Small Business Lending Data Collection
On September 1, 2021, the CFPB issued a notice of proposed rulemaking inviting the public to comment on its proposal to implement the collection and reporting requirements of certain data for small business credit applications set forth in Section 1071 of the Dodd-Frank Act. Section 1071 amended the Equal Credit Opportunity Act (ECOA) to require financial institutions to compile, maintain, and submit to the Bureau certain data on applications for credit for women-owned, minority-owned, and small businesses. To implement the requirements set forth in the provision, the Bureau is proposing to add a new subpart B to Regulation B.
The proposed requirements placed on financial institutions are outlined below.
Covered Financial Institutions
A Section 1071“covered financial institution” would be a “financial institution” that “originated at least 25 ‘covered’ credit transactions to and applications from ‘small businesses’ in each of the two preceding calendar years.”
This definition covers “any entity that engages in financial activity and includes both depository institutions and non-depository institutions such as online lenders, platform lenders, lenders involved in equipment and vehicle financing, and commercial finance companies.”
Covered Applications, Covered Credit Transactions, and Small Businesses
The Bureau is proposing that covered financial institutions collect and report data regarding “covered applications” from “small businesses.”
“Small business” will be defined by reference to the definitions of “small business concern” as set out in the Small Business Act (SBA).
A “covered application” is an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested. Despite this definition being largely consistent with the existing Regulation B definition of “application,” certain circumstances would not be covered applications, even if they are considered applications under existing Regulation B, including:
Reevaluation requests, extension requests, or renewal requests on an existing business credit account, unless the request seeks additional credit amounts; or
Inquiries and prequalification requests.
A “covered credit transaction” as a transaction that meets the definition of “business credit” under existing Regulation B.1 However, under the proposal, certain transactions would not be covered credit transactions even if they satisfy the definition of “business credit.”2
Proposed Requirements to Collect and Report Data
The statute includes mandatory data points that financial institutions would be required to generate or provide. These data points include:
Whether the applicant is minority-owned
Whether the applicant is women-owned
Unique identifier for each application
Application date
Loan type (i.e., product type, guarantees, and term)
Loan purpose
Amount applied for
Amount approved or extended
The action on the application (i.e., originated, approved but not accepted, denied, withdrawn, or incomplete)
Action date
Census tract
Gross annual revenue
Race, sex, and ethnicity of the principal owners
Data points about the principal owner’s race, sex, and ethnicity may be provided by the applicant on a “self-reporting” basis.
Although the NPRM does not require that a financial institution itself to report on these data points, it does require that lenders who meet with any principal owner (even by electronic meeting) try to determine the ethnicity and race of the principal owner if the applicant declines to provide that information.
Financial Institutions are recommended to create a “firewall” in which the data collected regarding the principal owner’s race, sex, and ethnicity must not be shared with underwriters, unless restricting said access is not feasible.
The NPRM also includes a sample data collection form, which includes a notice to applicants that the financial institution is not permitted to discriminate on the basis of an applicant’s minority-owned business status, women-owned business status, or on any principal owner’s ethnicity, race, or sex. Covered financial institutions would be required to provide this non-discrimination notice to applicants.
The statute further authorized the Bureau to require additional “discretionary” data points to advance the purposes of the statute, including:
Pricing
Time in business
NAICS Code
Number of employees
Application method (e.g., in-person, phone, mail, online)
Application recipient (e.g., direct or through a third party)
Reasons for denial (providing nine specific reasons and a text box for any other reason)
Number of principal owners (i.e., 0-4)
Each of these data points is identified in the Chart of Proposed Data Points provided by
the CFPB.3
Proposed Requirements to Report Data to the Bureau and Provisions Regarding Availability and Publication of Data
Covered financial institutions will be required to collect data on a calendar-year basis and report their data to the Bureau by June 1 of the following year. The submitted data (subject to certain modifications or deletions the Bureau determines would advance a privacy interest) will be made available to the public on an annual basis.
The Bureau’s publication of data will satisfy financial institutions’ statutory obligation to make data available to the public upon request. As such, a covered financial institution would be required to make available to the public on its website, or otherwise upon request, a statement that the covered financial institution’s small business lending application register, as modified by the Bureau, is or will be available on the Bureau’s website.
Proposed Recordkeeping Requirements, Proposed Effective and Compliance Dates, and Other Provisions
The statute addresses issues related to recordkeeping, including a proposed requirement to retain evidence of compliance, including a copy of small business lending application registers for at least three years and maintenance of an applicant’s responses to the Section 1071 “self-reporting” data points.
The statute also includes proposed provisions regarding enforcement of violations, bona fide errors, and safe harbors for certain incorrect entries of census tracts, NAICS codes, application dates, and incorrect determinations of small business status.
The final rule to implement Section 1071 would become effective 90 days after that final rule’s publication in the Federal Register. However, compliance with the final rule would not be required until approximately 18 months after publication in the Federal Register.
There is a proposed transitional provision that would permit financial institutions to begin collecting minority-owned business status, women-owned business status, and principal owners’ ethnicity, race, and sex information prior to the compliance date and one that would permit financial institutions to use either the two calendar years immediately preceding the effective date or the second and third years preceding the compliance date to determine coverage.
If you have any questions or concerns regarding this notice of proposed rulemaking, contact Kennedy Sutherland to receive guidance or advice on the matter.
https://www.consumerfinance.gov/rules-policy/regulations/1002/2/#f
Under the NPRM, exclusions include financing arrangements wherein a business acquires goods or services from another business without making immediate payment to the business providing the goods or services (i.e., trade credit); Public utilities credit as defined in Regulation B, 12 CFR 1002.3(a)(1); Securities credit as defined in Regulation B, 12 CFR 1002.3(b)(1); Incidental credit as defined in Regulation B, 12 CFR 1002.3(c)(1), but without regard to whether the credit is consumer credit, is extended by a creditor, or is extended to a consumer; and factoring, leases, consumer-designated credit used for business purposes, and credit secured by certain investment properties would not be covered credit transactions.
https://files.consumerfinance.gov/f/documents/cfpb_section-1071-nprm_data-points-chart_2021-09.pdf