Update: Since this article was originally drafted, a federal judge has granted a preliminary injunction in a lawsuit filed against the Consumer Financial Protection Bureau. The injunction provides plaintiffs relief from the enforcement of the agency's small-business data collection rule until after the Supreme Court decides next year on whether the bureau's funding is constitutional.
In an effort to promote fairness, transparency and accountability, the CFPB rule creates new reporting requirements for small-business lenders. Under the new rule, small-business lenders must now collect and report information regarding all small-business credit applications they receive, including business credit cards. The rule now covers traditional banks, credit unions and nonbank financial institutions that originate a minimum of 100 loans annually.
In order to support the new requirements, small-business lenders need to assess processes, procedures, and technology now to be prepared to comply by the effective date, an effort that will impose a significant cost and a process burden on them.
In our world of ever-changing technology and compliance, it is important for regulators to craft regulations that protect consumers and the financial system, while at the same time taking advantage of new technologies and leveraging existing processes, data and reporting. This will help lessen the burden on lenders as they work to balance the need for making internal adaptations and changes to keep up with the new rules and regulations, while also meeting the needs of their customers and staying competitive in an expanding industry.
With the myriad of institution types in the market today regulators should consider not only the size of an institution (community, de novo, regional, etc.) but also the technology and platforms used across the industry. Many run legacy mainframe systems, which make it more difficult and costly to respond quickly to regulatory changes. This makes it important to have time to determine if short-term workarounds can be implemented until permanent solutions can be developed.
Phased implementation is the key to a synchronized implementation. The final rule introduces a staged implementation process, determined based on the number of covered originations made by each institution in 2022 and 2023.
For example, if a financial institution originated at least 2,500 covered originations in both 2022 and 2023, it must begin data collection and comply with the final rule by Oct. 1, 2024. These lenders have been given less than 18 months to gather and report on an extensive array of data concerning small-business lending. This includes the areas of records, reporting and data collection. The required data collection includes information on the racial, ethnic and gender composition of small-business loan recipients, their geographic location, lending decisions and credit pricing. Financial Institutions must report 81 data points to the CFPB by June 1 of the year following the calendar year in which the data was collected.
While the regulators have tried to make it a staged implementation process, lenders will still have a heavy lift without systems that offer flexibility and data extensibility, enabling them to incorporate an unlimited number of custom attributes, tags and attachments. Having this capability will allow them to input and store additional fields related to customers, accounts and specific transactions.
In writing rules that require reliance on modern technologies for compliance, regulators should look for ways to incorporate use of this technology into their rulemakings. Yes, there could be an upfront financial burden for institutions, but this investment will pay dividends down the road.