InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
President Biden vetoes bill on CFPB small business data rule
On December 19, President Biden vetoed bill S. J. Res. 32 that would have repealed the CFPB’s small business data collection rule known as “Small Business Lending Under the Equal Credit Opportunity Act (Regulation B).” As previously covered by InfoBytes, the small business data collection rule, under Section 1071 of the Dodd-Frank Act, requires small business owners to provide demographic data (i.e., race, gender, ethnicity, etc.), as well as geographic information, lending decisions, and credit pricing to lenders. According to President Biden’s statement accompanying the veto, the CFPB’s final rule brings “transparency to small business lending” and repealing this rule would “hinder” the government’s ability to conduct oversight of predatory lenders. The bill is now to be returned to the Senate to be voted on again and can only become law if two-thirds of members support the bill. Separately, in October, a U.S. District Court in Texas imposed an injunction on the CFPB’s small business data rule (covered by InfoBytes here).
Senate passes resolution seeking to nullify CFPB’s small business lending rule
Recently, the U.S. Senate passed a joint resolution of disapproval (S.J. Res. 32) under the Congressional Review Act to nullify the CFPB’s small business lending rule. As previously covered on InfoBytes, the rule, which requires financial institutions to collect and report to the CFPB credit application data for small businesses, has faced opposition from various politicians and is the subject of litigation brought by financial institutions that would be subject to the rule in the U.S. District Court of the Southern District of Texas. In support of the joint resolution, Sen. John Kennedy (R-LA), who introduced the legislation, recently argued on the floor that “the CFPB is setting these small business people… up for lawsuits” because “[it] has promulgated a rule that totally perverts our intention in section 1071.” If the House of Representatives similarly passes the joint resolution, and President Biden signs it, the CFPB’s rule will be nullified under the Congressional Review Act.
The joint resolution follows the order from the U.S. District Court for the Southern District of Texas granting a nationwide preliminary injunction enjoining the CFPB from enforcing the rule (covered by InfoBytes here and here).
DFPI finalizes small business UDAAP and data reporting rule
DFPI recently approved the final regulation for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to commercial financial products and services. After considering comments and releasing three rounds of modifications to Sections 1060, 1061, and 1062, the final regulation will, among other things, bring protections to small businesses seeking loans, by (i) defining and prohibiting unfair, deceptive, and abusive acts and practices in the offering or provision of commercial financing to small businesses, nonprofits, and family farms; and (ii) establishing data collection and reporting requirements.
Previous InfoBytes coverage on the (i) initial modifications to the CCFPL proposed regulation can be found here; (ii) the second round of CCFPL modifications proposal is found here; and (iii) the third iteration of the modified CCFPL proposal is located here.
This DFPI regulation was notably finalized on the heels of the CFPB’s finalized Section 1071 rule on small business lending data, which similarly will require financial institutions to collect and provide the Bureau data on lending to small businesses (covered by InfoBytes here)
Sections 1060, 1061, and 1062 will be effective on October 1.
CFPB's small biz loan data rule stifled for many banks
On July 31, the U.S. District Court for the Southern District of Texas entered an order granting in part and denying in part a motion for a preliminary injunction against the CFPB. The injunction, filed by a bank and two trade associations (collectively “plaintiffs”), aims to prevent the CFPB from enforcing its new final rule, implementing section 1071 of the CPA, which would require financial institutions to collect and provide to the Bureau data on lending to small businesses (covered by InfoBytes here). A 2022 5th Circuit ruling (covered by an Orrick Special Alert here) in a different suit, however, deemed the CFPB’s funding structure unconstitutional.
