CFPB to Collect Data on Lending to Small Businesses

The CFPB adopted requirements for collecting small business lending data, including data on applications for credit for small businesses and those that are owned by women or minorities.

The final rule was adopted pursuant to Dodd-Frank Section 1071 ("Small business data collection"). The requirements are in new Subpart B ("Small Business Lending Data Collection") to Regulation B ("Equal Credit Opportunity Act" or "ECOA"). The requirements apply to any entity that has "originated" 100 or more credit transactions to small businesses, as defined under the Small Business Act, in each of the previous two calendar years.

Financial institutions within the scope of the rule, including certain depository institutions and nonprofit lenders, will be required to submit collected data on applications for credit from small businesses. Lenders will be provided with a sample data collection form to reference when collecting demographic data from applicants. The CFPB stated that financial institutions will be required to submit data collection reports to the CFPB on or before June 1 of each calendar year. Financial institutions can submit applicant data on the following:

• credit, such as the (i) type of credit that is being applied for, (ii) the purpose for the credit and (iii) the amount of credit requested;
• "protected demographic information," such as (i) whether the applicant is a minority, women or LGBTQI+-owned business and (ii) the ethnicity, race and sex of the applicant’s principal owners; and
• unique data points created for each applicant on (i) the means by which the applicant submitted their application, (ii) the method by which the financial institution received the application (e.g., via the financial institution directly or indirectly through a third-party service provider), and (iii) the decision made by the financial institution as to the request for credit.

The CFPB published enforcement policy guidance concurrent with the final rule, which states that financial institutions' data requests to applicants must be (i) prominently displayed, (ii) easy for applicants to respond to, and (iii) made prior to notifying the applicant of the lender’s decision on their application for credit.

The final rule and enforcement policy guidance become effective 90 days after publication in the Federal Register.

The CFPB stated that it is adopting a tiered compliance schedule in anticipation of challenges these requirements pose for smaller and mid-sized lenders. Covered financial institutions are required to comply with the final rule by (i) October 1, 2024 for those institutions that originate the most covered credit transactions for small businesses, (ii) April 1, 2025 for institutions with a "moderate transaction volume," or (iii) January 1, 2026 for other institutions.

In a statement, CFPB Director Rohit Chopra said that this data will help "detect and deter lending discrimination" and will help give the Community Reinvestment Act "more teeth when it comes to small business lending." Additionally, Mr. Chopra said that he expects the federal banking regulators will "soon finalize new rules that work in tandem with the CFPB’s new small business lending data rule."