain from taking certain
actions. Such obligations may have included, for example, injunctions or other obligations to
cease and desist from violations of the law; to pay civil money penalties, refunds, restitution,
disgorgement, or other money; to amend certain policies and procedures, including but not
limited to instances where the order requires submission of the proposed amendments to policies
and procedures for nonobjection; to maintain records or to provide them upon request; or to take
or to refrain from taking other actions. An order suspending, conditioning, or revoking a license
based on a violation of law would have met this requirement. An order that lacks any public
provision imposing such an obligation on the covered nonbank would not have met the
requirement in proposed § 1092.201(e)(3). The Bureau explained that an example of the type of
orders that might not have satisfied this requirement would be a declaratory judgment order
finding that an entity has violated the law, but not imposing any remedial obligations. Other
examples, the Bureau explained, might include orders whose only public provisions are releases
and general contractual terms frequently contained in consent orders, such as severability and
counterpart signature provisions, but only to the extent these provisions do not impose any other
obligations described by proposed § 1092.201(e)(3).
The proposed § 1092.201(e)(3) requirement would have excluded order provisions that
are not “public” as that term was defined in proposed § 1092.201(k). For example, obligations
imposed by non-public provisions that constitute confidential supervisory information of another
agency would not have been considered when determining whether a particular order satisfies
this proposed requirement. Proposed § 1092.201(e)(3) would have also excluded orders that lack
any public provision imposing an obligation on the covered nonbank to take certain actions or to
refrain from taking certain actions. The Bureau explained that, for example, an order that
describes unlawful conduct but does not contain any such public provisions imposing obligations

described at proposed § 1092.201(e)(3) would not have satisfied this requirement. The Bureau
proposed to exclude from the rule’s information-collection requirements nonpublic orders and
portions of orders in order to help protect the confidential processes of other agencies, including
their supervisory processes. The Bureau was concerned that requiring registration of
confidential supervisory information might have interfered with the functions and missions of
other agencies and did not believe that requiring such registration was necessary to accomplish
the purposes of the proposed rule. The Bureau noted that, to the extent that it has a need to
review nonpublic orders or nonpublic portions of orders, the Bureau may seek access to relevant
information through inter-agency information sharing that protects applicable privileges and
confidentiality. In addition, as discussed in the section-by-section discussion of § 1092.201(m)
below, the Bureau believed that publication of nonpublic information, including but not limited
to confidential supervisory information of the Bureau or other agencies, would be inappropriate.
Proposed § 1092.201(e)(4) would have also included, as a component of the definition of
the term covered order, a requirement that the order impose one or more of the obligations
described in proposed § 1092.201(e)(3) on the covered nonbank based on an alleged violation of
a covered law. The Bureau explained that, under the proposal, a covered order need not have
included an admission of liability or any particular factual predicate. The Bureau anticipated that
agency and court orders would vary widely in form and content, depending in part on such
matters as the relevant individual laws being enforced, the historical practices of the various
enforcement agencies, and the negotiations and facts and circumstances underlying specific
orders. Because of these expected variations in form and content in the orders that the Bureau
expected to be registered under the proposal, the Bureau believed that requiring registration only
of orders that contain an admission of liability, or a statement setting forth certain types of
findings or other factual predicates underlying the order, would omit relevant orders. The
Bureau believed that an order that contains neither an admission of liability nor a statement

setting forth the factual predicate underlying the order may nevertheless be probative of risks to
consumers of the type that the Bureau is obligated to monitor.
The Bureau explained that, for purposes of this proposed definition, an obligation would
have been “based on” an alleged violation where the order identifies the covered law in question,
asserts or otherwise indicates that the covered nonbank has violated it, and imposes the
obligation on the covered nonbank at least in part as a result of the alleged violation.228 This
would have included, for example, obligations imposed as “fencing-in” or injunctive relief, so
long as those obligations were imposed at least in part as a result of the entity’s violation of a
covered law. This element of the proposed definition would also have been satisfied, for
example, by any obligation imposed as part of other legal or equitable relief granted with respect
to the violation, as well as by any obligation imposed in order to prevent, remedy, or otherwise
address a violation of a covered law, or the conditions resulting from the violation. The Bureau
noted, however, that an order that does not identify a covered law as at least one of the legal
bases for the obligations it imposes on a covered bank would not satisfy the requirement set forth
at proposed § 1092.201(e)(4). The Bureau explained that an order may identify a covered law as
a legal basis for the obligations imposed by referencing another document, such as a written
opinion, stipulation, or complaint, that shows that a covered law served as the legal basis for the
obligations imposed in the order. The Bureau, however, stated that the requirements of proposed
§ 1092.201(e)(4) would not have been satisfied where the legal basis for the obligations imposed
is specified only in extrinsic documents not referenced in the order at issue, such as a press
release or blog post.
The Bureau explained that the proposed § 1092.201(e)(4) requirement would have
included an order issued by an agency exercising any powers conferred on such agency by

The Bureau explained that an obligation imposed based on multiple violations, some of covered laws and some
of other laws, would qualify as an “obligation[] . . . based on an alleged violation of a covered law” within the
meaning of proposed § 1092.201(e)(4), even if the violations of the non-covered laws would themselves have
sufficed to warrant the imposition of the obligation.
applicable law to enforce a covered law, so long as the order imposes one or more of the
obligations described in proposed § 1092.201(e)(4) on the covered nonbank based on an alleged
violation of a covered law. For example, the Bureau noted, certain Federal agencies may issue
an order predicated on violation of a Federal consumer financial law under the authority of
another enabling enforcement or licensing statute. Among other examples, an appropriate
Federal banking agency may issue orders in connection with certain violations of Federal
consumer financial law under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818),
the Administrator of the National Credit Union Administration may issue such orders under the
Federal Credit Union Act (12 U.S.C. 1751 et seq.), and the Securities and Exchange Commission
may issue such orders under the Federal securities laws. The Bureau noted that such an order
issued in connection with violations of Federal consumer financial law would satisfy the
requirement set forth in proposed § 1092.201(e)(4) in cases where the order imposes the
obligations described in proposed § 1092.201(e)(3) on the covered nonbank based on one or
more violations of Federal consumer financial law (or another covered law).
The Bureau noted that other agencies also may rely upon their enforcement authorities
under other laws in issuing orders in connection with violations of FTC Act section 5 (and rules
and orders issued thereunder). For example, an appropriate Federal banking agency may issue
orders in connection with violations of FTC Act section 5 by relying on its enforcement
authorities under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818). The Bureau
explained that such an appropriate Federal banking agency order would have satisfied the
requirement set forth in proposed § 1092.201(e)(4) in cases where the order imposed the
obligations described in proposed § 1092.201(e)(3) on the covered nonbank based on one or
more violations of the prohibition on unfair or deceptive acts or practices under FTC Act
section 5 (or a rule or order issued for the purpose of implementing that prohibition) or another
covered law. The order, the Bureau explained, would satisfy the requirement provided in

proposed § 1092.201(e)(4) even though the FTC Act does not expressly authorize the Federal
banking agencies to enforce FTC Act section 5.
Similarly, the Bureau considered an obligation to be “based on” an alleged violation of a
covered law where: (i) a State agency issues an order pursuant to certain State statutes that treat
violations of Federal or State laws as violations of the State statute;229 and (ii) the order (or, as
discussed above, an extrinsic document referenced in the order) states that one or more violations
of a covered law (e.g., a Federal consumer financial law) served as the legal basis for imposing
the obligations under such statute. In such cases, while the majority of these State laws would
not themselves have qualified as covered laws under proposed subpart B—and therefore were
not captured in appendix A—the underlying law violation would have so qualified. The Bureau
believed including such instances was important, as it understood that State agencies sometimes
issue orders in connection with violations of Federal consumer financial law relying on their
authorities under these State licensing and other statutes that do not themselves satisfy the
definition of covered law. Importantly, however, such an order would not have met the proposed
definition of “covered order” unless the order itself (or, as discussed above, an extrinsic
document referenced in the order) stated that a covered law served as the legal basis for the
obligations imposed in the order. A State order that relied upon such a statute, but that did not
identify a covered law as the legal basis for the obligations imposed thereunder, would not have
satisfied the requirement set forth in proposed § 1092.201(e)(4).230 Nor would an order that
imposed obligations solely based on violations of other laws, even laws that are analogous to
covered laws but do not themselves qualify as covered laws under proposed subpart B. Section
1092.201(e)(4), the Bureau explained, was intended to capture only orders that impose

See, e.g., Wash. Rev. Code sec. 19.146.0201(11).

The Bureau explained that the obligations imposed in an order issued or obtained by a State agency under a State
law that incorporates Federal law may be “based on” an alleged violation of Federal consumer financial law under
proposed § 1092.201(e)(4), even if the Federal consumer financial law itself does not expressly authorize that State
agency to enforce it. The Bureau noted that, so long as the State agency states that the relevant order provisions are
based on one or more violations of the Federal consumer financial law, it would be a covered order under the
proposed definition.
obligations based upon an agency’s or court’s determination that the applicable covered nonbank
has actually violated the covered law itself.
Under proposed § 1092.201(e)(5), the proposal would also have defined “covered order”
to mean an order that has an effective date on or later than January 1, 2017. The Bureau believed
that limiting the registration requirement to orders with more recent effective dates would
provide sufficient information to support Bureau functions. The Bureau explained that many
orders issued by Federal, State, and local agencies do not have expiration dates or do not expire
until after the passage of many years. While the Bureau believed that many earlier-in-time
orders remain highly probative of ongoing risks to consumers and could assist the Bureau in
carrying out its market-monitoring obligations—as well as assist the Bureau in assembling an
effective nonbank registry—the Bureau preliminarily concluded that considerations of
administrative efficiency favored focusing on orders issued within approximately the first several
years preceding any final rule. The Bureau sought comment on this proposed approach.
Finally, proposed § 1092.201(e) would have provided that the term “covered order”
would not include an order issued to a motor vehicle dealer that is predominantly engaged in the
sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, within
the meaning of CFPA section 1029(a),231 except to the extent such order is in connection with
the functions that are excepted from the application of CFPA section 1029(a) as described in
CFPA section 1029(b).232 This provision would have excluded certain orders issued to motor
vehicle dealers that are described in CFPA section 1029(a), and would have incorporated the
definitions provided at CFPA section 1029(f).233 CFPA section 1029(a) establishes a statutory
exclusion from the Bureau’s authority; CFPA section 1029(b) excepts certain functions of motor
vehicle dealers from that exclusion.234 The Bureau noted, therefore, that an order that is issued
12 U.S.C. 5519(a).

12 U.S.C. 5519(b).

12 U.S.C. 5519(f).

12 U.S.C. 5519(a), (b).

to a motor vehicle dealer that relates to the functions described in section 1029(a)—that is, the
sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both—
generally would not have been a “covered order” under the proposed definition. However, if the
order related at least in part to a function excepted from the application of CFPA section 1029(a)
as described in CFPA section 1029(b), this limitation would not apply, and the order would have
qualified as a “covered order.” The functions described in 1029(b) include: “provid[ing]
consumers with any services related to residential or commercial mortgages or self-financing
transactions involving real property;” “operat[ing] a line of business–(A) that involves the
extension of retail credit or retail leases involving motor vehicles; and (B) in which–(i) the
extension of retail credit or retail leases are provided directly to consumers; and (ii) the contract
governing such extension of retail credit or retail leases is not routinely assigned to an
unaffiliated third party finance or leasing source;” and “offer[ing] or provid[ing] a consumer
financial product or service not involving or related to the sale, financing, leasing, rental, repair,
refurbishment, maintenance, or other servicing of motor vehicles, motor vehicle parts, or any
related or ancillary product or service.”235
Comments Received
The Bureau specifically sought comment on whether certain types of orders should be
categorically excluded from registration.236 Commenters stated that the registry should not
collect or publish information regarding consent orders. Commenters stated that including
consent orders would unfairly include orders that do not involve any adjudication of
wrongdoing; that such orders often are based on errors or inaccurate or contested allegations, or
result from a change in a regulator’s interpretation of the law; and that such orders often contain
provisions clearly stating that the entity does not concede or admit liability. Commenters also
stated that companies often only settle matters in order not to incur the cost, delay, and

12 U.S.C. 5519(b).

See 88 FR 6088 at 6110.

uncertainty of litigation, that consent orders often involve matters that might not have been
determined to be violations if fully litigated, and that regulators are often uncertain about
whether they can prove the violations alleged. Industry commenters stated that consent orders
represent only a crude predictor of risk, and including them would provide an inaccurate,
inconsistent, or misleading picture of risk to consumers. Industry commenters stated that
including consent orders would penalize companies that have agreed to settle matters instead of
litigating them, and that including consent orders would be unfair because it would lead to
registering only those businesses who are not able to afford defending themselves from
government attacks.
Commenters, including the SBA Office of Advocacy, specifically objected to the
Bureau’s publication of consent orders, stating that such publication would be unfair because it
would have negative reputational consequences and lead to a decrease of business; would
prejudice the entities involved; would otherwise provide inaccurate information to the Bureau
and to consumers; would lead to higher compliance costs; would likely encourage class action
lawsuits and spurious litigation claims; and could result in unintended consequences.
Commenters stated that, in particular, publication of consent orders would deter covered
nonbanks from consenting to covered orders in future. Commenters stated that the deleterious
effects of being identified on the registry would have a chilling effect on consents and would
discourage settlement in future proceedings, including those brought by agencies other than the
Bureau, and would induce covered nonbanks to litigate enforcement or civil actions instead of
settling. Thus, commenters argued, the registry would prolong litigation, raise costs, and worsen
outcomes, and could be disruptive to the State and local oversight process, in particular as
regulators might become less likely to bring enforcement actions. Commenters stated that these
effects would be especially pronounced for smaller settlements. The joint letter from State
regulators stated the imposition of the proposed written-statement requirements, in particular,
could frustrate a State regulator’s ability to effectively resolve supervisory matters or to finalize

enforcement matters. An industry commenter stated that the proposed registry would create a
disincentive for entities to self-report violations, for fear of becoming subject to the proposed
rule’s registration requirements. Commenters stated that because of these effects, the registry
would lead to additional harm to consumers. But a consumer advocate commenter stated that the
argument that the registry will deter entities from being cooperative or forthcoming is an
inappropriate threat not to cooperate that should not be rewarded with lax oversight.
Industry commenters stated that the proposed registry would be unfair because other
companies are likely engaging in conduct similar to the conduct that resulted in a covered order
but are not getting caught.
An industry commenter objected to the Bureau’s proposal to register orders issued or
obtained by the Bureau itself, stating that an additional registry of such orders would be
superfluous.
Commenters objected to the Bureau’s proposal to register orders issued by State agencies
and local agencies, and by State courts, and to impose written-statement requirements in
connection with such orders. Commenters stated that the Bureau lacks authority, expertise, and
knowledge of relevant circumstances applicable to such orders, and has no legitimate interest in
them. An industry commenter indicated that the proposal would give the Bureau enforcement
power over other agencies’ orders for violations of State and Federal laws that the Bureau has no
jurisdiction to enforce. A Tribal commenter stated that including such orders in a public
database would interfere with the other government’s sovereign decision regarding whether and
how to publish its own orders. An industry commenter stated that orders issued by local
agencies should not be included because local regulatory and enforcement agencies may be
subject to more local, provincial issues, local control, and local political trends, and be less likely
to produce orders that are based on broader consumer financial protection issues.
A Tribal commenter stated that the definition of “covered order” should be amended to
require that the order be “enforceable” in addition to final and public. The Tribal commenter

also stated that the rule should clarify when an order is issued “at least in part” in an action or
proceeding brought by an applicable agency.
An industry commenter stated that it was unclear under the proposed definition whether
nonpublic NCUA letters of recommendation would be covered.
An industry commenter stated the Bureau should further clarify the definition of “covered
order” because State agencies vary in their approaches to enforcing and interpreting orders. The
commenter stated that one State agency may consider a final order that involves a corrected issue
to be closed, while another State may not.
The Bureau specifically sought comment on the scope of proposed § 1092.201(e)(1),
which included a requirement that the covered order identify a covered nonbank by name as a
party subject to the order, and whether proposed § 1092.201(e)(1) should also include affiliates,
successors and assigns, or other methods of identifying entities subject to orders, even though
they are not expressly named in the order. A consumer advocate commenter stated that the rule
should apply to successors and assigns, not just named parties as provided under proposed
§ 1092.201(e)(1).
Commenters stated generally that the proposed registry was overbroad and too
prescriptive. Industry commenters suggested that the Bureau attempt to limit those covered
orders that require registration to orders that involve more serious or direct consumer harm, as
opposed to those that involve only clerical or administrative errors, or that do not meet a
minimum threshold of harm to consumers. Commenters stated that the proposed registry should
not lump small orders together with large important orders. Commenters stated that the
proposal’s approach would result in overreporting of minor infractions that would confuse or
mislead the public, overwhelm the nonbank registry, or render the nonbank registry less useful,
and would improperly impose reputational harm.
Under proposed § 1092.201(e)(5), the proposal would have defined “covered order” to
mean an order that has an effective date on or later than January 1, 2017. A consumer advocate

commenter stated that the term “covered order” should include all orders for 10 years prior to the
effective date of the final rule. The commenter stated that this change would correspond with
proposed § 1092.202(e), which would have provided that a covered order shall cease to be a
covered order for purposes of this subpart as of the later of: (1) ten years after its effective date;
or (2) if the covered order expressly provides for a termination date more than ten years after its
effective date, the expressly provided termination date.
An industry commenter stated that the 2017 date should be moved forward to 2019 or
later to better distinguish nonbanks with only a few consent orders, or that have taken
appropriate remedial steps related to the order, from actors with a clear record of consistent
consumer or other abuse.
Industry commenters stated that the nonbank registry should not apply to prior orders at
all, but only to orders issued after the effective date of the rule. An industry commenter stated
that the proposal would violate the right to due process, as entities would not have agreed to
consent to covered orders if they had been aware of the Bureau’s registry. Another commenter
stated that the proposal’s registration of existing orders contravened legal tradition barring ex
post facto laws.
Tribal and industry commenters stated that orders should not be considered “final” as
provided under proposed § 1092.201(e) until all avenues of appeal have been exhausted.
A joint letter by State regulators stated that the proposal introduced other complexities
and confusion for covered entities and consumers due to ambiguities relating to the rule’s
registration requirement, and that these ambiguities could not be satisfactorily addressed because
most covered orders will not be issued by the Bureau. In particular, the joint comment letter
questioned how the same or similar violations across different business lines would be treated,
and how the registration requirements would apply if multiple States take unilateral action for a
firm’s violation of the same consumer financial law. The comment expressed concern that

nonbanks would be unable to understand or comply with the obligations of the rule due to
questions about if, when, and how a nonbank might be required to report an order to the Bureau.
An industry commenter stated that the Bureau should clarify that an affiliate of a covered
person need not register with respect to a covered order unless it is itself named in the covered
order.
The Bureau received a question in interagency consultation regarding whether
“assurances of voluntary compliance” would be covered orders.
Response to Comments Received
The Bureau is finalizing the definition of “covered order” to include an otherwise
covered order whether or not issued upon consent. Accordingly, “covered orders” may be issued
upon consent or settlement. The Bureau is adopting this approach for several reasons. First,
under § 1092.201(e)(1)(iv), the final rule will only apply to orders in which an agency or court
has imposed applicable obligations on the covered nonbank based on an alleged violation of a
covered law. Where a court or agency makes a decision to issue an order based on one or more
violations of a covered law, such an order is clearly relevant to and probative of risk to
consumers (including risks related to developments in markets for consumer financial products
and services), whether or not the entity agrees with the issuing agency or court’s determination.
The Bureau acknowledges that certain covered nonbanks may from time to time believe a court
or agency has erred in issuing or obtaining a covered order against them, even in cases where the
entity has consented to the imposition of the order. For example, the entity may believe that the
order is based on inaccurate or contested allegations of fact or law, or that it resulted from an
improper change in a regulator’s interpretation of the law. The Bureau concludes that a covered
order is likely probative of risk to consumers even in such cases. In most cases, the fact that an
agency has devoted its limited resources to an action to enforce a covered law, and a covered
nonbank has agreed to take on obligations based on the alleged violation rather than litigate the
issue, indicates a heightened likelihood that the covered nonbank may present risks to consumers

that may warrant the Bureau’s attention, even if the covered nonbank believes that it had
arguments for why it was not liable. Excluding consent orders or orders that do not contain an
admission of liability from the rule would unduly restrict the information that would be collected
regarding many orders that are highly probative of risk to consumers, such as orders based upon
clearly established and significant violations of covered laws, and would limit the rule’s
usefulness. Collecting information about consent orders also will assist the Bureau in identifying
and evaluating patterns of risks associated with orders across companies, industries, products,
and regions. For example, in conducting its assessments of consumer risk, the Bureau will often
find it useful to know whether a covered nonbank, or type of nonbank, has (or has not) become
subject to multiple orders across a period of time, or from multiple agencies, or based on
violations of multiple covered laws, or across product lines, or in particular geographic regions,
even where such orders were entered into upon consent. Thus, it is appropriate to collect
information about such orders and the entities subject to such orders, and to publish such
information as provided under § 1092.205.
Second, the Bureau’s collection of information regarding consent orders, and its potential
republication of those consent orders, does not imply any admission of fault or additional
liability by the applicable covered nonbank. The Bureau acknowledges that many consent orders
do not contain admissions of wrongdoing, and that entities may consent to the imposition of such
orders while disagreeing with the findings of the agency or court. Such orders may contain
provisions clearly stating that the entity does not concede or admit liability. However, the final
rule is intended to provide the Bureau with the ability to monitor relevant orders and to inform
relevant nonbank registry users and the public about them. As stated in the notice of proposed
rulemaking,237 the Bureau believes that requiring registration only of orders that contain an
admission of liability, or a statement setting forth certain types of findings or other factual

88 FR 6088 at 6111.

predicates underlying the order, would omit relevant orders. The Bureau believes that an order
that contains neither an admission of liability nor a statement setting forth the factual predicate
underlying the order may nevertheless be probative of risks to consumers of the type that the
Bureau is obligated to monitor. Just as entities may consent to an order in order not to incur the
cost, delay, and uncertainty of litigation, so to a Federal agency, State agency, or local agency
may accept an entity’s consent to an order without requiring an admission of liability, for similar
reasons. Therefore, the final rule includes as “covered orders” consent orders as well as orders
obtained after a contested or litigated hearing, lawsuit, or other process. As discussed in the
description of the proposal above, for purposes of this definition, an obligation is “based on” an
alleged violation where the order identifies the covered law in question, asserts or otherwise
indicates that the covered nonbank has violated it, and imposes the obligation on the covered
nonbank at least in part as a result of the alleged violation, even where the order contains
provisions clearly stating that the entity does not concede or admit liability. But the Bureau’s
collection and potential publication of information about a consent order does not somehow
imply that the covered nonbank admits liability with respect to the order. Nor does the final rule
otherwise affect the entity’s obligations under the order or any other liability that may result
from the matters addressed by the order.
Third, the Bureau concludes that its potential publication of information related to
consent orders as described at § 1092.205 will not impose unfair costs on consenting entities. As
discussed in part VIII, the final rule will not make public any non-public orders, limiting the
likely costs on covered nonbanks of publishing consent orders. Nor will the Bureau’s potential
publication of information relating to consent orders as described at § 1092.205 provide
inaccurate, inconsistent, or misleading information to consumers, as the Bureau will simply be
collecting and presenting factual information regarding such orders that are already published (or
required to be published) elsewhere. For further discussion of publication, see the section-bysection discussion of § 1092.205 below.

Fourth, the Bureau disagrees with the assertions by commenters that the potential
deleterious effects of being listed on the registry will materially deter entities from agreeing to
consent orders or otherwise impair the ability of other agencies to administer and enforce the
laws subject to their jurisdiction. Covered orders are already public. The Bureau expects that
the disincentive effect of the additional visibility for these orders via the nonbank registry would
be minimal and would be outweighed by benefits of the registry. Likewise, the Bureau does not
believe that the additional burden associated with either the information-collection or the writtenstatement requirements of the final rule is so great as to deter a covered nonbank from selfreporting, or from entering into a consent agreement or stipulation that would otherwise be in its
best interests.
Covered orders are probative of risk to consumers (including risks related to
developments in markets for consumer financial products and services), even if it may be true
that not all violations of covered laws result in covered orders. The Bureau still has an interest in
collecting and publishing information regarding such covered orders, and in imposing the other
requirements of the rule in connection with such orders, even if there are other violations of
covered laws occurring that the nonbank registry does not detect.
The Bureau is finalizing the definition of the term “covered order” to include orders
issued or obtained by the Bureau itself. The Bureau believes the final rule’s requirements will
provide additional useful information in connection with such orders. The identifying
information submitted by covered nonbanks, and the final rule’s obligation to update that
information in the event of changes, could provide new and useful information to the Bureau and
the registry. For example, a company that moves or changes its name will be required to update
the registry. Also, § 1092.204’s written-statement requirements will provide new information on
an annual basis about the Bureau’s orders and the applicable supervised registered entity’s
compliance with them, including the name and title of the supervised registered entity’s attesting
executive. In addition, including orders issued or obtained by the Bureau will contribute to the

registry’s comprehensiveness, which in turn will make the registry a more useful resource for the
Bureau and others in conducting research regarding general trends in the enforcement of
consumer financial protection laws.238
Final § 1092.201(e) includes orders issued or obtained by State or local agencies. As also
discussed in the section-by-section discussion of § 1092.201(c) above, the final rule will not
provide the Bureau with enforcement power over other agencies’ orders or with authority with
respect to violations of Federal and State laws that the Bureau lacks jurisdiction to enforce. The
Bureau defers to other agencies’ and courts’ interpretations of the orders they have issued or
obtained under their own authority against persons subject to their jurisdiction, and to those
agencies’ and courts’ decisions about whether and how to enforce such orders. The Bureau has
not and does not assert that it may enforce all covered orders or covered laws, nor is the final rule
a mechanism for it to do so. (To be sure, the definition of “covered order” does encompass
certain orders that the Bureau may enforce, such as its own orders issued under Federal
consumer financial law or the other laws described in § 1092.201(c)(2). But the final rule does
not affect the Bureau’s authority to do so.)239
Instead, the purposes of the final rule are as described herein, including to inform the
Bureau regarding risks related to covered orders issued or obtained by State agencies and local
agencies.240 The Bureau has a legitimate interest in learning about such orders and the entities
that are subject to them. Collecting and registering such orders will assist with monitoring for
risks to consumers in the offering or provision of consumer financial products and services. The
Bureau concludes that the information that will be provided via the nonbank registry regarding
orders issued or obtained by State agencies and local agencies will inform the Bureau’s functions

See also the section-by-section discussion of § 1092.201(k) below regarding the exclusion of orders issued or
obtained by the Bureau from the final rule’s definition of the term “NMLS-published covered order.”
Excluding orders issued or obtained by State agencies from the definition of “covered order” would also
improperly exclude orders issued or obtained by State attorneys general and State regulators under 12 U.S.C. 5552.
For discussion of the purposes of the final rule’s written-statement requirements, see part IV(D) and the sectionby-section discussion of § 1092.204 below.
even though the Bureau may lack jurisdiction to enforce the order and may not be involved in the
issuance or implementation of the order. For the reasons described in part IV, covered orders are
nevertheless probative of risk to consumers (including risks related to developments in markets
for consumer financial products and services) that is of concern to the Bureau, and the Bureau
has a legitimate interest in becoming informed regarding such orders even where they have been
issued or obtained by State or local agencies (as opposed to Federal agencies). And the
identifying information submitted to the nonbank registry will help the Bureau identify and
monitor the covered nonbanks that are subject to such orders, which will also inform the
Bureau’s functions.
Nothing in the CFPA confines the risks to consumers that must be monitored by the
Bureau to risks related solely to the Federal Government, or solely to orders issued or obtained
by Federal agencies. To the contrary, the Bureau is tasked with monitoring a wide range of
sources to inform its assessments of risks to consumers, specifically including matters within the
jurisdiction of State agencies and local agencies. For example, as discussed in part IV(B), CFPA
section 1024(b)(2)(D) provides that the Bureau, in making risk-based supervisory prioritization
determinations, shall take into account “the extent to which … institutions are subject to
oversight by State authorities for consumer protection.”241 The existence of one or more orders
issued or obtained by the types of State agencies described in the final rule in connection with
violations of covered law would provide important and directly relevant information regarding
the extent to which nonbanks are subject to oversight by State authorities for consumer
protection.242 Likewise, in allocating its resources to perform market monitoring, the Bureau

12 U.S.C. 5514(b)(2)(D).

In addition, as discussed in part IV(B), the Bureau concludes that the existence of an order issued or obtained by
a State agency or a local agency requiring registration under the final rule would be probative of risks to consumers
as described in 12 U.S.C. 5514(b)(2)(C) (referring to “the risks to consumers created by the provision of such
consumer financial products or services”), and determines that the existence of such an order is a relevant factor for
the class of covered persons subject to the final rule under 12 U.S.C. 5514(b)(2)(E) (providing that the Bureau shall
also take into account “any other factors that the Bureau determines to be relevant to a class of covered persons”).
Thus, knowledge of such orders issued or obtained by State agencies or local agencies will be relevant information
may consider “the legal protections applicable to the offering or provision of a consumer
financial product or service, including the extent to which the law is likely to adequately protect
consumers.”243 As the types of “legal protections” to be considered by the Bureau are not
restricted solely to protections related to Federal agencies, the Bureau concludes that it may
consider the information that will be obtained under the final rule regarding covered orders
issued or obtained by State agencies or local agencies under this provision. Another provision,
CFPA section 1024(b)(3), requires coordination with State supervisory authorities with respect to
nonbanks supervised by the Bureau.244 The final rule will enhance the Bureau’s ability to stay
informed and up to date regarding recent covered orders issued or obtained by State agencies and
local agencies against covered nonbanks that are subject to its jurisdiction, and thus will facilitate
coordination with relevant State authorities.
For similar reasons, the Bureau concludes that it is appropriate to impose the final rule’s
written-statement requirements in connection with covered orders issued or obtained by State
agencies and local agencies against supervised registered entities. The Bureau disagrees with
commenters’ assertions that the Bureau lacks authority to impose these requirements with respect
to such State agency and local agency orders or that such imposition is otherwise inappropriate.
As discussed above, such orders are probative of the risks to consumers that the Bureau is tasked
with detecting and assessing as part of its supervisory work. Violations of such orders may be
probative of heightened risks for consumers and borrowers that are relevant to the Bureau’s
exercise of its supervisory authority; thus, for the reasons discussed in part IV(D) above and the
section-by-section discussion of § 1092.204 below, the written-statement requirements will
facilitate the Bureau’s supervision of supervised registered entities subject to such orders. The
information collected under § 1092.204 regarding risks to consumers that may be associated with

in prioritizing and scoping the Bureau’s supervisory activities under CFPA section 1024(b) with respect to the
covered persons subject to that provision.
12 U.S.C. 5512(c)(2)(C).

12 U.S.C. 5514(b)(3).

the orders, including potential violations of CFPA sections 1031 and 1036, and the applicable
supervised registered entity’s compliance systems and procedures will be relevant to the
Bureau’s supervisory authority even where those risks are associated with State agency and local
agency orders. For the reasons discussed in part IV(D) and the section-by-section discussion of
§ 1092.204, imposing § 1092.204’s requirements with respect to orders issued or obtained by
State or local agencies also will help ensure that the supervised registered entities subject to such
orders are legitimate entities and are able to perform their obligations to consumers. Contrary to
commenters’ suggestions, the Bureau is not adopting the written-statement requirements to
administer or enforce orders issued or obtained by State or local agencies, but rather to further its
statutory purposes under CFPA section 1024(b)(7)(A)-(C) with respect to risks to consumers that
are relevant under Federal law, that are associated with entities that are subject to the Bureau’s
supervisory and examination authority under CFPA section 1024(a), and that arise in connection
with the offering or provision of consumer financial products and services subject to the
Bureau’s jurisdiction.
In the proposal, the Bureau described a number of types of orders that would and would
not be considered “final” orders under the proposal. The Bureau finalizes these descriptions,
which are recounted in the summary of the proposed rule above. The Bureau’s discussion of
examples of non-final orders, however, was not intended to be exhaustive. Other orders that are
not final orders are also excluded from § 1092.201(e)’s definition of the term “covered order.”
The Bureau is finalizing § 1092.201(e) to include orders issued or obtained by local
agencies. Even if, as a commenter suggests, such agencies are less likely than are other agencies
to issue or obtain relevant consumer protection orders,245 information about such covered orders
as they do issue will be relevant and informative to the Bureau. As stated in the description of
the proposal above, some local agencies have authority to enforce State consumer protection

The Bureau does not express an opinion on this question. The Bureau intends to use the information it obtains
through the final rule to better understand the quantity and content of covered orders and the types of agencies that
issue them.
laws, and the Bureau believes it is important to include orders issued or obtained by such local
agencies in the definition.
Also, as discussed in part IV(B), it is important for the Bureau to collect information
about such public orders across markets and agencies as provided in the final rule, which will
improve the Bureau’s efforts to determine where entities, either as a group or individually, are
repeatedly violating the law. The registry will provide a valuable mechanism to help ensure that
the Bureau is rapidly made aware of such repeat offenders across a range of markets and
enforcement agencies, including State agencies and local agencies. Confining the orders
collected to those issued or obtained only by Federal agencies would unnecessarily limit the
information that is provided to the Bureau and provide the Bureau with only a partial view of
such risks.
With respect to publication, final § 1092.201(e) requires that a “covered order” be
“public” as defined at § 1092.201(m). Thus, the covered orders issued or obtained by a State
agency or local agency that may be published by the nonbank registry under § 1092.205 will
have already been published, or are required to be published under governing laws, rules, or
orders. As a result, the registry will not interfere with but rather reflect the decisions of State or
local agencies in that regard.
The Bureau is finalizing the definition of “covered order” without a requirement that the
order be “enforceable.” Such a requirement would lead to confusion and imprecision as to the
final rule’s submission requirements, as it will not always be clear whether any particular
covered order is “enforceable.” The Bureau does not wish to invite arguments from covered
nonbanks as to whether any particular covered order is or is not actually “enforceable.” For
example, an entity may consent to the imposition of an order while privately believing that the
order may not properly be enforced against it under the correct understanding of the law. The
Bureau concludes that the nonbank registry should collect and potentially publish information
about such orders and that they should not be excepted from the final rule’s definition of

“covered order.” Moreover, as discussed in the section-by-section discussion of § 1092.202(f)
below, a covered nonbank must submit a final filing to the nonbank registry if a covered order is
terminated, modified, or abrogated (whether by its own terms, by action of the applicable
agency, or by a court). Amending the definition of “covered order” to require that the order be
“enforceable” would reduce the information provided by these final filings, at least under certain
circumstances. For example, where a covered nonbank has registered a covered order with the
nonbank registry and the order is subsequently terminated, modified, or abrogated by action of
the applicable agency or court, the order would at least theoretically no longer satisfy the
“enforceability” requirement and would therefore no longer qualify as a “covered order.” Thus,
the covered nonbank would not be required to submit the final filing required by § 1092.202(f),
which is a valuable mechanism to clarify the current status of covered orders to the Bureau and
other users of the nonbank registry.
Section 1092.201(e)(1)(ii) includes, as a component of the definition of the term “covered
order,” a requirement that the order have been issued at least in part in any action or proceeding
brought by any Federal agency, State agency, or local agency. By requiring that the order be
issued “at least in part” in such an action or proceeding, the Bureau will require registration of
orders that may include certain elements that are not directly related to the action or proceeding
brought by the agency. For example, an order may impose obligations on a covered nonbank in
a lawsuit brought by both an agency and a set of private plaintiffs. So long as the agency
brought the action or proceeding, and the order was issued at least in part in that action or
proceeding, this component of the definition would be satisfied with respect to the entire order.
The commenter’s question about nonpublic NCUA letters of recommendation appears to
refer to a type of confidential NCUA supervisory communication. First, “insured credit unions”
as that term is defined at § 1092.101(a) are not covered nonbanks and thus are not subject to any
of the requirements of the rule. Second, only “public” orders, as the term “public” is defined at
§ 1092.201(k), are covered orders. To the extent an entity receives a confidential letter or other

communication from the NCUA that is not “public” as defined, the communication would not be
a covered order. This would include any order (or portion of any order) that constitutes
confidential supervisory information of any Federal or State regulator.
One industry commenter stated the definition of “covered order” should be clarified
because State agencies vary in their approaches to enforcing and interpreting orders. While the
Bureau does not necessarily disagree with the latter statement, the Bureau does not believe these
differences among State agencies require modification of the definition. The Bureau does not
believe, and does not intend by finalizing the rule to suggest, that all covered orders are
somehow equivalent. The Bureau has considered the types of orders that it believes are
probative of risk to consumers and require registration. The final rule contains a number of
elements, each of which must be satisfied in order to cause an order to require registration. An
order that satisfies the definition of the term “covered order” is subject to the final rule’s
requirements with respect to such orders, to the extent they apply. It is not clear how any
differences among State interpretations or approaches would be relevant to determining whether
an entity must comply with the rule’s requirements. Nor does the Bureau believe that any such
differences would render publication of such orders or the other registration information required
by the rule to be misleading or inappropriate. Differences among State treatment of when orders
are resolved or closed should not affect filing obligations under the final rule. Under
§ 1092.202(f)(1), if a covered order is terminated, modified, or abrogated (whether by its own
terms, by action of the applicable agency, or by a court), the applicable covered nonbank should
submit a final filing under that section. The covered nonbank should not submit such a final
filing based solely on a State supervisory or other communication that does not result in the
termination, modification, or abrogation of the order. Finally, where an entity believes in good
faith it is not subject to a covered order, but is not certain the Bureau would agree with its
interpretation, it may file a good faith notification under § 1092.202(g).

The Bureau is finalizing § 1092.201(e)(1) (renumbered as § 1092.201(e)(1)(i)) without
revisions that would have the effect of requiring successors or assigns who are not named as
parties in an order to continue satisfying the rule’s requirements with respect to that order. The
Bureau finalizes its preliminary conclusion in the proposal246 that the approach described in the
proposed rule will effectively achieve the Bureau’s market-monitoring objectives with greater
administrative ease. The Bureau is concerned that in many cases the application of covered
orders to successors and assigns may be unclear, and that registration of new entities that are not
expressly named in the order may cause confusion for the Bureau and other users. Also, the
Bureau anticipates that, at least in some cases, the issuing agency or court will modify its order
to ensure that a successor or assignee entity will remain subject to the order, and that the new
entity would then be required to register under § 1092.202. However, the Bureau notes that
while a new successor or assignee entity would not be subject to the rule’s requirements with
respect to an order that did not expressly identify it by name as a party subject to the order, the
Bureau does not intend to exclude entities that simply change their legal name or doing-businessas name following the issuance of the order, so long as the same legal entity remains subject to
the order.247
The Bureau is finalizing § 1092.201(e) without narrowing the definition to encompass
only orders that involve direct consumer harm, as opposed to those that involve only clerical or
administrative errors. The Bureau also declines to adopt any specific minimum quantitative or
other thresholds for consumer harm with respect to the covered orders that require registration
under the final rule. While the Bureau agrees that not every covered order will represent an
equivalent amount of risk, the Bureau is finalizing the rule in a manner designed to capture
relevant risks. As explained above, when an agency issues an order, or seeks a court order,
enforcing the law, it typically has determined that the problems at the applicable entity are

88 FR 6088 at 6117.

See also the section-by-section discussion of § 1092.202(b) below.

sufficiently serious to merit the expenditure of that agency’s limited resources and perhaps the
attention of the courts. Further, in the Bureau’s experience, the existence of an order identifying
a legal violation is often probative of broader potential inadequacies in an entity’s compliance
systems, even if the violation addressed in the order might be described as “clerical,”
“administrative,” or otherwise technical in nature. The Bureau thus concludes that covered
orders as defined at § 1092.201(e) are likely to be probative of relevant risk to consumers. The
final rule establishes multiple criteria for an order to be a “covered order” that is subject to the
rule’s requirements. The Bureau believes these criteria are sufficient to identify and distinguish
certain kinds of orders that are likely to be probative of risk to consumers and that the Bureau has
the authority to monitor. The Bureau declines to adopt additional criteria that would further
narrow this definition.
In addition, the Bureau is concerned that adopting the types of distinctions commenters
propose would not be administrable. It is not clear what would constitute a violation of law that
only amounted to a “clerical” or “administrative” error, as opposed to a more “serious” violation
of a covered law. The Bureau believes that the final rule appropriately describes and
encapsulates orders that are likely to be probative of risk to consumers without adding a carveout
for “clerical” or “administrative” violations. Thus, the collection and publication of information
about such orders, even ones that address matters that could appear to some audiences as
comparatively “minor,” will serve the purposes of the final rule described in part IV above.
Providing for a minimum threshold would also add undue complexity to the final rule, depending
upon the criteria that might be adopted, and could make compliance more difficult or
burdensome. For example, if the Bureau were to impose registration only with respect to orders
where a minimum dollar threshold of consumer harm or number of consumers affected was
related to the order, it is not clear that such dollar amounts or numbers would be calculated in all
cases. Even where such an amount might be determined, the full extent of related consumer
harm might not be known for some time after the issuance of the order, or might be confidential

supervisory information or otherwise confidential (and the Bureau does not intend to reveal such
confidential information to the public via the nonbank registry). The Bureau declines to
introduce such complexities into the final rule. While such questions might be reasonably
answerable with respect to certain types of orders, and many individual orders may be structured
to permit calculation and public disclosure of such threshold amounts, the Bureau intends the
requirements of the final rule to be sufficiently flexible to collect information regarding a wide
range of agency and court orders that may provide evidence regarding risk to consumers. The
Bureau also declines to impose materiality requirements as to the type of violations that must be
declared in written statements submitted under § 1092.204; see the section-by-section discussion
of this section below for additional discussion of these issues.
Publication of information collected by the registry as intended by the Bureau will enable
users of the registry to access relevant and accurate information about covered orders, including
the violations that may be associated with such orders, and will not cause but rather help prevent
confusion and the distribution of misleading information. See the section-by-section discussion
of § 1092.205 below for additional discussion of related issues involving the potential
publication of registry information.
The Bureau finalizes § 1091.201(e)(5) (renumbered as § 1091.201(e)(1)(v)) as proposed.
For the reasons stated in the proposal, the Bureau believes that registering orders with an
effective date on or after January 1, 2017, is likely to lead to collecting useful information and
otherwise will best serve the purposes of the final rule described in part IV above. The Bureau
declines at this time to amend the definition of covered order to include orders with an effective
date prior to January 1, 2017. While, as discussed in the proposal, the Bureau believes earlier
orders are highly probative of consumer risk, the Bureau finalizes its preliminary conclusion in

the proposal248 that considerations of administrative efficiency favor focusing on orders issued
within approximately the first several years preceding the final rule.
The Bureau also declines to finalize a later date for this provision. This approach would
lead to the omission of covered orders that are recent enough to be relevant to risk to consumers,
and would impair the ability of the Bureau and others to identify trends and patterns in the
information collected. The Bureau acknowledges that in the intervening time following the
issuance of a covered order and before registration, it is possible that many entities will have
taken steps to address the violations and other issues identified in the covered order. The Bureau
encourages covered nonbanks to take the steps necessary to protect consumers and comply with
covered orders and other laws. Nevertheless, the Bureau concludes that registration of such
orders will serve the purposes of the final rule described in part IV above. Information regarding
the existence of past covered orders will inform the Bureau regarding risk to consumers posed by
the applicable covered nonbank. The issuance of a covered order, and the information that will
be collected under the final rule about the covered nonbank and the order, such as the violations
of covered law and related obligations identified in such an order, are not rendered irrelevant for
the purposes of the final rule simply because a covered nonbank has taken steps to address the
underlying violations or issues. In some cases, the existence of a past covered order might
prompt the Bureau to seek additional information, from the covered nonbank itself or other
sources, to assess whether the remedial steps taken by the covered nonbank have been
successful. In other cases, the Bureau might include the past covered order in a more general
research project aimed at assessing trends in orders enforcing the law over time. See the sectionby-section discussion of § 1092.205 below for additional discussion of related issues involving
the potential publication of registry information.

88 FR 6088 at 6112.

The Bureau disagrees with commenters’ suggestions that the registry would impose an
unlawfully retroactive effect or is incompatible with constitutional principles relating to ex post
facto laws. The mere fact that the Bureau is requiring registration based on previously issued
public orders does not render that requirement impermissibly retroactive.249 “[T]he judgment
whether a particular [law] acts retroactively should be informed and guided by familiar
considerations of fair notice, reasonable reliance, and settled expectations.”250 Taking into
account those considerations, the registration and publication provisions of §§ 1092.202,
1092.203, and 1092.205 do not operate in an impermissibly retroactive manner. The Bureau is
requiring covered nonbanks prospectively to register information with the Bureau. Going
forward, the Bureau plans to use that information as a source of market intelligence to use in
identifying areas of greater—or reduced—risk to consumers, to inform the allocation of the
Bureau’s own resources, and to better understand the entities’ compliance management systems
and processes. Further, § 1092.202 merely requires covered nonbanks to report covered orders
that are already published (or required by law, rule, or order to be published). Requiring covered
nonbanks to submit to the Bureau information about such public orders imposes little meaningful
burden, and thus does not present significant concerns regarding fair notice or upsetting
reasonable reliance or settled expectations. Nor would any publication by the Bureau of
registration information as provided at § 1092.205 impose a meaningful additional burden on
entities, given that registered orders would already be a matter of public record. It is therefore
highly unlikely that covered nonbanks would have made different decisions with respect to past
enforcement actions—e.g., whether to settle or vigorously litigate such actions—had they known
that the enforcement actions could one day subject them to such a low-burden registration

See Landgraf v. USI Film Prods., 511 U.S. 244, 269 n.24 (1994) (“[A] statute ‘is not made retroactive merely
because it draws upon antecedent facts for its operation.’” (quoting Cox v. Hart, 260 U.S. 427, 435 (1922)).
250

INS v. St. Cyr, 533 U.S. 289, 321 (2001) (citation omitted).

requirement. As a result, the imposition of the registration requirement does not have
impermissible retroactive effect.251
Nor does the Bureau believe the U.S. Constitution’s prohibition on ex post facto laws
would apply to the rule, which is adopted under the Bureau’s civil rulemaking authorities in the
CFPA. Under longstanding precedent, civil laws generally are not within the protective reach of
the Ex Post Facto Clause.252
For the reasons discussed in the proposal, the final rule includes orders that are final by
their own terms or under applicable law, even where Federal, State, or local law allows for the
appeal of such orders. The Bureau declines to exempt a broader category of orders as to which
Federal, State, or local law allows for an appeal. Section 1092.201(f) states, “If the issuing
agency or a court stays or otherwise suspends the effectiveness of the covered order, the effective
date [of the covered order] shall be delayed until such time as the stay or suspension of
effectiveness is lifted.” The requirements set forth in § 1092.202(b)(2) with respect to any
applicable covered order are tied to the order’s effective date as defined. Thus, § 1092.202
already adequately addresses situations where a reviewing agency or court has issued a stay or
has otherwise suspended the effectiveness of a covered order. In such cases, the covered
nonbank will not be required to register the covered order until 90 days after its new effective
date. In contrast, the Bureau believes that a covered order that has not been stayed by the issuing
Commenters do not appear to argue that § 1092.204’s written statement requirements would have impermissible
retroactive effect. Nor could they. As discussed in the section-by-section discussion of § 1092.204 below, that
section’s written statement requirements apply only to covered orders with an effective date after the applicable
nonbank registry implementation date (and thus after the final rule’s effective date as well). While some covered
orders with an effective date after the applicable nonbank registry implementation date might relate to violations of
covered laws committed before the final rule’s effective date, the Bureau does not believe that the prospect of
becoming subject to the written-statement requirements would have had a significant marginal impact on a
supervised registered entity’s decision whether to engage in conduct that risked violating covered laws, given the
negative consequences already associated with committing such legal violations.
See, e.g., Smith v. Doe, 538 U.S. 84, 92 (2003); Calder v. Bull, 3 U.S. (3 Dall.) 386, 391 (1798); see also U.S.
CONST. art. I, sec. 9, cl. 3 (prohibiting Congress from enacting ex post facto laws). While the Bureau believes that
the final rule neither is unlawfully retroactive nor violates the Ex Post Facto Clause, if a court were to conclude that
the Bureau cannot apply the rule’s registration requirements to previously issued covered orders “that remain in
effect as of the effective date” of subpart B, as § 1092.202(a) provides, the Bureau intends for that language in
§ 1092.202(a) to be severable under § 1092.103. Under the remaining language of § 1092.202(a), the rule’s
registration requirements would apply after severance “only with respect to covered orders with an effective date on
or after the effective date” of subpart B.
agency or a court, and has been allowed to come into effect, is likely to be probative of risk to
consumers, even if avenues of appeal remain available.253 For that reason, the Bureau has
determined not to exempt such orders from the rule’s requirements. A covered nonbank should
register such an order within 90 days of its effective date as required by § 1092.202(b)(2)(i).
Should the covered order be terminated, modified, or abrogated, including by a reviewing court’s
decision that renders the order ineffective or void, the covered nonbank should submit a final
filing under § 1092.202(f)(1), after which it would have no further obligation to update its
registration information. The Bureau is also finalizing a revision to § 1092.204(a) to clarify that
a supervised registered nonbank is not required to comply with § 1092.204’s written-statement
requirements in cases where the applicable covered order has not been registered under
§ 1092.202 due to a stay or other agency or court action.254
The Bureau does not share the concern expressed in the joint letter from State regulators
that covered nonbanks will be unable to understand or comply with the final rule. With respect
to the comment that ambiguities in the rule’s registration requirements could not be satisfactorily
addressed because most covered orders will not be issued by the Bureau, the Bureau agrees that
covered nonbanks will need to apply § 1092.201(e)’s definition of “covered order” in connection
with a wide range of orders, many of which will not be drafted by the Bureau. However, the
Bureau believes that, in the vast majority of cases, entities subject to the final rule will be able to
clearly discern whether they must comply with the registration and written-statement
requirements in connection with any particular order, and that such registration will serve the
purposes of the rule as stated. Moreover, in the event a covered nonbank has concerns that any
particular order may be deemed a covered order notwithstanding its good-faith belief to the

The Bureau’s determination on this issue accords with the general principle that an unstayed judgment can be
enforced even while an appeal is pending. See, e.g., Acevedo-Garcia v. Vera-Monroig, 368 F.3d 49, 58 (1st Cir.
2004) (“The federal rules contemplate that, absent a stay, a victorious plaintiff may execute on the judgment even
while an appeal of that judgment is pending.”); 16A Catherine T. Struve, Federal Practice and Procedure § 3949.1
(5th ed. 2023) (“Unless the judgment is stayed, the district court may (pending appeal) act to enforce the judgment
….”).
254

See the section-by-section discussion of § 1092.204(a) below.

contrary, it may file one or more good-faith notifications under § 1092.202(g) or § 1092.204(f)
with respect to that order.
Regarding the comments in the joint letter questioning how the same or similar violations
across different business lines would be treated as well as how the registration requirements
would apply if multiple States take unilateral action for a firm’s violation of the same consumer
financial law, a covered nonbank must satisfy the rule’s requirements with respect to all
applicable covered orders that satisfy § 1092.201(e)’s definition. For a discussion of the final
rule’s treatment of multiple orders, see the section-by-section discussion of § 1092.201(l) below.
If the public portions of an order do not “identify [the applicable] covered nonbank by
name as a party subject to the order” as provided at § 1092.201(e)(1)(i), then the order is not a
covered order with respect to that covered nonbank. Thus, under the final rule, an affiliate of a
covered person need not register with respect to a covered order unless it is itself named as a
party in the public portions of the covered order. As discussed in the proposal,255 orders that
indirectly refer to a covered nonbank as an “affiliate” of a named party, but do not name the
covered nonbank as itself a party subject to the order, would not be covered orders under final
§ 1092.201(e) with respect to the covered nonbank. While § 1092.202(c) provides that the
Bureau’s filing instructions may require joint or combined submissions to the nonbank registry
by covered nonbanks that are affiliates as defined in § 1092.101(a), the final rule will not require
an affiliate to submit information to the nonbank registry under this provision in connection with
a covered order unless public portions of the order identify the affiliate by name as a party
subject to the order.
Under § 1092.201(e), the term “covered order” may include legally enforceable written
agreements under sections 8 and 50 of the Federal Deposit Insurance Act256 or any State
counterparts, as well as assurances of discontinuances embodied in orders or judgments issued

88 FR 6088 at 6110.

12 U.S.C. 1818, 1831aa.

by agencies or courts. Likewise, an “assurance of voluntary compliance” (AVC) accepted by a
State agency under State law may qualify as a “covered order” where it satisfies all of the criteria
established under § 1092.201(e), including that the AVC contains public provisions that impose
obligations on the covered nonbank to take certain actions or to refrain from taking certain
actions, and imposes such obligations on the covered nonbank based on an alleged violation of a
covered law. As with other orders, an AVC is not excepted from the definition of “covered
order” solely because it contains neither an admission of liability nor a statement setting forth the
factual predicate underlying the order. A State agency’s acceptance of a legally enforceable
AVC, as with an agency’s acceptance of a legally enforceable written agreement, would
generally occur in an “action or proceeding brought by any Federal agency, State agency, or
local agency” for purposes of § 1092.201(e)(1)(ii).
Final Rule
For the reasons discussed above, the Bureau is finalizing § 1092.201(e) as proposed, with
minor technical edits. The Bureau finalizes its preliminary conclusion in the proposal that these
categories of public orders would assist with monitoring for risks to consumers in the offering or
provision of consumer financial products and services.
Section 1092.201(f) Effective Date
Proposed Rule
The proposal would have defined the term “effective date” to mean, in connection with a
covered order, the effective date as identified in the covered order; however, if no other effective
date is specified, then the date on which the covered order was issued would have been treated as
the effective date for purposes of subpart B of the proposal. The Bureau anticipated that the
effective date for many covered orders would be evident from the face of the order, and in nearly
all cases should be relatively easy to identify.
Proposed § 1092.201(f) would also have provided that if the issuing agency or a court
stays or otherwise suspends the effectiveness of the covered order, the effective date shall be

delayed until such time as the stay or suspension of effectiveness is lifted. Thus, the registration
obligations under proposed subpart B would also have been delayed accordingly. The Bureau
anticipated that such situations would be rare and sought comment on whether this proposal
would adequately address them.
Comments Received and Final Rule
The Bureau did not receive any comments specifically regarding proposed
§ 1092.201(f)’s definition of the term “effective date.” See the section-by-section discussion of
§ 1092.201(e) above for a discussion of comments addressing which orders should be included
in the term “covered orders.” For the reasons set forth in the description of the proposed rule
above, the Bureau is finalizing § 1092.201(f) as proposed.
Section 1092.201(g) Identifying Information
Proposed Rule
Proposed § 1092.201(g) would have defined the term “identifying information.” This
term would have described the scope of identifying information a covered nonbank may be
required to submit pursuant to proposed § 1092.202(c). Proposed § 1092.201(g) would have
limited this information to information that is already available to the covered nonbank, and
which uniquely identifies the covered nonbank. As described in proposed § 1092.201(g), this
information would have included, to the extent already available to the covered nonbank, legal
name, State of incorporation or organization, principal place of business address, and any unique
identifiers issued by a government agency or standards organization. The Bureau explained that
examples of the latter identifiers that entities might have been required to provide under
proposed § 1092.202(c) would include an NMLS identifier, a Home Mortgage Disclosure Act
(HMDA) Reporter’s Identification Number, the Legal Entity Identifier (LEI) issued by a utility
endorsed by the LEI Regulatory Oversight Committee or endorsed or otherwise governed by the

Global LEI Foundation (GLEIF, or any successor of the GLEIF),257 and a Federal Tax
Identification number.
The Bureau believed that this information would help it to identify covered nonbanks
with specificity, including ensuring that the Bureau can identify covered nonbanks’ submissions
to other registries and databases where applicable, such as the NMLS, and HMDA submissions.
Furthermore, the Bureau believed that, upon publication, this information would facilitate the
ability of consumers to identify covered persons that are registered with the Bureau. The
proposal would not have required the entity to obtain an identifier. Thus, for example, if the
proposed NBR system were to have asked about a particular type of identifier and that type of
identifier had not been assigned to the covered nonbank, then under the proposal, the covered
nonbank would have been able to indicate the identifier is not applicable.
Comments Received
A nonprofit commenter supported the inclusion of the legal entity identifier (LEI) in
proposed § 1092.201(g) and the inclusion of the LEI as a public data element in the nonbank
registry. The commenter suggested that the Bureau, when an LEI is submitted, could also obtain
the applicable covered nonbank’s legal name, legal address, and headquarters address from the
Global LEI System.
Response to Comments Received
In response to the comment about using LEI information, the Bureau may require
covered nonbanks to submit such information to the registry and will consider further
opportunities to obtain relevant information from other sources including the Global LEI System.
Final Rule
For the reasons set forth above, the Bureau is finalizing § 1092.201(g) as proposed, with
revisions as described below.

See 12 CFR 1003.4(a)(1)(i)(A) (addressing LEIs).

The proposal would have collected information regarding a covered nonbank’s State of
incorporation or organization. The Bureau is adopting a revision to provide that the Bureau may
require a covered nonbank that is not incorporated or organized in a State to submit to the
registry the names of any other jurisdiction in which it is incorporated or organized. For
example, a covered nonbank that is incorporated or organized under Federal law or the laws of a
foreign government should provide that information. If collected, such information would be
categorized as “identifying information” under filing instructions issued under § 1092.102(a).
The Bureau concludes that since certain covered nonbanks may not be incorporated or organized
under State law, collecting and potentially publishing such information may be useful to the
Bureau and to other potential users of the registry information that the Bureau intends to publish
under § 1092.205(a).258 Under the final rule, where applicable, this information will include
information regarding the State or other jurisdiction where a covered nonbank that is not
organized as a corporation was formed—for example, where a covered nonbank organized as a
partnership filed its partnership agreement, where a covered nonbank organized as a limited
liability company was organized, or where the covered nonbank was otherwise formed.
The Bureau is adopting a revision to provide that the Bureau may require a covered
nonbank to submit to the registry any doing business as or fictitious business names, which if
collected would be categorized as “identifying information” under filing instructions issued
under § 1092.102(a). The Bureau concludes that collecting and potentially publishing doing
business as or fictitious business names (including trade names or previously-used names) as
“identifying information” under § 1092.202(c) may be useful to the Bureau and to other potential
users of the registry information that the Bureau intends to publish under § 1092.205(a). Since
some companies may use different names in different contexts, and it may not always be obvious
whether a particular doing business as or fictitious business name may apply to a covered

As discussed in the section-by-section discussion of § 1092.205(a) below, the Bureau is retaining the discretion
not to publish information under § 1092.205 based on operational considerations.
nonbank, such information may help the Bureau and other potential users identify the covered
nonbanks that are registered with the nonbank registry as well as the covered orders to which
they are subject.
In filing instructions adopted under § 1092.102(a), the Bureau will specify the “unique
identifiers issued by a government agency or standards organization” that will be collected under
§ 1092.202(c). As discussed in the proposal, examples of the latter identifiers that entities may
be required to provide under proposed § 1092.202(c) include an NMLS identifier, a HMDA
Reporter’s Identification Number, and LEI information. The Bureau may also specify other
unique identifiers in filing instructions in addition to the examples discussed in the proposal.
The Bureau also may collect, for example, an RSSD ID, a unique identifier assigned to financial
institutions by the Federal Reserve System, and an Electronic Data Gathering, Analysis, and
Retrieval system (EDGAR) Central Index Key (CIK), a unique identifier assigned by the
Securities and Exchange Commission (SEC) to persons that submit filings to the SEC.
Under the final rule, the Bureau will not collect or publish Federal employer
identification numbers (EIN) from covered nonbanks as “identifying information” as that term is
defined at § 1092.201(g), but may determine to collect this information under § 1092.202(c) as
“administrative information” that the nonbank registry will not publish under § 1092.205(a). In
filing instructions issued under § 1092.102(a), the Bureau will specify whether and how it will
collect such information. In addition, a registered entity should not submit any Social Security
numbers, individual taxpayer identification numbers, or other similar personally identifying tax
information to the nonbank registry, even if the registered entity uses an individual’s Social
Security number in tax documents filed by or associated with the entity. As stated in part III(B),
the Bureau’s registry is designed to not collect any protected proprietary, personal, or
confidential consumer information, and thus, the Bureau will not publish, or require public
reporting of, any such information.

Section 1092.201(h) Insured Depository Institution
Proposed Rule
The proposal would have defined the term “insured depository institution” to have the
same meaning as in 12 U.S.C. 5301(18)(A). Section 5301(18)(A), in turn, incorporates the
meaning of “insured depository institution” provided in section 3 of the Federal Deposit
Insurance Act, 12 U.S.C. 1813.259
Comments Received and Final Rule
The Bureau did not receive any comments specifically regarding proposed
§ 1092.201(h)’s definition of “insured depository institution.” See the section-by-section
discussion of § 1092.201(d) above for a discussion of the final rule’s treatment of such
institutions and their affiliates. For the reasons set forth above, the Bureau is finalizing
§ 1092.201(h) as proposed.
Section 1092.201(i) Local Agency
Proposed Rule
The proposal would have defined the term “local agency” to mean a regulatory or
enforcement agency or authority of a county, city (whether general law or chartered), city and
county, municipal corporation, district, or other political subdivision of a State, other than a State
agency. The term would not have included State agencies.
The Bureau proposed to require registration in connection with applicable orders issued
or obtained by local agencies. The Bureau understood that local agencies do issue or obtain
public orders under covered laws.260 For the reasons described above with respect to orders
issued by Federal and State agencies, the Bureau believed that such orders may indicate risk to
consumers, and that obtaining information about these orders would support Bureau functions.

See 12 U.S.C. 1813(c)(2) (defining “insured depository institution” as “any bank or savings association the
deposits of which are insured by the [Federal Deposit Insurance] Corporation pursuant to this chapter”).
See, e.g., Cal. Bus. & Prof. Code sec. 17204 (authorizing enforcement of Cal. Bus. & Prof. Code sec. 17200 by
certain county counsel and city attorneys).
Comments Received and Final Rule
The Bureau did not receive any comments specifically regarding proposed
§ 1092.201(i)’s definition of “local agency.” For the reasons set forth in the description of the
proposed rule above, the Bureau is finalizing § 1092.201(i) as proposed.
Section 1092.201(j) NMLS
Proposed Rule
The proposal did not contain an exemption for covered orders published on the NMLS
Consumer Access website.
Comments Received
See the section-by-section discussion of § 1092.203(a) below for a discussion of
comments received regarding duplication of the proposed registry with the NMLS and discussing
or requesting an exemption for orders that are already published or available via NMLS, and the
Bureau’s responses thereto.
Final Rule
The Bureau is finalizing a new paragraph (j) to § 1092.201 and is renumbering the
remainder of the paragraphs accordingly. Section 1092.201(j) provides that the term “NMLS”
means the Nationwide Multistate Licensing System. As the NMLS’s website explains, the
NMLS is the system of record for non-depository financial services licensing or registration for
participating State agencies.261 The NMLS is overseen and operated by the State Regulatory
Registry LLC, which was established by the Conference of State Bank Supervisors in
cooperation with the American Association of Residential Mortgage Regulators.262

NMLS Resource Center, About NMLS,
https://mortgage.nationwidelicensingsystem.org/about/Pages/default.aspx.
262

Id.

Section 1092.201(k) NMLS-published covered order
Proposed Rule
The proposal did not contain an express alternative registration option for covered orders
published on the NMLS Consumer Access website.
Comments Received
See the section-by-section discussion of § 1092.203(a) below for a discussion of
comments received regarding duplication of the proposed registry with the NMLS and discussing
or requesting an exemption for orders that are already published on NMLS Consumer Access or
otherwise available to other regulators via NMLS, and the Bureau’s responses thereto.
Final Rule
The Bureau is finalizing a new paragraph (k) to § 1092.201 and is renumbering the
remainder of the paragraphs accordingly. Section 1092.201(k) provides that the term NMLSpublished covered order generally means a covered order that is published on the NMLS
Consumer Access website, www.NMLSConsumerAccess.org.
For the reasons discussed in the section-by-section discussion of § 1092.203 below, this
section would further provide that no covered order issued or obtained at least in part by the
Bureau shall be an NMLS-published covered order. Thus, where the Bureau has issued a
covered order, or has obtained a covered order from a court, that covered order will not be an
NMLS-published covered order under the final rule. Covered nonbanks must comply with the
requirements of § 1092.202 and (where applicable) § 1092.204 with respect to such Bureau
orders, and may not elect to comply with the one-time registration option described in
§ 1092.203 with respect to such Bureau orders.
Section 1092.201(l) Order
Proposed Rule
The proposal would have defined the term “order” to include any written order or
judgment issued by an agency or court in an investigation, matter, or proceeding. The Bureau

explained that the term would have included orders or judgments issued after trials or agency
hearings. It would also have included default judgments or orders issued after an entity fails to
properly respond to charges or claims made against it. In addition, it would have included orders
or judgments issued to resolve matters without the need for further litigation, including stipulated
or consent orders, decrees, or judgments, as well as settlements, multistate settlements, or
assurances of discontinuances embodied in orders or judgments issued by agencies or courts.
Furthermore, the term would have included cease-and-desist orders and orders suspending,
conditioning, or revoking a license based on a violation of law. The proposed definition would
also have included legally enforceable written agreements under sections 8 and 50 of the Federal
Deposit Insurance Act263 or any State counterparts.
The Bureau explained that the proposed definition of the term “order” would have
included an order or judgment issued by one agency or a single order or judgment jointly issued
by multiple agencies. However, where more than one agency issues a distinct order under its
own authority, or a court issues distinct orders with respect to the different parties in connection
with various actions or proceedings, even where the orders involve the same subject matter or
laws, each order would have been considered a separate order under the proposed definition.
Comments Received
An industry commenter stated that the Bureau should limit the number of times a single
instance of a violation needs to be reported where multiple agencies issue orders based on the
same facts. The commenter stated that entities should only need to submit to the NBR system
one order per violation to avoid reporting multiple listings for one incident in a multi-State
enforcement action, and that this approach would not deprive the public or the Bureau of any
information, since under the proposed rule registered entities would already need to identify the
government entity that issued the order.