Plaintiffs urged the 5th Circuit to enjoin enforcement of the small business lending rule pending Supreme Court resolution of the constitutionality of the CFPB’s funding structure, estimating that the burden of complying with the final rule would be $100,000 per community bank, and “the nonrecoverable costs of complying with an invalid regulation constitute irreparable harm,” among other things. The court held that the plaintiff bank had standing because its injury is imminent and not speculative based on the effective date of the final rule, and the costs of preparation for compliance. The court also held that there is a “substantial likelihood” that the plaintiffs would prevail in asserting the final rule is invalid based on the claim that the Bureau’s funding is unconstitutional. The court agreed with plaintiffs’ claim that the costs of compliance with the final rule are “more than de minimis and thus constitute irreparable harm,” despite the CFPB’s argument that the costs of compliance would not be incurred now. Finally, the court held that the CFPB failed to show any evidence that a stay of the final rule will cause harm. While the court entered an injunction, it limited it to the plaintiffs and their members, declining to enter a nationwide injunction as requested by plaintiffs, because “generic reasons such as ‘nationwide scope’ or ‘need for uniformity’ without more are insufficient.”
The final rule is scheduled to go into effect on August 29.
CFPB issues guidance on small business data collection
On June 28, the CFPB released additional guidance to help financial institutions comply with the agency’s small-business lending data collection rule. The small business lending rule, which implements Section 1071 of the Dodd-Frank Act, requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their previous fiscal year. As previously covered by InfoBytes, the final rule prescribes a tiered compliance date schedule, with the earliest compliance date being October 1, 2024, for financial institutions that originate at least 2,500 covered small business loans in both 2022 and 2023 (financial institutions with lower origination amounts have later compliance dates).
To aid financial institutions, the Bureau updated several frequently asked questions to provide additional clarity on who is covered by the small business lending rule and to explain that a financial institution that meets the origination threshold in each of the two immediately preceding calendar years is a covered financial institution, regardless of whether the financial institution has a branch or office in a metropolitan statistical area. The FAQs also (i) outline qualified covered credit transactions and exemptions; (ii) provide a detailed breakdown of the types of transactions a financial institution must count when determining whether it satisfies the origination threshold; (iii) discuss whether a financial institution that is not subject to HMDA reporting is required to count HMDA-reportable loans as covered originations; (iv) address how to count a covered origination if multiple financial institutions were involved in originating the covered credit transaction or when a covered credit transaction is extended to multiple borrowers but only one is a small business; and (v) explain methodologies financial institutions can use to calculate estimated covered originations. In conjunction with the FAQs, the Bureau also released a compliance aid providing additional information covered during a recent Bureau presentation.
CFPB opposes Texas bankers’ request to delay small biz lending rule
The CFPB recently asked a district court in the 5th Circuit to deny a proposed injunction which would delay the implementation of its small-business lending data collection rule, arguing that plaintiffs have failed to establish standing or meet the requirements for preliminary relief. As previously covered by InfoBytes, plaintiffs (including a Texas banking association and a Texas bank) sued the Bureau, challenging the agency’s final rule on the collection of small business lending data. The small business lending rule, which implements Section 1071 of the Dodd-Frank Act, requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their previous fiscal year.
Plaintiffs explained in their complaint that the goal of invalidating the final rule is premised on the argument that it will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses. Plaintiffs also argued that the final rule is invalid because the Bureau’s funding structure is unconstitutional and that certain aspects of the final rule allegedly violate various requirements of the Administrative Procedure Act. Last month, plaintiffs filed a preliminary injunction motion asking the court to enjoin the final rule and stay the compliance deadlines.
Claiming plaintiffs failed to establish standing for preliminary relief, the Bureau argued that the Texas bank has not demonstrated that it would even have to comply with the final rule. The Bureau further maintained plaintiffs have also not satisfied all four factors required for preliminary relief, including that plaintiffs “have not shown that irreparable harm is imminent or that the balance of equities favors the requested relief,” which would lead to the postponement of reporting requirements mandated by Congress more than ten years ago. With respect to the funding structure constitutionality concerns raised by plaintiffs, the Bureau argued that “even assuming that [p]laintiffs have shown a likelihood of ultimately succeeding on the merits … that factor standing alone would not be enough to warrant preliminary relief.” The Bureau asked the court to, at a minimum, tailor any relief to apply only to plaintiffs and members who would face imminent harm absent such relief.
