Scope of CFPB small-business loan data requirements worries banks

The Consumer Financial Protection Bureau backtracked on a suggestion that the agency made during the Trump administration that it would exempt a significant chunk of community banks from small-business loan reporting requirements, sparking concern among industry representatives that the rule will be too broad.

The agency released a long-awaited proposal Wednesday mandated by Congress that would force banks and other lenders to collect and send data meant to identify discrimination and barriers to credit in small-business lending.

The 918-page notice of proposed rulemaking would require data on a wide range of credit products including term loans, lines of credit, credit cards and merchant cash advances.

Data on loans to small businesses is currently very limited, an issue the CFPB said became apparent during the COVID-19 pandemic and the rush to provide loans through the Paycheck Protection Program.

"We don't know enough about whether small businesses have fair access to the capital they need to generate new jobs and grow the American economy," acting CFPB Director Dave Uejio said on a conference call with reporters. "Without this information, we cannot reach our potential economic growth as a nation, as we saw all too recently in the original design and implementation of the Paycheck Protection Program."

The CFPB characterized the small business data collection — required by Section 1071 of the Dodd-Frank Act — as similar to mortgage data reported under the Home Mortgage Disclosure Act.

But banks have largely resisted any expansion of data collection including for women- and minority-owned small businesses by claiming it requires too much paperwork and is a regulatory burden.

The CFPB released a long-awaited proposal Wednesday mandated by Congress that would force banks and other lenders to collect and send data meant to identify discrimination and barriers to credit in small-business lending.
The CFPB released a long-awaited proposal Wednesday mandated by Congress that would force banks and other lenders to collect and send data meant to identify discrimination and barriers to credit in small-business lending.
Bloomberg News

"Financial institutions and their vendors will also have to make significant changes to their systems and processes to meet new 1071 data collection and reporting requirements," said Richard Hunt, president and CEO of the Consumer Bankers Association, in a statement. "The complexities of collecting and reporting credit application data on women-owned, minority-owned, and small businesses under Section 1071 cannot be overstated due to the nature of small business lending and the ways these applications are processed."

Under the proposed rule, the CFPB would require lenders originating 25 or more small-business loans to report data on credit applicants, including businesses owned by women and minorities. The CFPB said the data would shed light on whether lenders are meeting borrowers' needs.

Yet that threshold will lead to a significantly broader scope of institutions subject to the requirements than former CFPB Director Kathy Kraninger had outlined last year. The CFPB under the Trump administration said last year that it was considering whether to exempt lenders with under $100 million or $200 million of assets.

Community banks are not pleased with the changes because they "would apply to far too many community banks," said Rebeca Romero Rainey, president and CEO of the Independent Community Bankers of America.

“The bureau’s proposal — covering community banks that originate 25 loans or more — would ensnare even the smallest community banks in rural and other underserved areas, where barriers to credit should be reduced," said Romero Rainey. "Imposing any new data collection and reporting requirements on community banks would harm small-business lending at the very time local businesses are working to recover from the COVID-19 pandemic."

The CFPB described in its proposal how a number of financial institutions including community banks, credit unions, vendor finance and dealer-related institutions requested exemptions from the proposed rule — and why it favored keeping the scope of the rule broad.

"The Bureau does not believe that the request made by several trade association stakeholders to take a more limited approach to scope — including the various limitations on the coverage of certain types of financial institutions and products — would be consistent with the statutory purposes of section 1071," the CFPB said in the proposal.

Uejio also said that he plans to use the discretion given to the CFPB by Congress in the Dodd-Frank Act to gather basic information about the cost of credit.

The CFPB also said in the proposal that it is concerned that financial institutions may be compelled to raise the cost of credit or originate fewer small business loans depending on how it defines small businesses.

"We want to understand more about the kinds of credit applications lenders receive, how they respond to credit applications, and what credit is given," he said.

The CFPB also released a chart of 23 proposed data points to be collected including the loan amount, whether the loan was approved or denied, pricing information, and the race, ethnicity and sex of the small-business loan applicant.

Although banks currently provide lending data in call reports, that data only captures the outstanding number and amount of loans held on bank balance sheets, not the flow of loans.

For more than a decade, the CFPB essentially held off from starting the small business data collection, in part, because the Equal Credit Opportunity Act prohibits collecting race and gender information from small businesses.

The CFPB dragged its feet for so long that it was sued in 2019 by the California Reinvestment Coalition, which resulted in a settlement last year.

As a result of the settlement, the CFPB convened a small business review panel last October after releasing an outline in September of its proposal to implement section 1071 of Dodd-Frank.

Banks already are advocating for a phased-in implementation of any final rule. Banks also are expected to ask for limits on the number of data points required by claiming the collection of data would create "unintentional impediments to small business credit access," Hunt said.

Still, the CFPB said in its proposal that it is trying to reduce the compliance burden on banks through its definition of what constitutes a small business. The bureau said it is seeking approval from the Small Business Administration to define a small business based on a $5 million gross annual revenue size standard, which would reduce the need for many financial institutions to make changes to compliance management systems.

"The Bureau believes that it will reduce burden for financial institutions, particularly those without sophisticated compliance management systems or familiarity with SBA lending, to comply with a gross annual revenue size standard for the section 1071 small business definition that better aligns with current lending practices," the CFPB said.

If finalized, the CFPB's proposed rule would create the first comprehensive database of small business credit applications in the U.S. The data submitted by financial institutions would be made available to the public annually and on the bureau’s website, though the data would be subject to modifications and deletions to protect privacy, the CFPB said.

Privacy issues have been such a concern that the CFPB said it is proposing a “balancing test” that would assess the risks and benefits of public disclosure. After at least one full year of data is reported, the CFPB said it plans to issue a policy statement that will describe its intended modifications and deletions.

The bureau also is proposing that publication of the data would satisfy financial institutions’ statutory obligation to make data available to the public upon request.

The proposed rule potentially would level the playing field between banks and fintechs since online lenders catering to small businesses also would have to gather the data and build compliance systems.

“There has been a movement of banks pointing at fintechs and saying regulate them, and this could be seen as part of that trend with tools for regulators to go after fintechs in the small-business space,” said Michael Gordon, a partner at Bradley Arant Boult Cummings.

Small-business lending also has been less regulated because most consumer protection laws apply to consumers, not businesses.

But banks will likely raise concerns that the data will result in more enforcement actions for fair-lending violations.

"Banks are going to be worried about the liability if they collect data on demographics, race and gender, and the CFPB will try to make disparate impact or fair-lending cases out of it,” Gordon said. “It’s another fair-lending risk that has to be managed in a whole new way [because the data] gives regulators a lot more ammunition to build fair lending cases."

As part of the proposal, the CFPB has launched a web portal for small-business owners to share their stories about applying for credit. Uejio said he wants to hear from all stakeholders about how the bureau can improve the proposed rule "to make sure the final rule serves the purposes Congress had in mind when it mandated this rulemaking in 2010."

The CFPB said that failing to make small-business lending accessible to all who qualify stifles innovation and competitiveness. It also said the COVID-19 pandemic “highlighted the negative economic impact that occurs when policymakers lack the data to best target financial relief.”

The CFPB is allowing 90 days for the public to comment on the proposal once it is published soon in the Federal Register.

For reprint and licensing requests for this article, click here.
Small business lending CFPB Dodd-Frank Data privacy
MORE FROM AMERICAN BANKER