12 U.S.C. 1818, 1831aa.

Response to Comments Received
In response to the industry commenter, if multiple agencies join a single order, that order
would be the only “covered order” requiring registration under the final rule. However, if
multiple agencies issue distinct and different orders in connection with the same facts or matter,
each such order (if it satisfies the other criteria established by the final rule) would be a distinct
“covered order” that would require separate registration (and, where applicable, designation of
an attesting executive and submission of a written statement under § 1092.204).
The Bureau declines to adopt the commenter’s suggestion to treat multiple orders as a
single order under certain circumstances. As stated in the notice of proposed rulemaking, the
Bureau “anticipates that agency and court orders will vary widely in form and content,
depending in part on such matters as the relevant individual laws being enforced, the historical
practices of the various enforcement agencies, and the negotiations and facts and circumstances
underlying specific orders.”264 The Bureau anticipates that such orders will often contain
different findings of fact and law, impose different obligations, and otherwise contain
meaningful differences such that requiring registration of each such order would be useful to the
Bureau and other users of the nonbank registry. Also, permitting certain orders to be treated as a
single order would create unnecessary complexity and confusion for registrants and other users
of the nonbank registry. Among other things, the final rule would have to establish which orders
would be sufficiently similar to warrant such treatment. The Bureau declines to require such
determinations as part of the registration process.
Final Rule
For the reasons set forth above, the Bureau is finalizing § 1092.201(j) (renumbered as
§ 1092.201(l)) as proposed.

88 FR 6088 at 6111.

Section 1092.201(m) Public
Proposed Rule
The proposal would have defined the term “public” to mean, with respect to a covered
order or any portion thereof, published by the issuing agency or court, or required by any
provision of Federal or State law, rule, or order to be published by the issuing agency or court.
The proposal would have clarified that the term “public” does not include orders or portions of
orders that constitute confidential supervisory information of any Federal or State agency.
The Bureau explained that the proposed term would have included orders that are
actually published by the issuing agency or court, as well as orders that are required by any
provision of Federal or State law, rule, or order to be published by the issuing agency or court.
For example, section 8(u) of the Federal Deposit Insurance Act265 requires the publication of
certain types of Federal banking agency orders. The proposed definition was intended to include
those orders, as well as those required to be published by any other similar Federal or State law.
The Bureau explained that, under the proposal, an order would only be “public” if it has
been released or disseminated (or is required to be released or disseminated) in a manner such
that the order is accessible by the general public—for example, by posting the order on a
publicly accessible website or by publishing it in a written format generally available to members
of the public. The proposed term, however, would not have included documents that are not
made generally available but are disclosed to specific persons, such as in response to Federal or
State Freedom of Information Act or open records law requests or as part of litigation discovery
proceedings. Under the proposal, an order also would have only qualified as “public” if it is
published (or required to be published) “by the issuing agency or court.” Therefore, independent
publication by a third party, such as publication that may occur in connection with a covered
person’s securities disclosures, would not make an order “public” within the meaning of the

12 U.S.C. 1818(u).

proposal.266 The Bureau did not anticipate that requiring registration of orders disclosed only
through such methods as freedom-of-information requests or securities disclosures would
materially improve the quantity and quality of the information provided to the nonbank registry.
To the contrary, the Bureau anticipated that third-party disclosures in the securities context, or
pursuant to freedom-of-information requests, may sometimes fail to capture all significant
aspects of an order. The Bureau was also concerned that if such types of disclosures were
included in the final rule, subpart B’s registration requirements might affect an entity’s decisions
regarding securities or litigation disclosures in a manner not intended by the Bureau.
The proposed term would have excluded orders or portions of orders that constitute
confidential supervisory information of any Federal or State agency. The Bureau was concerned
that requiring registration and disclosure of confidential supervisory information might interfere
with the functions and missions of other agencies and did not believe that requiring such
registration and disclosure was necessary to accomplish the purposes of the proposed rule. The
Bureau noted that such agencies may rely on confidential communications with covered
nonbanks in order to, for example, foster full cooperation between those institutions and their
regulators and to protect those institutions and the public from harm that could result from the
disclosure of agency concerns regarding the integrity and security of these institutions. The
proposed definition would have therefore expressly excluded confidential supervisory
information. Where an order is not clearly marked or otherwise designated by the regulator as
confidential supervisory information, the Bureau would have expected the entity to have
confirmed the confidential supervisory information status of any order or portion of an order
with its regulator before relying on that status in connection with the proposed subpart B’s
registration requirements.
Comments Received

By contrast, the Bureau explained, an order would qualify as “public” where the issuing agency or court makes
the order available to a third-party printing service or reporter for the purpose of publishing the order in a publicly
available format.
A Tribal commenter stated that although many State agency orders are publicly available,
this is not the case for State court orders, and requested that the Bureau clarify this proposed
definition.
An industry commenter stated that the proposal’s requirement to submit redacted orders
would confuse the public, and that in cases where a portion of a covered order is redacted or
confidential, the whole order should stay off the registry.
Response to Comments Received
In response to the Tribal commenter, the Bureau believes that this definition clearly
describes the term “public” with respect to orders that are issued by State courts as well as other
orders that may be issued or obtained by a Federal agency, State agency, or local agency, as
described in § 1092.201(e)(1)(i). As detailed in the above description of the proposal, an order
(or a portion of an order) issued by a State court would only be “public” if it has been released or
disseminated (or is required to be released or disseminated) in a manner such that the order (or
portion thereof) is accessible by the general public—for example, by posting the order (or
portion thereof) on a publicly accessible website or by publishing it in a written format generally
available to members of the public. If the issuing court (including a State court) or agency does
not publish an order (or portion thereof) in this way, and the order (or portion thereof) is not
required to be so published, then the order (or portion thereof) is not “public” under the
definition. On the other hand, if the issuing court or agency does publish an order (or portion
thereof) in this way, or the order (or portion thereof) is required to be so published, then the order
(or portion thereof) is “public” under the definition. The Bureau declines to further narrow or
otherwise amend this definition, as it concludes the definition as finalized will help ensure that
the registry will obtain adequate information regarding relevant orders to achieve the registry’s
objectives.
Under the final rule, registrants should submit only the public portions of covered orders.
The Bureau believes that both submission of and publication of public portions of such orders,

and only public portions of such orders, will best serve the purposes of the registry. The Bureau
disagrees that either the submission of or the publication of redacted orders will confuse the
public or other users of the nonbank registry, especially considering that the unredacted portions
of orders submitted to the Bureau will, by definition, already be published (or required to be
published) elsewhere. As discussed in the section-by-section discussion of § 1092.201(e) above,
the Bureau is excluding from the rule’s information collection requirements nonpublic portions
of orders in order to help protect the confidential processes of other agencies, including their
supervisory processes. But the Bureau believes that the other portions of such orders remain
relevant and should be collected and potentially published under the final rule.267
Final Rule
For the reasons set forth below above and as follows, the Bureau is finalizing
§ 1092.201(k) (renumbered as § 1092.201(m)) as proposed, with revisions to provide that the
term “public” (1) encompasses covered orders required to be published by the issuing agency or
court under any provision of local law, rule, or order, and (2) does not include orders or portions
of orders that constitute confidential supervisory information of any local agency. The Bureau is
finalizing these revisions to reflect that under § 1092.201(e)(1)(i), covered orders can be issued
or obtained by local agencies, which may operate under local laws, rules, or orders regarding
publication requirements, and which might claim to have “confidential supervisory information.”
201(n) Registered Entity
Proposed Rule
The proposal would have defined the term “registered entity” to mean any person
registered or required to be registered under proposed subpart B. The Bureau explained that,

In the proposal, the Bureau considered requiring covered nonbanks to submit to the Bureau portions of orders
that constitute confidential supervisory information under proposed § 1092.202, but then exempting those
confidential portions from publication under proposed § 1092.204. See 88 FR 6088 at 6114. The Bureau finalizes
its preliminary conclusion in the proposal that the administrative burden associated with implementing such an
approach likely outweighs the advantage of collecting such confidential portions of orders under the proposed rule.
See id. The Bureau notes that it can use other mechanisms to obtain confidential supervisory information from other
regulators in appropriate cases.
under the proposal, entities that fail to comply with a requirement to register under proposed
subpart B would have nonetheless still been subject to all of the requirements applicable to
registered entities under proposed subpart B. If such an entity were a supervised registered
entity, it would have also been subject to the requirements applicable to a supervised registered
entity under proposed subpart B.
Comments Received and Final Rule
The Bureau did not receive any comments specifically regarding proposed
§ 1092.201(l)’s definition of “registered entity.” For the reasons set forth in the description of
the proposed rule above, the Bureau is finalizing § 1092.201(l) (renumbered as § 1092.201(n)) as
proposed.
Section 1092.201(o) Remain(s) In Effect
Proposed Rule
The proposal would have defined the terms “remain in effect” and “remains in effect” to
mean, with respect to any covered order, that the covered nonbank remains subject to public
provisions that impose obligations on the covered nonbank to take certain actions or to refrain
from taking certain actions based on an alleged violation of a covered law.
Proposed § 1092.202(a) would have used this proposed term in defining the scope of
proposed § 1092.202’s registration requirement. Proposed § 1092.202(f) would have used this
proposed term in specifying when a covered nonbank would be required to submit a final filing
to the NBR system and would be permitted to cease updating its registration information and
filing written statements with respect to a covered order.
Comments Received and Final Rule
The Bureau did not receive any comments specifically regarding proposed
§ 1092.201(m)’s definition of “remain(s) in effect.” For the reasons set forth in the description
of the proposed rule above, the Bureau is finalizing § 1092.201(m) (renumbered as
§ 1092.201(n)) as proposed.

Section 1092.201(p) State Agency
Proposed Rule
The proposal would have defined the term “State agency” to mean the attorney general
(or the equivalent thereof) of any State and any other State regulatory or enforcement agency or
authority. The Bureau intended this definition to encompass all State government officials and
regulators authorized to bring actions to enforce any covered law, including actions to enforce
the CFPA’s provisions or regulations issued under the CFPA pursuant to CFPA section
1042(a)(1).268 The term would also have included regulatory or enforcement agencies of certain
Tribal governments that are included in the CFPA’s definition of the term “State.”269
Comments Received and Final Rule
The Bureau did not receive any comments specifically regarding proposed
§ 1092.201(n)’s definition of “State agency.” For the reasons set forth in the description of the
proposed rule above, the Bureau is finalizing § 1092.201(n) (renumbered as § 1092.201(o)) as
proposed.
Section 1092.201(q) Supervised Registered Entity
Proposed Rule
The proposal would have defined the term “supervised registered entity” to mean a
registered entity that is subject to supervision and examination by the Bureau pursuant to CFPA
section 1024(a),270 with certain exceptions.271 The Bureau explained that the CFPA authorizes
the Bureau to require reports and conduct examinations of certain persons, as described in CFPA

12 U.S.C. 5552(a)(1).

See 12 U.S.C. 5481(27) (defining “State” to include “any federally recognized Indian tribe, as defined by the
Secretary of the Interior under” 25 U.S.C. 5131(a)).
270

12 U.S.C. 5514(a).

The Bureau explained that an affiliate of an insured depository institution that is subject to examination and
supervision by the Bureau under 12 U.S.C. 5515(a) would not be included in the proposed definition of supervised
registered entity, where the affiliate is not subject to examination and supervision by the Bureau under 12 U.S.C.
5514(a). See 12 U.S.C. 5514(a)(3)(A) (providing that 12 U.S.C. 5514 shall not apply to persons described in 12
U.S.C. 5515(a) or 5516(a)).
section 1024(a)(1)(A)–(E); the proposed term would have referred to a registered entity that is
subject to supervision and examination by the Bureau pursuant to any of those provisions.272
For purposes of proposed § 1092.201(o), the proposal would have clarified that the term
“subject to supervision and examination by the Bureau pursuant to CFPA section 1024(a)”
would include an entity that qualifies as a larger participant of a market for consumer financial
products or services under any rule issued by the Bureau pursuant to CFPA section
1024(a)(1)(B) and (a)(2) (providing Bureau supervisory authority over larger participants in
certain markets as defined by Bureau rule), or that is subject to an order issued by the Bureau
pursuant to CFPA section 1024(a)(1)(C) (providing Bureau supervisory authority over certain
nonbank covered persons based on risk determination). The Bureau proposed this language only
to clarify and make express that such persons would be included in the proposed definition of the
term supervised registered entity. The Bureau explained that it was not proposing by means of
this language to limit the scope of the term “supervised registered entity.”
Under the proposed definition of “supervised registered entity,” the Bureau explained that
it need not have previously exercised its authority to require reports from, or conduct
examinations of, a particular registered entity for that entity to qualify as a supervised registered
entity. A registered entity would have qualified as a supervised registered entity if the Bureau
could require reports from, or conduct examinations of, that entity because it is a person
described in CFPA section 1024(a)(1). Such an entity would have been “subject to supervision
and examination” within the meaning of the proposal even if the Bureau has never previously
exercised its authority to require reports or conduct examinations with respect to that entity.
The Bureau explained that persons would be subject to the proposal’s requirements
applicable to “supervised registered entities” so long as they satisfy the proposed definition of
that term. The Bureau recognized that certain entities may, in certain circumstances, satisfy the

The Bureau explained that the proposal would not increase the number of entities subject to Bureau examinations
or otherwise modify the scope of the Bureau’s supervisory jurisdiction.
definition only for a limited period of time. For example, the Bureau noted that an entity’s
activity levels may change in such a manner as to cause the entity to cease to qualify as a larger
participant of a market for consumer financial products and services as defined by CFPA section
1024(a)(1)(B) and 12 CFR part 1090,273 or an entity may cease to be a person subject to Bureau
supervision under CFPA section 1024(a)(1)(C) and 12 CFR part 1091.274 An entity would have
been required to comply with the proposal’s requirements applicable to “supervised registered
entities” so long as it qualifies as such an entity, but not once it ceases to so qualify. Thus, for
example, the Bureau explained that depending upon the timing of events, a supervised registered
entity might be required to register with, and submit information to, the NBR system under
proposed § 1092.202 but not subsequently submit a written statement under proposed § 1092.203
if it ceases to qualify as a supervised registered entity before § 1092.203(d)’s submission
deadline.
The Bureau believed that applying proposed § 1092.203’s requirements to supervised
registered entities so long as they satisfy the proposed definition of that term, even if they do so
for limited periods of time, would serve its goals in imposing such requirements, as described in
section IV(D) of the proposal. The Bureau did not believe that it should exempt, or otherwise
distinguish for purposes of the proposal, entities that are subject to supervision under CFPA
section 1024(a) for limited periods of time. The Bureau believed that it is important to obtain
reports from such supervised registered entities under proposed § 1092.203 for the reasons
discussed in section IV(D) of the proposal, including to ensure they are legitimate entities and
able to perform their obligations to consumers, to detect and assess risks to consumers related to
entities subject to Bureau supervision, and to facilitate its assessments in connection with its risk-

The Bureau explained that such a determination would be made under the provisions of 12 CFR part 1090. See,
e.g., 12 CFR 1090.102 (providing that “[a] person qualifying as a larger participant under subpart B of [12 CFR part
1090] shall not cease to be a larger participant under [12 CFR part 1090] until two years from the first day of the tax
year in which the person last met the applicable test under subpart B”).
The Bureau explained that such a determination would be made under the provisions of 12 CFR part 1091. See,
e.g., 12 CFR 1091.113 (regarding petitions for termination of an order issued under 12 CFR 1091.109).
based supervisory program under CFPA section 1024(b)(2). In addition, the Bureau explained
that requiring regular submission of written statements from such entities would assist the
Bureau in determining whether the entity should continue to be subject to Bureau supervision
under CFPA section 1024(a)(1)(C), for example. However, the Bureau preliminarily concluded
that obtaining such written statements from entities that are no longer subject to the Bureau’s
supervision and examination authority under CFPA section 1024(a) is not necessary to serve
these purposes.275
The Bureau explained that its proposed approach to applying the term “supervised
registered entity” would also have extended to the recordkeeping requirements proposed in
§ 1092.203(e). Proposed § 1092.203(e) would have required a supervised registered entity to
maintain certain documents and other records for five years after the submission of a written
statement is required, and to make such documents and other records available to the Bureau
upon request. The Bureau explained that, once a supervised registered entity ceased to qualify as
a supervised registered entity under proposed § 1092.201(o), it would no longer have been
subject to § 1092.203(e)’s requirement to maintain and provide such records. (The Bureau noted
that the entity may nevertheless be subject to other requirements to maintain and provide such
records, where such requirements are imposed by Federal consumer financial law or other
applicable law.) The Bureau further explained that if, because of a change in circumstances, the
entity later once again qualifies as a supervised registered entity, the entity would once again
have become subject to proposed § 1092.203(e)’s recordkeeping requirement, but only as to
conduct undertaken to comply with proposed § 1092.203 that occurs after the entity requalifies
as a supervised registered entity.
The proposal would have provided that the term “supervised registered entity” would not
include a service provider that is subject to Bureau examination and supervision solely in its

The Bureau is adopting the proposal’s approach to this issue in the final rule and finalizes its preliminary
conclusion to this effect.
capacity as a service provider and that is not otherwise subject to Bureau supervision and
examination. The Bureau noted that CFPA section 1024(e) authorizes the Bureau to exercise
supervisory authority with respect to a service provider to a person described in CFPA section
1024(a)(1).276 Additionally, CFPA sections 1025(d) and 1026(e) authorize the Bureau to
exercise supervisory authority with respect to certain other service providers.277 The Bureau
explained that this provision of the proposed definition clarifies that the term “supervised
registered entity” would not have included a registered entity that is subject to Bureau
examination and supervision solely in its capacity as a service provider under any of these
provisions. However, the Bureau explained, the term supervised registered entity would have
included a registered entity if the registered entity is otherwise subject to Bureau supervision and
examination under CFPA section 1024(a)—i.e., if the registered entity is a person that is
described in CFPA section 1024(a)(1)—even if the registered entity is also a service provider for
some purposes under the CFPA.278 The Bureau preliminarily concluded that, at least in the first
instance, the requirements set forth in proposed § 1092.203 are best directed at persons described
in CFPA section 1024(a). The Bureau believed that it could achieve the anticipated benefits
described above without extending its coverage to service providers subject to supervision under
CFPA section 1024.
Proposed § 1092.201(o)(2) would have provided that the term “supervised registered
entity” would not include a motor vehicle dealer that is predominantly engaged in the sale and
servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, within the
meaning of 12 U.S.C. 5519(a), except to the extent such a person engages in functions that are
excepted from the application of CFPA section 1029(a) as described in CFPA 1029(b).279

12 U.S.C. 5514(e).

12 U.S.C. 5515(d), 5516(e).

As discussed above, entities that are service providers may nevertheless also be covered persons under the CFPA.

12 U.S.C. 5519 (“Exclusion for Auto Dealers”). The Bureau explained that, as with other supervised registered
entities, the motor vehicle dealer would only qualify as a “supervised registered entity” if it were subject to the
Proposed § 1092.201(e), discussed above, would have further provided that the only orders
issued to such motor vehicle dealers that would subject the dealer to the requirements of
proposed §§ 1092.202 and 1092.203 would be those issued in connection with the functions that
are excepted from the application of CFPA section 1029(a) as described in CFPA 1029(b).
Proposed § 1092.201(o)(3) would have provided that the term “supervised registered
entity” would not include a person that qualifies as a covered person based solely on conduct that
is the subject of, and that is not otherwise exempted from, an exclusion from the Bureau’s
supervisory authority under CFPA section 1027.280 The Bureau explained that this proposed
component of the term “supervised registered entity” would have been similar to a component in
the proposed definition of the term “covered nonbank,” as discussed in more detail in the
section-by-section discussion of proposed § 1092.201(d), above. However, while proposed
§ 1092.201(d) would have described exclusions from the Bureau’s rulemaking authority,
proposed § 1092.201(o)(3) would have described exclusions from the Bureau’s supervisory
authority. This provision would have clarified that persons excluded from the supervisory
authority of the Bureau under one or more of the provisions of section 1027 of the CFPA would
not be “supervised registered entities.” However, where the CFPA provides that any of the
activities engaged in by such persons are subject to the Bureau’s supervisory authority, the
Bureau noted that this limitation would not have excluded the person from qualifying as a
“supervised registered entity.” For example, the Bureau noted, CFPA section 1027(l)(1)
provides an exclusion from the Bureau’s supervisory authority for certain persons engaging in
certain activities relating to charitable contributions.281 Under the proposal, a person would not
have been deemed a “supervised registered entity” if it qualifies for this statutory exclusion and
Bureau’s supervisory jurisdiction under 12 U.S.C. 5514(a). Technically, the Bureau noted, the exclusion in
proposed § 1092.201(o)(2) should be unnecessary because it is identical to the proposed exclusion from the
definition of “covered nonbank” in proposed § 1092.201(d)(4), and only covered nonbanks can qualify as supervised
registered entities. Nevertheless, the Bureau proposed § 1092.201(o)(2) to reiterate that the exclusion described in
proposed § 1092.201(d)(4) also limits which entities qualify as “supervised registered entities.”
12 U.S.C. 5517.

12 U.S.C. 5517(l)(1) (“Exclusion for Activities Relating to Charitable Contributions”).

is not otherwise exempt from it. But CFPA section 1027(l)(2) exempts certain activities from
this statutory exclusion by providing that “the exclusion in [CFPA section 1027(l)(1)] does not
apply to any activities not described in [CFPA section 1027(l)(1)] that are the offering or
provision of any consumer financial product or service, or are otherwise subject to any
enumerated consumer law or any law for which authorities are transferred under subtitle F or
H.”282 Under proposed § 1092.201(o), an entity described in CFPA section 1027(l)(1) engaging
in the activities described therein would have qualified as a “supervised registered entity” so long
as it also engages in any of the activities described in CFPA section 1027(l)(2). And, as a
“supervised registered entity” under the proposed § 1092.201(o), such entity would have been
subject to all of proposed § 1092.203’s requirements applicable to “supervised registered
entities” with respect to any “covered order,” regardless of whether the applicable “covered
order” addressed conduct subject to the statutory exclusion in CFPA section 1027(l)(1).
Finally, proposed § 1092.201(o)(4) would have provided that the term “supervised
registered entity” would not include a person with less than $1 million in annual receipts. The
exclusion would have been based on the receipts resulting from offering or providing all
consumer financial products and services described in CFPA section 1024(a).283 The Bureau
proposed to define the term “annual receipts” to have the same meaning as it has in
§ 1090.104(a) of the Bureau’s regulations, including the provisions of that definition at
paragraph (i) regarding receipts, paragraph (ii) regarding period of measurement, and paragraph
(iii) regarding annual receipts of affiliated companies.284 The Bureau proposed the exclusion in
proposed § 1092.201(o) for two reasons. First, the Bureau noted that providers of consumer
financial products and services with significantly lower levels of receipts generally pose lower
risks because they engage with fewer consumers, obtain less money from those consumers, or

12 U.S.C. 5517(l)(2).

12 U.S.C. 5514(a).

12 CFR 1090.104(a).

both. Second, the Bureau explained that the information collection burdens on entities with
receipts of $1 million or less, on a relative basis, generally would be higher than for larger
entities.
The Bureau noted that the proposed exclusion from the definition of “supervised
registered entity” based on volume of annual receipts would have also been consistent with the
CFPA’s requirement that the Bureau take entity size into account as part of its risk-based
supervision program.285 Accordingly, the Bureau proposed to exclude persons with less than $1
million in annual receipts from the proposed annual reporting requirements applicable to
supervised registered entities under proposed § 1092.203.
However, the Bureau did not propose to exclude such smaller entities from the
information-collection requirements provided in proposed § 1092.202. The Bureau believed that
the limited burden that would be imposed on such entities due to such information-collection
requirements would be warranted in light of the market-monitoring benefits to the Bureau and
other users of the NBR system. The Bureau explained that it could evaluate the need for
additional supervisory attention related to a smaller supervised nonbank based on its submissions
under proposed § 1092.202 and any additional information at its disposal. As discussed in
section IV of the proposal and the section-by-section discussion of proposed § 1092.202, those
submissions would have provided additional information relevant to the Bureau’s assessments of
risk in connection with its prioritization efforts under CFPA section 1024(b)(2).286
Comments Received
A consumer advocate commenter objected to proposed § 1092.201(o)(1), which would
have provided that the term “supervised registered entity” does not include a service provider
that is subject to Bureau examination and supervision solely in its capacity as a service provider

See 12 U.S.C. 5514(b)(2)(A), (B) (requiring the Bureau to take into consideration “the asset size of the covered
person” and “the volume of transactions involving consumer financial products or services in which the covered
person engages”).
286

12 U.S.C. 5514(b)(2).

and that is not otherwise subject to Bureau supervision and examination. The consumer
advocate commenter stated that third party service providers can present risk even when they are
not supervised by the Bureau.
Industry commenters stated that the Bureau should raise the $1 million amount described
in proposed § 1092.201(o)(4), which would have excluded from the definition of “supervised
registered entity” a person with less than $1 million in annual receipts resulting from offering or
providing all consumer financial products and services described in 12 U.S.C. 5514(a).
Commenters stated that the proposed $1 million annual receipts amount was essentially
meaningless because it would not exclude most nonbanks, and in particular that the proposed $1
million annual receipts amount was unlikely to exclude a meaningful number of mortgage
lenders and mortgage servicers. An industry commenter also stated that the proposed $1 million
annual receipts amount was contrary to CFPA section 1024(b)(2)’s requirements regarding the
Bureau’s risk-based supervision program for nonbanks.287
A consumer advocate commenter stated that the Bureau should eliminate the exception
described at proposed § 1092.201(o)(4) and instead require written statements from all entities
that otherwise would qualify as “supervised registered entities.” The commenter stated that the
Bureau had not explained why the written-statement requirements should not be as expansive as
the Bureau’s supervisory authority, that smaller companies were likely to present risks to
consumers, and that they were less likely to have sophisticated internal controls.
Commenters stated that the proposal was insufficiently clear with respect to the
obligations of affiliates of insured depository institutions and insured credit unions to comply
with the proposed rule’s written-statement requirements. Industry commenters stated that such
affiliates should not be required to comply with such requirements, and an industry commenter
requested that the text of the final rule include an express exception for affiliates subject to

12 U.S.C. 5514(b)(2).

Bureau supervision under CFPA section 1025(a).288 A consumer advocate commenter stated that
the rule should clearly include banks and bank affiliates, including holding companies and the
nonbank subsidiaries of bank holding companies, and that the Bureau should take as expansive
of a view as possible of the registry’s reach.
Response to Comments Received
The Bureau declines to extend the written statement requirement to service providers that
are subject to Bureau examination and supervision solely in their capacity as service providers
and that are not otherwise subject to Bureau supervision and examination.289 The Bureau also
declines to extend the rule’s requirements, including the written statement requirement, to
service providers that do not qualify as “covered persons” under CFPA section 1002(6). The
Bureau finalizes its preliminary conclusion in the notice of proposed rulemaking290 that, at least
in the first instance, the requirements of the rule are best directed at covered persons, and the
written-statement requirements set forth in § 1092.204 are best directed at persons described in
CFPA section 1024(a). The Bureau currently believes that it likely can achieve the anticipated
benefits detailed in the description of the proposed rule above without extending the final rule’s
coverage to service providers per se.291 The Bureau notes that the scope of the final rule would
also need to be modified significantly from the proposed rule in order to require service
providers that do not qualify as “covered persons” to register with the nonbank registry and file
written statements. Among other things, many of the service providers subject to the Bureau’s
jurisdiction are not “covered persons” as defined by CFPA section 1002(6), and therefore would
be neither “covered nonbanks” as defined by § 1092.201(d) nor “supervised registered entities”

12 U.S.C. 5515(a).

12 U.S.C. 5481(26) defines the term “service provider” for the purposes of the CFPA.

88 FR 6088 at 6115.

As discussed above, entities that are service providers may nevertheless also be covered persons under the CFPA.
For example, a service provider that acts as a service provider to its covered person affiliate would itself be deemed
to be a covered person as provided in 12 U.S.C. 5481(6)(B), and thus would qualify as a “covered nonbank” under
§ 1092.201(d) if the other criteria of that definition are satisfied.
as defined by § 1092.201(q). Further, the Bureau is likely to obtain information regarding
service providers from the information that will be collected under the final rule as well as its
supervisory reviews of supervised registered entities. To the extent the Bureau becomes aware
of service providers that may present risk to consumers, it may obtain additional information
under its existing statutory authorities, including its supervisory authorities with respect to
service providers that are subject to the Bureau’s supervisory and examination authority under
the CFPA.292
The Bureau is adopting a revision to proposed § 1092.201(q)(4), which will exclude from
the rule’s definition of “supervised registered entity,” and thus from the rule’s written-statement
requirements under § 1092.204, persons with less than $5 million in annual receipts resulting
from offering or providing all consumer financial products and services described in 12 U.S.C.
5514(a). This revised $5 million amount described at § 1092.201(q)(4) represents an increase
from the $1 million annual receipts amount for this exclusion that was described in the proposed
rule. The Bureau concludes that increasing the amount of the exclusion, while still imposing the
written-statement requirements described at § 1092.204 on supervised registered entities with $5
million or more in annual receipts as described, will allow the Bureau to achieve the objectives
of the written-statement requirements while reducing burden on smaller entities.
The Bureau declines to adopt the consumer advocate commenter’s suggestion to
eliminate the § 1092.201(q)(4) exception entirely from the definition of “supervised registered
entity.” As described above and in the notice of proposed rulemaking,293 providers of consumer
financial products and services with significantly lower levels of receipts generally pose lower
risks overall because they engage with fewer consumers, obtain less money from those
consumers, or both. And the information-collection burdens on entities with applicable annual
receipts of less than $5 million, on a relative basis, generally would be higher than for larger

See 12 U.S.C. 5514(e), 5515(d), 5516(e).

88 FR 6088 at 6116.

entities. In addition, imposing the annual written-statement requirements on such smaller entities
would impose additional administrative costs on the Bureau. The Bureau believes that applying
the written-statement requirements to “supervised registered entities” as defined at § 1092.201(q)
will strike the appropriate balance in terms of obtaining information that is useful to the Bureau
without imposing undue burdens on either industry or the Bureau. However, for the reasons
stated in the description of the proposal above and the section-by-section discussion of
§ 1092.201(d) above, the final rule does not exclude such smaller entities from the informationcollection requirements provided in § 1092.202.
As described above and in the notice of proposed rulemaking,294 the Bureau had proposed
the § 1092.201(o) exclusion from the definition of “supervised registered entity” based on
volume of applicable annual receipts precisely because such an exclusion would also be
consistent with the CFPA’s requirement that the Bureau take entity size into account as part of its
risk-based supervision program under CFPA 1024(b)(2).295 The $5 million annual receipts
amount for the exclusion adopted in the final rule will likewise be consistent with this CFPA
requirement.
With respect to the industry commenters’ specific concerns regarding burden on
mortgage lenders and mortgage servicers, the Bureau further notes that, under the final rule, such
supervised registered entities will no longer be required to file written statements with respect to

88 FR 6088 at 6116.

See 12 U.S.C. 5514(b)(2)(A), (B) (requiring the Bureau to take into consideration “the asset size of the covered
person” and “the volume of transactions involving consumer financial products or services in which the covered
person engages”). Furthermore, while the Bureau does not believe that it needs to rely on its authority under 12
U.S.C. 5512(b)(3) to exempt classes of covered persons from rules in proposing this small-entity exclusion, the
Bureau believes that the exclusion would be warranted as an exercise of its section 1022(b)(3) exemption authority,
to the extent that provision is applicable. See 12 U.S.C. 5512(b)(3). As under 12 U.S.C. 5514(b)(2), an entity-sizebased exclusion accords with 12 U.S.C. 5512(b)(3)(B)(i) and (ii), which instruct the Bureau to consider “the total
assets of the class of covered persons” and “the volume of transactions . . . in which the class of covered persons
engage” in issuing exemptions. 12 U.S.C. 5512(b)(3)(B)(i)–(ii). In addition, given the relatively smaller scope of
the harm to consumers that entities with annual receipts not exceeding $5 million would generally be able to cause
when compared with entities with annual receipts exceeding that threshold, the Bureau does not believe that on
balance the factor articulated in 12 U.S.C. 5512(b)(3)(B)(iii) (“existing provisions of law which are applicable to the
consumer financial product or service and the extent to which such provisions provide consumers with adequate
protection”) weighs against adopting the proposed small-entity exclusion.
NMLS-published covered orders as defined at § 1092.201(k) if they elect the one-time
registration option set forth in § 1092.203. In addition to the change being adopted to
§ 1092.201(q)(4), § 1092.203 will further reduce, perhaps substantially, the number of mortgage
lenders and mortgage servicers that will be required to comply with the rule’s written-statement
requirements.
See below for discussion of the application of § 1092.201(q) to affiliates of insured
depository institutions and insured credit unions.
Final Rule
For the reasons set forth above and below, the Bureau is finalizing § 1092.201(o)
(renumbered as § 1091.201(q)) as proposed, with minor technical edits and a clarification
described below regarding the application of this section to affiliates of an insured depository
institution or insured credit union with total assets of more than $10,000,000,000 ($10 billion), as
well as a revision to clarify how annual receipts are calculated under § 1091.201(q)(4).
In response to comments, the Bureau clarifies the application of § 1092.201(q)’s
definition of “supervised registered entity” to affiliates of insured depository institutions and
insured credit unions. The final rule defines the term “supervised registered entity” as “a
registered entity that is subject to supervision and examination by the Bureau pursuant to 12
U.S.C. 5514(a)” (subject to certain exceptions). CFPA section 1024(a)—which is codified as 12
U.S.C. 5514(a)—encompasses section 1024(a)(3)(A), which provides that “[t]his section shall
not apply to persons described” in section 1025(a) or 1026(a).296 Section 1025(a) grants the
Bureau supervisory authority over insured depository institutions and insured credit unions with
more than $10 billion in total assets, as well as “any affiliate thereof.”297 Therefore, because
affiliates of such very large insured depository institutions and insured credit unions are included
within the scope of section 1025(a), and thus are excluded from the scope of section 1024(a) via

12 U.S.C. 5514(a)(3)(A).

12 U.S.C. 5515(a).

section 1024(a)(3)(A), affiliates of insured depository institutions and insured credit unions with
more than $10 billion in total assets do not qualify as “supervised registered entities” under the
final rule. That is the case even if the affiliate offers or provides consumer financial products
and services described in CFPA section 1024(a)(1). For example, a bank holding company,
savings and loan holding company, or subsidiary of a bank or savings association that is an
affiliate of an insured depository institution or insured credit union with total assets of more than
$10 billion is not covered by the definition of “supervised registered entity,” even if it offers or
provides consumer financial products or services described in CFPA section 1024(a)(1), such as
mortgage lending. Such an affiliate is not subject to the final rule’s written-statement
requirements even if it is a “covered nonbank.”298
By contrast, CFPA section 1026(a), which addresses Bureau authority over insured
depository institutions and insured credit unions with $10 billion or less in total assets, makes no
mention of “affiliates” of such entities. Section 1024(a)(3)(A) thus does not exclude affiliates of
insured depository institutions and insured credit unions with $10 billion or less in total assets
from the scope of section 1024(a). As a result, affiliates of such entities may qualify as
“supervised registered entities,” unless an exception set forth in § 1092.201(q)(1) through (4)
applies. With the above clarification of how the interlocking texts of § 1092.201(q) and CFPA
sections 1024(a), 1025(a), and 1026(a) operate with respect to affiliates of insured depository
institutions and insured credit unions, the Bureau concludes that no revisions to the text of
§ 1092.201(q) are required to address this issue.
The Bureau is finalizing this approach to affiliates of insured depository institutions and
insured credit unions for several reasons. First, the Bureau is issuing the final rule in part based
on its authority under CFPA section 1024(b)(7)(A)-(C). As explained above, CFPA section
1024(a)(3)(A) provides that CFPA section 1024 shall not apply to persons described in CFPA

Such an affiliate would still be subject to the final rule’s other requirements applicable to covered nonbanks,
including § 1092.202’s requirements to register covered orders. See the section-by-section discussion of
§ 1092.201(d) above.
section 1025(a), including affiliates of insured depository institutions or insured credit unions
with more than $10 billion in assets. Therefore, excluding such affiliates from the definition of
“supervised registered entity” will help ensure that the written statement provisions of the final
rule are consistent with the scope of CFPA section 1024. Second, while the Bureau might at
some point consider collecting information from covered persons other than those described at
CFPA section 1024(a), the Bureau believes that there is currently greater need to collect this
information from such persons. The Bureau acknowledges the consumer advocate commenter’s
concerns regarding risks that may be posed to consumers by affiliates of insured depository
institutions and insured credit unions, including affiliates of insured depository institutions and
insured credit unions with total assets of more than $10 billion. These affiliate entities remain
subject to the Bureau’s supervisory and examination authority under CFPA section 1025, as well
as other applicable Bureau authorities, and the Bureau may choose to utilize its supervisory and
other authorities in monitoring and assessing such risks. Third, the Bureau concludes that
exempting the affiliates of such very large insured depository institutions and insured credit
unions from the final rule’s written-statement requirements is consistent with its rationale for
exempting insured depository institutions and insured credit unions from the scope of subpart B
at this time.
The Bureau has also added to the final rule the new § 1092.201(q)(4)(ii). That provision
clarifies that a person’s receipts from offering or providing a consumer financial product or
service subject to a larger participant rule under CFPA section 1024(a)(1)(B) count as receipts
for purposes of the $5 million exclusion in § 1092.201(q)(4), regardless of whether the person
qualifies as a larger participant. As described in the proposal, under § 1092.201(q)(4), the
exclusion is based on the receipts resulting from offering or providing all consumer financial
products and services described in CFPA section 1024(a). The new provision makes clear that
such receipts include the receipts resulting from offering or providing any of the consumer
financial products and services subject to a rule defining larger participant covered persons

issued under CFPA section 1024(a)(1)(C) and (2), which for purposes of this exclusion are
consumer financial products and services described in CFPA section 1024(a). For purposes of
this exclusion, receipts that count toward determining larger participant status under a larger
participant rule would count toward this exclusion, even if the person ultimately did not qualify
as a larger participant. For example, a person may engage in offering or providing both
consumer mortgages, private student loans, or payday loans, on the one hand, and consumer
financial products or services identified in a larger participant rule, on the other hand. In that
example, even if the person did not meet the threshold for larger participant status under the
applicable larger participant rule, the receipts from offering or providing the consumer financial
product or service covered by the larger participant rule still would count as receipts for purposes
of this exclusion.
Section 1092.202 Registration and Submission of Information Regarding Covered Orders
Proposed § 1092.202 would have required covered nonbanks to register with the NBR
system by timely submitting information to the NBR system regarding covered orders. The
proposed section would have established requirements regarding the timing and content of
information to be submitted.
The Bureau believed that requiring covered nonbanks to register with the NBR system
would further the objectives of proposed subpart B even in the event the Bureau were not to
finalize proposed requirements that supervised registered entities submit written statements as
described in proposed § 1092.203. Proposed § 1092.202 would have applied to a broader set of
entities than would proposed § 1092.203, and the Bureau believed that requiring registration of
entities under proposed § 1092.202 would have provided independent benefit to the Bureau and
to consumers.
The Bureau is finalizing § 1092.202 largely as proposed, with certain changes discussed
in the analysis of particular paragraphs below. Below, the Bureau first addresses comments

regarding the Bureau’s legal authority to impose the requirements in § 1092.202 and then
discusses § 1092.202’s individual paragraphs.
Certain Comments Received Regarding the Bureau’s Authority Under CFPA Section
1022 to Impose the Requirements in the Final Rule
Some commenters expressed the view that the Bureau is pursuing a novel and legally
impermissible approach to its authorities under CFPA section 1022. Other commenters stated
that the Bureau has statutory authority to issue the proposed rule under section 1022. The
Bureau finalizes its conclusion that section 1022 authorizes the rule’s registration and publication
requirements. The Bureau discusses and responds to some of these comments together in this
part for ease of reference. For further discussion of the market-monitoring requirements in the
final rule and the Bureau’s responses to comments received, see the section-by-section analysis
below.
Commenters stated that the proposed registry was inconsistent with the Bureau’s past
practices, and that the Bureau’s purported invocation of its CFPA section 1022(c) authority was
actually for the purpose of using it to expand its supervisory authority over market participants
under CFPA section 1024(a)(1)(C). An industry commenter argued that the proposal represented
an attempt to eliminate a clear statutory firewall between the Bureau’s market-monitoring
authority and its enforcement function, and that it improperly relied upon the Bureau’s authority
under CFPA section 1022 to support its enforcement functions. The industry commenter stated
that the CFPA distinguished the Bureau’s enforcement powers under subtitle E of the CFPA
from its market-monitoring authority under CFPA section 1022, and that unlike information
gathered under CFPA 1022, information collected for enforcement purposes is subject to
procedural safeguards under CFPA section 1052 and contemplates the use of civil investigative
demands (CIDs) to determine whether there has been a violation of a law.
An industry commenter stated that the proposal did not provide any evidence that
covered orders are probative of risk to consumers, stating that the proposal’s statements about

such risk were conclusory and not backed by documented research and facts, and that companies
might actually present less risk because of the scrutiny that comes with being subject to an order.
The industry commenter further stated that the proposal would effectively put covered nonbanks
in a permanent penalty box, and that the proposal’s premise that past violations are evidence of
current risk of harm contravenes a fundamental rule of evidence under American law as
established at Federal Rule of Evidence 404, which prohibits certain use of evidence of prior
crimes.
A joint comment letter from State regulators stated that the proposal did not quantify the
potential benefit to the Bureau’s consumer education efforts, and suggested that the Bureau’s
belief that most consumers will not change their behavior due to the publication of the registry
was inconsistent with the existence of such a benefit.
The Bureau’s Response to Certain Comments Received Regarding the Bureau’s Authority
Under CFPA Section 1022 to Impose the Requirements in the Final Rule
The Bureau proposed to rely, in part, on its authorities in sections 1022(c)(1)-(4) and (7)
for the collection and publication of applicable orders. As the Bureau stated in the notice of
proposed rulemaking, the Bureau considers violations of consumer protection laws probative of
“risks to consumers in the offering and provision of consumer financial products or services,”
and that entities subject to public orders “may pose heightened and ongoing risks to consumers
in the markets for those products and services.”299 More specifically, monitoring for such orders
would allow the Bureau “to track specific instances of, and more general developments
regarding, potential corporate recidivism,” which poses its own unique risks to consumers, and
would improve the Bureau’s ability to track enforcement trends by other regulators, enabling it
to more efficiently deploy resources vis-à-vis other regulators.300 Parts III(B) and IV(A)-(C)

299
88 FR 6088 at 6091-6092.
Id. at 6092.

above discuss in detail how this information will support the allocation of resources and
detection of risks to consumers.
Some commenters argued for a narrower interpretation of section 1022(c)(4), contending
that the Bureau’s market-monitoring authorities cannot be used to impose a substantive
requirement or are limited to gathering information about particular products, services and
practices, or to one-off information gathering. In the view of some commenters, by requiring
entities to provide information to the Bureau on an ongoing basis, the registry is inconsistent
with past Bureau practice. One commenter pointed to section 1071 to argue that, had Congress
wanted the Bureau to create a new database, it would have explicitly and clearly done so.
The narrow view of market-monitoring urged by these commenters is inconsistent with
the text and structure of section 1022. First, contrary to commenters’ suggestion that the
Bureau’s market-monitoring authority is limited to gathering information about particular
products, services, and practices, nothing in CFPA section 1022(c) confines the Bureau to
exercising its market-monitoring authority only on a piecemeal, product-by-product or serviceby-service basis. In fact, section 1022 specifically commands the Bureau to monitor
“developments in markets for … products or services,” not simply developments regarding
particular products or services themselves.301 Further, section 1022(c)(4)(A) explicitly
authorizes the Bureau to gather information “regarding the organization, business conduct,
markets, and activities of covered persons and service providers.” Commenters rest their
argument on the language of section 1022(c)(2), which contains an open-ended list of factors that
the Bureau “may consider, among other factors,” when “allocating its resources to perform …
monitoring.”302 Although these discretionary considerations are identified by reference to
“consumer financial products or services,” this language does not function as a procedural

12 U.S.C. 5512(c)(1) (emphasis added).

12 U.S.C. 5512(c)(2).

requirement for the Bureau to proceed on a product-by-product, service-by-service, or even
market-by-market basis when it uses its market-monitoring authority.
One commenter argues that the rule exceeds the Bureau’s authority under section
1022(c)(4)(A) to gather information “from time to time.” The Bureau, however, is acting in
accord with its statutory authority to “prescribe by rule” that covered persons must “from time to
time” file “annual or special reports.”303 The rule here does exactly that: It requires reports
“from time to time”—i.e., ninety days after a covered order’s effective date (or the applicable
nonbank registry implementation date), as well as ninety days after the covered order’s
amendment, modification, termination, abrogation, or cessation of covered-order status, or after
changes to other registration information. There are indications elsewhere in the CFPA that
“from time to time” may include regular intervals. For example, section 1014, which establishes
the Bureau’s Consumer Advisory Board, directs the Board to meet “from time to time … but, at
a minimum, … at least twice in each year.”304 In addition, in other statutory contexts, courts
have recognized that the phrase “from time to time” contemplates “an ongoing process” rather
than a one-off action.305 In section 1022, Congress imposed on the Bureau an obligation to
monitor markets; as a practical matter, doing so often requires repeated or periodic information
collections in order to understand how the consumer financial marketplace is developing. An
atextual reading of section 1022(c)(4) that would limit the Bureau to one-off information
gathering efforts would significantly undermine the Bureau’s ability to fulfill its congressionally
assigned obligations and runs counter to the notion of market monitoring “by rule” under the
statute.306

12 U.S.C. 5512(c)(4).

12 U.S.C 5494(c).

In re A Community Voice, 878 F.3d 779, 784 (9th Cir. 2017); see also Earth Island Institute v. Wheeler, 464 F.
Supp. 3d 1138, 1145 (N.D. Cal. 2020) (concluding that “from time to time” statutory language reflected an “ongoing
duty”).
306

12 U.S.C. 5512(c)(4)(B)(ii).

Contrary to commenters’ suggestion, this is not the first time that the Bureau has relied
on section 1022(c)(4) to create an ongoing requirement for covered persons to submit
information for the purposes of carrying out market monitoring. For example, as part of its final
rule to extend consumer protections over prepaid accounts under Regulation E, which
implements the Electronic Fund Transfer Act, and Regulation Z, which implements the Truth in
Lending Act, the Bureau also utilized its authority under CFPA section 1022(c)(4) to require
prepaid card issuers to submit prepaid account agreements to the Bureau.307 The Bureau initially
proposed requiring prepaid card issuers to submit new and amended agreements to the Bureau on
a quarterly basis for posting on a website maintained by the Bureau.308 In the final rule, the
Bureau ultimately chose to require submission on a rolling basis to reduce compliance burden.309
Requiring ongoing submissions in this final rule is not a novel or unique interpretation of the
Bureau’s authority under section 1022(c)(4).
Commenters appear to be relying on the expressio unius est exclusio alterius canon of
statutory interpretation in claiming that the data collection authorized by section 1071 of the
CFPA, which amended the Equal Credit Opportunity Act (ECOA),310 implies limitations on the
Bureau’s market-monitoring authority in section 1022 of the CFPA. But the Supreme Court has
“long held that the expressio unius canon does not apply ‘unless it is fair to suppose that
Congress considered the unnamed possibility and meant to say no to it.’”311 Courts have
observed that the canon is a “feeble helper in an administrative setting,” where Congress often
employs expansive statutory language to leave room for exercises of reasonable agency

Prepaid Accounts Under the Electronic Fund Transfer Act (Regulation E) and the Truth in Lending Act
(Regulation Z), 81 FR 83934 (Nov. 22, 2016).
308

Id. at 83957.

Id. at 83963.

15 U.S.C. 1691 et seq.

Marx v. General Rev. Corp., 568 U.S. 371, 381 (2013) (quoting Barnhardt v. Peabody Coal Co., 537 U.S. 149
(2003)).
discretion, and is a “poor indicator” of congressional intent “when countervailed by a broad grant
of authority contained within the same statutory scheme.”312
Commenters do not point to anything in the legislative history of the CFPA to support
their claim that Congress “meant to say no” to requirements like those contemplated by this rule.
Indeed, the authority to collect information in section 1022(c)(4) is precisely the kind of broad
authority with respect to which courts have found the expressio unius canon to be a “poor
indicator” of congressional intent. The Bureau has an extensive obligation, covering the entire
marketplace for consumer financial products and services, to monitor for risks to consumers; the
information-collection authority at section 1022(c)(4) is necessarily broad in order to satisfy that
obligation.
In addition, interpreting section 1071 to imply some limit on the authorities in section
1022 is inappropriate because, among other reasons, section 1071 amends another statute,
ECOA, and serves purposes specific to that statute, which are to “facilitate enforcement of fair
lending laws” and to “enable communities, governmental entities, and creditors to identify
business and community development needs and opportunities of women-owned, minorityowned, and small businesses.”313 Sections 1022 and 1071 should be interpreted in light of their
distinct and specified purposes.
Regarding the industry commenters’ statements that the final rule improperly relies
upon section 1022 authority to support the Bureau’s determinations under CFPA section
1024(a)(1)(C), or to support the Bureau’s enforcement functions, CFPA section 1022(a)(1)
provides that the CFPB may use its market-monitoring authority to “support its rulemaking and
other functions.”314 The Bureau understands this provision to mean that all of the Bureau’s
functions, including supervision and enforcement, can be informed by information it gathers

Adirondack Med. Ctr. v. Sebelius, 740 F.3d 692, 697 (D.C. Cir. 2014) (quoting Cheney R.R. Co. v. I.C.C., 902
F.2d 66, 68–69 (D.C. Cir. 1990)).
313

15 U.S.C. 1691c-2(a).

See 12 U.S.C. 5512(c)(1).

through market monitoring. While the Bureau’s market-monitoring authority does not replace its
supervision and enforcement authorities (which are established by and subject to other provisions
of the CFPA), there is no question that the Bureau can use its market-monitoring work to
generally “support” those functions as well as its other functions, such as rulemaking and
conducting financial education programs.315
The Bureau is finalizing its preliminary conclusion in the proposal that collecting and
registering public agency and court orders imposing obligations based upon violations of
consumer law would assist with monitoring for risks to consumers in the offering or provision of
consumer financial products and services. As explained in part IV above, when an agency issues
such an order, or seeks a court order, it typically has determined that the problems at the
applicable entity are sufficiently serious to merit the expenditure of that agency’s limited
resources and perhaps the attention of the courts. As discussed in part IV, conduct that
constitutes a violation of a covered law may also indicate that the covered nonbank has engaged
in violations of laws that the Bureau administers. And, notwithstanding the issuance of the
covered order, the violations of covered law or other problems that led the agency to pursue
enforcement action may persist after an order has been issued. Such orders may also be
indicative of the existence of broader problems at the entity that pose related risks to
consumers—including lack of sufficient controls related to the offering and provision of
consumer financial products and services, inadequate compliance management systems and
processes, and an unwillingness or inability of senior management to comply with laws subject
to the Bureau’s jurisdiction.
Information regarding the absence of covered orders will also be informative to the
Bureau. The existence of covered orders may also in some cases be indicative of lesser, and not
greater, risk to consumers. For example, the presence of enforcement activity may indicate that

See part IV(B) above.

particular risks, markets, or companies are receiving adequate enforcement attention and
oversight from regulators.316 But while less enforcement activity in certain areas could indicate
less risk to consumers, it potentially also could be evidence of less attention by regulators and a
need to increase monitoring and other supervisory or regulatory activities. Enforcement patterns
and trends may vary depending on any number of factors, including the agency issuing or
obtaining the order, the type of entity subject to the order, the consumer protection law being
enforced, the applicable geographic or product market, and other variables. The Bureau will use
the information it collects under the final rule to evaluate, assess, and understand the consumer
risk posed by or otherwise related to covered orders, including patterns in such orders and
developments in the markets for consumer financial products and services.
As discussed in part IV above, collecting and evaluating such market-monitoring
information relevant to the offering and provision of consumer financial products and services is
appropriate to inform the Bureau’s functions, including its supervision and enforcement
functions. Thus, the Bureau may consider all of this information regarding enforcement activity,
including patterns in such activity, in assessing risks to consumers as part of, among other things,
exercising its market-monitoring authority under CFPA section 1022(c), conducting its
supervisory prioritization under CFPA section 1024(b)(2), and determining the amount of civil
money penalties it may seek or assess under CFPA section 1055(c). However, such use by the
Bureau of this information as authorized under the CFPA does not represent an attempt to
improperly penalize covered nonbanks for prior acts. Likewise, as discussed in the section-bysection discussion of § 1092.205(a) below, any publication by the Bureau of the information
collected through the registry as authorized under § 1092.205 would not be intended to punish
companies or individuals for their past acts. Collection and publication of such information as

See 12 U.S.C. 5514(b)(2)(D) (requiring the Bureau to consider in conducting risk-based supervisory prioritization
“the extent to which [nonbanks] are subject to oversight by State authorities for consumer protection”).
provided in the final rule is authorized by the CFPA and does not violate evidentiary or other
fundamental principles of American law.
Industry commenters also stated that the proposed registry’s purpose was incompatible
with the Bureau’s authorities to prescribe rules regarding registration requirements under CFPA
section 1022(c)(7). A joint letter from members of Congress stated CFPA section 1022(c)(7)
does not grant the Bureau authority to establish such a robust set of registration requirements, nor
a database for a particular category of information, and stated that when Congress intends to
create a database, it explicitly and clearly does so. One industry commenter also stated that
CFPA section 1022(c)(7) does not contemplate the creation of a registration requirement and
bespoke database for a particular category of information, but rather outlines a path for
registering a covered entity with the Bureau and sharing basic identifying information about the
entity with the public. Another industry commenter stated that the proposed registry represented
an attempt to obscure the Bureau’s failure to create a registry that would identify legitimate
companies for the use of consumers and others, as required by law, and that the Bureau should
instead develop and publicize an accessible list of legitimate debt collectors.
Commenters do not specify how the final rule’s particular registration requirements
exceed the authority contained in CFPA section 1022(c)(7), and the Bureau believes that the
final rule is consistent with the Bureau’s authority under that provision. As discussed in part
III(B) above, CFPA section 1022(c)(7)(A) expressly authorizes the Bureau to “prescribe rules
regarding registration requirements applicable to a covered person, other than an insured
depository institution, insured credit union, or related person.” The registry will provide a
mechanism for the Bureau to gather information about the nonbank entities that are subject to its
jurisdiction. The CFPB has designed its rule to be consistent with limitations contained in CFPA
section 1022(c)(7)(A), including by excluding insured depository institutions, insured credit

unions, and related persons from the scope of the rule’s registration requirements.317 As
explained in more detail in parts III and IV, the Bureau is adopting the final rule to fulfill the
general purposes and objectives established for the Bureau in CFPA sections 1021, 1022(b) and
(c), and 1024(b)(7)(A)-(C), as authorized under those sections. The Bureau disagrees that more
specific statutory authorization is required.
Section 1022(c)(7)(B) also provides that “[s]ubject to rules prescribed by the Bureau, the
Bureau may publicly disclose registration information to facilitate the ability of consumers to
identify covered persons that are registered with the Bureau.”318 The Bureau interprets CFPA
section 1022(c)(7)(B) as authorizing it to publish registration information required by Bureau
rule under CFPA section 1022(c)(7)(A) so that consumers may identify the nonbank covered
persons on which the Bureau has imposed registration requirements. Contrary to a commenter’s
suggestion, this provision does not imply that the Bureau is precluded from publishing
registration information in database or other searchable form, or from publishing identifying
information or other registration information in a manner that highlights specific information or
categories of information. As further explained in part IV(F) and the section-by-section
discussion of § 1092.205(a), publication of registry information under § 1092.205 in an online
public registry will implement the provisions of Federal consumer financial law in a manner
fully consistent with the Bureau’s obligations under the CFPA.
An industry commenter questioned the Bureau’s authority to make the market-monitoring
data public under CFPA section 1022(c)(3). Section 1022(c)(3)(B), however, authorizes the
Bureau to release information through aggregated reports or “other appropriate formats.” The
only limitations on “format” that section 1022 imposes are that the format be “appropriate” and
that it be “designed to protect confidential information in accordance with paragraphs (4), (6),
(8), and (9).” The proposed registry complies with these restrictions.

See § 1092.201(d)(1) and (2) of the final rule.

12 U.S.C. 5512(c)(7)(B).

Section 1022(c)(3)(B) is not limited by section 1022(c)(3)(A), on which the industry
commenter focused. Section 1022(c)(3)(A) requires the Bureau to, at minimum, publish one
“report of significant findings of its monitoring required by this subsection [i.e., subsection
1022(c)] in each calendar year.” It sets a floor, not a ceiling, and it does not restrict the Bureau
to only publishing “report[s] of significant findings” related to its market-monitoring work.
In addition, section 1022(c)(3)(B) authorizes the Bureau to publish information obtained
“under this section [i.e., section 1022]” in “appropriate formats.” By its own terms, this
provision applies to any category of information collected under section 1022 (see, e.g., CFPA
sections 1022(c)(6)(C), 1022(c)(7), 1022(d)), and so cannot reasonably be limited by section
1022(c)(3)(A), which only concerns the Bureau’s “monitoring” work under “subsection” (c).
The commenter’s assertion is also in tension with laws requiring Federal agencies to
make data and information available to the public. The Foundations for Evidence-Based
Policymaking Act requires agencies to disclose data if it would otherwise be made available
under the Freedom of Information Act.319 Similarly, the Freedom of Information Act imposes
proactive disclosure requirements when records are likely to be requested by the public.320
As discussed in part IV(B) above, the information collected under the final rule will
inform the Bureau’s exercise of its consumer education functions, among other functions.321 For
example, the Bureau may consider the information it has collected in determining what harmful
practices may be prevalent in the markets for consumer financial products and services, in
monitoring and assessing the enforcement actions that are being issued in connection with such
harmful practices and the content of covered orders, and in identifying patterns of similar alleged
or found violations of Federal consumer financial law across multiple nonbank covered persons.
44 U.S.C. 3504(b)(6)(F).

