InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Senate passes resolution seeking to nullify CFPB’s small business lending rule
Recently, the U.S. Senate passed a joint resolution of disapproval (S.J. Res. 32) under the Congressional Review Act to nullify the CFPB’s small business lending rule. As previously covered on InfoBytes, the rule, which requires financial institutions to collect and report to the CFPB credit application data for small businesses, has faced opposition from various politicians and is the subject of litigation brought by financial institutions that would be subject to the rule in the U.S. District Court of the Southern District of Texas. In support of the joint resolution, Sen. John Kennedy (R-LA), who introduced the legislation, recently argued on the floor that “the CFPB is setting these small business people… up for lawsuits” because “[it] has promulgated a rule that totally perverts our intention in section 1071.” If the House of Representatives similarly passes the joint resolution, and President Biden signs it, the CFPB’s rule will be nullified under the Congressional Review Act.
The joint resolution follows the order from the U.S. District Court for the Southern District of Texas granting a nationwide preliminary injunction enjoining the CFPB from enforcing the rule (covered by InfoBytes here and here).
DFPI finalizes small business UDAAP and data reporting rule
DFPI recently approved the final regulation for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to commercial financial products and services. After considering comments and releasing three rounds of modifications to Sections 1060, 1061, and 1062, the final regulation will, among other things, bring protections to small businesses seeking loans, by (i) defining and prohibiting unfair, deceptive, and abusive acts and practices in the offering or provision of commercial financing to small businesses, nonprofits, and family farms; and (ii) establishing data collection and reporting requirements.
Previous InfoBytes coverage on the (i) initial modifications to the CCFPL proposed regulation can be found here; (ii) the second round of CCFPL modifications proposal is found here; and (iii) the third iteration of the modified CCFPL proposal is located here.
This DFPI regulation was notably finalized on the heels of the CFPB’s finalized Section 1071 rule on small business lending data, which similarly will require financial institutions to collect and provide the Bureau data on lending to small businesses (covered by InfoBytes here)
Sections 1060, 1061, and 1062 will be effective on October 1.
CFPB's small biz loan data rule stifled for many banks
On July 31, the U.S. District Court for the Southern District of Texas entered an order granting in part and denying in part a motion for a preliminary injunction against the CFPB. The injunction, filed by a bank and two trade associations (collectively “plaintiffs”), aims to prevent the CFPB from enforcing its new final rule, implementing section 1071 of the CPA, which would require financial institutions to collect and provide to the Bureau data on lending to small businesses (covered by InfoBytes here). A 2022 5th Circuit ruling (covered by an Orrick Special Alert here) in a different suit, however, deemed the CFPB’s funding structure unconstitutional.
Plaintiffs urged the 5th Circuit to enjoin enforcement of the small business lending rule pending Supreme Court resolution of the constitutionality of the CFPB’s funding structure, estimating that the burden of complying with the final rule would be $100,000 per community bank, and “the nonrecoverable costs of complying with an invalid regulation constitute irreparable harm,” among other things. The court held that the plaintiff bank had standing because its injury is imminent and not speculative based on the effective date of the final rule, and the costs of preparation for compliance. The court also held that there is a “substantial likelihood” that the plaintiffs would prevail in asserting the final rule is invalid based on the claim that the Bureau’s funding is unconstitutional. The court agreed with plaintiffs’ claim that the costs of compliance with the final rule are “more than de minimis and thus constitute irreparable harm,” despite the CFPB’s argument that the costs of compliance would not be incurred now. Finally, the court held that the CFPB failed to show any evidence that a stay of the final rule will cause harm. While the court entered an injunction, it limited it to the plaintiffs and their members, declining to enter a nationwide injunction as requested by plaintiffs, because “generic reasons such as ‘nationwide scope’ or ‘need for uniformity’ without more are insufficient.”
The final rule is scheduled to go into effect on August 29.
CFPB issues guidance on small business data collection
On June 28, the CFPB released additional guidance to help financial institutions comply with the agency’s small-business lending data collection rule. The small business lending rule, which implements Section 1071 of the Dodd-Frank Act, requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their previous fiscal year. As previously covered by InfoBytes, the final rule prescribes a tiered compliance date schedule, with the earliest compliance date being October 1, 2024, for financial institutions that originate at least 2,500 covered small business loans in both 2022 and 2023 (financial institutions with lower origination amounts have later compliance dates).
