An Overview of the Consumer Financial Protection Bureau’s Final Rule on Small Business Lending

Introduction: The Consumer Financial Protection Bureau (CFPB) recently issued a final rule, known as the Ruler, which imposes data collection and reporting obligations on small business lenders. This article provides an in-depth analysis of the key considerations for lenders in light of these enhanced obligations.

Legal Background

The Ruler stems from Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which amended the Equal Credit Opportunity Act. This regulation requires lenders receiving small business loan applications to obtain, maintain, and periodically report certain information to the CFPB. It also mandates that the CFPB make this information public to some extent.

Overview of the Rule

The Rule applies to any financial institution with at least 100 “covered originations” in each of the preceding two calendar years. The definition of a “Financial Institution” is broad, encompassing various entities engaged in financial activities, including traditional bank lenders, direct lenders, alternative lenders, and private credit institutions. Covered originations refer to specific types of credit extensions for “small businesses,” defined as businesses with gross receipts of no more than $5 million in the previous fiscal year.

The Rule imposes three types of reporting requirements on lenders:

1. Lenders must report lender-generated data, such as the credit application method and actions taken in relation to the application.
2. Lenders must report data collected from applicants or third parties, including the purpose of the credit, amount requested, and details about the applicants’ businesses.
3. Lenders must report demographic data collected from applicants, including information on minority-owned businesses and principal owners.

In addition to reporting requirements, the Rule also mandates that lenders maintain certain policies and procedures. These include:

1. Procedures to obtain a response to each request for demographic and other data from the requester.
2. Methods to identify and address indications of potential discouragement that may cause applicants to refuse to provide requested information.
3. A “firewall” to protect confidential information provided by applicants, restricting access to relevant credit and other determinations.

The Rule recognizes that unintentional errors may occur despite the maintenance of proper procedures. It establishes a numerical threshold below which errors are presumed to be bona fide, and safe harbors are provided for certain types of inaccuracies in reported data.

Compliance Considerations

The compliance timeline for smaller lenders is phased in gradually. Lenders with at least 2,500 total covered originations by 2022 and 2023 will need to comply with the Rule starting in October 2024. Lenders must take several steps to ensure compliance:

1. Analyze potentially covered credit transactions to determine if the Rule applies and collect necessary accurate data.
2. Accurately collect and analyze information about applicants, including their demographic characteristics.
3. Maintain procedures to identify and respond to signs of possible discouragement during the credit and loan process.
4. Develop practices to maintain the required “firewall” and identify individuals involved in determining credit extension.

Final Remarks

The Office Rule implementing Section 1071 has faced controversy. It followed a lawsuit filed by community groups and prompted extensive comments, with many expressing concern about the burdens it imposes on lenders. Litigation challenging the Rule is currently pending, but small business lenders must still prepare for compliance. The Rule poses significant administrative burdens and compliance costs, particularly for community and local institutions. It may also present challenges for larger institutions trying to align with existing frameworks for collecting consumer information. To navigate these complexities, industry participants in small business lending should seek legal counsel to ensure compliance.

Exploring the Impact of the Rule on Small Business Lenders

While the final rule on small business lending issued by the CFPB aims to enhance transparency and ensure equal access to credit for small businesses, it also poses challenges and considerations for lenders:

Increased Reporting Requirements

The Rule’s reporting obligations necessitate lenders to collect and report extensive data on small business loan applications. This increased paperwork can place additional burdens on lenders, particularly smaller community-based institutions that may not have the same resources as larger institutions.

Data Collection Challenges

Accurately collecting and analyzing the necessary information, including demographic data, about loan applicants can be complex for lenders. This may require implementing new systems and processes to capture and record the required data accurately.

Compliance Costs

Complying with the Rule’s requirements can be costly for lenders, particularly those with limited resources. Implementing the necessary policies, training staff, and ensuring consistent adherence to the reporting obligations can strain the budget and operations of small lenders.

Balancing Customer Experience and Compliance

Lenders must strike a balance between obtaining the required data and providing a seamless customer experience. They need to collect the necessary information while ensuring it does not discourage applicants or create unnecessary hurdles in the loan application process.

Tracking and Monitoring Compliance

Keeping up with the evolving regulatory landscape and ensuring ongoing compliance with the Rule can be a challenge. Lenders must establish robust monitoring and tracking mechanisms to stay informed of any updates or changes to the reporting requirements.