5 U.S.C. 552(a)(2)(D).

See 12 U.S.C. 5493(d) (establishing the Bureau’s Office of Financial Education); 12 U.S.C. 5511(b)(1) (“The
Bureau is authorized to exercise its authorities under Federal consumer financial law for the purposes of ensuring
that, with respect to consumer financial products and services … consumers are provided with timely and
understandable information to make responsible decisions about financial transactions”); 12 U.S.C. 5511(c)(1)
(“The primary functions of the Bureau are … conducting financial education programs”).
Such information about risk to consumers in the offering and provision of consumer financial
products and services will help the Bureau determine how to conduct its own consumer
education efforts. The Bureau may choose to direct its consumer education efforts toward
educating consumers about risks identified via the registry, and can help consumers understand
the risks and associated costs of such conduct with respect to their use of certain consumer
financial products or services. While, as discussed in parts VIII and IX below, the Bureau
believes that most consumers will not change their behavior due to the publication of the registry
as authorized under § 1092.205(a), the Bureau will be able to utilize the information collected
under the final rule to inform its own consumer education functions.
Section 1092.202(a) Scope of Registration Requirement
Proposed Rule
Proposed § 1092.202(a) would have defined the scope of the registration requirement.
To maximize the value of subpart B’s registration requirements, while taking into consideration
administrative costs to the Bureau and covered nonbanks in keeping the registry updated, the
Bureau proposed to limit § 1092.202 to covered orders (as that term is defined at proposed
§ 1092.201(e)) that have an effective date (as that term is defined at proposed § 1092.201(f)) on
or after the effective date of subpart B, or that remain in effect (as that term is defined at
proposed § 1092.201(m)) as of the effective date of subpart B. The Bureau preliminarily
concluded that this limitation of the registration requirement’s scope would help ensure that the
most relevant orders are submitted into the NBR system.322 The Bureau recognized in its
proposal that there is potential value in requiring registration with respect to older orders that no
longer remain in effect. Among other things, the Bureau believed that such registration would
have helped inform the Bureau and consumers regarding older orders and help to identify an
even larger number of repeat offenders than could be identified through the registration

The Bureau is adopting the proposal’s approach to this issue in the final rule and finalizes its preliminary
conclusion to this effect; see the discussion of § 1092.202(a) of the final rule below.
requirement as proposed in § 1092.202. On the other hand, the Bureau recognized that requiring
covered nonbanks to identify and register older orders to which they were once subject, but that
no longer impose any present obligations, may be burdensome. In addition, extending the
registration requirement to older orders would have imposed additional administrative costs on
the Bureau. The Bureau believed that limiting the registration requirement to covered orders
with an effective date on or after the effective date of subpart B, or that remain in effect as of
subpart B’s effective date, would strike the appropriate balance in terms of establishing an
informative and useful registry without imposing undue burdens on either industry or the Bureau.
To maximize the value of subpart B’s registration requirements, while taking into consideration
administrative costs to the Bureau and covered nonbanks in keeping the registry updated, the
Bureau therefore proposed to limit § 1092.202 to covered orders (as that term is defined at
proposed § 1092.201(e)) that have an effective date (as that term is defined at proposed
§ 1092.201(f)) on or after the effective date of subpart B, or that remain in effect (as that term is
defined at proposed § 1092.201(m)) as of the effective date of subpart B.
Comments Received and Final Rule
The Bureau did not receive any comments specifically regarding proposed § 1092.202(a).
For the reasons set forth in the description of the proposed rule above, the Bureau is finalizing
§ 1092.202(a) as proposed.
Section 1092.202(b) Requirement to Register and Submit Information Regarding Covered
Orders
Proposed Rule
Proposed § 1092.202(b) would have established subpart B’s requirements for covered
nonbanks to register with the NBR system and to provide and maintain certain registration
information.
Proposed § 1092.202(b)(1) would have provided that each covered nonbank that is
identified by name as a party subject to a covered order described in paragraph (a) shall register

as a registered entity with the NBR system in accordance with proposed § 1092.202(b) if it is not
already so registered, and shall provide or update, as applicable, the information described in
subpart B in the form and manner specified by the Bureau. As discussed in connection with
proposed § 1092.201(e)(1), a covered nonbank that is identified by name as a party subject to the
order would have been required to register under this paragraph even if the covered nonbank is
not listed in the title or caption of the order, or as the primary respondent, defendant, or subject
of the order. A covered nonbank may have been subject to the requirements of proposed
§ 1092.202 even if the issuing agency or court does not list the covered nonbank as a party in
related press releases or Internet links.
The Bureau considered but did not propose alternative approaches, including applying the
requirements of this section to any covered nonbank alleged or found in a covered order to have
violated a covered law, even if such party were not expressly named. This alternative would
have captured circumstances where, for instance, a covered order applies to a category of
entities, such as all affiliates of a particular named covered nonbank, but the order does not
specifically name all of the entities that fall within that category (e.g., does not specifically list
the names of all of the affiliates of the named covered nonbank). While this alternative would
have potentially widened the scope of information the Bureau would have obtained relevant to its
market-monitoring objectives, it preliminarily concluded that the proposed approach would
effectively achieve those objectives with greater administrative ease.
As provided at § 1092.102(a), the Bureau proposed to specify the form and manner for
electronic filings and submissions to the NBR system that are required or made voluntarily under
part 1092, including §§ 1092.202 and 1092.204. The Bureau would have issued specific
guidance for filings and submissions.
Proposed § 1092.202(b)(2)(i) would have required each covered nonbank that is required
to register under proposed § 1092.202 to submit a filing containing the information described in
proposed § 1092.202(c) and (d) to the NBR system within the later of 90 days after the

applicable nonbank registration system implementation date or 90 days after the effective date of
any applicable covered order. Thus, a covered nonbank would not have been required under
proposed subpart B to register any covered orders to which it may be subject until 90 days after
the nonbank registration system implementation date for this provision. For covered orders with
effective dates after the nonbank registration system implementation date, an applicable covered
nonbank would have been required to register the covered order within 90 days after the covered
order’s effective date, as that term is defined at proposed § 1092.201(f). The Bureau believed
the 90-day period would give sufficient time for a covered nonbank to collect and submit the
applicable information to the NBR system and would also generally permit a sufficient length of
time for any relevant agency or court stays to take effect.
As discussed above regarding proposed § 1092.101(e), the Bureau estimated that the
nonbank registration system implementation date for proposed §§ 1092.202 and 1092.203 would
have been no earlier than January 2024 and may be substantially later. The Bureau explained in
its proposal that the exact nonbank registration system implementation date would depend upon,
among other things, the comments received to this proposal and the Bureau’s ability to launch
the registration system.
Proposed § 1092.202(b)(2)(ii) would have required each covered nonbank that is required
to register under proposed § 1092.202 to submit a revised filing amending any information
described in paragraphs (c) and (d) to the NBR system within 90 days after any amendments are
made to the covered order or any of the information described in paragraphs (c) or (d) changes.
The Bureau believed that requiring entities to maintain up-to-date information with the NBR
system would significantly enhance the usefulness of the NBR system for the Bureau,
consumers, and other users of the NBR system.
Comments Received
Commenters stated that the Bureau is pursuing a novel and legally impermissible
approach to its authorities under CFPA section 1022. For a discussion of these issues, see the

Bureau’s response above to comments received regarding the Bureau’s authority under CFPA
section 1022.
Commenters also stated that the proposal was not compatible with CFPA section 1024.
Industry commenters stated that the proposed registry would conflict with the requirement at
CFPA section 1024(b)(4)323 for the Bureau, in exercising its nonbank supervisory authority, to
use reports that have already been provided to Federal and State agencies and information that
has been reported publicly. An industry commenter also stated that the proposed registry would
conflict with the requirement at CFPA section 1024(b)(3)324 for the Bureau, in exercising its
nonbank supervisory authority, to “coordinate its supervisory activities with the supervisory
activities conducted by prudential regulators, the State bank regulatory authorities, and the State
agencies that license, supervise, or examine the offering of consumer financial products or
services, including … requirements regarding reports to be submitted by such persons.”325
The joint comment from State regulators stated that, because in the commenters’ view the
discrepancy between the number of nonbank entities licensed by States through NMLS and the
number of firms subject to Bureau supervisory authority appears negligible, the proposed Bureau
registry would likely be largely duplicative of NMLS and provide little new insight for riskbased supervision purposes, particularly for the mortgage and money services business
industries.
An industry commenter stated the proposal did not comply with CFPA section 1024(b)(2)
and did not properly assess the impact of the rule on attorneys and law firms under that statutory
provision. The commenter stated that creditors’ rights attorneys and law firms already are
heavily regulated at the State level, the Bureau should have considered the unique characteristics
of creditors’ rights law firms, and such firms should be exempt from the proposed rule. Another

12 U.S.C. 5514(b)(4); see also 12 U.S.C. 5515(b)(3), 5516(b)(1).

12 U.S.C. 5514(b)(3).

See id.

industry commenter stated that the proposed written-statement requirements were inconsistent
with section 1024(b)(2) since the $1 million amount in proposed § 1092.201(q)’s definition of
“supervisory registered entity” should be increased.
Consumer advocate commenters generally supported the Bureau’s proposal to collect
information as described in the proposal. A consumer advocate commenter stated that in light of
the large number of nonbanks subject to Bureau oversight, the self-reporting requirements in the
proposed rule would assist the Bureau’s supervisory prioritization efforts and would help the
Bureau identify wider trends in relevant markets. A consumer advocate commenter stated that it
would not be a substantial burden for companies to identify covered orders, since they would
presumably have these orders on hand for their own in-house compliance purposes.
An industry commenter stated that the Bureau should establish a minimum threshold of
five non-expired covered orders before requiring registration, in order to better distinguish
nonbanks with only a few consent orders from “repeat offenders” and reduce consumer
confusion.
The SBA Office of Advocacy stated that the Bureau should issue clear guidance to assist
small entities with compliance with the rule’s submission and other requirements.
See the section-by-section discussion of § 1092.201(e) regarding a comment related to
the final rule’s treatment of parties not expressly named in the covered order.
Response to Comments Received
The Bureau is finalizing a new section at § 1092.203 that will provide that, with respect
to any covered order that is published on the NMLS Consumer Access website, a covered
nonbank that is identified by name as a party subject to the order may elect to comply with the
one-time registration option described in that section in lieu of complying with the requirements
of §§ 1092.202 and 1092.204. To the extent that CFPA section 1024(b)(4) may apply to Bureau
rulemakings under section 1024(b)(7), § 1092.203 will ensure that the requirements in the
Bureau’s rule reflect, to the fullest extent possible, “reports pertaining to persons described in

[section 1024(a)(1)] that have been provided or required to have been provided to a Federal or
State agency” and “information that has been reported publicly.”326 In particular, covered
nonbanks with NMLS-published covered orders can opt for a streamlined registration process
designed to provide notice that information regarding such covered orders is available through
the NMLS. After the existence of NMLS-published covered orders has been directed to the
Bureau’s attention through a streamlined registration under § 1092.203, the Bureau can use any
information available through the NMLS to help inform its risk-based supervisory prioritization
determinations under CFPA section 1024(b)(2) and its supervisory activities under section
1024(b)(1).
To the extent these industry commenters suggest that additional changes would be
required in order to satisfy the Bureau’s obligations under CFPA section 1024(b)(4)—for
example, by not collecting information that is also published by an individual State agency—the
Bureau declines to make such changes. First, a central purpose of the rule’s registration
requirements is to ensure that the Bureau is made aware and provided with copies of
“information that has been reported publicly”—i.e., information related to public enforcement
orders—in a manner that is usefully associated with covered nonbanks. Second, the Bureau
views the registry as a means to increase its ability to obtain and use such information and thus
promote Congress’s intent in adopting these statutory provisions. CFPA section 1024(b)(4)
requires that the Bureau use such information “to the fullest extent possible,” and collecting this
information makes it more “possible” for the Bureau to use this information.
Likewise, to the extent that CFPA section 1024(b)(3) may apply to Bureau rulemakings
under section 1024(b)(7), the Bureau has satisfied any obligation to coordinate with prudential
regulators and relevant State authorities through the consultations described in part V of this
preamble. Further, the Bureau is finalizing § 1092.203 in part to facilitate coordination with the

12 U.S.C. 5514(b)(4).

State authorities described in CFPA section 1024(b)(3), as well as to facilitate adoption of the
“coordinated or combined systems for registration” with State agencies discussed in CFPA
sections 1022(c)(7)(C) and 1024(b)(7)(D).327
As discussed further in part IV(E) above and the section-by-section discussion of
§ 1092.203 below, the Bureau does not believe that the existence of the NMLS renders the new
Bureau registry unnecessary, including with respect to supervised registered entities. However,
the Bureau is finalizing § 1092.203 to provide that applicable entities may comply with the onetime limited registration option described in that section in lieu of complying with the
requirements of §§ 1092.202 and 1092.204. The information obtained by the Bureau under the
final rule, including § 1092.203, will inform the Bureau’s risk-based supervisory prioritization
efforts as well as its other functions.
The Bureau does not agree that the final rule is inconsistent with CFPA section
1024(b)(2), whether with respect to attorneys and law firms or any other broad category of
covered nonbanks that can be identified in advance of collecting information under the final rule.
As an initial matter, CFPA section 1024(b)(2) does not govern this rulemaking. As the Bureau
has explained, it relies on CFPA sections 1022(b), 1022(c), and 1024(b)(7) in issuing this rule.328
By its own terms, CFPA section 1024(b)(2) applies only to exercises of the Bureau’s supervisory
authority under a different provision, CFPA section 1024(b)(1). Section 1024(b)(2) does not
govern rulemakings; instead, it governs the Bureau’s prioritization of entities for examinations
and other supervisory activities under section 1024(b)(1). Therefore, the Bureau is not required

One of the authorities cited as a basis for components of the final rule is 12 U.S.C. 5512(c)(7), which provides
that the “Bureau may prescribe rules regarding registration requirements applicable to a covered person, other than
an insured depository institution, insured credit union, or related person.” Congress provided that “[i]n developing
and implementing registration requirements under [12 U.S.C. 5512(c)(7)], the Bureau shall consult with State
agencies regarding requirements or systems (including coordinated or combined systems for registration), where
appropriate.” 12 U.S.C. 5514(b)(7)—the proposed statutory basis for the written-statement requirement—includes a
similar consultation provision.
See, e.g., 88 FR 6088 at 6103 (“The Bureau proposes to establish the NBR system under its registration and
market-monitoring rulemaking authorities under CFPA section 1022(b)(1), (c)(1)-(4), and (c)(7), and under its
supervisory rulemaking authorities under CFPA section 1024(b)(7)(A), (B), and (C).”).
to account for the risk-based prioritization factors set forth in section 1024(b)(2) in determining
this rulemaking’s scope. Moreover, as the Bureau discussed in the proposed rule, one of the
purposes of this registry is to provide the Bureau with additional information to use for its
prioritization of examinations and other supervisory activities under section 1024(b)(2).329
Requiring an assessment under section 1024(b)(2) for rulemakings under section 1024(b)(7)
would, in fact, limit the Bureau’s ability to make informed assessments of individual entities for
supervisory activities.
In any event, even if the Bureau were exercising authority under section 1024(b)(1) here,
and thus section 1024(b)(2) applied, that would not affect the rulemaking’s outcome. The
Bureau believes that the risk associated with covered orders is significant and that a
consideration of the factors set forth in section 1024(b)(2) supports imposing the rule’s
requirements. As discussed in part IV(B), depending upon the circumstances, the Bureau may
consider the existence of an order requiring registration under the final rule to be a risk factor
under these provisions for covered persons subject to the final rule—in particular, under CFPA
section 1024(b)(2)(C)-(E). Moreover, the information that the Bureau obtains under the rule will
inform its supervisory prioritization efforts with respect to individual entities and will otherwise
facilitate its supervision of covered nonbanks that are described in CFPA section 1024(a)(1). In
addition, consistent with CFPA sections 1024(b)(2)(A)-(B), the Bureau has effectively accounted
for asset size and transaction volume by excluding persons with less than $5 million in annual
receipts (as described in § 1092.201(q)(4)) from § 1092.204’s annual reporting requirements.
For additional discussion of that exclusion, see the section-by-section discussion of
§ 1092.201(q).

Id. at 6095 (“The Bureau believes that the proposed registry would be especially useful with respect to the
particular nonbank markets that are subject to the Bureau's supervision and examination authority under CFPA
section 1024(a). In those markets, the Bureau would be able to take account of risks identified through the proposed
registry in conducting its risk-based supervisory prioritization and enforcement work.”).
The Bureau is finalizing § 1092.202(b)(2)(i)’s requirement for covered nonbanks to
register each covered order within 90 days of the order’s effective date (or, in the initial phase of
the registry, the applicable nonbank registry implementation date). The Bureau declines to
establish a minimum number of covered orders to which a covered nonbank must be subject
before requiring registration. That approach would lead to the omission of many covered orders
that are relevant to risk to consumers, and would impair the ability of the Bureau and others to
identify trends and patterns in the information collected. It would also lead to the omission of
relevant covered nonbanks and supervised registered entities from the registry, which would
mean that the Bureau would not be notified regarding the existence of such entities and would
not learn that they were subject to a covered order. The approach would limit the Bureau’s
ability to seek additional information about the covered order and the covered nonbank and
otherwise monitor risks to consumers as appropriate to inform the Bureau’s functions. While, as
discussed elsewhere in this preamble, the Bureau is very concerned about the risks to consumers
presented by repeat offenders, even one covered order may be probative of significant risk to
consumers. In addition, the Bureau would be less able to understand where covered orders are
not being issued or obtained, depriving it of important information regarding the absence of
covered orders. And supervised registered entities would not be subject to the rule’s writtenstatement requirements until the threshold had been reached, unduly limiting the effectiveness of
those requirements. The Bureau concludes that registration of each covered order will serve the
purposes of the final rule described in part IV above. The Bureau disagrees that requiring
registration of each covered order will lead to consumer confusion, as consumers and other users
of the registry will have access to accurate information about the orders and nonbank. See the
section-by-section discussion of § 1092.205(a) below for additional discussion of related issues
involving the potential publication of registry information.
As provided in § 1092.102(a), the Bureau will issue filing instructions that will provide
covered nonbanks with specific information regarding their filing obligations under the final

rule. The Bureau may consider issuing additional rules and guidance as may be necessary or
appropriate.
Final Rule
For the reasons discussed above and in the proposal, the Bureau is finalizing
§ 1092.202(b) as proposed, with minor technical edits and a minor revision to reflect the
renumbering of § 1092.206 in the final rule.330
Section 1092.202(c) Required Identifying Information and Administrative Information
Proposed Rule
Proposed § 1092.202(c) would have required a registered entity to provide all identifying
information and administrative information required by the NBR system. In filing instructions
the Bureau would have issued under proposed § 1092.102(a), the Bureau would have specified
the types of identifying information and administrative information registered entities would be
required to submit. Proposed § 1092.201(a) would have defined the term “administrative
information,” and proposed § 1092.201(g) would have defined the term “identifying
information.” Proposed § 1092.202(c) also would have clarified that the Bureau’s filing
instructions may require joint or combined submissions to the NBR system by covered nonbanks
that are affiliates as defined in proposed § 1092.101(a).
The Bureau requested comment on the general requirements of proposed § 1092.202(c),
including the requirement to register and update identifying information and administrative
information within the timeframes described in proposed § 1092.202(b). The Bureau requested
comment on whether registration of updates with respect to this information should be required
more or less often, and if so, why and in what circumstances. The Bureau also sought comment
on the proposed distinctions between identifying information and administrative information,

See also the section-by-section discussions of § 1092.101(d) and (e) above regarding the Bureau’s adoption of the
revised terms “nonbank registry” and “nonbank registry implementation date.”
and whether collection of other types of information would help in the administration of the
NBR system or benefit its users.
Comments Received
An industry commenter asked that the Bureau clarify that entities would only be required
to report, and only be publicly affiliated with, orders wherein they are named.
Comments addressing the proposal’s approach to the written statement, including
requirements to designate and submit the names and titles of attesting executives and associated
criteria for such a designation, are addressed in the section-by-section discussion of § 1092.204
below.
Response to Comments Received
As provided in § 1092.201(e)(1)(i), in order to qualify as a “covered order” under the
final rule, an order must among other things “[i]dentif[y] a covered nonbank by name as a party
subject to the order.” Where a covered nonbank is not identified by name as a party subject to an
order, the order will not be a covered order with respect to that covered nonbank, and the
covered nonbank will not be subject to any of the requirements of the final rule with respect to
the covered order. A covered nonbank is not subject to the requirements of the rule with respect
to a covered order on the sole grounds that its affiliated covered nonbank is subject to those
requirements. However, as provided at § 1092.202(c), the Bureau may require, via filing
instructions issued pursuant to § 1092.102(a), two or more affiliated covered nonbanks to submit
a joint or combined filing statement with respect to a covered order, where those affiliated
covered nonbanks are each subject to the requirements of § 1092.202 with respect to such
covered order. Also, as discussed in the section-by-section discussion of §§ 1092.201(a) and
1092.202(d) above, for any covered order that a covered nonbank must register under
§ 1092.202, the Bureau may via filing instructions require the registered covered nonbank to
identify to the Bureau, as administrative information required under § 1092.202(c), the names of

any of the registered covered nonbank’s affiliates registered under subpart B with respect to the
same covered order.
Final Rule
For the reasons set forth above, the Bureau is finalizing § 1092.202(c) as proposed.331
See also the discussion regarding the final rule’s treatment of affiliates of insured
depository institutions and insured credit unions in the section-by-section discussions of
§ 1092.201(d) and (q) above.
Section 109.202(d) Information Regarding Covered Orders
Proposed Rule
Proposed § 1092.202(d) would have required a registered entity to provide additional
types of information more specifically related to each covered order subject to proposed
§ 1092.202. First, proposed § 1092.202(d)(1) would have required a registered entity to provide
a fully executed, accurate, and complete copy of the covered order, in a format specified by the
Bureau. This information would have helped the Bureau more clearly identify the covered
orders to which the registered entity is subject, as well as the terms of those orders, and would
provide access to updated copies of those orders. The information would have provided similar
benefits to other regulators, consumers, and other users of the NBR system upon publication.
This proposed section would have also provided that any portions of a covered order that
are not public must not be submitted. These nonpublic portions would have been required to be
clearly marked on the copy submitted, to promote ease of use. For example, a nonpublic section
could have been redacted and marked as nonpublic. As discussed above regarding proposed
§ 1092.201(e)(3) and (k), the Bureau was concerned that requiring registration and disclosure of
confidential supervisory information or other nonpublic information might interfere with the
functions and missions of other agencies and did not believe that requiring such registration and

See also the section-by-section discussions of § 1092.101(d) and (e) above regarding the Bureau’s adoption of the
revised terms “nonbank registry” and “nonbank registry implementation date.”
disclosure is necessary to accomplish the purposes of the proposed rule. The Bureau sought
comment on this aspect of the proposed rule. The Bureau also sought comment on whether it
should permit covered nonbanks to submit only select portions of covered orders, and if so, what
portions of such orders should be submitted, and which should be excluded from the submission
requirement.
Proposed § 1092.202(d)(2) would have required a registered entity to provide five
additional types of data regarding each covered order subject to § 1092.202. The Bureau
believed all of the described data fields would be useful to the Bureau in locating, understanding,
organizing, and using the information submitted. The Bureau also explained in its proposal that
upon publication, the data fields would be similarly useful to other users of the NBR system as
well. In addition, the Bureau believed that requiring covered nonbanks to identify and submit
these fields would help ensure accuracy and lower administrative costs for the Bureau.
First, proposed § 1092.202(d)(2)(i) would have required a registered entity to identify the
government entity that issued the covered order. Second, proposed § 1092.202(d)(2)(ii) would
have required a registered entity to provide the covered order’s effective date, as that term is
defined at proposed § 1092.201(f). Third, proposed § 1092.202(d)(2)(iii) would have required a
registered entity to provide the date of expiration, if any, of the covered order, or a statement that
there is none. The Bureau explained in its proposal, for example, where a covered order expires
by its own terms after perhaps five or some other term of years, the registered entity would be
required to provide that information. The Bureau requested comment on whether the date of
expiration of covered orders would be sufficiently clear to comply with this provision or whether
additional specification on this point from the Bureau would be useful. Fourth, proposed
§ 1092.202(d)(2)(iv) would have required a registered entity to identify all covered laws found to
have been violated or, for orders issued upon the parties’ consent, alleged to have been violated,
in the covered order. The Bureau would have expected that registered entities would satisfy this
requirement by providing accurate Federal or State citations for the applicable covered laws.

The Bureau believed this information would increase the usefulness of the NBR system. It
would have better enabled the Bureau to identify and assess any risks to consumers relating to
the violations, and once published would have also enabled users of the registry to more easily
search and review filings.
Fifth, proposed § 1092.202(d)(2)(v) would have required a registered entity to provide
the names of any of the registered entity’s affiliates registered under subpart B with respect to the
same covered order. The Bureau anticipated that this information would be useful in identifying
affiliate relationships between registered entities that are registered with the NBR system, which
might not otherwise be obvious or apparent. Proposed § 1092.101(a) would have defined the
term “affiliate” to have the meaning given to that term in the CFPA, which would have included
any person that controls, is controlled by, or is under common control with another person.332
Proposed § 1092.202(d)(3) would have required a registered entity, if the registered entity
is a supervised registered entity, also to file the name and title of its attesting executive for
purposes of proposed § 1092.203 with respect to the covered order. The benefits of designating
an attesting executive were discussed in detail in proposed section IV(D). In addition, the
Bureau believed that its collection (and ultimate publication) in the registry of the name and title
of a supervised registered entity’s attesting executive would be important to the Bureau and other
users of the NBR system. The Bureau believed that requiring the entity to identify the name and
title of the attesting executive designated in connection with each covered order would assist the
Bureau in administering the requirements in proposed § 1092.203 regarding annual written
statements. In addition, as discussed below regarding proposed § 1092.203(b), the Bureau
explained that collecting information regarding the name and title of the attesting executive for a
given covered order would provide the Bureau with insight into the entity’s organization,
business conduct, and activities, and would inform the Bureau’s supervisory work, including its

See 12 U.S.C. 5481(1).

risk-based prioritization process. The Bureau also believed that publishing this information
would have also provided benefits to the public and other users of the proposed NBR system, as
discussed further below in connection with proposed § 1092.204(a).
The Bureau would have relied on two separate statutory grants of authority in collecting
the attesting executive’s name and title, each of which would provide an independent statutory
basis for proposed § 1092.202(d)(3). The Bureau would have collected this information under its
market-monitoring authority under CFPA section 1022(c)(1) and (4) to “gather information
regarding the organization, business conduct, markets, and activities” of supervised registered
entities.333 The Bureau would have also collected this information under its CFPA section
1024(b)(7) authority to prescribe rules regarding registration, recordkeeping, and other
requirements for covered persons subject to Bureau supervision under CFPA section 1024.334
The Bureau requested comment on whether proposed § 1092.202(d) should identify
additional or different categories of information collected by the NBR system, including but not
limited to information regarding covered orders or the registered entity.
Comments Received
An industry commenter stated that the proposal’s requirement to submit redacted orders
would confuse the public, and that in cases where a portion of a covered order is redacted or
confidential, the whole order should stay off the registry.
A consumer advocate commenter stated that the treatment of nonpublic information
under proposed § 1092.202(d) demonstrated that the Bureau was taking steps to protect
confidential and otherwise nonpublic information relevant to orders.

Response to Comments Received
See the section-by-section discussion of § 1092.201(m) above regarding the treatment of
nonpublic portions of orders under the final rule.

12 U.S.C. 5512(c)(1), (4).

12 U.S.C. 5514(b)(7).

See the section-by-section discussion of § 1092.201(l) above regarding an industry
commenter’s suggestion to treat multiple orders as a single order under certain circumstances.
See the section-by-section discussion of §§ 1092.204(b) and 1092.205(a) below for
discussions regarding the final rule’s requirements to designate an attesting executive for each
covered order and the Bureau’s reasons for collecting and potentially publishing that
information.
Final Rule
For the reasons set forth below and in the description of the proposed rule above, the
Bureau is finalizing § 1092.202(d) as proposed, with several revisions.
First, as discussed further below in the section-by-section discussion of § 1092.205(a),
the Bureau has determined not to mandate with respect to every covered order the collection of
information regarding the names of the person’s affiliates registered under subpart B with respect
to the same covered order in the final rule. Under the final rule, § 1092.202(d)(2)(v) as proposed
has been deleted, but the Bureau may determine to collect this information as “administrative
information” under § 1092.202(c). In filing instructions issued under § 1092.102(a), the Bureau
will specify whether and how it will collect such information. As described in the section-bysection discussion of § 1092.205(a) below, the Bureau will not publish such information under
§ 1092.205(a) if it is collected.
Second, the Bureau is finalizing a clarification at § 1092.202(d)(2)(i) to provide that a
registered entity shall provide to the nonbank registry, for each covered order subject to
§ 1092.202, information regarding the agency (or agencies) and court(s) that issued or obtained
the covered order, as applicable. The Bureau is finalizing this change to the proposed rule in
order to clarify that covered orders may be issued or obtained by more than one agency or court,
and to collect more accurate and comprehensive information about covered orders. In general,
for covered orders that are issued by a court of law, the nonbank registry will collect information
regarding the court that issued the order as well as the agency or agencies that brought the

applicable proceeding and obtained the order. For covered orders issued directly by agencies in
an administrative action or other agency proceeding, the nonbank registry generally will collect
information regarding the issuing agency or agencies.
Third, the Bureau is finalizing a new provision at § 1092.202(d)(2)(v) to provide that a
registered entity shall provide to the nonbank registry, for each covered order subject to
§ 1092.202, information regarding any docket, case, tracking, or other similar identifying
number(s) assigned to the covered order by the applicable agency(ies) or court(s). Collecting
and potentially publishing this information will better enable the Bureau and other users of the
registry to identify the applicable covered order, to distinguish it from other orders, and to
understand any connections between the order and the covered nonbank with other information
about the covered order and covered nonbank that the Bureau may possess or that may be
otherwise available. As with the other required data fields, this information will be useful to the
Bureau in locating, understanding, organizing, and using the information submitted and will be
similarly useful to other users of the nonbank registry as well. In addition, requiring covered
nonbanks to identify and submit such information will help ensure accuracy and lower
administrative costs for the Bureau.
Fourth, the Bureau is finalizing a minor revision at § 1092.202(d)(3) to reflect the
renumbering of § 1092.204.
Section 1092.202(e) Expiration of Covered Order Status
Proposed Rule
Proposed § 1092.202(e) would have provided for an outer limit on the time period during
which the existence of a covered order would subject a registered entity to the requirements of
proposed subpart B. The Bureau explained in its proposal that in circumstances where a covered
order terminates (or otherwise ceases to remain in effect) within ten years after the order’s
effective date, the registered entity’s obligations to update its filing under proposed § 1092.202
or to file written statements with respect to the covered order under proposed § 1092.203 would

cease after its final filing under proposed § 1092.202(f)(1).335 The Bureau, however, recognized
that some covered orders may not terminate (or otherwise cease to remain in effect) within ten
years of the orders’ effective dates. In such circumstances, proposed § 1092.202(e) would have
provided that a covered order shall cease to be a covered order for purposes of subpart B as of
the later of: (1) ten years after its effective date; or (2) if the covered order expressly provides for
a termination date more than ten years after its effective date, the expressly provided termination
date.
The Bureau preliminarily concluded that, in most cases, it may be less likely to obtain
meaningful information in connection with existing orders after ten years have passed since their
effective dates. The Bureau also preliminarily concluded that maintaining the proposal’s
registration and written-statement requirements for at least ten years after the effective date of
covered orders that remain in effect would have provided useful information to the Bureau and
other uses of the registry, as described in this proposal. Among other things, the Bureau believed
that maintaining the obligation to update registration information for ten years would better
enable the Bureau to identify covered nonbanks in the event a subsequent covered order requires
additional registration. The Bureau also believed that limiting registration obligations to more
recent orders would also help limit the burden imposed by proposed subpart B’s requirements on
covered nonbanks. However, where a covered order expressly provides for a later termination
date, the Bureau believed that it should continue to collect and publish information on the order
under the provisions of proposed §§ 1092.202 through 1092.204. The Bureau sought comment
on all aspects of proposed § 1092.202(e). In particular, the Bureau sought comment on whether
to adopt a different approach to setting and determining the sunset period for orders, and on
whether the proposed baseline ten-year period should be longer or shorter. The Bureau also
sought comment on whether registered entities would benefit from additional guidance in

See the discussion of § 1092.202(f) below.

determining whether a covered order expressly provides for a termination date more than ten
years after its effective date, and what constitutes the expressly provided termination date of such
a covered order.
The Bureau also sought comment on whether the applicable sunset period should depend
upon the content of the order. The Bureau explained in its proposal that, for example, it
considered whether the sunset period for a covered order should be shorter where the only
obligations based on alleged violations of covered laws and imposed in the public provisions of
such order were to pay money (such as payment of a civil money penalty or fine, or payment of
refunds, restitution, or disgorgement). Under this alternative approach, for such covered orders
without express termination dates, the orders would have ceased being covered orders for
purposes of subpart B after some period shorter than the ten-year sunset proposed here. The
Bureau did not propose this approach for reasons of simplicity and administrative efficiency, and
because the Bureau believes that the sunset provision in proposed § 1092.202(e) would generally
be preferable for most such covered orders. However, the Bureau sought comment on this
proposed alternative and, more generally, on whether and why it should adopt a shorter sunset
period for these orders. The Bureau also sought comment on other approaches that would
establish different sunset periods depending on the content of the order, and other types of orders
that might have different sunset periods.
The Bureau further considered requiring registered entities to continue treating an order
that would otherwise sunset under the proposal as a covered order for purposes of the proposed
rule if the Bureau determined, after providing the entity notice and an opportunity to respond,
that continuing to do so was necessary for the Bureau to fulfill its monitoring or supervisory
responsibilities. For example, as the Bureau explained in the proposal, based on information
supplied by another agency or otherwise in its possession, the Bureau may have cause to believe
that the nonbank continued to be in violation of the order. For such cases, the Bureau considered
requiring continued compliance with the requirements of proposed subpart B beyond the

expiration period if the Bureau ultimately concluded doing so was necessary for the Bureau to
fulfill its monitoring or supervisory responsibilities. The Bureau did not propose this approach
for reasons of simplicity and administrative efficiency, and because the Bureau believed that the
proposed sunset provision would be likely to provide sufficient information regarding most
covered orders. However, the Bureau sought comment on whether it should include this
additional requirement in the final rule and whether any additions or subtractions to it would
better achieve its intended purpose. The Bureau also sought comment on whether, if it included
this additional requirement in a final rule, it should specify any alternative or additional criteria
that the Bureau might consider in reaching its determination whether a particular covered order
should remain subject to the requirements of subpart B.
Comments Received
Some comments incorrectly referred to proposed § 1092.202(e)’s sunset provisions as
specifying when information regarding covered orders or covered nonbanks would be removed
from the registry.
An industry commenter agreed with the proposal’s establishment of a sunset date for
registration of covered orders under § 1092.202(e). Another industry commenter stated that the
Bureau should establish a process for entities to be removed from the public registry after a
specific set of criteria is met, and that the Bureau should also establish an appeals process that
would permit entities to contest their inclusion on the registry.
Industry commenters also stated the text of 1092.202(e)(1) was unclear and proposed
specific revisions. Commenters stated that information regarding covered orders (and related
covered nonbanks) should be removed from the registry earlier than after ten years after its
effective date. One industry commenter stated that most regulatory and supervisory agencies are
reluctant to agree to termination dates. Another industry commenter stated that there would be
few instances in which a consent order does not contain an expiration date, thereby making the
timing set out in § 1092.202(e)(1) almost entirely irrelevant. This commenter stated that the

sunset period established under proposed § 1092.201(e) should be the later of five years or the
express termination period of the covered order. Another industry commenter stated that
covered orders that have no termination date should be subject to the proposed registry for a
period of three years, not ten, in part because information contained in the proposed registry
associated with older covered orders would be inaccurate, outdated or obviated and would
pollute the registry. This commenter also stated that proposed § 1092.202(e) could be
interpreted to mean that all covered orders are subject to updates or written statements for ten
years, and proposed a revision that would state that if a covered order expressly provides for a
termination date ten (or five) years or less after its effective date, § 1092.201(e)’s sunset
provision would apply on the expressly provided termination date. Another industry commenter
proposed an alternative timeframes of two years after an order’s effective date. The SBA Office
of Advocacy expressed concern that requiring an order to be a covered order for ten years after
its effective date was overly punitive and stated that such an order should no longer be
considered a covered order when it is no longer in effect.
Response to Comments Received
The Bureau is adopting § 1092.202(e) of the final rule, which provides for an outer limit
on the time period during which the existence of a covered order would subject a registered
entity to the registration requirements. In circumstances where a covered order terminates (or
otherwise ceases to remain in effect) within ten years after the order’s effective date, the
registered entity’s obligations to update its filing or to file written statements with respect to the
covered order would cease after its final filing under § 1092.202(f). Where a covered order does
not terminate (or otherwise cease to remain in effect) within ten years of the order’s effective
date, the covered order would no longer require registration as of the later of: (1) ten years after
its effective date; or (2) if the covered order expressly provides for a termination date more than
ten years after its effective date, the expressly provided termination date. The Bureau finalizes

its preliminary conclusions in the proposal336 that, in most cases, it may be less likely to obtain
meaningful information in connection with existing orders after ten years have passed since their
effective dates, and that maintaining the proposal’s registration and written-statement
requirements for at least ten years after the effective date of covered orders that remain in effect
will provide useful information to the Bureau and other uses of the registry, as described in part
IV.
In response to comments incorrectly suggesting that proposed § 1092.202(e)’s sunset
provisions would have specified when information regarding covered orders or covered
nonbanks would be removed from the Bureau’s registry, the Bureau clarifies that, under the final
rule, § 1092.202(e) and (f) together establish when, with respect to a particular covered order, a
covered entity’s obligations to submit updated filings under § 1092.202(b)(2)(ii) and to comply
with § 1092.204’s written-statement requirements expire. These provisions of the final rule do
not address when the Bureau intends to remove information from the nonbank registry or
otherwise to cease publication of such information as provided at § 1092.205. Under the final
rule, the Bureau may maintain any information about covered orders and the covered nonbanks
that are subject to them that may be published under the nonbank registry on a public website
indefinitely, subject to the Bureau’s discretion and pursuant to § 1092.205 and other applicable
law.
With respect to the industry commenter’s suggestion to establish a process to allow
covered nonbanks to petition for removal from the registry before the sunset date established in
§ 1092.201(e), the Bureau declines to adopt this suggestion. The Bureau believes that it is
important to collect information regarding covered orders, including the annual written statement
described in § 1092.204 where applicable, on an ongoing basis for the periods of time described
in the final rule. The Bureau declines to adopt criteria for determining whether covered

88 FR 6088 at 6119.

nonbanks would no longer need to comply with these obligations with respect to particular
covered orders. While the Bureau agrees that many covered nonbanks are likely to take steps to
address issues relating to covered orders, such orders are nevertheless likely to remain probative
of risk to consumers (including risks related to developments in markets for consumer financial
products and services), and the Bureau concludes they should continue to be subject to these
requirements. Also, the Bureau believes that engaging in an ongoing case-by-case assessment of
entities’ compliance efforts with respect to covered orders in order to determine whether
particular covered orders are deserving of an exemption from registration requirements would
invite frivolous petitions, increase the complexity involved in maintaining the nonbank registry,
and would not be a good use of the Bureau’s resources. Likewise, the Bureau disagrees that an
appeals process for the nonbank registry is necessary. As with any other Federal consumer
financial law, the Bureau expects covered nonbanks themselves to identify their responsibilities
under the final rule and to comply with those obligations. Where an entity believes in good faith
the final rule does not require registration, but is not certain the Bureau would agree with its
interpretation, it may file an applicable good faith notification under § 1092.202(g) or
§ 1092.204(f).
The Bureau believes that the final rule is sufficiently clear for entities to comply with the
final rule’s requirements and that a modification to the proposed text is unnecessary. Section
1092.202(e) and (f) together address the variety of situations that may arise where a covered
order does or does not expressly provide for a termination date, as well as situations where a
covered order is modified or otherwise does not actually terminate according to its original
terms. Under the final rule, a covered order that does not expressly provide for a termination
date will cease to be a covered order ten years after its effective date pursuant to § 1092.202(e),
and the applicable covered nonbank must submit a final filing under § 1092.202(f)(1) at that
time—unless the order terminates earlier, in which case the covered nonbank must submit its
final filing at that earlier time. Under § 1092.201(e), a covered order that expressly provides for

a termination date of ten years or less after its effective date will remain a covered order for a
period of ten years from its effective date. Such an order may in fact terminate before the
expiration of the ten-year period, in which case the applicable covered nonbank would submit a
final filing under § 1092.202(f)(1) upon termination of the order, whenever it occurs, and would
have no further obligation to update its registration information or to file written statements with
respect to the order. If, however, the order is extended or for some other reason does not
terminate as originally provided, those obligations will continue until the order actually
terminates or the ten-year period expires. And a covered order that expressly provides for a
termination date more than ten years after its effective date will remain a covered order, and thus
subject to the rule’s registration and (if applicable) written-statement requirements, until it
terminates, at which time the covered nonbank must submit a final filing notice under
§ 1092.202(f)(1).
Where a covered order terminates under its own terms or otherwise, under
§ 1092.202(f)(2), such obligations (including the obligation to submit an annual written
statement) with respect to such a covered order will terminate following the filing of the final
submission described in § 1092.202(f)(1). Thus, although the Bureau is not finalizing a
modification to the sunset period established under proposed § 1092.201(e) to directly reflect the
termination of a covered order as requested by the industry commenters and the SBA Office of
Advocacy, § 1092.202(f)(1) and (2) provide that upon termination of the order a covered
nonbank may submit a final filing and be relieved of its further obligations under appropriate
circumstances, which essentially accomplishes the same result.
The Bureau is adopting the proposal’s approach to the amount of time for which such
requirements are imposed for non-terminated orders under § 1092.202(e). The Bureau finalizes
its preliminary conclusions in the proposal337 that, in most cases, it may be less likely to obtain

88 FR 6088 at 6119.

meaningful information in connection with existing orders after ten years have passed since their
effective dates, and that maintaining the proposal’s registration and written-statement
requirements for at least ten years after the effective date of covered orders that remain in effect
will provide useful information to the Bureau and other uses of the registry.
The Bureau believes that, on average, covered orders that have not been terminated are
likely to remain probative of risk to consumers for at least the period of time specified in
§ 1092.202(e). While the Bureau agrees that it is possible that entities that are subject to such
covered orders may have taken significant steps to address violations of law or other problems
identified in the order, or otherwise taken steps to prevent or remedy related issues, the Bureau
believes that the existence of such covered orders remains probative of risk to consumers
(including risks related to developments in markets for consumer financial products and services)
notwithstanding such subsequent developments and merits continued imposition of the related
registration and written-statement requirements. The final rule’s obligations for registered
entities to update their identifying and other information will help ensure that the information
contained in the registry remains accurate and up to date. When such an order terminates, the
covered nonbank may submit a final filing under § 1092.202(f)(1).
Final Rule
For the reasons set forth above and in the description of the proposal, the Bureau is
finalizing § 1092.202(e) as proposed.
Section 1092.202(f) Requirement to Submit Revised and Final Filings with Respect to Certain
Covered Orders
Proposed Rule
Proposed § 1092.202(f) would have addressed situations where a covered order is
terminated, modified, or abrogated (whether by its own terms, by action of the applicable
agency, or by a court). It would have also addressed situations where an order ceases to be a
covered order for purposes of subpart B by operation of proposed § 1092.202(e). In all such

cases, proposed § 1092.202(f)(1) would have required the registered entity to submit a revised
filing to the NBR system within 90 days after the effective date of the order’s termination,
modification, or abrogation, or after the date the order ceases to be a covered order. The Bureau
believed that this requirement would help in administering the registry, and supporting the
Bureau’s monitoring work by ensuring that the registry is up to date.
Proposed § 1092.202(f)(2) would have addressed situations where a covered order no
longer remains in effect or no longer qualifies as a covered order due to the covered order’s
termination, modification, or abrogation, or the application of § 1092.202(e). In such cases,
proposed § 1092.202(f)(2) would have clarified that following its final filing under paragraph
(f)(1) with respect to the covered order, the registered entity would have no further obligation to
update its filing or to file written statements with respect to such covered order under proposed
subpart B. However, the Bureau explained that it expected to make historical information
publicly available via the NBR registration system. As provided at proposed § 1092.201(m), the
proposal would have defined the term “remains in effect” to mean that the covered nonbank
remains subject to public provisions of the order that impose obligations on the covered nonbank
to take certain actions or to refrain from taking certain actions based on an alleged violation of a
covered law. The Bureau explained that, once a covered nonbank no longer remains subject to
such public provisions, proposed § 1092.202(f)(2) would permit the covered nonbank to cease
updating its registration information and filing written statements with respect to the order.
Comments Received and Final Rule
An industry commenter expressed support for proposed § 1092.202(f)’s treatment of
covered orders containing termination dates. The Bureau did not receive any other comments
specifically regarding § 1092.202(f). Comments addressing the proposal’s approach to the
sunset period established in § 1092.202(e) are addressed in the section-by-section discussion of
§ 1092.202(e) above.

For the reasons set forth in the description of the proposed rule above, the Bureau is
finalizing § 1092.202(f) as proposed, with minor technical edits.338
Section 1092.202(g) Notification by Certain Persons of Non-Registration Under This Section
Proposed Rule
Proposed § 1092.202(g) would have provided that a person may submit a notice to the
NBR system stating that it is not registering pursuant to this section because it has a good-faith
basis to believe that it is not a covered nonbank or that an order in question does not qualify as a
covered order. The Bureau explained that such a filing could be combined with any similar
filing under proposed § 1092.203(f).339 Proposed § 1092.202(g) would have also required the
person to promptly comply with § 1092.202 upon becoming aware of facts or circumstances that
would not permit it to continue representing that it has a good-faith basis to believe that it is not a
covered nonbank or that an order in question does not qualify as a covered order. The Bureau
proposed to treat information submitted under this paragraph as “administrative information” as
defined by proposed § 1092.201(a).
While the Bureau believed the reporting and registration requirements under proposed
§ 1092.202 would impose very minimal burden on nonbank covered persons, and that
determining an entity’s status as a covered nonbank (or an order’s status as a covered order)
should be a straightforward task for the vast majority of relevant persons, the Bureau proposed
§ 1092.202(g) as an additional means of providing flexibility to those few entities where
uncertainty in some respect raises good-faith concerns that they do not meet the definition of a
covered nonbank (or an order does not meet the definition of a covered order). Under the
proposal, such persons could elect to file a notice under proposed § 1092.202(g). The Bureau
explained in its proposal that when a person makes a non-frivolous filing under proposed

See also the section-by-section discussions of § 1092.101(d) and (e) above regarding the Bureau’s adoption of the
revised terms “nonbank registry” and “nonbank registry implementation date.”
See also the section-by-section discussion of § 1092.204(f), which provides a similar option with respect to
§ 1092.204.
§ 1092.202(g) stating that it has a good faith basis to believe that it is not a covered nonbank (or
that an order is not a covered order), the Bureau would not bring an enforcement action against
that person based on the person’s failure to comply with proposed § 1092.202 unless the Bureau
has first notified the person that the Bureau believes the person does in fact qualify as a covered
nonbank (or that an order does qualify as a covered order) and has subsequently provided the
person with a reasonable opportunity to comply with proposed § 1092.202.
Among other things, the Bureau would have permitted entities to file notifications under
proposed § 1092.202(g) when they have a good-faith basis to believe that they do not qualify as a
“covered nonbank” because they constitute part of a “State,” as that term is defined in CFPA
section 1001(27).340 Under proposed § 1092.102(c), the filing of such a notification would not
have affected the entity’s ability to dispute more generally that it qualifies as a person subject to
Bureau authority.341
The Bureau anticipated that, in most cases, it would not respond to § 1092.202(g) notices
with the Bureau’s views on whether filers in fact qualify as covered nonbanks (or whether orders
in fact qualify as covered orders). The Bureau also emphasized that a non-response from the
Bureau should not be misapprehended as Bureau acquiescence in the filer’s assertions in the
notice (or in the legitimacy of the filer’s assertion of good faith). The Bureau, however,
preliminarily concluded that obtaining these notifications may assist the Bureau in better
understanding how potentially regulated entities interpret the scope of proposed § 1092.202.
The Bureau considered alternatives to proposed § 1092.202(g), including an alternative
whereby entities would not file a notice of non-registration with the Bureau, but could avoid
penalties for non-registration if in fact they could establish a good-faith belief that they did not

12 U.S.C. 5481(27). As discussed above, § 1092.201(d)(3) of the final rule excludes States from the definition of
“covered nonbank.”
The Bureau noted that, as an alternative to filing a notification under proposed § 1092.202(g), an entity could
simply choose to register under the proposal, even though it has a good faith basis for believing that it does not
qualify as a covered nonbank (or that its order does not qualify as a covered order). Under proposed § 1092.102(c),
such registration would not prejudice the entity’s ability to dispute the Bureau’s authority over it.
qualify as covered nonbanks subject to § 1092.202 (or their orders did not qualify as covered
orders). The Bureau explained in its proposal that under this alternative, entities would maintain
such good-faith belief so long as the Bureau had not made clear that § 1092.202 would apply to
them (or their orders). Although the Bureau preliminarily concluded that this alternative was not
preferable to requiring entities to actually file a notice of non-registration, the Bureau sought
comment on whether it should finalize this alternative instead. It also sought comment on
whether, if it finalized this alternative, entities would require additional guidance on the
circumstances pursuant to which an entity could no longer legitimately assert a good-faith belief
that § 1092.202 would not apply to its conduct. While the Bureau anticipated that such
circumstances would certainly include entity-specific notice from the Bureau that § 1092.202
applies, the Bureau did not believe such notice should be required to terminate a good-faith
defense to registration. Among other circumstances, the Bureau anticipated that at least formal
Bureau interpretations of (for example) the definition of a “covered person” under the CFPA, or
published Bureau interpretations specific to the scope of the proposed registration requirements,
would generally suffice to terminate such belief.
Comments Received
Tribes commenting on the proposal generally opposed proposed §§ 1092.202(g) and
1092.203(f) as unworkable or inappropriate in the context of determining the rule’s coverage of
entities affiliated or potentially affiliated with tribes. These commenters asserted that tribes, as
self-determining bodies, are the only ones competent to determine the status of an entity as
enjoying Tribal sovereignty. Thus, in their view, U.S. government institutions—whether the
Bureau, other U.S. regulators, or U.S. courts—lack competence to make such determinations.
For these reasons, these commenters generally opposed the notion that the Bureau would be
evaluating the legal foundation for good-faith notifications under proposed §§ 1092.202(g) and
1092.203(f) by entities affiliated with tribes. In their view, rather than collecting and reviewing
such notifications, the Bureau should consult with relevant tribes if it has questions about the

relationship of a particular entity with a tribe. Tribal commenters also stated that requiring tribeaffiliated entities to submit good-faith notifications was itself a violation of Tribal sovereignty.
Tribal commenters stated that these good-faith notification provisions confuse the issue
as to whether tribes are exempt, and that they were unnecessary and should be removed.
As described above, the Bureau specifically sought comment on an alternative to
proposed § 1092.202(g) whereby entities would not file a notice of non-registration with the
Bureau, but could avoid penalties for non-registration if in fact they could establish a good-faith
belief that they did not qualify as covered nonbanks subject to § 1092.202 (or their orders did not
qualify as covered orders). Tribal commenters stated that the Bureau should adopt this
alternative.
Several Tribal commenters also stated that publication of §§ 1092.202(g) and 1092.203(f)
notifications could expose the tribe to costly, frivolous private litigation, as well as force the
Bureau to take a position in connection with third-party claims regarding the sovereign status of
a tribe-affiliated entity.
Proposed §§ 1092.202(g) and 1092.203(f) would have required a person to promptly
comply with applicable requirements upon becoming aware of facts or circumstances that would
not permit it to continue representing that it has a good-faith basis to believe that it is not a
covered nonbank or supervised registered entity, as applicable, or that an order in question does
not qualify as a covered order. A Tribal commenter stated that this requirement’s reference to
unspecified facts and circumstances was vague and overbroad, and stated that the last sentence of
proposed §§ 1092.202(g) and 1092.203(f) should be deleted.
Response to Comments Received
The Bureau disagrees with the tribes’ comments to the extent they suggest the Bureau
cannot evaluate the legal significance of relationships that nonbank covered persons providing

consumer financial products or services claim to have with tribes.342 The Bureau also notes that
if an entity is a federally recognized Indian tribe, it is excluded from the definition of the term
“covered nonbank” under § 1092.201(d)(3)343 and thus from the requirements of the final
rule. Thus, the Bureau disagrees with commenters’ conclusion that proposed § 1092.202(g) or
§ 1092.203(f) would be unworkable or inappropriate in the context of determining coverage of
entities affiliated or potentially affiliated with tribes. In any event, if entities are excluded from
the definition of “covered nonbank” because they are part of a State and thus not subject to the
rule,344 they are not required to file notifications of that status under either good-faith notification
provision in the final rule (§ 1092.202(g) or renumbered § 1092.204(f)). Nor would a decision
not to file a voluntary good-faith notification change or enlarge the coverage of the rule. The
entity has the choice to file such a notice, knowing that if its filing is not frivolous, then, as
described above, it will not be subject to enforcement action on a retroactive basis if the Bureau
later disagrees with the entity’s good-faith position.345
Moreover, the Bureau disagrees that this rulemaking is the appropriate context in which
to issue a determination as to the scope of sovereign immunity or as to what type of ownership or
association with a Tribal government will cause an entity to fall within the scope of the
categories established by Congress in the CFPA. The Bureau will reach determinations in any
particular case upon review of the information before it at that time. As stated in the notice of

See, e.g., CFPB v. Cash Call, 35 F.4th 734, 743-45 (9th Cir. 2022) (upholding district court decision in
agreement with Bureau determination that lender did not have requisite relationship with a tribe for Tribal law to
apply).
This section of the final rule excludes from the definition of the term “covered nonbank” a “State,” as defined in
12 U.S.C. 5481(27)—a term that includes “any federally recognized Indian tribe, as defined by the Secretary of the
Interior” under section 104(a) of the Federal Recognized Indian Tribe List Act of 1994, 25 U.S.C. 5131(a).
As described in the proposal (88 FR 6088 at 6120) with respect to § 1092.202(g), the Bureau would permit
entities to file notifications of non-registration under that section when they have a good faith basis to believe that
they do not qualify as a “covered nonbank” because they constitute part of a “State,” as that term is defined in CFPA
section 1001(27). Entities could similarly file good faith notifications under final § 1092.204(f) for the same reason.
Under the final rule, when an entity makes a non-frivolous filing under § 1092.202(g) or § 1092.204(f), the
Bureau will not bring an enforcement action based on the entity’s failure to comply with § 1092.202 or § 1092.204
unless the Bureau has first notified the person that the Bureau believes the person does in fact qualify as a covered
nonbank or supervised registered entity (as applicable), or the order is a covered order, and has subsequently
provided the person with a reasonable opportunity to comply with § 1092.202 or § 1092.204, as applicable.
proposed rulemaking, the Bureau’s failure to respond to a good-faith notice “should not be
misapprehended as Bureau acquiescence in the filer’s assertions in the notice.”346
The Tribal commenters expressed concern regarding publication of information with
respect to good-faith notifications submitted under proposed §§ 1092.202(g) and 1092.203(f).
The Bureau is finalizing the definition of “administrative information” at § 1092.201(a) to
expressly provide for the treatment of good-faith notifications as administrative information. As
discussed in the section-by-section analysis of that definition above, good-faith notifications
qualify as administrative information, which is excluded from the publication provisions in
§ 1092.205. Thus, contrary to commenters’ concerns, the Bureau disagrees that filing a
§ 1092.202(g) or § 1092.204(f) notification in good faith will lead to publication of the
notification under the final rule, exposing a tribe to frivolous private litigation or improperly
involving the Bureau in third-party claims regarding Tribal sovereignty.
The Bureau finalizes its preliminary conclusion in the proposal347 that obtaining goodfaith notifications may assist the Bureau in better understanding how potentially regulated
entities interpret the scope of § 1092.202, and concludes the same with respect to § 1092.204.
The Bureau wishes to be informed about entities’ interpretations of §§ 1092.202 and 1092.204.
The Bureau declines to adopt the proposed alternative recommended by Tribal commenters,
which would allow entities to claim a good-faith defense to any action enforcing the rule’s
requirements without needing to file a good-faith notification. The proposed alternative would
not provide the Bureau with information regarding the number of entities that might be asserting
such a good-faith exemption or provide the means for the Bureau to follow up with any
questions. It would fail to notify the Bureau of the existence of the entity, its views of whether it
is a covered nonbank or supervised registered entity, or how to contact it. The Bureau finalizes

88 FR 6088 at 6120.

88 FR 6088 at 6120-21.

its preliminary conclusion in the proposal that this alternative is not preferable to the good-faith
notification option set forth in §§ 1092.202(g) and 1092.204(f).
The Bureau concludes that it is appropriate to include provisions in the final rule
requiring a person to promptly comply with the rule’s requirements upon becoming aware of
facts or circumstances that would not permit it to continue representing that it has a good-faith
basis to believe that it is not a covered nonbank or supervised registered entity, as applicable, or
that an order in question is not a covered order. The Bureau concludes that it is necessary to
include these provisions in order to account for changing or previously unknown facts or
circumstances that might render previously filed good-faith notifications incorrect or obsolete,
and to maintain the ongoing accuracy of the information maintained in the nonbank registry.
The Bureau does not believe that these requirements are vague, unclear, or impose on Tribal
sovereign immunity. Notifications may be filed only where the entity has the applicable goodfaith belief. The Bureau believes it is appropriate to require the entity to consider whether any
subsequent cases, regulatory orders, complaints, or other matters may affect the accuracy of its
notifications to the Bureau.
Final Rule
For the reasons set forth above and in the description of the proposal, the Bureau is
finalizing § 1092.202(g) as proposed, with two minor revisions for clarification.348 Proposed
§ 1092.202(g) had referred to a person’s good-faith basis to believe that “an order in question
does not qualify as a covered order,” whereas proposed § 1092.203(f) had referred to a person’s
good-faith basis to believe that “an order in question is not a covered order.” The Bureau does
not intend these two slightly different phrases to mean different things. The Bureau is adopting
revisions to § 1092.202(g) in the two places where this phrase had occurred to refer to a person’s
good-faith basis to believe that “an order in question is not a covered order.”

See also the section-by-section discussions of § 1092.101(d) and (e) above regarding the Bureau’s adoption of the
revised terms “nonbank registry” and “nonbank registry implementation date.”
Section 1092.203 Optional One-Time Registration of NMLS-Published Covered Orders
Section 1092.203(a) One-Time Registration Option
Proposed Rule
The proposal would have required each covered nonbank that is identified by name as a
party subject to a covered order described in proposed § 1092.202(a) to register as a registered
entity with the NBR system in accordance with proposed § 1092.202 if it is not already so
registered, and to provide or update, as applicable, the information described in subpart B in the
form and manner specified by the Bureau. The proposal would also have required submission of
written statements by supervised registered entities in connection with such covered orders as
provided in proposed § 1092.203. Proposed § 1092.204 would have required the Bureau to make
certain information submitted to the NBR system available to the public by means that would
have included publishing it on the Bureau’s publicly available Internet site within a timeframe
determined by the Bureau in its discretion.
Comments Received
In connection with proposed § 1092.102(b), the Bureau sought comment on the types of
coordinated or combined systems that would be appropriate under CFPA sections 1022(c)(7)(C)
and 1024(b)(7)(D) and the types of information that could be obtained from or provided to State
agencies.
Multiple commenters stated that the proposed registry was redundant with existing
registries and other published information, while several consumer advocate commenters stated
that the proposed registry would not be redundant because no existing registry would be
equivalent. For ease of reference, the Bureau is describing these comments and the Bureau’s
responses thereto in this part. Most of these commenters, including the SBA Office of
Advocacy, stated or suggested that the collection and publication of the information described in
the proposal was particularly duplicative of the requirements imposed upon covered nonbanks
that are registered under the NMLS. Commenters stated that, in light of the redundancy with

existing registries and other sources of information, the Bureau should not finalize the proposal
or at least should reconsider the creation of the proposed registry.
Industry and consumer advocate commenters agreed with the Bureau’s statements in the
proposal about the need for a new Bureau registry for nonbank entities that are subject to the
Bureau’s jurisdiction and that are subject to certain agency and court orders. Commenters urged
the Bureau to register various specific types of nonbanks, including nonbank mortgage lenders,
fintech companies, and student financing companies. Commenters also stated that the registry
was particularly important since nonbanks are increasing their market share and otherwise
becoming increasingly relevant in the markets for consumer financial products and services.
Industry and consumer advocate commenters stated that there was a dearth of information about
nonbank financial companies, including their number and type and the practices they engage in.
An industry commenter stressed the importance of ensuring consumers are protected when they
engage with both banks and nonbanks in seeking consumer financial products and services.
A consumer advocate commenter agreed that the Bureau, in administering the nonbank
registry, should rely on information an entity previously submitted to the registry under part
1092 and coordinate or combine systems with State agencies, as provided in proposed
§ 1092.102(b). The commenter stated that not only would this provision allow for more efficient
implementation of the registry by avoiding duplicative or redundant efforts but would also reflect
the importance of this registry to both Federal and State regulators, and that the Bureau should
consider coordination with existing State consumer financial protection agencies.
A joint comment from State regulators stated that a significant share of covered orders on
the proposed registry are currently reported in NMLS, which the comment described as currently
the most comprehensive registry of nonbank financial services providers. The joint comment
stated that in particular there was reason to believe a significant share of the covered order
information captured by the proposed registry for supervised registered entities was likely
already available in NMLS Consumer Access. The comment expressed particular concern with

respect to the confusion that might be generated when consumers compared the information on
the proposed registry with the information available on the NMLS Consumer Access website.
The joint comment stated that consumers visiting either the proposed Bureau registry or NMLS
Consumer Access might be confused as to why they were unable to locate information on certain
companies on one site and not the other. The joint comment also voiced concern that identical or
similar information on the same company published in different formats by different online tools
may frustrate consumers looking for critical financial services information.
The joint comment also stated that NMLS Consumer Access includes information on
actions related to violations of covered consumer protection laws as well as actions related to
licensing or administrative violations that would not be covered under the proposal. Therefore,
the comment stated, NMLS provides consumers with a more complete picture of nonbank
enforcement actions than would be provided by the proposed Bureau registry. The joint
comment stated that if the Bureau chose to proceed, the Bureau should exempt companies from
the requirement of filing a public order if the order is already published on the NMLS Consumer
Access website. Other commenters similarly stated that the Bureau should consider exempting
companies from the rule’s requirements for orders that are already published or available via
NMLS or should otherwise create a safe harbor for entities that comply with NMLS reporting
requirements.
Commenters also made various other arguments and observations related to the NMLS,
including that the proposed registry would be largely duplicative of the NMLS or not necessary
in light of the existence of the NMLS, that NMLS operates in much the same way as the
proposed registry, that the NMLS includes most of the data the Bureau would be looking to
collect in the nonbank registry about covered orders, that the Bureau should more closely tailor
the rule to the NMLS’s requirements to avoid duplication, or that, by failing to use or rely on the
information on the public-facing NMLS website, the Bureau was not coordinating with State
bank regulatory authorities to minimize regulatory burden. In particular, industry commenters

discussed the NMLS Company Form (Form MU1) submitted by nonbanks under the NMLS,
which commenters stated includes a requirement to provide information regarding enforcement
actions within the past 10 years. One industry commenter pointed out that the Form MU1
requires the submission of an attestation by an employee or officer and stated that, although the
language of this attestation is different from the Bureau’s proposal, the intent and purpose are
similar, and the Bureau could rely on the attestation in the Form MU1 rather than the proposed
written statement; another industry commenter similarly stated that the Bureau should be able to
rely on the attestations provided through NMLS filings.
In addition, during the Bureau’s interagency consultations on the proposed and final rule
as described in part V above, certain consulting parties expressed similar concerns regarding
overlap and duplication between the proposed NBR system and NMLS Consumer Access.
Commenters also identified other registries or sources of information regarding agency or
court orders that they stated made the Bureau’s proposal redundant or unnecessary, or stated that
the Bureau should not finalize the proposal in light of the existence of such other sources of
information. Commenters pointed to the websites and registries maintained by individual
Federal and State agencies, the Federal Trade Commission’s Sentinel database and Banned Debt
Collectors list, information maintained by the Better Business Bureau, the Bureau’s own
Consumer Response portal and database, information posted by the U.S. Department of Housing
and Urban Development, information published in connection with lawsuits, and databases
listing public reprimands of credit unions associated with credit union service organizations
(CUSOs). Commenters also stated that the Bureau would be able to obtain adequate information
from other regulators under its information-sharing memorandums of understanding (MOUs)
with those regulators.
Response to Comments Received
Description of Option Adopted Under § 1092.203

After considering the arguments by commenters, the Bureau is adopting a one-time
registration option excepting entities from other requirements of the rule, including the proposed
written-statement requirements, for orders that are published on the NMLS Consumer Access
website. The NMLS Consumer Access website currently makes available for public viewing,
subject to certain terms and conditions of access, certain information regarding companies that
are regulated by State agencies in connection with a variety of financial services industries,
including information regarding administrative and enforcement actions against such
companies.349
The Bureau agrees with commenters that it is consistent with the purposes of the final
rule to adopt such a limited exception. This exception will reduce burden on entities that are
subject to the rule, help avoid confusion, and promote coordination with the States in exercising
the Bureau’s nonbank registration authorities by leveraging information already gathered and
published by the States. Section 1092.203 of the final rule provides an option for covered
nonbanks to submit limited information regarding such covered orders in substitution of
submitting filings about such covered orders to the Bureau-maintained nonbank registry under
the rule’s other provisions. To provide for this option, the Bureau is adopting new § 1092.203 as
well as related new definitions for the terms “NMLS” and “NMLS-published covered order.”
Covered nonbanks will have the option to either register under § 1092.203 with respect to
any applicable NMLS-published covered order(s) or to comply with the general registration
requirements of subpart B with respect to such order(s). Covered nonbanks may opt to register
under the one-time registration provision for all, some, or none of the applicable NMLSpublished covered orders to which they are subject.350 Covered nonbanks that exercise this

See NMLS, “Information About NMLS Consumer Access” (September 9, 2016), at
https://mortgage.nationwidelicensingsystem.org/about/Documents/InformationAboutNMLSConsumerAccess.pdf.
An entity that wishes to confirm that any particular covered order is published on the NMLS Consumer Access
website may either review the information on the NMLS Consumer Access website in a manner consistent with any
terms of use or other conditions on access that may be imposed by the NMLS’s operator, or verify that information
by contacting the State regulator that issued the order or the NMLS’s operator directly.
option with respect to an NMLS-published covered order will be required to submit certain
limited information to the nonbank registry regarding the covered order to enable the Bureau to
coordinate the nonbank registry with the NMLS. Upon exercising this option and submitting the
required information about the NMLS-published covered order, the covered nonbank will have
no further obligation under subpart B to provide information to, or update information provided
to, the nonbank registry regarding the NMLS-published covered order.
The Bureau intends to notify users of the nonbank registry regarding the existence of
NMLS-published covered orders and the covered nonbanks that are subject to them by
publishing under § 1092.205 relevant information about the applicable covered nonbank and
covered order that the Bureau collects under § 1092.203. Such users may then, subject to any
terms of use or other conditions of access that the NMLS’s operator may impose, view a copy of
the order on the NMLS Consumer Access website, as well as any information about the
applicable covered nonbank that may be maintained and published there.
Continued Need for Bureau’s Nonbank Registry That Applies to All Covered Orders and
Covered Nonbanks
The one-time registration option in § 1092.203 will complement the nonbank registry.
The Bureau agrees with the commenters asserting that there is a need for a new Bureau registry
with respect to covered orders issued against nonbank covered persons. As described in part IV
above, the final rule will assist the Bureau in monitoring for risks to consumers in the offering or
provision of a wide range of consumer financial products or services and will impose registration
requirements on a wide range of nonbank covered persons subject to the Bureau’s jurisdiction.
The nonbank registry will accomplish this goal by assisting the Bureau in having access to
relevant information regarding applicable covered nonbanks and covered orders even where
information regarding those entities and orders is not available through the NMLS. The
Bureau’s registry will also help ensure that the Bureau is provided with information about such
covered orders as they are issued across multiple product markets and geographies and in

connection with the wide range of consumer financial products and services regulated by the
Bureau. Thus, there remains a need for the Bureau to adopt its own new nonbank registry in
order to provide the Bureau with information necessary to support its functions under the CFPA.
In addition, for the reasons discussed in part IV(F) and the section-by-section discussion of
§ 1092.205 below, the Bureau intends to publish certain information submitted to its new
nonbank registry.
The Adopted Exception for NMLS-Published Covered Orders Will Reduce Burden on
Registered Entities and Implement the CFPA and § 1092.102(b) by Coordinating with State
Agencies
The Bureau is adopting the option set forth in § 1092.203 in part to reduce burden on
entities that are subject to the final rule. The Bureau’s adoption of § 1092.203 lowers the cost to
firms of the final rule relative to the proposed rule. For entities with NMLS-published covered
orders, exercising this option should take even less employee time than registering under the
other provisions of the rule. As described further below, the Bureau believes that this option will
advance the purposes described herein while imposing less cost on entities subject to the final
rule.
The Bureau is also finalizing this option in part to implement the approach described in
the proposal in discussing proposed § 1092.102(b). There, the Bureau proposed that in
administering the NBR system, the Bureau may coordinate or combine systems in consultation
with State agencies as described in CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D).351 Section
1092.203 is consistent with the Bureau’s statutory mandates under these provisions to consult
with State agencies regarding requirements or systems (including coordinated or combined
systems for registration) in developing and implementing registration requirements under CFPA
sections 1022(c)(7)(C) and with respect to supervisory requirements adopted under CFPA

88 FR 6088 at 6103.

section 1024(b)(7)(D). CFPA section 1022(c)(7)(C) states: “In developing and implementing
registration requirements under [CFPA section 1022(c)(7)], the Bureau shall consult with State
agencies regarding requirements or systems (including coordinated or combined systems for
registration), where appropriate.” 352 Similarly, CFPA section 1024(b)(7)(D) states: “In
developing and implementing requirements under [CFPA section 1022(b)(7)], the Bureau shall
consult with State agencies regarding requirements or systems (including coordinated or
combined systems for registration), where appropriate.” Section 1092.203 will enable the
Bureau to develop and implement the registration requirements of the rule adopted in part under
CFPA section 1022(c)(7), as well as the written-statement requirements adopted under CFPA
section 1024(b)(7), in a manner that allows for “coordinated” and “combined” systems for
registration as indicated under these statutory provisions. As indicated by the consumer advocate
commenter with respect to proposed § 1092.102(b), coordinating or combining systems with
State agencies as provided in § 1092.102(b) of the final rule not only allows for more efficient
implementation of the registry by avoiding duplicative or redundant efforts but also reflects the
importance of this registry to both Federal and State regulators. In addition, § 1092.203’s option
for one-time registration in lieu of filing annual written statements is consistent with
§ 1092.102(b) and with the Bureau’s statutory mandate to consult with State agencies in
developing and implementing requirements adopted under CFPA section 1024(b)(7), including
§ 1092.204’s written-statement requirements.
Notifications submitted by covered nonbanks under § 1092.203(b) will alert the Bureau
to the existence of the order and the relevant covered nonbank, and to the publication of the order
on the NMLS Consumer Access website. Should the Bureau desire to learn more about any
particular NMLS-published covered order, including information about violations identified by
State agencies, it may do so through the NMLS or by contacting relevant State agencies for

12 U.S.C. 5512(c)(7)(C).

additional information, including under the relevant provisions of the CFPA and applicable
information-sharing agreements. Thus, the option adopted at § 1092.203 will promote
coordination with State agencies in connection with the nonbank registry.
The Adopted Exception for NMLS-Published Orders Appropriately Addresses the
Bureau’s Current Need for Information Regarding Applicable Orders and Companies
The Bureau is also providing this option for covered nonbanks in recognition of the
Bureau’s extensive experience with the NMLS, the information that currently is collected under
the NMLS, the Bureau’s access to the NMLS, and the public’s access to the NMLS Consumer
Access website (subject to any applicable terms of use or other conditions). The Bureau
concludes that at this time it currently needs to collect only limited information from covered
nonbanks about covered orders that are published by State agencies on the NMLS Consumer
Access website. Under the final rule, a covered nonbank subject to a covered order that is
published on the NMLS Consumer Access website will have the option to instead notify the
Bureau’s nonbank registry that the order is so published and to provide certain limited
information about itself and the covered order to the Bureau’s nonbank registry. In general,
applicable State regulators submit certain information to the NMLS and keep that information
updated, which will help to ensure the information’s accuracy and timeliness. Furthermore, as
argued by commenters, covered nonbanks are generally subject to legal obligations to provide
truthful and accurate submissions to their State regulators, and the States regularly post
information to NMLS and help ensure the accuracy of the information published there. In light
of these considerations, the Bureau concludes that the information about covered orders that is
available via the NMLS is relatively more likely to be reliable and up to date than information
maintained on systems that are not similarly used, maintained, and monitored by State agencies.
Adopting the one-time registration option will provide the Bureau with much of the
information about covered orders and the nonbank entities that are subject to them that the
Bureau proposed to collect under the proposed rule. The Bureau acknowledges that, by

providing this option, the nonbank registry will not contain all of the information about covered
orders that it would have contained under the Bureau’s registry as described in the proposed rule.
However, the Bureau believes that the adoption of § 1092.203 will provide a number of
significant benefits to the Bureau and to covered nonbanks. While this approach under the final
rule means that the Bureau will likely need to review two different systems in order to obtain
complete information regarding all covered orders, the additional option adopted under the final
rule will facilitate those efforts. Importantly, the information collected under § 1092.203 will
notify the Bureau regarding the existence of covered orders and the covered nonbanks that are
subject to them. This limited filing will notify the Bureau regarding the covered nonbank’s
existence and the existence of the covered order, and will enable the Bureau to obtain more
information about the covered nonbank and the covered order, should it so choose, through other
means, including through the Bureau’s own access to the information stored on NMLS as well as
through other direct communications with applicable State agencies.
The Bureau also concludes that it does not need to impose § 1092.204’s annual written
statement requirements in connection with NMLS-published covered orders in cases where the
applicable covered nonbank has filed a one-time registration under § 1092.203. By submitting
information under § 1092.203, the supervised registered entity will notify the Bureau regarding
the covered nonbank’s existence and the existence of the covered order. The Bureau, based on
its extensive experience with the NMLS, has determined for purposes of this final rule that once
it has been so notified of the existence of a covered nonbank and an applicable NMLS-published
covered order, it generally will be able to obtain sufficient information through the NMLS and
the State authorities participating in that system so as to render annual written statements under
this final rule in connection with such an order unnecessary. Under the CFPA provisions that
provide for sharing of supervisory information among the Bureau and State agencies,353 as well

See 12 U.S.C. 1022(c)(6), 1024(b)(3).

as under its standing information-sharing agreements with the Conference of State Bank
Supervisors (CSBS) and individual State agencies, the Bureau anticipates that it will be able to
obtain information to inform its supervisory prioritizations and activities.
In particular, as discussed by several commenters, many covered nonbanks that are
licensed by State regulators through the NMLS submit the NMLS Company Form MU1 in
connection with various matters relating to their State licenses. The NMLS currently uses the
Form MU1 as its universal licensing form for companies to apply for and maintain
nondepository, financial services licenses from State agencies participating on NMLS. As
discussed by commenters, the current version of Form MU1 requires licensed entities to provide
information to State regulators about a variety of matters, including information about orders
entered against the entity in connection with a financial services-related activity and about
violations of financial services-related regulations or statutes.354 Also as discussed by
commenters, Form MU1 requires the submission of an attestation by an authorized
representative regarding the accuracy of the information submitted. If the Bureau wants
information relevant to the covered nonbank’s compliance with covered orders identified on the
Form MU1, the Bureau generally can obtain such information for its internal use through its
statutory authorities and its information-sharing agreements with CSBS and the relevant State
authorities. Although Form MU1 itself may not provide the Bureau with information about
compliance with a covered order, the Bureau is willing to accept some reduced convenience in
order to reduce regulatory burden and promote coordination with the States with respect to
NMLS-published covered orders. Thus, it is not necessary at this time for the nonbank registry
to collect annual statements under § 1092.204 with respect to an NMLS-published covered order
from a supervised registered entity that opts to submit a filing under § 1092.203 in connection
with that NMLS-published covered order.

