Brief Summary of the CFPB’s Small Business Loan Data Proposed Rule to Implement Dodd-Frank Act 1071
On September 1, 2021, the CFPB issued its long-awaited proposed rule to implement Section 1071 of the Dodd-Frank Act, which amended the Equal Credit Opportunity Act (“ECOA”) to require financial institutions to collect and report data regarding applications for women-owned, minority-owned, and small business loans. The purpose of this statutory requirement is to “facilitate enforcement of fair lending laws,” and enable the public to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.
As background, section 1071’s amendment to ECOA requires the data to include “the race, sex, and ethnicity of the principal owners of the business,” as well as, “any additional data that the Bureau determines would aid in fulfilling the purposes of this section.” But the amendment to ECOA required the CFPB to issue rules to implement the requirement. There was controversy surrounding the CFPB’s long-inaction in implementing this requirement, including a lawsuit and a settlement between the CFPB and the California Reinvestment Coalition that required the CFPB to issue the proposal by September 30. And as we’ve written about before, the CFPB’s Acting Director had stated earlier this year that he was giving the CFPB’s rulemaking office the “support it needs to implement section 1071 of the Dodd-Frank Act without delay.” So we anticipate that the CFPB will work expeditiously on this rulemaking after the comment period closes.
There will be a 90-day comment period after publication in the Federal Register. But the proposal is quite substantial (over 900 pages), so there is a lot to review and analyze. Some of the major issues with this proposed rule will be the scope of the rule, the specific data points required (including the discretionary data points the CFPB proposed), and how the data will be modified before being made public. An overarching concern with this new rule is that all of this new data will be used for fair lending supervision and enforcement by the government, as well as for litigation by the public.
Here are some basics about the proposal.
I. Scope
The proposed rule would apply to “covered financial institutions,” which is defined to mean a, “financial institution that originated at least 25 covered credit transactions for small businesses in each of the two preceding calendar years.” This was the lowest lending frequency threshold proposed by the CFPB at its SBREFA Panel for the proposal, and the proposal does not contain an exemption for small depository institutions. The CFPB as part of its SBREFA panel indicated that it was also considering higher thresholds of 50 or 100 loans (along with dollar-volume based thresholds), as well as an exemption for small depository institutions using an asset-based threshold of $100 or $200 million. But the CFPB stated in the proposed rule that it, “continues to consider whether this loan-volume threshold should be set at a different level, such as 50 or 100 originations, as described in the SBREFA Outline.”
The term “financial institution” is broadly defined to include, “any partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity that engages in any financial activity.” It is not limited to depository institutions. The CFPB stated in the proposal that the definition would apply to a “variety of entities” including, “online lenders, platform lenders, CDFIs, lenders involved in equipment and vehicle financing (captive financing companies and independent financing companies), commercial finance companies, governmental lending entities, and nonprofit, nondepository lenders.” Many lenders (and governmental entities) that have never heard of the CFPB before would become subject to this rule.
The requirement to collect data would apply to “covered applications” for a “covered credit transaction” from “small businesses.” A “covered application” is defined as “an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested,” but would not include “inquiries and prequalification requests.”
A “covered credit transaction” is defined broadly as an “extension of business credit,” but there are a few exclusions for trade credit, public utilities credit, securities credit, and incidental credit. The exceptions are important to note, because of the many different forms business financing can take. For example, the proposed commentary has exclusions for factoring, leases, consumer-designated credit that is used for business purposes, and credit secured by 1-4 dwelling unit investment properties (something mortgage companies should note).
“Small business” has the same definition as “small business concern” in the Small Business Act (specifically cited as 15 U.S.C. § 632(a) (the Small Business Administration’s enabling statute, as implemented in 13 CFR 121.101 through 121.107), but has an alternative to SBA’s size standards in 13 CFR 121.201, which is gross annual revenue, as defined in § 1002.107(a)(14), for its preceding fiscal year of $5 million or less.
II. Data
Covered financial institutions would be required to collect and report the following 20 data points according to the rule, the commentary, and a Filing Instructions Guide (yet to be published). Note that these data points are extensive, and many require free-form text. And note that the proposal has a model form and specific instructions for the collection of the race, ethnicity, and sex information under numbers 18-20 below.
1. Unique Identifier – the Legal Identity Identifier (LEI) and a unique loan identifier for the specific application.
2. Application Date – Date the application was received or the date shown on an application form.
3. Application Method – Whether the application was submitted in–person, by telephone, online, or by mail.
4. Application Recipient – Whether the application was submitted directly to the financial institution or its affiliate, or indirectly via a third party.
5. Credit Type – Including the credit product (from a specific list, or free-form text if not on the list), the type of guarantees (up to five, from a specific list, or free-form text if not on the list), and the loan term.
