The CFPB today issued its long-awaited proposal for implementing Section 1071 of the Dodd-Frank Act, which concerns the collection of credit application data for small businesses, including women-owned and minority-owned small businesses. The extensive 913-page proposal would require lenders to report: the amount and type of small business credit applied for and extended; the race, ethnicity and sex of the small business owners; and several key elements of the price of the credit offered. A lender’s employees or officers who are involved in considering a small business application would be prohibited from accessing the business’s demographic information, unless the lender determines that such a “firewall” is infeasible.
The rule would apply to financial institutions, including banks, credit unions and nonbanks, that originate at least 25 credit transactions in each of the two preceding calendar years that meet the definition of “business credit” under Regulation B and that involve “small businesses”—which the bureau would define as businesses with $5 million or less in gross annual revenue for the business’ preceding fiscal year. Products subject to the 1071 rule would include business and agricultural-purpose loans, lines of credit, credit cards and merchant cash advances. The proposed rule does not provide an asset-based carve-out for banks or any other general exemptions for particular categories of financial institutions.
Lenders would be required to collect data on a calendar-year basis and report it to the CFPB by June 1 of the following year. They would also be required to retain evidence of compliance, including a copy of small business lending application registers, for at least three years. The bureau will make the data available annually to the public on its website, and is seeking comment on a balancing test it will apply to determine whether any information should be redacted from the public data set to protect privacy of small businesses.
When finalized, compliance would not be required for 18 months after publication in the Federal Register, and the bureau proposed allowing lenders to voluntarily collect the demographic data one year before the compliance deadline. The American Bankers Association is currently reviewing the proposed rule and will submit a comment letter to the bureau. Comments are due 90 days after the proposal is published in the Federal Register.