Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Over a decade ago, Congress enacted an amendment to the Equal Credit Opportunity Act that directed the Consumer Financial Protection Bureau to implement a new regime for small business loan data collection similar to the regime that exists in the mortgage industry. Last week, a month before a court-imposed deadline, the Bureau issued its long-awaited proposed rule. The proposal was largely consistent with prior Bureau statements regarding its approach, but nonetheless contained some surprises that reflect the change in leadership at the CFPB. Lenders will need to carefully assess the impact of the proposed rule on their business.
The proposed rule, which is mandated under Section 1071 of the Dodd-Frank Act, would require a broad swath of lenders to collect data on loans they make to small businesses, including information about the loans themselves, the characteristics of the borrower, and demographic information regarding the borrower’s principal owners. This information would be reported annually to the Bureau, and eventually published by the Bureau on its website, with some potential modifications.
The statute’s stated intent is to “facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.” CFPB Acting Director Dave Uejio echoed these themes in prepared remarks, suggesting that the proposal was a step towards “a fairer, more transparent small business lending market.” But the Bureau itself acknowledges that it is engaged in a balancing exercise, weighing the intended benefits of the rule against the cost imposed on lenders (and by extension, borrowers), the risk to privacy interests, and the risk of unintended consequences that accompany any major regulatory intervention. The public, including lenders potentially subject to the rule, have 90 days to submit comments on whether the Bureau got the balance right.
The proposed rule would cover most of the small business lending market
By its terms, the statute would apply broadly to any “financial institution” that extended credit to any women-owned, minority-owned, or small business. But the statute also allowed the Bureau to exempt any “class of financial institutions” from its requirements. Last fall, as part of a process required under the Small Business Regulatory Enforcement Fairness Act (SBREFA), the Bureau suggested that it might exempt lenders based on their size (i.e., those beneath thresholds of $100 million or $200 million in assets), their loan activity (i.e., those making 25, 50, or 100 or fewer loans annually), or based on either threshold. The proposed rule lands at the broadest end of this possible spectrum, abandoning any exemptions based on size altogether and adopting the lowest of the proposed activity levels. Any financial institution that originates at least 25 “covered credit transactions” for “small businesses” in each of the two preceding years would be subject to the rule.
Any loan, line of credit, credit card, or merchant cash advance, including agricultural-purpose credit and those that are also covered by HMDA, would be considered a “covered credit transaction.” Notably, the Bureau suggested in its SBREFA Outline that it would exclude merchant cash advances, but declined to do so in the proposal, concluding that the segment is growing and presents unique fair lending risk.
Just as it did in its SBREFA Outline, the Bureau would adopt the Small Business Administration’s definition of “small business,” except that the Bureau’s definition would use a simplified size threshold of $5 million or less in gross annual revenue. This divergence will require SBA approval, which Uejio expressed confidence in getting.
The proposal’s collection requirements are triggered whenever a lender subject to the rule under the activity threshold receives a “covered credit application.” This term is defined broadly to include “any oral or written request for a covered credit transaction that is made in accordance with procedures used by [the] financial institution for the type of credit requested.” Reevaluation requests, extension requests, and renewal requests would not be considered applications (unless the request seeks additional credit amounts), nor would inquiries and prequalification requests.
The rule would require the collection of 21 data points
The statute sets forth thirteen specific data points to be collected by lenders that the Bureau refers to as “mandatory data points:”
- Whether the applicant is minority-owned
- Whether the applicant is women-owned
- Unique identifier for each application
- Application date
- Loan type (i.e., product type, guarantees, and term)
- Loan purpose
- Amount applied for
- Amount approved or extended
- The action on the application (i.e., originated, approved but not accepted, denied, withdrawn, or incomplete)
- Action date
- Census tract
- Gross annual revenue
- Race, sex, and ethnicity of the principal owners
The collection of information about the principal owner’s race, sex, and ethnicity is a major change from the SBREFA Outline, which suggested that the Bureau would likely propose the collection of such information solely based on applicant self-reporting. As the Bureau recognized at the time, “requiring reporting based on visual observation or surname could create unwarranted compliance burdens in the context of small business lending.” The proposal reverses course, and would require lenders who meet with any principal owner to determine the ethnicity and race of the principal owner if the applicant declines to provide that information. As the statute requires, the data collected regarding the principal owners’ race, sex, and ethnicity—as well as whether the business is minority-owned or women-owned—must not be shared with underwriters, unless restricting access is not feasible.
