[ad_1]
The Consumer Financial Protection Bureau (“CFPB”) has
issued the long-awaited Small Business Lending Rule (“Final
Rule”), which implements the small business lending data
collection requirements set forth in section 1071 of the Dodd-Frank
Act. Under the Final Rule, covered financial institutions are
required to collect and report information about the small business
credit applications they receive, including geographic and
demographic data, lending decisions, and the price of credit.
A summary of the Final Rule is set forth below, including when
compliance is required. The applicable compliance date will depend
on the number of covered originations that a covered financial
institution originated in 2022 and 2023.
I. Key Definitions
Covered Financial Institution
The Final Rule applies to “covered financial
institutions.” As defined in Section 1002.105(a), a
“financial institution” is any entity that engages in
financial activity and includes both depository institutions and
non-depository institutions such as online lenders, platform
lenders, lenders involved in equipment and vehicle financing
(captive financing companies and independent financing companies),
and commercial finance companies. A “covered financial
institution” is defined in Section 1002.105(b) as a financial
institution that originated at least 100 covered credit
transactions for small businesses in each of the two preceding
calendar years.
Small Business
Section 1002.106(b) defines a “small business” as
having the same meaning as a “small business concern” in
the Small Business Act (“SBA”) and that had gross annual
revenue in the prior calendar year of $5 million or
less.1 The gross revenues threshold is to be adjusted
for inflation every five years. Additionally, non-profit
organizations and governmental entities are not small businesses
pursuant to the Final Rule because they do not satisfy the
SBA’s definition of small business concern. Therefore, covered
financial institutions are not required to report data regarding
applications from such businesses and entities.
Covered Application
A “covered application” is an oral or written request
for a covered credit transaction that is made in accordance with
procedures used by the financial institution for the type of credit
requested. Excluded from that definition pursuant to Section
1002.103(b) are (1) reevaluation, extension, or renewal requests on
an existing business account, unless the request seeks additional
credit, and (2) inquiries and prequalification requests.
Covered Credit Transaction
Generally, a “covered credit transaction” is an
extension of business credit under Regulation B. Section 1002.104
defines a “covered credit transaction” as an extension of
credit primarily for business or commercial (including
agricultural) purposes, but excluding (1) trade credit, (2)
transactions reportable under the Home Mortgage Disclosure Act
(“HMDA”), (3) insurance premium financing, (4) public
utilities credit, (5) securities credit, and (6) incidental
credit.
Covered Origination
A “covered origination” is a covered credit
transaction that the financial institution originated to a small
business. The term “covered origination” is used to
determine institutional coverage (i.e., whether a financial
institution is a covered financial institution) and the applicable
compliance date (discussed below).
II. Requirements to Collect and Report Data
Pursuant to the Final Rule, a covered financial institution is
required to collect and report certain data regarding reportable
applications (i.e., covered applications from small
businesses).
First, the Final Rule requires a covered financial institution
to report data points that the financial institution generates. For
all reportable applications, these data points include:
- A unique identifier;
- The application date;
- The application method (i.e., the means by which the applicant
submitted its application); - The application recipient (indicating whether the application
was received directly, or indirectly via an unaffiliated third
party); - The action taken by the covered financial institution on the
application; and - The action taken date.
Please note that for reportable applications that are denied,
there is an additional data point for denial reasons. As for
reportable applications that are approved but not accepted or that
result in an origination, there are additional data points for the
amount approved or originated and for pricing information.
Second, the Final Rule requires a covered financial institution
to report data points based on information that could be collected
from the applicant or an appropriate third-party source (e.g.,
business information products). These data points include
information specifically related to the credit being applied for
and information related to the applicant’s business. These data
points include:
- Credit type;
- Credit purpose;
- The amount applied for;
- A census tract based on an address or location provided by the
applicant; - Gross annual revenue for the applicant’s preceding fiscal
year; - A three-digit North American Industry Classification System
(“NAICS”) code for the applicant; - The number of people working for the applicant;
- The applicant’s time in business; and
- The number of the applicant’s principal owners.
Third, the Final Rule requires a covered financial institution
to report certain data points based solely on the demographic
information collected from an applicant. These data points are:
- The applicant’s minority-owned business status, women-owned
business status, and LGBTQI+-owned business status; and - The applicant’s principal owners’ ethnicity, race, and
sex.
Please note that a covered financial institution is required to
ask an applicant to provide this demographic information, and to
report the demographic information solely based on the responses
that the applicant provides for purposes of the Final Rule.
However, a covered financial institution cannot require an
applicant or other person to provide this demographic information.
Covered financial institutions are not required or permitted to
report these data points based on visual observation, surname, or
any other basis (including demographic information provided for
other purposes).
