CFPB Issues Long-Awaited Notice of Proposed Rulemaking on Small Business Lending Data Collection

Keith Barnett, Timothy Butler, Christopher Capurso, Richard Eckman, James Stevens
Troutman Pepper
Contact
LinkedIn
Facebook
X
Send
Embed

Troutman Pepper

On September 1, the Consumer Financial Protection Bureau (CFPB) issued a 900+ page notice of proposed rulemaking (NPRM) to implement the small business lending data collection requirements under Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank). Below is a summary of the proposal.

What Is Section 1071?

Codified under the Equal Credit Opportunity Act (ECOA), Section 1071 seeks to facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities for women-owned, minority-owned, and small businesses. To achieve this goal, Section 1071 instructs the CFPB to prescribe rules and issue guidance on data collection by lenders related to small business credit. Over the last couple years, the CFPB has hosted a symposium and convened a Small Business Regulatory Enforcement Fairness Act (SBREFA) panel with an eye toward issuing a rule. Now, a little over a month past the 10-year anniversary of Dodd-Frank and the filing of a lawsuit requiring the CFPB to promulgate a regulation on Section 1071, we finally have a NPRM.

Who and What Is Covered by the Proposed Rule?

The NPRM's data collection requirements apply to covered financial institutions, which are defined as financial institutions that have originated at least 25 covered credit transactions to small businesses within the preceding two calendar years.

Financial institution is broadly defined under the NPRM to mean any partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity that engages in any financial activity (for purposes of this writing, "Business Lender"). According to the CFPB, under this definition, the requirements would apply to a variety of entities that engage in small business lending as long as they satisfy the origination threshold, including depository institutions (i.e., banks, savings associations, and credit unions), online lenders, platform lenders, community development financial institutions, lenders involved in equipment and vehicle financing, commercial finance companies, governmental lending entities, and nonprofit lenders.

The definition of covered credit transaction is similarly broad. Under the NPRM, a covered credit transaction is an extension of business credit that is not one of the following excluded transactions: (1) trade credit, (2) public utilities credit, (3) securities credit, and (4) incidental credit. In addition, factoring, leases, consumer-designated credit used for business purposes, and credit secured by certain investment properties are not covered credit transactions. This means, however, that loans, lines of credit, credit cards, and merchant cash advances (MCA), among other things, are "covered credit transactions" and thus subject to the NPRM.

In defining small business, the CFPB looked to the Small Business Administration's definition of "small business concern," which means any business that is independently owned and operated and that is not dominant in its field of operation. The CFPB has further qualified this definition by instituting a gross annual revenue threshold of $5 million or less.

What Types of Data Need To Be Collected?

The NPRM requires that Business Lenders collect the following for each covered transaction:

  • Unique identifier (to identify and retrieve specific files)
  • Application date
  • Application method
  • Application recipient
  • Credit types, including the credit product, the guarantees obtained, and the loan term
  • Credit purpose
  • Application amount
  • Amount approved or originated
  • Action taken on the application
  • Action taken date
  • Pricing information, including
    • interest rate
    • total origination charges
    • broker fees
    • initial annual charges
    • additional cost for MCA or other sales-based financing
    • prepayment penalties
  • Census tract

In addition, Business Lenders must collect the following for each applicant:

  • Gross annual revenue
  • NAICS code
  • Number of workers
  • Time in business
  • Minority-owned business status
  • Women-owned business status
  • Ethnicity, race, and sex of principal owners (defined as a person who owns at least 25% of the business)
  • Number of principal owners

The collection of demographic information from principal owners will be voluntary since the Business Lender is not required to validate the information provided and cannot force the applicant to provide it. However, the Business Lender will be required to provide information it observes on the ethnicity or race of the principal owner if there is a face-to-face meeting either in person or electronically.

Covered financial institutions must report to the CFPB on a 12-month calendar basis with the actual reporting not due until June 1 of the following year. Covered financial institutions also must retain evidence of compliance for at least three years. The CFPB will publish the data it receives on its website.

What Else Does the NPRM Say?

In addition to the data collection requirements, the NPRM prohibits employees or officers of the covered financial institution from accessing data related to whether the applicant is minority- or women-owned or the applicant's ethnicity, race, or sex if the employee or officer is involved in making any determination on the applicant's application.

When Will the Final Rule Become Effective?

The comment period for the NPRM begins on the date of its publication in the Federal Register and will continue for 90 days thereafter unless it is extended, which is possible given the impact this proposal will have on Business Lenders and the increased costs of compliance. There is a 180-day grace period after the final rule becomes effective. Therefore, it is likely the actual compliance date will not occur until sometime in 2023 or later depending upon when the rule becomes final.

The inclusion of MCAs in the NPRM will no doubt face a strong pushback from the MCA industry. MCAs are not credit since they involve the purchase of a future receivable, and there is a wealth of case law that supports this conclusion. We would not be surprised to see the industry file a lawsuit if this concept is included in the final rule, and there will no doubt be a large number of industry comments provided to the CFPB reflecting this position.

The inclusion of regulated banks and credit unions in the final proposal was a surprise to the banking industry since they were hoping that they would be excluded. The reporting requirements of this new regulation will be very burdensome on the industry, particularly for smaller banks and credit unions. We expect the industry to make these points and comment on the proposal.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Troutman Pepper | Attorney Advertising

Written by:

Troutman Pepper
Troutman Pepper
Contact
more
less

Troutman Pepper on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide