The financial services industry had been waiting with bated breath to see how the Consumer Financial Protection Bureau (Bureau) would resume efforts to prescribe rules and give guidance to implement the far-reaching Section 1071 provision, the only portion of the Bureau’s enabling statute that gives it jurisdiction to regulate business (not consumer) loans. That process has now been reinstated, and this is huge.
By way of background, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) included amendments to the Equal Credit Opportunity Act, 15 U.S.C. 1691 et seq., which is in essence an anti-discrimination law prohibiting disparate impact or intentional discrimination in lending activity. Under this amendment, grafted onto Section 1071 of the Dodd-Frank Act, companies engaged in financial activity must now undertake the following with respect to any loan application for credit for a women-owned, minority-owned, or small business:
The spirit of the law is to seek to protect commercial loan borrowers who are small businesses, minority-owned, or women-owned businesses by providing a vehicle through which datasets of similarly situated businesses can be viewed. From there, the regulators (or private actors) can analyze the data to determine whether minorities and women are getting the same rates and benefits as non-minorities and men, if the applicant profiles are alike in every other way.
Notably, the mysterious reference to “any additional data” that is deemed necessary will be clarified in the rulemaking process. The rulemaking efforts—which began during the Obama administration, was tabled, and now is being reinstated following a hiatus of several years—are resuming under current Bureau leadership in accordance with yesterday’s symposium on Section 1071 implementation and the small business lending marketplace.
There are several reasons. First, while the scope of the Section 1071 implementation appears on its surface to concern only one narrow area of consumer financial protection regulation—anti-discrimination—in actuality, Section 1071 is breathtaking in the scope of covered entity types. Unlike other portions of the Dodd-Frank Act, which specify categories of “covered persons” who may be subject to Bureau enforcement or supervision oversight, Section 1071 contains no limitation whatsoever as to types of products, services, or industries that are covered. This may include, for instance, potentially: national banks, community banks, state chartered banks, credit unions, nonbank lenders, leasing, factoring, merchant cash advances, FinTechs, and credit card issuers.
Second, the implementation process will be the time and place where the Bureau decides which types of companies and industries are covered. As written, the statute on its face currently states that the above data-collection, record-keeping, and inquiry-making activities are required of “any partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity that engages in any financial activity” that makes loans to small businesses in those subsets (e.g., minority-owned, women-owned, or small businesses).
Third, the Section 1071 rulemaking process will be the operative moment when the Bureau will be deciding “at its discretion, [whether to] delete or modify data collected under this section” as far as data that is to be made available to the public. In fact, the rule itself will be the opportunity for the Bureau to tamp down the Section 1071 requirement that any person is currently permitted to demand that the company make such data available to any member of the public, upon request, or that such company must make the data available, as a matter of due course, in annual public disclosures. Depending on how the rule is written, in other words, the data collection and publication requirements mandated by the Dodd-Frank Act could yield a treasure trove for class action plaintiffs’ attorneys in seeking to identify targets of lending discrimination actions, whether meritorious or not.
Fourth, leaving aside the threat of increased litigation disruptive to lending activities, the Section 1071 process will also directly impose potentially substantial data-collection, retention, and management obligations of business credit providers who previously had not been subject to similar consumer-protection type of regulation. If the Bureau rulemaking occurs without restraint, the forms and types of data that may be required will be potentially voluminous and crushing as to compliance burdens.
Fifth, the Dodd-Frank Act expressly allows the Bureau to write a rule that determines when and how the deletion of the data would advance a privacy interest. The rulemaking also has the potential to address how the agency is to properly effectuate the purpose of the Dodd-Frank Act without dis-incentivizing companies from engaging in offering or making business loans accessible to the very subsets of people that Section 1071 was designed to protect.
I’ll address this topic further in an upcoming speaking engagement on November 14, 2019, and in additional client updates as the topic warrants.