Special Alert: CFPB proposes small business loan data collection regime
Buckley Special Alert
Over a decade ago, Congress enacted an amendment to the Equal Credit Opportunity Act that directed the Consumer Financial Protection Bureau to implement a new regime for small business loan data collection similar to the regime that exists in the mortgage industry. Last week, a month before a court-imposed deadline, the Bureau issued its long-awaited proposed rule. The proposal was largely consistent with prior Bureau statements regarding its approach, but nonetheless contained some surprises that reflect the change in leadership at the CFPB. Lenders will need to carefully assess the impact of the proposed rule on their business.
The proposed rule would require a broad swath of lenders to collect data on loans they make to small businesses, including information about the loans themselves, the characteristics of the borrower, and demographic information regarding the borrower’s principal owners. This information would be reported annually to the Bureau, and eventually published by the Bureau on its website, with some potential modifications.
The statute’s stated intent is to “facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.” CFPB Acting Director Dave Uejio echoed these themes in prepared remarks, suggesting that the proposal was a step towards “a fairer, more transparent small business lending market.” But the Bureau itself acknowledges that it is engaged in a balancing exercise, weighing the intended benefits of the rule against the cost imposed on lenders (and by extension, borrowers), the risk to privacy interests, and the risk of unintended consequences that accompany any major regulatory intervention. The public, including lenders potentially subject to the rule, have 90 days to submit comments on whether the Bureau got the balance right.
The proposed rule would cover most of the small business lending market
By its terms, the statute would apply broadly to any “financial institution” that extended credit to any women-owned, minority-owned, or small business. But the statute also allowed the Bureau to exempt any “class of financial institutions” from its requirements. Last fall, as part of a process required under the Small Business Regulatory Enforcement Fairness Act (SBREFA), the Bureau suggested that it might exempt lenders based on their size (i.e., those beneath thresholds of $100 million or $200 million in assets), their loan activity (i.e., those making 25, 50, or 100 or fewer loans annually), or based on either threshold. The proposed rule lands at the broadest end of this possible spectrum, abandoning any exemptions based on size altogether and adopting the lowest of the proposed activity levels. Any financial institution that originates at least 25 “covered credit transactions” for “small businesses” in each of the two preceding years would be subject to the rule.
Any loan, line of credit, credit card, or merchant cash advance, including agricultural-purpose credit and those that are also covered by HMDA, would be considered a “covered credit transaction.” Notably, the Bureau suggested in its SBREFA Outline that it would exclude merchant cash advances, but declined to do so in the proposal, concluding that the segment is growing and presents unique fair lending risk.
Just as it did in its SBREFA Outline, the Bureau would adopt the Small Business Administration’s definition of “small business,” except that the Bureau’s definition would use a simplified size threshold of $5 million or less in gross annual revenue. This divergence will require SBA approval, which Uejio expressed confidence in getting.
The proposal’s collection requirements are triggered whenever a lender subject to the rule under the activity threshold receives a “covered credit application.” This term is defined broadly to include “any oral or written request for a covered credit transaction that is made in accordance with procedures used by [the] financial institution for the type of credit requested.” Reevaluation requests, extension requests, and renewal requests would not be considered applications (unless the request seeks additional credit amounts), nor would inquiries and prequalification requests.
The rule would require the collection of 21 data points
The statute sets forth thirteen specific data points to be collected by lenders that the Bureau refers to as “mandatory data points:”
- Whether the applicant is minority-owned
- Whether the applicant is women-owned
- Unique identifier for each application
- Application date
- Loan type (i.e., product type, guarantees, and term)
- Loan purpose
- Amount applied for
- Amount approved or extended
- The action on the application (i.e., originated, approved but not accepted, denied, withdrawn, or incomplete)
- Action date
- Census tract
- Gross annual revenue
- Race, sex, and ethnicity of the principal owners
The collection of information about the principal owner’s race, sex, and ethnicity is a major change from the SBREFA Outline, which suggested that the Bureau would likely propose the collection of such information solely based on applicant self-reporting. As the Bureau recognized at the time, “requiring reporting based on visual observation or surname could create unwarranted compliance burdens in the context of small business lending.” The proposal reverses course, and would require lenders who meet with any principal owner to determine the ethnicity and race of the principal owner if the applicant declines to provide that information. As the statute requires, the data collected regarding the principal owners’ race, sex, and ethnicity—as well as whether the business is minority-owned or women-owned—must not be shared with underwriters, unless restricting access is not feasible.
The statute also authorized the Bureau to require additional data that would advance the purposes of the statute (so-called “discretionary data points”). The CFPB’s proposed discretionary data points are consistent with this administration’s prioritization of fair lending enforcement:
- Time in business
- NAICS Code
- Number of employees
- Application method (e.g., in-person, phone, mail, online)
- Application recipient (e.g., direct or through a third party)
- Reasons for denial (providing nine specific reasons and a text box for any other reason)
- Number of principal owners (i.e., 0-4)
The SBREFA Outline envisioned the first four above; the last four were introduced in the proposal. Of particular note, pricing data is granular: for fixed-rate loans, the rate; for variable-rate loans, the margin, index value, and index name; for merchant cash advances and similar products, the difference between the amount advanced and the amount paid; and for all transactions, origination charges, broker fees, whether the fees were paid directly to the broker or to the financial institution for delivery to the broker, noninterest charges imposed over the first year, whether the financial institution could have included a prepayment penalty under its policies, and whether it did impose a prepayment penalty.
Will everything be published?
Lenders must collect and report to the Bureau annually, which will publish the data on its website — subject to modifications or deletions that it determines advance a privacy interest. The Bureau has not yet proposed modifications or deletions, but intends to issue a policy statement on its approach after it has received one full year of data.
In the meantime, however, the Bureau has made clear that it will disclose the identity of financial institutions and is generally not persuaded that competitive or reputational harms to financial institutions or increased litigation are a basis to withhold publication of data. Instead, the Bureau has indicated that its principal concern is avoiding the risk that an applicant could be re-identified through specific data points.
How will the rule impact small business lending?
The proposal would apply to thousands of small business lenders offering a wide range of products. The Bureau acknowledges the collection and reporting of this information will impose costs on lenders, some of which it expects to be passed along to borrowers.
But the most significant impact of the rule will be the Bureau’s eventual publication of the data. In its view, publication of granular data on specific lending decisions will advance the statutory goals of facilitating fair lending enforcement and business and community development. But concerns over reputational harms and increased fair lending scrutiny may also cause lenders to eliminate subjective elements of underwriting that are a traditional, and often appropriate, feature of small business underwriting. If the eventual effect of the rule is to, as one commenter put it, “artificially flatten prices,” the rule could lead to a small business lending market that is less innovative and less sensitive to actual credit risk than the market that exists today.
The public has 90 days to submit comments regarding the CFPB’s proposal.
If you have any questions regarding the CFPB’s proposed rule, please visit our Fair Lending and Fair Servicing page or contact a Buckley attorney with whom you have worked in the past.
 The proposal would exclude certain other types of credit, including trade credit, public utilities credit, securities credit, and incidental credit. The rule would also not cover factoring, leases, consumer-designated credit used for business purposes, and credit secured by certain investment properties (specifically 1-4 individual dwelling units).
 A principal owner is any individual who owns 25% or more of the small business.
 If not feasible, the institution must provide notice to the applicant of its intention to share this information.