Welcome to the Compliance Cohort. We are a group of compliance professionals working to make compliance easier. Our goal is to take complex compliance concepts and put them in simple terms that apply to the real world. We are glad you have found us and look forward to collaborating in the future.
If you haven't done so already, make sure you sign up for our free membership where you get access to many member-only videos, articles, and other resources.
On September 1, 2021, the Consumer Financial Protection Bureau (Bureau) issued a long-anticipated notice of proposed rulemaking (proposal) to implement a new small business lending data collection and reporting requirement, which was made law by the Dodd-Frank Act over a decade ago. To implement this Dodd-Frank requirement, the CFPB is proposing to add a new section (subpart B) to Regulation B which will ultimately create a HMDA-like data collection and reporting requirement for certain small business loans. This new rule will create a substantial burden for financial institutions who are covered by the rule.
It is important to understand that this is currently only a proposal, as the final rule, when released, will have changes based on any comments received from the industry as well as the public. That said, this rule could have a significant impact on our organization. Therefore, this executive summary is being provided as a proactive measure to inform Senior Management and/or the Board of what may be coming and how it might apply to our organization.
Under the proposal, the new data collection and reporting requirements would apply to our financial institution if we meet the definition of a “covered financial institution,” which is proposed to be determined based on an “origination threshold.” In other words, if the number of qualified loans we originate is over the origination threshold, we would be subject to the new rule. We would satisfy the origination threshold, and thus be a covered financial institution, if we originated at least 25 credit transactions that would be “covered credit transactions” to “small businesses” in each of the two preceding calendar years. (Covered credit transactions to small businesses are discussed below.) There is a small chance that the origination threshold could be a higher number when the final rule is issued, such as 50 or 100 originations, but that seems unlikely as those alternative numbers were considered in the rulemaking process before the proposal and the CFPB intentionally chose 25 as the proposed number.
While figuring out exactly which loans would count toward the origination threshold is quite technical and complicated, the bottom line is that the proposal would count “covered applications” that were made to small businesses who had $5 million or less in gross annual revenue for its preceding fiscal year. This approach could change, but we won’t know until the final rule is released.
For clarification purposes, it is good to point out that the Bureau is specifically proposing that a covered application would not include - and, therefore, not be counted toward the origination threshold of 25, nor require data collection and reporting for - the following:
Reevaluation requests, extension requests, or renewal requests on an existing business credit account, unless the request seeks additional credit amounts; or
Inquiries and prequalification requests.
Under the proposal, a covered financial institution would be required to collect and report certain data each year regarding covered applications from small businesses. The data that must be collected is referred to “data points,” which have been divided up into the following categories:
Data points that financial institutions would generate or provide, such as an application date or denial reasons;
Data points that could be provided by the applicant (or that could be determined by reviewing information provided by the applicant or a third party) such as the credit amount applied for and information related to the applicant’s business; and
Data points that address the demographics of the applicant’s principal owners or ownership status such as equal credit opportunity or government monitoring information.
Unfortunately, these data collection and reporting requirements will be extremely complex and are going to be fairly similar to HMDA requirements (but for small businesses). The bottom line is this will be a significant burden to those who are subject to the final rule. And yes, it will be possible for a financial institution to be subject to this rule even if they aren’t a HMDA reporter as the tests to determine applicability for each rule are entirely different.
In conclusion, this proposed rule could have a significant impact on our organization if it applies to us. Basically, this rule will be “HMDA for small business loans” and will most likely be just as challenging and difficult as HMDA. As the rule is required by the Dodd-Frank Act, it is unlikely that this rule will be going away. Therefore, it will be important for our financial institution to be ready to implement this new, burdensome rule when it is finalized. The CFPB is proposing that compliance with the final rule would not be required until approximately 18 months after it is released, so we will have some time, but the amount of work this will take to implement appears to be substantial.