To aid financial institutions, the Bureau updated several frequently asked questions to provide additional clarity on who is covered by the small business lending rule and to explain that a financial institution that meets the origination threshold in each of the two immediately preceding calendar years is a covered financial institution, regardless of whether the financial institution has a branch or office in a metropolitan statistical area. The FAQs also (i) outline qualified covered credit transactions and exemptions; (ii) provide a detailed breakdown of the types of transactions a financial institution must count when determining whether it satisfies the origination threshold; (iii) discuss whether a financial institution that is not subject to HMDA reporting is required to count HMDA-reportable loans as covered originations; (iv) address how to count a covered origination if multiple financial institutions were involved in originating the covered credit transaction or when a covered credit transaction is extended to multiple borrowers but only one is a small business; and (v) explain methodologies financial institutions can use to calculate estimated covered originations. In conjunction with the FAQs, the Bureau also released a compliance aid providing additional information covered during a recent Bureau presentation.
Republicans seek to overturn CFPB small-biz lending rule; Georgia AG says rule is unnecessary and burdensome
Recently, several House Republicans introduced a joint resolution of disapproval (H.J. Res. 66) under the Congressional Review Act to overturn the CFPB’s small business lending rule. As previously covered by InfoBytes, last month the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act. Effective August 29, the final rule will require financial institutions to collect and provide to the Bureau data on lending to small businesses (defined as an entity with gross revenue under $5 million in its last fiscal year). Both traditional banks and credit unions, as well as non-banks, will be required to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing. The final rule prescribes a tiered compliance date schedule, with the earliest compliance date being October 1, 2024, for financial institutions that originate at least 2,500 covered small business loans in both 2022 and 2023 (financial institutions with lower origination amounts have later compliance dates).
Also opposing the final rule, Georgia Attorney General Christopher M. Carr sent a letter to CFPB Director Chopra requesting that the final rule be rescinded. Carr argued that the final rule places an unnecessary and expensive burden on financial institutions, and that “[w]ith the current uneasiness in the market and a plethora of other challenges facing community banks, now is not the time to require them to gather more information that has absolutely nothing to do with the process of evaluating which applicants are the strongest and most deserving of capital.” Carr further contended that if lending discrimination is a “rampant problem,” the Bureau should use channels already in place to address this issue. Pointing out that states already have their own consumer protection and anti-discrimination statutes in place, Carr argued that the final rule imposes redundant compliance requirements on financial institutions, particularly community banks. Carr asked the Bureau to “allow states to continue to address lending issues as they occur, rather than saddling small businesses with burdensome regulations.”
Additionally, in April, a group of plaintiffs, including a Texas banking association, filed a lawsuit against the Bureau seeking to invalidate the final rule. (Covered by InfoBytes here.) Plaintiffs argued that the final rule will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses.
CFPB issues guide on collecting small-biz data
The CFPB recently issued a compliance guide for its final rule implementing Section 1071 of the Dodd-Frank Act. Consistent with Section 1071, the final rule (issued at the end of March) will require financial institutions to collect and provide to the Bureau data on lending to small businesses, defined as an entity with gross revenue under $5 million in its last fiscal year (covered by InfoBytes here). The guide: (i) includes a detailed summary of the final rule’s requirements, including data reporting deadlines; (ii) provides comprehensive information on the types of data financial institutions need to collect and report on small business lending applications and decisions; and (iii) includes parameters for covered institutions and covered originations. The guide further breaks down reportable data points and explains the final rule’s “firewall” provision, which states that employees and officers of a financial institution or its affiliates “involved in making any determination” on a reportable application are generally prohibited from accessing applicant demographic information relating to ethnicity, race, sex, and status as a minority-owned, women-owned, or LGBTQI+-owned business. The guide specifies that certain exceptions may apply to situations where an employee involved in decision-making must have access to the data to fulfill their assigned job duties (e.g. a loan officer or loan processor). In these situations, financial institutions are required to provide notice to applicants that employees and officers involved in decision-making may have access to their demographic data.
Texas bankers seek to invalidate CFPB’s small business lending rule
On April 26, plaintiffs, including a Texas banking association, sued the CFPB, challenging the agency’s final rule on the collection of small business lending data. As previously covered by InfoBytes, last month, the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act, which requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their last fiscal year. According to the Bureau, the final rule is intended to foster transparency and accountability by requiring financial institutions—both traditional banks and credit unions, as well as non-banks—to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing.