The statute also authorized the Bureau to require additional data that would advance the purposes of the statute (so-called “discretionary data points”). The CFPB’s proposed discretionary data points are consistent with this administration’s prioritization of fair lending enforcement:
- Time in business
- NAICS Code
- Number of employees
- Application method (e.g., in-person, phone, mail, online)
- Application recipient (e.g., direct or through a third party)
- Reasons for denial (providing nine specific reasons and a text box for any other reason)
- Number of principal owners (i.e., 0-4)
The SBREFA Outline envisioned the first four above; the last four were introduced in the proposal. Of particular note, pricing data is granular: for fixed-rate loans, the rate; for variable-rate loans, the margin, index value, and index name; for merchant cash advances and similar products, the difference between the amount advanced and the amount paid; and for all transactions, origination charges, broker fees, whether the fees were paid directly to the broker or to the financial institution for delivery to the broker, noninterest charges imposed over the first year, whether the financial institution could have included a prepayment penalty under its policies, and whether it did impose a prepayment penalty.
Will everything be published?
Lenders must collect and report to the Bureau annually, which will publish the data on its website — subject to modifications or deletions that it determines advance a privacy interest. The Bureau has not yet proposed modifications or deletions, but intends to issue a policy statement on its approach after it has received one full year of data.
In the meantime, however, the Bureau has made clear that it will disclose the identity of financial institutions and is generally not persuaded that competitive or reputational harms to financial institutions or increased litigation are a basis to withhold publication of data. Instead, the Bureau has indicated that its principal concern is avoiding the risk that an applicant could be re-identified through specific data points.
How will the rule impact small business lending?
The proposal would apply to thousands of small business lenders offering a wide range of products. The Bureau acknowledges the collection and reporting of this information will impose costs on lenders, some of which it expects to be passed along to borrowers.
But the most significant impact of the rule will be the Bureau’s eventual publication of the data. In its view, publication of granular data on specific lending decisions will advance the statutory goals of facilitating fair lending enforcement and business and community development. But concerns over reputational harms and increased fair lending scrutiny may also cause lenders to eliminate subjective elements of underwriting that are a traditional, and often appropriate, feature of small business underwriting. If the eventual effect of the rule is to, as one commenter put it, “artificially flatten prices,” the rule could lead to a small business lending market that is less innovative and less sensitive to actual credit risk than the market that exists today.
The public has 90 days to submit comments regarding the CFPB’s proposal.
If you have any questions regarding the CFPB’s proposed rule, please visit our Fair Lending and Fair Servicing page or contact a Buckley attorney with whom you have worked in the past.
 The proposal would exclude certain other types of credit, including trade credit, public utilities credit, securities credit, and incidental credit. The rule would also not cover factoring, leases, consumer-designated credit used for business purposes, and credit secured by certain investment properties (specifically 1-4 individual dwelling units).
 A principal owner is any individual who owns 25% or more of the small business.
 If not feasible, the institution must provide notice to the applicant of its intention to share this information.
On September 1, the CFPB released a notice of proposed rulemaking (NPRM) and request for public comment on a proposed rule to implement Section 1071 of the Dodd-Frank Act, which requires the agency to collect and disclose data on lending to women and minority-owned small businesses. The NPRM would create a new subpart B to existing Regulation B, the implementing regulation for ECOA, in order to increase transparency in the lending marketplace. Covered financial institutions would be required to collect and report to the Bureau a broad set of data points relating to applications for several small business credit products with the stated goal of facilitating the enforcement of fair lending laws and enabling the identification of business and community development needs and opportunities for women-owned, minority-owned, and other small businesses.
