US CFPB Publishes Final Rule for Small Business Lending Data Collection and Reporting

CFPB Small Business RuleThe US Consumer Financial Protection Bureau (CFPB) has issued its final rule for small business lending data collection and reporting in compliance with Section 1071 of the Dodd-Frank Act. The new requirements apply to covered financial institutions, including depository institutions, online lenders, and commercial finance companies. The rule mandates collecting and reporting extensive data about small business loans, including information about the borrower and principal owners of the business. The CFPB has established a multi-tiered implementation schedule. The new reporting requirements are expected to be particularly challenging for lenders who do not currently comply with the Home Mortgage Disclosure Act (HMDA) reporting requirements.

Implementation Challenges for Covered Financial Institutions

The final rule requires covered financial institutions to collect and report data about their small business lending activities. This includes credit extended to businesses with gross annual revenue of $5 million or less. Lenders must collect and report extensive data about the transaction, the small business applicant, and the principal owners of the business. Covered financial institutions include many lenders, from depository institutions to governmental lending entities and not-for-profit lenders.

To comply with the new requirements, covered financial institutions must develop new systems and processes for data collection and reporting. This will be particularly challenging for lenders who do not currently comply with HMDA reporting requirements, as they must develop entirely new reporting structures. The CFPB has established a multi-tiered implementation schedule, with different deadlines depending on the number of small business loans a lender originates.

limit access to certain sensitive dataProtecting Sensitive Data and Avoiding Discrimination

In addition to the data collection and reporting requirements, the final rule requires covered financial institutions to develop a “firewall” to limit access to certain sensitive data. Specifically, employees and officers responsible for making a determination about a small business applicant’s application are prohibited from accessing data collected about the applicant’s status as a minority-owned, woman-owned, or LGBTQI+-owned business or about the ethnicity, race, and sex of the applicant’s principal owner(s). The final rule also prohibits covered financial institutions from disclosing collected demographic information to other parties, except in limited circumstances.

A Fictional Example Of The New CFPB Debt Collection Rules’ Impact

A community development financial institution specializing in lending to women-owned businesses must comply with the new data collection and reporting requirements under the final rule. To comply, the institution must develop new systems and processes for data collection and reporting. They will need to collect and report extensive data about the transaction, the small business applicant, and the principal owners of the business. They will also need to develop a “firewall” to limit access to sensitive data and ensure that employees and officers do not access data that could result in discrimination. The institution must ensure that they are collecting and reporting data accurately and efficiently while protecting small business applicants’ privacy.

New Small Business CFPB Rules, Conclusion

In conclusion, the US CFPB’s final rule for small business lending data collection and reporting has wide-reaching ramifications for the industry. Covered financial institutions must develop new systems and processes for data collection and reporting and comply with new requirements for protecting sensitive data and avoiding discrimination. While the implementation process is likely to be challenging, the new reporting requirements are designed to effectuate fair lending laws with respect to women-owned, minority-owned, and small businesses. As the industry prepares for the new requirements, it will be important to ensure that data is collected and reported accurately and efficiently while protecting small business applicants’ privacy.

Section 1071 Final Rule FAQ

What is the CFPB’s Section 1071 Final Rule?

The CFPB’s Section 1071 Final Rule is a regulation that requires covered financial institutions to collect and report data on applications for credit for small businesses, including those that are owned by women or minorities. The rule is intended to increase transparency in small business lending, promote economic development, and combat unlawful discrimination.

What does the rule apply to?

The rule applies to financial institutions that make or hold small business loans. A small business loan is a loan that is made to a business that has fewer than 500 employees and annual gross revenues of less than $7 million.

What data must be collected?

The rule requires covered financial institutions to collect data on each small business loan application that they receive. The data that must be collected includes the following:

  • The applicant’s name, address, and business type
  • The amount of the loan requested
  • The purpose of the loan
  • The applicant’s credit history
  • The applicant’s race, ethnicity, and gender
  • The decision on the loan application

What are the record keeping requirements?

The rule requires covered financial institutions to keep records of the data that they collect. These records must be kept for at least five years.

When is the rule effective?

The rule is effective on October 1, 2024. Covered financial institutions must begin collecting data on small business loan applications on that date. The CFPB will begin publishing the data that it collects on an annual basis.

What are the enforcement provisions?

The CFPB may take enforcement action against covered financial institutions that violate the rule. The CFPB may impose civil penalties, require the financial institution to take corrective action, or both.

What are the privacy protections?

The rule includes a number of privacy protections. The CFPB will not publish the data that it collects on small business loan applications in a way that would identify individual applicants. The CFPB will also shield certain demographic data from underwriters and other persons who are not authorized to have access to that data.

Where can I get more information?

The CFPB has published a number of resources on the Section 1071 Final Rule. These resources can be found on the CFPB’s website: https://www.consumerfinance.gov/1071-rule/

 

 

Close Popup

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

Close Popup
Share This