On March 30th, the CFPB’s final rule implementing section 1071 of the Dodd-Frank Act was released.
The final rule amends Regulation B. It requires certain financial institutions to collect and report certain small business loan data. That data includes, among other things, information on minority-owned, women-owned, and LGBTQI+-owned businesses.
What are some important highlights of the rule?
At a high level, financial institutions should remain aware that one of the primary purposes of section 1071 is to facilitate the enforcement of fair lending laws. The new data collection and reporting provisions will result in the creation of the first comprehensive database of small business credit applications in the United States.
The rule impacts “covered financial institutions” that originated at least 100 covered credit transactions for small businesses as defined in the rule in each of the two preceding calendar years. The dates by which covered institutions are required to comply are specified into four categories, with compliance being required the earliest for institutions that originate the most covered credit transactions, as follows:
Tier 1 - A covered financial institution that originated at least 2,500 covered credit transactions for small businesses in each of calendar years 2022 and 2023 shall comply with the requirements of this subpart beginning October 1, 2024.
Tier 2 - A covered financial institution that is not in Tier 1 and that originated at least 500 covered credit transactions for small businesses in each of calendar years 2022 and 2023 shall comply with the requirements of this subpart beginning April 1, 2025.
Tier 3 - A covered financial institution that is not in Tier 1 or Tier 2 and that originated at least 100 covered credit transactions for small businesses in each of calendar years 2022 and 2023 shall comply with the requirements of this subpart beginning January 1, 2026.
Other - A financial institution that did not originate at least 100 covered credit transactions for small businesses in each of calendar years 2022 and 2023 but subsequently originates at least 100 such transactions in two consecutive calendar years shall comply with the requirements of this subpart in accordance with §1002.105(b), but in any case no earlier than January 1, 2026.
The rule includes special transitional provisions, clarification on what applications and transactions are included in the scope, detailed information on what data is to be compiled, firewall provisions, data reporting requirements, and recordkeeping.
So what's a financial institution to do?
An important first step is to review the final rule to determine its applicability to your institution. This should be followed by establishing a project team to work through implementation, which should consider budgeting for additional staff and technological needs.
Sheshunoff clients should also review our recent Compliance Alert – “Regulation B Small Business Lending Data Collection.”
Going forward, institutions should remain cognizant of new resource information that is being provided to support compliance. Sheshunoff will increase content on this topic within the Online Compliance Consulting Dashboard. We anticipate the CFPB will continue to provide resources for support on their Small Business Lending webpage, such as the Sample Data Collection Form that was provided in multiple file formats on April 17, 2023.