The NPRM defines a covered “financial institution” as an entity that meets a specific origination threshold where at least 25 “covered credit transactions” are originated to small businesses in each of the two preceding calendar years. A “covered credit transaction” under the NPRM would include transactions that meet the definition of business credit under Regulation B, as well as loans, lines of credit, credit cards, merchant cash advances, credit transactions for agricultural purposes, and transactions covered by HMDA. The definition of a small business would be one that had less than $5 million in gross annual revenue for the preceding fiscal year. Additionally, the NPRM defines a “covered application” as “an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested.” Data points that covered financial institutions would be required to collect on a calendar-year basis to be reported by June 1 of the following year are also provided.
The Bureau proposes that an eventual final rule would become effective 90 days after publication in the Federal Register; however, compliance would not be required until approximately 18 months after publication. Additionally, the Bureau proposes certain transitional provisions that would allow covered financial institutions to begin collecting data prior to the compliance date and would permit covered financial institutions to “use either the two calendar years immediately preceding the effective date or the second and third years preceding the compliance date to determine coverage.” (See also the Bureau’s summary on the NPRM here.) Comments on the NPRM will be received for 90 days following publication in the Federal Register.
“This data will be used to support business and community development and foster fair lending,” acting Director Dave Uejio noted in a statement following the announcement of the NPRM. He added that the “rule is about providing greater transparency into which small businesses get credit and which ones do not.”
A Buckley Special Alert is forthcoming.
On August 23, the CFPB filed its sixth status report in the U.S. District Court for the Northern District of California as required under a stipulated settlement reached in February 2020 with a group of plaintiffs, including the California Reinvestment Coalition. The settlement (covered by InfoBytes here) resolved a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071 of the Dodd-Frank Act, which requires the Bureau to collect and disclose data on lending to women and minority-owned small businesses. The newest status report follows a July court order, which requires the Bureau to issue a notice of proposed rulemaking on small business lending data by September 30 (covered by InfoBytes here). Among other things, the Bureau notes in its status report that it expects to meet the September deadline and that it “is continuing to work on the significant legal and policy issues that must be resolved to implement the Section 1071 regulations.”
Find continuing Section 1071 coverage here.
On July 16, the U.S. District Court for the Northern District of California issued an order setting September 30 as the deadline for the CFPB to issue a notice of proposed rulemaking (NPRM) on small business lending data. As previously covered by InfoBytes, the Bureau is obligated to issue an NPRM for implementing Section 1071 of the Dodd-Frank Act, which requires the agency to collect and disclose data on lending to women and minority-owned small businesses. The requirement was reached as part of a stipulated settlement reached in 2020 with a group of plaintiffs, including the California Reinvestment Coalition (CRC), that argued that the Bureau’s failure to implement Section 1071 violated two provisions of the Administrative Procedures Act, and has harmed the CRC’s ability to advocate for access to credit, advise organizations working with women and minority-owned small businesses, and work with lenders to arrange investment in low-income and communities of color (covered by InfoBytes here).
Find continuing Section 1071 coverage here.
On June 11, the Office of Information and Regulatory Affairs released the CFPB’s spring 2021 rulemaking agenda. According to a Bureau announcement, the information released represents regulatory matters the Bureau is “currently pursuing under interim leadership pending the appointment and confirmation of a permanent Director.” Any changes made by the new permanent director will be reflected in the fall 2021 rulemaking agenda. Additionally, the Bureau indicates that it plans to continue to focus resources on actions addressing the adverse impacts to consumers due to the ongoing Covid-19 pandemic, and highlighted an interim final rule issued in April that addresses certain debt collector conduct associated with the CDC’s temporary eviction moratorium order (covered by InfoBytes here). The Bureau will also continue to take concrete steps toward furthering the agency’s “commitment to promoting racial and economic equity.”
