Insight

Special Alert | CFPB small business data collection under ECOA

Proposal would require significant data collection and reporting requirements

Amy S. Matsuo

Amy S. Matsuo

ESG and Regulatory Insights Lead, KPMG LLP

The Consumer Financial Protection Bureau (CFPB or Bureau) issued a proposed rule that will impose significant data collection, data quality, and regulatory reporting requirements and associated analytics (similar to mortgage lending reporting under the Home Mortgage Disclosure Act (HMDA)) on small business lending activity in addition to subjecting these credits to additional supervision under other historically “consumer” laws and regulations.


The proposed rule would amend Regulation B to implement changes made to the Equal Credit Opportunity Act (ECOA) by section 1071 of the Dodd-Frank Act. Consistent with section 1071, the Bureau is proposing to require covered financial institutions to collect and report to the Bureau data on applications for credit for small businesses, including those that are owned by women or minorities.

Key features of the proposal include:

  • Definitions:
  • “Covered financial institutions” would mean any financial institution (“partnership, company, corporation, association (incorporated or unincorporated), trust, estate, cooperative organization, or other entity that engages in any financial activity”) that satisfies the origination threshold, which is proposed to be a minimum of 25 “covered credit transactions” to small businesses within each of the preceding two years.
  • “Covered credit transactions” would mean a transaction that meets the definition of business credit under existing Regulation B, such as loans, lines of credit, credit cards, and merchant cash advances (including such credit transactions for agricultural purposes and those that are also covered by HMDA). Certain exclusions would apply to:
  • Trade credit, public utilities credit, securities credit, and certain incidental credit
  • Factoring, leases, consumer-designated credit used for business purposes, and credit secured by certain investment properties.
  • “Small business” would be limited to businesses with annual gross revenues of $5 million or less in the previous fiscal year. (Note: the proposed rule would apply to women-owned and minority-owned businesses that meet this definition of a small business; the Bureau states it is seeking Small Business Administration (SBA) approval for this small business size standard pursuant to the Small Business Act.)
  • “Credit application” would include an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested. It would not include either reevaluation, extension, or renewal requests on an existing business credit account, or inquiries or prequalification requests.
  • Data collection:
  • Twenty-one data points are identified in the proposal including:
  • Information generated by the financial institution, including unique identifier, application date, application method, application recipient, action taken, action date, amount approved, denial reason (if applicable), and pricing information (interest rate, total origination charges, broker fees, initial annual charges, prepayment penalties).
  • Information provided by the applicant or that the financial institution can determine from information provided by the applicant, including information about the:
  • Credit being applied for (credit type, credit purpose, and amount requested)
  • Applicant’s business (census tract, gross annual revenue, NAICS code, number of workers, time in business, number of principal owners.)
  • Information about the demographics of the applicant’s principal owners, generally to be provided by the applicant, to include minority-owned business status and women-owned business status (expanding from SBA), and the ethnicity, race, and sex of the applicant’s principal owners. Collectively, these are referred to as “protected demographic information.” In addition:
  • The Bureau is proposing detailed instructions to assist financial institutions in collecting and reporting the applicant’s “protected demographic information,” including a sample data collection form (proposed Appendix E). Financial institutions would be required to report data as provided by the applicant. If an applicant does not provide information about the principal owners’ “protected demographic information,” the financial institution would:
  • For minority-owned business status or women-owned business status, be required to report that the information was not provided by the applicant (proposed Appendix F).
  • For ethnicity and race (but not sex), be required to report on the basis of visual observation and/or surname for at least one principal owner that the financial institution has met in person (proposed Appendix G).
  • Principal owners may self-describe their sex.
  • A “firewall” would be expected, as feasible, to limit the access of certain employees and officers of the covered financial institutions to an applicant’s responses regarding the “protected demographic information” if they are involved in any determination concerning the covered application.
  • Calendar year data collection is required with reporting to the Bureau by June 1 of the following year.
  • Compliance would be required 18 months after publication of the final rule.

The CFPB requests comments on the proposed rule be submitted to the Bureau within 90 days after publication in the Federal Register. CFPB highlights that it is specifically seeking comments on:

  • How to define a small business for purposes of this data collection
  • Where to set the activity threshold for when a lender is required to report information
  • How best to collect pricing information for transparency into the cost of small business credit
  • Whether and how to collect certain information about the sex of an applicant’s principal owners
  • How to balance the benefits of public disclosure and the risk to privacy interests
  • The appropriate implementation period.

The proposed rule is available here.

CFPB Small Data Collection web page is here.

Get the latest thinking from KPMG