The Consumer Financial Protection Bureau (CFPB) under the Biden administration has announced that it intends to exercise the full scope of its supervisory and enforcement authority granted under the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). The CFPB will be focused on creating new regulations, as well as increasing supervision, examination, and enforcement. This increased enforcement is also expected to bring higher fines and penalties. In terms of the CFPB’s agenda, we expect fair lending and racial equity to be at the top of the list, not only related to the access to credit but also in the servicing of existing credit. Acting CFPB Director Dave Uejio has confirmed this key area of focus, and has stated, “It’s … time for the CFPB to take bold and swift action on racial equity.” The CFPB is actively issuing civil investigative demands that include Equal Credit Opportunity Act (ECOA) and Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) components due to racial inequality issues. While fair lending has historically been an area of concern, the CFPB has traditionally been focused on consumer lending. Under the Biden administration, we expect this to continue, but to also expand into small-business lending. This article provides an overview of current oversight activities, as well as expected rulemaking and supervision, examination, and enforcement as it relates to small-business fair lending.
The First 100 Days of Biden’s CFPB—Fair Lending and Small Businesses
The CFPB has moved swiftly in the first few months of the Biden administration to push forward their racial equity agenda, with a focus on ECOA, Fair Credit, and UDAAP. Recent reports issued by the CFPB have emphasized the scrutiny of financial institutions’ handling of the Coronavirus Aid, Relief, and Economic Security (CARES) Act lending programs focused on small businesses, as well as proposed rulemaking around Section 1071 of the Dodd-Frank Act, which amended the ECOA to require that financial institutions collect, maintain, and submit to the CFPB specific information concerning credit applications for women-owned, minority-owned, and small businesses.
In April 2021, the CFPB issued their report to Congress on Fair Lending and the CFPB’s efforts to enforce fair lending regulation and laws. As noted in the report, “In 2021, the Bureau’s Fair Lending Office will be front and center in the agency’s efforts to advance racial and economic equity.” One of the three key areas of focus for the report was on small businesses.
Based on the report to Congress on Fair Lending, the CFPB has prioritized small-business lending and the assessment of financial institutions’ practices around the handling of:
Origination—Discrimination in the application, underwriting, and pricing processes
Disparate treatment or impact—Redlining
Compliance management systems—Weaknesses in fair lending oversight.
The COVID-19 Pandemic and Small-Business Access to CARES Act Lending Programs
For the CFPB to garner a greater understanding of financial institutions’ responses to the pandemic, the CFPB conducted Prioritized Assessments to assess fair lending risks associated with pandemic-focused small-business lending programs. Through these assessments, the CFPB has found inequities in the execution of these lending programs focused on small businesses.
The CFPB assessments notable findings included:
Due to current policies, some financial institutions restricted access to CARES Act-related lending programs to existing small business customers or required those without prior relationships to become customers of the institution before applying for the lending programs.
Examiners determined that these practices may have a disproportionate negative impact on a prohibited basis and run a risk of violating ECOA and Regulation B.
Uejio has stated, “Moving forward, the CFPB will take aggressive action to ensure that regulated companies follow the law and meet their obligations to assist consumers during the COVID-19 pandemic.”
Proposed Rulemaking: Section 1071 of the Dodd-Frank Act—Small-Business Lending Data Collection
In 2019, the CFPB was sued by a California advocacy group alleging the wrongful delay in the adoption of regulations to implement Section 1071 of the Dodd-Frank Act. The purpose of Section 1071 is to facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities for women-owned, minority-owned, and small businesses. Few steps had been taken by the CFPB until the courts found in favor of the advocacy group and required the CFPB to begin the rulemaking process. Given the efforts to promote racial equity and access to credit for small businesses, the CFPB is actively researching policy and working to finalize rulemaking for Section 1071, as signaled by the February 2021 CFPB status report on Section 1071. In December 2020, the CFPB issued their “Final Report of the Small Business Review Panel” on the proposed rulemaking for Section 1071. The report defines the CFPB’s proposal on the products and data points that would be in scope for complying with Section 1071 data gathering and submission requirements. The major activities of the CFPB over the past two years are noted in the timeline below and point to active engagement by the CFPB to enact substantial rulemaking in the near future.
Similarities can be drawn between the requirements for Home Mortgage Disclosure Act data submission and those that are being proposed for Section 1071, with the exception that Section 1071 focuses on all loan products, lines of credit, and business cards, which greatly increases the number of financial institutions impacted by the proposed rulemaking.
Financial institutions will be required to collect, maintain, and submit credit application data to the CFPB on an annual basis for small businesses, including those that are women-owned and minority-owned. This data will include: 12 mandatory fields—some of which most financial institutions already capture as part of the credit application and some newer fields, such as race, sex, and ethnicity of the applicant’s principal owners.
Whether the applicant is a women-owned, minority owned, and/or small business
Application/ loan number
Loan/ credit type
Loan/ credit purpose
Credit amount/ limit applied for
Credit amount/ limit approved
Type of action taken
Date action taken
Census tract (principal place of business)
Gross annual revenue
Race, sex and ethnicity of the applicant's principal owners.
According to the December report, in addition to these 12 mandatory fields, the CFPB is considering requiring the reporting of the following discretionary data points: pricing, time in business, North American Industry Classification System code, and number of employees.
Financial institutions should start to prepare for increased CFPB rulemaking, supervision, examination, and enforcement in fair lending, but not only with an eye toward the consumer but to small business portfolios as well.
Financial institutions who participated in CARES Act lending programs focused on small businesses should expect to hear from their examiners and receive letters soon if they have not already. To prepare for such examinations, among other items, institutions should consider performing their own regression analysis in order to understand their portfolio and any areas of risk. If an organization identifies an issue in either lending or servicing, it should perform a review to determine whether it disproportionately impacts one minority group.
Additionally, Section 1071 rulemaking is anticipated to impact a wide variety of financial institutions, including depository institutions, online/platform lenders, captive auto finance companies, nonprofit depository institutions, nonprofit lenders, and commercial finance companies, among others.
Currently, the CFPB is proposing approximately two calendar years from the date of issuing the Section 1071 rule for institutions to implement the data collection and reporting/submission requirements. Despite the anticipated timeframe, impacted institutions should begin to consider the implications of this anticipated rule. given the expected level of effort to comply. Organizations should conduct readiness assessments to identify possible gaps in policies, procedures, processes, and systems that will need to be closed/remediated. While this is not an all-encompassing list, we have identified a few areas for consideration and some of our related recommended actions below.