Key rulemaking initiatives include:
- Small Business Rulemaking. Last September, the Bureau released a Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA) outline of proposals under consideration, convened an SBREFA panel last October, and released the panel’s final report last December (covered by InfoBytes here and here). The Bureau reports that it anticipates releasing a notice of proposed rulemaking (NPRM) for the Section 1071 regulations this September to “facilitate enforcement of fair lending laws as well as enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.”
- Consumer Access to Financial Records. The Bureau notes that it is considering rulemaking to implement section 1033 of Dodd-Frank in order to address the availability of electronic consumer financial account data. The Bureau is currently reviewing comments received in response to an Advance Notice of Proposed Rulemaking (ANPR) issued last fall regarding consumer data access (covered by InfoBytes here).
- Property Assessed Clean Energy (PACE) Financing. As previously covered by InfoBytes, the Bureau published an ANPR in March 2019 seeking feedback on the unique features of PACE financing and the general implications of regulating PACE financing under TILA. The Bureau notes that it continues “to engage with stakeholders and collect information for the rulemaking, including by pursuing quantitative data on the effect of PACE on consumers’ financial outcomes.”
- Automated Valuation Models (AVM). Interagency rulemaking is currently being pursued by the Bureau, Federal Reserve Board, OCC, FDIC, NCUA, and FHFA to develop regulations for AVM quality control standards as required by Dodd-Frank amendments to FIRREA. The standards are designed to, among other things, “ensure a high level of confidence in the estimates produced by the valuation models, protect against the manipulation of data, [ ] avoid conflicts of interest, require random sample testing and reviews,” and account for any other appropriate factors. An NPRM is anticipated for December.
- Amendments to Regulation Z to Facilitate LIBOR Transition. As previously covered by InfoBytes, the Bureau issued an NPRM in June 2020 to amend Regulation Z to address the sunset of LIBOR, and to facilitate creditors’ transition away from using LIBOR as an index for variable-rate consumer products. A final rule is expected in January 2022.
- Reviewing Existing Regulations. The Bureau notes in its announcement that while it will conduct an assessment of a rule implementing HMDA (most of which took effect January 2018), it will no longer pursue two HMDA proposed rulemakings previously listed in earlier agendas related to the reporting of HMDA data points and public disclosure of HMDA data. Additionally, the Bureau states that it finished a review of Regulation Z rules implementing the Credit Card Accountability Responsibility and Disclosure Act of 2009 and plans to publish any resulting changes in the fall 2021 agenda.
The Bureau’s announcement also highlights several completed rulemaking items, including (i) a final rule that formally extended the mandatory compliance date of the General Qualified Mortgage final rule to October 1, 2022 (covered by InfoBytes here); (ii) proposed amendments to the mortgage servicing early intervention and loss mitigation-related provisions under RESPA/Regulation X (covered by a Buckley Special Alert) (the Bureau anticipates issuing a final rule before June 30, when the federal foreclosure moratoria are set to expire); and (iii) a proposed rule (covered by InfoBytes here), which would extend the effective date of two final debt collection rules to allow affected parties additional time to comply due to the ongoing Covid-19 pandemic (the Bureau plans to issue a final rule in June on whether, and for how long, it will extend the effective date once it reviews comments).
On May 24, the CFPB filed its fifth status report in the U.S. District Court for the Northern District of California as required under a stipulated settlement reached in February with a group of plaintiffs, including the California Reinvestment Coalition. The settlement (covered by InfoBytes here) resolved a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071 of the Dodd-Frank Act, which requires the Bureau to collect and disclose data on lending to women and minority-owned small businesses.
