On September 1, the CFPB issued a Notice of Proposed Regulatory Proposal (NPRM) to implement Section 1071 of the Dodd-Frank Act, which amended the Equal Credit Opportunity Act (ECOA) to require financial institutions that they collect and report data regarding credit applications made by women-owned, minority-owned and small businesses (we have already discussed the proposed rule in a previous post on the Consumer Finance blog & FinTech here). The proposed regulations are 918 pages long and the CFPB provides both a summary and a table of contents to assist industry participants in their review and comment.
The statutory objectives of Section 1071 are to facilitate the enforcement of fair loan laws by requiring the collection of data on “the race, sex and ethnicity of major business owners.” Among other things, the proposed rule includes the following highlights:
- Covered financial institutions. The NPRM data collection requirements apply to financial institutions that have initiated 25 or more small business covered credit transactions in the previous two calendar years.
- Covered credit transaction. The NPRM requires that covered credit transactions be an “extension of business credit” that is not trade credit, utility credit, securities credit, and collateral credit. Thus, it also includes, among others, loans, lines of credit, credit cards and cash advances to merchants. Factoring, leases, consumer credit used for business purposes and credit secured by certain investment properties are not covered credit transactions.
- Small business. The NPRM borrows from the Small Business Administration’s definition of “small business” and applies to those that had $ 5 million or less in gross annual revenue for its previous fiscal year.
- Data points. A covered financial institution would be required to collect and report certain data points mandated by law. For the collection of self-reported data by the requestor, the financial institution is generally not required to verify the information.
- Implementation period. Comments on the NPRM will be due no later than 90 days after the date of its publication in the Federal Register. Affected financial institutions would be required to report their data on June 1 of the following year. Compliance with the final rule would not be required until approximately 18 months after the publication of the final rule.
Put into practice : The rule proposed by the CFPB illustrates the recent trend – both at the federal and state levels – of substantial compliance and regulatory burdens on financial services companies offering credit to small businesses. For example, the California Department of Financial Protection and Innovation (DFPI) recently proposed new regulations on Unfair, Deceptive, and Abusive Acts and Practices (UDAAP) in relation to small business lending. And while not as extensive as the Section 1071 reporting requirements, the DFPI is also proposing a new reporting requirement for anyone providing business financing to small businesses in California, whether or not they are licensed in. under California Funding Act. As the regulatory review of small business loans appears to be intensifying, it is essential that institutions carefully review and understand any new rules that may impact their operations as part of their compliance process. Small business lenders should be especially concerned as the 1071 data will likely be a launching pad for CFPB and others to embark on supervisory reviews and enforcement action in the near future.