Additionally, the Final Rule requires a covered financial
institution to inform an applicant that the financial institution
is not permitted to discriminate on the basis of an applicant’s
responses about its minority-owned, women-owned, or LGBTQI+-owned
business status, on the basis of responses about any principal
owner’s ethnicity, race, or sex, or on the basis of whether the
applicant provides this information. Covered financial institutions
also must inform an applicant that the applicant is not required to
answer the financial institution’s inquiry about the
applicant’s minority-owned, women-owned, and LGBTQI+-owned
business statuses, or the inquiries about the principal owners’
ethnicity, race, or sex.
Lastly, covered financial institutions must maintain procedures
to identify and respond to signs of potential discouragement,
including low response rates for applicant-provided data.
III. Reporting Data to the CFPB
The data required to be collected under the Final Rule is to be
reported by each covered financial institution to the CFPB
annually. The data is due on or before June 1 following the
calendar year for which data are compiled and maintained, and is to
be submitted on a small business lending application register in
the format prescribed by the CFPB. An authorized representative of
the covered financial institution with knowledge of the data must
certify to the accuracy and completeness of the data reported.
IV. Requirements to Limit Access to Certain Data
The Final Rule implements the statutory requirement to limit
certain persons’ access to certain data (i.e., the firewall).
Employees and officers of a covered financial institution or its
affiliate are prohibited from accessing an applicant’s
responses to the required inquiries regarding the applicant’s
minority-owned, women-owned, and LGBTQI+-owned business statuses
and regarding its principal owners’ ethnicity, race, and sex if
that employee or officer is involved in making any determination
concerning the applicant’s covered application.
This prohibition does not apply to an employee or officer if the
covered financial institution determines that the employee or
officer should have access to one or more applicants’ responses
to these inquiries, and the covered financial institution provides
a notice to the applicants whose responses will be accessed.
V. Recordkeeping Requirements
The Final Rule has recordkeeping requirements, including a
requirement to retain copies of small business lending application
registers and other evidence of compliance for at least three
years. It also includes a requirement to maintain an
applicant’s responses to the Final Rule’s required
inquiries regarding an applicant’s minority-owned, women-owned,
and LGBTQI+-owned business statuses and regarding principal
owners’ ethnicity, race, and sex separate from the rest of the
application and accompanying information.
VI. Grace Period
The Final Rule includes a transitional provision that financial
institutions may use to determine the number of covered
originations they originated in 2022 and 2023. A financial
institution may rely on the transitional provision to determine the
number of its covered originations for 2022 and/or 2023 if the
institution did not collect sufficient information to determine if
some or all borrowers were small businesses pursuant to the Final
Rule or if such information is not readily accessible.
VII. Safe Harbors and Other Provisions
The Final Rule also includes provisions regarding enforcement,
bona fide errors, and safe harbors. It has safe harbors for certain
incorrect entries of census tracts, NAICS codes, and application
dates. It also has a safe harbor regarding incorrect determinations
of small business status, covered credit transactions, and covered
applications.
VIII. Compliance Dates
The dates by which a covered financial institution is initially
required to comply with the requirements of the Final Rule are
based on the number of covered credit transactions originated in
2022 and 2023. The breakdown is as follows:
- 114(b)(1). A covered financial institution that originated at
least 2,500 covered credit transactions for small businesses in
each of calendar years 2022 and 2023 shall comply with the
requirements beginning October 1, 2024. - 114(b)(2). A covered financial institution that is not subject
to (b)(1) above and that originated at least 500 covered credit
transactions for small businesses in each of calendar years 2022
and 2023 shall comply with the requirements beginning April
1, 2025. - 114(b)(3). A covered financial institution that is not subject
to (b)(1) or (2) above and that originated at least 100 covered
credit transactions for small businesses in each of calendar years
2022 and 2023 shall comply with the requirements beginning
January 1, 2026. - 114(b)(4). A financial institution that did not originate at
least 100 covered credit transactions for small businesses in each
of calendar years 2022 and 2023 but subsequently originates at
least 100 such transactions in two consecutive calendar years shall
comply with the requirements, but in any case, no earlier than
January 1, 2026.
IX. Conclusion
The CFPB has stated that it intends to focus its supervisory and
enforcement activities in connection with the Final Rule on
ensuring that lenders do not discourage small business loan
applicants from providing responsive data, including responses to
the requests to provide demographic information about their
ownership. Therefore, financial institutions covered by the Final
Rule should further study and begin implementing this rule as soon
as possible.
This advisory is a general overview of the Final Rule and is not
intended as legal advice. The Final Rule is very detailed and must
be reviewed in its totality.
Footnote
1. A “small-business concern” is generally a
business deemed to be one which is independently owned and operated
and which is not dominant in its field of operation. 15 U.S.C.
632.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
[ad_2]
Source link