Among other things, the Bureau notes in the status report that it has satisfied the following required deadlines: (i) last September it released a Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA) outline of proposals under consideration (InfoBytes coverage here); and (ii) it convened an SBREFA panel last October and released the panel’s final report last December (InfoBytes coverage here). The Bureau reports that its rulemaking staff continues to brief new Bureau leadership on significant legal and policy issues that must be resolved in order to prepare a notice of proposed rulemaking for the Section 1071 regulations, and states that the parties have met to discuss an appropriate deadline for issuing the NPRM. According to the status report, should the parties agree on a deadline they “will jointly stipulate to the agreed date and request that the court enter that deadline.”
Find continuing Section 1071 coverage here.
On February 22, the CFPB filed its fourth status report in the U.S. District Court for the Northern District of California as required under a stipulated settlement reached in February with a group of plaintiffs, including the California Reinvestment Coalition. The settlement (covered by InfoBytes here) resolved a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071 of the Dodd-Frank Act, which requires the Bureau to collect and disclose data on lending to women and minority-owned small businesses.
Among other things, the Bureau notes in the status report that it has satisfied the following required deadlines: (i) last September it released a Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA) outline of proposals under consideration (InfoBytes coverage here); and (ii) it convened an SBREFA panel last October and released the panel’s final report last December (InfoBytes coverage here). The settlement next requires the parties to confer about a deadline for the Bureau to issue a Section 1071 notice of proposed rulemaking (NPRM). According to the status report, the Bureau’s rulemaking staff is in the process of evaluating the panel’s recommendations as well as stakeholder feedback, and has begun briefing new Bureau leadership “on the significant legal and policy issues that must be resolved to implement the Section 1071 regulations” and prepare the NPRM. The Bureau notes that the parties continue to discuss an appropriate deadline for issuing the NPRM, emphasizing that if the parties agree on a deadline, they “will jointly stipulate to the agreed date and request that the court enter that deadline.” As previously covered by InfoBytes, acting Director Dave Uejio stated recently that he has “pledged” the Bureau’s Division of Research, Markets, and Regulations “the support it needs to implement section 1071 of the Dodd-Frank Act without delay.”
Find continuing Section 1071 coverage here.
On December 15, the CFPB released a report detailing the results of the panel convened pursuant to the Small Business Regulatory Enforcement Fairness Act (SBREFA), which discussed the Bureau’s pending rulemaking to implement Section 1071 Dodd-Frank Act. Section 1071 requires the Bureau to engage in a rulemaking to collect and disclose data on lending to both women-owned and minority-owned small businesses. In September, the Bureau released a detailed outline describing the proposals under consideration for Section 1071 implementation, including factors such as scope, covered lenders, covered products, data points, and privacy (details covered by InfoBytes here). The October panel was comprised of a representative from the Bureau, the Chief Counsel for Advocacy of the Small Business Administration, and a representative from the Office of Information and Regulatory Affairs in the Office of Management and Budget. The panel consulted with small entity representatives (SERs)—those who would likely be directly affected by the Section 1071 rulemaking—to discuss the economic impacts of compliance with the outline’s proposals, as well as regulatory alternatives to the proposals.
The report includes, among other things, the feedback and recommendations made by the SERs, and the findings and recommendations of the panel. Generally, the SERs were supportive of the proposal with “many expressly support[ing] broad coverage of both financial institutions and products in the 1071 rulemaking.” The SERs backed data transparency and simple regulations but expressed significant concern that the rulemaking would cause smaller financial institutions to “incur disproportionate compliance cost compared to large [financial institutions]” and would ultimately either decrease lending or increase costs for small businesses. The SERs also recommended that the Bureau take into account different types of financial institutions operating in the small business lending market, including non-depository institutions. The report also details specific recommendations by the panel, including that the Bureau issue compliance materials in connection with the rulemaking and consider providing sample disclosure language related to the collection of race, sex, and ethnicity information for principal owners as well as women-owned and minority-owned business status.
