Key Aspects Of Consumer Financial Protection Bureau's New Small Business Data Collection Rule - Dodd-Frank, Consumer Protection Act

The U.S. Consumer Financial Protection Bureau (CFPB or the Bureau) has published its final rule implementing Section 1071 of the Dodd-Frank Act.¹ The rule requires lenders to collect and report data about their small business lending activities, with the purpose of facilitating enforcement of fair lending laws with respect to women-owned, minority-owned, and small businesses. The 888- page rulemaking has been long-awaited by industry participants and advocacy groups. Indeed, the CFPB issued the rule just one day before its court-mandated deadline for finalization, and over 12 years after Congress passed the Dodd-Frank Act and directed the CFPB to implement small business data collection rules.

The final rule's requirements are extensive, and implementation may present a number of operational challenges. Covered institutions that are experienced with the Home Mortgage Disclosure Act's (HMDA) reporting requirements for mortgage loans may be better positioned to implement the small business data collection rule's requirements, although implementation likely will be a complicated, lengthy process for all covered institutions. The CFPB seems to recognize that implementing business processes, policies, and procedures to comply with the data collection rules will require significant time and resources, and the final rule sets forth a tiered implementation schedule based on the number of small business loans a lender originates.

Lenders will be required to start collecting the required data on various dates between October 24, 2024, and January 1, 2026.

This article discusses the background of the final rule and spotlights some of the new rule's key requirements, including which institutions are covered, the data points institutions will be required to collect and report, and significant changes made to the final rule from the CFPB's 2021 proposed version of the rule.

Background

The origin of the small business data collection rule traces back to 2010 and the passage of the Dodd-Frank Act. Section 1071 of the Dodd-Frank Act amended the Equal Credit Opportunity Act (ECOA) to require creditors to collect, and report to the CFPB, certain information designed to effectuate federal fair lending laws with respect to women-owned, minority-owned, and small businesses. It was not clear at the time whether the Section 1071 data collection obligations were self-executing or if the CFPB was required to promulgate implementing regulations prior to the data collection requirements becoming effective. On April 11, 2011, the CFPB's general counsel issued the Bureau's first piece of industry guidance, indicating that obligations under Section 1071 would not take effect until the Bureau issued implementing regulations, which he indicated it would do "expeditiously." Despite this statement, however, the small business data collection rulemaking appeared only sporadically on the Bureau's regulatory agenda throughout the ensuing decade, each time without a proposed rule ever materializing.

The CFPB's delay in beginning the rulemaking process to implement Section 1071 did not go unnoticed by consumer advocacy groups. In 2019, two community groups and two individuals filed suit to compel the agency to carry out the required rulemaking. This suit culminated in a February 2020 settlement, under which the CFPB committed to a timeline for the 1071 rulemaking. In September 2021, the Bureau issued a proposed rule to implement Section 1071 of the Dodd-Frank Act. Approximately 2,100 comments were submitted in response to the proposed rule. And on March 30, 2023, the CFPB issued the final rule. Certain key aspects of the final rule are highlighted below.

Key Terms and Definitions

What Types of Credit Transactions and Applications Are Covered?

A covered credit transaction under the final rule generally aligns with the existing definitions of "credit" and "business credit" under ECOA and its implementing regulation, Regulation B. Under ECOA and Regulation B, "credit" is defined as "the right granted by a creditor to an applicant to defer payment of a debt, incur debt and defer its payment, or purchase property or services and defer payment therefor."2 Under the final rule, covered business credit transactions include loans, lines of credit, credit cards, merchant cash advances, and credit products used for agricultural purposes. There are a number of excluded transaction types, including, but not limited to, trade credit, HMDA-reportable transactions, insurance premium financing, incidental credit, factoring, true leases, purchases of a credit transaction, purchases of an interest in a pool of credit transactions, and purchases of a partial interest in a credit transaction, such as a participation interest. Some of these exclusions—such as incidental and trade credit—mirror exclusions already found in Regulation B, while other exclusions are unique to the new rule.

One nuanced aspect of the final rule is that it treats true leases differently from finance leases that create a security interest. Finance leases that create a security interest are treated as covered credit transactions, while true leases are excluded transactions. For purposes of the final rule, an excluded lease is defined as a transfer from one business to another of the right to possession and use of goods for a term, and for primarily business or commercial (including agricultural) purposes, in return for consideration. In contrast, a sale on approval or a sale or return, or a transaction resulting in the retention or creation of a security interest that otherwise meets Regulation B's definition of credit, is a covered credit transaction.

A covered financial institution is required to collect and report data on applications for covered credit transactions from small businesses. A "covered application" is defined as an oral or written request for a covered credit transaction that is made in accordance with procedures used by the financial institution for the type of credit requested. Although this definition is generally consistent with the general definition of "application" under Regulation B, certain circumstances that are considered "applications" under Regulation B are not considered applications for purposes of the small business data collection rule. Specifically, covered applications under the final rule do not include:

Requests for reevaluation, extension, or renewal on an existing business credit account, unless the request seeks additional credit amounts or a line increase;
Inquiries and prequalification requests; an
Solicitations, firm offers of credit, and other evaluations that the covered financial institution initiates, unless the covered financial institution invites the business to apply for the credit and the small business actually does so.

Who Must Collect and Report Data?

"Covered financial institutions" are required to collect and report data to the CFPB under the final rule. A "covered financial institution" is any partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity that engages in any financial activity, and that originated at least 100 covered originations in each of the two preceding calendar years. Covered financial institutions include depository institutions, online lenders, platform lenders, community development financial institutions, lenders involved in equipment and vehicle financing, farm credit system lenders, commercial finance companies, merchant cash advance providers, governmental lending entities, and nonprofit lenders. In fact, there are limited exclusions based on lender type—so long as a lender originates the requisite number of qualifying small business loans, then it generally will be required to collect and report data under the final rule.

Loan brokers and correspondents that are not covered financial institutions themselves are permitted to collect data on behalf of a covered financial institution. The Official Staff Commentary to the final rule clarifies that third parties such as loan brokers and correspondents do not violate ECOA or Regulation B if they collect information for the purpose of providing it to a covered financial institution under the terms of the final rule, HMDA, or another statute or regulation requiring data collection, even if the broker or correspondent would otherwise be prohibited from collecting the information on its own behalf.

Click here to continue reading . . .

Originally published by The Journal of Federal Agency Action.

Visit us at mayerbrown.com

Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the "Mayer Brown Practices"). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC ("PKWN") is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website. "Mayer Brown" and the Mayer Brown logo are the trademarks of Mayer Brown.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.