Republicans seek to overturn CFPB small-biz lending rule; Georgia AG says rule is unnecessary and burdensome
Recently, several House Republicans introduced a joint resolution of disapproval (H.J. Res. 66) under the Congressional Review Act to overturn the CFPB’s small business lending rule. As previously covered by InfoBytes, last month the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act. Effective August 29, the final rule will require financial institutions to collect and provide to the Bureau data on lending to small businesses (defined as an entity with gross revenue under $5 million in its last fiscal year). Both traditional banks and credit unions, as well as non-banks, will be required to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing. The final rule prescribes a tiered compliance date schedule, with the earliest compliance date being October 1, 2024, for financial institutions that originate at least 2,500 covered small business loans in both 2022 and 2023 (financial institutions with lower origination amounts have later compliance dates).
Also opposing the final rule, Georgia Attorney General Christopher M. Carr sent a letter to CFPB Director Chopra requesting that the final rule be rescinded. Carr argued that the final rule places an unnecessary and expensive burden on financial institutions, and that “[w]ith the current uneasiness in the market and a plethora of other challenges facing community banks, now is not the time to require them to gather more information that has absolutely nothing to do with the process of evaluating which applicants are the strongest and most deserving of capital.” Carr further contended that if lending discrimination is a “rampant problem,” the Bureau should use channels already in place to address this issue. Pointing out that states already have their own consumer protection and anti-discrimination statutes in place, Carr argued that the final rule imposes redundant compliance requirements on financial institutions, particularly community banks. Carr asked the Bureau to “allow states to continue to address lending issues as they occur, rather than saddling small businesses with burdensome regulations.”
Additionally, in April, a group of plaintiffs, including a Texas banking association, filed a lawsuit against the Bureau seeking to invalidate the final rule. (Covered by InfoBytes here.) Plaintiffs argued that the final rule will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses.
CFPB issues guide on collecting small-biz data
The CFPB recently issued a compliance guide for its final rule implementing Section 1071 of the Dodd-Frank Act. Consistent with Section 1071, the final rule (issued at the end of March) will require financial institutions to collect and provide to the Bureau data on lending to small businesses, defined as an entity with gross revenue under $5 million in its last fiscal year (covered by InfoBytes here). The guide: (i) includes a detailed summary of the final rule’s requirements, including data reporting deadlines; (ii) provides comprehensive information on the types of data financial institutions need to collect and report on small business lending applications and decisions; and (iii) includes parameters for covered institutions and covered originations. The guide further breaks down reportable data points and explains the final rule’s “firewall” provision, which states that employees and officers of a financial institution or its affiliates “involved in making any determination” on a reportable application are generally prohibited from accessing applicant demographic information relating to ethnicity, race, sex, and status as a minority-owned, women-owned, or LGBTQI+-owned business. The guide specifies that certain exceptions may apply to situations where an employee involved in decision-making must have access to the data to fulfill their assigned job duties (e.g. a loan officer or loan processor). In these situations, financial institutions are required to provide notice to applicants that employees and officers involved in decision-making may have access to their demographic data.
Texas bankers seek to invalidate CFPB’s small business lending rule
On April 26, plaintiffs, including a Texas banking association, sued the CFPB, challenging the agency’s final rule on the collection of small business lending data. As previously covered by InfoBytes, last month, the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act, which requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their last fiscal year. According to the Bureau, the final rule is intended to foster transparency and accountability by requiring financial institutions—both traditional banks and credit unions, as well as non-banks—to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing.
The plaintiffs’ goal of invalidating the final rule is premised on the argument that it will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses. Plaintiffs argued that the Bureau “took the original three pages of legislation and the 13 reporting data points required by [Dodd-Frank] and turned them into almost 900 pages of rulemaking—a new [f]inal [r]ule that requires banks to develop and implement new software and compliance mechanisms to comply with over 80 reporting requirements that have been exponentially grown by the CFPB since the Act requiring this [r]ule was passed.”
