Since the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) in 2010, there have been significant compliance impacts for financial institutions, including the creation of the Consumer Financial Protection Bureau (CFPB). One of the more significant sections of Dodd-Frank that has been looming since the passage of the Act is Section 1071 requiring small business loan data collection.
Dodd-Frank Section 1071 amends the Equal Credit Opportunity Act and its implementing Regulation B. The CFPB issued the Small Business Lending Rule (Rule) to amend Regulation B by adding Subpart B – Small Business Lending Data Collection. The Rule is intended to increase transparency in small business lending, promote economic development and combat unlawful discrimination.
Three primary definitions have an impact on how the Rule will affect financial institutions: covered financial institution, covered credit transaction and small business.
The CFPB has defined a covered financial institution as a financial institution that has originated at least 100 covered credit transactions to small businesses in each of the two preceding calendar years.
A covered credit transaction is defined as a transaction that meets the definition of business credit under existing Regulation B (extensions of credit primarily for business or commercial, including agricultural, purposes) with some exclusions. This includes small business loans, lines of credit, credit cards, merchant cash advances and credit for agricultural purposes. However, even if the credit satisfies the definition of business credit, the following transactions are not considered a covered credit transaction:
- Trade credit, which is a financing arrangement wherein a business acquires goods or services from another business without making immediate payment in full to the business providing the goods or services;
- Home Mortgage Disclosure Act (HMDA) — reportable transactions;
- Insurance premium financing, which generally is a financing arrangement wherein a business agrees to repay a financial institution the proceeds advanced to an insurer for payment of the premium on the business’s insurance contract and wherein the business assigns to the financial institution certain rights, obligations, and/or considerations in its insurance contract to secure repayment of the advanced proceeds;
- Public utilities credit as defined in Regulation B;
- Securities credit as defined in Regulation B; and
- Incidental credit as defined in Regulation B, without regard to whether the credit is extended to a consumer, by a creditor, or whether the credit is consumer credit.
In the Rule, a small business has the same meaning as the term “small business concern” according to the Small Business Administration (SBA)1 and had $5 million or less in gross annual revenue (GAR) for its preceding fiscal year. Non-profit organizations and governmental entities are not small businesses pursuant to the Rule because they do not satisfy the SBA’s definition of small business concern.
In addition to these definitions, the Rule includes required data points that financial institutions will need to collect. Several data points mirror those collected for HMDA including application method, credit purpose, and action taken to name a few. Others are new and specific to small business loans including GAR, North American Industry Classification System (NAICS) code, number of workers and time in business, among others. The new data collection process also includes the collection of demographic information specifically related to women-owned, minority-owned, and LGBTQI+ statuses.2
The largest lenders are required to collect and report data earlier than smaller lenders. Specifically:
- Lenders that originate at least 2,500 small business loans annually must collect data starting Oct. 1, 2024.
- Lenders that originate at least 500 loans annually must collect data starting April 1, 2025.
- Lenders that originate at least 100 loans annually must collect data starting Jan. 1, 2026.
What does the Rule mean for your financial institution? There are several potential challenges arising from the Rule. While these challenges are not insurmountable, your institution should begin planning now for the creation and implementation of the necessary infrastructure to ensure a smooth implementation. Some areas for consideration are as follows:
- Because this is a new rule, it may take time for your vendors and/or information technology department (IT) to update your loan origination system (LOS) to collect the required data points. You will want to allow plenty of time for system testing.
- Your institution will need a separate and distinct data collection, analysis, and reporting process. While the process will most likely mirror your institution’s HMDA processes, additional monitoring and analysis for fair lending purposes will need to be implemented.
- Additional training and procedures will be needed for commercial/small business lenders, including establishing a standardized business loan application to ensure all lenders are collecting complete and accurate information for reporting. It will be imperative to ensure use of the standardized application becomes routine.
- Data integrity will be key!
- The additional data will allow regulatory agencies and consumer groups to review and assess your institution’s small business lending practices.
As stated earlier, the challenges presented by the Rule are not insurmountable. To mitigate the impacts of these challenges, it is imperative that you conduct an assessment to determine the institution’s level of preparedness. Consider the following key action items:
- Ensure your institution’s change management process is operating with full efficacy to capture the changes necessary for complying with the new Rule.
- Examine your institution’s internal policies, procedures, and practices and determine if your institution is considered a covered financial institution.
- Review and develop an understanding of the covered credit transaction and small business definitions. Determine how these definitions align with your institution’s current internal policies, procedures and definitions and adjust where necessary.
- Review the data collection chart published with the Rule and make sure all stakeholders in your institution understand the amount and type of data the CFPB wants your institution to collect and report.
- Perform an assessment of data currently collected by your institution for business-purpose loans, specifically small business financing, and compare that data to the data required to be collected. Determine what changes, if any, need to be made and work with your LOS vendor and/or your IT department to begin the development of those changes. Remember, changes in data collection may have downstream effects, so this process should begin as soon as possible if it has not started already.
- Review and assess your existing fair lending program, policies, and procedures and amend as necessary to include review and analysis of the Section 1071 data. Your regulator(s) will be doing this; be proactive so that you know what your data shows.
- Remember that while the effective date is in the future, objects are closer than they appear.
Now that the Rule is in place, the gray clouds of speculation that have hovered over financial institutions since 2010 are breaking up. By being diligent in preparation and leaning on existing HMDA best practices for data collection and reporting, financial institutions will be able to strengthen their compliance and fair lending programs and processes to accurately collect and report data required by Section 1071 looking up to sunny skies ahead.
John is a manager at CrossCheck Compliance, LLC and a regulatory compliance and audit professional with over 20 years of experience in banking, mortgage banking and as a regulator. Most recently, he was the Director of Regulatory Change Management at Freedom Mortgage. John has also held various audit roles at USAA and U.S. Bancorp. His career began at the Federal Reserve Bank of Minneapolis as a financial analyst and then an examiner, leading regulatory compliance examinations for state member banks. John can be reached at jpace@crosscheckcompliance.com.
1 The SBA defines a small business concern as: “including but not limited to enterprises that are engaged in the business of production of food and fiber, ranching and raising of livestock, aquaculture, and all other farming and agricultural related industries, shall be deemed to be one which is independently owned and operated and which is not dominant in its field of operation.”
2 The CFPB published a Small Business Lending Rule Data Points Chart on its website which includes all 81 data points and reporting and filing guidance, similar to the HMDA Filing Instructions Guide (FIG).