On September 15, the CFPB released its “Outline of Proposals Under Consideration and Alternatives Considered” (Outline) for implementing the requirements of Section 1071 of the Dodd-Frank Act, which instructs the Bureau to collect and disclose data on lending to women and minority-owned small businesses. The detailed Outline describes the proposals under consideration and discusses other relevant laws, the regulatory process, and potential economic impacts. The Bureau also released a high-level summary of the Outline. Highlights of the proposals include:
- Scope. The Bureau is considering proposing that the data collection and reporting requirements would apply only to applications for credit by a small business. Financial institutions would not be required to collect and report data for women- and minority-owned businesses that are not considered “small,” as defined by the Small Business Act and the Small Business Administration’s (SBA) implementing regulations.
- Covered Lenders. The Bureau is considering proposing a broad definition of “financial institution” that would apply to a variety of entities engaged in small business lending, but is also considering proposing exemptions based on either a size-based (examples include $100 million or $200 million in assets), or activity-based threshold (examples range from 25 loans or $2.5 million to 100 loans or $10 million), or both.
- Covered Products. The Bureau is considering proposing exemptions from the definition of “credit” to include consumer-designated credit, leases, factoring, trade credit, and merchant cash advances.
- Application. Because an “application” would trigger requirements under Section 1071, the Bureau is considering proposing a definition that is largely consistent with Regulation B; however, the Bureau is also considering “clarifying circumstances,” such as inquiries/prequalifications, that would not be reportable.
- Data Points. The Bureau is considering a range of data points for collection, including, in addition to the mandatory data points required by Section 1071, “discretionary data points” to aid in fulfilling the purposes of Section 1071: “pricing, time in business, North American Industry Classification System (NAICS) code, and number of employees.”
- Privacy. The Bureau is considering using a “balancing test” for public disclosure of the data. Specifically, data “would be modified or deleted if its disclosure in unmodified form would pose risks to privacy interests that are not justified by the benefits of public disclosure.”
Additionally, the Bureau will convene a panel, as required by the Small Business Regulatory Enforcement Fairness Act (SBREFA), in October 2020 to “consult small entities regarding the potential impact of the proposals under consideration.” Feedback on the proposals is due no later than December 14.
On August 24, the CFPB filed another status report in the U.S. District Court for the Northern District of California as required under a stipulated settlement reached in February with a group of plaintiffs, including the California Reinvestment Coalition. The settlement (covered by InfoBytes here) resolved a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071 of the Dodd-Frank Act, which requires the Bureau to collect and disclose data on lending to women and minority-owned small businesses. Details on the Bureau’s first status update can be found here.
Among other things, the Bureau noted in the status report that (i) on July 22, it released a “survey of lenders to obtain estimates of the onetime costs that lenders would incur to prepare to collect data required by Section 1071”; and (ii) on August 11, it provided the SBA and the Office of Management and Budget’s Office of Information and Regulatory Affairs a draft Small Business Regulatory Enforcement Fairness Act (SBREFA) outline regarding proposals under consideration and alternatives considered. The status report emphasizes that the Bureau is “on track” to release a SBREFA outline by September 15 and convene a SBREFA panel by October 15, as required by the settlement.
- Daniel R. Alonso to moderate an interactive roundtable at the Latin Lawyer and GIR Connect: Anti-Corruption & Investigations Conference
- APPROVED Checkpoint Webcast: You have license renewal questions, we have answers
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- Daniel R. Alonso to discuss anti-money-laundering at FELABAN Spanish-language webinar “Perspective for banks: LAFT, FINCEN, OFAC, Cryptocurrency”
- Daniel R. Alonso to discuss "What’s new in BSA/AML compliance?" at the Institute of International Bankers Regulatory Compliance Seminar
- Jon David D. Langlois to discuss "Regulatory update: What you need to know under the new boss; It won’t be the same as the old boss" at the IMN Residential Mortgage Service Rights Forum (East)
- Benjamin B. Klubes to discuss “Creating a Fantastic Workplace Culture”
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek