In March, the CFPB amended Reg B to implement Section 1071 of the Dodd-Frank Act and require financial institutions to collect, maintain and submit data on credit applications for women-owned, minority-owned and small businesses to support enforcement of fair lending laws.
Section 1071 applies to financial institutions that originated at least 100 covered originations to small businesses in each of the two preceding years. To determine the number of covered originations for 2022, 2023 or both years, the financial institutions can count originations for the last quarter of calendar year 2023 and annualize the information to determine the number of its covered originations, according to these definitions:
Covered small business – $5 million or less in gross annual revenue for its preceding fiscal year, as reported by the applicant. Non-profit organizations and government entities are exempt. After January 1, 2025, the CFPB will adjust the gross annual revenue threshold for inflation every five years.
Covered credit transaction – an extension of small business credit under Reg B, including loans, lines of credit, credit cards, merchant cash advances and credit products used for agricultural purposes. There are certain business credits which are excluded as detailed in the final rule.
Covered origination – small business credit transaction originated by the financial institution, including refinancings; however, extensions, renewals and other changes to existing transactions are not covered originations even if they increase the credit line or credit amount of the existing transaction.
Applications not covered – data from the following is not required to be collected or reported:
- Inquiries and prequalification requests
- Solicitations, firm offers of credit and other evaluations initiated by the financial institution, unless it invites a business to apply, and the business does so
Reportable data – specific data points that must be reported include:
- Unique identifier
- Application date, method and recipient
- Date and action taken on the application
- Credit type and purpose
- Amount applied for
- Census tract based on an address or location provided by the applicant
- Gross annual revenue for the applicant’s preceding fiscal year
- Applicant’s three-digit NAICS code, time in business, number of principal owners and number of people working for the applicant
Additionally, financial institutions are required to ask for the applicant’s minority-, women- and LGBTQI+-owned business status and principal owners’ ethnicity, race and sex. However, they cannot require the applicant to provide the demographic information or discriminate based on the response or lack thereof.
Important deadlines.
Below are the dates institutions must begin collecting data, based on the number of covered originations:
- October 1, 2024: At least 2,500 covered originations in both 2022 and 2023
- April 1, 2025: At least 500 covered originations in both 2022 and 2023, fewer than 2,500 covered originations in both 2022 and 2023, and at least 100 covered originations in 2024
- January 1, 2026: At least 100 covered originations in both 2024 and 2025 and no more than 500 covered originations in both 2022 and 2023
Keep in mind the above dates are the deadlines to begin collecting the data; it must be reported to the CFPB by June 1 of the year following the calendar year in which it is collected.
Will small banks be exempted?
At the end of April, the ICBA sent a comment letter to the CFPB noting that “a failure to exempt community banks from this burdensome data collection requirement will result in a decrease in access to credit for small businesses, particularly with respect to small dollar loans” and asking the CFPB to exempt all banks below a $1.384 billion asset threshold. If the CFPB determines that’s not feasible, the ICBA recommended all banks with an “outstanding” or “satisfactory” CRA rating that are considered to be “small” or “intermediate” banks be exempt because they have a demonstrated track record of serving the needs of low- and moderate-income customers and small businesses in their communities.
Bank leadership should take action now.
Review commercial lender training and knowledge base to ensure processes to collect and store data are followed, particularly as it relates to applicant demographic information. Moreover, IT firewalls should be implemented to ensure no one involved in the decision-making process has access to that demographic information, as it cannot be used to approve or deny credit.
We anticipate additional scrutiny by regulators and advocacy groups related to the importance of data integrity, privacy and equal access to credit. Talk with your Rehmann advisor to learn more about how we can help your organization prepare now to meet approaching reporting requirements and deadlines.