Today the Bureau finally released its long-awaited proposed rulemaking on small business lending data collection. Section 1071 of the Dodd-Frank Act mandated that the CFPB collect data about small business lending to facilitate enforcement of fair lending laws.

After ten years of fits and starts on this topic, the Bureau ultimately was pressured by a lawsuit filed against it to make forward progress on a proposal. As we previously reported, a court settlement last year mandated a timeline for the CFPB to take certain steps to initiate a Section 1071 small business lending data collection rulemaking. Among other steps, the settlement required the CFPB to convene a Small Business Advocacy Review panel (“Panel”) by October 15, 2020. The Panel met and provided feedback on the CFPB’s proposals under consideration and released its report in December.

The 918-page proposed rule issued today is the culmination of years of research and CFPB engagement with stakeholders. Below is a brief rundown of how the proposed rule lines up against the Panel’s recommendations, which we previously covered in our January Fair Lending Newsletter:

  • General. The Panel recommended that the Bureau issue implementation and guidance materials, including sample disclosure language. The proposed rule addresses this by offering several appendices, including a sample data collection form and instructions for financial institutions on how to collect and report data.
  • Scope. The Dodd-Frank Act’s amendment to ECOA requires a financial institution to inquire whether a business applicant is a women-owned, minority-owned, or small business. Notwithstanding the plain language of the statute, however, the Bureau is not proposing to require that financial institutions collect and report data regarding applications for women-owned and minority-owned businesses that are not small. Its rationale is that most existing businesses are small businesses, making it likely that nearly all women-owned and minority-owned businesses would already be captured just by covering small businesses. This limitation on scope is something the Panel had recommended that the Bureau continue to explore, but the Bureau decided that limiting the scope to small businesses (as opposed to expanding it to large women-owned and minority owned businesses) is consistent with the purposes of the statute.
  • Lenders covered. Under the statutory definition of “financial institution,” the rule’s data-collection and reporting requirements could apply to a variety of entities that engage in small-business lending. The Bureau decided to define a covered financial institution as one that originated at least 25 credit transactions to small businesses in each of the two preceding calendar years. This exemption based solely on volume of activity may come as a disappointment to institutions that were hoping to be exempted on other grounds, such as asset size.
  • Definition of small business. Section 1071 defines “small business” by reference to the Small Business Administration regulations, but the Bureau had been contemplating a variety of potential ways to simplify the definition for purposes of this rulemaking. As recommended by the Panel, the Bureau is consulting with the SBA Administrator and is seeking approval from SBA to simplify the definition of small business to look to whether the business had $5 million or less in gross annual revenue for its preceding fiscal year.
  • Definitions of women-owned business, minority-owned business, and minority individual. The Panel recommended that the Bureau seek public comment on potential interpretations of these terms to ensure that small-business applicants are able to understand questions based on these definitions. It also recommended permitting applicants to select multiple race and ethnicity categories. The proposed rule contains a data collection form for financial institutions to use, which explains to an applicant the reasons for collecting the information and includes a non-discrimination notice. Financial institutions would be required to ask an applicant to provide demographic information about the applicant’s principal owners or ownership status, but applicants could choose not to answer. If an applicant does not provide any ethnicity, race, or sex information for at least one principal owner, the Bureau is proposing that the institution must collect at least one principal owner’s race and ethnicity (but not sex) via visual observation and/or surname if the institution meets in person or by video with any principal owners.
  • Product coverage. The Bureau is proposing that covered credit products would include term loans, lines of credit and business credit cards. As recommended by the Panel, covered products also would include merchant cash advances, which the Panel believed would further the statutory purposes of section 1071 because they represent an important means of accessing credit for small businesses. Covered credit transactions would not include consumer-designated credit, leases, factoring, trade credit, or public utilities, securities, or incidental credit.
