On September 1, 2021, the CFPB issued a proposed rule that would add a new subpart to Regulation B, which implements the federal Equal Credit Opportunity Act (ECOA). The rule would implement Section 1071 of the Dodd-Frank Act and require covered financial institutions to report small business lending data. The objective is to create a centralized database of small business credit applications and make that database publicly available in order to facilitate ECOA compliance and highlight underserved areas of the small business market.
The rule would apply to “financial institutions”, defined broadly to include businesses “engaged in financial activity”, including depository institutions, non-bank lenders, fintechs, and platform lenders. Covered transactions would include merchant cash advances, equipment financing, loans, lines of credit, and credit cards but would not include factoring transactions, trade credit, or leases. For purposes of the rule, a “small business” includes any business with $5 million or less in gross revenue for the preceding fiscal year.
Covered entities that have originated at least 25 covered transactions for small businesses in each of the preceding two calendar years would be required to file reports on their small-business transactions for the previous twelve-month period by June 1 of the following year. The data points required to be reported would include both demographic information (i.e., the race and sex of the applicant’s principal owners) and information about the type of credit sought, action taken on the application, whether guarantees were required, pricing information, and the census tract in which the business is located.
The proposed rule also implements the “firewall” provision of Section 1071, which requires covered financial institutions to limit access for employees and officers responsible for evaluating the application to data regarding a credit applicant’s minority-owned or women-owned business status and the applicant’s principal owners’ sex, race, and ethnicity. The rule provides an exception for situations in which the financial institution determines that limiting access is not feasible and discloses to the applicant that such individuals will have access to that type of data. The proposed rule contains a sample notice to be used for this purpose.
The rulemaking is part of a years-long process of study and data collection by the CFPB, which began focusing on compliance with ECOA in the small business lending space soon after the Bureau’s creation in 2011. The ECOA protects applicants for both consumer and small business credit. The ECOA and Regulation B prohibit creditors from discriminating on the basis of an applicant’s race or sex (among other protected characteristics) at all stages of a credit transaction and require creditors who take adverse action on an application, including extending credit at a higher price, to notify the applicant of the action and the principal reasons for it.
The dual focus on consumers and small businesses puts the ECOA, and the proposed data collection rule, at the crossroads of two significant trends in financial regulatory enforcement. First, the pandemic highlighted the impact that access to credit has on small businesses’ ability to weather economic shocks and the need to increase access to credit for women and minority-owned businesses. Second, the CFPB has made financial inclusion and racial equality a key theme under the Biden Administration. We expect the CFPB to use its enforcement authority under the ECOA and the data it collects under the current proposal to advance these initiatives with respect to both consumers and small businesses.