The plaintiffs further pointed to a decision issued by the U.S. Court of Appeals for the Fifth Circuit in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the court found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here), as justification for why the final rule should be set aside. The plaintiffs also pointed out certain aspects of the final rule that allegedly violate various requirements of the Administrative Procedure Act, and claimed that a recent data breach involving sensitive information on numerous financial institutions and consumers indicates that the agency is unprepared “to adequately assess the security and privacy impacts of its massive § 1071 data collection on small businesses.” The complaint seeks a court order finding the final rule to have been premised on the same unconstitutional grounds as found in CFSA, preliminary and permanent injunctions to set aside the final rule, and attorney fees and costs.
CFPB finalizes Section 1071 rule on small business lending data
On March 30, the CFPB released its final rule implementing Section 1071 of the Dodd-Frank Act. Consistent with Section 1071, the final rule will require financial institutions to collect and provide to the Bureau data on lending to small businesses, defined as an entity with gross revenue under $5 million in its last fiscal year, which the Bureau will ultimately publish. (See also an executive summary here.)
As explained in a corresponding fact sheet, the final rule is intended to foster transparency and accountability by requiring financial institutions—both traditional banks and credit unions, as well as non-banks—to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing. The credit application information will be compiled in a comprehensive, publicly available database to help policymakers, borrowers, and lenders better address economic development needs and adapt to future challenges. The final rule also contains a sample data collection form that lenders can, but are not required to, use to collect applicants’ demographic data, and while small businesses are given the option not to provide this information, lenders must not discourage applicants from supplying this data (as explained in more detail in an accompanying policy statement). The Bureau also released a report detailing user testing research used to learn about lenders’ likely experience in filling out the sample data collection form, as well as a report describing the agency’s methodology for estimating how many lenders will be required to report under the final rule and for producing cost estimates associated with implementing the final rule.
The final rule contains important changes from the proposed rule issued in September 2021 (covered by a Special Alert here). Explaining that these changes are designed to make the final rule more effective and easier to follow, the Bureau stated that larger lenders will be required to collect and report data earlier than small lenders. The reporting requirements begin once a lender originates at least 100 covered small business loans in each of the two prior calendar years—a threshold that “accounts for more than 95 percent of small-business loans by banks and credit unions,” the Bureau said in its press release, noting that it was raised from the originally proposed 25-loans-per-year threshold.
While the final rule is effective 90 days after publication in the Federal Register, lenders will follow a tiered compliance date structure:
- Lenders that originate at least 2,500 covered small business loans in both 2022 and 2023, must begin collecting data on October 1, 2024.
- Lenders that originate at least 500 covered small business loans in both 2022 and 2023, must begin collecting data on April 1, 2025.
- Lenders that originate at least 100 covered small business loans in both 2022 and 2023 must begin collecting data on January 1, 2026.
- Lenders that did not originate at least 100 covered small business loans in both 2022 and 2023, but subsequently originated at least 100 transactions in two consecutive calendar years may begin collecting data no earlier than January 1, 2026.
- Lenders that originate between 100 and 500 small business loans in both 2024 and 2025, must begin collecting data on January 1, 2026.
Other changes from the proposal include allowing applicants to self-identify demographic information, including race and ethnicity, rather than requiring loan officers to make the determination. The final rule also now includes an exclusion for mortgage loans that must be reported under HMDA, and suggests that under the federal regulators’ forthcoming Community Reinvestment Act (CRA) reporting requirements, data submitted under the Bureau’s final rule will satisfy relevant CRA requirements. Additionally, financial institutions and other third parties will be allowed to develop services and technologies to assist lenders with collecting and reporting data. The Bureau noted that it is working on a supplementary proposal that would, if finalized, give more compliance time for small lenders that are already successful in meeting the needs of the local communities they serve.
CFPB Director Rohit Chopra commented that the final rule’s impact “will be in the comprehensive data that it produces, which can be used by lenders, borrowers, and the broader public to achieve better credit outcomes for small businesses and communities across the country.”