  • Definition of application. Consistent with its earlier outline of proposals, the Bureau is proposing to clarify circumstances that would not be reportable under section 1071, even if they might be considered an “application” for Regulation B purposes, including inquiries/prequalifications, reevaluation, extension, and renewal requests, and solicitations and firm offers of credit. Consistent with the Panel’s recommendation, the Bureau is seeking comment on whether to include line increase requests as a “covered application” and information on how financial institutions currently process requests for a line of credit increase. At least one Panel participant had suggested that treating line increases as reportable applications would require some lenders to make significant changes to how they do business. The Bureau is also proposing to require the collection of data on incomplete or withdrawn applications, which stakeholders said would highlight potential issues of discouragement, level of assistance disparities, or other discriminatory treatment.
  • Statutory data points. A covered financial institution would be required to collect and report certain data points mandated by statute. The proposed rule describes these data points and notes that for the collection of data that is self-reported by the applicant, the financial institution is generally not required to verify the information.
  • Discretionary data points. Although a large majority of industry stakeholders argued against the collection of any additional data points–which the Bureau refers to as “discretionary” because they are within the Bureau’s discretion to adopt–the Bureau’s proposed rule would require the collection of additional data points relating to pricing, time in business, NAICS[1] code, and number of workers. Panelists had been divided about pricing data in particular, with some panelists suggesting that there would be essentially no point to collecting any data if the Bureau does not also require pricing data to put it into perspective, and others arguing that making pricing data public could result in misinterpretations and unjustified fair lending concerns. Ultimately, the Bureau said it believes that each of these discretionary data points would serve the purposes of 1071 and improve the utility of the data for stakeholders. The Bureau also decided that a handful of additional data points would be important to add to this list, including application method, application recipient, denial reasons, and number of principal owners.
  • Timing of data collection. Rather than specifying a particular time period for the collection of section 1071 data, the Bureau is proposing to require a covered financial institution to maintain procedures to collect applicant-provided data at a time and in a manner that is reasonably designed to obtain a response.
  • Underwriter firewall. The Bureau was considering requiring a firewall so that an underwriter does not know of an applicant’s status as a women- or minority-owned business, or of the race, sex, or ethnicity of the principal owners. Given that many smaller institutions might not find a “firewall” feasible, the Bureau’s proposed rule would allow financial institutions to provide a notice to applicants instead of restricting access to demographic information if it is not feasible to maintain a firewall.
  • Applicant’s right to refuse to provide demographic information. As suggested by the Panel, the Bureau developed sample language financial institutions can use to give context as to why applicants are being asked to provide demographic information. Applicants may refuse to provide the information.
  • Compiling, maintaining, and reporting 1071 data. As expected, the Bureau is proposing that data collection and reporting be done on a calendar-year basis, with a three-year retention requirement and a prohibition on including personally identifiable information other than that specifically required.
  • Privacy considerations. To address privacy concerns, the Bureau is proposing to use a balancing test that weighs the risks and benefits of public disclosure of section 1071 data. The Bureau has discretion under ECOA section 704B(e)(4) to modify or delete fields from the public application-level 1071 data where the release of the unmodified data would create risks to privacy interests. The Bureau’s proposed 1071 balancing test would consider the privacy interests of not just applicants, but also related natural persons who might not be applicants (such as principal owners of a business, where a legal entity is the applicant), as well as the privacy interests of financial institutions reporting 1071 data.
  • Implementation period. Annual reporting would generally be due on June 1 of each calendar year; however, compliance with the final rule would not be required until approximately 18 months after the final rule is published. The Bureau explained that it expects to specify a date certain for compliance in the final rule. Depending on when a final rule is issued, that could mean the initial collection of data is on a partial-year basis.

These are just some of the key takeaways of the lengthy proposed rulemaking. Small business lenders should carefully review the proposal and consider whether to submit comments. The comment period is 90 days from the date the notice is published in the Federal Register.


[1] NAICS refers to the 6-digit North American Industry Classification System.