CFPB Introduces New Data Requirements for Small Business Lending

May’s Supreme Court ruling was a victory for the Consumer Financial Protection Bureau (CFPB). As part of its regulatory agenda, Section 1071, the Small Business Data Collection Rule, is now moving forward. 

The final version of Section 1071 is intended to “increase transparency in small-business lending, promote economic development, and combat unlawful discrimination.” As an amendment to the Equal Credit Opportunity Act (ECOA), it will require financial institutions to collect and report data on certain credit transactions with small businesses, defined as those with revenue less than $5 million.

Transactions include:

  • Lines of credit
  • Loans
  • Credit cards
  • Merchant cash advances

Section 1071 does not include trade credit, factoring, or renewals but may consist of refinancing.

New Compliance Deadlines

Because of the court cases, the CFPB has had interim rules in place and has now extended the filing deadlines for Tier 1, 2, and 3 institutions.

CFPB - New Data Requirements for Small Business Lending_1

Data Collection

Commercial lenders covered by Section 1071 will need to develop and implement a process to collect data about the type of credit transaction, amount, and purpose. Lenders are also responsible for collecting demographic information about borrowers, including:

  • Race of the principal business owner(s)
  • Whether the business is owned by a minority, woman, or LGBTQI+ individual
  • Location of business by census tract

In total, there are 81 data fields included.

Implementation of Section 1071

There’s a great deal of concern about the cost of implementation. 

The CFPB estimates the implementation costs to be between $44,800 and $77,800 to build the systems and processes. Based on complexity, annual reporting and compliance were estimated between $8,349 and $278,618. These figures were based on a 2020 survey of lenders regarding only the first 13 data points.

A survey by the American Bankers Association (ABA) showed a deep discrepancy. In some cases, ABA estimates some implementation costs will exceed CFPB’s estimates by 100X and ongoing compliance by 10X.

CFPB - New Data Requirements for Small Business Lending_2

The ABA also contends that the CFPB failed to adequately evaluate the proportional impact on smaller lending institutions, which may require significant upgrades to computer systems and software to manage compliance. 

Further, the ABA expects financial institutions to pass some costs onto borrowers, raising rates and fees for small business loans and credit products. ABA warns that this may reduce credit access for the smallest businesses.

Legislative Action

In late 2023, both the House and Senate passed a measure disapproving of the small business rule. However, the bill was vetoed by President Biden in December of that year. While the Senate voted 54-45 to override the veto, it did not gather the two-thirds of the votes needed.

House Resolution 1806 (H.R. 1806) was introduced in the 188th Congress to try to limit the impact of Section 1071. It seeks to eliminate the reporting requirements for the smallest institutions with less than 500 qualifying transactions. It also asks to redefine small businesses as those with annual revenues of $1 million or less.

However, the bill was referred to the House Committee on Financial Services and has had no action since 2023. GovTrack gives the bill only a 5% chance of getting past the committee and a 4% chance of implementation. 

Preparing for Section 1071 Compliance

While some state court cases are still pending, lenders likely cannot rely on judicial or legislative relief with Section 1071 implementation and compliance. With deadlines approaching, financial institutions must start moving forward to comply. Failing to do so can put lenders at substantial risk.

Action steps include:

  • Determining whether entities are covered by financial institutions based on the preceding two years of transactions.
  • Developing processes and systems for the required data collection and reporting.
  • Ensuring data is separated from other business processes as required by the firewall provision in Section 1071 to protect privacy.
  • Training staff on processes, procedures, reporting, and privacy requirements.
  • Collecting data on credit applications from applicable small businesses.
  • Keeping detailed records on all credit applications.

Covered institutions also need to revisit their underwriting and pricing processes for covered transactions to ensure compliance with fair treatment and equity, as Section 1071 effectively revises the ECOA regulations.

Back to Blog