The plaintiffs’ goal of invalidating the final rule is premised on the argument that it will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses. Plaintiffs argued that the Bureau “took the original three pages of legislation and the 13 reporting data points required by [Dodd-Frank] and turned them into almost 900 pages of rulemaking—a new [f]inal [r]ule that requires banks to develop and implement new software and compliance mechanisms to comply with over 80 reporting requirements that have been exponentially grown by the CFPB since the Act requiring this [r]ule was passed.”
The plaintiffs further pointed to a decision issued by the U.S. Court of Appeals for the Fifth Circuit in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the court found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here), as justification for why the final rule should be set aside. The plaintiffs also pointed out certain aspects of the final rule that allegedly violate various requirements of the Administrative Procedure Act, and claimed that a recent data breach involving sensitive information on numerous financial institutions and consumers indicates that the agency is unprepared “to adequately assess the security and privacy impacts of its massive § 1071 data collection on small businesses.” The complaint seeks a court order finding the final rule to have been premised on the same unconstitutional grounds as found in CFSA, preliminary and permanent injunctions to set aside the final rule, and attorney fees and costs.
CFPB finalizes Section 1071 rule on small business lending data
On March 30, the CFPB released its final rule implementing Section 1071 of the Dodd-Frank Act. Consistent with Section 1071, the final rule will require financial institutions to collect and provide to the Bureau data on lending to small businesses, defined as an entity with gross revenue under $5 million in its last fiscal year, which the Bureau will ultimately publish. (See also an executive summary here.)
As explained in a corresponding fact sheet, the final rule is intended to foster transparency and accountability by requiring financial institutions—both traditional banks and credit unions, as well as non-banks—to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing. The credit application information will be compiled in a comprehensive, publicly available database to help policymakers, borrowers, and lenders better address economic development needs and adapt to future challenges. The final rule also contains a sample data collection form that lenders can, but are not required to, use to collect applicants’ demographic data, and while small businesses are given the option not to provide this information, lenders must not discourage applicants from supplying this data (as explained in more detail in an accompanying policy statement). The Bureau also released a report detailing user testing research used to learn about lenders’ likely experience in filling out the sample data collection form, as well as a report describing the agency’s methodology for estimating how many lenders will be required to report under the final rule and for producing cost estimates associated with implementing the final rule.
The final rule contains important changes from the proposed rule issued in September 2021 (covered by a Special Alert here). Explaining that these changes are designed to make the final rule more effective and easier to follow, the Bureau stated that larger lenders will be required to collect and report data earlier than small lenders. The reporting requirements begin once a lender originates at least 100 covered small business loans in each of the two prior calendar years—a threshold that “accounts for more than 95 percent of small-business loans by banks and credit unions,” the Bureau said in its press release, noting that it was raised from the originally proposed 25-loans-per-year threshold.
While the final rule is effective 90 days after publication in the Federal Register, lenders will follow a tiered compliance date structure:
- Lenders that originate at least 2,500 covered small business loans in both 2022 and 2023, must begin collecting data on October 1, 2024.
- Lenders that originate at least 500 covered small business loans in both 2022 and 2023, must begin collecting data on April 1, 2025.
- Lenders that originate at least 100 covered small business loans in both 2022 and 2023 must begin collecting data on January 1, 2026.
- Lenders that did not originate at least 100 covered small business loans in both 2022 and 2023, but subsequently originated at least 100 transactions in two consecutive calendar years may begin collecting data no earlier than January 1, 2026.
- Lenders that originate between 100 and 500 small business loans in both 2024 and 2025, must begin collecting data on January 1, 2026.
Other changes from the proposal include allowing applicants to self-identify demographic information, including race and ethnicity, rather than requiring loan officers to make the determination. The final rule also now includes an exclusion for mortgage loans that must be reported under HMDA, and suggests that under the federal regulators’ forthcoming Community Reinvestment Act (CRA) reporting requirements, data submitted under the Bureau’s final rule will satisfy relevant CRA requirements. Additionally, financial institutions and other third parties will be allowed to develop services and technologies to assist lenders with collecting and reporting data. The Bureau noted that it is working on a supplementary proposal that would, if finalized, give more compliance time for small lenders that are already successful in meeting the needs of the local communities they serve.
CFPB Director Rohit Chopra commented that the final rule’s impact “will be in the comprehensive data that it produces, which can be used by lenders, borrowers, and the broader public to achieve better credit outcomes for small businesses and communities across the country.”