6. Credit Purpose – Purpose of the credit (from a specific list, or free-form text if not on the list).
7. Amount Applied For – Initial amount of the credit requested.
8. Amount Approved or Originated – The amount of credit approved but not accepted, the amount of credit originated, or the credit limit approved.
9. Action Taken – The action taken, reported as originated, approved but not accepted, denied, withdrawn by the applicant, or incomplete.
10. Action Taken Date – The date of the action taken.
11. Denial Reasons – The principal reasons the application was denied, indicating up to four from a prescribed list (or free-form text, if the reason is not adequately described on the list).
12. Pricing Information – Including the interest rate, the origination charges, broker fees, initial annual charges, additional cost for merchant cash advances or other sales-based financing, and prepayment penalties.
13. Census Tract – The census tract where the loan proceeds will be applied (e.g., the site where the proceeds of a construction loan will be applied), but if unknown, the address or location of the main office or headquarters of the applicant. If both are unknown, another address or location associated with the applicant.
14. Gross Annual Revenue – The gross annual revenue of the applicant for its preceding fiscal year prior to the information being collected (it is permitted to include affiliates).
15. NAICS Code – The 6-digit NAICS code for the applicant.
16. Number of Workers – The number of non-owners working for the applicant (part-time and seasonal employees, as well as contractors who work primarily for the applicant, would be counted as workers).
17. Time in Business – The time the applicant has been in business.
18. Minority-Owned Business Status – Whether the applicant is a minority-owned business, which must be collected as prescribed under the rule. This is defined as a “business for which more than 50% of its ownership or control is held by one or more minority individuals, and more than 50% of its net profits or losses accrue to one or more minority individuals.”
19. Women-Owned Business Status – Whether the applicant is a women-owned business, which must be collected as prescribed under the rule. This is defined as a “business for which more than 50% of its ownership or control is held by one or more women, and more than 50% of its net profits or losses accrue to one or more women.”
20. Ethnicity, Race, and Sex - The ethnicity, race, and sex of the applicant’s principal owners, which must be collected as prescribed under the rule.
Regarding the Ethnicity, Race, and Sex data, the proposal has some similarities and additions compared to the CFPB’s 2015 HMDA rule. Similar to the CFPB’s 2015 HMDA rule, the proposed rule uses both aggregate and disaggregated categories, as well as free-form text for “Other” selections. But the CFPB proposed new disaggregated categories for the “Black” aggregate category, which were not in the 2015 HMDA rule, which include Ethiopian, Haitian, Jamaican, Nigerian, Somali, and Other. In addition, the “Sex” data would include an additional option that was not in the 2015 HMDA rule, which is “I prefer to self-identify as:”, with the ability of the applicant to write in free-form text.
The CFPB sought comment on whether it should add an additional category for Middle Eastern or North African. In addition, the CFPB sought comment on whether it should add disaggregated subcategories for the White category, and if so, what disaggregated subcategories should be, and whether the applicant should be permitted to write in free-form text. Another interesting issue is that it appears the CFPB did not conduct any qualitative usability testing of their sample form.
21. Number of Principal Owners – Number of principal owners.
III. Reporting and Publication of Data
The proposed rule would require submission of the data in the format required by the CFPB on or before June 1 of the year following the collection. The CFPB would make the data available on an annual basis, subject to deletions or modification for privacy interests.
IV. Implementation Period
The proposal states that compliance with the rule would begin approximately 18 months after the date of publication of the final rule. The CFPB expects to set a date certain for the compliance date, and provided the example of publication of the final rule in June 2023, with a compliance date of January 1, 2025. The CFPB stated that it is considering requiring or permitting collection of data on a partial year basis, if the compliance date were to fall mid-year.
Although some small entity representatives at the CFPB’s SBREFA panel said that two years or more would be necessary to implement the rule, the CFPB proposed 18 months, noting that some community group stakeholders supported a one-year period. The CFPB said that 18 months was a compromise between the two groups of stakeholders, and that a shorter period would serve the interest of the statute, in light of the length of time since the passage of the Dodd-Frank Act.
The CFPB specifically sought comment on whether the implementation period should be two years, and whether there should be different compliance date based on the size of the financial institution.
V. Other Issues
There are many other issues in the proposed rule. They include: (1) how financial institutions treat data that they’ve verified versus the applicant’s statements; (2) the time and manner of the data collection; (3) use of previously collected data; (4) a prohibition against decision-making employees having access to the race/ethnicity/minority or women-owned status data; and (5) how the public data would be modified for privacy concerns (the CFPB proposes to use a balancing test similar to the HMDA rule). In addition, it is true that with complex rules, the devil is in the details.
We plan on doing a deeper dive into the proposed rule for our clients in the coming weeks. The proposal is available at: https://www.consumerfinance.gov/rules-policy/rules-under-development/small-business-lending-data-collection-under-equal-credit-opportunity-act-regulation-b/.
Please contact rich@garrishorn.com if you would like to discuss the proposed rule, or would like any assistance with drafting a comment letter.