See NMLS Resource Center,
https://mortgage.nationwidelicensingsystem.org/slr/common/policy/Pages/default.aspx. A commenter noted that
entities must promptly file updates to their MU1 disclosures as needed.
The Adopted Exception for NMLS-Published Covered Orders Appropriately Addresses
the Current Need to Provide Relevant Information to Other Users of the Bureau’s Registry
In addition, as described in part IV(F) above and in the section-by-section discussion of
§ 1092.205 below, the Bureau intends to publish certain limited information about the entity and
the order as obtained under § 1092.203, for the purpose of notifying other regulators and other
users of the nonbank registry about the entity’s existence and the existence of the covered order.
Users of the information published under § 1092.203 will then have the option, where doing so is
consistent with any NMLS Consumer Access terms of use or other applicable conditions, to
review the information that is published on the NMLS Consumer Access website about the
covered order and the covered nonbank.
While the NMLS does not contain registration information regarding all of the covered
nonbanks that are likely to be subject to the final rule, and does not publish all of the information
that the Bureau will collect and intends to publish under the rule, the Bureau believes that, on the
whole, the information about NMLS-published covered orders made available to the public on
the NMLS Consumer Access website (subject to any applicable terms of use or other conditions)
currently satisfies many of the goals of publication that the Bureau described in its proposal.
These goals include making information about covered nonbanks and the covered orders to
which they are subject readily accessible in a comprehensive and collected manner. As stated by
commenters, the NMLS Consumer Access website currently publishes a wide range of
information regarding those covered nonbanks that are subject to applicable State licensing and
registration requirements, including much of the identifying information that would be collected
under the proposal, such as the entity’s legal name, business address, and NMLS identifier. The
NMLS Consumer Access website is currently searchable by name, company, city, State, ZIP
code, NMLS identification, and/or license number (subject to any applicable terms of use or
other conditions). The NMLS Consumer Access website also currently publishes much of the
same information that would have been collected and published under the proposal with respect

to covered orders—in particular, a copy of the order and relevant information about the agency
that issued or obtained the order. Therefore, where the Bureau publishes information on its
nonbank registry informing users of that system about the existence of a covered nonbank and
the issuance of an applicable order against that nonbank, users can (subject to NMLS Consumer
Access’s terms of use or other applicable conditions) obtain related information from the NMLS
Consumer Access website, including much of the same information about the covered nonbank
and covered order that would have otherwise been available via the proposed nonbank registry.
In addition, many users of the nonbank registry—in particular, many State regulators—have their
own access to the NMLS system and may use that access to obtain additional information about
the company, beyond what is available through the NMLS Consumer Access website.
As stated in the joint comment by State regulators, the one-time registration option
provided in the final rule will also help minimize company, consumer, and other public user
confusion when utilizing both NMLS Consumer Access and the nonbank registry. First,
consumers and other users of the nonbank registry will have the ability to review any
information about the order that is published in the nonbank registry (whether from the limited
filing under § 1092.203 or a more detailed filing under § 1092.202) as well as any information
published on the NMLS Consumer Access website (subject to any applicable terms of use or
other conditions of access), and will be able to associate the NMLS Consumer Access website
and the Bureau’s nonbank registry. Thus, users will have a mechanism to identify and associate
the information provided in both the NMLS Consumer Access website and the Bureau’s
nonbank registry about that company and any relevant covered orders. Second, publication of
the limited information obtained under § 1092.203 as provided under § 1092.205 will help
clarify the identity of the applicable covered nonbanks and the covered orders they are subject to,
and otherwise reduce confusion about the information published on the NMLS Consumer Access
website and the Bureau’s nonbank registry. Thus, the option provided under § 1092.203 will

help reduce the redundancies identified by commenters while maintaining the integrity and
usefulness of the nonbank registry.
Response to Comments Received Regarding Redundancies with Other Registries and
Sources of Information
The Bureau believes that the NMLS represents a uniquely useful complement to the
nonbank registry. The Bureau disagrees with commenters that the other sources of information
identified by commenters diminish the need for the nonbank registry, or that the rule should
accept registration of covered orders under those sources in lieu of registration with the nonbank
registry. As stated above in part IV(B), although referrals from and other information provided
by other agencies have been valuable to the Bureau’s work, the Bureau currently often relies on
other agencies to take proactive steps to contact it. Having access to a centralized list of orders
entered against nonbanks will significantly increase the Bureau’s ability to monitor the market so
that the Bureau can identify, better understand, and ultimately, prevent further consumer harm.
The Bureau disagrees that the indirect method proposed by commenters would be as efficient or
effective as requiring covered nonbanks to directly submit information to the Bureau. Similarly,
requiring the Bureau to proactively reach out and obtain information under its informationsharing memorandums of understanding with other regulators without creating its own registry
would be an inadequate substitute for the final rule.
The Bureau disagrees that simply steering users to the various other public-facing
websites and registries maintained by other Federal agencies, State regulators, State attorneys
general, and local agencies would serve the purposes of the final rule.355 First, such an approach
would be confusing and inefficient for the Bureau and for other users of the public registry the
Bureau intends to establish, who would need to become proficient at searching and otherwise
using the various websites maintained by multiple Federal agencies, State regulators, State

The Bureau also disagrees that the Bureau’s own Consumer Response portal renders the nonbank registry
unnecessary. To the contrary, the Bureau’s consumer response function will be informed by the increased
monitoring of risks and trends provided by the nonbank registry.
attorneys general, and local agencies in order to locate applicable information about covered
orders and covered nonbanks. The sheer number of such websites would present an obstacle to
obtaining full information about all of the covered orders that have been issued against the
covered nonbank. Collecting, keeping track of, and verifying information maintained on a wide
range of uncoordinated Federal, State, and local agency websites would be highly inefficient for
the Bureau and other users of the nonbank registry. Such an approach would also impair the
accuracy of the information maintained by the nonbank registry. The various websites
publishing such orders would be subject to various approaches to maintaining and updating
information about the applicable entities and orders listed on them, including the frequency at
which such information is published and updated. In addition, the external webpage(s) to which
the Bureau directs users for more information regarding an order might be changed or otherwise
become outdated. By contrast, currently the NMLS Consumer Access website generally
maintains updated and consolidated information about entities and orders that are listed on it.
Second, because the information maintained by such a variety of agencies would
necessarily vary in format and presentation, it would be very challenging for the Bureau to
regularly monitor, search, and link to the appropriate selection of orders on the registry that the
Bureau would deem relevant to its jurisdiction. Such websites may not provide information
about nonbanks and orders in a uniform manner that will enable the Bureau to easily locate and
access that information.
Third, the final rule, unlike the alternative information sources suggested by commenters,
is calibrated to collect information relevant to the Bureau’s exercise of its authorities. Even
where another agency publishes a particular order against a covered nonbank, it may not be selfevident to the Bureau that the covered nonbank is a covered nonbank—information that would
be provided in the nonbank registry. The Bureau currently lacks access to any comprehensive
list of covered nonbanks, and thus may not even be aware of such entities or that it should
monitor orders issued against them. Also, neither the orders themselves nor the relevant website

publishing those orders would necessarily provide sufficient information to permit the Bureau to
recognize that the order was a covered order. For example, it may not be clear from the face of
the order the extent to which the violations of law found or alleged in the order arose out of
conduct in connection with the offering or provision of a consumer financial product or service.
Thus, the information that would be collected by the Bureau either by solely linking to a host of
multiple other websites or by reaching out under its information-sharing memorandums of
understanding, or both, would always necessarily be incomplete. Under such an approach, the
Bureau would be required to attempt to discern on an ongoing basis which entities listed on
another agency’s website were subject to its jurisdiction and when they had become subject to a
covered order. Therefore, at a minimum, the Bureau will need to be notified when a covered
order is issued against a covered nonbank, and will need to be notified about the existence of the
covered nonbank and the relevant covered order. The Bureau concludes that imposing a
registration requirement on the covered nonbank itself to register with and notify the Bureau
regarding such matters, as authorized under the CFPA, is the most effective and efficient
mechanism for collecting this information.
Fourth, the Bureau has concluded that it will often be difficult to obtain an adequate
substitute for the information contained in the written statement with respect to covered orders
that are not available through the NMLS. The Bureau is not currently aware of other regularized
and consolidated official sources of information about covered orders that would provide the
information about order violations that would be contained in the written statement.
As an alternative to the approach taken in the final rule, the Bureau considered requiring
covered nonbanks to notify the Bureau when they become subject to a covered order—even one
not published on the NMLS Consumer Access website—in a manner similar to that adopted
under § 1092.203 of the final rule. Under such an alternative system, the Bureau might have
used such notifications to attempt to obtain additional information about the covered nonbank
and the covered order directly under its information-sharing memorandums of understanding

with relevant regulators. However, such a requirement would not have adequately accomplished
the purposes of the registry for the reasons explained above. Because the Bureau could not be
assured that the other Federal, State, and local systems would routinely collect and make
available the types of relevant identifying information about covered nonbanks subject to
covered orders that are currently collected under the NMLS with respect to companies registered
with the NMLS, the nonbank registry would therefore still need to collect such identifying
information directly from registering nonbanks. Moreover, such an approach would require the
Bureau to comb through a large number of different websites maintained by various Federal
agencies, State regulators, State attorneys general, and local agencies, all using their own
organization, formats, naming conventions, frequency of posting and updating, and other
matters. Such an approach would be cumbersome at best not only for the Bureau but also for
registering entities themselves. Such an approach would therefore represent a less efficient and
effective means of accomplishing the purposes of the final rule, including registering applicable
covered nonbanks and supporting the objectives and functions of the Bureau through monitoring
markets for consumer financial products and services, than the approach being adopted by the
Bureau under § 1092.203.
That approach is comparatively much more useful both for the Bureau and for other
potential users of the registry. As discussed above, filings submitted under § 1092.203 will
notify both the Bureau and such other potential users when a covered order is issued against a
covered person. Then the Bureau and other users will be able to use the NMLS to access
additional information about the covered nonbank and covered order (subject to any applicable
terms of use or other conditions). The NMLS and applicable State regulators generally collect
identifying information about most of the companies that have applicable orders published on the
NMLS Consumer Access website. For example, the NMLS Form MU1 requires companies to
provide information regarding their legal name, address, NMLS number, and State licensing
information. The Bureau will generally be able to obtain this information from NMLS and

directly from State regulators. (While the Bureau understands that some covered nonbanks that
are subject to an NMLS-published covered order may not have created an NMLS account—for
example, where a covered order is issued against a company that is not appropriately licensed by
an applicable State—the Bureau also understands that the number of such covered nonbanks is
comparatively small. The Bureau intends to use the information collected through the nonbank
registry to better understand the number of such companies, and intends to continue to consult
with State agencies and the NMLS’s operator regarding coordination of the nonbank registry and
the NMLS.) Thus, the Bureau believes it will more readily be able to identify most covered
nonbanks that register an NMLS-published covered order than it would be able to identify
covered nonbanks subject to other types of covered orders.
In addition, the NMLS, which is maintained through the coordinated action of the States,
will be relatively simple for the Bureau to monitor and to coordinate with. The NMLS provides
a valuable coordination function by organizing information about registered nonbank companies,
generally by assigning an NMLS identification number for the company and assembling relevant
identifying and licensing information together in an accessible manner. Limiting the number of
places where the Bureau will need to search in order to obtain information about covered
nonbanks and covered orders to two—the nonbank registry and the NMLS—will help limit the
Bureau’s search costs, and conserve resources that it could apply elsewhere, including to monitor
for risk to consumers in other ways. By minimizing the number of places such information will
be located, the final rule will also help minimize variation in the steps that would be required to
obtain access to the information or any controls that may be placed on access to the information,
and the ways or formats in which that information may be posted. Thus, the final rule will help
ensure access by the Bureau to more uniform and consistent reporting about covered nonbanks
and covered orders.
In addition to providing a consolidated source of information to the Bureau, the NMLS is
also comparatively a more useful resource for other users of the public registry the Bureau

intends to establish than a collection of other websites would be. As discussed above, where the
Bureau publishes information on its nonbank registry informing users of that registry about the
existence of a covered nonbank and the issuance of an applicable order against that nonbank,
State regulators will generally be able to obtain related information from the NMLS pursuant to
their arrangements with NMLS. In addition, as discussed above, the NMLS Consumer Access
website currently publishes a wide range of information regarding those covered nonbanks that
are subject to applicable State licensing and registration requirements, including much of the
identifying information that would be collected under the proposal, such as the entity’s legal
name, business address, and NMLS identifier. Other users of the nonbank registry may use the
NMLS Consumer Access website to access copies of, and other information about, NMLSpublished covered orders and covered nonbanks that are registered with the NMLS, so long as
that access is consistent with any terms of use or other conditions of access that NMLS may
impose. Thus, the NMLS Consumer Access website provides a centralized point of access
(subject to NMLS Consumer Access’s applicable terms of use or other conditions of access) for
persons seeking to learn more about NMLS-published covered orders and covered nonbanks.
Moreover, publication on the NMLS Consumer Access website will help ensure that such orders
are presented in a format that is uniform and consistent, which will reduce the opportunity for
confusion for persons who are attempting to locate and learn about NMLS-published covered
orders.
Therefore, the Bureau has determined that maintaining its own registry, with the
alternative option for one-time registration of NMLS-published covered orders provided in
§ 1092.203, will best serve the purposes of the final rule as described herein.
Final Rule
For the reasons described above and as follows in this section-by-section analysis, the
Bureau is finalizing a new § 1092.203, and is renumbering the remainder of the sections of
subpart B to part 1092 accordingly. Consistent with the approach suggested by commenters, this

section will provide an express exception from some of the requirements of the rule as proposed
(including the proposed written-statement requirements) for orders that are published on the
NMLS Consumer Access website, which may be exercised at the option of the covered nonbank
in lieu of registering under subpart B generally with respect to such orders.
The Bureau is adopting corresponding definitions of the terms “NMLS” and “NMLSpublished covered order” at § 1092.201(j) and (k). See the discussion of these definitions in the
section-by-section discussion of these sections above.
With respect to any NMLS-published covered order, a covered nonbank that is identified
by name as a party subject to the order may elect to comply with the one-time registration option
described in this section in lieu of complying with the requirements of §§ 1092.202 and
1092.204. Section 1092.203(c) provides that, once a covered nonbank avails itself of this option,
and chooses to file the information required under § 1092.203(b) with respect to an NMLSpublished covered order, the covered nonbank shall have no further obligation under subpart B to
provide information to, or update information provided to, the nonbank registry regarding the
NMLS-published covered order.
As discussed above, by collecting and potentially publishing limited information for the
purpose of coordinating the nonbank registry with NMLS, the final rule will also promote
coordination with States in accordance with CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D).
As provided in § 1092.201(k), no covered order issued or obtained at least in part by the
Bureau shall be an NMLS-published covered order. Thus, a covered nonbank must comply with
the requirements of § 1092.202 and (where applicable) § 1092.204 with respect to a covered
order that has been issued or obtained at least in part by the Bureau and may not elect to comply
with the one-time registration option described in § 1092.203 with respect to such a covered
order whether or not the order has been published on the NMLS Consumer Access website. This
restriction applies whether the applicable covered order was issued either by a court or by the
Bureau itself, so long as the order was issued in any action or proceeding brought at least in part

by the Bureau. The Bureau has a special interest in monitoring its own orders, and in obtaining
updated information under § 1092.202 regarding them. The identifying information submitted
under § 1092.202, and the final rule’s obligation to update that information in the event of
changes, could provide new and useful information to the Bureau in monitoring and enforcing its
own orders. For example, a covered nonbank subject to a Bureau covered order that moves its
principal place of business or changes its name will be required to notify the Bureau. Also, the
Bureau has a special interest in obtaining annual written statements under § 1092.204 from
supervised registered entities regarding such Bureau orders. The written statements will provide
information regarding ongoing compliance with the Bureau order and the name and title of the
attesting executive, will otherwise facilitate the Bureau’s supervision of entities subject to its
orders, and will help the Bureau detect and assess risks to consumers in connection with the
orders it has issued or obtained. The Bureau also concludes that the rule’s written-statement
requirements should be imposed on supervised registered entities subject to covered orders that
have been issued or obtained by the Bureau to ensure that such entities are legitimate entities and
are able to perform their obligations to consumers. Thus, the final rule requires covered
nonbanks to comply with § 1092.202 and (where applicable) § 1092.204 with respect to such
covered orders whether or not they are published on the NMLS Consumer Access website.
Section 1092.203(b) Information to Be Provided
Proposed Rule
See the section-by-section discussion of § 1092.203(a) above for a discussion of the
proposal’s requirements regarding submission of information and written statements and
publication of information relating to covered orders.
Comments Received
See the section-by-section discussion of § 1092.203(a) above for a summary of
comments received requesting an exception for NMLS-published covered orders as well as

comments received regarding alleged redundancies with other registries and sources of
information.
Final Rule
For the reasons described above and as follows in this section-by-section analysis, the
Bureau is adopting a new § 1092.203(b) requiring a covered nonbank that chooses to exercise the
option described in § 1092.203(a), in the form and manner specified by the Bureau, to provide
such information that the Bureau determines is appropriate for the purpose of identifying the
covered nonbank and the NMLS-published covered order, and otherwise for the purpose of
coordinating the nonbank registry with the NMLS. The Bureau will provide instructions
regarding the submission of such information in filing instructions issued under § 1092.102(a).
The Bureau is finalizing this requirement in order to help ensure that it obtains adequate
information regarding NMLS-published covered orders to maintain the usefulness of the
nonbank registry with respect to such orders. Without such a requirement, the Bureau may not
learn about the existence of such orders or the applicable covered nonbank, or may not be
informed that the covered nonbank is a covered nonbank subject to its jurisdiction or that the
covered order is a covered order. Such matters are critical for the Bureau to be informed about
so that it may understand when information regarding such matters that is of interest to the
Bureau and relevant to its jurisdiction may be available from State agencies. The Bureau will
also need this information in order to help coordinate the nonbank registry with the NMLS,
including to verify that an applicable NMLS-published covered order is in fact published on the
NMLS Consumer Access website and to obtain information regarding the applicable covered
nonbank and the NMLS-published covered order.
Under § 1092.205 of the final rule, the Bureau intends to publish certain information that
the nonbank registry collects under § 1092.203. As described above and in the section-bysection discussion of § 1092.205 below, and except as provided therein, the Bureau believes the
publication of certain information collected under § 1092.203 will be in the public interest, in

order to allow users of the Bureau’s public registry to identify that a covered nonbank has
become subject to a covered order and (consistent with any applicable terms of use or other
conditions of access) to be able to locate information about that covered nonbank and covered
order on the NMLS Consumer Access website. The Bureau may also collect additional
information under § 1092.203 for the purpose of coordinating the nonbank registry with the
NMLS that it may choose not to publish. In administering the nonbank registry, the Bureau will
implement § 1092.203 along with § 1092.102(b) as part of coordinating or combining systems in
consultation with State agencies.
203(c) No Further Obligation to Provide or Update Information
Proposed Rule
See the section-by-section discussion of § 1092.203(a) above for a discussion of the
proposal’s requirements regarding submission of information and written statements and
publication of information relating to covered orders.
Comments Received
See the section-by-section discussion of § 1092.203(a) above for a summary of
comments received requesting an exception for NMLS-published covered orders as well as
comments received regarding alleged redundancies with other registries and sources of
information.
Final Rule
For the reasons described above and as follows in this section-by-section analysis, the
Bureau is adopting a new § 1092.203(c) stating that, upon providing the information described in
§ 1092.203(b), the covered nonbank shall have no further obligation under subpart B to provide
information to, or update information provided to, the nonbank registry regarding the NMLSpublished covered order. Thus, once a covered nonbank has submitted the information specified
in the filing instructions adopted under § 1092.102(a) for an applicable NMLS-published
covered order, the covered nonbank will have no further obligation to provide information to, or

update information provided to, the nonbank registry regarding the NMLS-published covered
order. Thus, among other things, following such a submission, the covered nonbank need not
submit either an initial or a revised filing under § 1092.202(b)(2) with respect to the NMLSpublished covered order. (However, if the covered nonbank is also subject to at least one other
covered order that is registered or required to be registered under § 1092.202, and such other
order(s) is not eligible for registration under § 1092.203 or the covered nonbank has not opted to
register the order(s) under that provision, the covered nonbank will remain subject to
§ 1092.202(b)(2)’s requirements with respect to such other covered order(s), including the
ongoing obligation to update its identifying information.) If the covered nonbank is a supervised
registered entity, then, following such a submission under § 1092.203, it will not be required to
submit an annual written statement under § 1092.204 or otherwise comply with the requirements
of that section in connection with the applicable NMLS-published covered order.
As described in the section-by-section analysis of § 1092.203(a) above, the Bureau
believes that this exception to the requirements of the final rule with respect to NMLS-published
covered orders is consistent with the purposes of the final rule described in part IV above. This
exception will reduce burden on entities that are subject to the rule, help avoid confusion, and
promote coordination with the States in exercising the Bureau’s nonbank registration authorities
by leveraging information already gathered and published by the States.
Section 1092.204 Annual Reporting Requirements for Supervised Registered Entities
Proposed § 1092.203, which is renumbered in the final rule as § 1092.204, would have
required supervised registered entities annually to identify an executive (or executives) who is
responsible for and knowledgeable of the firm’s efforts to comply with orders identified in the
registry. The proposal would also have required supervised registered entities to submit on an
annual basis a written statement signed by that executive (or executives) regarding the entity’s
compliance with orders in the registry.

The Bureau is finalizing this component of the proposal, with certain changes to the
proposed regulatory text that are discussed below. Below, the Bureau first addresses comments
regarding the Bureau’s legal authority to impose the requirements in § 1092.204 and then
discusses § 1092.204’s individual paragraphs.
Proposed Rule’s Discussion of the Bureau’s Legal Authority to Impose Written-Statement
Requirements
The Bureau relied on its rulemaking authority under CFPA section 1024(b)(7)(A)–(C) in
requiring supervised registered entities to submit written statements.356 The Bureau explained
that each of those paragraphs provides independent authority for the requirement to submit
written statements. First, the Bureau explained, CFPA section 1024(b)(7)(A) and (B) authorize
these written-statement requirements because the statements would facilitate the Bureau’s
supervision efforts and its assessment and detection of risks to consumers. The Bureau believed
the proposed written statement would facilitate the Bureau’s supervision efforts, including by
providing the Bureau with important additional information regarding risks to consumers that
may be associated with the covered order; informing the Bureau’s risk-based prioritization of its
supervisory activities under CFPA section 1024(b); and improving the Bureau’s ability to
conduct its supervisory and examination activities with respect to the supervised nonbank, when
it does choose to exercise its supervisory authority. The Bureau noted that submission of a
written statement that identifies noncompliance with reported orders would provide the Bureau
with important information regarding risks to consumers that may be associated with the order.
The Bureau further noted that such orders themselves frequently contain provisions aimed at
ensuring an entity’s future legal compliance with the covered laws violated. The Bureau
believed that an entity’s compliance with such provisions may mitigate the continuing risks to
consumers presented by the entity and thus the potential need for current supervisory activities.

12 U.S.C. 5514(b)(7)(A)–(C).

By contrast, the Bureau also believed that evidence of noncompliance with an order requiring
registration under the proposal would be probative of a potential need for supervisory
examination of the supervised nonbank and would be a relevant factor for the Bureau to consider
in conducting its risk-based prioritization of its supervisory program under CFPA section
1024(b)(2), including (b)(2)(C), (D), and (E). Likewise, in cases where the Bureau determined
to exercise its supervisory authorities with respect to a supervised nonbank required to submit
written statements under the proposal, the Bureau expected that those written statements would
provide important information relevant to conducting examination work. For example, the
Bureau explained that it might use the written statements in determining what information to
require from a supervised nonbank, in determining the content of supervisory communications
and recommendations, or in making other decisions regarding the use of its supervisory
authority.
Second, the Bureau explained in the proposal that it has authority to require preparation
of the written statements under CFPA section 1024(b)(7)(C) because the written statements will
help ensure that supervised registered entities “are legitimate entities and are able to perform
their obligations to consumers.”357 The Bureau interpreted CFPA section 1024(b)(7)(C) as
authorizing it to prescribe substantive rules to ensure that supervised entities are willing and able
to comply with their legal obligations to consumers, including those imposed by Federal
consumer financial law. The Bureau believed that the proposed requirement to submit an annual
written statement would help ensure that the supervised registered entity takes its legal duties
seriously, and that it is not treating the risk of enforcement actions for violations of legal
obligations as a mere cost of doing business. If an entity reported under proposed
§ 1092.203(d)(2) that it violated its obligations under covered orders, the Bureau noted that may
indicate that the entity lacks the willingness or ability more generally to comply with its legal

12 U.S.C. 5514(b)(7)(C).

obligations, including its obligations under the Federal consumer financial laws that the Bureau
enforces. The Bureau believed that that would especially be the case if an entity reported
violations under proposed § 1092.203(d)(2) in multiple years or with respect to multiple covered
orders, or if the violation amounted to a repeat of the conduct that initially gave rise to the
covered order. The Bureau noted that, under CFPA section 1024(b)(2),358 the Bureau may
prioritize such an entity for supervisory examination to determine whether the entity has worked
in good faith to maintain protocols aimed at ensuring compliance with its legal obligations and
detecting and appropriately addressing any legal violations that the entity may commit. In this
way, the Bureau explained that the written statement required by proposed § 1092.203(d)(2)
would assist the Bureau in ensuring that supervised registered entities are legitimate entities and
are able to perform their obligations to consumers.
Certain Comments Received Regarding the Bureau’s Legal Authority to Impose WrittenStatement Requirements
Some industry commenters questioned the Bureau’s authority to impose the writtenstatement requirements, while some consumer advocate commenters stated that the Bureau was
authorized to impose the written-statement requirements. The Bureau finalizes its conclusion set
forth in the proposal that CFPA section 1024(b)(7) authorizes the rule’s written-statement
requirements.359 The Bureau discusses and responds to some of these comments together in this
part for ease of reference. For further discussion of the written-statement requirements in the
final rule and the Bureau’s responses to comments received, see the section-by-section analysis
of § 1092.204 below.
Commenters focused primarily on the meaning of CFPA section 1024(b)(7)(B) and
1024(b)(7)(C). Industry commenters commented that the proposed written statement would not
qualify as a “record” within the meaning of CFPA section 1024(b)(7)(B). They also argued that

12 U.S.C. 5514(b)(2).

See, e.g., 88 FR 6088 at 6091-93, 6125.

section 1024(b)(7)(B) only allows the Bureau to require a supervised entity to produce records,
not to compel an individual executive to provide the required written statement. Further, an
industry commenter stated that the written-statement requirement is not the type of rule
contemplated by CFPA section 1024(b)(7)(C) because, in the group’s view, the requirement does
not address the competency of management or financial requirements to ensure an entity’s
solvency. Finally, commenters contended that Congress’s express provision for certification or
attestation requirements in other statutory provisions360 implies that the Bureau lacks the
authority to impose the proposed written-statement requirement under CFPA section 1024(b)(7)
because that provision does not expressly address such a requirement.
The Bureau’s Response to Certain Comments Received Regarding the Bureau’s Legal
Authority to Impose Written-Statement Requirements
The Bureau finalizes its conclusion that CFPA section 1024(b)(7) authorizes the Bureau
to impose the written-statement requirements contained in § 1092.204. As an initial matter,
commenters are wrong in suggesting that Congress’s express provision for certification or
attestation requirements in provisions like 7 U.S.C. 6s(k)(3)(B)(ii), 12 U.S.C. 1851(f)(3)(A)(ii),
15 U.S.C. 7241(a), and 15 U.S.C. 7262(b) implies that the Bureau lacks authority to impose the
written-statement requirement under section 1024(b)(7). The commenters appear to be relying
on the principle articulated in Russello v. United States that Congress generally “acts
intentionally and purposely in the disparate inclusion or exclusion” of statutory language.361
That principle, however, only applies when “Congress includes particular language in one
section of a statute but omits it in another section of the same Act.”362 By contrast, “[l]anguage
in one statute usually sheds little light upon the meaning of different language in another

Commenters cited 7 U.S.C. 6s(k)(3)(B)(ii), 12 U.S.C. 1851(f)(3)(A)(ii), 15 U.S.C. 7241(a), and 15 U.S.C.
7262(b).
361

Russello v. United States, 464 U.S. 16, 23 (1983) (citation omitted).

Id.

statute.”363 Therefore, 15 U.S.C. 7241(a) and 7262(b), which Congress enacted in the SarbanesOxley Act of 2002,364 have little bearing on the proper interpretation of CFPA section
1024(b)(7).
While 7 U.S.C. 6s(k)(3)(B)(ii) and 12 U.S.C. 1851(f)(3)(A)(ii), like section 1024(b)(7),
were enacted in the Dodd-Frank Act (albeit in different titles than section 1024(b)(7)), those
provisions are also insufficient to invoke the Russello principle. That principle infers meaning
from differences in language between statutory provisions that are otherwise similarly worded.
Accordingly, the inference “grows weaker with each difference in the formulation of the
provisions under inspection.”365 Also, the Russello principle “applies with limited force” to
broadly worded statutes.366 The Russello principle is founded on the premise that “the absence
of the words used in [a separate statutory provision] could indicate an intention to exclude their
application” in the principal provision at issue.367 It, however, “makes less sense to draw that
inference when … the provision at issue uses broader language that encompasses the meaning of
the absent words and thus did not need to expressly include them.”368
Applying those considerations here, 7 U.S.C. 6s(k)(3)(B)(ii) and 12 U.S.C.
1851(f)(3)(A)(ii) provide no basis for reading into CFPA section 1024(b)(7) an atextual
limitation that would prevent the Bureau from imposing the written-statement requirement. The
provisions do not use parallel wording. While 7 U.S.C. 6s(k)(3)(B)(ii) and 12 U.S.C.

Id. at 25.

Public Law 107-204, 116 Stat. 745.

City of Columbus v. Ours Garage & Wrecker Serv., Inc., 536 U.S. 424, 435-36 (2002); accord Clay v. United
States, 537 U.S. 522, 532 (2003); see also Nat’l Postal Policy Council v. Postal Regulatory Comm’n, 17 F.4th 1184,
1191 (D.C. Cir. 2021) (Russello presumption “has limited force” when “two provisions use different words and are
not otherwise parallel”); United States v. Councilman, 418 F.3d 67, 74 (1st Cir. 2005) (“[I]f the language of the two
provisions at issue is not parallel, then Congress may not have envisioned that the two provisions would be closely
compared in search of terms present in one and absent from the other.”).
366

See United States v. O’Donnell, 608 F.3d 546, 552 (9th Cir. 2010).

Id.

Id.; see also Adirondack Med. Ctr. v. Sebelius, 740 F.3d 692, 697 (D.C. Cir. 2014) (explaining that the “expressio
unius canon” is a “poor indicator of Congress’ intent” to limit the scope of an otherwise “broad grant of authority”);
Councilman, 418 F.3d at 74 (“The Russello maxim … is simply a particular application of the classic principle
expressio unius est exclusio alterius ”).
1851(f)(3)(A)(ii) focus on particular reporting requirements, CFPA section 1024(b)(7) provides a
general grant of rulemaking authority to facilitate supervision, assessment, and detection of risks
to consumers, and to ensure that supervised entities are legitimate and are able to perform their
obligations to consumers. Further, as explained in greater detail below, Congress used expansive
language in section 1024(b)(7) that encompasses the authority to impose the written-statement
requirements. The contrast that the commenters attempt to draw between section 1024(b)(7) and
other, more limited provisions imposing certification or attestation requirements does not support
restricting section 1024(b)(7)’s breadth.
Turning to the specific subparagraphs of CFPA section 1024(b)(7), no commenter
specifically addressed the Bureau’s statements in the notice of proposed rulemaking that CFPA
section 1024(b)(7)(A) provides a “distinct, independently sufficient basis for the proposed
written-statement requirements.”369 In the absence of any comments specifically challenging the
proposition that CFPA section 1024(b)(7)(A) authorizes the written-statement requirements, the
Bureau finalizes its conclusion that section 1024(b)(7)(A) supports those requirements. The
written-statement requirements will “facilitate [the Bureau’s] supervision” efforts and its
“assessment and detection of risks to consumers” within the meaning of section 1024(b)(7)(A).
In particular, the written-statement requirements will provide the Bureau with important
additional information regarding risks to consumers that may be associated with the covered
order; inform the Bureau’s risk-based prioritization of its supervisory activities under CFPA
section 1024(b); and improve the Bureau’s ability to conduct its supervisory and examination
activities with respect to the supervised nonbank, when it chooses to exercise its supervisory
authority. Because CFPA section 1024(b)(7)(A) provides a distinct grant of authority separate
from CFPA section 1024(b)(7)(B) or 1024(b)(7)(C)—a proposition not disputed by any
commenter—section 1024(b)(7)(A) suffices to support the written-statement requirements, even

88 FR 6088 at 6090; see also id. at 6093 (“Section 1024(b)(7) of the CFPA … identifies three independent
sources of Bureau rulemaking authority.”); id. at 6125 (“Each of th[e] paragraphs [in CFPA section 1024(b)(7)(A)(C)] provides independent authority for the requirement to submit written statements.”).
if (as the commenters argue) the written statement did not qualify as a “record” that the Bureau
could require under section 1024(b)(7)(B) and also was not authorized by section 1024(b)(7)(C).
Although not necessary to support the written-statement requirements, the Bureau also
concludes that section 1024(b)(7)(B) authorizes those requirements as well. Section
1024(b)(7)(B) authorizes the Bureau to require entities subject to its supervisory authority “to
generate, provide, or retain records for the purposes of facilitating supervision … and assessing
and detecting risks to consumers.”370 As the Bureau has explained,371 the term “records” in
section 1024(b)(7)(B) is broad. It includes any “[i]nformation that is inscribed on a tangible
medium or that, having been stored in an electronic or other medium, is retrievable in
perceivable form,” or any “documentary account of past events.”372 The written statement
required by § 1092.204 easily qualifies as a “record” under that definition. The written statement
provides “[i]nformation” or a “documentary account” of past events—namely, the fact of
“whether, to the attesting executive’s knowledge, the supervised registered entity during the
preceding calendar year identified any violations or other instances of noncompliance” with an
applicable covered order, as well as the steps the attesting executive undertook to review and
oversee the supervised registered entity’s activities with respect to the covered order. Even
under commenters’ preferred definitions of “record,” the written statement fits the bill. It “set[s]
down in writing,” “furnish[es] written evidence” of, and “gives evidence of” the matters required
to be addressed in the written statement. It also “recalls or relates past events.” Put another way,
the written statement provides “a description of actions taken by the business,” which
commenters recognize “might constitute a ‘record.’” Because the written statement qualifies as a

12 U.S.C. 5514(b)(7)(B).

See 88 FR 6088 at 6093.

Record, Black’s Law Dictionary (11th ed. 2019); accord Record, Webster’s Third New International Dictionary
(1981) (“an account in writing or print (as in a document) … intended to perpetuate a knowledge of acts or events”;
“a piece of writing that recounts or attests to something”); Record, American Heritage Dictionary of the English
Language, https://www.ahdictionary.com/word/search.html?q=record (“[a]n account, as of information or facts, set
down especially in writing as a means of preserving knowledge”).
“record,” section 1024(b)(7)(B) authorizes the Bureau to require supervised nonbanks to
“generate”—i.e., create373—such written statements and “provide” them to the Bureau.374
Contrary to commenters’ assertions, § 1092.204(d) does not require the entity to comply
with covered orders, or to engage in, or to refrain from, other specific non-recordkeeping
conduct. Rather, the two elements of the written statement required under § 1092.204(d)(1) and
(2) are statements about facts that will already exist at the time the written statement is
submitted—namely, the steps the executive took, and whether or not the entity identified any
applicable violations. Section 1092.204(d) merely requires that the supervised registered entity
generate and submit a record (signed by the attesting executive) about those existing facts.
The commenters suggest that, because the Bureau uses the term “attest” in describing the
statements required to be included in the written statement, the document cannot qualify as a
“record.” But nothing about the use of the term “attest” changes the substance of the writtenstatement requirements or takes the written statement outside the realm of the term “records.”
“Attest” means to “affirm to be true or genuine.”375 It is common to refer to the maker of a
record as having “attest[ed]” to the information contained in that record. Indeed, Webster’s
Third New International Dictionary uses the word “attest” in defining the word “record”: The
definition of “record” includes “a piece of writing that recounts or attests to something.”376
Further, contrary to commenters’ suggestion, the fact that § 1092.204(e) requires the
supervised entity to “maintain documents and other records sufficient to provide reasonable
support” for its written statement does not transform the written statement into something other
than a “record.” Information contained in documents that constitute “records” is often supported

See Generate, Webster’s Third New International Dictionary (1981) (defining “generate” as “to bring into
existence”).
374

12 U.S.C. 5514(b)(7)(B).

Attest, Webster’s Third New International Dictionary (1981); accord Attest, Black’s Law Dictionary (11th ed.
2019) (“[t]o affirm to be true or genuine”); Attest, American Heritage Dictionary of the English Language,
https://www.ahdictionary.com/word/search.html?q=attest (“[t]o affirm to be correct, true, or genuine”).
376

Record, Webster’s Third New International Dictionary (1981) (emphasis added).

by other “records.” For example, accounting journals or ledgers are “records,” even though they
are often based on other “records,” such as receipts or invoices.377 Similarly, § 1092.204(e)’s
recordkeeping requirement does not render the written statement a non-“record.”
Commenters also contend that the Bureau is exceeding its authority under section
1024(b)(7)(B) by imposing the requirement to submit written statements on individual
executives. According to commenters, section 1024(b)(7)(B) only allows the Bureau to require a
supervised entity to produce records; it does not allow the Bureau to require an executive of a
supervised entity to provide any such certification. The commenters, however, do not accurately
describe the nature of the requirements imposed by § 1092.204 of the Bureau’s rule. Section
1092.204 imposes requirements on supervised registered entities, not on any particular
individuals. Supervised registered entities with applicable covered orders must designate
attesting executives who satisfy certain criteria, and they must submit a written statement that is
signed by the attesting executive “on behalf of the supervised registered entity.”378 Those
obligations belong to the supervised registered entity, not to any individual. If a supervised
registered entity failed to designate an attesting executive or to submit a written statement when
required to do so, the supervised registered entity—not a particular individual—would
potentially be subject to an enforcement action. It is thus simply incorrect to suggest that
§ 1092.204 imposes requirements on corporate executives in their personal capacities. To be
sure, as with any other regulatory obligation, supervised registered entities, like any legal entity,
must take steps to comply with § 1092.204 through their agents. But the obligations under
§ 1092.204 belong to supervised registered entities, not to particular individuals acting in their
personal capacities.

See, e.g., 2 Robert P. Mosteller et al., McCormick on Evidence § 287 (8th ed. 2022) (explaining that accounting
journals or ledgers may be admissible under the hearsay exception for records of regularly conducted activities, even
though the journals or ledgers are based on other records).
378

Section 1092.204(b), (d).

For the reasons discussed above, the Bureau does not find the comments challenging its
reliance on section 1024(b)(7)(B) persuasive. The Bureau thus finalizes its conclusion that
section 1024(b)(7)(B) authorizes § 1092.204’s written-statement requirements.
In addition, the Bureau finalizes its conclusion that CFPA section 1024(b)(7)(C) provides
a distinct, independent statutory basis for § 1092.204’s written-statement requirements. Section
1024(b)(7)(C) authorizes the Bureau to prescribe rules to ensure that nonbanks subject to its
supervisory authority “are legitimate entities and are able to perform their obligations to
consumers.”379 As the Bureau has explained, § 1092.204’s written-statement requirements
further the statutory purposes specified in section 1024(b)(7)(C) because those requirements will
facilitate the Bureau’s assessment of whether a company is willing and able to satisfy its legal
obligations, including those set forth in covered orders.380
In response, commenters assert that the types of requirements contemplated by section
1024(b)(7)(C) address the competency of management and financial requirements to ensure the
entity’s solvency, and according to commenters, the written-statement requirements do “not
further either of those statutory purposes.” As an initial matter, the commenters’ argument fails
on its own terms because § 1092.204’s written-statement requirements “address the competency
of management.” If an entity is violating its obligations under a covered order, or its executives
are not taking sufficient steps to effectively oversee the entity’s compliance with its obligations
under such an order, that would raise concerns regarding “the competency of [the entity’s]
management.”
The commenters also fail to account for the full breadth of the language Congress used in
section 1024(b)(7)(C). As the Bureau has explained,381 the term “obligations” in section
1024(b)(7)(C) encompasses “anything that a person is bound to do or forbear from doing,”

12 U.S.C. 5514(b)(7)(C).

See 88 FR 6088 at 6091, 6093, 6125.

See 88 FR 6088 at 6093.

including duties “imposed by law, contract, [or] promise.”382 Contrary to commenters’
suggestion, the term “obligations” is not limited to financial requirements related to solvency.
Similarly, “legitimate entities” is a broad phrase encompassing an inquiry into whether an entity
takes seriously its duty to “[c]omply[] with the law.”383
Commenters also lose sight of the purposes of the Bureau’s supervisory program, which
are “assessing compliance with the requirements of Federal consumer financial law”; “obtaining
information about the activities and compliance systems or procedures” of entities subject to
Bureau supervision; and “detecting and assessing risks to consumers and to markets for
consumer financial products and services.”384 The authority that Congress granted to the Bureau
in CFPA section 1024(b)(7) must at least be sufficiently expansive to allow the Bureau to issue
rules aimed at achieving the supervisory objectives listed in CFPA section 1024(b)(1).
According the terms “obligations” and “legitimate entities” in section 1024(b)(7)(C) their full
breadth—rather than artificially restricting them, as commenters propose, to addressing limited
issues like solvency—is most consistent with achieving the congressionally stated purposes of
supervision, including “assessing compliance with the requirements of Federal consumer
financial law.”385
In accordance with the expansive language that Congress used in section 1024(b)(7)(C),
the Bureau finalizes its conclusion that section 1024(b)(7)(C) provides authority for § 1092.204.

Obligation, Black’s Law Dictionary (11th ed. 2019).

Legitimate, Black’s Law Dictionary (11th ed. 2019) (“[c]omplying with the law; lawful”); accord Legitimate,
Webster’s Second New International Dictionary (1934) (defining “legitimate” as “[a]ccordant with law or with
established legal forms and requirements; lawful”); Legitimate, Webster’s Third New International Dictionary
(1981) (similar).
384

12 U.S.C. 5514(b)(1).

12 U.S.C. 5514(b)(1)(A).

Section 1092.204(a) Scope of Annual Reporting Requirements
Proposed Rule
Proposed § 1092.203(a) would have provided that the proposed section would apply only
with respect to covered orders with an effective date (as that term was defined at proposed
§ 1092.201(f)) on or after the nonbank registration system implementation date for proposed
§ 1092.203.
This section would have applied only to certain larger supervised entities.386 The Bureau
preliminarily concluded that the reporting requirements set forth in the section—which focused
specifically on larger supervised entities’ compliance with the orders registered pursuant to
§ 1092.202—should apply only prospectively to those covered orders with an effective date on
or after the NBR implementation date for proposed § 1092.203. The Bureau explained that the
prospective application of § 1092.203 would have ensured that entities faced with enforcement
actions that might result in covered orders could take § 1092.203’s requirements into account in
their decision-making. While the Bureau did not believe that compliance with proposed
§ 1092.203’s requirements would materially affect an entity’s decision-making about how to
respond to a prospective enforcement action—as discussed in further detail in section VII of the
proposal, for the vast majority of entities, the Bureau generally did not anticipate any of the
proposed rule’s reporting and publication requirements imposing meaningful burden either
operationally or on their bottom line—the Bureau proposed this provision out of an abundance of
caution. In addition, the Bureau explained that this limitation would have helped ensure that
supervised registered entities would be required to submit reports only after the nonbank
registration system implementation date.

The proposal would have excluded from the term “supervised registered entity” persons with less than $1 million
in annual receipts resulting from offering or providing all consumer financial products and services described in
12 U.S.C. 5514(a). As discussed in the section-by-section discussion of § 1092.201(q) above, in a revision to the
proposed rule, the Bureau is adopting an exclusion for persons with less than $5 million in annual receipts (as
defined) resulting from offering or providing all consumer financial products and services described in 12 U.S.C.
5514(a), as well as a clarification to this provision.
Comments Received
Commenters did not specifically address proposed § 1092.203(a). For comments
regarding the proposed written-statement requirements generally, including comments stating
that the Bureau lacks authority to impose such requirements and otherwise commenting on the
nature and scope of the requirements, see the discussion elsewhere in this section-by-section
discussion of § 1092.204.
Final Rule
For the reasons discussed in the description of the proposal above, the Bureau adopts
§ 1092.203(a) as proposed (renumbered as § 1092.204(a)), with certain changes for the reasons
described below.387 See the section-by-section discussion of § 1092.201(q) above for a
discussion of revisions to the definition of “supervised registered entity.”
Section 1092.204(a) describes the covered orders that are subject to § 1092.204’s writtenstatement requirements. The Bureau is finalizing three revisions to this paragraph (a). First, the
Bureau is finalizing an amendment to the proposal at § 1092.204(a)(1) that clarifies that
§ 1092.204 applies only with respect to covered orders with an effective date on or after the
“applicable” nonbank registry implementation date. This amendment reflects the addition of
§ 1092.206 to the final rule, which establishes nonbank implementation dates for different
categories of covered nonbanks subject to the final rule. As discussed in the section-by-section
discussion of § 1092.206 below, the Bureau is specifying the annual registration date in
§ 1092.206 of the final rule for each category of covered nonbank in order to provide greater
certainty and clarity to covered nonbanks as of the issuance of the final rule. Section 1092.204’s
written-statement requirements apply only with respect to covered orders with an effective date
on or after the nonbank registry implementation date that applies to the supervised registered
nonbank subject to the covered order, as provided in § 1092.206.

See also the section-by-section discussion of § 1092.101(e) above regarding the Bureau’s adoption of the revised
term “nonbank registry implementation date.”
Second, the Bureau is finalizing an amendment to the proposal at § 1092.204(a)(1) that
provides that final § 1092.204 shall apply only with respect to covered orders “as to which
information is provided or required to be provided under § 1092.202” (and that also have an
effective date on or after the applicable nonbank registry implementation date for § 1092.204).
This amendment clarifies that only covered orders that have been registered (or are required to
be registered) under § 1092.202 are subject to § 1092.204’s written-statement requirements. For
example, a supervised registered nonbank would not be required to comply with § 1092.204’s
written-statement requirements in cases where the applicable covered order has not been
registered (and was not required to be registered) under § 1092.202: 1) due to a stay or other
agency or court action; 2) because the later of the 90-day period following its applicable nonbank
registry implementation date or the effective date of the covered order as provided under
§ 1092.202 had not yet expired; or 3) where the supervised registered nonbank has exercised the
option to register an NMLS-published covered order under § 1092.203 instead of § 1092.202.
However, once the covered order is registered (or required to be registered) under § 1092.202,
the supervised nonbank must comply with § 1092.204 as applicable, subject to the other
provisions of the rule, including § 1092.202(f)’s provisions regarding submitting a final filing
upon termination of the covered order. See the section-by-section discussion of § 1092.204(d)
below regarding the scope of the written statements required by that section.
Third, the Bureau is finalizing a new paragraph at § 1092.204(a)(2) that provides that a
supervised registered entity is not required to comply with § 1092.204’s written-statement
requirements with respect to any NMLS-published covered order for which it chooses to comply
with the one-time registration option described in § 1092.203. This provision complements the
related provisions at § 1092.203(a) and (c), which also provide that a covered nonbank that is
identified by name as a party subject to a covered order may elect to comply with the one-time
registration option described in that section in lieu of complying with the requirements of
§ 1092.204.

Section 1092.204(b) Requirement to Designate Attesting Executive
Proposed Rule
Proposed § 1092.203(b) would have required a supervised registered entity subject to an
applicable covered order to annually designate as its attesting executive for purposes of proposed
subpart B its highest-ranking duly appointed senior executive officer (or, if the supervised
registered entity does not have any duly appointed officers, the highest-ranking individual
charged with managerial or oversight responsibility for the supervised registered entity) whose
assigned duties include ensuring the supervised registered entity’s compliance with Federal
consumer financial law, who has knowledge of the entity’s systems and procedures for achieving
compliance with the covered order, and who has control over the entity’s efforts to comply with
the covered order. The supervised registered entity would have been required annually to
designate one attesting executive for each covered order to which it is subject and for all
submissions and other purposes related to that covered order under proposed subpart B. The
supervised registered entity would have also been required to authorize the attesting executive to
perform the duties of an attesting executive on behalf of the supervised registered entity with
respect to the covered order as required in proposed § 1092.203, including submitting the written
statement described in proposed § 1092.203(d).
Criteria That an Attesting Executive Must Satisfy
For the reasons described in section IV(D) of the proposal, proposed § 1092.203(b)
would have provided that a supervised registered entity subject to a covered order described in
proposed § 1092.203(a) would generally be required to designate as its attesting executive for
purposes of proposed subpart B its highest-ranking duly appointed senior executive officer (i)
whose assigned duties include ensuring the supervised registered entity’s compliance with
Federal consumer financial law, (ii) who has knowledge of the entity’s systems and procedures
for achieving compliance with the covered order, and (iii) who has control over the entity’s
efforts to comply with the covered order. If the supervised registered entity has no duly

appointed officers, proposed § 1092.203(b) would have required the entity to designate as its
attesting executive the highest-ranking individual charged with managerial or oversight
responsibility for the supervised registered entity who meets those three criteria.
As explained below in the discussion of proposed § 1092.203(d), the Bureau proposed
that the attesting executive would sign a written statement submitted by the supervised registered
entity regarding the entity’s compliance with covered orders. The Bureau believed that proposal
would have the benefit of ensuring that the supervised registered entity’s reporting obligations
under proposed § 1092.203 have received attention from the highest applicable level of a
supervised registered entity’s management. The Bureau proposed the criteria in proposed
§ 1092.203(b) in order to ensure that the person who attests and signs the written statement has
sufficient authority and access to all the relevant company stakeholders to ensure that the report
is as complete and accurate as possible. The Bureau believed that the language of proposed
§ 1092.203(b) would have ensured that the supervised registered entity designates an
appropriately high-ranking employee as its attesting executive. The Bureau believed that such a
person will be in the best position to know all relevant information with respect to the order, and
to provide a reliable attestation in the written statement regarding the entity’s compliance with
the covered order.
The Bureau anticipated that this individual will in most cases likely be a top senior
executive of the entity. For entities that are not organized as corporations, and thus may not have
duly appointed officers, proposed § 1092.203(b) would have clarified that the attesting executive
may be another individual who is charged with managerial or oversight responsibility for the
supervised registered entity. The Bureau anticipated that this individual would in most cases
serve in a capacity equivalent to a high-ranking senior executive at a corporation. For example,
the Bureau noted, a supervised registered entity organized as a limited liability company that is
run by an individual managing member and lacks executive officers may designate the managing
member as its “attesting executive,” where the managing member’s assigned duties include

ensuring the supervised registered entity’s compliance with Federal consumer financial law and
the managing member has the requisite knowledge and control as described in proposed
§ 1092.203(b). Likewise, the Bureau further noted, a supervised registered entity organized as a
general or limited partnership may designate an individual partner who otherwise satisfies the
requirements set forth in proposed § 1092.203(b). The use of the term “executive” was not
intended to preclude the designation of such persons as “attesting executives” where the
supervised registered entity otherwise lacks a senior executive officer who satisfies proposed
§ 1092.203(b)’s requirements.
The Bureau anticipated that entities would take appropriate steps to ensure compliance
with the proposed rule in the event that an executive leaves employment or changes duties, or a
higher-ranking executive is put in place. For example, the Bureau explained, a supervised
registered entity might consider designating an alternate attesting executive for each covered
order to address such possibilities, including by ensuring that they have sufficient knowledge of
the entity’s systems and procedures for achieving compliance with the applicable covered
order(s) and control over the entity’s efforts to comply with the covered order(s).
The proposal would have also required that the supervised registered entity designate as
its attesting executive for a covered order a person who has knowledge of the entity’s systems
and procedures for achieving compliance with the covered order. The Bureau anticipated that
this requirement would help ensure that the annual written statement is completed by an
individual with sufficient knowledge of the entity’s systems and procedures for achieving
compliance to make the written statement required by proposed § 1092.203(d). The Bureau
expected that an executive who lacked knowledge of those compliance systems and procedures
would not be in the best position to identify violations of the order. Therefore, the Bureau
believed that without the proposed knowledge requirement, the attestation proposed at
§ 1092.203(d)(2) would lose much of its usefulness.

Proposed § 1092.203(b) would have also required that the attesting executive be required
to have control over the entity’s efforts to comply with the covered order. By this requirement,
the Bureau meant to require that the executive have the ability, under the entity’s existing
compliance systems and procedures, to direct and supervise the entity’s efforts to comply with
the applicable covered order. The Bureau explained that this proposed requirement would
complement the knowledge requirement discussed above, since the Bureau believed an executive
with control over the entity’s efforts to comply with the covered order would be more likely also
to have (and to demand) the requisite knowledge regarding the entity’s related compliance
systems and procedures. The Bureau noted that it is possible that an executive with knowledge
of an entity’s related compliance systems and procedures, but who does not have control over the
entity’s efforts to comply with an applicable covered order, would not have been fully informed
regarding violations of the order. The Bureau further explained that it would also be able to use
information regarding which executives have control of the entity’s efforts to comply with
specific covered orders in connection with its supervisory reviews of the entity’s compliance
systems and procedures, compliance with Federal consumer financial law, and risks to
consumers and markets.
In addition, the Bureau expected that the proposal’s requirements to designate an
attesting executive who has knowledge of the entity’s systems and procedures for achieving
compliance with its covered orders, and who has control over the entity’s efforts to comply with
its covered orders, would create an additional incentive for certain entities to comply with their
obligations to consumers. The Bureau believed that most supervised registered entities would
comply with covered orders even without the proposal. However, the Bureau believed that these
requirements would motivate additional compliance efforts at certain entities that have failed to
take adequate steps to comply with the order. The Bureau also believed that if a particular
executive is identified to the Bureau as the person ultimately accountable for ensuring
compliance with a covered order, the clear delineation of that executive’s responsibility would

prompt the executive to focus greater attention on ensuring compliance, which in turn would
increase the likelihood of compliance.
In addition, the Bureau anticipated that obtaining information about which senior
executive officer(s) at a supervised registered entity have knowledge of the entity’s systems and
procedures for achieving compliance with specific covered orders, and who have control over the
entity’s efforts to comply with those covered orders, would facilitate the Bureau’s ability to
identify situations in which individual executives have recklessly disregarded, or have actual
knowledge of, the entity’s violations of covered orders. The Bureau believed that this
information would better enable the Bureau to identify risks to consumers related to such orders
and the entity’s compliance systems and procedures, and to take steps to address such risks
through its supervisory or other authorities. Where the applicable covered order is a Bureau
order, the Bureau believed such information will also facilitate the Bureau’s efforts to assess
compliance with the order and to make determinations regarding any potential related Bureau
supervisory or enforcement actions. For example, the Bureau noted, where information obtained
under proposed § 1092.203 indicates that a high-ranking executive has knowledge of (or has
recklessly disregarded) violations of legal obligations falling within the scope of the Bureau’s
jurisdiction, and has authority to control the violative conduct, the Bureau could use that
information in assessing whether an enforcement action should be brought not only against the
nonbank covered person, but also against the individual executive.
The Bureau noted that in developing this proposal, it considered various options other
than requiring entities to designate a senior executive officer as an attesting executive. The
Bureau considered permitting entities to designate lower ranking individuals whose assigned
duties include ensuring the supervised registered entity’s compliance with Federal consumer
financial law and who possessed sufficient knowledge and control to provide a written statement
under proposed § 1092.203. However, the Bureau believed that requiring entities to designate
their highest-ranking executive officer would better help ensure that all relevant information was

considered when submitting the written statement. In addition, because the attestation that
would have been provided under proposed § 1092.203(d)(2) would be subject to the knowledge
of the attesting executive, the Bureau believed this requirement would help enhance the
reliability of that attestation, and thus the accuracy of the written statement. The Bureau noted
that lower-ranking managers at the entity might not be aware of all relevant facts. Also, the
Bureau believed that the designation requirement would provide an important piece of
information regarding the organizational structure of an entity’s compliance management
system—namely, the identity of the entity’s highest-ranking executive whose assigned duties
include ensuring the supervised registered entity’s compliance with Federal consumer financial
law, and who has the requisite level of knowledge and control. The Bureau believed that this
information would be valuable to the Bureau’s understanding of the supervised registered
entity’s compliance systems and procedures and its organization, business conduct, and activities
subject to the covered order. The Bureau concluded that such information would have informed
the Bureau’s functions, including its use of its supervisory and enforcement authorities.
As another alternative to imposing this requirement, the Bureau noted that it might
instead require the entity to appoint an individual with a given title—for example, the entity’s
Chief Compliance Officer (CCO), or equivalent. However, the Bureau observed that it did not
have comprehensive information regarding the organizational structures of the entities it
supervises, and the Bureau expected that many supervised registered entities may have
organizational structures that do not provide for a CCO or other officer title. The Bureau
believed that the proposed requirement to designate the entity’s highest-ranking executive who
satisfies the specified criteria would help ensure that an appropriately high-level individual was
designated but would retain flexibility to accommodate a range of entity organizational
structures. And as discussed above, the Bureau believed that requiring the entity to designate its
attesting executive for each covered order would provide the Bureau with information regarding

the entity, including its compliance systems and procedures and its organization, business
conduct, and activities subject to the covered order.
As another alternative to the approach proposed in § 1092.203(b), the Bureau explained
that it might require supervised registered entities to obtain a review or audit by an independent
third-party consultant of the entities’ written statements and the facts underlying the written
statements. However, the Bureau believed that this alternative would impose costs on the entity
that would largely be avoided by the proposal’s requirement to designate an attesting executive
already providing services to the entity and would require the Bureau to impose controls on such
reviews in order to ensure their usefulness. In addition, this alternative would not have provided
the Bureau with the information regarding the entity described above.
Requirement to Designate an Attesting Executive for Each Covered Order on an Annual Basis
Proposed § 1092.203(b) would have required a supervised registered entity to annually
designate one attesting executive for each applicable covered order to which it is subject and for
all submissions and other purposes related to that covered order under proposed subpart B. The
Bureau believed that requiring a supervised registered entity to designate an attesting executive
for each covered order would facilitate the Bureau’s supervision of the supervised registered
entity by, among other things, facilitating the Bureau’s supervisory communications with the
supervised registered entity regarding the covered order, including any related supervisory
concerns. The Bureau would have also been able to contact the attesting executive with
questions and to understand how the executive’s responsibilities relate to the entity’s obligations
under its covered orders. The Bureau also believed that by requiring the entity to designate its
attesting executive(s) on an annual basis, the proposal would have better enabled the Bureau to
understand the reporting relationships within the entity and the entity’s compliance systems and
procedures. The Bureau thus believed that this proposed designation requirement would help
ensure compliance with the proposed rule, facilitate the Bureau’s supervision of the supervised

registered entity, help the Bureau assess and detect risks to consumers, and help ensure that the
entity is legitimate and able to perform its obligations to consumers.
The Bureau expected that under most circumstances, a supervised registered entity would
designate one single individual as its attesting executive for all of the covered orders to which it
is subject. However, the Bureau noted, there may be situations in which there is no one senior
executive officer with the requisite knowledge of the entity’s systems and procedures for
achieving compliance with all of the covered orders to which the entity is subject, and who has
control over the entity’s efforts to comply with those orders. In such a case, the Bureau proposed
that the entity could designate different attesting executives for the covered orders. By requiring
a supervised registered entity to designate one attesting executive for each covered order
described in proposed § 1092.203(a) to which it is subject, proposed § 1092.203(b) would have
enabled the Bureau to better identify such situations.
Comments Received
See the beginning of the section-by-section discussion of § 1092.204 for a discussion of
certain comments received regarding the Bureau’s legal authority to impose the final rule’s
written-statement requirements.
Industry commenters and the joint comment from State regulators generally opposed the
imposition of the rule’s written-statement requirements. Commenters stated that the proposed
requirements were unnecessary, onerous, and vague, would add little to no value to the Bureau
fulfilling its objectives, and would be unlawful and drive up compliance costs. An industry
commenter stated that the proposed requirements were extreme and an attempt to trap and
embarrass companies and their executives. Industry commenters stated that the proposed
written-statement requirements would not further the purpose of the proposal.
Industry commenters stated that the proposed written statements were more burdensome
than described, and that the proposal did not adequately explain the benefits of the writtenstatement requirements. Industry commenters expressed concern that the written-statement

requirements would harm consumers by discouraging qualified individuals from seeking
employment with nonbanks, and stated that the Bureau should reconsider the cost and impact
that would be associated with the written-statement requirements in harming hiring by
supervised registered entities and in discouraging applicants. The SBA Office of Advocacy
stated that the Bureau had failed to support its claims that few entities would lack a qualified
executive, and to provide information about the costs that would be incurred to obtain a qualified
executive to perform the duties required.
Industry commenters stated that proposed § 1092.203(b)’s requirements to designate an
attesting executive for each covered order were unfair, because the proposed designation
requirement served only as a shaming tool and appeared to place sole responsibility for
compliance on the attesting executive. However, a consumer advocate commenter stated that the
Bureau would be able to make clear that the attesting executive is not necessarily an at-fault
individual. An industry commenter stated that no other industry seeks to impose liability upon
corporate executives acting in a corporate capacity, and that under the proposal such liability
would be unlimited. Industry commenters stated that the proposed requirement to designate an
attesting executive for each covered order did not reflect real-world situations and how
companies actually manage risk, and would inappropriately signal that other persons are less
responsible for the supervised registered entity’s compliance with the covered order. Industry
commenters also stated that proposed § 1092.203(b)’s requirements to designate an attesting
executive for each covered order were in conflict with the Bureau’s existing guidance stating that
an institution’s board of directors or other principals are ultimately responsible for the
institution’s compliance management, and that designation of an attesting executive would
encourage the mistaken notion that compliance is the sole responsibility of that individual.
The proposal indicated that the Bureau was considering adopting a requirement that the
attesting executive attest that, in the executive’s professional judgment, the entity’s compliance
systems and procedures are reasonably designed to detect violations of the applicable covered

order and ensure that such violations are reported to the attesting executive.388 An industry
commenter stated that this alternative requirement would contribute to the impression that the
compliance burden rests solely with the attesting executive.
An industry commenter stated that designation of an attesting executive would serve no
purpose for closely held entities.
Industry commenters stated that the rule, including the proposed written-statement
requirements, should apply prospectively only.
Response to Comments Received
See the beginning of the section-by-section discussion of § 1092.204 for a discussion of
the Bureau’s response to certain comments received regarding the Bureau’s legal authority to
impose the final rule’s written-statement requirements. As explained in that discussion,
§ 1092.204’s written-statement requirements are appropriate and lawful and will serve the
purposes identified in CFPA section 1024(b)(7)(A)-(C) and the goals of the final rule.
See part VIII for discussion of comments related to the economic costs and benefits
associated with § 1092.204’s written-statement requirements, including costs related to hiring
and discouraging qualified applicants from seeking employment with supervised registered
entities. As described in that analysis, the Bureau concludes that the requirements imposed by
the final rule’s written-statement requirements will impose only modest costs on entities beyond
the costs entities are already incurring to ensure compliance with covered orders. The Bureau is
finalizing an exception to the written-statement requirements for NMLS-published covered
orders, as discussed in part IV(E) and the section-by-section discussion of § 1092.203, which
will reduce overall costs to industry as discussed in part VIII.
As part of its mandate to ensure that markets for consumer financial products are fair,
transparent, and competitive,389 the Bureau is committed to applying the law and regulations

88 FR 6088 at 6126.

See 12 U.S.C. 5511(a).

fairly and equitably across all persons subject to its authority. The Bureau believes the written
statement is a fair approach to obtaining important information about covered orders from
supervised registered entities. The Bureau disagrees with the industry commenters that
§ 1092.204(a)’s requirement to designate an attesting executive for each covered order represents
an unfair attempt to place responsibility on individual attesting executives for violations of
covered orders, or to impose unlimited accountability on individual executives in an
unprecedented manner. The final rule does not establish any new standards, or alter any existing
standards, regarding individuals’ liability for supervised registered entities’ violations of covered
orders or other legal obligations. Nor does the final rule alter which agencies have jurisdiction to
enforce the obligations imposed in covered orders or the scope of agencies’ discretion to
determine whether to bring such enforcement actions. Any individual accountability in
connection with violations of covered orders shall continue to be determined in accordance with
existing law. The final rule also does not affect the Bureau’s existing approach to its supervisory
responsibilities, including the manner in which the Bureau assesses board and management
oversight at supervised registered entities.390
As described in the proposal, § 1092.204(b) establishes requirements for the supervised
registered entity’s designation of its attesting executive(s) to ensure that the person who signs the
written statement has sufficient authority and access to all the relevant company stakeholders to
ensure that the report is as complete and accurate as possible.391 Those requirements are
intended to serve the information-collection purposes of the rule by helping to ensure the
accuracy and usefulness of the written statement. As stated in the proposal,392 the Bureau also
believes these requirements will create an additional incentive for certain entities to comply with

See, e.g., Federal Financial Institutions Examination Council, Uniform Interagency Consumer Compliance
Rating System, 81 FR 79473, 79478 (Nov. 14, 2016) (discussing assessment by agency examiners of Board and
management oversight).
391

88 FR 6088 at 6121-22.

Id. at 6122.

their obligations to consumers. These requirements are specific to the rule. As the Bureau
explained in the proposal,393 the final rule does not establish any minimum level of compliance
management or expectation for compliance systems and procedures. Further, aside from the
targeted designation, written-statement, and recordkeeping requirements in § 1092.204(b)
through (e), the final rule does not impose any requirements on any of the entity’s internal
affairs, or require any particular approach of allocating responsibility for complying with
covered orders or with the law generally. The Bureau understands that compliance management
at supervised registered entities will likely be managed differently from entity to entity and that
compliance management systems will and should be adapted to a supervised registered entity’s
business strategy and operations. The final rule does not purport to impose any restrictions on
the manner in which supervised registered entities address such matters.
In the proposal, the Bureau explained that, because—in the Bureau’s experience—most
supervised entities take active steps to comply with covered orders, they would likely already
have in place an officer or employee who could satisfy the § 1092.204(b) criteria.394 For similar
reasons, the Bureau believed that most supervised entities would have in place systems and
procedures to help them achieve compliance with covered orders to which they are subject.395
Therefore, the Bureau believed that few supervised entities would need to make significant
changes to their compliance systems to comply with § 1092.204.396 Despite the Bureau’s request
for comment on the issue, no commenter provided persuasive evidence that § 1092.204(b)’s
designation requirement likely would impose material additional costs on a substantial number of
supervised registered entities, beyond the costs those entities are already likely to incur as part of
fulfilling their obligations under the covered orders to which they are subject. For additional

Id. at 6100.

See 88 FR 6088 at 6132.

See id. at 6133.

See id. at 6132-33.

discussion about these and other potential costs associated with this provision, see parts VIII and
IX.
In the proposal,397 the Bureau described the attesting executive as “identified to the
Bureau as the person ultimately accountable for ensuring compliance with a covered order.”
This description was merely intended to reflect § 1092.203(b)’s requirements regarding the
designation of the highest-ranking individual charged with managerial or oversight responsibility
for the supervised registered entity who meets the three criteria established in that section. To be
clear, the final rule does not affect the Bureau’s long-standing guidance for supervised registered
entities organized as corporations that the board of directors is ultimately responsible for
developing and administering a compliance management system that ensures compliance with
Federal consumer financial laws and addresses and minimizes associated risks of harm to
consumers.398 In a supervised registered entity organized under a non-corporate form, that
ultimate responsibility may rest with a controlling person or some other arrangement. The
Bureau understands that compliance management at supervised registered entities will likely be
managed differently from entity to entity and that compliance management systems will and
should be adapted to a supervised registered entity’s business strategy and operations.
Consistent with FFIEC guidance, Bureau examiners evaluate Board and management oversight
factors commensurate with the institution’s size, complexity, and risk profile.399 The Bureau
agrees that compliance is often the responsibility of many, and not just a single executive. The
final rule does not attempt to place such responsibility entirely on the shoulders of the entity’s
attesting executive.
Nevertheless, as stated in the proposal,400 the Bureau does believe that § 1092.204(b)’s
designation requirement will create an additional incentive for certain entities to comply with
Id. at 6122.

See CFPB Supervision and Examination Manual at CMR 3.

See, e.g., Uniform Interagency Consumer Compliance Rating System, 81 FR 79473 at 79480.

88 FR 6088 at 6122.

their obligations to consumers. The Bureau expects the requirement to designate a single
attesting executive for the covered order will prompt the executive to focus greater attention on
ensuring compliance, which in turn will increase the likelihood of compliance. Also, as stated in
the proposal,401 the Bureau intends to use the information submitted under § 1092.204 to
facilitate its efforts to assess compliance with any covered orders that may be enforced by the
Bureau, and to make determinations regarding any potential Bureau supervisory or enforcement
actions related to the covered order or any other identified risks to consumers. For example,
where information obtained under proposed § 1092.204 indicates that a high-ranking executive
has knowledge of (or has recklessly disregarded) violations of legal obligations falling within the
scope of the Bureau’s jurisdiction, and has authority to control the violative conduct, the Bureau
may use that information in assessing whether an enforcement action should be brought not only
against the nonbank covered person, but also against the individual executive. However, the
final rule itself does not impose any legal obligation on the attesting executive to ensure
compliance with any covered order.
The Bureau declines to finalize the proposed additional requirement described in the
proposal402 that would have required the attesting executive to attest that the entity’s compliance
systems and procedures are reasonably designed to detect violations of the applicable covered
order and ensure that such violations are reported to the attesting executive. The Bureau
disagrees with the industry commenter that a requirement that the executive attest to such matters
would contribute to the impression that the compliance burden rests solely with the attesting
executive. But the Bureau does not believe it is necessary at this time to require supervised
registered entities to submit such information on an annual basis, or to dedicate staff and other
Bureau resources to reviewing such submissions.

Id.

88 FR 6088 at 6126.

The Bureau believes it is appropriate even for closely held entities annually to designate
an attesting executive for each covered order. The designation requirement will serve the
information-collection purposes of the rule by ensuring that the person who signs the written
statement has sufficient authority and access to all the relevant company stakeholders to ensure
that the report is as complete and accurate as possible.403 These requirements are necessary even
for closely held entities. The Bureau may not regularly examine such entities, may not be aware
of the entity’s existence, and may not have adequate information about the entity’s structure or
operations; the designation requirement will help inform the Bureau regarding such matters. In
addition, the designation requirement will facilitate the Bureau’s efforts to assess compliance
with any covered orders that may be enforced by the Bureau, and to make determinations
regarding any potential Bureau supervisory or enforcement actions related to the covered order
or any other identified risks to consumers.
As for commenters’ requests that the rule’s written-statement requirements apply only
prospectively, they are in fact so limited. Section 1092.204’s written statement requirements
apply only prospectively to covered orders with an effective date after the nonbank registry
implementation date that is applicable to the supervised registered entity under § 1092.206.
Thus, a supervised registered entity will not be required to file written statements for any covered
order issued before late 2024, at the earliest. Moreover, as explained above, while some covered
orders with an effective date after the applicable nonbank registry implementation date might
relate to violations of covered laws committed before the final rule’s effective date, the Bureau
does not believe that the prospect of becoming subject to the written-statement requirements
would have had a significant marginal impact on a supervised registered entity’s decision
whether to engage in conduct that risked violating covered laws, given the negative
consequences already associated with committing such legal violations.404

See 88 FR 6088 at 6121-22.

See additional discussion of retroactivity concerns in the section-by-section discussion of § 1092.202(d) above.

Final Rule
The Bureau adopts § 1092.203(b) as proposed (renumbered as § 1092.204(b)) for the
reasons described above, with minor technical edits and certain changes and clarifications for the
reasons discussed below.
The first sentence of § 1092.204(b) in the final rule has been revised from the proposed
version to provide that the requirement to designate an attesting executive applies only as to
covered orders that are described in § 1092.204(a). The first sentence of § 1092.204(b) in the
final rule has also been revised from the proposed version to clarify, consistent with the approach
described in the proposal and the final rule, that under § 1092.204(b) a supervised registered
entity subject to a covered order described in § 1092.204(a) is required to designate an attesting
executive for each covered order to which it is subject.
Section 1092.204(c) Requirement to Provide Attesting Executive(s) with Access to Documents
and Information
Proposed Rule
Proposed § 1092.203(c) would have required a supervised registered entity subject to
proposed § 1092.203 to provide its attesting executive(s) with prompt access to all documents
and information related to the supervised registered entity’s compliance with all applicable
covered order(s) as necessary to make the written statement(s) required in proposed
§ 1092.203(d).
The Bureau believed that this proposed requirement would help ensure that the attesting
executive for an applicable covered order has timely access to the documents and information
needed to submit an informed and accurate written statement under proposed § 1092.203(d). A
supervised registered entity would not have been permitted to refuse or deny to its attesting
executive access to documents or information related to the supervised registered entity’s
compliance with the covered order. Under the proposed requirement, the Bureau would have
expected the attesting executive to have prompt access to all such documents and information,

notwithstanding, for example, any privileges that may apply to the documents and information,
or where or how the documents and information are stored.
The Bureau believed that this requirement would enhance the accuracy and usefulness of
the written statement, which in turn would enhance the Bureau’s ability to supervise the entity
effectively, assess and detect risks to consumers, and ensure the entity is legitimate and able to
perform its obligations to consumers. The Bureau requested comment on the need for this
requirement and whether other requirements, modifications, or amendments to proposed
§ 1092.203(c) should be considered in order to ensure the accuracy and usefulness of the written
statement.
Comments Received
Commenters did not specifically address proposed § 1092.204(c).
Final Rule
For the reasons set forth in the description of the proposal above, the Bureau adopts
§ 1092.203(c) as proposed (renumbered as § 1092.204(c)).
Section 1092.204(d) Annual Requirement to Submit Written Statement to the Bureau for Each
Covered Order
Proposed Rule
Proposed § 1092.203(d) would have required, on or before March 31 of each calendar
year, that the supervised registered entity submit to the NBR system, in the form and manner
specified by the Bureau, a written statement with respect to each covered order described in
proposed § 1092.203(a). In the written statement, the attesting executive would have been
required to provide a summary description of the executive’s efforts to review and oversee
compliance with the applicable order, and to attest regarding the entity’s compliance with the
order. Proposed § 1092.203(d) would have required the written statement to be signed by the
supervised registered entity’s attesting executive.

Proposed § 1092.203(d)(1) would have required the written statement to contain a
general summary description of the steps, if any, the attesting executive has undertaken to review
and oversee the supervised registered entity’s activities subject to the applicable covered order
for the preceding calendar year. This proposal was intended to provide information to the
Bureau regarding the compliance monitoring efforts that have been undertaken by the executive
during the applicable time period in connection with the order. The proposed rule would not
have established any minimum procedures or otherwise specified the steps the executive must
take to review and oversee the entity’s activities. Instead, the proposed rule would have required
only that the executive provide the Bureau with a general description of the steps the executive
has already taken in this regard. The Bureau believed that this information would enhance the
usefulness of the written statement by providing valuable context regarding the basis of the
attesting executive’s knowledge and by assisting the Bureau with determining the degree to
which the Bureau may rely on the written statement. The Bureau believed that this information
would be useful because the proposal would not by itself establish minimum requirements
regarding the attesting executive’s review and oversight of the entity’s activities.
Proposed § 1092.203(d)(2) would have required the attesting executive to attest whether,
to the attesting executive’s knowledge, the supervised registered entity during the preceding
calendar year identified any violations or other instances of noncompliance with any obligations
that were imposed in a public provision of the covered order by the applicable agency or court
based on a violation of a covered law. The attestation would have been provided subject to the
attesting executive’s knowledge. As discussed above with respect to proposed § 1092.203(b)
and proposed § 1092.203(c), the Bureau anticipated that the attesting executive would have
adequate knowledge of the entity’s systems and procedures for achieving compliance with the
covered order to provide a useful attestation.
The written statement described in the proposal would have addressed violations and
other instances of noncompliance with obligations that are “based on” a violation of a covered

law. For purposes of this proposed requirement, the Bureau explained that an obligation would
have been “based on” an alleged violation where the order identifies the covered law in question,
asserts or otherwise indicates that the covered nonbank has violated it, and imposes the
obligation on the covered nonbank as a result of the alleged violation.405 This would have
included, for example, obligations imposed as “fencing-in” or injunctive relief, so long as those
obligations were imposed at least in part as a result of the entity’s violation of a covered law.
The proposed written statement would have also needed to address, for example, any obligation
imposed as part of other legal or equitable relief granted with respect to the violation of a
covered law, as well as any obligation imposed in order to prevent, remedy, or otherwise address
a violation of a covered law, or the conditions resulting from such violation. The Bureau
explained that, as discussed elsewhere in the proposal, an order may identify a covered law as the
legal basis for the obligations imposed by referencing another document, such as a written
opinion, stipulation, or complaint, that shows that a covered law served as the legal basis for the
obligations imposed in the order. The Bureau proposed this approach because an order may
satisfy the proposed definition of “covered order” but nonetheless contain provisions that are
entirely unrelated to covered laws. This element of the requirement in proposed
§ 1092.203(d)(2) was intended to exclude such provisions that are entirely unrelated to violations
of covered laws.
The supervised registered entity would have been required to state whether it has or has
not identified instances of noncompliance with respect to each covered order. If no such
instances of noncompliance have been identified, the supervised registered entity would have
been required to so state. The proposed rule would not have established any minimum
procedures or otherwise imposed or specified steps a supervised registered entity must take in

As in the context of proposed § 1092.201(e)(4), the Bureau explained that an obligation imposed based on
multiple violations, some of covered laws and some of other laws, would qualify as an “obligation[] . . . based on an
alleged violation of a covered law” within the meaning of proposed § 1092.203(d)(1), even if the violations of the
non-covered laws would themselves have sufficed to warrant the imposition of the obligation.
order to review or monitor compliance with each covered order.406 Instead, the proposed rule
would merely have required supervised registered entities to report violations and
noncompliance that they had already identified in the course of their own compliance reviews
and assessments. The Bureau believed that supervised registered entities likely already conduct
reviews to determine their compliance with covered orders, and those reviews would assist in
completing the required written statements. The Bureau did not expect the proposal to amend or
affect any review, reporting, or recordkeeping requirement contained in any covered order or
other provision of law.
While proposed § 1092.203(d) would have required the written statement to be signed by
the supervised registered entity’s attesting executive, it would not have required the attesting
executive to submit a statement subject to the penalty of perjury. Nevertheless, the Bureau noted
that knowingly and willfully filing a false attestation or report with the Bureau may be subject to
criminal penalties.407 The Bureau believed that the signature requirement, and the consequent
potential for criminal liability where a knowingly false attestation is made, would be likely to
deter attesting executives from submitting written statements that are incorrect or based on
incomplete or otherwise inadequate information. The Bureau explained that this requirement
should significantly enhance the accuracy and usefulness of the written statement.
Comments Received
Commenters objected to the proposed annual requirement to submit a written statement
to the Bureau for each covered order, and to the type of information that the proposal would
require a supervised registered entity to submit. Industry commenters stated that the written
statement to be submitted under proposed § 1092.204(d) would require proving to the Bureau
that the entity had complied with applicable law. Industry commenters expressed concern with

As discussed elsewhere in the proposal, the Bureau expected that some supervised registered entities might
bolster their compliance efforts in response to the proposal.
407

See 18 U.S.C. 1001.

the Bureau’s statement in the notice of proposed rulemaking408 that the proposed requirement for
the attesting executive to sign the written statement, and the consequent potential for criminal
liability where a knowingly false attestation is made, would be likely to deter attesting executives
from submitting written statements that are incorrect or based on incomplete or otherwise
inadequate information. Commenters referred or alluded to this statement in the proposal in
expressing concern that an incorrect or false written statement would be punishable, and stated
that a single individual could not hold first-hand knowledge sufficient to ensure compliance with
a covered order. An industry commenter stated that the proposal seemed to conflate “knowingly
and willfully” with the making of an incorrect statement or a statement based on incomplete or
otherwise inadequate information, and stated that the Bureau’s discussion of 18 U.S.C. 1001 was
misleading and caused confusion as to what standard would apply to the attestation.
Commenters stated that the proposed written-statement requirements were vague and
unclear, so executives and supervised registered entities would be required to guess what the
Bureau expects in terms of compliance. Commenters stated that the Bureau must unambiguously
articulate the obligations of supervised registered entities and attesting executives under the rule,
including the potential liability and intent standards. Industry commenters further suggested that
such assertedly vague requirements represented an attempt at “regulation by enforcement” by the
Bureau.
An industry commenter stated that the proposed requirement to attest regarding past
violations was incompatible with constitutional due process, since a court might subsequently
determine, after the executive had submitted a written statement, that an applicable violation had
in fact occurred. The commenter expressed concern that such a development would lead to
retroactive liability for the attesting executive.

See 88 FR 6088 at 6125.

An industry commenter stated that the proposal would have required the submission of an
absolute statement, which in the commenter’s view would be unreasonable, and stated that the
required written statement should include materiality and reasonableness standards—for
example, to provide that the entity had not identified any material violations, and that the
statement was based on a reasonable and good-faith review of the material information.
Industry commenters and a joint comment by State regulators stated that the proposed
written statement requirement was jurisdictional overreach by the Bureau and an unauthorized
attempt to enforce laws that the Bureau does not enforce. Commenters also stated that the
issuing agency (or court), and not the Bureau, should monitor and establish compliance
guidelines related to the covered order.
A joint comment by State regulators asserted that the proposed written-statement
requirements would complicate and frustrate attempts by the States to enforce Federal consumer
financial law, and stated that such requirements would be onerous, duplicative, and unnecessary,
and may ultimately weaken the original regulatory action and order. This comment and industry
commenters also stated that the proposed written-statement requirements would create
contradictory reporting obligations, since covered orders themselves contain reporting provisions
and the agencies that issue or obtain such orders will also be monitoring compliance.
Commenters stated that in lieu of the proposed written-statement requirements, the
Bureau should rely on similar attestations submitted to the NMLS, including the NMLS Form
MU1, where applicable. The joint comment letter from State regulators stated that established
information-sharing memorandums of understanding and supervisory coordination protocols
provide the most effective and straightforward means for the Bureau and State regulators to raise
concerns and identify potential instances of recidivism at supervised registered nonbanks.
An industry commenter stated that the registry should provide supervised registered
entities with an opportunity to supplement their written statements with relevant ameliorating
information, such as remediation paid or steps taken.

A joint comment by industry commenters stated that the proposal failed to consider
downsides to the written-statement requirements, and that the Bureau had failed to provide an
adequate explanation of the basis of its belief that those requirements would achieve their
claimed benefits or the scale of any benefit to consumers.
An industry commenter stated that the requirement that would have been imposed under
proposed § 1092.203(d)(1) to “[g]enerally describe the steps that the attesting executive has
undertaken to review and oversee the supervised registered entity’s activities subject to the
applicable covered order for the preceding calendar year” may exceed the reporting requirements
of the underlying covered order, multiplying the burden imposed by that order. Another industry
commenter stated that this requirement would not provide an adequate, accurate description of
the compliance framework and that the Bureau could instead simply obtain this information
through its normal supervisory process. This commenter also stated that obtaining this
information via the proposed registry would put confidential supervisory information at risk.
Other industry commenters stated the Bureau should detail how it will safeguard written
statement information against data breach.
An industry commenter stated that the proposed registry should not require disclosure of
information protected by the attorney-client privilege.
Commenters stated that the proposed written-statement requirements would have a
significant chilling effect on the hiring and retention of senior executives and could discourage
competent individuals from serving in such roles, raising costs and potentially harming
consumers.
An industry commenter suggested that the proposed written-statement requirements
would raise First Amendment concerns related to compelled speech, and an individual
commenter expressed concerns regarding the proposal’s implications for free speech.

An industry commenter stated that the proposed written statements would be redundant
because the applicable covered order, if issued under consent, would already have been signed
by a company officer.
An industry commenter stated that the attestation described at proposed § 1092.203(d)(2)
should not be made by an executive but by the supervised registered entity itself. An industry
commenter stated that the proposed written statement would inappropriately substitute individual
liability for the company’s liability, contrary to longstanding corporate legal tenets regarding
piercing the corporate veil.
Industry commenters stated that the proposed written statements would cause supervised
registered entities to place undue emphasis on compliance with covered orders to the detriment
of their other compliance responsibilities, distorting compliance programs at such entities,
imposing unwarranted burden, and harming consumers.
Industry commenters stated that the proposed written-statement requirements should not
include any representations about compliance with covered orders issued under State laws. In
particular, these commenters suggested that because many covered orders require ongoing
compliance with State UDAP laws, and because those laws are very broad and cover a wide
range of activities, it would be impossible for attesting executives to be certain that the
supervised registered entity had not violated such a covered order. Commenters stated that the
Bureau has no legitimate interest in requiring written statements regarding compliance with such
laws.
More generally, commenters stated that the proposed written-statement requirements
were unfair because it would be impossible for an executive to attest that the supervised
registered entity had not committed any violations of the applicable covered order, especially
since such orders often cover a wide range of broad laws, including UDAAP laws.
In the proposal, the Bureau stated that it was “also considering adopting a requirement
that the written statement contain a short description of the entity’s compliance systems and

procedures relating to the covered order, including a description of the processes for notifying
the attesting executive regarding violations or other instances of noncompliance with the
order.”409 The Bureau stated that it “expects that many executives may choose to provide such
information in the summary narrative portion of the written statement required in proposed
§ 1092.203(d)(1), as part of describing the steps that the attesting executive has undertaken to
review and oversee the supervised registered entity’s activities subject to the applicable covered
order,” but it sought “comment on whether to expressly require submission of such information
in the final rule.”410 One industry commenter, while stating that the Bureau should remove the
written-statement requirements altogether, argued in the alternative that if the Bureau did choose
to require a written statement it should take an approach similar to this proposed alternative.
Under the approach suggested by the industry commenter, the entity would be required to submit
a written statement to the effect that the entity’s overall compliance program is reasonably
designed to detect and prevent violations of all orders, and not just a particular covered order.
Another industry commenter stated that this proposed alternative would not alleviate the industry
commenter’s concerns about the proposal, would not provide an adequate, accurate description
of the compliance framework, and could risk revealing confidential information about the entity
or its compliance system or procedures.
Industry commenters stated that the proposal failed to identify benefits of the proposed
written-statement requirements that could not readily be achieved through the Bureau’s exercise
of its existing supervisory authorities with fewer negative consequences. These commenters
stated that the Bureau could gather sufficient information through its normal supervisory process.
A commenter stated that the Bureau could obtain more detailed and comprehensive information
about the entity’s compliance systems and procedures for complying with the order through the
supervisory process.

88 FR 6088 at 6126.

Id.

Tribe and industry commenters stated that for purposes of the written statement, orders
should not be considered “final” as provided under proposed § 1092.201(e) until all avenues of
appeal have been exhausted.
Response to Comments Received
Section 1092.204(d) does not require that the supervised registered entity demonstrate its
compliance with the covered order to the Bureau. The provision requires only that the
supervised registered entity indicate whether or not, to the knowledge of the attesting executive,
the supervised registered entity has identified any violations of applicable provisions of the
covered order. As stated in the proposal, knowingly and willfully filing a false attestation or
report with the Bureau may be subject to criminal penalties under other provisions of law outside
the final rule.411 But neither the final rule nor the existing legal obligations of individuals and
entities to be truthful in their attestations to the Bureau require attesting executives to
demonstrate compliance with covered orders. Section 1092.204(d)(2) requires only that the
executive attest (truthfully), to the executive’s knowledge, regarding whether the entity has
identified any applicable violations (or other instances of noncompliance). For example, an
attesting executive might attest truthfully that the entity has not identified a violation even if the
entity has in fact violated the order, so long as the entity has not identified that violation.
The proposal’s statement regarding the possibility of criminal penalties did not purport to
expand or otherwise affect the scope of an executive’s potential liability under existing criminal
law for submitting false statements to the Bureau. Nor does the final rule impose any
requirements regarding steps that an executive must take to review and oversee the supervised
registered entity’s activities subject to the applicable covered order. While the Bureau expects
See, e.g., 18 U.S.C. 1001. One industry commenter asserted, incorrectly, that the proposal would have required
the attesting executive to submit the annual written statement subject to the penalty of perjury. As stated in the
proposal, and as acknowledged by other commenters, proposed § 1092.203(d) would not have required the attesting
executive to submit a statement subject to the penalty of perjury. See 88 FR 6088 at 6125. The Bureau sought
comment on its proposal to require the attesting executive’s signature on the statement but not to require a statement
subject to the penalty of perjury. Commenters did not provide arguments in support of changing this approach, and
the Bureau finalizes § 1092.204(d) without requiring the attesting executive to submit a statement subject to the
penalty of perjury.
attesting executives to submit truthful statements under the final rule and believes that the
existence of other laws like 18 U.S.C. 1001 provides incentives in that regard, the final rule does
not purport to interpret provisions of criminal law (which are administered by agencies other
than the Bureau) or to identify particular circumstances under which an attesting executive
would become criminally liable for false statements.412
Nor, as discussed in the description of the proposal above, does the final rule itself
establish any minimum procedures or otherwise specify the steps the executive must take in
order to review and oversee the entity’s activities. Instead, § 1092.204(d)(1) requires only that
the executive provide the Bureau with a general description of the steps the executive has already
taken in this regard; this information will provide valuable context regarding the basis of the
attesting executive’s knowledge and will assist the Bureau with determining the degree to which
the Bureau may rely on the written statement. The attestation submitted under § 1092.204(d)(2)
is made subject to the attesting executive’s knowledge, as that knowledge exists. As discussed
above, based in part on the other written-statement requirements contained in § 1092.204, the
Bureau anticipates that the attesting executive will have adequate knowledge of the entity’s
systems and procedures for achieving compliance with the covered order to provide a useful
attestation.
The Bureau declines to modify the required contents of the written statement as provided
at § 1092.204(d)(1) and (2). The Bureau believes these provisions are sufficiently clear to
inform registered supervised entities and their attesting executives regarding their responsibilities
under the final rule. Section 1092.204(d)(1) requires that the attesting executive generally
describe the steps that the attesting executive has undertaken to review and oversee the
supervised registered entity’s activities subject to the applicable covered order for the preceding
calendar year. Section 1092.204(d)(2) requires that the attesting executive attest whether, to the

Note, however, that a supervised registered entity’s failure or refusal to make reports or provide information as
required under the final rule may violate civil laws administered by the Bureau, including not just the rule itself but
also 12 U.S.C. 5536(a)(2).
attesting executive’s knowledge, the supervised registered entity during the preceding calendar
year identified any violations or other instances of noncompliance with any obligations that were
imposed in a public provision of the covered order by the applicable agency or court based on a
violation of a covered law. If the executive knows of such identified violations, the executive
should so state; conversely, if the executive does not know of such identified violations, the
executive should so state. That is all these provisions of the final rule require.
The final rule does not require that the supervised registered entity prove its compliance
with the applicable covered order to the Bureau. Instead, the rule requires the attesting executive
to state whether the entity has identified applicable violations of the covered order. If an agency
or court were to subsequently determine that, contrary to the entity’s determination at the time of
the written statement, the supervised registered entity had in fact violated the covered order
during the relevant year, that determination would not establish that the entity’s attestation was
false. Thus, the rule does not impose a retroactive liability on supervised registered entities or
their attesting executives.
The Bureau believes that the written statement requirement is reasonable and declines to
impose materiality requirements as to the type of violations that must be declared. There is value
to the Bureau in knowing about any violation of existing orders, even violations that might be
characterized as “minor.” The covered order is in place because an agency or court has already
determined that issuing the order, and each of the provisions thereof, was appropriate to address
a violation by the supervised registered entity of a covered law. A subsequent violation of the
covered order is therefore a “second strike” that is probative of risk to consumers. The Bureau
believes that obtaining information about such matters through the written statement will
facilitate its supervisory activities and its assessment and detection of risks to consumers. In
addition, violation of any legally binding obligation may indicate that the entity lacks the
willingness or ability more generally to comply with its legal obligations, including its
obligations under the Federal consumer financial laws that the Bureau enforces. Thus, the

submission of information about such violations, even allegedly minor ones, will assist the
Bureau in ensuring that supervised registered entities are legitimate entities and are able to
perform their obligations to consumers.
The Bureau also declines to impose a reasonableness, good faith, or other standard
regarding the steps that the attesting executive has undertaken to review and oversee the
supervised registered entity’s activities subject to the applicable covered order. The final rule
does not impose any substantive requirements on supervised registered entities or attesting
executives regarding such steps. Thus, there is no need for the final rule to establish a standard
against which the Bureau will assess compliance with any such requirements. The Bureau
intends to review the summary narrative portion of the written statement required in
§ 1092.204(d)(1) for information regarding the executive’s review. In addition, § 1092.204(e)
imposes related recordkeeping requirements with respect to the preparation of the written
statement. The Bureau anticipates that these requirements will assist the Bureau in assessing the
reliability of the written statement.
For similar reasons, the Bureau declines to impose reasonableness or other standards with
respect to the entity’s efforts to identify applicable violations of covered orders. The final rule
does not impose any substantive requirements on supervised registered entities with respect to
such matters. For example, the final rule does not establish any minimum procedures or
otherwise impose or specify steps a supervised registered entity must take in order to review or
monitor compliance with any covered order. The Bureau will continue to assess such matters as
part of its normal supervisory process where applicable.
The Bureau disagrees that the written-statement requirements represent an attempt to
enforce the orders or laws that are administered by other agencies (or by courts). The writtenstatement requirements are intended to promote the Bureau’s own work by facilitating the
Bureau’s supervisory activities and its assessment and detection of risks to consumers, and by
ensuring that supervised registered entities are legitimate entities and are able to perform their

obligations to consumers. The Bureau is adopting these requirements for the purposes
established by Congress. The Bureau does not agree with commenters’ assertions that writtenstatement requirements to provide information about violations of a covered order constitute an
effort to enforce that order. The written statement required under § 1092.204(d) is not intended
to monitor compliance by supervised registered entities with covered orders for the purpose of
enforcing those orders. This part of the written statement is intended to provide the Bureau with
information regarding whether or not the entity violated the covered order during the preceding
year. As described at part IV, that information will facilitate the Bureau’s supervision of the
supervised registered entity, help the Bureau detect and assess risks to consumers, and help
ensure that supervised registered entities are legitimate entities and are able to perform their
obligations to consumers. However, the Bureau does not intend to, and does not assert any
authority to, enforce covered orders merely because of their covered order status. While certain
covered orders—such as the Bureau’s own orders—will be enforceable by the Bureau, others
will not be. The final rule will not affect whether the Bureau may enforce the terms of any
covered order.
Some commenters expressed concern that the Bureau is overextending its authority by
using the written-statement requirements in an effort to enforce State law. The written-statement
requirement, however, does not seek to compel compliance with orders issued under State law.
Instead, the written-statement requirement is an aid to assessing risks to consumers arising under
Federal consumer financial law, including by considering the extent to which an entity is subject
to oversight by State authorities.413 Although it is possible that, in some instances, the Bureau
may review information submitted through the registry, including the written statements from
See 12 U.S.C. 5514(b)(2)(D) (providing that, in prioritizing entities for supervision, the Bureau should consider
“the extent to which such institutions are subject to oversight by State authorities for consumer protection”). As
discussed in the section-by-section discussion of § 1092.201(c) above, the Bureau declines to remove State laws
from the final rule’s definition of “covered law” or to exempt covered orders issued under such laws from the scope
of the written-statement requirements. As discussed in that section and in the proposal, the Bureau has determined
that agency and court orders stemming from violations of these State laws will likely be probative of risk to
consumers. The Bureau believes that it is important to impose the annual written-statement requirements on
supervised registered entities that are subject to such covered orders.
attesting executives, and determine that supervisory action under Federal consumer financial law
is necessary, the Bureau’s review may also indicate that action under Federal law is unnecessary
or should be a lower supervisory priority.
The Bureau believes it is important to obtain the information described in the final rule
about supervised registered entities’ ongoing compliance with relevant provisions of covered
orders, including covered orders issued or obtained by State and local agencies. The Bureau
believes that the written statement obligations in the final rule will not complicate or frustrate
State enforcement efforts. The Bureau will not undermine the efforts of other regulators by
collecting such information from entities subject to its jurisdiction related to the offering or
provision of consumer financial products and services. As discussed above, the Bureau does not
intend to, and does not assert any authority to, enforce covered orders not issued or obtained by
the Bureau merely because of their covered order status. As stated in the proposal,414 evidence
regarding a supervised registered entity’s compliance with a covered order will provide the
Bureau with important information regarding risks to consumers that may be associated with the
order and will be highly relevant to the Bureau’s own supervisory and enforcement efforts. State
regulators conduct enhanced supervision and ongoing monitoring of companies that are subject
to covered orders precisely because of the increased risk such orders represent. The Bureau
agrees with the joint comment from State regulators that increased coordination and information
sharing with the States regarding such orders will also facilitate the work of all regulators
concerned, and the Bureau intends to use the information provided under the registry, including
the written statement, so that it may be better informed about such orders and thus be in a better
position to communicate with other regulators about them.
The additional reporting obligation in the final rule will not prevent or interfere with the
efforts of supervised registered entities to comply with their other reporting obligations.

See 88 FR 6088 at 6125.

Supervised registered entities can comply with their reporting requirements under § 1092.204(d)
and other sources of law, much as supervised registered entities currently comply with Bureau
supervisory requests for information under CFPA section 1024(b)(1) while also complying with
other reporting requirements.415
The Bureau agrees with the industry commenter that registration under the NMLS system
will provide information that may help lessen the need to submit an annual written statement to
the Bureau under this section. As discussed in the section-by-section discussion of final
§ 1092.203, the Bureau is adopting a provision that will provide an option for a supervised
registered entity to file a one-time statement to the Bureau in lieu of complying with
§ 1092.204’s requirements with respect to a NMLS-published covered order.
The Bureau declines to supplement the written-statement requirements beyond the
requirements in the final rule. However, any supervised registered entity that wishes to discuss
any matter relevant to Bureau supervision should contact the appropriate Bureau supervisory
representative. To the extent that the supervised registered entity believes that the submission of
such information would be useful or informative to the Bureau, it may use other channels to do
so.
The Bureau has considered alternative approaches to adopting the written-statement
requirements for supervised registered entities. However, as discussed herein and in part IV(D),
the Bureau finalizes its preliminary findings contained in the proposal416 that requiring
supervised nonbanks to designate attesting executives and to submit certain written statements
relating to compliance with reported orders will facilitate the Bureau’s supervisory efforts and
better ensure that supervised registered entities are legitimate entities and are able to perform
their obligations to consumers. Among other things, as discussed herein and in part IV(D), the
Bureau concludes that the adoption of the written-statement requirements will provide valuable

See 12 U.S.C. 5514(b)(1).

88 FR 6088 at 6100.

information regarding the entities subject to Bureau supervision. The Bureau may use that
information, including whether supervised registered entities have identified violations of
covered orders registered under § 1092.202, in conducting its supervisory prioritization efforts,
assessing compliance systems and procedures, and detecting and assessing risk to consumers and
to markets for consumer financial products and services. As described in parts VIII and IX, the
Bureau has considered the potential benefits, costs, and impacts of the written-statement
requirements in the final rule, including the potential benefit to consumers.
Under the final rule, as proposed, § 1092.204(d)(1) requires the written statement to
contain only a general summary description of the attesting executive’s actions, and thus does
not impose a substantial new reporting requirement. This provision does not affirmatively
require the executive to take any actions related to compliance with the covered order; it only
requires the executive to provide the Bureau with a general description of what applicable steps,
if any, the executive has taken. The Bureau anticipates that this general description will
generally be short and summary in nature. The Bureau concludes that such a statement will
generally be sufficient to serve the purposes of this requirement and provide the information
sought by the Bureau. This requirement will provide valuable context regarding the basis of the
attesting executive’s knowledge and assist the Bureau with determining the degree to which the
Bureau may rely on the written statement.
Final § 1092.204(d)(1) is not intended to provide the Bureau with a comprehensive
understanding of a supervised registered entity’s compliance systems or procedures. Instead, it
is intended to enhance the usefulness of the written statement by providing valuable context
regarding the basis of the attesting executive’s knowledge and by assisting the Bureau with
determining the degree to which the Bureau may relay on the written statement. To the extent
the Bureau desires additional information regarding the supervised registered entity’s activities
or practices, the Bureau may utilize its other supervisory authorities.

As expressly provided at final § 1092.205(b), the written statement submitted under final
§ 1092.204(d) will be treated as CFPB confidential supervisory information subject to the
provisions of 12 CFR part 1070. The Bureau disagrees that requiring submission of this
confidential supervisory information via the nonbank registry will put the information at risk.
The Bureau has adequate data safeguards to protect the written statement information that
supervised registered entities provide to the Bureau under § 1092.204(d). Such information will
be protected by the Bureau’s confidentiality regulations at 12 CFR part 1070, the Federal Trade
Secrets Act, 18 U.S.C. 1905, and other laws. In addition, the Bureau is subject to data breach
requirements provided in the Federal Information Security Management Act (FISMA),
applicable Office of Management and Budget (OMB) Memoranda, U.S. Department of
Homeland Security (DHS) Binding Operational Directives, National Institute of Standards and
Technology (NIST) Federal Information Processing Standards and documents, and other
applicable guidance.
To the extent that certain comments might be read as expressing concern that
§ 1092.204(d) might require the submission of information protected by the attorney-client
privilege or another legal privilege, the commenters do not identify any particular scenarios
under which submission of privileged information might be required to comply with
§ 1092.204(d), and as discussed in the section-by-section discussion of § 1092.201(d), the
Bureau does not intend for the final rule to require the submission of privileged information to
the nonbank registry.
As discussed in part VIII below, the Bureau acknowledges that certain firms that are
subject to covered orders and that lack adequate compliance systems may be forced to pay
attesting executives a salary premium because of the written-statement requirements, but
believes that there will be few such firms. The Bureau also disagrees with commenters’
assertions that, for most covered nonbanks, the requirement for covered nonbanks to designate
attesting executives for covered orders will discourage competent compliance and risk

management personnel from serving in such roles. Neither § 1092.204(b)’s designation
requirements nor the publication of the name and title of the attesting executive as provided at
§ 1092.205 will materially increase the legal obligations of such executives. As discussed
elsewhere in this section, § 1092.204(d) requires the submission only of certain limited
statements on behalf of the supervised registered entity to the executive’s knowledge. For most
companies, this statement should be straightforward and noncontroversial. Thus, for most
supervised registered entities, the Bureau does not agree with commenters’ assertions that the
proposed requirements would have a significant chilling effect on the hiring and retention of
senior executives.
The written-statement requirement does not violate the First Amendment. The final rule
merely requires a factual disclosure regarding (1) the steps the attesting executive has taken to
review and oversee the supervised registered entity’s activities subject to the applicable covered
order, and (2) whether, to the attesting executive’s knowledge, the supervised registered entity
during the preceding calendar year identified violations or other instances of noncompliance with
the entity’s obligations under such a covered order. It only requires that the written statement be
made to the Bureau, not to the general public. The rule excludes the written statement from its
publication requirements and expressly provides that the written statement “will be treated as
Bureau confidential supervisory information.” The written-statement requirement will facilitate
Bureau supervisory efforts. It bears no resemblance to the type of “Government-mandated
pledge or motto” that has been held to violate the First Amendment.417 Such a limited reporting
requirement, especially one connected to extant conduct regulations, complies with the First
Amendment.418

Rumsfeld v. Forum for Academic & Institutional Rights, Inc., 547 U.S. 47, 61-62 (2006) (discussing W. Va. State
Bd. of Educ. v. Barnette, 319 U.S. 624 (1943), and Wooley v. Maynard, 430 U.S. 705 (1977)).
See, e.g., Arkansas Times LP v. Waldrip, 37 F.4th 1386, 1394 (8th Cir. 2022) (en banc) (holding that requirement
that government contractors certify compliance with conduct-based regulations did not unconstitutionally compel
speech); United States v. Arnold, 740 F.3d 1032, 1033-35 (5th Cir. 2014) (rejecting “compelled speech” challenge to
Federal sex-offender registration requirements); United States v. Conces, 507 F.3d 1028, 1040 (6th Cir. 2007)
The Bureau disagrees with the industry commenter that the written-statement
requirements would be redundant because the applicable covered order, if issued under consent,
would already have been signed by a company officer. A signature of a supervised registered
entity’s officer with respect to a covered consent order (such as on a stipulation or consent
agreement) would not serve the purposes of § 1092.204’s written-statement requirements.
Among other things, there generally would be no requirement that such an executive would
satisfy the criteria established under § 1092.204(b); such an executive generally would not be
designated on an annual basis, depriving the Bureau of relevant up-to-date information; an
executive signature consenting to a covered order generally would not provide any of the
information that would be submitted in the annual written statement required under
§ 1092.204(d); and the other requirements established in § 1092.204, including § 1092.204(c)
and (e), generally would not be imposed with respect to the covered order.
Regarding the comment that the attestation described at § 1092.203(d)(2) should not be
made by an executive but by the supervised registered entity itself, the written statement—as
discussed above419—is a statement by the supervised registered entity. To be sure,
§ 1092.204(d) requires the written statement to be made and signed “on behalf of the supervised
registered entity” by a particular individual agent, the attesting executive. Section 1092.204(b)
establishes requirements for the entity’s designation of its attesting executive(s) to ensure that the
person who signs the written statement has sufficient authority and access to all the relevant
company stakeholders to ensure that the report—which is filed on behalf of the entity, not the
individual executive—is as complete and accurate as possible.420 But the obligations under

(holding that requiring responses to discovery requests did not violate First Amendment); United States v. Sindel, 53
F.3d 874, 878 (8th Cir. 1995) (rejecting “compelled speech” challenge to providing information required by an IRS
form).
See the Bureau’s response to certain comments regarding the Bureau’s legal authority to impose writtenstatement requirements above.
420

See 88 FR 6088 at 6121-22.

§ 1092.204 belong to supervised registered entities, not to particular individuals acting in their
personal capacities.
The Bureau disagrees that § 1092.204(d)(2) represents an inappropriate attempt to
substitute the individual liability of the attesting executives for the liability of the supervised
registered entities they represent. As discussed above, even for those covered orders that the
Bureau is authorized to enforce, § 1092.204(b)’s requirement to designate an attesting executive
does not mean that the Bureau intends to hold that executive solely responsible for the entity’s
compliance with those covered orders. The final rule does not impose any additional
requirements to take steps to address any covered order, nor does it establish any standards for
imposing liability on any individual in connection with any covered order. Any individual
accountability in connection with violations of such orders shall continue to be determined in
accordance with existing law, which the final rule does not purport to change. Nor does the final
rule affect the Bureau’s existing approach to assessing board and management oversight at
supervised registered entities.
The Bureau disagrees that § 1092.203(d)(2) would cause a supervised registered entity to
place undue emphasis on compliance with covered orders, to the detriment of its other
compliance responsibilities. As stated in part IV(A) above, agency and court orders are not
suggestions. It is incumbent on supervised registered entities to comply with such orders and
also manage their other responsibilities. As explained in the proposal,421 the Bureau believes,
based on its experience and expertise, that most entities subject to covered orders endeavor in
good faith to comply with them and will already have in place systems and procedures to help
achieve such compliance. The Bureau thus believes that few entities would significantly alter
their compliance systems, procedures, or priorities in response to § 1092.204.422 Further, the risk

See 88 FR 6088 at 6133.

The final rule does not obligate supervised registered entities to spend an inordinate amount of time, or indeed
any time at all, on compliance with covered orders. The final rule does not establish any minimum level of
compliance management or expectations for compliance systems and procedures at supervised registered entities. It
only requires such entities to report information about their compliance to the Bureau.
of legal sanctions will likely deter entities from neglecting other legal obligations not associated
with covered orders. The Bureau thus does not believe that § 1092.204 will cause supervised
registered entities to ignore other legal requirements not set forth in covered orders.
For the reasons discussed in part IV and the section-by-section discussions of
§ 1092.201(c) and (e) above, the Bureau concludes that the term “covered order” should include
orders issued or obtained by agencies other than the Bureau. As discussed in part IV(D) and this
section-by-section discussion of § 1092.204, submission of a written statement regarding either
compliance or noncompliance with covered orders will provide the Bureau with important
additional information regarding risks to consumers that may be associated with the orders and
the applicable supervised registered entities’ compliance systems and procedures, and will
otherwise facilitate the Bureau’s supervision of such entities. The Bureau disagrees with
commenters’ assertions that the Bureau lacks a legitimate interest in obtaining such information
from entities that are subject to its supervisory and examination jurisdiction under CFPA section
1024.
With respect to the comments stating that it would be impossible for an executive to
attest that a supervised entity had complied with a broadly drafted covered order, including
orders based on violations or alleged violations of Federal or State UDAP/UDAAP laws, final
§ 1092.204(d) does not require that the supervised registered entity prove its compliance with the
covered order to the Bureau, as discussed above. Section 1092.204(d)(1) requires the executive
to generally describe the steps that the attesting executive has undertaken to review and oversee
the supervised registered entity’s activities subject to the applicable covered order for the
preceding calendar year, but imposes no minimum standards or other requirements regarding
those steps. And all the entity need disclose under § 1092.204(d)(2) is whether, to the attesting
executive’s knowledge, the supervised registered entity during the preceding calendar year
identified any violations or other instances of noncompliance with any obligations that were
imposed in a public provision of the covered order by the applicable agency or court based on a

violation of a covered law. Such matters are within the power of the supervised registered entity
and its attesting executive to know and describe to the Bureau, and will provide important
information that is useful to the Bureau. Should the Bureau desire additional information
relating to the covered order or the supervised registered entity’s compliance with the covered
order, the Bureau may choose to follow up on the information provided by the supervised
registered entity in its written statement, including via its supervisory and examination authority
or by communicating with the appropriate agency.
The Bureau declines to adopt the alternative approach proposed in the notice of proposed
rulemaking that the written statement contain a short description of the entity’s compliance
systems and procedures relating to the covered order.423 The Bureau concludes the writtenstatement requirements included in the final rule will provide sufficient information to the
Bureau to serve the purposes of the written-statement requirement. The written statement will
provide valuable information to the Bureau regarding the entity’s attesting executive for each
applicable covered order, the steps undertaken by that executive to review and oversee
compliance with the covered order, and any applicable recent violations of the order identified
by the supervised registered entity. To the extent the Bureau desires to obtain more information
about the entity’s compliance systems or procedures than is provided in the written statement,
the Bureau may choose to follow up directly with the supervised registered entity through its
supervisory authority or through other means. The Bureau does not believe it is necessary at this
time to require all supervised registered entities to submit a description of the entity’s relevant
compliance systems and procedures on an annual basis, or to dedicate staff and other Bureau
resources to reviewing such submissions.
Likewise, the Bureau declines to adopt the alternative approach proposed by the
commenter to obtain a single representation about all covered orders to which the entity is

See 88 FR 6088 at 6126.

subject. The Bureau believes that requiring a separate written statement for each covered order
will be more likely to provide the Bureau with meaningful and useful information regarding the
covered order, the entity’s compliance with that covered order, other risks to consumers that are
related to that covered order, and other matters. The Bureau also believes this proposed
alternative is inconsistent with the approach to designation of attesting executives taken under
§ 1092.204(b). As described in the proposal,424 the Bureau believes it is desirable to require a
supervised registered entity to annually designate one attesting executive for each applicable
covered order to which it is subject and for all submissions and other purposes related to that
covered order under subpart B. If an entity has designated multiple attesting executives under
the rule, the Bureau would not necessarily expect each such executive to be able to provide a
meaningful attestation with respect to all covered orders. See part IV above for additional
discussion of these issues.
With respect to the comment opposing the adoption of this proposed alternative, while
the Bureau does not necessarily agree with the industry commenter’s assertion that the proposed
alternative would fail to provide adequate or accurate information to the Bureau, the Bureau
believes the written-statement requirements included in the final rule will provide sufficient
information to the Bureau to serve the purposes of the written-statement requirement. Regarding
the inclusion of confidential information in the written statement, the Bureau expects that the
written statement may contain certain confidential information about the entity and its
compliance system or procedures. Anticipating this issue, the final rule treats the written
statement as Bureau confidential supervisory information (§ 1092.205(b)) and would not publish
it. As discussed in the section-by-section discussion of § 1092.205(b), this approach will
enhance the usefulness of submissions under final § 1092.204(d)(1) and (2), increase the

See 88 FR 6088 at 6123.

Bureau’s ability to detect and assess potential noncompliance and emerging risks to consumers,
and promote compliance with the law.
With respect to the comments stating that the Bureau should use its existing supervisory
authorities instead of imposing the written-statement requirements, the Bureau disagrees to the
extent the comments suggest that the Bureau should collect written statements only in connection
with particular examinations via direct communication with supervised registered entities. Such
an approach would not be more reliable and predictable for all parties than a rule-based
approach, and would be less administrable for the Bureau. The approach adopted in the final
rule will structure the information collected and establish a regular cadence for collecting it.
This approach also will enable the Bureau to more readily utilize this information, as it will be
linked via the nonbank registry to the other information submitted by the relevant supervised
registered entity regarding the applicable covered order.425
In addition, there is no existing comprehensive list of nonbank entities subject to Bureau
supervision, so the Bureau would be unable to issue a standing order to such entities to produce
such information. The final rule requires supervised registered entities, within the timeframes
established by the rule, to identify themselves to the Bureau and to provide information that is
relevant to the Bureau’s assessment and detection of risks to consumers related to such entities.
As discussed in part IV(D) above, the collection of this information will facilitate Bureau
supervision by, among other things, helping the Bureau identify when a nonbank entity subject to
its supervisory authority is subject to a covered order, and by annually collecting information
about the entity’s compliance with the covered orders to which it is subject. This information
will in turn help the Bureau prioritize its nonbank examinations under CFPA section 1024(b)(2)
and otherwise inform how the Bureau supervises and examines the entity. As appropriate, the
Bureau may also, as one commenter suggests, obtain more detailed and comprehensive

See also part IV(D) above.

information about the entity’s compliance systems and procedures for complying with the order
via direct communication with the entity through the supervisory process.
See the section-by-section discussion of § 1092.201(e) above regarding the final rule’s
treatment of covered orders that may be subject to appeal.
Final Rule
The Bureau adopts § 1092.203(d) as proposed (renumbered as § 1092.204(d)) for the
reasons discussed above and in the description of the proposal, with changes to the wording of
the paragraph’s first sentence.426 That sentence now reads (with additions marked with italics):
“On or before March 31 of each calendar year, the supervised registered entity shall, in the form
and manner specified by the Bureau, submit to the nonbank registry a written statement with
respect to each covered order described in paragraph (a)(1) of this section to which it is
subject.”427 The changes reflect revisions to § 1092.204(a) that are discussed in the section-bysection analysis of that subsection (as well as the Bureau’s adoption of the term “nonbank
registry” described in the section-by-section discussion of § 1092.101(d) above).
Under § 1092.204(d) of the final rule, written statements only need to address periods
during which covered nonbanks qualify as supervised registered entities. Therefore, if a covered
nonbank did not qualify as a supervised registered entity at any point during the preceding
calendar year, it does not need to file a written statement in the current calendar year, even if the
covered nonbank becomes a supervised registered entity by March 31 of the current calendar
year.

See also the section-by-section discussion of § 1092.101(d) above regarding the Bureau’s adoption of the revised
term “nonbank registry.”
Under § 1092.204(a)(2), a supervised registered entity is not required to comply with § 1092.204—including the
requirements of § 1092.204(d)(2)—with respect to any NMLS-published covered order for which it has chosen to
comply with the one-time registration option described in § 1092.203.
Section 1092.204(e) Requirement to Maintain and Make Available Related Records
Proposed Rule
Proposed § 1092.203(e) would have imposed recordkeeping requirements with respect to
the preparation of the written statement. These requirements were designed to promote effective
and efficient enforcement and supervision of proposed § 1092.203. The Bureau would have
relied on its rulemaking authorities under CFPA section 1024(b)(7)(A)–(C) in imposing
proposed § 1092.203(e)’s recordkeeping requirements.
Proposed § 1092.203(e) would have required a supervised registered entity to maintain
documents and other records sufficient to document the entity’s preparation of the written
statement, to provide reasonable support for the written statement, and to otherwise demonstrate
compliance with the requirements of proposed § 1092.203 with respect to any submission under
that section. The proposed section would have required the supervised registered entity to
maintain those documents and records for five years after such submission was required. The
proposal would have also required the supervised registered entity to make such documents and
other records available to the Bureau upon the Bureau’s request. The Bureau explained that the
purpose of this requirement would be to enable the Bureau to assess, as part of its normal
supervisory process, the supervised registered entity’s compliance with proposed § 1092.203.
The Bureau explained that it expected such documents and other records to be in a form
sufficient to enable the Bureau to conduct this assessment. The Bureau believed that the fiveyear time period would appropriately facilitate the Bureau’s examination and enforcement
capabilities with respect to compliance with proposed § 1092.203’s requirements.
Comments Received
One industry commenter stated that the requirement to “provide reasonable support” for
the written statement was vague and overly broad, and that it could extend to every record that a
company has. Relatedly, the commenter stated that the costs associated with this requirement
could not be quantified as a result of this uncertainty.

