On September 1, the CFPB issued a Notice of Proposed Rulemaking (NPRM) to implement Section 1071 of the Dodd-Frank Act, which amended the Equal Credit Opportunity Act (ECOA) to require financial institutions to collect and report data regarding credit applications made by women-owned, minority-owned, and small businesses (we previously discussed the proposed rule in an earlier Consumer Finance & FinTech Blog post here).  The proposed rulemaking is an expansive 918 pages and the CFPB provides both a summary and table of contents to assist industry participants in their review and comments.

Section 1071’s statutory purposes are to facilitate enforcement of fair lending laws by requiring the collection of data on “the race, sex, and ethnicity of the principal owners of the business.”  Among other things, the proposed rule includes the following highlights:

  • Covered Financial Institutions. The NPRM’s data collection requirements apply to financial institutions that have originated at least 25 covered credit transactions to small businesses within the preceding two calendar years.
  • Covered Credit Transaction. The NPRM requires that covered credit transactions be an “extension of business credit” that is not a trade credit, public utilities credit, securities credit, and incidental credit.  Thus, it also includes, among other things, loans, lines of credit, credit cards, and merchant cash advances.  Factoring, leases, consumer-designated credit used for business purposes, and credit secured by certain investment properties are not covered credit transactions.
  • Small Business. The NPRM borrows from the Small Business Administration’s definition of “small business concern” and applies to those that had $5 million or less in gross annual revenue for its preceding fiscal year.
  • Data Points. A covered financial institution would be required to collect and report certain data points mandated by statute.  For the collection of data that is self-reported by the applicant, the financial institution is generally not required to verify the information.
  • Implementation period. Comments on the NPRM will be due no later than 90 days after the date it is published in the Federal Register.  Covered financial institutions would be required to report their data on June 1 of the following year.  Compliance with the final rule would not be required until approximately 18 months after the final rule is published.

Putting It Into Practice:  The CFPB’s proposed rule illustrates the recent trend – on both federal and state levels – of the substantial compliance and regulatory burdens on financial services companies offering credit to small businesses.  For instance, the Department of Financial Protection and Innovation (DFPI) in California recently proposed new regulations on unfair, deceptive, and abusive acts and practices (UDAAP) in connection with small businesses lending. And while not as extensive as the Section 1071 reporting requirements, the DFPI also proposes a new reporting requirement for anyone offering commercial financing to small businesses in California, regardless of whether they are licensed under the California Financing Law.  As regulatory scrutiny over small business lending appears to be increasing, it is vital that institutions carefully review and understand any new rules that may impact their businesses as part of their compliance process.  Small business lenders should be especially concerned because 1071 data will likely be a launching pad for the CFPB and others to embark on supervisory exams and enforcement actions in the near future.