As recently discussed on our podcast here, section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) amended the Equal Credit Opportunity Act (ECOA) to require lenders to collect information about small business credit applications they receive, including geographic and demographic data concerning the principal owners, lending decisions, and the price of credit. The Consumer Financial Protection Bureau (CFPB or Bureau) issued its massive, highly technical, and complicated Final Rule on March 30, 2023. In this second in a multi-post blog series (the first post is available here), we will take a closer look at the data collection and reporting requirements of the Final Rule.

The Final Rule requires covered financial institutions to collect and report three types of data concerning small business loan applications: 1) data points that the financial institution itself generates, such as the unique application identifier number and the action taken on the application by the institution, as well as reasons for denial (for declined applications); 2) data points that are based on information that either could be collected from the applicant or through a third-party source such as information related to the applicant’s business, credit type, credit purpose, and the amount the applicant applied for; and 3) demographic information requested and collected from the applicant, such as the applicant’s status as a minority-owned, women-owned, or LGBTQI+-owned business, and the race, sex, and ethnicity of the applicant’s principal owners.

What about repeat customers?

If an applicant is a repeat customer of the financial institution and has previously provided these data points, the financial institution may reuse the data collected within 36 months (3 years) of the date of the application being assessed. So, if an applicant submitted an application in 2021 and later submitted an application in 2023, the financial institution would be permitted to reuse the data from the 2021 application. However, for any previously collected data that a financial institution relies upon, the financial institution must ensure that it has no reason to believe the data is inaccurate.

There are also a few limitations to the three-year look-back period. First, for the “gross annual revenue” data point, financial institutions are only allowed to reuse this data if it was collected within the same calendar year of the applicant’s current application submission. Second, a financial institution may only reuse previously collected demographic information (for example, minority-owned business status, race, or sex) if the data was previously collected pursuant to the Final Rule.

Is an applicant required to provide the demographic information requested?

No, whether an applicant chooses to provide the demographic data points is completely up to the applicant, and the applicant may refuse to do so. In fact, the Final Rule requires financial institutions to inform applicants that they are not required to submit these demographic data points with their applications. If the applicant fails or declines to provide this information, however, the financial institution must report the applicant’s failure or refusal.

What are the procedural requirements for collecting demographic data?

Financial institutions must maintain procedures to collect demographic data points at a time and in a manner that are reasonably designed to obtain a response.

  • Timing: Financial institutions must seek to collect applicant-provided data, at the latest, before notifying the applicant of final action taken on the application. The Bureau has expressed that earlier in the application process is generally better, in terms of seeking to collect the demographic information.
  • Manner of collection: Financial institutions must present requests for these demographic data points in a manner that ensures an applicant actually sees or hears the request. Requests cannot be obscured or presented in a way that applicants are likely to overlook.
  • Easy Response Process: Financial institutions must ensure that applicants can easily respond to these data requests. The demographic information form, for example, cannot be more difficult or burdensome to fill out and provide than the remainder of the loan application.
  • Monitoring: Financial institutions must monitor their collection of applicant data to identify any signs of potential discouragement. We’ll be writing separately about this very important aspect of the Final Rule.

How does a financial institution report these data points to the Bureau?

The Final Rule directs financial institutions to the Bureau’s Filing Instruction Guide (FIG), which sets forth the technical instructions for the submission of data to the Bureau. Financial institutions are required to report data to the Bureau by June 1 of the year following the calendar year in which the financial institution collected the data. For example, data collected for 2024 must be reported by June 1, 2025.

As for when the financial institutions must start reporting, the Bureau adopted a tiered approach that requires later reporting dates for smaller lenders:

  • For financial institutions that originated at least 2,500 covered credit transactions in 2022 and 2023, the compliance date is October 1, 2024.
  • For financial institutions that originated at least 200 covered credit transactions in 2022 and 2023, the compliance date is April 1, 2025.
  • For financial institutions that originated at least 100 covered credit transactions in 2022 and 2023, the compliance date is January 1, 2026.
  • For financial institutions that did not originate at least 100 covered credit transactions but subsequently originate at least 100 covered credit transactions in two consecutive calendar years, the compliance date is no earlier than January 1, 2026.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Chris Willis Chris Willis

Chris is the co-leader of the Consumer Financial Services Regulatory practice at the firm. He advises financial services institutions facing state and federal government investigations and examinations, counseling them on compliance issues including UDAP/UDAAP, credit reporting, debt collection, and fair lending, and defending…

Chris is the co-leader of the Consumer Financial Services Regulatory practice at the firm. He advises financial services institutions facing state and federal government investigations and examinations, counseling them on compliance issues including UDAP/UDAAP, credit reporting, debt collection, and fair lending, and defending them in individual and class action lawsuits brought by consumers and enforcement actions brought by government agencies.

Photo of Lori Sommerfield Lori Sommerfield

With over two decades of consumer financial services experience in federal government, in-house, and private practice settings, and a specialty in fair lending regulatory compliance, Lori counsels clients in supervisory issues, examinations, investigations, and enforcement actions.

Photo of Joseph Reilly Joseph Reilly

Financial services companies depend on Joe for all aspects of their regulatory and compliance needs. Drawing from two decades of experience in the sector, he provides actionable guidance in a complex and evolving landscape.

Photo of Caleb Rosenberg Caleb Rosenberg

Caleb is counsel in the firm’s Consumer Financial Services Practice Group. He focuses his practice on helping federal and state-chartered banks, fintech companies, finance companies, and licensed lenders navigate regulatory risks posed by state and federal laws aimed at protecting consumers and small…

Caleb is counsel in the firm’s Consumer Financial Services Practice Group. He focuses his practice on helping federal and state-chartered banks, fintech companies, finance companies, and licensed lenders navigate regulatory risks posed by state and federal laws aimed at protecting consumers and small businesses in the credit and alternative finance products industry.

Photo of Josh McBeain Josh McBeain

Josh focuses his practice on federal and state consumer and business lending and payments laws, including those that apply to credit cards, installment loans, lines of credit, and point-of-sale finance.

Photo of Christine Emello Christine Emello

Christine focuses her practice on consumer financial services matters, with an emphasis on disputes, litigation, investigations, and examinations. She has worked on both federal and state court cases in jurisdictions across the U.S. Christine drafts pleadings, including complaints, motions, and responses, and prepares…

Christine focuses her practice on consumer financial services matters, with an emphasis on disputes, litigation, investigations, and examinations. She has worked on both federal and state court cases in jurisdictions across the U.S. Christine drafts pleadings, including complaints, motions, and responses, and prepares witnesses for cases involving state and federal laws such as the Telephone Consumer Protection Act (TCPA), the Fair Credit Reporting Act (FCRA), and the Fair Debt Collection Practices Act (FDCPA). She has worked on cases for a variety of financial institutions, banks, and lenders, including a large multinational bank, a major national health care consulting firm, and a leading worldwide online payments platform.

Photo of Addison Morgan Addison Morgan

Addison is an associate in the firm’s nationally recognized Consumer Financial Services Practice Group. He has represented several of the nation’s preeminent financial institutions in litigation arising under the Fair Credit Reporting Act (FCRA), the Telephone Consumer Protection Act (TCPA), the Fair Debt…

Addison is an associate in the firm’s nationally recognized Consumer Financial Services Practice Group. He has represented several of the nation’s preeminent financial institutions in litigation arising under the Fair Credit Reporting Act (FCRA), the Telephone Consumer Protection Act (TCPA), the Fair Debt Collection Practices Act (FDCPA), the FTC Holder Rule, and other consumer protection state analogs.