Summary:

The CFPB’s final rule on small business lending, known as the Ruler, imposes data collection and reporting obligations on lenders. The Rule applies to financial institutions with at least 100 “covered originations” in the preceding two calendar years, encompassing both traditional bank lenders and alternative lenders. Lenders are required to report various types of information, including lender-generated data, data collected from applicants or third parties, and demographic data. Compliance considerations include analyzing credit transactions, accurately collecting applicant information, maintaining procedures, and developing practices to protect confidential information. Despite the controversy surrounding the Rule, small business lenders must prepare for compliance. The Rule poses administrative burdens and costs, with potential challenges for both small and large institutions. By understanding the requirements and seeking legal counsel, lenders can navigate the complexities and fulfill their compliance obligations under the Rule.

a recent ruler (12 CFR Part 1002, the “Ruler”) issued in final form by the Consumer Financial Protection Bureau (the “CFPB”) earlier this year imposes a series of data collection and reporting obligations on small business lenders. This article provides a high-level overview of key considerations for lenders in light of such enhanced obligations.

LEGAL BACKGROUND:

The Rule, issued on March 30, 2023, implements Section 1071 (“Section 1071”) of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Section 1071, which amended the Equal Credit Opportunity Act, requires lenders receiving small business loan applications to obtain, maintain, and periodically report to the CFPB certain information about applicants. In addition, Section 1071 provides that the CFPB will, in some way, make the information it receives public.

RULE:

Application: The Rule’s reporting requirements apply to any financial institution with at least 100 “covered originations” in each of the preceding two calendar years. “Financial Institution” is broadly defined to cover a range of entities engaged in “any financial activity”, meaning this definition, and by extension the Rule, could apply to both “traditional” bank lenders and lenders direct or alternative or to private credit. money. Covered originations are certain types of credit extensions for “small businesses” (defined as businesses with gross receipts of no more than $5 million in the fiscal year preceding the time of determination).

Requirements:

• Lenders must report to the CFPB three types of information in connection with each consumer request (particularly whether written or oral) for a covered credit transaction, including any refinancing of existing debt:

• • Lender-generated data (eg, credit application method and actions taken with respect to credit application);
  • Data collected from applicants or third parties (eg, purpose of credit, amount requested, and details about applicants’ business); and
  • Demographic data collected from applicants, including the status of minority-owned businesses and information on principal owners.

• In addition, lenders must maintain certain policies and procedures, including:

  • Procedures reasonably designed to obtain a response to each request for demographic and other data provided by the requester;
  • Methods for recognizing and addressing “indications of potential discouragement”, that is, practices that could cause applicants to refuse to provide requested information. Please note that the CFPB issued a statement that it will “use its supervisory and enforcement authorities to focus on compliance with this requirement by covered lenders”); and
  • A “firewall” so that, with certain exceptions, persons making relevant credit and other determinations regarding an application covered by a small business do not have access to confidential information provided by applicants pursuant to the Rule.

• Unintentional errors that occur despite the maintenance of proper procedures will not result in violations of the Rule. There is a presumption that errors below a numerical threshold are bona fide. Safe harbors also apply for certain types of inaccuracies in reported data.

COMPLIANCE CONSIDERATIONS:

• Smaller lenders will have more time to prepare for compliance than larger lenders. Compliance requirements will be phased in beginning in October 2024 for lenders with at least 2,500 total covered originations by 2022 and 2023.
• Among other things, lenders must:
  • Analyze potentially covered credit transactions to determine if the Rule applies and, if so, collect and provide the necessary accurate data. In addition to developing effective routines to ensure accurate and timely reporting, this process involves the accurate identification of relevant data for each covered transaction, such as:
    • the object and type of credit;
    • the application method for said credit;
    • reportable amounts (requested and approved amounts);
    • Price information; and
    • where appropriate, reasons for the approval or denial of said credit;
  • Accurately collect and analyze information about applicants, including the identification of relevant demographic and other characteristics;
  • Maintain procedures to “identify and respond to signs of possible discouragement” in the credit and loan process; and
  • Develop practices to ensure proper maintenance of the aforementioned “firewall”. This would involve precisely identifying which individuals are (or are not) involved in determining whether to extend credit to a given applicant.

FINAL REMARKS:

The Office Rule implementing Section 1071 has been the subject of considerable controversy. The rulemaking followed a lawsuit filed by community groups seeking to force the Bureau to enact the Rule, and the process generated voluminous comment, many critical of the new burdens the Rule will place on lenders. Currently, litigation is pending in Texas federal district court in which industry groups argue that the Rule should be set aside. However, as a practical matter, small business lenders must take steps now to ensure that they can meet their future compliance obligations under the Rule. As outlined above, the rule imposes substantial new administrative burdens and compliance could prove costly and challenging, especially for community and local institutions. It also seems likely that the Rule will present challenges for larger institutions, whose existing frameworks for collecting demographic and other consumer information (for example, as required by federal fair lending laws) may not easily align with the Rule’s various requirements. . Noting the broad applicability of the Rule, the many new requirements it imposes, and the Office’s stated intent to make the “discouragement” provisions of the Rule a compliance priority, participating industry participants in small business loans should work with an attorney to prepare for compliance.