The commenter also stated that the proposed recordkeeping requirement would be unduly
burdensome because it would require a supervised registered entity to maintain evidence of
compliance with covered orders. And the commenter objected to the duration of the
recordkeeping requirement, as the five-year obligation imposed under proposed § 1092.203(e)
might exceed the duration of the requirements imposed by the other provisions of the proposal
(such as where the order terminates earlier). The commenter also stated the Bureau should have
considered obtaining documents from other regulators as an alternative to proposed § 1092.203.
Response to Comments Received
The Bureau disagrees with the industry commenter’s statement that the requirements of
§ 1092.204(e) (which was initially proposed as § 1092.203(e)) are vague and overly broad, and
that an estimate of the costs associated with those requirements cannot be quantified. Section
1092.204(e) does not require a supervised registered entity to comply with any covered order,
nor does it require the entity to prove that it is in compliance with any covered order. Instead,
§ 1092.204(e) requires the entity to maintain documents sufficient to allow the Bureau, through
its normal supervisory process, to review the entity’s compliance with the requirements of
§ 1092.204 with respect to a submission under that section. Thus, § 1092.204(e) requires a
supervised registered entity to maintain documents that demonstrate compliance with the various
paragraphs of § 1092.204.
Specifically, a supervised registered entity would satisfy § 1092.204(e) with respect to
the requirements of § 1092.204(b) regarding the designation of an attesting executive for a
particular covered order by maintaining records that reasonably support the entity’s designation,
including records that demonstrate that the attesting executive satisfies the criteria established by
§ 1092.204(b).
Section 1092.204(d)(1) requires the attesting executive to “[g]enerally describe the steps
that the attesting executive has undertaken to review and oversee the supervised registered
entity’s activities subject to the applicable covered order for the preceding calendar year.” A

supervised registered entity would satisfy § 1092.204(e) with respect to a statement submitted
under § 1092.204(d)(1) by maintaining documents that reasonably support the description
submitted. If the entity chooses to submit a statement under § 1092.204(d)(1) that describes
specific steps undertaken by the attesting executive to review and oversee the entity’s applicable
activities, § 1092.204(e) would require that the entity maintain documents that demonstrate that
the executive undertook the steps described. For example, the entity could preserve relevant
reports provided to the executive regarding compliance with the relevant order, or emails that
demonstrate the questions asked by the executive as part of the executive’s review.
Section 1092.204(d)(2) requires the attesting executive to “[a]ttest whether, to the
attesting executive’s knowledge, the supervised registered entity during the preceding calendar
year identified any violations or other instances of noncompliance with any obligations that were
imposed in a public provision of the covered order by the applicable agency or court based on a
violation of a covered law.” If, to the executive’s knowledge, the entity did identify such a
violation, the executive should so attest under § 1092.204(d)(2), and the entity should maintain
records sufficient to provide reasonable support for the executive’s statement. For example, the
entity could preserve relevant documents that caused the executive to know that a violation had
occurred, such as a report or email sent to the executive. On the other hand, if the executive
attests that he or she does not know of any such violation, the Bureau anticipates that attestation
will generally be based upon the executive’s review and oversight as described in the portion of
the written statement submitted under § 1092.204(d)(1). By demonstrating what steps (if any)
the executive had undertaken to review and oversee the activities subject to the covered order,
the entity generally would also provide support for the statement that the executive was not
aware of applicable violations. Thus, in such cases the Bureau would generally expect the
documentation that supports the portion of the written statement submitted under
§ 1092.204(d)(1) also to adequately support the portion submitted under § 1092.204(d)(2), and
§ 1092.204(e) would generally not require the entity to maintain any other additional records

specifically in connection with the portion of the written statement submitted under
§ 1092.204(d)(2).
With respect to the comment regarding potential burden associated with § 1092.204(e)’s
recordkeeping requirements, this provision would not require a supervised registered entity to
maintain documents to enable the Bureau to assess whether the entity is in compliance with any
covered order. Instead, this provision would require a supervised registered entity to maintain
documents that demonstrate compliance with § 1092.204 itself. Section 1092.204 imposes a set
of requirements regarding the designation of one or more attesting executives and submission of
one or more annual reports. It requires neither that the entity comply with any covered order nor
that it demonstrate to the Bureau that it is in compliance with any covered order. Documents that
demonstrate the entity’s compliance with § 1092.204 will not generally be available from other
regulators or from sources other than the entity itself.
The Bureau acknowledges that in some cases, a supervised registered entity’s obligation
to maintain documents under § 1092.204(e) may extend, perhaps by several years, past the time
required for the entity’s final filing under § 1092.202(f)(1). While, as provided in
§ 1092.202(f)(2), a supervised registered entity’s final filing under § 1092.202(f)(1) relieves the
entity of its obligations to update its filing or to file written statements with respect to the
applicable covered order under subpart B, the entity would remain subject to § 1092.204(e)’s
requirements to maintain and make available applicable records. Nevertheless, the Bureau
believes § 1092.204(e)’s five-year recordkeeping requirement is consistent with the final rule’s
approach to final filings in § 1092.202(f). The purpose of § 1092.204(e)’s recordkeeping
requirement is to promote effective and efficient enforcement and supervision of § 1092.204.
The Bureau may wish to review a supervised registered entity’s past compliance with § 1092.204
even after the entity has been released, as provided under §1092.202(f)(2), from its ongoing
obligations to update information under § 1092.202 and to file annual written statements under
§ 1092.204. The Bureau believes the five-year period is an appropriate length of time to require

preservation of records in order to facilitate any review that may occur. For a discussion of the
economic costs and benefits associated with this provision, see part VIII.
Final Rule
The Bureau adopts § 1092.203(e) as proposed (renumbered as § 1092.204(e)) for the
reasons discussed above and in the description of the proposal.
Section 1092.204(f) Notification of Entity’s Good-Faith Belief that Requirements Do Not Apply
Proposed Rule
Proposed § 1092.203(f) would have provided that a person may submit a notice to the
NBR system stating that it is neither designating an attesting executive nor submitting a written
statement pursuant to proposed § 1092.203 because it has a good-faith basis to believe that it is
not a supervised registered entity or that an order in question is not a covered order. Such a
filing may be combined with any similar filing under proposed § 1092.202(g).428 Proposed
§ 1092.203(f) would have also required the person to promptly comply with § 1092.203 upon
becoming aware of facts or circumstances that would not permit it to continue representing that it
has a good-faith basis to believe that it is not a supervised registered entity or that an order in
question is not a covered order. The Bureau proposed to treat information submitted under
§ 1092.203(f) as “administrative information” as defined by proposed § 1092.201(a).
The Bureau proposed § 1092.203(f) for several reasons. First, while the Bureau believed
that determining whether a company qualifies as a “supervised registered entity” (or whether an
order is a covered order) should be straightforward in most cases, some persons may be uncertain
about whether they are a supervised registered entity (or whether an order is a covered order).
The Bureau acknowledged in its proposal that even when they have a good-faith basis to believe
they are not a supervised registered entity (or an order is not a covered order), they could
annually designate an attesting executive and file annual written statements if they did not want

See also the section-by-section discussion of § 1092.202(g), which provides a similar option with respect to
§ 1092.202.
to incur the risk of violating the requirements of proposed § 1092.203. But the Bureau believed
that that approach could impose burden on persons who ultimately are not supervised registered
entities (or whose orders are not covered orders). The Bureau therefore proposed an alternative
option for these persons. Rather than facing the burden of designating an attesting executive and
filing written statements, such an entity could have elected to file a notice under proposed
§ 1092.203(f). The Bureau explained that, when a person makes a non-frivolous filing under
proposed § 1092.203(f) stating that it has a good-faith basis to believe that it is not a supervised
registered entity (or an order is not a covered order), the Bureau would not bring an enforcement
action against that person based on the person’s failure to comply with proposed § 1092.203
unless the Bureau has first notified the person that the Bureau believes the person does in fact
qualify as a supervised registered entity (or the order in question qualifies as a covered order)
and has subsequently provided the person with a reasonable opportunity to comply with
proposed § 1092.203.429
The Bureau also believed that filings under proposed § 1092.203(f) may reduce
uncertainty by the Bureau about why certain entities are not designating an attesting executive or
providing a written statement under proposed § 1092.203. In addition, the Bureau believed that
these notifications might provide the Bureau with information about how market participants are
interpreting the scope of proposed § 1092.203, about the potential need for the Bureau to instruct
certain persons to designate an attesting executive and provide written statements, and about the
potential need for guidance or rulemaking clarifying the scope of proposed § 1092.203.
As in the case of proposed § 1092.202(g), the Bureau considered an alternative to
proposed § 1092.203(f) under which entities would not file a notice with the Bureau, but they
could avoid penalties for non-compliance with § 1092.203 if in fact they could establish a goodfaith belief that they did not qualify as supervised registered entities subject to § 1092.203 (or

The Bureau explained that, under proposed § 1092.102(c), the filing of a notification under proposed
§ 1092.203(f) would not affect the entity’s ability to dispute more generally that it qualifies as a person subject to
Bureau authority.
their order was not a covered order). Under this alternative, entities would have maintained such
good-faith belief so long as the Bureau had not made clear that § 1092.203 would apply to them.
Although the Bureau preliminarily concluded that this alternative was not preferable to requiring
entities to actually file notices under proposed § 1092.203(f), the Bureau sought comment on
whether it should finalize this alternative instead. It also sought comment on whether, if it
finalized this alternative, entities would require additional guidance on the circumstances
pursuant to which an entity could no longer legitimately assert a good-faith belief that
§ 1092.203 would not apply to its conduct. While the Bureau anticipated that such
circumstances would certainly include entity-specific notice from the Bureau that § 1092.203
applies, the Bureau did not believe such notice should be required to terminate a good faith
defense to registration. Among other circumstances, the Bureau anticipated that at least formal
Bureau interpretations of (for example) the provisions of CFPA section 1024(a)(1) would
generally suffice to terminate such belief.430
Comments Received
As discussed in the section-by-section discussion of § 1092.202(g) above, the Bureau
received a number of comments from tribes regarding proposed §§ 1092.202(g) and 1092.203(f).
The tribes commenting on the proposal generally opposed proposed §§ 1092.202(g) and
1092.203(f) and submitted specific objections to aspects of the proposal.
Response to Comments Received
See the section-by-section discussion of § 1092.202(g) above for a description of the
Bureau’s responses to comments received regarding proposed § 1092.203(f).
Final Rule

12 U.S.C. 5514(a)(1).

The Bureau adopts § 1092.203(f) as proposed (renumbered as § 1092.204(f)) for the
reasons discussed above and in the description of the proposal.431
Section 1092.205 Publication and Correction of Registration Information
Section 1092.205(a) Internet Posting of Registration Information
Proposed Rule
Proposed § 1092.204(a)
Proposed § 1092.204(a) would have required the Bureau to make available to the public
the information submitted to it by persons pursuant to proposed § 1092.202, except that the
Bureau could choose not to publish certain administrative information or other information that
the Bureau determined may be inaccurate, not required to be submitted under subpart B, or
otherwise not in compliance with part 1092 and any accompanying guidance. Proposed
§ 1092.204(a) would have further provided that the Bureau may make registration information
available to the public by means that include publishing it on the Bureau’s publicly available
Internet site within a timeframe determined by the Bureau in its discretion. However, as
discussed below regarding proposed § 1092.204(b), the proposal would have specifically
provided that the Bureau would not disclose the written statement submitted under proposed
§ 1092.203.
The Bureau explained that publication of registered entities’ identifying information
would facilitate the ability of consumers to identify covered persons that are registered with the
Bureau.432 And the Bureau believed that publication of additional information about registered
entities and covered orders would be in the public interest.433 Namely, as discussed in more
detail in section IV(E) of the proposal’s preamble, proposed § 1092.204(a) would have provided
information of use to consumers, other regulators, industry, nongovernment organizations, and

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau’s adoption of the revised term
“nonbank registry.”
432

12 U.S.C. 5512(c)(7)(B).

12 U.S.C. 5512(c)(3)(B).

the general public. Proposed § 1092.204(a) also would have formally aligned the proposed NBR
system with Federal Government emphasis on making government data available to and usable
by the public, by default, to the greatest extent possible.434
The Bureau explained that making the data collected publicly available would further the
rationale of the proposal—that is, enhancing oversight and awareness of covered orders and the
covered nonbanks that are subject to them. The Bureau believed that regulators and other
agencies at all levels of government (not just the Bureau) could use the information the Bureau
would make publicly available to set priorities. The Bureau believed publication was also in the
public interest because researchers could analyze the information the Bureau would make
publicly available to gain valuable insight into the issues addressed in the NBR system. For
example, as the Bureau explained in its proposal, they could produce reports that may inform
consumers and the public more broadly of potential risks related to covered orders, or otherwise
use the public data to promote private innovation. The Bureau also believed that organizations
representing consumer interests could use the information to assist with their consumer
protection efforts. The Bureau further explained in its proposal that publication can also help
inform the public, including industry actors, about how regulators are enforcing Federal
consumer financial laws and other similar laws. The Bureau cited, for example, that industry
actors could use the registry as a convenient source of information regarding regulator actions
and trends across jurisdictions, helping them to better understand legal risks and compliance
obligations. The Bureau believed that at least in certain cases, consumers may be able to use the
information in the registry to make informed choices regarding consumer financial products and
services, including potentially using the information to assist with the assertion of private rights
of action that might be available under the Federal consumer financial laws. Finally, the Bureau
believed that publication would help promote Bureau accountability by helping the public better

See, e.g., Open, Public, Electronic, and Necessary Government Data Act, in title II of Public Law 115-435
(Jan. 14, 2019); Office of Management and Budget, M-19-18, Federal Data Strategy – A Framework for
Consistency (June 4, 2019), https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-18.pdf.
see and understand the results of the nonbank registry initiative, and helping the public gain
greater insight into Bureau decision-making. As discussed in section IV(E) of the proposal, the
Bureau believed that identifying the executive who has knowledge and control of the supervised
entity’s efforts to comply with the covered order would provide particular benefits to the Bureau,
the public, and other users of the registry.
Proposed § 1092.204(a) would have provided that the Bureau may choose not to publish
certain administrative information or other information that the Bureau determines may be
inaccurate, not required to be submitted under proposed subpart B, or otherwise not in
compliance with part 1092 and any accompanying guidance. The Bureau proposed to exclude
administrative information, as defined at proposed § 1092.201(a), from the proposed publication
requirement because it believed the publication of such information may not in all instances be
especially useful to external users of the registry. The Bureau explained that administrative
information is likely to include information such as time and date stamps, contact information,
and administrative questions. The Bureau anticipated that it may need such information to work
with personnel at nonbanks and in order to administer the NBR system. The Bureau believed
that publishing such information would not be in the public interest because publication would
be unnecessary and likely would be counterproductive to the goals of ensuring compliance with
the proposal and publishing usable information.
The Bureau would have also reserved the right not to publish any information that it
determines may be inaccurate, not required to be submitted under proposed subpart B, or
otherwise not in compliance with part 1092 and any accompanying guidance. For example, the
Bureau explained, persons may submit unauthorized or inadvertent filings, or filings regarding
orders that would not require registration under the proposal, or other inaccurate or inappropriate
filings. The Bureau believed it would require flexibility not to publish such information in order
to maintain the accuracy and integrity of the NBR system and the data that would be published
by the Bureau. And publication of information that the Bureau determines is, or may be,

inaccurate, not required to be submitted under proposed subpart B, or that is otherwise not
appropriately submitted under the proposal and accompanying guidance, would not further the
goals of the proposal.
Furthermore, consistent with CFPA section 1022(c)(8),435 the Bureau explained that it
would not publish information protected from public disclosure under 5 U.S.C. 552(b) or 552a or
any other provision of law. The Bureau, however, did not believe that any of the information
proposed to be collected under proposed § 1092.202 would be protected from public disclosure
by law. The Bureau requested comments on this question, and whether any other steps should be
taken to protect this information from public disclosure.
The Bureau recognized that by relying in part on its supervisory authority in section 1024
of the CFPA to require submission of information to the nonbank registry, registry information
could be construed to be “confidential supervisory information” as defined in the Bureau’s
confidentiality rules at 12 CFR 1070.2(i). The Bureau stated that, under the proposal, public
release of information pursuant to § 1092.204(a) would have been authorized by the Bureau’s
confidentiality rules at 12 CFR 1070.45(a)(7), which permits the Bureau to disclose confidential
information “[a]s required under any other applicable law.” The Bureau did not believe that the
information proposed to be published under § 1092.204(a) would have raised the concerns
generally addressed by the Bureau’s restrictions on disclosure of confidential supervisory
information. For example, the Bureau anticipated that the information collected pursuant to
§ 1092.202 would otherwise be subject to disclosure under the Freedom of Information Act and
would not be particularly sensitive to financial institutions or compromise any substantial
privacy interest; that disclosure of the information would not impede the confidential supervisory
process; and that disclosure would not present risks to the financial system writ large.

12 U.S.C. 5512(c)(8) (“In . . . publicly releasing information held by the Bureau, or requiring covered persons to
publicly report information, the Bureau shall take steps to ensure that proprietary, personal, or confidential consumer
information that is protected from public disclosure under [the FOIA] or [the Privacy Act of 1974, 5 U.S.C. 552a,]
or any other provision of law, is not made public under [the CFPA].”).
Proposed § 1092.204(b)
Proposed § 1092.204(b) would have provided that the publication described in proposed
§ 1092.204(a) would not have included the written statement submitted under proposed
§ 1092.203, and that such information would be treated as confidential supervisory information
subject to the provisions of part 1070. The Bureau proposed to require the submission of the
written statement pursuant to CFPA section 1024(b)(7), which authorizes the Bureau to prescribe
rules regarding registration, recordkeeping, and other requirements for covered persons subject
to its supervisory authority under CFPA section 1024. The Bureau believed that treating the
written statements that it would receive under proposed § 1092.203 as confidential, and not
publishing them under proposed § 1092.204, would facilitate the Bureau’s supervision of
supervised registered entities by enabling the Bureau to obtain frank and candid assessments and
other information from supervised registered entities regarding violations and noncompliance in
connection with covered orders. The Bureau believed this information in turn would better
enable the Bureau to spot emerging risks, focus its supervisory efforts, and address underlying
issues regarding noncompliance, compliance systems and processes, and risks to consumers.
The Bureau recognized that there may have been some benefit to other users of the NBR
system from publishing the written statements that it would receive under proposed § 1092.203,
including enhancing the ability of other agencies and affected consumers to monitor compliance.
However, the Bureau believed that these potential benefits were likely to be outweighed by
increased candor and compliance with proposed § 1092.203. The Bureau noted that its
supervision program depends upon the full and frank exchange of information with the
institutions it supervises. The Bureau explained that, consistent with the policies of the
prudential regulators, the Bureau’s policy is to treat information obtained in the supervisory
process as confidential and privileged.436 For example, the Bureau explained in its proposal that

See CFPB Compliance Bulletin 2015-01 (Jan. 27, 2015),
https://files.consumerfinance.gov/f/201501_cfpb_compliance-bulletin_treatment-of-confidential-supervisory436

it would treat all such information as exempt from disclosure under exemption 8 of the Freedom
of Information Act.437 The Bureau believed that these considerations would also underlie
supervisory communications with supervised registered entities under proposed § 1092.203, and
that the proposed approach would enhance the usefulness of submissions under proposed
§ 1092.203, increase the Bureau’s ability to detect and assess potential noncompliance and
emerging risks to consumers, and promote compliance with the law.438
Comments Received
Comments received regarding proposed § 1092.204(a)
General comments received regarding publication
Many commenters opposed the proposal’s approach to publication of registry
information, and either questioned whether the proposed public registry was necessary or
opposed publication of the registry. Commenters stated that the proposed publication of the
registry information would create a much more elevated level of scrutiny and risk for covered
nonbanks subject to covered orders.
Consumer advocate commenters and some industry and individual commenters generally
supported the publication of the registry, stating that it would provide a valuable resource to help
regulators and consumers. A consumer advocate commenter stated that the public registry would
be immensely useful for the Bureau and other Federal and State regulators alike, and another

information.pdf; CFPB Bulletin 2012-01 (Jan. 4, 2012),
https://files.consumerfinance.gov/f/2012/01/GC_bulletin_12-01.pdf. Also consistent with the policies of the
prudential regulators, the Bureau recognized that the sharing of confidential supervisory information with other
government agencies may in some circumstances be appropriate, and in some cases, required. See id. For example,
in accordance with the scheme of coordinated supervision established by Congress, the Bureau’s policy is to share
confidential supervisory information with the prudential regulators and State regulators that share supervisory
jurisdiction over an institution supervised by the Bureau. See id.
See 5 U.S.C. 552(b)(8).

Proposed § 1092.102(c) would have provided that proposed part 1092 would not alter applicable processes
whereby a person may dispute that it qualifies as a person subject to Bureau authority. The Bureau believed written
statements submitted to the NBR system under § 1092.203 of the proposed rule (renumbered to § 1092.204 of the
final rule) would constitute Bureau confidential supervisory information under the regulatory definition of that term
even if the submitter later disputed that it qualified as a person subject to the Bureau’s supervisory authority. See 12
CFR 1070.2(i) (defining Bureau confidential supervisory information), (q) (“Supervised financial institution means
a financial institution that is or that may become subject to the Bureau’s supervisory authority.”).
consumer advocate commenter stated that it would unify the efforts of the various enforcers of
consumer protection laws. A consumer advocate commenter stated that the public registry
would be particularly beneficial for low-income consumers. A consumer advocate commenter
agreed that making the proposed registry public would enhance the ability of consumer advocacy
organizations conducting due diligence, and would better equip organizations to warn consumers
against companies with patterns or practices of illegal or otherwise harmful behaviors. The
consumer advocate commenter also stated that searchable public databases like the proposed
registry empower consumers, regulators, and consumer advocates, and that the registry would
help protect older Americans and all consumers as well as benefit Bureau supervision.
Consumer advocate commenters stated the information obtained from the public registry would
also assist the Bureau and other regulators in developing new regulations and other reforms for
consumer protection. Consumer advocate and industry commenters stated that the public
registry would create heightened accountability and have a deterrent effect on violations.
Consumer advocate commenters stated that the public registry would promote compliance with
orders. An industry commenter stated that the public registry would help entities conduct due
diligence and choose their service providers, would motivate nonbanks to comply with the law,
and would provide financial institutions with examples of the types of acts and practices that
constitute violations of consumer financial protection laws.
See part V above for a discussion of comments regarding publication received from other
agencies during the Bureau’s interagency consultation process.
Comments received regarding alternatives to the proposal’s approach to publication
Many commenters proposed alternatives to the proposal’s approach to publication of
registry information. An industry commenter stated that the Bureau could just provide links on a
webpage instead. An industry commenter stated that the additional benefit of publication to
consumers was unclear in light of the existence of other, more user-friendly registries. Another
industry commenter stated that the Bureau should instead work with State and other Federal

agencies to create a unified database. An industry commenter stated that the Bureau should use
its other tools instead to provide transparency and public guidance, including the Bureau’s
Supervisory Highlights publication, advisory opinions, and other rulemakings such as larger
participant rules. A consumer advocate commenter stated the Bureau should work with the
Federal Deposit Insurance Corporation (FDIC) and other regulators to establish other similar
registries in addition to establishing the proposed Bureau registry. An industry commenter stated
that the publication of registry information might deter other regulators from maintaining their
own sites containing information about covered orders.
An industry commenter stated that publication of information about covered orders
would lack context and be unfair and misleading because entities are precluded from similarly
publicly disclosing outcomes of successful audits and examinations.
An industry commenter stated that the Bureau should permit a covered nonbank to
publish its own accompanying statement or explanation in connection with information
published in the registry so that other financial institutions in the market and consumers can
better understand the reason for the covered order.
Comments received stating publication of registry information would further improper
purposes
Commenters stated that the true purpose of publishing the registry was to name and
shame the entities that were registered as well as their executives, to impose a “scarlet letter” on
such persons, or to punish such entities, and not the purposes stated in the Bureau’s proposal.
Industry commenters also stated that the Bureau’s true purpose in publishing registry
information was to benefit plaintiffs’ lawyers and class action lawsuits against industry
participants. Industry commenters stated that the information published in the proposed registry
would be used against the covered nonbank in other litigation, and that increased litigation and
risk of litigation against covered nonbanks will hurt consumers by raising costs.

Commenters stated that the references in the proposal and in related Bureau statements
identifying the proposed registry as relating to “repeat offenders” indicated that the registry was
being adopted for an improper purpose. Commenters stated that the Bureau should not call the
proposed registry a “repeat offender registry.” Commenters also questioned what it might mean
to be a “repeat offender” as the Bureau used that term, and what the consequences of such a
designation might be. An industry commenter stated that such a designation would imply
wrongdoing, even though the entity might not have admitted liability. An industry commenter
stated that such a designation would mislead consumers by indicating that less significant
violations listed on the registry were comparable to more serious ones. An industry commenter
stated that the term “repeat offenders” was inflammatory, and expressed concern that the Bureau
would impose “repeat offender penalties” based on non-CFPB orders. An industry commenter
stated that the use of such language demonstrated a belief on the part of the Bureau that past
violations are an indication of potential future violations. And an industry commenter stated that
the proposal did not truly address “repeat offenders” but rather perhaps those businesses who are
not able to afford defending themselves from government attacks.
Comments received regarding the publication of the name and title of attesting executives
The Bureau specifically requested comment on whether the requirement to submit the
name and title of the attesting executive “would assist users of the NBR system and whether it
would unduly interfere with the privacy interests of the attesting executive or other interests of
the supervised entity.”439 A consumer advocate commenter stated that it would be appropriate to
publish the name and title of the attesting executive, and that the Bureau would be able to make
clear that the executive is not necessarily an at-fault individual. Other commenters objected to
the proposal’s provisions regarding the publication of the name and title of the attesting
executive. Commenters stated that publishing the name and title of the attesting executive would

88 FR 6088 at 6102.

impose reputational harm or would violate due process and the presumption of innocence by
shaming the executive and the company. An industry commenter stated that the proposed
requirement to designate a current executive as an attesting executive would unfairly implicate
executives in previous wrongdoing, and that the rule should only require designation of an
attesting executive where the executive had been serving at the time of the violations underlying
the order. Some industry commenters expressed privacy concerns about this aspect of the
Bureau’s proposal. Most of the commenters generally expressed this concern without added
explanation, but one industry commenter asserted that it was highly likely publishing this
information would result in these individuals being subject to unfair and unjust harassment.
Other comments received regarding publication
An individual commenter stated that the proposed publication of registry information
would focus on larger companies, leading consumers to smaller but possibly more harmful
entities. Other commenters asserted that smaller entities will be disproportionately affected. A
joint comment from industry groups stated that the proposed registry would risk public trust in
new and emerging companies. An industry commenter stated that the proposed registry would
deter consumers from working with legitimate companies, including debt collection businesses.
A consumer advocate commenter urged the Bureau to make the proposed public database
searchable, sortable, and downloadable.
Industry commenters and another commenter stated that the proposal was contrary to the
public policy behind the Fair Debt Collection Practices Act (FDCPA).440 A commenter stated
that the proposal would publish the names of covered nonbanks in order to punish and harm
them in a manner precluded by the FDCPA. An industry commenter stated that while the
proposal might not directly conflict with the FDCPA, it could prompt additional interest in
public information in court records and other materials that might embarrass consumers.

15 U.S.C. 1692 et seq. The FDCPA is an enumerated consumer law and a Federal consumer financial law, as
provided at 12 U.S.C. 5481(12)(H) and (14).
Commenters disagreed with the Bureau’s statements in the proposal that publication of
registry information would benefit other regulators and agencies. An industry commenter stated
that publication would be of small or no benefit to other agencies because the orders published
under the proposal would already be public and because the relevant State regulators already
have adequate information about covered orders.
Commenters stated that publication of the proposed registry would confuse consumers
and other public users, thus itself leading to risk and harm to consumers.
Commenters stated that the proposal would present all orders as the same, which would
be misleading. An industry commenter stated that one State’s orders may not appropriately
compare to other States, and expressed concern that companies with covered orders addressing
other matters not related to consumer products, data, or market harm could still inadvertently be
included with companies that have an actual track record of consumer harm. The commenter
also asserted that orders with effective dates before 2019 were less relevant to the registry
because covered nonbanks were more likely to have taken remedial steps in connection with the
order, and expressed concern that the publication of such earlier orders together with orders
issued later would unfairly characterize the earlier orders as having the same relevance as later
ones. And the commenter stated that the registry should only require registration once a nonbank
became subject to at least five non-expired covered orders.
Comments received regarding proposed § 1092.204(b)
The Bureau specifically sought comment on the proposed approach with respect to
treatment of the written statement,441 whether treatment of written statement submissions as
Bureau confidential supervisory information was warranted, and whether the Bureau should
consider taking other steps to facilitate the submission of written statements. An industry
commenter expressed concern about proposed § 1092.203(b) and the Bureau’s treatment of the

88 FR 6088 at 6129.

written statements submitted under proposed § 1092.203, stating that the Bureau might change
its mind about protecting written statements as confidential supervisory information.
Response to Comments Received
Response to comments received regarding proposed § 1092.204(a)
Response to general comments received regarding publication
For the reasons given in the description of the proposal above and further addressed
below, the Bureau intends to publish a registry that contains the identifying information for
covered nonbanks that the nonbank registry collects under § 1092.202(c) and the information
regarding covered orders collected under § 1092.202(d), as well as certain information collected
under § 1092.203 for the purposes of enabling users of the registry to identify NMLS-published
covered orders and the applicable covered nonbanks subject to them. Except as described further
below, the Bureau concludes that publication of such information will be in the public interest.
However, as described further below, the Bureau is modifying the proposal to provide that the
Bureau may choose, in its sole discretion, not to publish such information based on operational
considerations.
The Bureau agrees with commenters that the nonbank registry’s centralization and
republication of covered orders that are already public may make them easier to locate and
access, and thus somewhat increase their visibility. That is part of the point of publishing them.
The Bureau believes that publication of registry information as described in § 1092.205 will
serve the purposes described in part IV.
Response to comments received regarding alternatives to the proposal’s approach to
publication
The Bureau does not agree that the proposed alternative approaches to publication
suggested by commenters would serve the purposes for which the Bureau is adopting the final
rule. Among other things, these alternative approaches would be more resource intensive for

Federal and State agencies, including the Bureau, and would make it more difficult to identify
covered orders and the covered nonbanks that are subject to them.
As discussed in part IV and the section-by-section discussion of § 1092.203 above, the
Bureau is finalizing a new § 1092.203 that provides, with respect to any NMLS-published
covered order, a covered nonbank that is identified by name as a party subject to the order may
elect to comply with the one-time registration option described in that section in lieu of
complying with the requirements of §§ 1092.202 and 1092.204. Also as discussed in part IV and
the section-by-section discussion of § 1092.203 above, the Bureau disagrees with commenters
that the other sources of information identified by commenters diminish the need for the nonbank
registry, or that the rule should accept registration of covered orders under those sources in lieu
of registration with the nonbank registry. While the Bureau intends to continue using all of its
available tools to promote transparency and provide guidance as appropriate, the Bureau
concludes that it is also appropriate to adopt the final rule to accomplish the purposes described
herein.
With respect to the industry commenter’s assertion that the publication of registry
information might deter other regulators from maintaining their own sites containing information
about covered orders, first, the Bureau believes establishing the registry accomplishes the goals
established for it under the CFPA, and would do so even if the effect described by this
commenter were to occur. The Bureau does not believe this consideration should outweigh the
benefits resulting from the final rule. Second, it is not clear this described effect would occur,
and whether it does or not depends upon many factors outside the Bureau’s control. Other
agencies must make their own decisions regarding how best to utilize their own resources to
meet their own goals and priorities. As described at part V, the Bureau engaged in consultations
with many Federal, State, and Tribal agencies with respect to both the proposal and the final rule,
as required by the CFPA. No other agency, in those discussions or otherwise, has indicated to
the Bureau that it was considering ceasing the publication of any of its own published orders in

light of the final rule. Third, even if the Bureau were to consider this potential effect, the Bureau
would expect it to be a very small one, since the Bureau expects agencies would generally
continue to maintain their current approach to publishing their own orders. Many agencies are
under an existing legal obligation to publish their orders.442 For agencies that have discretion
over whether to publish their orders enforcing the law, the Bureau does not anticipate that the
Bureau’s rule would cause many, if any, agencies to change their practices regarding publication.
The orders defined as “covered orders” under the final rule represent only a portion of the orders
issued or obtained by most, if not all, agencies other than the Bureau. For example, covered
orders do not include orders against individuals, or that do not relate to covered laws. Likewise,
other agencies may have jurisdiction over entities that do not qualify as covered nonbanks and
thus are not subject to the final rule. The Bureau thus expects that few, if any, agencies would
modify their general practices regarding publication to avoid a subset of their orders from
appearing in the Bureau’s public registry. Therefore, the Bureau does not expect the final rule to
have much, if any, effect on the publication decisions made by other agencies.
As explained above, an industry commenter expressed concern that the Bureau’s public
registry would be unfair and misleading because it would not contain information regarding
successful audits and examinations of registered entities. The Bureau disagrees. The existence
of prior successful audits or examinations does not render the information that would be
published in the registry inaccurate, inconsistent, or misleading.
The consumer advocate commenter’s suggestion to establish other similar registries in
addition to establishing the proposed Bureau registry is outside the scope of the proposal, but the
Bureau may consider related action at a later date.

See, e.g., 12 U.S.C. 1818(u) (requiring appropriate Federal banking agencies to publish certain final orders and
agreements); 5 U.S.C. 552(a)(2)(A) (“[E]ach agency, in accordance with published rules, shall make available for
public inspection in an electronic format . . . final opinions, including concurring and dissenting opinions, as well as
orders, made in the adjudication of cases”).
The Bureau declines to create a mechanism for a covered nonbank to publish its own
accompanying statement or explanation on the nonbank registry in connection with information
published in the registry. The Bureau believes requiring the nonbank registry to publish such
statements would increase the complexity and costs associated with the nonbank registry and
may confuse users. The Bureau declines to republish on its own registry statements provided by
covered nonbanks regarding either the Bureau’s own orders or orders issued or obtained by other
agencies, especially as those statements may contain factual or legal errors. The Bureau also
declines to utilize its resources to review and screen such statements for materials that may not
be appropriate to publish, such as personally identifiable information about consumers. Such
statements are not generally included with orders published by the Bureau or by other agencies.
Subject to other applicable law, covered nonbanks would be free to issue their own statements
about a covered order or the matters underlying it.
Response to comments received stating publication of registry information would further
improper purposes
The Bureau disagrees with the commenters stating publication of registry information
would further improper purposes. The Bureau reiterates that its purposes in publishing registry
information are described in part IV and in the description of the Bureau’s proposal above, and
include informing the public, other regulators, academic researchers, consumer advocacy
organizations, and public education efforts regarding covered orders and the covered nonbanks
that are subject to them. Any publication by the Bureau of the information collected through the
registry is not intended to punish companies or individuals for their past acts. As discussed in
part IV(F) above, consumers may benefit from the publication of the information collected by
the registry, including information about orders that are already public. For example, the Bureau
believes that, at least in certain cases, publishing information about the entity and its applicable
orders in a public registry will help certain consumers make informed decisions regarding their
choice of consumer financial products or services, especially if the information in the registry is

recirculated, compiled, or analyzed by other users such as consumer advocacy organizations,
researchers, or the media. And publication of covered orders in the registry may also facilitate
private enforcement of the Federal consumer financial laws by consumers, to the extent those
laws provide private rights of action, where consumers have been harmed by a registered
nonbank. These purposes are consistent with the public interest, with the Bureau’s other
purposes in publishing registry information, and with the Bureau’s statutory authorities. The
Bureau disagrees that its purpose in publishing such information is to shame companies or
executives that are listed in the registry.
With respect to the industry comments regarding use of published orders in litigation, and
potential additional costs that may be associated, the covered orders subject to publication under
§ 1092.205 are already public, which will limit the costs imposed on firms by the final rule’s
publication provisions. As discussed in part IV(F) above, the Bureau believes that users who
have access to information published in the registry may potentially use that information to assist
with the assertion of private rights of action that might be available under the Federal consumer
financial laws. That is part of the reason the Bureau is issuing the final rule. The Bureau
disagrees that litigation brought by other agencies or consumers to enforce rights under Federal
consumer financial law, as applicable, is necessarily inappropriate. While the registry
information published under the final rule may include plaintiffs’ lawyers among its users, or
help inform class action lawsuits against industry participants, it is not the purpose of the registry
to encourage or promote lawsuits purely for the sake of litigation. Rather, the Bureau is
finalizing § 1092.205 for the purposes described in part IV and in the description of final
§ 1092.205 below. For additional discussion about these and other potential costs associated
with this provision, see part VIII.
With respect to the comments regarding the statements in the proposal and other related
Bureau statements about “repeat offenders,” one of the purposes of the rule is to help the Bureau
identify persons that repeatedly violate the law. The information that the Bureau intends to

publish under § 1092.205 will help the Bureau and other users identify entities that have violated
the law, including those that have become subject to more than one covered order. Such entities
would be more difficult to identify without the existence of the registry because the information
about these entities and orders is scattered across multiple sources, and may no longer be
accurate or updated in a timely fashion. However, the proposal did not purport to
comprehensively define the term “repeat offender”443 or to establish any specific legal
consequences of any such designation, and the Bureau declines to do so in the final rule. The
Bureau will use the information supplied by the registry in accordance with relevant law,
including to inform its supervisory and enforcement functions. For example, as stated in part
IV(B) above, the information contained in the proposed registry may be relevant in assessing
civil penalties for violations of Federal consumer financial laws, given that Congress has
provided that such penalties should take into account an entity’s “history of previous violations”
and “such other matters as justice may require.”444 As stated in part IV(B) above, the Bureau
may consider certain matters identified in previous enforcement actions published in the nonbank
registry to be relevant under these provisions. But the final rule does not establish new
requirements or guidelines for such determinations, which will be made in accordance with
existing law.
Response to comments received regarding the publication of the name and title of
attesting executives
The Bureau intends to publish the names and titles of attesting executives designated
under § 1092.204(b).445 Publishing this name and title information will provide information of

But see 88 FR 6088 at 6095 (“Recidivism—whether in the form of a company that repeatedly violates the law
and as a result becomes subject to multiple orders, or in the form of a company that violates the orders to which it is
subject—poses particular risks to consumers.”).
444

See, e.g., 12 U.S.C. 5565(c)(3)(D), (E).

As discussed further below, the Bureau is retaining the discretion not to publish this information based on
operational considerations.
use to consumers, other regulators, industry, nongovernment organizations, and the general
public.
As explained elsewhere in this preamble, collecting information regarding the name and
title of the attesting executive for a given covered order will provide the Bureau with insight into
the entity’s organization, business conduct, and activities, and will inform the Bureau’s
supervisory work, including its risk-based prioritization process. As discussed in part IV(F)
above, the Bureau believes this information will be similarly valuable to other users of the
nonbank registry, and thus intends to publish it in connection with covered orders registered by
supervised registered entities. Disclosure of this information would increase transparency
regarding how the Bureau processes and verifies information submitted as part of the nonbank
registry. Thus, publication would further the rationale of the proposal—that is, enhancing
oversight and awareness of covered orders and the covered nonbanks that are subject to them.
Publishing the name and title of attesting executives for the covered orders listed on the registry
will bring specificity and concreteness to the information that is available to users of the nonbank
registry allowing users to better understand the nature of particular covered orders, which
activities of the applicable supervised registered entity they relate to, and who at the entity has
control over the entity’s efforts to comply with a particular covered order. Publishing name and
title information for attesting executives could help consumers and consumer advocacy
organizations better understand and monitor the conduct of the entities with whom consumers do
business.
While the Bureau will treat the contents of the written statements as CFPB confidential
supervisory information (§ 1092.204(b)), publishing the name and title of each supervised
registered entity’s attesting executive(s) for each covered order will provide transparency to
users of the registry and the general public regarding important matters connected with the
applicable covered order. The entity will be identified as potentially subject to Bureau

supervision under CFPA section 1024,446 the officers will be designated as satisfying the criteria
established in § 1092.204(b) with respect to each covered order, and registry users will be able to
quickly and efficiently identify which officer is responsible for filing the annual written
statement with respect to the covered order. Thus, the registry will provide users with an up-todate and accessible source of information about supervised registered entities, the covered orders
to which they are subject, and the senior officers who are responsible for filing annual written
statements about those orders.
The Bureau does not intend, in publishing the name and title of the attesting executive, to
convey the impression that the executive is solely responsible for compliance at the entity, or that
problems with the entity’s compliance with the covered order should be directed solely to the
attention of the attesting executive, or that the executive was necessarily in any way responsible
for the entity’s violations of law or other actions or omissions that resulted in the imposition of
the covered order. The Bureau also disagrees with commenters’ assertions that the designation
requirement will unfairly implicate the attesting executive in previous wrongdoing, and declines
to adopt the industry commenter’s suggestion that the rule should only require designation of an
executive where the executive had been serving at the time of the violations underlying the order.
As discussed in the section-by-section discussion of § 1092.204(b), even for those covered
orders that the Bureau is authorized to enforce, § 1092.204(b)’s requirement to designate an
attesting executive does not mean that the Bureau intends to hold that executive solely
responsible for the entity’s compliance with those covered orders. For example, § 1092.204(b)’s
requirements for the entity’s designation of its attesting executive(s) do not imply that the
attesting executive is, merely by dint of that individual’s designation under the final rule, more
responsible or accountable than is a supervised registered entity’s board of directors for any of

12 U.S.C. 5514. While, under § 1092.102(c) of the final rule, an entity’s compliance with § 1092.204 would not
prevent the entity from disputing that it is subject to Bureau supervision under 12 U.S.C. 5514, publication of the
fact that an entity has designated an attesting executive under § 1092.204 would indicate to users of the nonbank
registry that the entity may be subject to Bureau supervision.
the entity’s acts or omissions. The Bureau acknowledges that some nonbank registry users may
be susceptible of misimpressions on these matters, and may misunderstand the Bureau’s
publication of the executive’s name and title as a statement about the executive’s culpability or
responsibility. Nevertheless, the Bureau does not believe this misconception will be widespread,
and believes the publication of the name and title of attesting executives will generally be in the
public interest for the reasons discussed. As discussed in the section-by-section discussion of
§ 1092.204(b) above, the final rule does not establish any new standards, or alter any existing
standards, regarding individuals’ liability for supervised registered entities’ violations of covered
orders or other legal obligations.
Likewise, publishing the name and title of the attesting executive will not violate due
process or the presumption of innocence. As discussed above, such publication as provided in
§ 1092.205 is consistent with the public interest, with the Bureau’s other purposes in publishing
registry information, and with the Bureau’s statutory authorities. The Bureau disagrees that
publishing such information will shame executives that are listed in the registry. Publishing such
information also does not impose criminal penalties on or otherwise punish such executives.
Publication will inform potential users of the registry that the supervised registered entity has
designated the individual named on the grounds that the individual satisfies the criteria
established under § 1092.204(b) with respect to the particular covered order. Those criteria do
not carry any connotation of shame or wrongdoing, and publication of such information is not a
punishment or penalty.
The Bureau believes that the publication of the name and title of the attesting executive
associated with each covered order who satisfies the criteria of § 1092.204(b) with respect to that
order will be useful to users of the nonbank registry, and disagrees that it will only cause
reputational harm. For example, such information will facilitate coordination and
communication regarding the order between the Bureau, other government agencies, and the
supervised registered entity. Other regulators, especially those that have issued covered orders

regarding the supervised entity, would likely benefit from understanding which executive(s) have
been tasked with ensuring compliance with their orders. Clients or other companies that do
business with the entity would have a better understanding of which areas of the company are
affected by a covered order and who is responsible for compliance with it. And researchers,
media, and other users of the information may be able to detect trends or patterns associated with
such information.
Such additional regulatory and public scrutiny of the individuals who are so designated,
and the awareness on the part of the executive and supervised registered entity that other parties
may associate the executive’s name with the entity’s efforts to comply with the order, will
promote identification and assessment of risks to consumers and compliance with the laws that
the Bureau administers. In particular, with respect to covered orders enforced by the Bureau,
publication as authorized under the final rule will help ensure accountability at the entity for
noncompliance and provide an incentive to pay more attention to such covered orders.
One industry commenter challenged the Bureau’s assertion that the publication of name
and title information would promote compliance, asserting that because this information is
already public in some other form, it is difficult in the commenter’s view to see how this
requirement creates an enhanced incentive other than creating negative reputational costs. Since
the requirement to designate an attesting executive specific to each covered order stems from the
rule itself and is not a preexisting requirement, information about the name and title of any
particular attesting executive associated under the rule with a particular covered order would not
already be public information. The Bureau believes that many attesting executives will already
be publicly identified as employees of these entities in some other way (e.g., on the company’s
website or in filings, licenses, or registrations required under applicable Federal or State
securities or corporate law). However, such sources would not generally provide information
regarding the entity’s designation of attesting executives in the manner prescribed by the final
rule. Also, not all public sources of information about the names and titles of executives may be

as accurate or reliable, or as frequently updated, as the Bureau’s registry. Publishing the name
and title information in the nonbank registry itself will enhance users’ ability to identify accurate
and up-to-date information about such matters quickly, and to associate it with the correct
covered order and supervised registered entity. By enabling enhanced monitoring of such
matters, publication of the name and title information will promote compliance and the
identification and assessment of risks to consumers.
One industry commenter asserted that publishing an attesting executive’s name and title
would disrupt supervised registered entities’ normal complaint-handling procedures by creating a
false perception that reaching out to a particular executive would be more effective. The Bureau
agrees with the commenter that consumers generally should not rely on the name and title of the
attesting executive as a tool for identifying where to direct their complaints or inquiries.
Section 1092.203(b) does not identify an executive’s role in the entity’s complaint-handling
process as one of the criteria for designating an attesting executive, and consumers should not
rely on this designation for such a purpose. The Bureau acknowledges that the notice of
proposed rulemaking stated that publishing the attesting executive’s name and title would
“inform consumers of a person to whom they could direct escalated complaints.”447 However, in
this final rule, the Bureau is not adopting this rationale for publishing the name and title of the
attesting executive. The Bureau agrees with the commenter that a supervised registered entity’s
normal complaint-handling procedures may not always involve the designated executive in the
entity’s complaint-handling process, and that consumers’ escalating of complaints or inquires to
officers whom the entity has not designated as responsible for fielding complaints or inquiries
directly from the public may not always be effective or appropriate. Nor should consumers or
other users of the nonbank registry utilize this information for the purposes of harassment,
badgering, or intimidation of the entity’s officers.

88 FR 6088 at 6102.

However, as described in the proposal,448 it is possible that at least under certain
scenarios, consumers who are affected by a supervised registered entity’s compliance (or failure
to comply) with a covered order may benefit from knowing the name and title of the executive
who has knowledge and control of the supervised entity’s efforts to comply with the covered
order. Publishing this information will enable consumers to better understand the operations and
structure of the supervised registered entity—for example, which of the entity’s lines of business
or business names has responsibility for the matters addressed by the order, how their complaints
or inquiries regarding matters relating to the order may be addressed, and how the entity’s
compliance efforts with respect to any one covered order may relate to its efforts with respect to
other such orders.
Likewise, as stated in the proposal,449 publication of executive name and title information
will enable employee whistleblowers, or other consumers who have knowledge and information
about violations of the applicable order, to ensure that such information gets to the appropriate
department or office within the supervised registered entity. Again, the Bureau agrees with
commenters that whistleblowers and consumers generally should not rely on the name and title
of the attesting executive as a tool for identifying the individual to whom to direct this
information. The final rule is not intended to require supervised registered entities to establish
different processes for such matters or to require attesting executives to become responsible for
all whistleblower complaints. Nevertheless, publishing this information will help whistleblowers
and consumers better understand the operations and structure of the supervised registered entity,
including where—using any applicable processes established by the entity for obtaining
information about such matters—to direct whistleblowing complaints or information about
violations of the covered order in order to ensure that their complaint or information is being sent
to the appropriate part of the organization.

Id.

Id.

One commenter asserted that publication of the name and title of attesting executives
would not ensure that supervised registered entities are legitimate entities and are able to perform
their obligations to consumers under CFPA section 1024(b)(7)(C). First, to the extent this
comment is intended to assert that § 1092.204(b)’s designation requirement is unlawful, the
Bureau disagrees; see parts III and IV and the section-by-section discussion of § 1092.204(b).
Second, this concern is not relevant to the Bureau’s legal authority to publish this information.
While the Bureau is promulgating the written-statement requirements, including the requirement
to designate attesting executive(s) and submit written statements, under its authority under CFPA
section 1024(b)(7)(A)-(C), the Bureau is also collecting attesting executives’ names and titles
under its market-monitoring authorities in CFPA section 1022(c),450 and it intends to publish
such information under its authority at CFPA section 1022(c)(3), not under CFPA section
1024(b)(7)(A)-(C).451 Nevertheless, the Bureau believes that publication of the name and title
information will in fact independently help ensure that supervised registered entities are
legitimate entities and are able to perform their obligations to consumers. Publishing this
information will promote accountability and compliance at the supervised registered entity,
helping to ensure that the supervised registered entity takes its legal duties seriously, and that it is
not treating the risk of enforcement actions for violations of legal obligations as a mere cost of
doing business. While the commenter questioned why an illegitimate entity would register at all,
the Bureau believes that not all entities that register in compliance with the final rule will
necessarily be perfectly willing and able to comply with their other legal obligations to

See id. at 6119.

As discussed in the proposed rule, see 88 FR 6088 at 6128, the Bureau recognizes that the attesting executives’
names and titles could be construed as “confidential supervisory information” as defined in the Bureau’s
confidentiality rules at 12 CFR 1070.2(i) because the Bureau is relying in part on its supervisory authority in
12 U.S.C. 5514 to collect the information. In the proposal, the Bureau explained that public release of information
pursuant to proposed § 1092.204(a) would have been authorized by the Bureau’s confidentiality rules at 12 CFR
1070.45(a)(7), which permits the Bureau to disclose confidential information “[a]s required under any other
applicable law.” The Bureau recognizes that 12 CFR 1070.45(a)(7) is no longer applicable because publication
under the final rule is discretionary. As such, if the Bureau publishes the above-described information, it would do
so pursuant to an authorization from the Director in accordance with 12 CFR 1070.46.
consumers, including those imposed by Federal consumer financial law. Collecting and
publishing name and title information for attesting executives will help ensure these entities are
legitimate.
With respect to commenters’ privacy concerns, the only information collected under
§ 1092.204 related to the written statement that would be published under § 1092.205 is the
attesting executive’s name and title. The Bureau would not publish any contact information
required to be submitted through the registry, which the Bureau intends to obtain as
“administrative information” pursuant to filing instructions issued under § 1092.102(a). It is not
clear how publication of this limited name and title information would result in any harassment
of the attesting executives. Moreover, under the Freedom of Information Act,452 an individual’s
expectation of privacy is diminished concerning matters where the individual is acting in a
business capacity.453 Finally, the rule requires that the attesting executive be a high-ranking
senior executive officer at the entity. As such, the Bureau believes that many attesting
executives will already be publicly identified as employees of these entities in some other way
(e.g., on the company’s website or in filings, licenses, or registrations required under applicable
Federal or State securities or corporate law). The Bureau does not believe publishing the name
and title of the attesting executives implicates any more than a de minimis privacy interest.
Response to other comments received regarding publication
Commenters did not provide any data supporting their claims about the likely size of
covered nonbanks that would be subject to covered orders. Likewise, the industry commenter
provided no evidence that new and emerging covered nonbanks are more likely to be subject to
covered orders, or that the proposed registry would impose an unfair burden on them. While the
Bureau does not expect the final rule to impose unfair or disproportionate effects on either small

5 U.S.C. 552.

See, e.g., Brown v. Perez, 835 F.3d 1223, 1234-37 (10th Cir. 2016); King & Spalding, LLP v. U.S. Dep’t of
Health & Human Servs., 395 F. Supp. 3d 116, 119-23 (D.D.C. 2019).
or large covered nonbanks, or based upon their new or emerging status, in any case the rule’s
requirements do not depend upon such matters. The Bureau intends to use the information it
obtains through the rule to better understand the size and other characteristics of entities that are
subject to covered orders. This information will be highly relevant and useful not just to the
Bureau but to all government regulators of covered nonbanks as well as the other potential users
of the registry discussed above. With respect to potential costs associated with this provision on
smaller entities, see parts VIII and IX.
As part of the purpose of the Bureau’s publication of registry information under
§ 1092.205 is to make the information available and easily usable for a range of potential users,
including the general public, the Bureau intends to develop a nonbank registry with the goal of
making registry information searchable, sortable, and downloadable, among other things.
The Bureau believes the registry is authorized by the CFPA and does not conflict with
other laws, including the FDCPA or its implementing Regulation F.454 The Bureau disagrees
with commenters’ suggestion that the Bureau’s publication of information about covered orders
and covered nonbanks as described in § 1092.205 is likely to lead to the disclosure of
embarrassing information about consumers. As stated in part III(B), the Bureau’s registry is
designed to not collect any protected proprietary, personal, or confidential consumer information,
and thus, the Bureau will not publish, or require public reporting of, any such information under
§ 1092.205.
Notwithstanding commenters’ assertions, the Bureau believes that collection and
publication of information will benefit other agencies, for the reasons provided in the description
of the proposed rule above. The Bureau’s publication of identifying information, which may not
have been previously made public, will enable other agencies, as well as consumers and other
users, to more readily identify companies that are subject to covered orders and otherwise obtain

See 12 CFR part 1006.

relevant information about them, such as their legal name and principal place of business. While
certain identifying information about covered nonbanks, especially those that are subject to other
disclosure obligations under Federal and State securities laws or other laws, may already be
available, information about many covered nonbanks may not be publicly available. Nor will all
covered nonbanks necessarily be subject to licensing regimes or, even if they are so subject, be
duly licensed and registered in every jurisdiction where it is required. Publication by the Bureau
of identifying information under § 1092.205 also will present such information in a consistent
and readable format and will otherwise assist other agencies as well as other registry users in
locating and using this information. In addition, Bureau publication of information regarding
covered orders as described under § 1092.205 will collect and organize that information and
make it easier to find and use. By requiring covered nonbanks to provide and maintain
information about the orders under § 1092.202(d), the final rule will help ensure that other
agencies and other users have ready access to collected and updated information about covered
orders that may be relevant to their jurisdiction. As described in part V above, during
interagency consultation some agencies stated they would use the information published in the
registry, while others stated they would not.
See the section-by-section discussion of § 1092.203 above with respect to comments
received regarding potential consumer confusion that commenters stated could be caused by the
publication of information in the proposed registry in connection with the NMLS Consumer
Access website, and the Bureau’s adoption of optional one-time registration of NMLS-published
covered orders under that section. As to other types of consumer confusion addressed by
commenters, in the proposal,455 the Bureau acknowledged there may be some uncertainty over
the degree to which consumers would use the publicized information and, when they do, over
how consumers could interpret such information. The Bureau stated that it would continue to

88 FR 6088 at 6128.

evaluate the possibility that publishing information collected under subpart B has the potential to
create confusion, which, to the extent it occurs, is unlikely to serve the public interest. And the
Bureau stated that, if it finalized the proposed provision on publishing registry information, it
would consider options for publishing the information in a manner that mitigates this risk. No
commenter submitted specific suggestions.
To be clear, registration of any covered person under the final rule does not constitute
endorsement by the Bureau or any other agency of the Federal Government. Registered entities
may also be subject to orders that are not published in the registry.
The Bureau does not believe, and does not intend by finalizing the rule or publishing
information under § 1092.205 to suggest, that all covered orders are somehow equivalent. To the
contrary, the Bureau understands that covered orders are likely to vary widely in many ways,
including in the types of covered nonbanks they are issued against, the types of covered laws
they enforce, the type and magnitude of the harm to consumers they address, the types of
remedies they impose, their duration, and any number of other matters. One of the reasons the
Bureau is adopting the final rule is so that it may collect and review covered orders, including
from covered nonbanks that it may not know about, in order to better understand such issues. As
discussed in the section-by-section discussion of § 1092.201(e), the Bureau does not believe
these differences among covered orders require modification of the proposal. An order that
satisfies the definition of the term “covered order” is subject to the rule’s requirements with
respect to such orders, to the extent they apply.
Nor does the Bureau believe that any differences among covered orders would render
publication of such orders or the other registration information required by the rule to be
misleading or inappropriate. To the contrary, publication of the information collected through
the registry will better enable users to review and understand such covered orders directly for
themselves, and thus to better appreciate any differences among them that may exist. Thus,
publication of registry information as intended by the Bureau will accord with the Bureau’s

objectives and functions under the CFPA of, among other things, ensuring that “markets for
consumer financial products and services are fair, transparent, and competitive,”456 and
“publishing information relevant to the functioning of markets for consumer financial products
and services” to facilitate “identify[ing] risks to consumers and the proper functioning of such
markets.”457 Publication of the copies of covered orders obtained under § 1092.202(d)(1) will
provide users with the opportunity to review the differences among covered orders.
The Bureau’s potential publication of information relating to consent orders as described
at § 1092.205 will not provide inaccurate, inconsistent, or misleading information to consumers,
as the Bureau will simply be collecting and presenting factual information regarding orders that
are already published (or required to be published) elsewhere. As discussed in parts VIII and IX
below, the Bureau concludes that the publication provisions of the rule will impose only minor
costs on affected entities resulting from changes in consumer behavior. Publication of
information as intended by the Bureau will enable users of the registry to access relevant factual
information about covered nonbanks and covered orders and will not cause, but rather help
prevent, confusion and the distribution of misleading information.
With respect to the commenter’s objection to the publication of older orders, as discussed
in the section-by-section discussion of § 1092.201(e) above, the Bureau acknowledges that in the
intervening time following the issuance of a covered order and before registration, it is possible
that many entities will have taken steps to address the violations and other issues identified in the
covered order. But information regarding the issuance of such a covered order, and the
information that will be collected under the final rule about the covered nonbank and the order,
will still be useful to users of the registry. With respect to the comment that the Bureau should
only require registration once a covered order has become subject to a minimum of five covered
orders, the Bureau concludes that such an approach would omit useful information about both

See 12 U.S.C. 5511(a).

See 12 U.S.C. 5511(c)(3).

covered nonbanks and covered orders and would otherwise not further the purposes of the final
rule. The Bureau also concludes that such an approach is not necessary in order to limit
confusion for users of the registry. As discussed above, while the Bureau may publish
information about covered nonbanks and covered orders as authorized under § 1092.205 in part
to facilitate identification of entities that repeatedly break the law, the Bureau in this final rule
does not purport to comprehensively define the term “repeat offender” or to establish any
specific legal consequences of any such designation.
For further discussion of these and other comments regarding potential confusion related
to the publication of information about covered orders, see the section-by-section discussion of
§ 1092.201(e) above.
The Bureau concludes that publication of the information collected under the registry
with respect to such covered orders as described in § 1092.205 will serve the purposes described
herein.
Response to comments received regarding proposed § 1092.204(b)
For the reasons given in the description of proposed § 1092.204(b) above, the Bureau
concludes that treating the written statements that it receives under § 1092.204 of the final rule as
CFPB confidential supervisory information, and not publishing them under § 1092.205 of the
final rule, would facilitate the Bureau’s supervision of supervised registered entities by enabling
the Bureau to obtain frank and candid assessments and other information from supervised
registered entities regarding violations and noncompliance in connection with covered orders.
This information in turn would better enable the Bureau to spot emerging risks, focus its
supervisory efforts, and address underlying issues regarding noncompliance, compliance systems
and processes, and risks to consumers. The final rule adopts the proposal’s approach and
identifies the written statement as CFPB confidential supervisory information under §
1092.204(a)(1). The Bureau believes its existing regulations under part 1070 are adequate to
establish safeguards for protecting the confidentiality of such information.

Final Rule
For the reasons described in parts III(B), IV(F), the section-by-section discussion of
§ 1092.205(a) above, and as follows, the Bureau is not finalizing § 1092.204(a) as proposed, but
is instead adopting a revised § 1092.205(a) that provides that the Bureau “may” publish the
information submitted to the nonbank registry pursuant to §§ 1092.202 and 1092.203.458 As
described below, this provision will preserve the Bureau’s discretion not to publish information
based on operational considerations, such as resource constraints. The Bureau is also adopting
proposed § 1092.204(b), which would have provided that the Bureau would not publish the
annual written statement and would treat it as Bureau confidential supervisory information,
largely as proposed but with revisions to reflect the renumbering of this provision as
§ 1092.205(a)(1) of the final rule. The Bureau is also adopting a provision at § 1092.205(a)(2)
that expressly provides that the Bureau will not publish administrative information collected
pursuant to subpart B.
Except as described below, the Bureau intends to publish a registry that contains the
identifying information for covered nonbanks that the nonbank registry collects under
§ 1092.202(c) and the information regarding covered orders collected under § 1092.202(d) and
(f), as well as certain information collected under § 1092.203 for the purposes of enabling users
of the registry to identify NMLS-published covered orders and the applicable covered nonbanks
subject to them. Under CFPA section 1022(c)(3), the Bureau “shall publish not fewer than 1
report of significant findings of its monitoring required by this subsection in each calendar year,”
and “may make public such information obtained by the Bureau under this section as is in the
public interest.”459 Except as described below, the Bureau finds that it would be in the public
interest to publish information (other than “administrative information,” which the final rule

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau’s adoption of the revised term
“nonbank registry.”
459

12 U.S.C. 5512(c)(3).

provides the Bureau will not publish) that has been appropriately submitted to the nonbank
registry as required under § 1092.202. In addition, except as described below, the Bureau finds
that the publication of certain information submitted under § 1092.203 will be in the public
interest where publication would serve the purposes of allowing users of the Bureau’s public
registry to identify that a covered nonbank has become subject to a covered order and to be able
to locate information about that covered nonbank and covered order on the NMLS Consumer
Access website. The Bureau may also collect additional information under § 1092.203 for the
purpose of coordinating the nonbank registry with the NMLS that it may choose not to publish.
The Bureau concludes that such publication of the above-described information will be in the
public interest for the reasons provided in parts III(B) and IV(F) and this section-by-section
discussion of § 1092.205(a).
However, and notwithstanding the conclusions in the paragraph above, the Bureau
reserves discretion not to publish information based on operational considerations, including
resource constraints.
In light of the adopted provision providing the Bureau with discretion not to publish any
or all of the information collected, the Bureau is not finalizing the provision in the proposed rule
that would have expressly reserved the right not to publish any information that it determines
may be inaccurate, not required to be submitted under subpart B, or otherwise not consistent with
part 1092 and any accompanying guidance. However, under the final rule, the Bureau retains the
discretion not to publish any information that it determines may be inaccurate, not required to be
submitted under subpart B, or otherwise not consistent with part 1092 and any accompanying
guidance.
The final rule provides that the publication described in § 1092.205(a) will not include
the annual written statement submitted by supervised registered entities under § 1092.204. The
Bureau adopts § 1092.204(b) as proposed (renumbered as § 1092.205(a)(1)) for the reasons

described above, with minor revisions to reflect the renumbering of § 1092.204 and this
provision.
The Bureau is also adopting a provision at § 1092.205(a)(2) that expressly provides that
the publication described in § 1092.205(a) will not include “administrative information,” as that
term is defined at § 1092.201(a). The proposed rule had reserved the Bureau’s right not to
publish administrative information, but did not expressly prohibit its publication under proposed
§ 1092.204(a). However, the Bureau concludes that administrative information should not be
made publicly available under § 1092.205(a). The identifying information collected under
§ 1092.202(c) already will facilitate the ability of consumers to identify covered persons for
purposes of the Bureau’s authority in CFPA section 1022(c)(7)(B) to publicly disclose
registration information. Further, including administrative information with other information
the Bureau publishes pursuant to § 1092.205(a) is unlikely to serve the public interest for
purposes of the Bureau’s authority to publish information under CFPA section 1022(c)(3). The
publication of information collected for a purely administrative purpose generally will not be
useful to external users of the registry. Administrative information is likely to include
information such as time and date stamps, contact information, and administrative questions.
The Bureau may need such information to work with personnel at nonbanks and in order to
administer the nonbank registry. As discussed in the section-by-section discussion of
§ 1092.201(a) above, the Bureau will also treat as administrative information the notifications of
nonregistration submitted under §§ 1092.202(g) and 1092.204(f). Publishing such information
would not be in the public interest because it is unclear what use the public would have for such
information. In addition, publishing such information likely would be counterproductive to the
goals of ensuring compliance with the proposal.
Also, as discussed in the section-by-section discussion of § 1092.202(d) above, under the
final rule, the Bureau will treat as “administrative information” and not publish information
collected under the nonbank registry regarding the names of the person’s affiliates registered

under subpart B with respect to the same covered order. The proposal would have collected this
information under proposed § 1092.202(d)(1)(v) and published it under § 1092.204(a). Under
the final rule, § 1092.201(d)(1)(v) has been deleted, but the Bureau may determine to collect this
information as “administrative information” under § 1092.202(c). In filing instructions issued
under § 1092.102(a), the Bureau will specify whether and how it will collect such information.
The Bureau anticipates that collecting such affiliate information may be useful in administering
the nonbank registry including in connection with administering any joint or combined
submissions by affiliates under § 1092.202. However, while such affiliate information will
generally be obvious from the face of the relevant covered order or otherwise from information
that has been reported publicly, it may not always be, and the Bureau at this time does not
believe that there would be a significant public benefit associated with publishing this
information through its registry. Therefore, the Bureau has determined not to mandate the
collection of such information in the final rule, and not to publish such information under
§ 1092.205 if it is collected.
Section 1092.205(b) Other Publications of Information
Proposed Rule
Proposed § 1092.204(c) would have provided that the Bureau may, at its discretion,
compile and aggregate data submitted by persons under proposed subpart B and may publish
such compilations or aggregations (in addition to any other publication under proposed
§ 1092.204(a)). The Bureau explained that any such publication that relates to annual written
statements submitted under proposed § 1092.203 would be in a form that is consistent with the
Bureau’s treatment of those annual written statements as Bureau confidential supervisory
information.460
Comments Received

See, e.g., 12 CFR 1070.41(c).

Commenters did not specifically address proposed § 1092.204(c).
Final Rule
For the reasons set forth in the above description of the proposal, the Bureau adopts
§ 1092.204(c) as proposed (renumbered as § 1092.205(b)), with minor technical edits. Any
publication under § 1092.205(b) that relates to administrative information submitted to the
nonbank registry under § 1092.202 will be in an aggregated or other appropriate format that is
designed not to disclose that particular administrative information relates to a particular covered
nonbank.
Section 1092.205(c) Correction of Submissions to the Nonbank Registry
Proposed Rule
Proposed § 1092.204(d) would have clarified that a covered nonbank must correct an
information submission within 30 days of when it becomes aware or has reason to know the
submitted information was and remains inaccurate. Proposed § 1092.204(d) would have
clarified that the process for making corrections will be described in the filing instructions the
Bureau issues pursuant to proposed § 1092.102(a). Proposed § 1092.204(d) also would have
clarified that the Bureau may direct a covered nonbank to correct errors or other non-compliant
submissions to the NBR system. Under proposed § 1092.204(d), the Bureau could have directed
corrections at any time and in its sole discretion.
Comments Received
Commenters did not specifically address proposed § 1092.204(d).
Final Rule
For the reasons set forth in the above description of the proposal, the Bureau adopts
§ 1092.204(d) as proposed (renumbered as § 1092.205(c)), with minor technical changes.461

See the section-by-section discussion of § 1092.101(d) above regarding the Bureau’s adoption of the revised term
“nonbank registry.”
Section 1092.206 Nonbank Registry Implementation Dates
Proposed Rule
Proposed § 1092.101(e) would have defined the term “nonbank registration system
implementation date” to mean, for a given requirement or subpart of part 1092, the date(s)
determined by the Bureau to commence the operations of the NBR system in connection with
that requirement or subpart. As stated in the proposal, the Bureau proposed to provide advance
public notice regarding the nonbank registration system implementation date with respect to
proposed subpart B to enable entities subject to subpart B to prepare and submit timely filings to
the NBR system.
Comments Received
Commenters did not specifically address the definition of “nonbank registration system
implementation date” in proposed § 1092.101(e). For a discussion of comments addressing the
timing of the effective date of the Bureau’s proposed rule, see part VII below.
Final Rule
For the reasons discussed below and in the section-by-section discussion of
§ 1092.101(e) above and part VII below, the Bureau is adopting the revised term “nonbank
registry implementation date” instead of the term “nonbank registration system implementation
date” used in the proposed rule and is adopting a revised definition of this term to provide that
the Bureau may specify a nonbank registry implementation date with respect to a given person or
category of persons. The Bureau is also adopting § 1092.206 to specify the nonbank registry
implementation date for given categories of covered nonbanks. The Bureau is not adopting the
proposal to provide in the rule that the Bureau would specify the “nonbank registration system
implementation date” for subpart B following the issuance of the final rule. Instead, to provide
greater certainty and clarity to covered nonbanks as of the issuance of the final rule, the Bureau
is specifying nonbank registry implementation dates for subpart B in § 1092.206 of the final rule.

The nonbank registry implementation date established under § 1092.206 is relevant to
two provisions of the final rule. As provided in § 1092.202(b)(2)(i), each covered nonbank
required to register under § 1092.202 must submit a filing containing the information described
in § 1092.202(c) and (d) to the nonbank registry within the later of 90 days after the applicable
nonbank registry implementation date under § 1092.206 or 90 days after the effective date of any
applicable covered order. And as provided in § 1092.204(a)(1), § 1092.204 applies only with
respect to covered orders with an effective date on or after the applicable nonbank registry
implementation date. Thus, this provision will affect the timeframe for submission of covered
orders during the initial rollout of the nonbank registry and the covered orders that will be
subject to § 1092.204’s written-statement requirements.
Section 1092.206 establishes the nonbank registry implementation date for purposes of
subpart B as follows. Under § 1092.206(a)(1), for a covered nonbank that (as of the effective
date of subpart B) is a larger participant of a market for consumer financial products or services
described under CFPA section 1024(a)(1)(B) as defined by one or more rules issued by the
Bureau, the nonbank registry implementation date for subpart B is 30 days after subpart B takes
effect with respect to that covered nonbank. Under § 1092.206(a)(2), for a covered nonbank that
(as of the effective date of subpart B) is described under any other provision of CFPA section
1024(a)(1), the nonbank registry implementation date for subpart B is 120 days after subpart B
takes effect with respect to that covered nonbank. Under § 1092.206(a)(3), for any other covered
nonbank, the nonbank registry implementation date for subpart B is 210 days after subpart B
takes effect with respect to that covered nonbank. (Section 1092.206(a)(3) shall apply to a
covered nonbank that for the first time becomes subject to the Bureau’s supervision and
examination authority under CFPA section 1024(a)(1) after the effective date of subpart B.)
For the administrability of the nonbank registry, which has numerous potential
registrants, the Bureau has determined that registering different categories of nonbank covered
persons in different phases will be appropriate. The phased implementation approach will also

alleviate potential confusion in complying with the requirements of the final rule and promote
greater stability and certainty for registered entities. This phased implementation approach will
better enable the Bureau to learn from the information collected and its experience in
maintaining the registry, and to enhance its processes before information from a wider universe
of covered nonbanks is collected. As described above, the first phase under subpart B will
register larger participants, the second phase will register other supervised nonbanks, and the
third phase will register other covered nonbanks. Larger participants generally have greater
resources to comply with the rule's requirements than do smaller business concerns. Other
supervised markets may include smaller business concerns that are affected by the rule to the
extent they are not excluded, such as by the exclusion for entities with less than $5 million in
relevant receipts described in § 1092.201(q) discussed in the section-by-section discussion of
that paragraph above. As a result, the phased registration groupings described above (registering
larger participants first, then other covered nonbanks supervised under any other provision of
CFPA section 1024(a)(1), then other covered nonbanks) would leave more time for most
supervised registrants that are not larger enterprises to comply with the registration requirements.
In addition, the Bureau believes it is appropriate to begin collecting information from covered
nonbanks that are subject to the Bureau’s supervision and examination authority first before
extending the rule’s registration requirements to other covered nonbanks, as such information
will generally be more relevant to the Bureau’s supervisory prioritization efforts and its
supervision program.
The Bureau is also adopting § 1092.206(b), which clarifies that if paragraph (a) would
establish a nonbank registry implementation date on a date that is a Saturday, Sunday, or Federal
holiday, the applicable nonbank registry implementation date will be the next day that is not a
Saturday, Sunday, or Federal holiday. Therefore, given an effective date for the final rule of
September 16, 2024, for purposes of subpart B the nonbank registry implementation date
established under § 1092.206(a)(1) will be Wednesday, October 16, 2024; under

§ 1092.206(a)(2), the date will be Tuesday, January 14, 2025; and under § 1092.206(a)(3), the
date will be Monday, April 14, 2025.
VII.

Effective Date of Final Rule

Proposed Rule
The Administrative Procedure Act generally requires that rules be published not less than
30 days before their effective dates.462 The Bureau proposed that, once issued, the final rule
would be effective 30 days after it is published in the Federal Register. However, it proposed
that registrants would only need to submit information once the Bureau launched and announced
a registration system, which the proposal noted was likely to be no earlier than January 2024.
Comments Received
An industry commenter stated that the effective date of the rule should be at least a year
from the date it is promulgated, in order to provide adequate time to establish the suggested
processes, procedures, and reports in addition to adding additional staff to support the process
that would be required under the proposal.
Response to Comments Received
The final rule will take effect on September 16, 2024. The Bureau disagrees with the
commenter that additional time will be needed for entities to comply with the final rule. The
final rule’s effective date is more than three months from the issuance of the rule, and more than
60 days after anticipated publication in the Federal Register. This is a longer time period than
the 30 days in the proposed rule. This longer period will provide additional time for covered
nonbanks to prepare to comply with their obligations under the final rule. In addition, as
discussed in the section-by-section analysis of § 1092.206 above, for the administrability of the
nonbank registry the Bureau has determined that registering different nonbank covered persons
in different phases will be appropriate. This phased implementation approach will better enable

5 U.S.C. 553(d).

the Bureau to learn from the information collected and its experience in maintaining the registry,
and to enhance its processes before information from a wider universe of covered nonbanks is
collected. The Bureau is also specifying nonbank registry implementation dates for subpart B in
§ 1092.206 of the final rule to provide greater certainty and clarity to covered nonbanks as of the
issuance of the final rule. Given an effective date of September 16, 2024, the earliest nonbank
registry implementation date is Wednesday, October 16, 2024, or 30 days after the final rule’s
effective date, and no entity will be required to submit any information to the nonbank registry
before Tuesday, January 14, 2025.
In addition, the reporting obligations imposed by the rule are modest. As discussed
further in part VIII, the impact of the registration provisions of the rule on affected firms would
be limited, and, relative to the baseline, the written-statement requirements should impose only
modest costs on most covered entities. The Bureau disagrees with the industry commenter that
covered nonbanks will be required to adopt costly new processes or hire a significant number of
additional staff in order to achieve compliance with the final rule.
Final Rule
The effective date of the final rule is September 16, 2024. This date is more than three
months after the issuance of the rule, and more than 60 days after anticipated publication in the
Federal Register. This is a longer time period than the 30 days in the proposed rule. This longer
time period will provide additional time for covered nonbanks to prepare to comply with their
obligations under the final rule.
VIII. Dodd-Frank Act Section 1022(b)(2) Analysis
A. Overview
In developing this final rule, the Bureau has considered the rule’s potential benefits,
costs, and impacts.463 In developing this final rule, the Bureau has consulted with, or offered to

Specifically, section 1022(b)(2)(A) of the CFPA requires the Bureau to consider the potential benefits and costs
of the regulation to consumers and covered persons, including the potential reduction of access by consumers to
consult with, the appropriate prudential regulators and other Federal agencies, including
regarding consistency with any prudential, market, or systemic objectives administered by such
agencies. Under CFPA sections 1022(c)(7)(C) and 1024(b)(7)(D), the Bureau has also consulted
with State agencies regarding this final rule’s requirements and registry.464
The Bureau is issuing this final rule to require nonbanks to report certain public agency
and court orders imposing obligations based on violations of consumer protection laws because
the creation and maintenance of a central repository for information regarding such public orders
that have been imposed upon nonbank covered persons will support Bureau functions in a variety
of ways and thus ultimately benefit consumers. The Bureau also believes that consumers, the
public, and other potential users of the proposed registry would benefit if the Bureau publishes
certain information from the registry, as it intends to do.465 In addition, the Bureau’s receipt of
annual supervisory reports from its supervised nonbanks regarding their compliance with such
orders would facilitate the Bureau’s supervisory efforts and assessment and detection of risks to
consumers and help ensure that supervised nonbanks are legitimate entities and are able to
perform their obligations to consumers.
This final rule has three principal sets of substantive provisions, which are separately
analyzed below. The first set of provisions (hereinafter referred to as the “Registration
Provisions”) will require nonbank covered persons that are subject to certain public orders to
register with the Bureau and to submit certain information related to those public orders to the
Bureau. The second set of provisions (hereinafter referred to as the “Supervisory Reports
Provisions”) will require nonbank covered persons that are subject to supervision and
examination by the Bureau to prepare and submit an annual written statement, signed by a

consumer financial products and services; the impact of the proposed rule on insured depository institutions and
insured credit unions with $10 billion or less in total assets as described in section 1026 of the CFPA; and the impact
on consumers in rural areas. 12 U.S.C. 5512(b)(2)(A).
12 U.S.C. 5512(c)(7)(C), 5514(b)(7)(D).

For more information on the issue of publication, see the section-by-section discussion of § 1092.205.

designated individual, regarding compliance with each covered public order. The third set of
provisions (hereinafter referred to as the “Publication Provisions”) describes the registration
information the Bureau may make publicly available.
The Bureau received multiple comments on the proposal stating that the proposed
registry was redundant with existing registries and other published information, and in particular
with the NMLS. See the section-by-section analysis of § 1092.203 above for a discussion of
these comments and the Bureau’s response. Consistent with an approach suggested by
commenters, the Bureau is adopting an express exception from the requirements of the rule for
orders that are published on the NMLS Consumer Access website, except for orders issued or
obtained at least in part by the Bureau; that exception may be exercised at the option of the
covered nonbank. Nonbanks that exercise this option may submit a one-time registration
regarding certain agency and court orders that are published on the NMLS Consumer Access
website maintained at www.NMLSConsumerAccess.org, in lieu of complying with the other
requirements of the rule with respect to the order. Such nonbanks will be required to submit
certain limited information to the nonbank registry to enable the Bureau to identify the relevant
nonbank and order and otherwise coordinate the nonbank registry with the NMLS. Upon
exercising this option and submitting the required information about the relevant order, a
nonbank will have no further obligation under subpart B to provide information to, or update
information provided to, the nonbank registry regarding the order. By allowing this option, this
final rule addresses many comments received and lowers the cost to firms of the final rule
relative to the proposed rule.
B. Data Limitations and Quantification of Benefits, Costs, and Impacts
The discussion below relies in part on information that the Bureau has obtained from
commenters, other regulatory agencies, and publicly available sources. The Bureau has
performed outreach with other regulatory agencies on many of the issues addressed by this final
rule. However, as discussed further below, the data are generally limited with which to quantify

the costs, benefits, and impacts of the final provisions. In light of these data limitations, the
analysis below generally provides a qualitative discussion of the benefits, costs, and impacts of
the final provisions. General economic principles and the Bureau’s experience and expertise in
consumer financial markets, together with the limited data that are available, provide insight into
these benefits, costs, and impacts.
C. Baseline for Analysis
In evaluating the benefits, costs, and impacts of the final rule, the Bureau takes as a
baseline the current legal framework regarding orders that will be covered under the final rule.
Therefore, the baseline for the analysis of the final rule is that nonbank covered persons are not
required to register with the Bureau, nonbank covered persons subject to Bureau supervision and
examination generally are not required to prepare and submit annual reports regarding
compliance with public orders enforcing the law, and information on the nonbank covered
persons and most corresponding covered orders is generally not published by the Bureau in the
manner contemplated by the final rule.
The final rule should affect the market as described below for as long as it is in effect.
However, the costs, benefits, and impacts of any rule are difficult to predict far into the future.
Therefore, the analysis below of the benefits, costs, and impacts of the final rule is most likely to
be accurate for the first several years following implementation of the final rule.
D. Potential Benefits and Costs of the Final Rule to Consumers and Covered Persons
With certain exceptions, the final rule will apply to covered persons as defined in the
CFPA, including persons that engage in offering or providing a consumer financial product or
service.466 Among others,467 these products and services generally include those listed below, at
least to the extent they are offered or provided for use by consumers primarily for personal,
family, or household purposes:

For the full scope of the term “covered person,” see 12 U.S.C. 5481(6).

467 For

the full scope of the term “consumer financial product or service,” see 12 U.S.C. 5481(5).

•

Extending credit and servicing loans;

•

Extending or brokering certain leases of personal or real property;

•

Providing real estate settlement services;

•

Engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise
acting as a custodian of funds;

•

Selling, providing, or issuing stored value or payment instruments;

•

Providing check cashing, check collection, or check guaranty services;

•

Providing payments or other financial data processing products or services to a consumer
by any technological means;

•

Providing financial advisory services;

•

Collecting, analyzing, maintaining, or providing consumer report information or certain
other account information; and

•

Collecting debt related to any consumer financial product or service.468
The Registration and Publication Provisions will affect such covered persons (as that

term is defined in 12 U.S.C. 5481(6)) that (1) do not fall within any of the listed exclusions in §
1092.201(d), such as those for insured depository institutions, insured credit unions, and related
persons (as that term is defined in 12 U.S.C. 5481(25)), and (2) have had covered orders issued
against them. The Supervisory Reports Provisions will affect such covered persons that (1) are
subject to supervision and examination by the Bureau pursuant to CFPA section 1024(a),469 (2)
have had covered orders issued against them, (3) are at or above the $5 million annual receipt
threshold, unless such covered persons are subject to certain exclusions, and (4) are not
registering covered orders under the one-time registration option for NMLS-published covered
orders under § 1092.203.
A major benefit of the final rule is that it will give the Bureau comparatively high-quality
data on the number and type of covered orders. Currently, the Bureau does not have high-quality

See 12 U.S.C. 5481(15) (defining term “financial product or service”).

469 12

U.S.C. 5514(a).

data on the number of covered orders, nor does it have high-quality data on the number of
nonbank covered persons that are subject to covered orders.
To derive an estimate of the number of affected entities under the final rule using
publicly available data, the Bureau used data from the most recent available Economic Census.
Table 1 below presents entity counts for the North American Industry Classification System
(NAICS) codes that generally align with the financial services and products listed above. The
markets defined by NAICS codes in some cases include entities that will not qualify as covered
nonbanks under the final rule. It is also possible that some covered nonbanks may not be
counted in the table below, because, for example, the financial services they provide are not their
primary line of business. The Bureau sought comment on NAICS codes not included in table 1
that include a significant number of entities that will be affected by the final rule, and no
commenters recommended that other NAICS codes be included.
Table 1: Potential Scope of Final Rule
NAICS Name(s)

NAICS
Code(s)

Number of
NAICS
Entities
14,330

Nondepository Credit Intermediation

Activities Related to Credit Intermediation
Portfolio Management
Investment Advice
Passenger Car Leasing
Truck, Utility Trailer, and Recreational Vehicle Rental
and Leasing
Activities Related to Real Estate
Consumer Reporting
Debt Collection
Total

5223
523920
523930
532112
13,618
24,430
17,510
449
1,612

5313
561450
79,563
307
3,224
155,043

Therefore, for purposes of its analysis of the final rule, the Bureau estimates that there are
roughly 155,043 covered nonbanks. As noted above, covered nonbanks will only be affected by
the rule if they are subject to covered orders. Based on its experience and expertise, the Bureau
estimates that perhaps one percent, and at most five percent, of covered nonbanks are subject to
covered orders. Therefore, the Bureau estimates that the rule would likely affect between 1,550

and 7,752 covered nonbanks. The Bureau sought comment and submissions of data concerning
the number and characteristics of covered nonbanks subject to covered orders but did not receive
data contradicting its estimate. The Bureau also sought input on this subject during its
consultation process with other Federal, State, and Tribal regulators. Notably, a coalition of
State-regulator commenters with access to data from NMLS did not question the Bureau’s
estimate. Moreover, this coalition used the Bureau’s estimate in combination with NMLS data to
make arguments, which are discussed below, regarding the rule’s potential impact on small
entities and covered nonbanks subject to supervision and examination by the Bureau.
However, a different commenter appeared to disapprove of the Bureau’s estimates,
asserting that the CFPB was merely guessing on the potential scope of its rule. This commenter
did not provide other analytical approaches or data for the CFPB to consider when estimating the
number of affected nonbanks, nor did the commenter provide a different estimate. In response to
this comment, the Bureau sought to check the reasonableness of its estimate by obtaining data
from a database titled “Violation Tracker,” maintained by Washington, DC-based nonprofit
Good Jobs First (https://violationtracker.goodjobsfirst.org/). The database collects reports of
orders entered against companies for violating a wide range of laws. From the database, the
Bureau obtained data on agency actions identified in the database as involving “consumerprotection related offenses” or “financial offenses” with penalty announcement dates between
2017 and April 2024. This data set includes roughly 13,200 orders. The Bureau further limited
the data to orders identified by the database as involving a “primary offense type” related to
“consumer protection,” “discriminatory practices (non-employment),” “privacy,” “banking,”
“mortgage abuses,” or “payday lending,” which resulted in a collection of roughly 4,500 orders.
Of these, some orders apply to the same entity. Taking those orders into account, the Bureau
estimates that this set of orders applies to roughly 3,700 – 4,000 unique entities. The Bureau
notes that these numbers are consistent with its estimate of the number of entities likely to be

affected by the final rule (1,550 to 7,752 covered nonbanks), which the Bureau provided in the
proposal and reaffirms here.470
The Bureau sought comment and submissions of data concerning the number and
characteristics (such as annual revenues, number of employees, and main area of business) of
covered nonbanks subject to covered orders. However, commenters generally did not provide,
and the Bureau does not have, this kind of quantitative data to analyze the costs, benefits, and
impacts of the final rule. In light of the limited data available to the Bureau on the number of
covered nonbanks subject to covered orders, the analysis below focuses on the potential benefits
and costs of the proposed rule for affected consumers and covered nonbanks.
1. Registration Provisions
Under these final provisions, affected entities will have to provide: (1) identifying
information and administrative information and (2) information regarding covered orders. The
Bureau believes this information should be readily available to affected firms. Therefore, the
cost of complying with the Registration Provisions for most affected firms should be on the order
of a few hours of an employee’s time. The cost would likely be even lower for firms that have

The Bureau’s analysis of the Violation Tracker data may exclude some covered nonbanks subject to covered
orders. The Violation Tracker database excludes orders with penalties of less than $5,000, so the estimates above do
not account for them. In addition, the filters that the Bureau has applied may have excluded some orders that would
qualify as “covered orders” subject to the rule’s requirements. Moreover, the Bureau has not verified the accuracy
or completeness of the Violation Tracker data, so it is possible the data do not include some covered orders that
would need to be registered under the rule.
The estimates derived above also likely include some entities that are not covered nonbanks subject to covered
orders. The Violation Tracker database does not purport to identify “covered orders” that would be subject to the
final rule’s registration requirements, and the “primary offense types” identified in the data may be highly
overinclusive. Further, among the orders in the data set, the rule’s registration requirements would apply only to
those orders that remain in effect as of the rule’s effective date, but the Bureau lacks data to exclude from its
analysis of the Violation Tracker data orders that are no longer in effect. Indeed, the written statement provisions
apply only to orders with an effective date on or after the applicable nonbank registry implementation date, so none
of the orders described above will implicate the written statement provisions. The data include orders that may not
be “public” as defined in the final rule; see § 1092.201(m) of the final rule. And many entities subject to the
identified orders are insured depository institutions or insured credit unions and so will not be “covered nonbanks”
under the final rule; see § 1092.201(d)(1) of the final rule. Thus, many, and perhaps most, of the orders included in
the estimates above are likely not “covered orders” under the final rule.
Because of these caveats, the Bureau does not view the 3,700 – 4,000 numbers derived above from the Violation
Tracker database as a highly accurate estimate of the number of entities likely to be affected by the final rule.
However, the Bureau finds that these data further confirm the reasonableness of the Bureau’s estimate in the
proposed rule of the number of entities that the rule will likely affect.

and exercise the option to register NMLS-published covered orders under § 1092.203. The cost
may be higher for firms with several covered orders, or with covered orders that are frequently
modified and are not registered under § 1092.203’s one-time-registration provisions.
The Bureau generally expects that firms will know whether they are covered persons or
are subject to covered orders. If a firm is unsure of its obligations under the Registration
Provisions, one option would be to hire outside legal counsel to advise them on these issues.
However, another option for such firms would be to register using the nonbank registry, even if
doing so is not legally required. As explained above, the cost associated with registering an
order is likely low—a few hours of an employee’s time. In addition, if firms have a good-faith
basis to believe they are not covered nonbanks (or that their orders are not covered orders), they
may submit a notice to the nonbank registry stating such under § 1092.202(g). Preparing and
submitting such notices would take at most a few hours of an employee’s time. The Bureau
further notes that the mere act of registering an order or submitting a § 1092.202(g) notice is
unlikely to have significant indirect costs because § 1092.102(c) would provide that the rule
“does not alter any applicable process whereby a person may dispute that it qualifies as a person
subject to Bureau authority.” Firms should generally choose the lowest-cost option available to
them, and low-cost options—either registering under the nonbank registry or filing a notice
under proposed § 1092.202(g)—are options available to firms.
To obtain a quantitative estimate of the cost of this final provision, the Bureau assesses
the average hourly base wage rate for the reporting requirement at $49.29 per hour. This is the
mean hourly wage for employees in four major occupational groups assessed to be most likely
responsible for the registration process: Management ($66.23/hr); Legal Occupations
($64.34/hr); Business and Financial Operations ($43.55/hr); and Office and Administrative
Support ($23.05/hr).471 We multiply the average hourly wage of $49.29 by the private industry

See U.S. Bureau of Labor Statistics, National Occupational Employment and Wage Estimates United States (May
2023), https://www.bls.gov/oes/current/oes_nat.htm. The hourly wage estimates used in the proposed rule were
slightly different because they were drawn from 2021 data.
benefits factor of 1.42 to get a fully loaded wage rate of $70.00/hr.472 The Bureau includes these
four occupational groups in order to account for the mix of specialized employees that may assist
in the registration process. The Bureau assesses that the registration process will generally be
completed by office and administrative support employees that are generally responsible for the
registrant’s paperwork and other administrative tasks. Employees specialized in business and
financial operations or in legal occupations are likely to provide information and assistance with
the registration process. Senior officers and other managers are likely to review the registration
information before it is submitted and may provide additional information. Assuming as
outlined above a fully loaded wage rate of roughly $70, and that complying with this provision
would take around five hours of employees’ time, yields a cost impact of around $350 per firm.
Again, the cost would likely be even lower for firms that have and exercise the option to register
NMLS-published covered orders under § 1092.203. Because § 1092.203 requires less
information from covered nonbanks than § 1092.202, exercising the option made available in §
1092.203 should take even less employee time.473 Therefore, the impact of this final provision
on affected firms will be limited.
One commenter appeared to disagree with the Bureau’s cost estimate, objecting to the
proposed rule because of the expense of submitting, monitoring, and updating the “vast” amount
of information under the rule. As discussed in more detail above, the Bureau does not agree that
the Registration Provisions require entities to submit “vast” amounts of information. The
commenter did not elaborate on this point or provide alternative data or analysis to produce an
alternative cost estimate of the Registration Provisions. However, the Bureau agrees that entities
registering orders under § 1092.202 may incur ongoing costs to comply with

As of December 2023, the ratio between total compensation and wages for private industry workers is 1.42. See
U.S. Bureau of Labor Statistics, Employer Costs for Employee Compensation: Private industry dataset (December
2023), https://www.bls.gov/web/ecec/ecec-private-dataset.xlsx.
In the unlikely event that a covered nonbank concluded that registering an NMLS-published covered order under
§ 1092.203 would be more costly than registering it under § 1092.202, the covered nonbank could forgo the option
presented in § 1092.203 and register the order under § 1092.202 instead.
§ 1092.202(b)(2)(ii), which requires that covered nonbanks submit revised registration filings
within 90 days after any amendment to a registered covered order or information required under
§ 1092.202(c) or (d). Similarly, § 1092.202(f) requires a registered entity to submit a revised
filing within 90 days if a covered order is terminated, modified, or abrogated, or if it ceases to be
a covered order by operation of § 1092.202(e).474 The Bureau believes that the cost of those
subsequent filings would generally be less than the cost of preparing and submitting the initial
registration.
These final provisions will likely not provide any benefits for affected firms.
These final provisions will give the CFPB comparatively high-quality information on
outstanding covered orders and the entities subject to those orders. That information will assist
the Bureau in monitoring for risks to consumers in the offering or provision of consumer
financial products or services. The registry will allow the Bureau to more effectively monitor for
potential risks to consumers arising from both individual violations of consumer protection laws
and broader patterns in such violations and enforcement actions intended to address them. Such
monitoring, in turn, will help inform the Bureau’s exercise of its other authorities. It will assist
the Bureau in determining whether to prioritize certain entities for risk-based supervision, or to
investigate whether certain entities have committed violations that warrant Bureau enforcement
actions. The Bureau also anticipates that the Registration Provisions will give it more
information on important gaps in existing consumer financial protection laws and will therefore
improve future Bureau regulations. In addition, by providing the Bureau with more information
on consumer harms in various markets, the Registration Provisions will improve the Bureau's
consumer education efforts. All of these effects would benefit consumers.475 The Bureau does
not have any data to quantify these benefits.

Covered nonbanks registering NMLS-published covered orders under § 1092.203 are not required to submit
revised filings under § 1092.202(b)(2)(ii) or (f).
The Bureau will achieve these benefits even for NMLS-published covered orders registered under § 1092.203 of
the final rule. Although registrations under § 1092.203 will include less information than under § 1092.202,
A joint letter by State regulators argued that the notice of proposed rulemaking overstated
the benefits to the Bureau of the proposed rule. The letter asserted that the Bureau has not
proven that there is a recidivism problem among nonbanks that would necessitate the creation of
the Bureau’s registry and that State regulators are effectively protecting consumers from repeat
offenders through existing mechanisms and authorities. To substantiate this claim, the letter
provided examples of instances in which agencies have brought actions against entities that have
repeatedly violated the law. The Bureau agrees with the point that it and other regulators have at
times successfully brought enforcement actions against entities that have repeatedly violated the
law. But the Bureau disagrees with the commenter’s view that this implies the Bureau and other
regulators could not or should not improve their regulatory, supervisory, and enforcement
activity. As described in the paragraph above, the registry will assist the Bureau in monitoring
for risks to consumers in the offering or provision of consumer financial products or services.
Among other things, the registry will assist the Bureau in analyzing trends in enforcement
actions against covered nonbanks, including trends regarding nonbank recidivism. Notably the
State regulators’ joint letter provides no concrete data on such trends and instead only provides
anecdotal examples of individual enforcement actions; providing data on such trends will be one
benefit of the rule.
The Registration Provisions will likely not impose any significant costs on consumers. As
noted above, the final provisions would impose limited costs on a minority of firms in consumer
finance markets. Firms are unlikely to raise prices as a consequence, given the minimal size of
the cost increase and the fact that it is borne by a small portion of the overall market.
2. Supervisory Reports Provisions
These final provisions will only affect covered nonbanks subject to Bureau supervision
and examination. Furthermore, such covered nonbanks that have opted to register NMLS-

registrations under § 1092.203 will notify the Bureau about the existence of the covered nonbank and the issuance of
an applicable order against it. The Bureau will then generally be able to obtain further information about the order
and the covered nonbank through the NMLS and the agency that issued or obtained the order.

published covered orders under § 1092.203 will not be subject to these final provisions with
respect to such orders. Therefore, they will affect fewer covered nonbanks and fewer consumers
than the Registration Provisions analyzed above.
Some firms may be unsure whether they are supervised covered persons not otherwise
excluded from the requirements of the final Supervisory Reports Provisions, or whether they are
subject to covered orders, so they may be unsure whether they will have to comply with these
final provisions. The Bureau notes that complying with these final provisions if it is legally
unnecessary is unlikely to have greater costs than if it is legally necessary, because § 1092.102(c)
provides that the rule does not alter applicable processes whereby a person may dispute that it
qualifies as a person subject to Bureau authority. Also, under § 1092.204(f), if a firm has a
good-faith basis to believe that it is not a supervised registered entity subject to the Supervisory
Reports Provisions (or that its order is not a covered order), it may submit a notice to the
nonbank registry stating as such. Preparing and submitting such a notice would take at most a
few hours of an employee’s time. Firms should generally choose the lowest-cost option
available to them. Therefore, firms are unlikely to spend more to determine whether they need to
comply with the Supervisory Reports Provisions than the cost to the firms of complying with the
provisions or, for firms with a good-faith basis to believe they are not supervised registered
entities (or their orders are not covered orders), of filing a § 1092.203(f) notice.
These provisions will require that affected supervised entities designate an attesting
executive for each applicable covered order. The attesting executive will be a duly appointed
senior executive officer (or, if no such officer exists, the highest-ranking individual at the entity
charged with managerial or oversight responsibilities) (i) whose assigned duties include ensuring
the supervised registered entity’s compliance with Federal consumer financial law, (ii) who
possesses knowledge of the supervised entity’s systems and procedures for achieving compliance
with the covered order, and (iii) who has control over the supervised entity’s efforts to comply
with the covered order. The Bureau believes that, even under the baseline scenario, most

supervised entities would take active steps to comply with covered orders, and therefore would
already have such an officer or individual in place to oversee the entity’s compliance with its
obligations under the covered order. Therefore, the Bureau anticipates that this designation
requirement would impose little or no additional cost on most supervised registered entities. The
Bureau notes that the cost may be higher for supervised entities that lack a high-ranking officer
or other employee with the requisite qualifications to serve as an attesting executive. But the
Bureau believes that there would be few such entities because the Bureau expects most
supervised registered entities maintain adequate board and management oversight consistent with
an appropriate compliance management system.
The Supervisory Reports Provisions will also require that the supervised registered entity
submit a written statement signed by the applicable attesting executive for each covered order to
which it is subject. In the written statement, the attesting executive will: (i) generally describe
the steps that the attesting executive has undertaken to review and oversee the supervised
registered entity’s activities subject to the applicable covered order for the preceding calendar
year; and (ii) attest whether, to the attesting executive’s knowledge, the supervised registered
entity during the preceding calendar year identified any violations or other instances of
noncompliance with any obligations that were imposed in a public provision of the covered order
by the applicable agency or court based on a violation of a covered law.
The Bureau cannot precisely quantify the impact of the written-statement requirement on
impacted firms. But based on its experience and expertise, the Bureau believes that most entities
subject to covered orders endeavor in good faith to comply with them and will already have in
place some manner of systems and procedures to help achieve such compliance. For these
entities, the written-statement requirement will require little more than submitting a written
statement from the attesting executive that generally describes the steps the executive took
consistent with the established systems and procedures to reach conclusions regarding entity
compliance with the orders. Thus, relative to the baseline, the written-statement requirement will

impose only modest costs on most covered entities, related primarily to the time and effort
needed to (i) memorialize the attesting executive’s existing oversight of compliance and (ii)
determine whether the supervised registered entity during the preceding calendar year identified
any violations or other instances of noncompliance with any obligations that were imposed in a
public provision of the covered order by the applicable agency or court based on a violation of a
covered law.
While the attesting executive would sign the written statement, the Bureau expects that
other employees in other major occupational groups (Legal Occupations, Business and Financial
Operations, and Office and Administrative Support) would support the attesting executive in
preparing the statement. Assuming that satisfying the written-statement requirement would take
twenty hours of employees’ time, and that the average cost to entities of an employee’s time is
roughly $70 an hour as discussed above, yields an estimate that the cost of this requirement on
covered entities would be roughly $1,400 per firm.
The Bureau acknowledges that, under the baseline, some supervised registered entities
may not have in place systems and procedures to allow them to confidently identify violations or
other instances of noncompliance with any obligations that were imposed in a public provision of
the covered order. As discussed elsewhere in this preamble, the Supervisory Reports Provisions
will likely prompt some such entities to adopt new or additional compliance systems and
procedures, imposing a greater cost on them. However, as noted above, based on its experience
and expertise, the Bureau believes that most entities subject to covered orders endeavor in good
faith to comply with them and will already have in place some manner of systems and
procedures to help achieve such compliance. Therefore, the Bureau believes that the number of
supervised registered entities that will put in place significant new compliance systems and
procedures as a result of the rule will be relatively small.
In addition, the Supervisory Reports Provisions will require entities to maintain records
related to the written statement for five years. Conservatively assuming that ensuring the

necessary documents are properly stored also requires ten hours of employee time adds $700 to
the costs to affected entities of these final provisions. One commenter stated that entities would
have to pay for document retention and storage to comply with the proposed rule, but did not
suggest that the Supervisory Reports Provisions’ recordkeeping requirements would impose
more than $700 in costs on affected entities.
The Bureau notes that, for the purposes of the final rule, the term “supervised registered
entity” excludes persons with less than $5 million in annual receipts resulting from offering or
providing consumer financial products and services described in CFPA section 1024(a).476
Relative to this final rule, the proposed rule further included in the term “supervised registered
entity” persons with more than $1 million in annual receipts. Therefore, this final rule should
impact fewer firms, with higher average annual receipts, than anticipated by the proposed rule.
The combined costs of around $2,100 imposed by the Supervisory Reports Provisions on the
majority of affected entities should be roughly 0.04 percent or less of annual receipts.
The costs of the Supervisory Reports Provisions may be higher in absolute terms at larger
entities because identifying instances of noncompliance with obligations imposed in a public
provision of a covered order may be more complex at larger entities. But because larger entities
will generally have greater annual receipts, the applicable compliance costs as a percentage of
annual receipts will likely remain nominal even for larger entities. The costs of the Supervisory
Reports Provisions will also likely be higher at entities with multiple instances of noncompliance
with public provisions of covered orders, or with multiple covered orders.
Some commenters argued either that the Supervisory Reports Provisions would impose
an undue burden or that the analysis in the proposed rule underestimated the costs imposed by
the Supervisory Reports Provisions. Those commenters, however, did not provide data,
information, or analysis to support their claims. Another commenter suggested a higher

12 U.S.C. 5514(a). See the section-by-section discussion of § 1092.201(q)(4) for more information regarding
how annual receipts are calculated.
employee cost estimate of $118 per hour for work to prepare the written statement, based on the
commenter’s members’ experience. The Bureau notes that, as discussed above, in data from the
Bureau of Labor Statistics the highest wage rate among all occupations considered (for
Management) is $66.23 per hour; multiplied by a benefits factor of 1.42 as discussed above, this
yields an employee cost estimate of $94.05 per hour. Still, using the commenter’s preferred
hourly cost estimate yields a total cost estimate of roughly $2,400 per firm for the twenty hours
of employees’ time estimated to be required to prepare a written statement. This represents
roughly .05 percent of the annual revenue of an entity with annual revenue of $5 million per
year. Another commenter argued that the proposed rule’s requirements were vague and so
would take more staff time, at a higher average hourly rate, than analyzed in the proposed rule;
this commenter instead favored compliance cost estimates of $4,200 - $7,200 for internal
employees plus roughly $4,000 for outside counsel, for a total cost of $8,200 - $12,200. The
Bureau disagrees with this commenter’s view that the rule’s requirements are vague and will
generally impose costs this high. Still, to put the commenter’s estimates in perspective, the
Bureau notes that $12,200 would still constitute less than .25 percent of annual receipts for firms
with average annual receipts of at least $5 million.
Similarly, another commenter argued the Bureau significantly underestimated the amount
of time involved with complying with the written-statement requirement; this commenter
estimated that the time involved would be akin to the time spent by public companies preparing
CEO and CFO certifications of Securities and Exchange Commission (SEC) filings under section
302 of the Sarbanes-Oxley Act and 18 U.S.C. 1350, which was enacted in section 906 of that
Act.477 The Bureau disagrees that the time and internal verification processes associated with the
CEO and CFO certifications under those provisions of the Sarbanes-Oxley Act are comparable to
what is required to fulfill a supervised registered entity’s obligations under the Supervisory

See Sarbanes-Oxley Act of 2002, Public Law 107-204, secs. 302, 906, 116 Stat. 745, 777-78, 806.

Reports Provisions. Section 302 of the Sarbanes-Oxley Act required the SEC to issue a rule
requiring CEOs and CFOs to certify in annual and quarterly reports that the reports do not
contain material misstatements or misleading omissions and that they fairly present in all
material respects the entity’s financial condition and results of operations. Section 302 also
required the SEC’s rule to mandate that CEOs and CFOs make certain certifications regarding
the entity’s internal controls and disclosures to auditors. Similarly, under 18 U.S.C. 1350, when
an issuer files a periodic report containing financial statements with the SEC, that report must be
accompanied by a written statement from the CEO and CFO certifying that the periodic report
fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act of
1934 and that the information contained in the report “fairly presents, in all material respects, the
financial condition and results of operations of the issuer.”478 The commenter stated that these
certifications typically require hundreds of hours and the involvement of a disclosure committee
comprised of other professionals who, in addition to providing the CEO and CFO necessary
assurances to support their certifications, may also provide their own sub-certifications.
The contents of the written statement required under the final rule here, by contrast, are
of a more general, non-technical character and can be derived from the executive’s own
knowledge, with reference as needed to documents and information related to the entity’s
compliance with the covered order.479 The written statement merely requires a general
description of the steps the executive has personally undertaken to review and oversee the
supervised registered entity’s activities subject to the applicable covered order, and a statement,
“to the attesting executive’s knowledge,” of whether the supervised registered entity identified
any violations or instances of noncompliance with applicable obligations under the order during
the preceding calendar year.480 Because the written statement is far more limited than the

18 U.S.C. 1350(b).

See § 1092.204(c) of the final rule (requiring supervised registered entities to provide attesting executives access
to documents and information necessary to make the written statement).
480

§ 1092.204(d) of the final rule.

certifications required under the cited provisions of the Sarbanes-Oxley Act, the Bureau does not
believe that the costs of complying with those Sarbanes-Oxley Act provisions provide an
appropriate benchmark for estimating the costs of the written-statement requirements. Indeed, as
noted elsewhere in this preamble, this final rule does not establish any minimum procedures or
otherwise specify the steps the attesting executive must take in order to review and oversee the
supervised registered entity’s activities. Nor does the final rule establish any minimum level of
compliance management or expectation for compliance systems and procedures at supervised
registered entities, or purport to impose any restrictions on the manner in which supervised
registered entities address such matters. Therefore, the Bureau reaffirms its conclusion that, for
most supervised registered entities, the written-statement provisions will impose only modest
costs beyond the costs entities are already incurring to ensure compliance with covered orders.
As explained in greater detail in part IV(D) and the section-by-section discussion of
§ 1092.204 above, the Supervisory Reports Provisions will facilitate the Bureau’s risk-based
supervision efforts, including its efforts to assess compliance with the requirements of Federal
consumer financial law, obtain information about the supervised entities’ activities and
compliance systems or procedures, and detect and assess risks to consumers and to markets for
consumer financial products and services. All of these effects would benefit consumers.
Moreover, while as noted above the Bureau believes that most entities subject to covered orders
endeavor in good faith to comply with them and will already have in place some manner of
systems and procedures to help achieve such compliance, it is also likely that these final
provisions will cause a few entities without such systems and procedures to develop them. This
will also benefit consumers. The Bureau does not have any data to quantify this benefit.
One commenter agreed with the analysis above that most entities subject to covered
orders already endeavor in good faith to comply with them, and so the number of supervised
registered entities that will put in place significant new compliance systems and procedures as a
result of the rule will be relatively small. However, this commenter argued that this in turn implies

that the rule will have little compliance benefits. The Bureau agrees with this commenter that
the final rule is unlikely to have a significant effect on the compliance efforts of the entities
already endeavoring in good faith to comply with covered orders. But the Bureau also notes that
the final rule will likely improve the compliance efforts of a smaller number of entities that under
the baseline would not endeavor in good faith to comply with covered orders. As discussed in
both the proposed rule and this preamble, this should have a number of beneficial effects for
consumers.
One commenter argued that the attestation requirement would divert entities’ limited
resources away from serving consumers. Similarly, another commenter argued the requirement
would lead entities to prioritize compliance with covered orders over other compliance
obligations, creating compliance risks for consumers. As stated above, the Bureau believes that
no more than 5 percent of all covered nonbanks are subject to covered orders; of these many may
have less than $5 million in relevant annual receipts, otherwise not be supervised registered
entities, or exercise their option to register NMLS-published covered orders under § 1092.203, so
the number of firms impacted by the Supervisory Reports Provisions should be limited. Finally,
as argued above the Bureau expects that even entities subject to the Supervisory Reports
Provisions will generally incur minor costs because of it. For these reasons the Bureau disagrees
with these commenters that the Supervisory Reports Provisions would have any meaningful costs
for consumers. Indeed, as described in the paragraph above, the Bureau believes this provision
will benefit consumers, including through providing a further incentive for entities to comply
with their legal obligations.
3. Publication Provisions
For affected covered nonbanks, the main effect of these provisions will be that (1) their
identifying information, (2) information regarding covered orders that they provide to the
Bureau, and (3) for supervised registered entities, the name and title of the attesting executive,

may be posted on the Internet by the Bureau.481 Much of this information would be public even
under the baseline, so the additional direct effect of this information being posted on the
Bureau’s website should be small. While as detailed below there will be indirect benefits and
costs associated with improving accountability, general public awareness, and enforcement of
consumer protection law, the Bureau does not anticipate publishing its registry would have a
significant direct impact on consumer shopping decisions.
Because covered nonbanks will provide the required registry information only if they are
subject to covered orders, consumers might interpret the presence of a covered nonbank on the
Bureau’s website as negative information about that covered nonbank. Therefore, these
provisions may have negative reputational costs for covered nonbanks whose information is
published on the Bureau website. Yet covered orders would be public information even under
the baseline with no rule. Therefore, these provisions will not make public any non-public
orders. This will limit the likely costs to covered nonbanks of these provisions.
These final provisions will allow certain information related to covered orders that is
already public to be centralized on the Bureau’s website. This will make the information more
readily accessible than it would otherwise be. One commenter argued that the proposed rule did
not give any weight to this effect, but it was explicitly acknowledged in the proposed rule. A
large body of research has studied the circumstances under which providing consumers better
access to information does, and does not, improve consumer outcomes.482 One consensus from
this research is that well-designed information disclosures can be effective at directing consumer

As explained elsewhere in this preamble, the Bureau intends to publish this information but is retaining the
discretion not to publish the information based on operational considerations, such as resource constraints. The
analysis here assumes that the Bureau will effectuate its intended approach of publishing the stated information. If
the Bureau were not to publish any of the information it collects under the final rule, the potential benefits and costs
discussed in this section largely would not be realized, except that, to a more limited extent, some of the benefits and
costs associated with the Publication Provisions could result from the Bureau’s sharing of registry information with
other government agencies under memorandums of understanding or other interagency arrangements. Similarly, if
the Bureau were to publish only a portion of the information that it currently intends to publish, the benefits and
costs of the Publication Provisions likely would be more limited than the benefits and costs associated with the
Bureau’s current publication plans.
For one review of this research, see Thomas A. Durkin and Gregory E. Elliehausen, Truth in Lending: Theory,
History, and a Way Forward (2011).
attention. For example, one study found that providing certain borrowers with information about
the costs of their loans reduced borrowing.483 However, another consensus from this research is
that information disclosures do not always materially affect consumer decision-making, and that
the impact of information disclosures on consumer decision-making depends on their design and
implementation. Impactful information disclosures are typically more direct (e.g., disclosing the
costs of a particular type of loan to prospective borrowers) and more timely (e.g., disclosed to
prospective borrowers at the time they are obtaining a loan) than the information that will be
centralized and published under this final provision. Therefore, the Bureau believes that most
consumers will not change their behavior directly because of this final provision, so the impact
of this final provision on most affected entities will likely not be significant.
Many commenters agreed with this analysis, although one mischaracterized the proposed
rule as arguing that consumers would be likely to use the public registry. In response to these
comments, the Bureau notes that as discussed in the proposed rule the registry may benefit
consumers in a number of ways beyond directly influencing their behavior. As discussed in the
proposed rule, the Publication Provisions are likely to help government agencies, including the
Bureau, enforce consumer protection laws. As noted by some commenters, the Publication
Provisions may also help provide valuable information to other individuals or organizations,
such as researchers, investors and business partners of covered persons, and media and advocacy
organizations.484 Providing additional information to these entities through publication will also
benefit consumers. Moreover, although the Bureau expects that a fraction of consumers may use
the registry to make informed decisions in the market for consumer financial products and
services, directly informing consumers of covered orders was not the exclusive purpose of the
Publication Provisions in either the proposed or final rules.

See Marianne Bertrand and Adair Morse, Information Disclosure, Cognitive Biases, and Payday Borrowing, 66
The Journal of Finance 1865, 1865–93 (2011).
484

See part IV(F) and the section-by-section discussion of § 1092.205 above.

Commenters also argued that publishing the registry information will have a small effect
on consumer behavior because the registered orders will already be public and available for
consumers to review. While these comments appear to disagree with the comments discussed in
the previous paragraph regarding the reasons why the Bureau’s registry likely will have a small
direct effect on consumer behavior, these commenters appear to agree with those in the previous
paragraph, and with the Bureau, that the direct effect on consumer behavior will in fact be small.
Again, this would imply that the Publication Provisions would impose only minor costs on
affected entities resulting from changes in consumer behavior. And again, in response to these
comments, the Bureau notes that directly informing consumers of covered orders was not the
exclusive purpose of the Publication Provisions in either the proposed or final rules.
Conversely, other commenters argued that the Bureau’s analysis understates the
reputational costs of publication, including to new and emerging financial institutions. These
commenters, however, did not provide any support for this claim or provide an alternative
estimate of the Publication Provisions’ costs.
Commenters also argued that the public registry would misinform consumers because
consumers would not have the legal context to understand the orders. Similarly, another
commenter argued that impacted entities would need to invest resources into combatting the
reputational harm imposed by the Publication Provisions. These arguments, however, appear to
suppose that many consumers will themselves see, and change their behavior based on, the
public orders, which as argued above (by both the Bureau and other commenters) is likely
incorrect. While the Bureau agrees that some consumers, if they saw the covered orders, would
find them to be complex and challenging to interpret, that is one reason the Bureau has
concluded that the public registry would have less direct impact on consumers than other kinds
of information disclosures that are generally found to be effective. The Bureau also reiterates its
belief that few consumers would likely see these covered orders themselves, even under the final
Publication Provisions.

The Bureau acknowledges that the issues disclosed by a few covered orders may be so
controversial among consumers that their publication on the Bureau’s website could impose a
substantial impact on the firms affected by those orders. However, as noted above, covered
orders would be public information even under the baseline with no rule. Therefore, covered
orders that disclose particularly controversial practices would likely be well known among
consumers even under the baseline.
Commenters also expressed concern that the Publication Provisions would result in
increased litigation for covered nonbanks, both through enforcement actions by government
agencies and through class action and other lawsuits by private litigants. The Bureau agrees that
the public registry could provide some informational benefits to government enforcement
agencies and private attorneys and would therefore impose corresponding enforcement,
litigation, and insurance costs on some entities. As discussed above, the Publication Provisions
may also help provide valuable information to other individuals or organizations, such as
researchers, investors and business partners of covered persons, and media and advocacy
organizations; providing information to these individuals or organizations may impose
corresponding costs on entities affected by the Publication Provisions, such as costs to respond to
publications based on information obtained from the Bureau’s registry. The Bureau does not
have any data with which to quantify these costs. However, as discussed above the Bureau
believes that perhaps 1 percent and at most 5 percent of covered entities are subject to covered
orders, and that among entities subject to covered orders, most endeavor in good faith to comply
with them. Therefore, the Bureau expects that the Publication Provisions will only expose a
small number of entities to increased costs. Moreover, the Bureau does not share the
commenters’ belief that providing information to government enforcement agencies and
attorneys provides no benefit to consumers. To the contrary, as explained above, the Bureau
views facilitating public and private enforcement of the Federal consumer financial laws as a

benefit of this registry.485 The Bureau thus agrees with different commenters that the registry
will help the CFPB, law enforcement community, and the public limit the harms from repeat
violators of their legal obligations.
One commenter noted that these final provisions could put affected entities at a
competitive disadvantage relative to other entities in the market, by making information about
them and the covered orders to which they are subject more accessible. The Bureau
acknowledges that public awareness that an entity has been subjected to liability for violating a
covered law may disadvantage that entity relative to other entities that have not been subjected to
similar liability. However, the Publication Provisions would not make public any covered orders
that were not already published (or required to be published). This in turn mitigates the direct
effects of this final provision on marketplace competition.
These final provisions could benefit firms in affected markets, even those without
covered orders, by centralizing certain information on covered orders. This could give firms a
clearer picture of how consumer financial protection laws are enforced across agencies and
jurisdictions, and could reduce costs for firms that would conduct research into this question
under the baseline. As noted by one commenter, these provisions may have benefits to other
market participants, such as potential investors, contractual partners, financial firms, and others
that are conducting due diligence on a registered nonbank.486 Providing the public, including
firms, with information on the extent and nature of covered orders is consistent with the Bureau’s
congressionally assigned purpose of ensuring that consumer financial markets are fair,
transparent, and competitive.487 The Bureau does not have any data with which to quantify these
benefits.

See the section-by-section discussion of § 1092.205 above.

See discussion at part IV(F) above.

12 U.S.C. 5511(a).

For consumers, one effect of the final provision will be improved access to information
about covered nonbanks with covered orders. However, as noted above, this information would
be public even under the baseline. Moreover, as discussed in more detail above, impactful
information disclosures are typically more direct and more timely than the information that
would be centralized and published under this provision. Therefore, the Bureau believes that
most consumers will not change their behavior due to this final provision. As discussed in more
detail above, many commenters agreed with this conclusion.
By centralizing certain information on covered orders, another effect of the Publication
Provisions will be to improve the ability of regulatory agencies besides the Bureau to conduct
their activities, including supervision, enforcement, regulation, market monitoring, research, and
consumer education. One commenter argued that the benefits of the rule for enforcement
agencies were overstated in the proposed rule because covered orders are already public and
because certain regulators are already aware of certain covered orders. However, the Bureau
noted these points in the proposed rule. The Bureau argued in the proposed rule, and finds here,
that the Publication Provisions would indirectly benefit consumers by centralizing certain
information that is already public, which will assist agencies charged with enforcing Federal
consumer financial laws with carrying out their responsibilities. Several commenters and
consulting parties agreed that the proposed rule would help regulators and law enforcement. The
Bureau does not have any data to quantify this benefit.
The Publication Provisions will likely not impose any significant costs on consumers. As
noted above, the provisions may impose some costs on some firms, and it is possible that those
firms may respond to these increased costs by increasing prices for consumers. But as discussed
above, the costs of these provisions on affected firms will be limited, so any cost increases
caused by the rule will be limited at affected firms. Moreover, many firms will not be affected at
all by these provisions and so will not raise prices because of these provisions.

Finally, a number of commenters argued that the proposed rule, by increasing the costs to
entities of consent orders, would discourage settlements in regulatory proceedings and so impose
further costs on affected entities. The Bureau acknowledges that the final rule will increase the
costs to entities of covered orders, and so may have a marginal effect on the decision of some
entities to settle. However, as argued above, the Bureau believes that the costs imposed by the
final rule on entities subject to covered orders will be quite limited, so relative to the baseline,
the final rule should increase the expected costs of settlement by little. Therefore, the Bureau
believes that, among entities deciding whether to settle an enforcement action, it would be rare
for costs imposed by this final rule to make a difference in the decision. Moreover, as noted
above, the Bureau believes that perhaps one percent, and at most five percent, of covered
nonbank entities are subject to covered orders. The small number of covered entities subject to
covered orders strongly suggests that only a small percentage of such entities become subject to
covered orders each year, and so could arguably be deciding whether to settle an enforcement
matter that might result in a covered order. Therefore, the final rule should have only a small
effect on the decisions of a small number of firms contemplating whether or not to settle.
E. Potential Specific Impacts of the Final Rule
1. Insured Depository Institutions and Insured Credit Unions with $10 Billion or Less in
Total Assets, As Described in Section 1026
This final rule will only apply to nonbanks. Therefore, it will have no direct impacts on
any insured depository institution or insured credit union. The rule may have some indirect
effects on some insured depository institutions and insured credit unions with $10 billion or less
in total assets. For example, insured depository institutions and insured credit unions that are
affiliated with affected entities might experience indirect costs because the final rule may impose
some costs on their nonbank affiliates. Insured depository institutions and insured credit unions
that compete with affected entities might experience indirect benefits because of the proposed
rule because the proposed rule may impose some costs on their competitors. But as noted above,

even for nonbanks that are directly affected by the final rule, the Bureau does not anticipate that
the rule’s impact will be significant in most cases. Therefore, the Bureau anticipates that any
indirect effects on insured depository institutions or insured credit unions with $10 billion or less
in total assets will be even less significant.
2. Impact of the Proposed Rule on Access to Consumer Financial Products and Services
and on Consumers in Rural Areas
By imposing some costs on affected covered nonbanks, the final rule may cause affected
covered nonbanks to provide fewer financial products and services (or financial products and
services at higher cost) to consumers. However, as noted above, the final rule will likely impose
only limited costs on a limited number of covered nonbanks. Therefore, the impact of the final
rule on consumer access to financial products and services will be limited even at affected
covered nonbanks. Moreover, bank and nonbank entities that will not be directly affected by the
final rule could provide financial products and services to consumers that would otherwise obtain
these financial products and services from affected covered nonbanks. Therefore, the negative
impact of the final rule on consumer access to financial products and services would be limited.
By improving the ability of the CFPB to conduct its activities, including supervision,
enforcement, regulation, market monitoring, and consumer education, the final rule will likely
improve the functioning of the broader market and so may also have positive effects on
consumer access to consumer financial products or services provided in conformity with
applicable legal obligations designed to protect consumers.
Broadly, the Bureau believes that the analysis above of the impact of the final rule on
consumers in general provides an accurate analysis of the impact of the final rule on consumers
in rural areas. The impact of the final rule on consumers in rural areas will likely be relatively
smaller if the proposed rule affects fewer entities in rural areas. High-quality data on the rural
market share of entities that will be affected by the final rule does not exist, so the Bureau cannot
judge with certainty the relative impact of the rule on rural areas. However, for certain large and

well-studied markets, there is evidence that nonbanks have larger market shares in urban areas
and smaller market shares in rural areas.488 Based on this limited evidence, the Bureau expects
that the impact of the final rule will be smaller in rural areas.
IX.

Regulatory Flexibility Act Analysis

A. Overview
The Regulatory Flexibility Act (RFA) generally requires an agency to conduct an initial
regulatory flexibility analysis (IRFA) and a final regulatory flexibility analysis (FRFA) of any
rule subject to notice-and-comment rulemaking requirements, unless the agency certifies that the
rule will not have a significant economic impact on a substantial number of small entities.489
The Bureau also is subject to certain additional procedures under the RFA involving the
convening of a panel to consult with small business representatives before proposing a rule for
which an IRFA is required.490
A FRFA is not required for this final rule because it will not have a significant economic
impact on a substantial number of small entities.
B. Impact of Final Provisions on Small Entities
The final rule has three principal sets of substantive provisions, which are separately
analyzed below. The first set of provisions (hereinafter referred to as the “Registration
Provisions”) will require nonbank covered persons that are subject to certain public agency and
court orders enforcing the law to register with the Bureau and to submit certain information
related to those public orders to the Bureau. The second set of provisions (hereinafter referred to
as the “Supervisory Reports Provisions”) will require nonbank covered persons that are
supervised by the Bureau to prepare and submit an annual written statement, signed by a
For evidence on the mortgage market, see Julapa Jagtiani, Lauren Lambie-Hanson, and Timothy Lambie-Hanson,
Fintech Lending and Mortgage Credit Access, 1 The Journal of FinTech (2021). For evidence on the auto loan
market, see Donghoon Lee, Michael Lee, and Reed Orchinik, Market Structure and the Availability of Credit:
Evidence from Auto Credit, MIT Sloan Research Paper (2022),
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3966710.
489

5 U.S.C. 601 et seq.

5 U.S.C. 609.

designated individual, regarding compliance with each covered public order. The third set of
provisions (hereinafter referred to as the “Publication Provisions”) describes the registration
information the Bureau may make publicly available.
The analysis below evaluates the economic impact of the final provisions on small
entities as defined by the RFA.491 The RFA’s definition of “small” varies by type of entity.492
With certain exceptions, the final rule will apply to covered persons as defined in the
CFPA, including persons that engage in offering or providing a consumer financial product or
service.493 Among others,494 these products and services would generally include those listed
below, at least to the extent they are offered or provided for use by consumers primarily for
personal, family, or household purposes.
•

Extending credit and servicing loans;

•

Extending or brokering certain leases of personal or real property;

•

Providing real estate settlement services;

•

Engaging in deposit-taking activities, transmitting or exchanging funds, or otherwise
acting as a custodian of funds;

•

Selling, providing, or issuing stored value or payment instruments;

•

Providing check cashing, check collection, or check guaranty services;

•

Providing payments or other financial data processing products or services to a consumer
by any technological means;

For purposes of assessing the impacts of the proposed rule on small entities, “small entities” is defined in the
RFA to include small businesses, small not-for-profit organizations, and small government jurisdictions. 5 U.S.C.
601(6). A “small business” is determined by application of Small Business Administration regulations and
reference to the North American Industry Classification System (NAICS) classifications and size standards. 5
U.S.C. 601(3). A “small organization” is any “not-for-profit enterprise which is independently owned and operated
and is not dominant in its field.” 5 U.S.C. 601(4). A “small governmental jurisdiction” is the government of a city,
county, town, township, village, school district, or special district with a population of less than 50,000. 5 U.S.C.
601(5).
U.S. Small Bus. Admin., Table of Small Business Size Standards Matched to North American Industry
Classification System Codes, https://www.sba.gov/sites/default/files/202209/Table%20of%20Size%20Standards_NAICS%202022%20Final%20Rule_Effective%20October%201%2C%202
022.pdf (current SBA size standards).
493

For the full scope of the term “covered person,” see 12 U.S.C. 5481(6).

For the full scope of the term “consumer financial product or service,” see 12 U.S.C. 5481(5).

•

Providing financial advisory services;

•

Collecting, analyzing, maintaining, or providing consumer report information or certain
other account information; and

•

Collecting debt related to any consumer financial product or service.495
The Registration and Publication Provisions will affect such covered persons (as that

term is defined in 12 U.S.C. 5481(6)) that (1) do not fall within any of the listed exclusions in §
1092.201(d), such as those for insured depository institutions, insured credit unions, and related
persons (as that term is defined in 12 U.S.C. 5481(25)), and (2) have had covered orders issued
against them. The Supervisory Reports Provisions will affect such covered persons that (1) are
subject to supervision and examination by the Bureau pursuant to CFPA section 1024(a),496 (2)
have had covered orders issued against them, (3) are at or above the $5 million annual receipts
threshold, unless such covered persons are subject to certain exclusions, and (4) are not
registering covered orders under the one-time registration option for NMLS-published covered
orders under § 1092.203.
A major benefit of the final rule is that it will give the Bureau comparatively high-quality
data on covered orders. Currently, the Bureau does not have high-quality data on the number of
covered orders, nor does it have reliable information on the number of small, covered firms that
are subject to covered orders. Therefore, the Bureau cannot reliably estimate the precise number
of small entities that would be impacted by the final rule.
One commenter argued that the Bureau could not explain why its rule would not have a
significant economic impact on a substantial number of small entities because the Bureau had not
provided clear information about the number of small entities that would be impacted by the rule.
Other commenters asserted that the Bureau’s rule would affect a substantial number of small
entities, although they did not provide evidence to support this assertion. One commenter argued

See 12 U.S.C. 5481(15) (defining term “financial product or service”).

496 12

U.S.C. 5514(a).

that the proposed rule would increase burdens for smaller financial technology companies in
particular. In response to these comments, the Bureau notes that its certification under 5 U.S.C.
605(b) does not depend on the total number of small entities that would be affected by the rule.
That is because the Bureau has concluded that, regardless of the number of affected small
entities, the economic impact of the rule for the vast majority of affected small entities would not
be significant. Therefore, even if a substantial number of small entities were affected by the
rule,497 the rule still would not have a significant economic impact on a substantial number of
small entities within the meaning of 5 U.S.C. 605(b).
The SBA Office of Advocacy asked if it would be possible for the Bureau to obtain
information on the number of small entities subject to covered orders from States or Federal
agencies that have issued these covered orders. The Bureau indeed asked for similar information
from Federal agencies, State regulators, State attorneys general, and tribes in interagency
consultations for the proposed rule. The specific question asked was: “Approximately how many
public final orders are issued each year by agencies or courts in enforcement actions brought by
Federal, State, Tribal governments, or local government agencies against covered person entities
for violations of laws prohibiting unfair, deceptive, or abusive acts or practices, in cases
involving consumer financial products or services? (In addition to the number of such orders,
the CFPB is interested in information regarding the particular statutes or regulations prohibiting
unfair, deceptive, or abusive acts or practices that are cited in such enforcement
actions.) Approximately how many such orders are issued each year for violations of Federal
consumer financial laws?” The Bureau also asked a similar question in consultations for the
final rule, as follows: “Approximately how many orders issued or obtained by your agency
during the past seven years would qualify as ‘covered orders’ as defined in the draft final rule?”

To be clear, commenters have not presented data establishing that the final rule will in fact affect a substantial
number of small entities. The Bureau here simply notes that, even if it were assumed that the final rule has some
economic effect on a substantial number of small entities, that impact will not be significant for the vast majority of
affected small entities.
While not definitive, the responses the Bureau obtained to this question were consistent with its
estimate above that perhaps one percent, and at most five percent, of covered entities are subject
to covered orders. However, the Bureau concluded for several reasons that this information was
still not sufficient to provide a rigorous quantitative estimate of the number of small entities
subject to covered orders. First, most agencies with whom the Bureau consulted did not provide
this requested information to the Bureau. Second, many of these agencies do not track the
number of covered orders they have outstanding. Third, many of these agencies cannot reliably
determine whether entities subject to covered orders qualify as “small entities” within the
meaning of the RFA.
The SBA Office of Advocacy also asked if it would be possible for the CFPB to use
economic data from the Census Bureau’s Statistics of U.S. Businesses to extrapolate the number
of affected small entities. These data indicate that, of entities listed in table 1 above, roughly 96
percent are small. In the notice of proposed rulemaking, the Bureau did not estimate the number
of small entities that will be affected by the final rule because, even with an estimate of the
number of small entities in an industry, the Bureau could not provide a precise estimate of the
number of such entities subject to covered orders. However, the Bureau notes that a
conservative upper bound estimate of the number of small entities that will be affected by the
final rule can be obtained if one assumes that all entities subject to covered orders are small.498
In this case, if at most 5 percent of all covered nonbanks are subject to covered orders and so will
be affected by the final rule,499 all such affected entities are small, and roughly 96 percent of
covered nonbanks in affected markets are small, then at most 5.2 percent of small covered
nonbanks are subject to covered orders and so will be affected by the final rule.500 The Bureau

To be clear, it is not the case that all entities subject to covered orders are small entities. In response to
comments, the Bureau here is merely using a simplifying assumption to derive a conservative upper bound estimate
of the rule’s potential impact on small entities.
As explained above, the estimate that perhaps 1 percent, and at most 5 percent, of covered nonbanks are subject
to covered orders is based on the Bureau’s experience and expertise and is not disputed by commenters.
500

Dividing 5% by 96% yields 5.2%.

reiterates that this 5.2 percent number provides a conservative upper bound on the fraction of
small entities in relevant markets that will be affected by the final rule, and the actual fraction of
small entities that will be affected by the final rule is likely to be smaller. Nonetheless, this
analysis indicates that the rule will not in fact impact a substantial number of small entities. As
explained above, however, the Bureau’s certification under 5 U.S.C. 605(b) does not depend on
the number of small entities affected by the rule.
A joint letter from State regulators misinterpreted the proposed rule as arguing that
because only 1 percent to 5 percent of covered nonbanks would need to comply with the
proposed rule’s registration and reporting requirements, the proposed rule would not have a
significant economic impact on a substantial number of small entities. In the context of its
discussion of the rule’s impacts under CFPA section 1022(b)(2)(A), the Bureau indeed estimated
that between 1 percent and 5 percent of all covered nonbanks (including both small entities and
larger entities) might be impacted by the proposed rule. In its RFA analysis in the proposed rule,
however, the Bureau did not estimate the percentage of covered-nonbank small entities that
might be affected by the proposed rule. The Bureau’s RFA analysis in the proposed rule thus did
not rely on that 1-to-5 percent estimate, and the Bureau’s RFA analysis here does not depend on
that estimate, either. It is, however, notable that the State-regulator commenters, which have
significant experience with enforcement actions against small entities and access to a substantial
amount of information about such actions through the NMLS, do not argue that the percentage of
covered-nonbank small entities with covered orders is substantially higher than 1 percent to 5
percent. As noted above, if no more than approximately 5 percent of covered-nonbank small
entities will have covered orders subject to the rule’s requirements, then the rule will not impact
a substantial number of small entities.
The same state-regulator commenters cited NMLS data to argue that the proposed rule
would predominantly impact small nonbank entities, because nearly 96 percent of state-licensed
nonbank NMLS Call Report filers are small. As explained above, the Bureau’s analysis of the

Census Bureau’s Statistics of U.S. Businesses data indicates that roughly 96 percent of entities
listed in table 1 are small, so the Bureau agrees with these state-regulator commenters that a
large majority of entities in affected markets are small. The Bureau notes that this does not
necessarily imply that a large majority of affected entities are small, since among entities in
affected markets, it is possible that large entities will disproportionately be subject to covered
orders and thus will be disproportionately affected by the final rule. However, if one further
assumes, as these commenters do, that small entities will be impacted by the rule in roughly the
same proportion as other entities, the Bureau agrees that this indeed implies that a large majority
of affected entities will be small. This finding merely reflects the fact that most nonbanks are
likely small businesses under the Small Business Administration’s regulations. Since most
nonbanks likely qualify as small businesses, it is not surprising that a rule addressing orders
entered against nonbanks would predominantly affect small businesses if small businesses were
impacted in proportion to their representation among all businesses. This fact, however, does not
affect the Bureau’s assessment that the final rule here will not have a significant economic
impact on a substantial number of small entities. As explained above, the final rule will not have
a significant economic impact on the vast majority of affected entities, including affected small
entities. Further, as also noted above, the state-regulator commenters do not argue that the
percentage of covered-nonbank small entities with covered orders is substantially higher than 1
percent to 5 percent. Again, if no more than 5 percent of all covered nonbanks are subject to
covered orders (as the commenters do not dispute), and roughly 96 percent of all covered
nonbanks in affected markets are small (as the commenters and the Bureau agree), then no more
than 5.2 percent of small covered nonbanks can possibly be subject to covered orders and so be
affected by the final rule. This implies that the rule will not impact a substantial number of small
entities (although, to reiterate, the Bureau’s 5 U.S.C. 605(b) certification does not depend on that
fact).
1. Registration Provisions

The first set of provisions will require covered firms to register using the nonbank
registry and submit certain required information. Required information includes identifying and
administrative information, as well as information regarding covered orders. This information
should be readily accessible to almost all entities affected, and providing it through the nonbank
registry should be straightforward. Firms would not have to purchase new hardware or software,
or train specialized personnel, to comply with these final provisions.
To obtain a quantitative estimate of the cost of these provisions, the Bureau assesses the
average hourly base wage rate for the reporting requirement at $49.29 per hour. This is the mean
hourly wage for employees in four major occupational groups assessed to be most likely
responsible for the registration process: Management ($66.23/hr); Legal Occupations
($64.34/hr); Business and Financial Operations ($43.55/hr); and Office and Administrative
Support ($23.05/hr).501 We multiply the average hourly wage of $49.29 by the private industry
benefits factor of 1.42 to get a fully loaded wage rate of $70.00/hr.502 The Bureau includes these
four occupational groups in order to account for the mix of specialized employees that may assist
in the registration process. The Bureau assesses that the registration process will generally be
completed by office and administrative support employees that are generally responsible for the
registrant’s paperwork and other administrative tasks. Employees specialized in business and
financial operations or in legal occupations are likely to provide information and assistance with
the registration process. Senior officers and other managers are likely to review the registration
information before it is submitted and may provide additional information. Assuming as
outlined above a fully loaded wage rate of roughly $70, and that complying with this final
provision would take around five hours of employees’ time, yields a cost impact of around $350

See U.S. Bureau of Labor Statistics, National Occupational Employment and Wage Estimates United States (May
2023), https://www.bls.gov/oes/current/oes_nat.htm. The hourly wage estimates used in the proposed rule were
slightly different because they were drawn from 2021 data.
As of December 2023, the ratio between total compensation and wages for private industry workers is 1.42. See
U.S. Bureau of Labor Statistics, Employer Costs for Employee Compensation: Private industry dataset (December
2023), https://www.bls.gov/web/ecec/ecec-private-dataset.xlsx.
per firm. The cost would likely be even lower for firms that have and exercise the option to
register NMLS-published covered orders under § 1092.203. Because § 1092.203 requires less
information from covered nonbanks than § 1092.202, exercising the option made available in §
1092.203 should take even less employee time.503 Therefore, the impact of this final provision
on affected firms will be limited.
Several commenters disagreed with this cost assessment.504 One preferred a higher
estimate of $5,000 per year, based in part on the argument that the scope of administrative
information is “wholly unknown” and can encompass a “limitless breadth” of information. The
Bureau disagrees with these claims. As explained above,505 § 1092.202(c) only requires
registered entities to submit the specific “administrative information” that is “required by the
nonbank registry,” and the Bureau has made clear that it will “specify the types of …
administrative information registered entities would be required to submit” in “filing instructions
… issue[d] under … § 1092.102(a).”506 Therefore, covered nonbanks should have no need to
hire outside legal counsel to ascertain what information qualifies as “administrative information”
required to be submitted under the rule. Instead, the Bureau’s filing instructions will specify
what categories of information covered nonbanks must submit as “administrative information.”
Another commenter based their disagreement on this cost assessment on the operational
cost of developing new technologies and databases to satisfy the registration requirements.
However, the Bureau does not believe many, if any, entities will have to develop new

In the unlikely event that a covered nonbank concluded that registering an NMLS-published covered order under
§ 1092.203 would be more costly than registering it under § 1092.202, the covered nonbank could forgo the option
presented in § 1092.203 and register the order under § 1092.202 instead.
In this section, the Bureau discusses comments that focused primarily on the rule’s potential effects on small
entities. To the extent that these comments address the potential benefits and costs of the rule for covered persons,
the Bureau recognizes that the comments are also relevant to its analysis under CFPA section 1022(b)(2)(A); it did
not duplicate its responses to those comments in its section 1022(b)(2)(A) discussion above simply to avoid
unnecessary repetition. Similarly, the Bureau has not repeated here responses to comments about general impacts
on covered persons that are adequately addressed in its section 1022(b)(2)(A) discussion above.
505

See the section-by-section discussion of § 1092.201(a) above.

