CFPB Amends Regulation B to Enact Small Business Lending Rule
The CFPB recently issued a final rule (amending ECOA’s Regulation B) that requires financial institutions to collect and report certain demographic data of applications for small business loans. The rule becomes effective 90 days after publication in the Federal Register.
The rule applies to “covered financial institutions” (CFIs), which are financial institutions that originated at least 100 covered credit transactions for small businesses in each of the two preceding calendar years. “Covered credit transactions” refers to extensions of business credit, and excludes certain classes of loans, such as loans defined as “covered loans” under HMDA’s Regulation C. CFIs must collect and report certain demographic information of small business loan applicants, such as whether they are women-owned and/or minority-owned businesses. CFIs also must request this information from applicants at a time and in a manner that is reasonably designed to obtain a response. The rule identifies certain minimum provisions that must be included in applications in order for these procedures to be considered “reasonably designed.”
The rule also requires CFIs to take certain steps to protect the privacy of this data. CFIs must, for example, implement firewalls to shield certain demographic data from underwriters and certain other persons, including any employee or officer involved in making any determination concerning an application.
CFIs are required to collect the applicable data and report it to the CFPB on or before June 1 following the calendar year for which the new rule requires them to compile and maintain the applicable data. The compliance date to begin compiling and maintaining this data, in turn, is staggered according to the number of covered credit transactions a CFI originates. The earliest mandatory compliance date is October 1, 2024, which applies to CFIs that originated at least 2,500 covered credit transactions for small businesses in each of 2022 and 2023.