On July 10, 2015, 19 United States senators, including Sen. Elizabeth Warren, implored the Consumer Financial Protection Bureau (CFPB) to exercise its rulemaking authority related to publicly available small business loan data. The Dodd-Frank Act directs the CFPB to prescribe rules under Regulation B requiring financial institutions to gather and maintain data on women-owned, minority-owned, and small business applicants, including data on the race, sex and ethnicity of business owners. The CFPB issued a bulletin in April 2011 stating that these data collection requirements would not become effective until the CFPB issued corresponding regulations; yet to date, the CFPB has declined to exercise its rulemaking authority. The Senate’s renewed interest in this aspect of CFPB rulemaking may cause the agency to act, and financial institutions will need to consider the consequences of potential rulemaking in this area.

Increased rulemaking could potentially impact business lending in the way that the Home Mortgage Disclosure Act impacts consumer lending. This also comes on the heels of the June 25, 2015, Supreme Court decision that upheld the use of a disparate impact theory of liability under the Fair Housing Act. Such a claim is largely based upon data and arises from a policy or practice that had a discriminatory effect, even absent a showing of any discriminatory intent. Assuming the CFPB implements regulations triggering the data collection requirements, financial institutions will need to request information on the characteristics of loan applicants that is generally not part of the application process. Such requests include the status of applicants as women-owned, minority-owned or small businesses; the race, sex and ethnicity of principal business owners; and whether the financial institution solicited the application.

These data collection requirements present various challenges for financial institutions. Some loan applicants may not know whether they are women-owned, minority-owned or small businesses, and explaining the characteristics of those categories may prove difficult and time-consuming. Moreover, the Dodd-Frank Act provides that, if feasible, employees of financial institutions should not have access to applicant characteristic data. Such segregation is often difficult, because those individuals are often directly involved in requesting and collecting data from applicants. A financial institution must also provide notice about the employee’s access to such data and that the institution may not discriminate on the basis of that information. The data collected could also potentially unearth a disparate impact that exposes the financial institution to enforcement actions or civil lawsuits.

Along with data on applicant characteristics, financial institutions also will need to compile data obtained through the application and underwriting process. Notably, regulation would require collection of data on the amount of credit requested and approved, the type of action taken regarding the application, and the gross annual revenue of the business for the most recent fiscal year.

In connection with the prospect of increased regulation, financial institutions should be prepared to take certain steps and be mindful of certain challenges. Specifically, financial institutions should undertake the following:

  • Recognize the two primary risks associated with data collection: 1) the CFPB and other litigants’ potential use of the data in litigation and enforcement actions and 2) data collection errors that could potentially expose the institution to supervisory and enforcement actions.
  • Identify the significant differences between business lending and consumer lending, particularly the wide variety of credit decisions and the additional factors associated with making a business credit decision.
  • If feasible for the institution, encourage the collection of data beyond the data specified in the statute in order to better assess credit decisions and provide factual support in defense of enforcement actions and litigation.
  • Evaluate the challenges posed by collecting data through different channels, including in-person, telephone, mail and electronic applications.
  • Recommend exceptions the CFPB should adopt for certain types of smaller financial institutions under its power to create exemptions. Such exceptions might be based upon size, type of business credit, incomplete credit applications, public availability of data or the method of obtaining the data.

Financial institutions should make sure that they are equipped to address these issues if and when the CFPB exercises its rulemaking authority regarding small business loan data.