On September 1, 2021, the Consumer Financial Protection Bureau (CFPB) issued its anticipated Notice of Proposed Rulemaking (NPRM) under Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The proposed rule will impact financial institutions of all types and sizes (e.g., depository institutions, nonbank lenders, and fintechs) and is shaping up to be similar to the Home Mortgage Disclosure Act (HMDA)—but for small business lending. The CFPB is releasing this guidance with the objectives of identifying development opportunities and risks for small businesses, including those that are women-owned and minority-owned, as well as enforcing fair lending practices.
In this client alert, Guidehouse summarizes the NPRM and offers considerations on how financial institutions can start to prepare for the finalized rule. The CFPB has indicated the comment window for the NPRM is 90 days from when the proposed rule is published in the Federal Register. For more background on the CFPB’s Section 1071 rollout and small business fair lending initiatives, please visit our previous client alert CFPB Expands Enforcement View to Include Small Business Lending.
When defining terms such as “covered financial institution” in its proposed ruling, the CFPB appears to be addressing feedback provided by the panel convened pursuant to the Small Business Regulatory Enforcement Fairness Act (SBREFA) in December 2020.2
The CFPB has adopted the definition of a “financial institution” as “any partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity that engages in any financial activity.”3
To be subject to Section 1071 reporting requirements, the covered financial institution definition denotes that the covered financial institution originates at least 25 covered credit transactions for small businesses in each of the two preceding calendar years. Those institutions that do not meet the loan origination minimum threshold of 25 would be exempt from Section 1071 collection and reporting.
Per the proposed rule, a “covered transaction” would be any oral or written application for a credit transaction with a small business, including, “among other things, loans, lines of credit, credit cards, and merchant cash advances (including such credit transactions for agricultural-purposes and those that are also covered by the Home Mortgage Disclosure Act of 1975 (HMDA)).”4
However, the CFPB provides the distinction that the credit transactions below would not be covered:
By including HMDA-reportable transactions in Section 1071 covered credit transactions, the CFPB may ease some compliance burdens on financial institutions by mitigating potential process changes that may have needed to occur if HMDA and Section 1071 data needed to be segregated from one another. Conversely, including merchant cash advances and credit transactions for agricultural purposes speaks to the wide scope of Section 1071 and its intended impact to non-depository credit institutions, as well as banks.
The proposed rule would require covered financial institutions to collect and report data on “covered applications” from small businesses.
A “covered application” is currently defined as “an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested.”6
While similar to the definition of application within the existing Regulation B, the CFPB’s definition of “covered application” excludes re-evaluation requests, extension requests, or renewal requests on existing business credit accounts unless the request seeks additional credit amounts, and excludes inquiries and prequalification requests.
The CFPB’s definition for “small business” was inspired by the Small Business Act and Small Business Administration (SBA) definitions of “business concern” and “small business concern.” However, the CFPB based its definition on gross annual revenue rather than SBA size standards.
The proposed definition for “small business” looks to “whether the business had $5 million or less in gross annual revenue for its preceding fiscal year.”7
The data to be collected and reported falls into three categories:
This data will either be gathered by the financial institution from the applicant as part of the application or generated by the financial institution based on the information provided as part of the credit decision process. The table below details the 23 data fields being proposed and the origin of the data provided by the financial institution or applicant.
Covered financial institutions currently would be permitted to leverage previously collected data if:
“(1) The data were collected within the same calendar year as the current covered application.
(2) The financial institution has no reason to believe the data are inaccurate.”9
For additional detail on the NPRM data points to be collected, refer to the CFPB’s Proposed Data Points for Small Business Lending Data Collection, which provides further description of each data field.
As part of the NPRM, the CFPB has outlined notices that covered financial institutions will be required to provide to applicants as part of the application process. The below lists these required notices.
The CFPB has proposed that its final rule to implement Section 1071 would become effective 90 days after the final rule’s publication in the Federal Register. Currently, the CFPB is proposing an 18-month implementation period for covered financial institutions from publication in the Federal Register. The NPRM is requesting comment on alternative approaches to the compliance deadline, including an approach that provides all covered financial institutions two years from the publication date for compliance and another that varies the compliance deadline based on the size of the financial institution.
The CFPB is also proposing a transitional ruling that would allow covered financial institutions to begin collecting certain demographic data ahead of the compliance date to allow covered institutions to essentially test current systems, processes, and procedures ahead of a compliance deadline.
Once in effect, the CFPB is proposing that covered financial institutions be required to collect data each calendar year, and report this data to the CFPB by June 1 of the following year.
The graphic below details the implementation timeline for the CFPB’s ruling.
The impacts of Section 1071 are going to be felt across the financial services industry as the regulation impacts organizations of all types and sizes—both smaller financial institutions and larger. For organizations that already provide HMDA data for loans secured by a dwelling, they might be one step ahead; however, Guidehouse foresees the efforts that will need to be undertaken to implement and comply will be vast—given current application and origination processes and procedures, the complexity of data collection, as well as ongoing maintenance. Financial institutions should start their evaluations now to get ahead of the curve. Key areas to consider are:
Special thanks to Shantel Silva for contributing to this article.
1 “Summary of Proposed Rulemaking: September 2021 Proposal Regarding Small Business Lending Data Collection,” Consumer Financial Protection Bureau, September 1, 2021.
2 SBREFA ensures that Small Business Review Panels review CFPB proposals under consideration during the rulemaking process for potential economic impacts to entities that would likely be subject to proposed and finalized rules.
3 See footnote 1.
4 See footnote 1.
5 See footnote 1.
6 See footnote 1.
7 See footnote 1.
8 “Proposed data points for small business lending data collection,” Consumer Financial Protection Bureau, September 1, 2021. https://files.consumerfinance.gov/f/documents/cfpb_section-1071-nprm_data-points-chart_2021-09.pdf
9 See footnote 1.
10 See footnote 1.