Consumer Compliance Outlook > 2025 > First Issue 2025

Consumer Compliance Outlook: First Issue 2025

Common Community Reinvestment Act (Regulation BB) Data Collection and Reporting Violations in the Federal Reserve System

By Alinda Murphy, Former Lead Examiner, Federal Reserve Bank of Kansas City

A review of Federal Reserve examination data indicates that violations of the small business and small farm data collection and reporting requirements of Regulation BB,¹ the Federal Reserve’s implementing regulation for the Community Reinvestment Act (CRA) for the state member banks it supervises, were the most common Regulation BB violations in 2024.² To facilitate compliance, this article reviews the violations and discusses sound practices to mitigate the root causes of the violations.³

The CRA requires the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency (the agencies) to periodically evaluate the insured depository institutions (banks)⁴ they supervise to assess whether they are meeting the credit needs of their entire communities, including low- and moderate-income neighborhoods, consistent with safe and sound banking operations.⁵ The agencies’ CRA regulations provide different methods to evaluate a bank’s CRA performance depending on its asset size⁶ and business strategy:

• Small banks — those with assets of less than $402 million as of December 31 of either of the prior two calendar years — are evaluated under a lending test.
• Intermediate small banks — those with assets of at least $402 million as of December 31 of both of the prior two calendar years and less than $1.609 billion as of December 31 of either of the prior two calendar years — are evaluated under the lending test for small banks and a community development test.
• Large banks — those with assets of more than $1.609 billion as of December 31 of both of the prior two calendar years — are evaluated under separate lending, investment, and service tests.
• Designated wholesale banks (defined as banks not in the business of extending home mortgage, small business, small farm, or consumer loans to retail customers)⁷ and limited purpose banks (defined as banks offering only a narrow product line to a regional or broader market)⁸ are evaluated under a standalone community development test.
• Banks of any size may elect to be evaluated under a strategic plan⁹ that sets out measurable, annual goals for lending, investment, and service activities and must be developed with community input and approved by the appropriate federal banking agency.

To facilitate the agencies’ CRA analysis, large banks are required to annually report certain data on community development loans, small business loans, and small farm loans (small banks and intermediate small banks are not required to report these data unless they opt into being evaluated under the large bank lending test). In addition, if a large bank reports loans under the Home Mortgage Disclosure Act, it must also report the location of applications, originations, or purchases of covered loans outside the metropolitan statistical areas (MSAs) in which the bank has a home or branch office (or outside any MSA).

REGULATION BB DATA COLLECTION COMPLIANCE VIOLATIONS

In 2024, examiners frequently cited the following violations of small business and small farm data collection requirements:

• Reporting incorrect loan amounts¹⁰
• Reporting incorrect census tracts¹¹
• Reporting incorrect revenue codes¹²

REGULATORY REQUIREMENTS

Data collection, reporting, and disclosure: 12 C.F.R. §228.42(a)(2)–(4)*

“(a) Loan information required to be collected and maintained. A bank, except a small bank, shall collect, and maintain in machine readable form (as prescribed by the Board) until the completion of its next CRA examination, the following data for each small business or small farm loan originated or purchased by the bank: …

(2) The loan amount at origination;

(3) The loan location; and

(4) An indicator whether the loan was to a business or farm with gross annual revenues of $1 million or less.”

* Because the agencies are rescinding their 2024 amendment to the CRA regulations, the prior version applies.

Reporting Inaccurate Loan Amounts

Examiners observed errors resulting from bank software pulling information from the wrong core system data fields and inadvertent manual input failures. The errors were primarily attributed to the lack of a process for periodically validating the accuracy of data input by bank software systems and to weak bank controls and secondary review processes that did not verify collected data against source documents.

Reporting Wrong Loan Locations

Examiners found census tract data based on the residential address of the business or farm owner; however, banks are expected to document the census tract where the main business facility or farm is located or where the loan proceeds otherwise will be applied.¹³ In other instances, bank software improperly geocoded addresses, or inadvertent errors occurred during manual input. The root causes for the violations included insufficient staff training in data collection requirements, inadequate controls and second review processes, and the lack of a process to periodically verify the accuracy of geocodes generated by software systems.

Reporting Incorrect Revenue Indicators

Errors included failing to document filing indicator code “1” when business or farm revenues were less than or equal to $1 million and code “2” when gross annual revenues were greater than $1 million. In other instances, “NA” was not included in the revenue indicator field when the bank did not collect gross annual revenue information from the business or farm. Examiners determined that the root causes of the violations were inadequate staff training and bank staff’s failure to compare collected data against supporting loan documentation during second reviews.

In summary, most of the top-cited Regulation BB data collection and reporting compliance violations occurred because of inadequate software monitoring, internal controls and second reviews, and staff compliance training. Examiners also attributed primary root causes to inadequate change management oversight with boards of directors not ensuring that banks reviewed and updated their compliance management systems to align with regulatory and filing requirements as well as changes in bank strategy, structure, staff, or software.

SOUND PRACTICES TO MITIGATE COMPLIANCE ISSUES

The table lists sound compliance practices examiners have observed and recommended to address the referenced types of CRA data collection and reporting violations.

Sound Compliance Practices

CONCLUDING REMARKS

This article describes the most common Federal Reserve System CRA examination violations relating to data collection and reporting requirements for large banks and recommends sound compliance practices to help banks address the root causes of those violations and mitigate risks. Banks with questions about CRA data collection and reporting requirements should contact their primary federal regulator.

ENDNOTES

¹ See 12 C.F.R. Part 228. The CRA implementing regulations of the Federal Deposit Insurance Corporation (12 C.F.R. Part 345) and the Office of the Comptroller of the Currency (12 C.F.R. Part 25) are substantially similar for the institutions they supervise. For convenience, this article refers to and cites Regulation BB. The currently applicable version of Regulation BB is available here.

² The CRA examinations were conducted in 2024 and evaluated compliance with CRA data collection and reporting requirements since the last examination. The examination cycle varies, depending on the bank’s asset size and rating. Because data collection and reporting requirements apply only to large banks, the CRA examination cycle is either 24 months for large banks with a CRA rating of “satisfactory” or “outstanding” or 12 months for large banks with a CRA rating of “needs to improve” or “substantial noncompliance.”

³ The article includes information from the presentation slides for a 2010 Outlook Live webinar, “Tips for Reporting Accurate HMDA and CRA Data,” presented by Federal Reserve Bank of Atlanta Senior Examiner Cindy J. Anderson and Federal Reserve Bank of Minneapolis Vice President Karin Bearss.

⁴ 12 U.S.C. §1813(c)(2) (definition of insured depository institution).

⁵ 12 U.S.C. §§2901(b), 2903(a)(1).

⁶ The thresholds for asset size are as of January 1, 2025. They are annually adjusted for inflation.

⁷ 12 C.F.R. §228.12(x).

⁸ 12 C.F.R. §228.12(n).

⁹ 12 C.F.R. §228.27.

¹⁰ 12 C.F.R. §228.42(a)(2).

¹¹ 12 C.F.R. §228.42(a)(3).

¹² 12 C.F.R. §228.42(a)(4).

¹³ Interagency Questions and Answers Regarding Community Reinvestment, Q&A §__.42(a)(3)—1.