The Consumer Financial Protection Bureau (CFPB) published a final rule that sets out data collection requirements on small business lending, under section 1071 of the Dodd-Frank Act. The final rule requires covered financial institutions to collect and report certain data about covered applications from small businesses and allows for the creation of the first comprehensive public database that covers small business lending practices.
The final rule defines a small business as one with gross revenue under USD 5 million in its last fiscal year and is applicable to lenders making over 100 covered small business loans per year, which accounts for more than 95% of the small business loans by banks and credit unions. It covers all entities making over 100 small business loans, which include, but are not limited to, depository institutions, online lenders, platform lenders, community development financial institutions, lenders involved in equipment and vehicle financing, farm credit system lenders, commercial finance companies, merchant cash advance providers, governmental lending entities, and nonprofit lenders. The rule covers diverse forms of credit, including closed-end loans, lines of credit, business credit cards, online credit products, and merchant cash advances by banks, credit unions, and other lenders. A financial institution that is not a covered financial institution may voluntarily collect data under the final rule in certain circumstances. The final rule will come in effect after 90 days following that of its publication in the Federal Register. The compliance date in the final rule differs depending on the number of covered originations that a financial institution originated in 2022 and 2023. Largest lenders, which cover the bulk of the market, are required to collect and report data earlier than smaller lenders:
- Lenders that originate at least 2,500 small business loans must collect data starting October 01, 2024.
- Lenders that originate at least 500 loans must collect data starting April 01, 2025.
- Lenders that originate at least 100 loans must collect data starting January 01, 2026.
- In addition, lenders originating less than 100 loans will be required to adhere to fair lending laws.
The rule provides a streamlined sample form for lenders to collect demographic data from small business credit applicants. CFPB has also provided a Filing Instructions Guide, which contains additional information regarding the submission of data. The final rule requires a covered financial institution to report data points that
- the financial institution generates, such as unique identifier; the application date; the application method; the application recipient; the action taken by the covered financial institution on the application, including why the application was denied if that is the case; and the action taken date.
- are based on information that could be collected from the applicant or an appropriate third-party source. These data points include credit type; credit purpose; the amount applied for; a census tract based on an address or location provided by the applicant; gross annual revenue for the applicant’s preceding fiscal year; a three-digit North American Industry Classification System (NAICS) code for the applicant; the number of people working for the applicant; the applicant’s time in business; and the number of the applicant’s principal owners.
- are based solely on the demographic information collected from an applicant. These data points are the applicant’s minority-owned business status, women-owned business status, and LGBTQI+-owned business status; and the applicant’s principal owners’ ethnicity, race, and sex.
Loans reportable under the Home Mortgage Disclosure Act, or HMDA, will not need to be reported under the small business lending rule. Additionally, the rule is designed to work in concert with rules under the reporting requirements of the Community Reinvestment Act or CRA. The rule allows financial institutions to work with third parties, including industry consortia, to develop services and technologies that will aid in collecting and reporting data. CFPB also plans to provide Application Programming Interfaces, or APIs, in an open-source environment to spur the development of accurate and efficient data reporting tools. CFPB intends to issue a supplementary proposal that would, if finalized, provide additional implementation time for small lenders that have demonstrated high levels of success in serving their local communities, as measured by their performance under relevant frameworks like the Community Reinvestment Act and similar state laws. The small business lending data captured by this rule is expected to give investors and lenders more insights to identify new opportunities that support economic growth, help policymakers measure the effectiveness of any government programs, and provide a data-driven approach to detect potential discrimination.
- Press Release
- Final Rule on Small Business Lending
- Executive Summary of the Final Rule (PDF)
- CFPB Policy Statement (PDF)
- Filing Instructions Guide
Keywords: Americas, US, Banking, Lending, Small Business Lending, Credit Risk, Reporting, Data Collection, Dodd Frank Act, Community Reinvestment Act, HMDA, CFPB
Scott is a Director in the Regulatory and Accounting Solutions team responsible for providing accounting expertise across solutions, products, and services offered by Moody’s Analytics in the US. He has over 15 years of experience leading auditing, consulting and accounting policy initiatives for financial institutions.
Previous ArticleCBB Updates Address Digital Asset and Open Banking Rules
The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.
The European Banking Authority (EBA) recently published a report that recommends enhancements to the Pillar 1 framework, under the prudential rules, to capture environmental and social risks.
As a follow on from its prudential standard on the treatment of crypto-asset exposures, the Basel Committee on Banking Supervision (BCBS) proposed disclosure requirements for crypto-asset exposures of banks.
The Basel Committee on Banking Supervision (BCBS) and the European Banking Authority (EBA) have published results of the Basel III monitoring exercise.
The Prudential Regulation Authority (PRA) recently issued a few regulatory updates for banks, with the updated Basel implementation timelines being the key among them.
The U.S. Department of the Treasury has recently set out the principles for net-zero financing and investment.
The European Commission (EC) launched a stakeholder survey on the draft International Guiding Principles for organizations developing advanced artificial intelligence (AI) systems.
The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.
Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.
The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.