88 FR 6088 at 6118.

technologies and databases to comply with the Registration Provisions. Therefore, the Bureau
believes its $350 estimate is reasonable.
A joint letter from State regulators argued qualitatively that, because many small entities
subject to covered orders are not subject to CFPB supervision, the costs imposed on them by the
proposed rule would be larger than the Bureau estimated. However, the cost analysis performed
both in the proposed rule and in this final rule does not presuppose supervision by the CFPB.
Further, even if a covered nonbank is not subject to CFPB supervision, it would even under the
baseline generally be expected to have systems in place to comply with its obligations under
Federal consumer financial laws and other consumer-protection laws, and the rule’s registration
requirements do not significantly add to the legal obligations to which covered nonbanks are
already subject. Therefore, the Bureau again concludes that its $350 estimate is reasonable.
Commenters also noted that the rule will impose ongoing costs on entities after initial
registration. The Bureau agrees that entities registering orders under § 1092.202 may incur
ongoing costs to comply with § 1092.202(b)(2)(ii), which requires that covered nonbanks submit
revised registration filings within 90 days after any amendment to a registered covered order or
information required under § 1092.202(c) or (d). Similarly, § 1092.202(f) requires a registered
entity to submit a revised filing within 90 days if a covered order is terminated, modified, or
abrogated, or if it ceases to be a covered order by operation of § 1092.202(e).507 The Bureau
believes that the cost of those subsequent filings would generally be less than the cost of
preparing and submitting the initial registration. The Bureau also believes that most revised
filings under § 1092.202(b)(2)(ii) or (f) would be submitted after the initial year in which an
entity first registers an order. In determining whether a significant economic impact on a
substantial number of small entities (SISNOSE) exists, the Bureau calculates impacts on a
periodic (usually annual) basis that is relative to firm revenue. If the analysis were extended past

Covered nonbanks registering NMLS-published covered orders under § 1092.203 are not required to submit
revised filings with respect to such orders under § 1092.202(b)(2)(ii) or (f).
the initial year, calculated costs would increase with time, but so would calculated firm revenue.
The Bureau believes that, in the case of the Registration Provisions, the ratio of the two—which
is the relevant number for SISNOSE analysis—likely would not increase significantly over time,
and in fact would very likely decrease, because the cost of submissions under
§ 1092.202(b)(2)(ii) or (f) would generally be less than the cost of preparing and submitting the
initial registration.
The same commenters also noted that firms with multiple orders will face higher costs.
The Bureau agrees and noted this point in the proposed rule.508 The Bureau also notes that there
are even fewer entities subject to multiple covered orders than there are entities subject to any
covered order. The Bureau further notes that the average cost per order of registering orders is
likely to be lower for firms with more covered orders, in part because some of the costs involved
with registering orders (such as identifying and supplying the required administrative
information) would generally only need to be incurred once.
Two commenters noted that even some entities not subject to covered orders would still
be impacted by the proposed rule, if they were subject to orders they viewed as potentially
covered, because they may have to determine if the potentially covered orders are actually
covered. As it stated in the proposed rule, the Bureau agrees that some firms may be unsure
whether they are covered persons not otherwise excluded from the rule, or whether they are
subject to covered orders. As stated in the proposed rule, for firms unsure of their obligations
under the Registration Provisions, one option would be to hire outside legal counsel to advise
them on these issues, which the Bureau agrees could be costly for small firms. However, another
option for such firms would be to register using the nonbank registry, even if doing so is not
legally required. As explained above and in the proposed rule, the cost associated with
registering an order is likely low—a few hours of an employee’s time. In addition, if firms have

See 88 FR 6088 at 6131.

a good-faith basis to believe they are not covered nonbanks (or that their orders are not covered
orders), they may submit a notice to the nonbank registry stating as such under § 1092.202(g).
Preparing and submitting such notices would take at most a few hours of an employee’s time.
The Bureau further notes that the mere act of registering an order or submitting a § 1092.202(g)
notice is unlikely to have significant indirect costs because § 1092.102(c) would provide that the
rule “does not alter any applicable process whereby a person may dispute that it qualifies as a
person subject to Bureau authority.” Firms should generally choose the lowest cost option
available to them, and low-cost options—either registering under the nonbank registry or filing a
notice under proposed § 1092.202(g)—are options available to firms.
2. Supervisory Reports Provisions
This second set of provisions will require that affected supervised entities designate an
attesting executive for each applicable covered order. The attesting executive will be a duly
appointed senior executive officer (or, if no such officer exists, the highest-ranking individual at
the entity charged with managerial or oversight responsibilities) (i) whose assigned duties
include ensuring the supervised registered entity’s compliance with Federal consumer financial
law, (ii) who possesses knowledge of the supervised entity’s systems and procedures for
achieving compliance with the covered order, and (iii) who has control over the supervised
entity’s efforts to comply with the covered order. The Bureau believes that, even under the
baseline scenario, most supervised entities would take active steps to comply with covered
orders, and therefore would already have such an officer or individual in place to oversee the
entity’s compliance with its obligations under the covered order. Therefore, the Bureau
anticipates that this designation requirement will impose little or no additional impact on most
supervised registered entities. The Bureau notes that the impacts may be higher for supervised
entities that lack a high-ranking officer or other employee with the requisite qualifications to
serve as an attesting executive, but the Bureau believes that there are few such entities because
the Bureau expects most supervised registered entities maintain adequate board and management

oversight consistent with an appropriate compliance management system. Furthermore, covered
nonbanks that have opted to register NMLS-published covered orders under § 1092.203 will not
be subject to the Supervisory Reports Provisions with respect to such orders.
The Bureau sought comment on whether proposed section 203(b)’s designation
requirement is likely to impose material additional impacts on supervised registered entities,
beyond the impacts those entities are already likely to incur as part of fulfilling their obligations
under the covered orders to which they are subject. The SBA Office of Advocacy claimed that,
in the proposed rule, the Bureau provided no basis for its claim that most supervised entities
would already have such an officer or individual in place. This claim is incorrect. In the
proposed rule, as in this final rule, the Bureau explained its reasoning. The Bureau anticipates
that most supervised entities will take active steps to comply with covered orders, as the law
requires. Therefore, the Bureau believes that, even under the baseline scenario, most supervised
entities would already have an officer or individual satisfying § 1092.204(b)’s requirements in
place to oversee the entity’s compliance with its obligations under the covered order. This belief
is supported by the Bureau’s experience with supervising nonbanks, which includes examining
their compliance systems. Based on its supervision experience, the Bureau believes it is unlikely
that many entities subject to its supervision would have difficulty designating an individual who
satisfies the criteria identified in § 1092.204(b).
The Supervisory Reports Provisions will also require that the supervised registered entity
submit a written statement signed by the applicable attesting executive for each covered order to
which it is subject. In the written statement, the attesting executive will: (i) generally describe
the steps that the attesting executive has undertaken to review and oversee the supervised
registered entity’s activities subject to the applicable covered order for the preceding calendar
year; and (ii) attest whether, to the attesting executive’s knowledge, the supervised registered
entity during the preceding calendar year identified any violations or other instances of

noncompliance with any obligations that were imposed in a public provision of the covered order
by the applicable agency or court based on a violation of a covered law.
The Bureau cannot precisely quantify the impact of the written-statement requirement on
impacted firms. But based on its experience and expertise, the Bureau believes that most entities
subject to covered orders endeavor in good faith to comply with them and will already have in
place some manner of systems and procedures to help achieve such compliance. For these
entities, the proposed written-statement requirement would require little more than submitting a
written statement from the attesting executive that generally describes the steps the executive
took consistent with the established systems and procedures to reach conclusions regarding entity
compliance with the orders.
Thus, relative to the baseline, the written-statement requirement will impose only modest
costs on most covered entities, related primarily to the time and effort needed to (i) memorialize
the attesting executive’s existing oversight of compliance and (ii) determine whether the
supervised registered entity during the preceding calendar year identified any violations or other
instances of noncompliance with any obligations that were imposed in a public provision of the
covered order by the applicable agency or court based on a violation of a covered law. While the
attesting executive will sign the written statement and generally describe the steps the executive
has taken to oversee the supervised registered entity’s activities subject to the applicable order,
the Bureau expects that other employees in other major occupational groups (Legal Occupations,
Business and Financial Operations, and Office and Administrative Support) will support the
attesting executive in preparing the statement. Assuming that satisfying the written-statement
requirement would take twenty hours of employees’ time, and that the average cost to entities of
an employee’s time is roughly $70 an hour as discussed above, yields an estimate that the cost of
this requirement on covered entities would be roughly $1400 per entity.
One commenter criticized this estimate, arguing that many small entities do not have
employees in the various occupational groups assumed above and in particular would have to

contract with outside legal counsel to comply with the Supervisory Reports Provisions.
However, the Bureau notes that the Supervisory Reports Provisions only requires that the
attesting executive generally describe the steps the executive has taken to oversee compliance
and state whether or not the company has identified a violation; it does not require the company
to conduct any new analysis, legal or otherwise, in order to make that determination. The
Supervisory Reports Provisions would not require, for example, an entity to hire counsel to
conduct an assessment of past conduct for violations of orders it has not already identified.
Therefore, for a sufficiently small entity that would be forced to employ management only (at a
fully loaded wage rate of $66.23 times 1.42 or $94.05 per hour as discussed above) to satisfy the
written-statement requirements, assuming again that compliance takes twenty hours of employee
time, yields a cost estimate of approximately $1,881 for such firms. This is substantially lower
than the $3,000 to $6,000 estimate provided by the commenter.
The Bureau acknowledges that, under the baseline, some supervised registered entities
may not have in place systems and procedures to allow them to confidently identify violations or
other instances of noncompliance with any obligations that were imposed in a public provision of
the covered order. As discussed elsewhere in this preamble, the Supervisory Reports Provisions
will likely prompt some such entities to adopt new or additional compliance systems and
procedures, imposing a greater cost on them. However, as noted above, based on its experience
and expertise, the Bureau believes that most entities subject to covered orders endeavor in good
faith to comply with them and will already have in place some manner of systems and
procedures to help achieve such compliance. Therefore, the Bureau believes that the number of
supervised registered entities that will put in place significant new compliance systems and
procedures as a result of the final rule will be relatively small.
Several commenters argued that employees would be reluctant to act as attesting
executives because of the Supervisory Reports Provisions and would require a salary premium to
do so, raising costs for affected entities. The Bureau acknowledges that, among entities subject

to covered orders that lack adequate compliance systems, employees could indeed be reluctant to
act as attesting executives under these provisions and might require a salary premium to do so.
However, as discussed above, the Bureau believes that most entities that are subject to covered
orders endeavor in good faith to comply with them. Therefore, the Bureau believes that most
entities will already have in place some manner of systems and procedures to help achieve such
compliance. As a result, attesting executives for most entities should not require a salary
premium in order to comply with the written-statement requirements. The Bureau acknowledges
that some firms without sufficient systems and procedures in place to comply with covered
orders may be forced to pay attesting executives a salary premium because of the Supervisory
Reports Provisions, but believes that there will be few such firms. Furthermore, while the
Bureau cannot precisely quantify the salary premium that would be required by attesting
executives at such firms, the Bureau notes that an estimate of $25,000 provided by one
commenter represents less than .5 percent of annual receipts of entities with more than $5 million
per year in annual receipts.
In addition, the Supervisory Reports Provisions will require entities to maintain records
related to the written statement for five years. Conservatively assuming that ensuring the
necessary documents are properly stored also requires ten hours of employee time adds $700 to
the costs to affected entities of this final provision.
One commenter appeared to disagree with this cost assessment and argued, in reference
to the recordkeeping requirements of the Supervisory Reports Provisions, that the added costs of
compliance would be significant enough to cause small entities in the debt-collection industry
material financial hardship, if not cause them to cease operations. However, this commenter did
not directly dispute the Bureau’s cost estimate of ten hours of employee time, nor did the
commenter provide data or analysis to dispute this estimate, which as noted above implies a cost
of compliance of roughly $700.

The Bureau notes that, for the purposes of this final rule, the term “supervised registered
entity” excludes persons with less than $5 million in annual receipts resulting from offering or
providing consumer financial products and services described in CFPA section 1024(a).
Relative to this final rule, the proposed rule further included in the term “supervised registered
entity” persons with more than $1 million in annual receipts. Therefore, relative to the proposed
rule that was discussed by commenters, the Supervisory Reports Provisions will affect fewer
small entities, and the entities they will affect will have higher annual receipts on average. The
estimated combined costs of around $2,100 imposed by the Supervisory Reports Provisions as
discussed above on most affected entities should be roughly 0.04 percent or less of annual
receipts. Therefore, the impact of this final provision on most affected small entities will be
limited.
The costs of the Supervisory Reports Provisions may be higher at larger entities because
identifying instances of noncompliance with obligations imposed in a public provision of a
covered order may be more complex at larger entities. But because larger entities will generally
have greater annual receipts, the applicable compliance costs as a percentage of annual receipts
will likely remain nominal for larger entities, even if the absolute value of those compliance
costs tends to increase as entity size increases. The costs will also likely be higher at entities
with multiple instances of noncompliance with public provisions of covered orders, or with
multiple covered orders. However, there are fewer entities subject to multiple covered orders
than there are entities subject to any covered order.
Two commenters claimed that the proposed rule did not contain any assessment of the
burden of the rule on entities large enough to be both not exempt and supervised (and so subject
to the Supervisory Reports Provisions) but small enough to satisfy the SBA’s definition of
“small.” This claim is not correct. The proposed rule contained analysis, comparable to the
analysis in this final rule above, on the effect of the Supervisory Reports Provisions on small

entities. This means that the proposed rule analyzed the effect of the Supervisory Reports
Provisions on small entities large enough to be impacted by it. The final rule here does the same.
3. Publication Provisions
For affected covered nonbanks, the main effect of the third set of provisions will be that
(1) their identifying information, (2) information regarding covered orders that they provide to
the Bureau, and (3) for supervised registered entities, the name and title of the attesting
executive, may be posted on the Internet by the Bureau.509 Much of this information would be
public even under the baseline, so the additional direct effect of this information being posted on
the Bureau’s website should be small.
However, because covered nonbanks will provide this information only if they are
subject to covered orders, consumers might interpret the presence of a covered nonbank on the
Bureau’s website as negative information about that covered nonbank. Therefore, these
provisions may have negative reputational costs for the covered nonbanks whose information is
published on the Bureau’s website. Yet covered orders would be public information even under
the baseline with no rule. Therefore, these provisions will not make public any non-public
orders. This will limit the likely costs on covered nonbanks of these provisions.
These provisions will allow certain information related to covered orders that is already
available to the general public to be centralized on the Bureau’s website. This will make the
information more readily accessible than it would otherwise be. A large body of research has
studied the circumstances under which providing consumers better access to information does,

As explained elsewhere in this preamble, the Bureau intends to publish this information but is retaining the
discretion not to publish the information based on operational considerations, such as resource constraints. The
analysis here assumes that the Bureau will effectuate its intended approach of publishing the stated information. If,
however, the Bureau were not to publish any of the information it collects under the final rule, the potential impacts
on small entities discussed in this section largely would not be realized—except that, to a more limited extent, some
of the impacts associated with the Publication Provisions could result from the Bureau’s sharing of registry
information with other government agencies under memorandums of understanding or other inter-agency
arrangements. Similarly, if the Bureau were to publish only a portion of the information that it currently intends to
publish, the Publication Provisions’ impacts on small entities likely would be more limited than the impacts
associated with the Bureau’s current publication plans.
and does not, improve consumer outcomes.510 One consensus from this research is that welldesigned information disclosures can be effective at directing consumer attention. For example,
one study found that providing certain borrowers with information about the costs of their loans
reduced borrowing.511 However, another consensus from this research is that information
disclosures do not always materially affect consumer decision-making, and that the impact of
information disclosures on consumer decision-making depends on their design and
implementation. Impactful information disclosures are typically more direct (e.g., disclosing the
costs of a particular type of loan to prospective borrowers) and more timely (e.g., disclosed to
prospective borrowers at the time they are obtaining a loan) than the information that will be
centralized and published under this final provision. Therefore, the Bureau believes that most
consumers will not change their behavior due to this final provision, so the impact of this final
provision on most affected entities will likely not be significant. The Bureau acknowledges that
the issues disclosed by a few covered orders may be so controversial among consumers that their
publication on the Bureau website could impose a substantial impact on the firms affected by
those orders. However, as noted above, covered orders would be public information even under
the baseline with no rule. Therefore, covered orders that disclose particularly controversial
practices would likely be well-known among consumers even under the baseline. As a result, the
Bureau believes that these final provisions are unlikely to have a significant economic impact on
a substantial number of small entities.
The SBA Office of Advocacy critiqued the analysis of the Publication Provisions in the
proposed rule as “confusing and contradictory” because it concluded that the Publication
Provisions could have a significant impact on a few small entities but would not have a
significant impact on a substantial number of small entities. But the possibility that a provision

For one review of this research, see Thomas A. Durkin and Gregory Elliehausen, Truth in Lending: Theory,
History, and a Way Forward (2011).
See Marianne Bertrand and Adair Morse, Information Disclosure, Cognitive Biases, and Payday Borrowing, 66
The Journal of Finance 1865, 1865–93 (2011).
may have a significant economic impact on a limited number of small entities does not mean that
the provision will have a significant economic impact on a substantial number of small entities.
Because the Bureau has found that few small entities would be significantly affected by the
Bureau’s re-publication through its registry of orders that are already public, the Bureau has
concluded that the possibility of such significant impacts in relatively rare cases does not indicate
that a SISNOSE exists. The Bureau’s conclusion about the impact of the Publication Provisions
is therefore neither confusing nor contradictory.
Another commenter argued that larger firms are more likely to have public relations
funding to counteract the negative publicity of appearing on the Bureau’s website, and so this
provision would have an especially large relative effect on small firms. The Bureau
acknowledges that larger firms are more likely to have more funding for public relations.
However, the Bureau also notes that larger firms are also more likely to attract attention from
consumers, regulators, the media, and other public parties. Hence the Bureau does not
necessarily agree that this provision would have an especially large relative cost for small firms.
Furthermore, even if a provision may have a somewhat larger effect on smaller firms, that does
not mean that the provision has a significant economic impact on a substantial number of small
entities. A relevant consideration in determining whether the provision here will have a
significant economic impact on a substantial number of small entities is the fraction of small
nonbank entities that will be significantly impacted by the provision. The commenter did not
provide such estimates.
For the reasons described above, the Bureau believes that no provision of the final rule
will have a significant economic impact on a substantial number of small entities. Moreover, the
impact of each provision is sufficiently small that the three provisions together will not have a
significant economic impact on a substantial number of small entities.
Accordingly, the Director certifies that this final rule will not have a significant economic
impact on a substantial number of small entities. Thus, a FRFA is not required for this final rule.

X.

Paperwork Reduction Act
Under the Paperwork Reduction Act of 1995 (PRA),512 Federal agencies are generally

required to seek approval from the Office of Management and Budget (OMB) for information
collection requirements prior to implementation. Under the PRA, the Bureau may not conduct
nor sponsor, and, notwithstanding any other provision of law, a person is not required to respond
to, an information collection unless the information collection displays a valid control number
assigned by OMB. The information collection requirements in this final rule are mandatory.
Certain information collected under these requirements may be made available to the public,
while other information would not be made available to the public, in accordance with applicable
law.
The collections of information contained in this rule, and identified as such, have been
submitted to OMB for review under section 3507(d) of the PRA. A complete description of the
information collection requirements (including the burden estimate methods) is provided in the
information collection request that the Bureau has submitted to OMB under the requirements of
the PRA. The information collection request submitted to OMB requesting approval under the
PRA for the information collection requirements contained herein is available at
www.regulations.gov as well as on OMB’s public-facing docket at www.reginfo.gov.
Title of Collection: Nonbank Registration—Agency and Court Orders Registration.
OMB Control Number: 3170–0076.
Type of Review: Request for approval of a new information collection.
Affected Public: Private sector.
Estimated Number of Respondents: 7,752.
Estimated Total Annual Burden Hours: 35 hours.

44 U.S.C. 3501 et seq.

In the notice of proposed rulemaking, the Bureau invited comments on: (a) Whether the
collection of information is necessary for the proper performance of the functions of the Bureau,
including whether the information will have practical utility; (b) the accuracy of the Bureau’s
estimate of the burden of the collection of information, including the validity of the methods and
the assumptions used; (c) ways to enhance the quality, utility, and clarity of the information to be
collected; and (d) ways to minimize the burden of the collection of information on respondents,
including through the use of automated collection techniques or other forms of information
technology. The comments on the rule generally, and those relating to its burdens and utility, are
summarized above. The Bureau is always interested in comments on its information collections,
and how to improve their utility and reduce their burdens. These may be made at
PRA_Comments@CFPB.gov.
XI.

Congressional Review Act
Pursuant to the Congressional Review Act,513 the Bureau will submit a report containing

this rule and other required information to the U.S. Senate, the U.S. House of Representatives,
and the Comptroller General of the United States at least 60 days prior to the rule’s published
effective date. The Office of Information and Regulatory Affairs has designated this rule as a
“major rule” as defined by 5 U.S.C. 804(2).
List of Subjects in 12 CFR Part 1092
Administrative practice and procedure, Consumer protection, Credit, Intergovernmental
relations, Law enforcement, Nonbank registration, Registration, Reporting and recordkeeping
requirements, Trade practices.
Authority and Issuance
For the reasons set forth above, the Bureau amends 12 CFR chapter X by adding part
1092 to read as follows:

5 U.S.C. 801 et seq.

PART 1092—NONBANK REGISTRATION
Subpart A—General
Sec.
1092.100 Authority and purpose.
1092.101 General definitions.
1092.102 Submission and use of registration information.
1092.103 Severability.
Subpart B—Registry of Nonbank Covered Persons Subject to Certain Agency and Court
Orders
1092.200 Scope and purpose.
1092.201 Definitions.
1092.202 Registration and submission of information regarding covered orders.
1092.203 Optional one-time registration of NMLS-published covered orders.
1092.204 Annual reporting requirements for supervised registered entities.
1092.205 Publication and correction of registration information.
1092.206 Nonbank registry implementation dates.
Subpart C—[Reserved]
Appendix A to Part 1092—List of State Covered Laws
Authority: 12 U.S.C. 5512(b) and (c); 12 U.S.C. 5514(b).
Subpart A—General
§ 1092.100 Authority and purpose.
(a) Authority. The regulation in this part is issued by the Bureau pursuant to section
1022(b) and (c) and section 1024(b) of the Consumer Financial Protection Act of 2010, codified
at 12 U.S.C. 5512(b) and (c), and 12 U.S.C. 5514(b).
(b) Purpose. The purpose of this part is to prescribe rules governing the registration of
nonbanks, and the collection and submission of registration information by such persons, and for
public release of the collected information as appropriate.
(1) This subpart contains general provisions and definitions used in this part.
(2) Subpart B of this part sets forth requirements regarding the registration of nonbanks
subject to certain agency and court orders.
§ 1092.101 General definitions.
For the purposes of this part, unless the context indicates otherwise, the following
definitions apply:

(a) Affiliate, consumer, consumer financial product or service, covered person, Federal
consumer financial law, insured credit union, person, related person, service provider, and State
have the same meanings as in 12 U.S.C. 5481.
(b) Bureau means the Consumer Financial Protection Bureau.
(c) Include, includes, and including mean that the items named may not encompass all
possible items that are covered, whether like or unlike the items named.
(d) Nonbank registry means the Bureau’s electronic registry identified and maintained by
the Bureau for the purposes of this part.
(e) Nonbank registry implementation date means, for a given requirement or subpart of
this part, or a given person or category of persons, the date(s) determined by the Bureau to
commence the operations of the nonbank registry in connection with that requirement or subpart.
§ 1092.102 Submission and use of registration information.
(a) Filing instructions. The Bureau shall specify the form and manner for electronic
filings and submissions to the nonbank registry that are required or made voluntarily under this
part. The Bureau also may provide for extensions of deadlines or time periods prescribed by this
part for persons affected by declared disasters or other emergency situations.
(b) Coordination or combination of systems. In administering the nonbank registry, the
Bureau may rely on information a person previously submitted to the nonbank registry under this
part and may coordinate or combine systems in consultation with State agencies as described in
12 U.S.C. 5512(c)(7)(C) and 12 U.S.C. 5514(b)(7)(D).
(c) Bureau use of registration information. The Bureau may use the information
submitted to the nonbank registry under this part to support its objectives and functions,
including in determining when to exercise its authority under 12 U.S.C. 5514 to conduct
examinations and when to exercise its enforcement powers under subtitle E of the Consumer
Financial Protection Act of 2010. However, this part does not alter any applicable process
whereby a person may dispute that it qualifies as a person subject to Bureau authority.

(d) Calculation of time periods. In computing any date or period of time prescribed by
this part, exclude the day of the event that triggers the period; count every day, including
intermediate Saturdays, Sundays, and Federal holidays; and include the last day of the period. If
any provision of this part would establish a deadline for an action that is a Saturday, Sunday, or
Federal holiday, the deadline is extended to the next day that is not a Saturday, Sunday, or
Federal holiday.
§ 1092.103 Severability.
If any provision of this part, or any application of a provision, is stayed or determined to
be invalid, the remaining provisions or applications are severable and shall continue in effect.
Subpart B—Registry of Nonbank Covered Persons Subject to Certain Agency and Court
Orders
§ 1092.200 Scope and purpose.
(a) Scope. This subpart requires nonbank covered persons that are subject to certain
public agency and court orders to register with the Bureau and to submit a copy of each such
public order to the Bureau. This subpart also requires certain nonbank covered persons that are
supervised by the Bureau to prepare and submit an annual written statement, signed by a
designated individual, regarding compliance with each such public order. Finally, this subpart
also describes the registration information the Bureau may make publicly available.
(b) Purpose. The purposes of the information collection requirements contained in this
subpart are:
(1) To support Bureau functions by monitoring for risks to consumers in the offering or
provision of consumer financial products or services, including developments in markets for
such products or services, pursuant to 12 U.S.C. 5512(c)(1);
(2) To prescribe rules regarding registration requirements applicable to nonbank covered
persons, pursuant to 12 U.S.C. 5512(c)(7);

(3) To facilitate the supervision of persons described in 12 U.S.C. 5514(a)(1), pursuant to
12 U.S.C. 5514(b);
(4) To assess and detect risks to consumers, pursuant to 12 U.S.C. 5514(b); and
(5) To ensure that persons described in 12 U.S.C. 5514(a)(1) are legitimate entities and
are able to perform their obligations to consumers, pursuant to 12 U.S.C. 5514(b).
§ 1092.201 Definitions.
For the purposes of this subpart, unless the context indicates otherwise, the following
definitions apply:
(a) Administrative information means contact information regarding persons subject to
this subpart and other information submitted or collected to facilitate the administration of the
nonbank registry including information submitted under §§ 1092.202(g) and 1092.204(f).
(b) Attesting executive means, with respect to any covered order regarding a supervised
registered entity, the individual designated by the supervised registered entity to perform the
supervised registered entity’s duties with respect to the covered order under § 1092.204.
(c) Covered law means a law listed in paragraphs (c)(1) through (6) of this section, to the
extent that the violation of law found or alleged arises out of conduct in connection with the
offering or provision of a consumer financial product or service:
(1) A Federal consumer financial law;
(2) Any other law as to which the Bureau may exercise enforcement authority;
(3) The prohibition on unfair or deceptive acts or practices under section 5 of the Federal
Trade Commission Act, 15 U.S.C. 45, or any rule or order issued for the purpose of
implementing that prohibition;
(4) A State law prohibiting unfair, deceptive, or abusive acts or practices that is identified
in appendix A to this part;
(5) A State law amending or otherwise succeeding a law identified in appendix A to this
part, to the extent that such law is materially similar to its predecessor; or

(6) A rule or order issued by a State agency for the purpose of implementing a prohibition
on unfair, deceptive, or abusive acts or practices contained in a State law described in paragraph
(c)(4) or (5) of this section.
(d) Covered nonbank means a covered person that is not any of the following:
(1) An insured depository institution or insured credit union;
(2) A person who is a covered person solely due to being a related person;
(3) A State;
(4) A natural person;
(5) A motor vehicle dealer that is predominantly engaged in the sale and servicing of
motor vehicles, the leasing and servicing of motor vehicles, or both, within the meaning of 12
U.S.C. 5519(a), except to the extent such a person engages in functions that are excepted from
the application of 12 U.S.C. 5519(a) as described in 12 U.S.C. 5519(b); or
(6) A person that qualifies as a covered person based solely on conduct that is the subject
of, and that is not otherwise exempted from, an exclusion from the Bureau’s rulemaking
authority under 12 U.S.C. 5517.
(e) Covered order—(1) In general. Covered order means a final public order issued by
an agency or court, whether or not issued upon consent, that:
(i) Identifies a covered nonbank by name as a party subject to the order;
(ii) Was issued at least in part in any action or proceeding brought by any Federal agency,
State agency, or local agency;
(iii) Contains public provisions that impose obligations on the covered nonbank to take
certain actions or to refrain from taking certain actions;
(iv) Imposes such obligations on the covered nonbank based on an alleged violation of a
covered law; and
(v) Has an effective date on or later than January 1, 2017.

(2) Exception. The term “covered order” does not include an order issued to a motor
vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the
leasing and servicing of motor vehicles, or both, within the meaning of 12 U.S.C. 5519(a),
except to the extent such order is in connection with the functions that are excepted from the
application of 12 U.S.C. 5519(a) as described in 12 U.S.C. 5519(b).
(f) Effective date means, in connection with a covered order, the effective date as
identified in the covered order; provided that if no other effective date is specified, then the date
on which the covered order was issued shall be treated as the effective date for purposes of this
subpart. If the issuing agency or a court stays or otherwise suspends the effectiveness of the
covered order, the effective date shall be delayed until such time as the stay or suspension of
effectiveness is lifted.
(g) Identifying information means existing information available to the covered nonbank
that uniquely identifies the covered nonbank, including the entity’s legal name, State (or other
jurisdiction) of incorporation or organization, principal place of business address, any doing
business as or fictitious business names, and any unique identifiers issued by a government
agency or standards organization.
(h) Insured depository institution has the same meaning as in 12 U.S.C. 5301(18)(A).
(i) Local agency means a regulatory or enforcement agency or authority of a county, city
(whether general law or chartered), city and county, municipal corporation, district, or other
political subdivision of a State, other than a State agency.
(j) NMLS means the Nationwide Multistate Licensing System.
(k) NMLS-published covered order means a covered order that is published on the NMLS
Consumer Access website, www.NMLSConsumerAccess.org, except that no covered order
issued or obtained at least in part by the Bureau shall be an NMLS-published covered order.
(l) Order includes any written order or judgment issued by an agency or court in an
investigation, matter, or proceeding.

(m) Public means, with respect to a covered order or any portion thereof, published by
the issuing agency or court, or required by any provision of Federal, State, or local law, rule, or
order to be published by the issuing agency or court. The term does not include orders or
portions of orders that constitute confidential supervisory information of any Federal, State, or
local agency.
(n) Registered entity means any person registered or required to be registered under this
subpart.
(o) Remain(s) in effect means, with respect to any covered order, that the covered
nonbank remains subject to public provisions that impose obligations on the covered nonbank to
take certain actions or to refrain from taking certain actions based on an alleged violation of a
covered law.
(p) State agency means the attorney general (or the equivalent thereof) of any State and
any other State regulatory or enforcement agency or authority.
(q) Supervised registered entity means a registered entity that is subject to supervision
and examination by the Bureau pursuant to 12 U.S.C. 5514(a) except as provided in paragraphs
(q)(1) through (4) of this section. For purposes of this definition, the term “subject to
supervision and examination by the Bureau pursuant to 12 U.S.C. 5514(a)” includes an entity
that qualifies as a larger participant of a market for consumer financial products or services under
any rule issued by the Bureau pursuant to 12 U.S.C. 5514(a)(1)(B) and (a)(2), or that is subject to
an order issued by the Bureau pursuant to 12 U.S.C. 5514(a)(1)(C). The term “supervised
registered entity” does not include:
(1) A service provider that is subject to Bureau examination and supervision solely in its
capacity as a service provider and that is not otherwise subject to Bureau supervision and
examination;
(2) A motor vehicle dealer that is predominantly engaged in the sale and servicing of
motor vehicles, the leasing and servicing of motor vehicles, or both, within the meaning of

12 U.S.C. 5519(a), except to the extent such a person engages in functions that are excepted from
the application of 12 U.S.C. 5519(a) as described in 12 U.S.C. 5519(b);
(3) A person that qualifies as a covered person based solely on conduct that is the subject
of, and that is not otherwise exempted from, an exclusion from the Bureau’s supervisory
authority under 12 U.S.C. 5517; or
(4) A person with less than $5 million in annual receipts resulting from offering or
providing all consumer financial products and services described in 12 U.S.C. 5514(a). For
purposes of this exclusion:
(i) The term “annual receipts” has the same meaning as that term has in 12 CFR
1090.104(a); and
(ii) A person’s receipts from offering or providing a consumer financial product or
service subject to a larger participant rule under 12 U.S.C. 5514(a)(1)(B) count as receipts for
purposes of the exclusion in this paragraph (q)(4) regardless of whether the person qualifies as a
larger participant.
§ 1092.202 Registration and submission of information regarding covered orders.
(a) Scope of registration requirement. This section shall apply only with respect to
covered orders with an effective date on or after the effective date of this subpart, or that remain
in effect as of the effective date of this subpart.
(b) Requirement to register and submit information regarding covered orders. (1) Each
covered nonbank that is identified by name as a party subject to a covered order described in
paragraph (a) of this section shall register as a registered entity with the nonbank registry in
accordance with this section if it is not already so registered, and shall provide or update, as
applicable, the information described in this subpart in the form and manner specified by the
Bureau.
(2) Each covered nonbank required to register under this section shall:

(i) Submit a filing containing the information described in paragraphs (c) and (d) of this
section to the nonbank registry within the later of 90 days after the applicable nonbank registry
implementation date under § 1092.206 or 90 days after the effective date of any applicable
covered order; and
(ii) Submit a revised filing amending any information described in paragraphs (c) and (d)
of this section to the nonbank registry within 90 days after any amendments are made to the
covered order or any of the information described in paragraph (c) or (d) of this section changes.
(c) Required identifying information and administrative information. A registered entity
shall provide all identifying information and administrative information required by the nonbank
registry. In filing instructions issued pursuant to § 1092.102(a), the Bureau may require that
covered nonbanks that are affiliates make joint or combined submissions under this section.
(d) Information regarding covered orders. A registered entity shall provide the following
information for each covered order subject to this section:
(1) A fully executed, accurate, and complete copy of the covered order, in a format
specified by the Bureau; provided that any portions of a covered order that are not public shall
not be submitted, and these portions shall be clearly marked on the copy submitted;
(2) In connection with each applicable covered order, information identifying:
(i) The agency(ies) and court(s) that issued or obtained the covered order, as applicable;
(ii) The effective date of the covered order;
(iii) The date of expiration, if any, of the covered order, or a statement that there is none;
(iv) All covered laws found to have been violated or, for orders issued upon the parties’
consent, alleged to have been violated; and
(v) Any docket, case, tracking, or other similar identifying number(s) assigned to the
covered order by the applicable agency(ies) or court(s).
(3) If the registered entity is a supervised registered entity, the name and title of its
attesting executive for purposes of § 1092.204 with respect to the covered order.

(e) Expiration of covered order status. A covered order shall cease to be a covered order
for purposes of this subpart as of the later of:
(1) Ten years after its effective date; or
(2) If the covered order expressly provides for a termination date more than ten years
after its effective date, the expressly provided termination date.
(f) Requirement to submit revised and final filings with respect to certain covered orders.
(1) If a covered order is terminated, modified, or abrogated (whether by its own terms, by action
of the applicable agency, or by a court), or if an order ceases to be a covered order for purposes
of this subpart by operation of paragraph (e) of this section, the registered entity shall submit a
revised filing to the nonbank registry within 90 days after the effective date of such termination,
modification, or abrogation, or the date such order ceases to be a covered order.
(2) If, due to such termination, modification, or abrogation of a covered order, or due to
the application of paragraph (e) of this section, the order no longer remains in effect or is no
longer a covered order, then, following its final filing under paragraph (f)(1) of this section with
respect to such covered order, the registered entity will have no further obligation to update its
filing or to file written statements with respect to such covered order under this subpart.
(g) Notification by certain persons of non-registration under this section. A person may
submit a notice to the nonbank registry stating that it is not registering pursuant to this section
because it has a good-faith basis to believe that it is not a covered nonbank or that an order in
question is not a covered order. Such person shall promptly comply with this section upon
becoming aware of facts or circumstances that would not permit it to continue representing that it
has a good-faith basis to believe that it is not a covered nonbank or that an order in question is
not a covered order.
§ 1092.203 Optional one-time registration of NMLS-published covered orders.
(a) One-time registration option with respect to an NMLS-published covered order. With
respect to any NMLS-published covered order, a covered nonbank that is identified by name as a

party subject to the order may elect to comply with the one-time registration option described in
this section in lieu of complying with the requirements of §§ 1092.202 and 1092.204.
(b) Information to be provided. The covered nonbank, in the form and manner specified
by the Bureau, shall provide such information that the Bureau determines is appropriate for the
purpose of identifying the covered nonbank and the NMLS-published covered order, and
otherwise for the purpose of coordinating the nonbank registry with the NMLS.
(c) No further obligation to provide or update information with respect to the NMLSpublished covered order. Upon providing such information, the covered nonbank shall have no
further obligation under this subpart to provide information to, or update information provided
to, the nonbank registry regarding the NMLS-published covered order.
§ 1092.204 Annual reporting requirements for supervised registered entities.
(a) Scope of annual reporting requirements. (1) This section shall apply only with respect
to covered orders with an effective date on or after the applicable nonbank registry
implementation date under § 1092.206 and as to which information is provided or required to be
provided under § 1092.202.
(2) A supervised registered entity is not required to comply with this section with respect
to any NMLS-published covered order for which it chooses to comply with the one-time
registration option described in § 1092.203.
(b) Requirement to designate attesting executive. Subject to paragraph (a) of this section,
a supervised registered entity subject to a covered order shall designate as its attesting executive
for the covered order for purposes of this subpart its highest-ranking duly appointed senior
executive officer (or, if the supervised registered entity does not have any duly appointed
officers, the highest-ranking individual charged with managerial or oversight responsibility for
the supervised registered entity) whose assigned duties include ensuring the supervised
registered entity’s compliance with Federal consumer financial law, who has knowledge of the
entity’s systems and procedures for achieving compliance with the covered order, and who has

control over the entity’s efforts to comply with the covered order. The supervised registered
entity shall annually designate one attesting executive for each such covered order to which it is
subject and for all submissions and other purposes related to that covered order under this
subpart. The supervised registered entity shall authorize the attesting executive to perform the
duties of an attesting executive on behalf of the supervised registered entity with respect to the
covered order as required in this section, including submitting the written statement described in
paragraph (d) of this section.
(c) Requirement to provide attesting executive(s) with access to documents and
information. A supervised registered entity subject to this section shall provide its attesting
executive(s) with prompt access to all documents and information related to the supervised
registered entity’s compliance with all applicable covered order(s) as necessary to make the
written statement(s) required in paragraph (d) of this section.
(d) Annual requirement to submit written statement to the Bureau for each covered order.
On or before March 31 of each calendar year, the supervised registered entity shall, in the form
and manner specified by the Bureau, submit to the nonbank registry a written statement with
respect to each covered order described in paragraph (a)(1) of this section to which it is
subject. The written statement shall be signed by the attesting executive on behalf of the
supervised registered entity. In the written statement, the attesting executive shall:
(1) Generally describe the steps that the attesting executive has undertaken to review and
oversee the supervised registered entity’s activities subject to the applicable covered order for the
preceding calendar year; and
(2) Attest whether, to the attesting executive’s knowledge, the supervised registered
entity during the preceding calendar year identified any violations or other instances of
noncompliance with any obligations that were imposed in a public provision of the covered order
by the applicable agency or court based on a violation of a covered law.

(e) Requirement to maintain and make available related records. A supervised registered
entity shall maintain documents and other records sufficient to provide reasonable support for its
written statement under paragraph (d) of this section and to otherwise demonstrate compliance
with the requirements of this section with respect to any submission under this section, for five
years after such submission is required. The supervised registered entity shall make such
documents and other records available to the Bureau upon request.
(f) Notification of entity’s good-faith belief that requirements do not apply. A person
may submit a notice to the nonbank registry stating that it is neither designating an attesting
executive nor submitting a written statement pursuant to this section because it has a good-faith
basis to believe that it is not a supervised registered entity or that an order in question is not a
covered order. Such person shall promptly comply with this section upon becoming aware of
facts or circumstances that would not permit it to continue representing that it has a good-faith
basis to believe that it is not a supervised registered entity or that an order in question is not a
covered order.
§ 1092.205 Publication and correction of registration information.
(a) Internet publication of registration information. The Bureau may make available to
the public the information submitted to the nonbank registry pursuant to §§ 1092.202 and
1092.203 by means that include publishing such information on the Bureau’s publicly available
Internet site within a timeframe determined by the Bureau in its discretion, except that:
(1) The publication described in this paragraph (a) will not include the written statement
submitted under § 1092.204, which will be treated as Bureau confidential supervisory
information subject to the provisions of 12 CFR part 1070 of this chapter; and
(2) The publication described in this paragraph (a) will not include administrative
information.
(b) Other publications of information. In addition to the publication described in
paragraph (a) of this section, the Bureau may, at its discretion, compile and aggregate

information submitted by persons pursuant to this subpart and make any compilations or
aggregations of such information publicly available as the Bureau deems appropriate.
(c) Correction of submissions to the nonbank registry. If any information submitted to
the nonbank registry under this subpart was inaccurate when submitted and remains inaccurate,
the covered nonbank shall file a corrected report in the form and manner specified by the Bureau
within 30 days after the date on which such covered nonbank becomes aware or has reason to
know of the inaccuracy. In addition, the Bureau may at any time and in its discretion direct a
covered nonbank to correct errors or other non-compliant submissions to the nonbank registry
made under this subpart.
§ 1092.206 Nonbank registry implementation dates.
(a) Applicable dates. The applicable nonbank registry implementation date for purposes
of this subpart shall be as follows:
(1) For a covered nonbank that is a larger participant of a market for consumer financial
products or services described under 12 U.S.C. 5514(a)(1)(B) as defined by one or more rules
issued by the Bureau, 30 days after this subpart takes effect with respect to that covered
nonbank;
(2) For a covered nonbank described under any other provision of 12 U.S.C. 5514(a)(1),
120 days after this subpart takes effect with respect to that covered nonbank; and
(3) For any other covered nonbank, 210 days after this subpart takes effect with respect to
that covered nonbank.
(b) Calculation of dates. If paragraph (a) of this section would establish a nonbank
registry implementation date on a date that is a Saturday, Sunday, or Federal holiday, the
applicable nonbank registry implementation date will be the next day that is not a Saturday,
Sunday, or Federal holiday.

Subpart C—[Reserved]
APPENDIX A TO PART 1092 —LIST OF STATE COVERED LAWS
Alabama
•

Ala. Code sec. 5–18A–13(j).

•

Ala. Code sec. 8–19–5.
Alaska

•

Alaska Stat. sec. 06.20.200.

•

Alaska Stat. sec. 06.40.090.

•

Alaska Stat. sec. 06.60.320.

•

Alaska Stat. sec. 06.60.340.

•

Alaska Stat. sec. 45.50.471.
Arizona

•

Ariz. Rev. Stat. sec. 6–611.

•

Ariz. Rev. Stat. sec. 6–710(8).

•

Ariz. Rev. Stat. sec. 6–909(C).

•

Ariz. Rev. Stat. sec. 6–947(D).

•

Ariz. Rev. Stat. sec. 6–984(D).

•

Ariz. Rev. Stat. sec. 6–1309(A).

•

Ariz. Rev. Stat. sec. 44–1522(A).

•

Ariz. Rev. Stat. sec. 44–1703(4).
Arkansas

•

Ark. Code Ann. sec. 4–75–208(a).

•

Ark. Code Ann. sec. 4–88–107.

•

Ark. Code Ann. sec. 4–88–108(a)(1).

•

Ark. Code Ann. sec. 4–88–304(a).

•

Ark. Code Ann. sec. 4–90–705.

•

Ark. Code Ann. sec. 4–107–203.

•

Ark. Code Ann. sec. 4–112–101 to 4–112–114.

•

Ark. Code Ann. sec. 4–115–102.

•

Ark. Code Ann. sec. 23–39–405.
California

•

Cal. Bus. & Prof. Code sec. 17200 to 17209.

•

Cal. Bus. & Prof. Code sec. 17500.

•

Cal. Civ. Code sec. 1770.

•

Cal. Civ. Code sec. 1788.101(a), (b)(1), (7), (8), (9), (10).

•

Cal. Fin. Code sec. 4995.3(b).

•

Cal. Fin. Code sec. 22755(b), (i).

•

Cal. Fin. Code sec. 90003.
Colorado

•

Colo. Rev. Stat. sec. 5–3.1–121.

•

Colo. Rev. Stat. sec. 5–20–109(b).

•

Colo. Rev. Stat. sec. 6–1–105.
Connecticut

•

Conn. Gen. Stat. sec. 36a–267.

•

Conn. Gen. Stat. sec. 36a–498(g)(2).

•

Conn. Gen. Stat. sec. 36a–539(d)(2), (6).

•

Conn. Gen. Stat. sec. 36a–561(3), (4).

•

Conn. Gen. Stat. sec. 36a–580 to 36a–589.

•

Conn. Gen. Stat. sec. 36a–607(c)(2)(5).

•

Conn. Gen. Stat. sec. 36a–646.

•

Conn. Gen. Stat. sec. 36a–700.

•

Conn. Gen. Stat. sec. 42–110b.

•

Conn. Gen. Stat. sec. 42–240 to 42–253.
Delaware

•

Del. Code Ann. tit. 5, sec. 2114.

•

Del. Code Ann. tit. 5, sec. 2209(a)(3).

•

Del. Code Ann. tit. 5, sec. 2315(a)(3).

•

Del. Code Ann. tit. 5, sec. 2418(2), (9).

•

Del. Code Ann. tit. 5, sec. 2904(a)(3).

•

Del. Code Ann. tit. 6, sec. 2513.

•

Del. Code Ann. tit. 6, sec. 2532, 2533.
District of Columbia

•

D.C. Code sec. 26–1114(d)(2), (9).

•

D.C. Code sec. 28–3814.

•

D.C. Code sec. 28–3904.
Florida

•

Fla. Stat. sec. 501.97.

•

Fla. Stat. sec. 501.204.

•

Fla. Stat. sec. 560.114(1)(d).

•

Fla. Stat. sec. 560.309(10).

•

Fla. Stat. sec. 560.406(2).

•

Fla. Stat. sec. 687.141(2), (3).

•

Fla. Stat. sec. 817.801 to 817.806.
Georgia

•

Ga. Code Ann. sec. 7–7–2(1), (3), (4).

•

Ga. Code Ann. sec. 10–1–372.

•

Ga. Code Ann. sec. 10–1–393.

Hawaii
•

Haw. Rev. Stat. sec. 443B–18.

•

Haw. Rev. Stat. sec. 454F–17(2), (9), (14).

•

Haw. Rev. Stat. sec. 477E–1 to 477E–6.

•

Haw. Rev. Stat. sec. 480–2.

•

Haw. Rev. Stat. sec. 480J–45(7), (10).

•

Haw. Rev. Stat. sec. 481A–3.

•

Haw. Rev. Stat. sec. 489D–23(2), (4).
Idaho

•

Idaho Code sec. 26–31–317(2), (9).

•

Idaho Code sec. 26–2505(2).

•

Idaho Code sec. 28–46–413(8).

•

Idaho Code sec. 48–603.

•

Idaho Code sec. 48–603A.
Illinois

•

815 Ill. Comp. Stat. sec. 122/4–5(3), (8).

•

815 Ill. Comp. Stat. sec. 505/2 to 505/2AAAA.

•

815 Ill. Comp. Stat. sec. 510/2.

•

815 Ill. Comp. Stat. sec. 635/7–13(2), (9).
Indiana

•

Ind. Code sec. 24–4.4–3–104.6(b), (i).

•

Ind. Code sec. 24–4.5–7–410(c), (g).

•

Ind. Code sec. 24–5–0.5–3.

•

Ind. Code sec. 24–5–0.5–10.
Iowa

•

Iowa Code sec. 535D.17(2), (9).

•

Iowa Code sec. 537.3209(1).

•

Iowa Code sec. 538A.3(4).

•

Iowa Code sec. 714.16(2)(a).

•

Iowa Code sec. 714H.3.
Kansas

•

Kan. Stat. Ann. sec. 50–626.

•

Kan. Stat. Ann. sec. 50–1017(2), (3).
Kentucky

•

Ky. Rev. Stat. Ann. sec. 286.9–100(7).

•

Ky. Rev. Stat. Ann. sec. 286.11–039(f).

•

Ky. Rev. Stat. Ann. sec. 286.12–110(1)(a)(4).

•

Ky. Rev. Stat. Ann. sec. 365.050.

•

Ky. Rev. Stat. Ann. sec. 367.170.

•

Ky. Rev. Stat. Ann. sec. 367.381(2).

•

Ky. Rev. Stat. Ann. sec. 380.010 to 380.990.
Louisiana

•

La. Rev. Stat. Ann. sec. 6:1055.

•

La. Rev. Stat. Ann. sec. 6:1092(D)(2), (9).

•

La. Rev. Stat. Ann. sec. 6:1393(A)(3)(b).

•

La. Rev. Stat. Ann. sec. 6:1412(A)(2).

•

La. Rev. Stat. Ann. sec. 9:3574.3(2), (3).

•

La. Rev. Stat. Ann. sec. 51:1405.

•

La. Rev. Stat. Ann. sec. 51:1915.
Maine

•

Me. Rev. Stat. tit. 5, sec. 207.

•

Me. Rev. Stat. tit. 9–A, sec. 5–118(2), (3), (4).

•

Me. Rev. Stat. tit. 9–B, sec. 242.

•

Me. Rev. Stat. tit. 10, sec. 1212.

•

Me. Rev. Stat. tit. 32, sec. 6155(1).

•

Me. Rev. Stat. tit. 32, sec. 6198(5).
Maryland

•

Md. Code Ann., Com. Law sec. 12–1208(2).

•

Md. Code Ann., Com. Law sec. 13–303.

•

Md. Code Ann., Com. Law sec. 14–1302(b).

•

Md. Code Ann., Com. Law sec. 14–1323.

•

Md. Code Ann., Com. Law sec. 14–1914(a).

•

Md. Code Ann., Com. Law sec. 14–3807.

•

Md. Code Ann., Educ. sec. 26–601 to 26–604.

•

Md. Code Ann., Fin. Inst. sec. 12–1001 to 12–1017.

•

Md. Code Ann., Real Prop. sec. 7-501 to 7-511.
Massachusetts

•

Mass. Gen. Laws ch. 93, sec. 105(d).

•

Mass. Gen. Laws ch. 93A, sec. 2.

•

Mass. Gen. Laws ch. 93L, sec. 8.
Michigan

•

Mich. Comp. Laws sec. 445.903.

•

Mich. Comp. Laws sec. 445.1823(e).
Minnesota

•

Minn. Stat. sec. 58B.07(2).

•

Minn. Stat. sec. 325D.09.

•

Minn. Stat. sec. 325D.44.

•

Minn. Stat. sec. 325F.67.

•

Minn. Stat. sec. 325F.69.

•

Minn. Stat. sec. 332A.02–332A.19.
Mississippi

•

Miss. Code Ann. sec. 75–24–5.

•

Miss. Code Ann. sec. 75–67–109.

•

Miss. Code Ann. sec. 75–67–445.

•

Miss. Code Ann. sec. 75–67–516.

•

Miss. Code Ann. sec. 75–67–617.

•

Miss. Code Ann. sec. 81–18–27(h).

•

Miss. Code Ann. sec. 81–19–23(b)(i).
Missouri

•

Mo. Rev. Stat. sec. 407.020.

•

Mo. Rev. Stat. sec. 443.737(2), (9).
Montana

•

Mont. Code Ann. sec. 30–14–103.

•

Mont. Code Ann. sec. 30–14–2001 to 30–14–2015.

•

Mont. Code Ann. sec. 30–14–2103(1)(f).

•

Mont. Code Ann. sec. 31–1–723(5), (7), (18).

•

Mont. Code Ann. sec. 31–1–724(2).

•

Mont. Code Ann. sec. 32–5–309.
Nebraska

•

Neb. Rev. Stat. sec. 45–804(5).

•

Neb. Rev. Stat. sec. 45–812.

•

Neb. Rev. Stat. sec. 45–919(1)(j).

•

Neb. Rev. Stat. sec. 59–1602.

•

Neb. Rev. Stat. sec. 87–302.

Nevada
•

Nev. Rev. Stat. sec. 598.746(5).

•

Nev. Rev. Stat. sec. 598.787.

•

Nev. Rev. Stat. sec. 598.0915 to 598.0925.

•

Nev. Rev. Stat. sec. 604A.5021(5), (6).

•

Nev. Rev. Stat. sec. 604A.5049(5), (6).

•

Nev. Rev. Stat. sec. 604A.5072(5), (6).

•

Nev. Rev. Stat. sec. 604A.582.

•

Nev. Rev. Stat. sec. 604A.592.

•

Nev. Rev. Stat. sec. 675.280.
New Hampshire

•

N.H. Rev. Stat. Ann. sec. 358–A:2.

•

N.H. Rev. Stat. Ann. sec. 383:10–h.

•

N.H. Rev. Stat. Ann. sec. 397–A:14(g), (n).

•

N.H. Rev. Stat. Ann. sec. 399–A:14(I).

•

N.H. Rev. Stat. Ann. sec. 399–F:4(III).
New Jersey

•

N.J. Stat. Ann. sec. 17:11C–41(g).

•

N.J. Stat. Ann. sec. 17:16F–39(b).

•

N.J. Stat. Ann. sec. 17:16ZZ–9(b).

•

N.J. Stat. Ann. sec. 56:8–2.
New Mexico

•

N.M. Stat. Ann. sec. 57–12–3.

•

N.M. Stat. Ann. sec. 58–7–8(C).

•

N.M. Stat. Ann. sec. 58–15–3(G).

•

N.M. Stat. Ann. sec. 58–21–21.

•

N.M. Stat. Ann. sec. 58–21A–12.

•

N.M. Stat. Ann. sec. 58–21B–13(C)(2), (9).
New York

•

N.Y. Banking Law sec. 719(2), (9).

•

N.Y. Exec. Law sec. 63(12).

•

N.Y. Fin. Serv. sec. 702(i).

•

N.Y. Gen. Bus. Law sec. 349.

•

N.Y. Gen. Bus. Law sec. 458–e.

•

N.Y. Gen. Bus. Law sec. 458–h.

•

N.Y. Gen. Bus. Law sec. 521–d.

•

N.Y. Gen. Bus. Law sec. 741.

•

N.Y. Real Prop. Law sec. 280–b(2).
North Carolina

•

N.C. Gen. Stat. sec. 25A–44(4).

•

N.C. Gen. Stat. sec. 53–180(g).

•

N.C. Gen. Stat. sec. 53–270(4).

•

N.C. Gen. Stat. sec. 66–106 to 66–112.

•

N.C. Gen. Stat. sec. 75–1.1.

•

N.C. Gen. Stat. sec. 75–121.

•

N.C. Gen. Stat. sec. 75–122.
North Dakota

•

N.D. Cent. Code sec. 13–04.1–09(4), (10).

•

N.D. Cent. Code sec. 13–08–12(9).

•

N.D. Cent. Code sec. 13–10–17(2).

•

N.D. Cent. Code sec. 13–11–23(1)(p).

•

N.D. Cent. Code sec. 51–15–02.

•

N.D. Cent. Code sec. 51–15–02.3.
Ohio

•

Ohio Rev. Code Ann. sec. 1321.11.

•

Ohio Rev. Code Ann. sec. 1321.41(N).

•

Ohio Rev. Code Ann. sec. 1321.44.

•

Ohio Rev. Code Ann. sec. 1321.60(A).

•

Ohio Rev. Code Ann. sec. 1321.651(B).

•

Ohio Rev. Code Ann. sec. 1322.40(I).

•

Ohio Rev. Code Ann. sec. 1345.02.

•

Ohio Rev. Code Ann. sec. 1345.21 to 1345.28.

•

Ohio Rev. Code Ann. sec. 4165.02.

•

Ohio Rev. Code Ann. sec. 4710.02(F)(1).

•

Ohio Rev. Code Ann. sec. 4710.04.
Oklahoma

•

Okla. Stat. Ann. tit. 15, sec. 753(21), (29).

•

Okla. Stat. Ann. tit. 59, sec. 2095.18(2), (9).

•

Okla. Stat. Ann. tit. 59, sec. 3111.

•

Okla. Stat. Ann. tit. 78, sec. 53.
Oregon

•

Or. Rev. Stat. sec. 86A.163.

•

Or. Rev. Stat. sec. 86A.236(3), (5), (13).

•

Or. Rev. Stat. sec. 646.607.

•

Or. Rev. Stat. sec. 646.608(1)(d), (u).

•

Or. Rev. Stat. sec. 646A.720(10).

•

Or. Rev. Stat. sec. 725.060.

•

Or. Rev. Stat. sec. 725A.058.
Pennsylvania

•

7 PA. Cons. Stat. sec. 6123(a)(3).

•

18 PA. Cons. Stat. sec. 7311(b.1).

•

73 PA. Cons. Stat. sec. 201–3.

•

73 PA. Cons. Stat. sec. 2183(4).

•

73 PA. Cons. Stat. sec. 2188(c)(2).

•

73 PA. Cons. Stat. sec. 2270.4.

•

73 PA. Cons. Stat. sec. 2270.5.

•

73 PA. Cons. Stat. sec. 2501 to 2511.
Rhode Island

•

R.I. Gen. Laws sec. 5–80–8(5).

•

R.I. Gen. Laws sec. 6–13.1–2.

•

R.I. Gen. Laws sec. 6–13.1–21 to 6–13.1–23.

•

R.I. Gen. Laws sec. 6–13.1–25.

•

R.I. Gen. Laws sec. 6–13.1–30.

•

R.I. Gen. Laws sec. 19–14–21(a).

•

R.I. Gen. Laws sec. 19–14.3–3.8(8), (9).

•

R.I. Gen. Laws sec. 19–14.8–28(a)(16).

•

R.I. Gen. Laws sec. 19–14.10–17(2), (9).

•

R.I. Gen. Laws sec. 19–14.11–4(2).

•

R.I. Gen. Laws sec. 19–33–12(2).
South Carolina

•

S.C. Code Ann. sec. 34–29–120.

•

S.C. Code Ann. sec. 34–36–10 to 34–36–80.

•

S.C. Code Ann. sec. 34–39–200(3), (5).

•

S.C. Code Ann. sec. 34–41–80(3), (5).

•

S.C. Code Ann. sec. 37–2–304(1).

•

S.C. Code Ann. sec. 37–3–304(1).

•

S.C. Code Ann. sec. 37–6–118.

•

S.C. Code Ann. sec. 37–7–101 to 37–7–122.

•

S.C. Code Ann. sec. 39–5–20.
South Dakota

•

S.D. Codified Laws sec. 37–24–6.

•

S.D. Codified Laws sec. 37–25A–43.

•

S.D. Codified Laws sec. 54–4–63.
Tennessee

•

Tenn. Code Ann. sec. 45–13–401(8).

•

Tenn. Code Ann. sec. 45–17–112(k).

•

Tenn. Code Ann. sec. 45–18–121(g).

•

Tenn. Code Ann. sec. 47–16–101 to 47–16–110.

•

Tenn. Code Ann. sec. 47–18–104.

•

Tenn. Code Ann. sec. 47–18–120.

•

Tenn. Code Ann. sec. 47–18–1003(4).

•

Tenn. Code Ann. sec. 47–18–5402(a)(1).
Texas

•

Tex. Bus. & Com. Code Ann. sec. 17.46.

•

Tex. Bus. & Com. Code Ann. sec. 17.50.

•

Tex. Bus. & Com. Code Ann. sec. 17.501.

•

Tex. Fin. Code Ann. sec. 180.153(2), (11).

•

Tex. Fin. Code Ann. sec. 308.002.

•

Tex. Fin. Code Ann. sec. 341.403.

•

Tex. Fin. Code Ann. sec. 392.303 to 392.304.

•

Tex. Fin. Code Ann. sec. 393.305.

•

Tex. Fin. Code Ann. sec. 394.207.

•

Tex. Fin. Code Ann. sec. 394.212(a)(9).
Utah

•

Utah Code Ann. sec. 13–11–4.

•

Utah Code Ann. sec. 13–11–4.1.

•

Utah Code Ann. sec. 13–11a–4.

•

Utah Code Ann. sec. 13–21–3(1)(g).
Vermont

•

Vt. Stat. Ann. tit. 8, sec. 2121.

•

Vt. Stat. Ann. tit. 8, sec. 2241(2), (9).

•

Vt. Stat. Ann. tit. 8, sec. 2251 to 2260.

•

Vt. Stat. Ann. tit. 8, sec. 2760b(b).

•

Vt. Stat. Ann. tit. 8, sec. 2922.

•

Vt. Stat. Ann. tit. 9, sec. 2453.

•

Vt. Stat. Ann. tit. 9, sec. 2481w(b), (c), (d).
Virginia

•

Va. Code. Ann. sec. 6.2–1524(B).

•

Va. Code. Ann. sec. 6.2–1614(8)(a).

•

Va. Code. Ann. sec. 6.2–1629(A).

•

Va. Code. Ann. sec. 6.2–1715(A)(1).

•

Va. Code. Ann. sec. 6.2–1816(26).

•

Va. Code. Ann. sec. 6.2–1819(A).

•

Va. Code. Ann. sec. 6.2–2017.

•

Va. Code. Ann. sec. 6.2–2107(3), (4).

•

Va. Code. Ann. sec. 6.2–2610(A)(2), (C).

•

Va. Code. Ann. sec. 59.1–200(A).

•

Va. Code. Ann. sec. 59.1–335.5(4).
Washington

•

Wash. Rev. Code sec. 18.28.120(6).

•

Wash. Rev. Code sec. 18.44.301(2), (4).

•

Wash. Rev. Code sec. 19.16.110.

•

Wash. Rev. Code sec. 19.16.250.

•

Wash. Rev. Code sec. 19.16.260.

•

Wash. Rev. Code sec. 19.16.440.

•

Wash. Rev. Code sec. 19.86.020.

•

Wash. Rev. Code sec. 19.134.020(1)(e).

•

Wash. Rev. Code sec. 19.146.0201(2), (7).

•

Wash. Rev. Code sec. 19.144.080(1)(a)(ii).

•

Wash. Rev. Code sec. 19.146.100.

•

Wash. Rev. Code sec. 19.230.340(2), (4).

•

Wash. Rev. Code sec. 19.265.050(3).

•

Wash. Rev. Code sec. 31.04.027.

•

Wash. Rev. Code sec. 31.45.105(1)(a), (b).
West Virginia

•

W. Va. Code sec. 31–17–10.

•

W. Va. Code sec. 31–17A–16(2), (9).

•

W. Va. Code sec. 32A–2–26.

•

W. Va. Code sec. 46A–6–104.

•

W. Va. Code sec. 46A–6C–3(4).
Wisconsin

•

Wis. Stat. sec. 100.18.

•

Wis. Stat. sec. 100.20.

•

Wis. Stat. sec. 100.55(3).

•

Wis. Stat. sec. 138.14(12)(e).

•

Wis. Stat. sec. 224.77(1)(b), (c).

•

Wis. Stat. sec. 422.503(c).

•

Wis. Stat. sec. 423.301.

•

Wis. Stat. sec. 427.104(1)(m).
Wyoming

•

Wyo. Stat. Ann. sec. 40–12–105.

Rohit Chopra,
Director, Consumer Financial Protection Bureau.
[FR Doc. 2024-12689 Filed: 7/5/2024 8:45 am; Publication Date: 7/8/2024]