CFPB releases regulatory agenda
Recently, the Office of Information and Regulatory Affairs released the CFPB’s fall 2022 regulatory agenda. Key rulemaking initiatives that the agency expects to initiate or continue include:
- Overdraft and NSF fees. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation Z with respect to special rules for determining whether overdraft fees are considered finance charges. According to the Bureau, the rules, which were created when Regulation Z was adopted in 1969, have remained largely unchanged despite the fact that the nature of overdraft services has significantly changed over the years. The Bureau is also considering whether to engage in pre-rulemaking activity in November regarding non-sufficient fund (NSF) fees. The Bureau commented that while NSF fees have been a significant source of fee revenue for depository institutions, recently some institutions have voluntarily stopped charging such fees.
- FCRA rulemaking. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. As previously covered by InfoBytes, on January 3, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). CFPB Director Rohit Chopra noted that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.”
- Section 1033 rulemaking. Section 1033 of Dodd-Frank provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the Small Business Regulatory Enforcement Fairness Act (SBREFA). The outline presents items under consideration that “would specify rules requiring certain covered persons that are data providers to make consumer financial information available to a consumer directly and to those third parties the consumer authorizes to access such information on the consumer’s behalf, such as a data aggregator or data recipient (authorized third parties).” (Covered by InfoBytes here.) The Bureau anticipates issuing a SBREFA report in February.
- Amendments to FIRREA concerning automated valuation models. The Bureau is participating in interagency rulemaking with the Fed, OCC, FDIC, NCUA, and FHFA to develop regulations to implement the amendments made by Dodd-Frank to FIRREA concerning appraisal automated valuation models (AVMs). The FIRREA amendments require implementing regulations for quality control standards for AVMs. The Bureau released a SBREFA outline and report in February and May 2022 respectively (covered by InfoBytes here), and estimates that the agencies will issue a notice of proposed rulemaking (NPRM) in March.
- Property Assessed Clean Energy (PACE) financing. The Bureau issued an advance notice of proposed rulemaking (ANPRM) in March 2019 to extend TILA’s ability-to-repay requirements to PACE transactions. (Covered by InfoBytes here.) The Bureau is working to develop a proposed rule to implement Economic Growth, Regulatory Relief, and Consumer Protection Act Section 307 in April.
- Nonbank registration. The Bureau issued an NPRM in December to enhance market monitoring and risk-based supervision efforts by including all final public written orders and judgments (including any consent and stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of certain consumer protection laws related to unfair, deceptive, or abusive acts or practices in a database of enforcement actions taken against certain nonbank covered entities. (Covered by InfoBytes here.) In a separate agenda item, the Bureau states that the NPRM would also require supervised nonbanks to register with the Bureau and provide information about their use of certain terms and conditions in standard-form contracts. The Bureau proposes “to collect information on standard terms used in contracts that are not subject to negotiating or that are not prominently advertised in marketing.”
- Credit card penalty fees. The Bureau issued an ANPRM last June to solicit information from credit card issuers, consumer groups, and the public regarding credit card late fees and late payments, and card issuers’ revenue and expenses. (Covered by InfoBytes here.) Under the CARD Act rules inherited by the Bureau from the Fed, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. Calling the current credit card late fees “excessive,” the Bureau stated it intends to review the “immunity provision” to understand how banks that rely on this safe harbor set their fees and to examine whether banks are escaping enforcement scrutiny “if they set fees at a particular level, even if the fees were not necessary to deter a late payment and generated excess profits.” The Bureau is considering comments received on the ANPRM as it develops an NPRM that may be released this month.
- Small business rulemaking. Section 1071 of Dodd-Frank amended ECOA to require financial institutions to report information concerning credit applications made by women-owned, minority-owned, and small businesses, and directed the Bureau to promulgate rules for this reporting. An NPRM was issued in August 2021 (covered by InfoBytes here). The Bureau anticipates issuing a final rule later this month.
CFPB “on track” to issue Section 1071 rulemaking by March 31
On August 22, the CFPB filed its tenth status report in the U.S. District Court for the Northern District of California, as required under a stipulated settlement reached in February 2020 with a group of plaintiffs, including the California Reinvestment Coalition, related to the collection of small business lending data. The settlement (covered by InfoBytes here) resolved a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071 of the Dodd-Frank Act, which requires the Bureau to collect and disclose data on lending to women and minority-owned small businesses. The current status report states that the Bureau is on track to issue the Section 1071 final rule by March 31, 2023—a deadline established by court order in July (covered by InfoBytes here).
Find continuing Section 1071 coverage here.