The Biden Administration Brings New Changes

Ten years after Congress passed the Dodd-Frank Act in 2010, it appears the CFPB will finally initiate rule making on the Small Business Loan Data Collection that was required by Section 1071 of the Dodd-Frank Act.

Summary:

Some requirements are clear.  The initial Data Collection List is:

• Application date
• Loan type and purpose
• Loan or credit limit amount applied for
• Loan or credit limit amount approved
• Type of action taken with respect to such application
• Date of such action
• Census tract of the principal place of business
• Gross annual revenue in fiscal year preceding application date
• Race, sex, and ethnicity of the principal owners of the business

This is serious.  The new regulation will increase banks’ Legal, Compliance, Operational and Systems Risk. The amount and complexity of the work necessary to comply, and to assure ECOA/Regulation B compliance, will increase. In addition, we will likely see the need for changes to banks’ technology and software to support these new rules.

Also concerning to many, Dodd-Frank ALSO gives the CFPB broad additional authority to expand this Data Collection List, subject only to determining that the additional data “… would facilitate enforcement of fair lending laws and to allow stakeholders to identify business and community development needs and opportunities for women-owned, minority-owned, and small businesses.”

The topic by its nature is subject to serious ambiguities.  For example, what forms of business entity will be included? Beyond sole proprietors, the subject is complicated by the different types of business entity that may be included. Consider this - is a business woman-owned if on the application date its 3-person ownership group is 2/3 women? What if one of the women sells all or part of her ownership interest to a man?  This and many other “splitting hairs” questions have arisen over these ten years as the industry studied Section 1071.  

These ambiguities will make certainty about compliance with the final regulation more difficult.  

Background; Rulemaking Process:

Background: Dodd-Frank, Section 1071 amended ECOA to require that banks compile, maintain, and submit to the Bureau certain data on applications for credit for women-owned, minority-owned, and small businesses.

Dodd-Frank directed the CFPB to adopt regulations governing collection of small business lending data, to accomplish this. Section 1071 was adopted to facilitate enforcement of fair lending laws and to allow stakeholders to identify business and community development needs and opportunities for women-owned, minority-owned, and small businesses.

Under Section 1071, for any application to a financial institution for credit made by a women-owned, minority-owned or small business, the financial institution shall ask, and record the response, whether the business is a women-owned, minority-owned or small business (regardless in what form or by what means the credit application is received and whether solicited or not).

While the law was effective July 21, 2011, banks were delayed from any compliance obligations until the final rules were implemented.  RULEMAKING HAS BEEN IN PROCESS FOR TEN YEARS.  

We do expect that the new Biden Administration will write final rules.

As with any proposed banking regulation, there will be an opportunity for review and comment.  However, in light of the cost of compliance and the risks highlighted above, the Comment Period takes on added importance.

Rulemaking Process: In December of 2020, the CFPB issued a 406-page Panel Report on the status of the rulemaking along with supplemental materials which are noted in the links below.

https://www.consumerfinance.gov/documents/9413/cfpb_1071-sbrefa-report.pdf‍

Small business lending data collection rulemaking | Consumer Financial Protection Bureau (consumerfinance.gov)

Preliminary Operational and Compliance Implications:

Small Business Lenders: The Final Rules implementing Section 1071 of Dodd-Frank will have a material impact on banks engaged in small business lending.  As the rules have not been published, many details remain unanswered such as the specific loan types to be covered, but enough is known to anticipate some potential impacts:

1. Analogies can be drawn with the data capture requirements under the Home Mortgage Disclosure Act (HMDA).  Banks will be required to build data capture processes for applicable business loan applications and capture relevant demographic and loan decisioning information.
2. Business processes will need to be developed or updated to provide more formal tracking, review and monitoring of applicable loan applications to ensure that appropriate data points are identified and captured.
3. Compliance management systems will need to be implemented to provide oversight, monitoring, testing and review of the data.
4. Lending staff, both front line and operations, will need to be trained in the compliance requirements and data collection procedures.
5. Banks should be aware of the customer experience implications. While ECOA monitoring and HMDA data capture has been in place for most mortgage loans for years, this type of data collection has not been required in the commercial lending space. Banks will need to communicate these new requirements to their borrowers.
6. Compilation and access to this data will bring Fair Lending Oversight to portions of the commercial loan portfolio.  Banks will need to review and analyze this data for any potential fair lending risks that may be present in the small business loan portfolio and take appropriate corrective action.
7. Just as banks’ consumer and mortgage lending compliance has been tested by mystery shoppers, we can expect to see outside parties deploy those strategies.

Next Steps:

1. Banks should continue to monitor developments, and comment on any proposed rulemaking to ensure that operational concerns are brought to regulators’ attention.
2. Review current small business lending practices, policies and procedures to ensure that fair lending and anti-discrimination practices are in place and that applicable staff has been trained in this area.
3. Assess operational capacity to understand the magnitude of the data collection effort.  Start thinking about the systems or system changes that would be necessary to achieve compliance.

Please note: information in this post does not constitute legal advice.  Readers should note that these rules have not been finalized and could be subject to change in the rulemaking process. Readers should contact qualified legal counsel or the CFPB to address specific legal questions. ‍